From aff246687a8599dacaaa205649274b7a74abc052 Mon Sep 17 00:00:00 2001
From: Manish Kumar <maniskumar@microsoft.com>
Date: Wed, 1 Nov 2023 15:26:21 +0530
Subject: [PATCH 01/15] Updating proper mapping of entities in MDE hunting

---
 .../Hunting Queries/MDE_Process-IOCs.yaml     | 27 ++++++++++---------
 .../Hunting Queries/MDE_Usage.yaml            | 25 ++++++++---------
 2 files changed, 28 insertions(+), 24 deletions(-)

diff --git a/Solutions/MicrosoftDefenderForEndpoint/Hunting Queries/MDE_Process-IOCs.yaml b/Solutions/MicrosoftDefenderForEndpoint/Hunting Queries/MDE_Process-IOCs.yaml
index 9cb508c6469..b81df8afb20 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/Hunting Queries/MDE_Process-IOCs.yaml	
+++ b/Solutions/MicrosoftDefenderForEndpoint/Hunting Queries/MDE_Process-IOCs.yaml	
@@ -7,10 +7,6 @@ requiredDataConnectors:
   - connectorId: MicrosoftThreatProtection
     dataTypes:
       - DeviceProcessEvents
-queryFrequency: 1d
-queryPeriod: 1d
-triggerOperator: gt
-triggerThreshold: 0
 tactics:
   - Execution
   - Persistence
@@ -18,7 +14,6 @@ tags:
   - Solorigate
   - NOBELIUM
 query:  |
-
   let excludeProcs = dynamic([@"\SolarWinds\Orion\APM\APMServiceControl.exe", @"\SolarWinds\Orion\ExportToPDFCmd.Exe", @"\SolarWinds.Credentials\SolarWinds.Credentials.Orion.WebApi.exe", @"\SolarWinds\Orion\Topology\SolarWinds.Orion.Topology.Calculator.exe", @"\SolarWinds\Orion\Database-Maint.exe", @"\SolarWinds.Orion.ApiPoller.Service\SolarWinds.Orion.ApiPoller.Service.exe", @"\Windows\SysWOW64\WerFault.exe"]);
   DeviceProcessEvents
   | where InitiatingProcessFileName =~ "solarwinds.businesslayerhost.exe"
@@ -26,22 +21,30 @@ query:  |
   | extend
       timestamp = TimeGenerated,
       AccountCustomEntity = iff(isnotempty(InitiatingProcessAccountUpn), InitiatingProcessAccountUpn, InitiatingProcessAccountName),
-      HostCustomEntity = DeviceName,
+      Name = tostring(split(AccountCustomEntity, '@', 0)[0]), UPNSuffix = tostring(split(AccountCustomEntity, '@', 1)[0]),
+      HostName = tostring(split(DeviceName, '.', 0)[0]), DnsDomain = tostring(strcat_array(array_slice(split(DeviceName, '.'), 1, -1), '.'))
       FileHashCustomEntity = MD5
+  | extend Account_0_Name = Name
+  | extend Account_0_UPNSuffix = UPNSuffix
+  | extend Host_0_HostName = HostName
+  | extend Host_0_DnsDomain = DnsDomain 
 entityMappings:
   - entityType: Account
     fieldMappings:
-      - identifier: FullName
-        columnName: AccountCustomEntity
+      - identifier: Name
+        columnName: Name
+      - identifier: UPNSuffix
+        columnName: UPNSuffix
   - entityType: Host
     fieldMappings:
-      - identifier: FullName
-        columnName: HostCustomEntity
+      - identifier: HostName
+        columnName: HostName
+      - identifier: DnsDomain
+        columnName: DnsDomain
   - entityType: FileHash
     fieldMappings:
       - identifier: Algorithm
         columnName: MD5
       - identifier: Value
         columnName: FileHashCustomEntity
-version: 1.0.0
-kind: Scheduled
\ No newline at end of file
+version: 1.0.1
\ No newline at end of file
diff --git a/Solutions/MicrosoftDefenderForEndpoint/Hunting Queries/MDE_Usage.yaml b/Solutions/MicrosoftDefenderForEndpoint/Hunting Queries/MDE_Usage.yaml
index 835fe25e5f3..43e1e72b3e1 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/Hunting Queries/MDE_Usage.yaml	
+++ b/Solutions/MicrosoftDefenderForEndpoint/Hunting Queries/MDE_Usage.yaml	
@@ -7,16 +7,11 @@ requiredDataConnectors:
   - connectorId: MicrosoftThreatProtection
     dataTypes:
       - DeviceProcessEvents
-queryFrequency: 1h
-queryPeriod: 1h
-triggerOperator: gt
-triggerThreshold: 0
 tactics:
   - Discovery
 relevantTechniques:
   - T1018
 query: |
-
  let args = dynamic(["objectcategory","domainlist","dcmodes","adinfo","trustdmp","computers_pwdnotreqd","Domain Admins", "objectcategory=person", "objectcategory=computer", "objectcategory=*","dclist"]);
  let parentProcesses = dynamic(["pwsh.exe","powershell.exe","cmd.exe"]);
  DeviceProcessEvents
@@ -26,17 +21,24 @@ query: |
  | where FileName =~ "AdFind.exe" or SHA256 == "c92c158d7c37fea795114fa6491fe5f145ad2f8c08776b18ae79db811e8e36a3"
     // AdFind common Flags to check for from various threat actor TTPs
      or ProcessCommandLine has_any (args)
- | extend AccountCustomEntity = AccountName, HostCustomEntity = DeviceName, ProcessCustomEntity = InitiatingProcessFileName, CommandLineCustomEntity = ProcessCommandLine, AlgorithmCustomEntity = "SHA256", FileHashCustomEntity = SHA256
-
+ | extend ProcessCustomEntity = InitiatingProcessFileName, CommandLineCustomEntity = ProcessCommandLine, AlgorithmCustomEntity = "SHA256", FileHashCustomEntity = SHA256,Name = tostring(split(AccountName, '@', 0)[0]), UPNSuffix = tostring(split(AccountName, '@', 1)[0]),HostName = tostring(split(DeviceName, '.', 0)[0]), DnsDomain = tostring(strcat_array(array_slice(split(DeviceName, '.'), 1, -1), '.'))
+  | extend Account_0_Name = Name
+  | extend Account_0_UPNSuffix = UPNSuffix
+  | extend Host_0_HostName = HostName
+  | extend Host_0_DnsDomain = DnsDomain
 entityMappings:
   - entityType: Account
     fieldMappings:
-      - identifier: FullName
-        columnName: AccountCustomEntity
+      - identifier: Name
+        columnName: Name
+      - identifier: UPNSuffix
+        columnName: UPNSuffix
   - entityType: Host
     fieldMappings:
       - identifier: HostName
-        columnName: HostCustomEntity
+        columnName: HostName
+      - identifier: DnsDomain
+        columnName: DnsDomain
   - entityType: Process
     fieldMappings:
       - identifier: ProcessId
@@ -49,5 +51,4 @@ entityMappings:
         columnName: AlgorithmCustomEntity
       - identifier: Value
         columnName: FileHashCustomEntity
-version: 1.0.1
-kind: Scheduled
\ No newline at end of file
+version: 1.0.2
\ No newline at end of file

From b20c2c93df004a6426ecdae7fb6172a8703f07c4 Mon Sep 17 00:00:00 2001
From: Manish Kumar <97503740+manishkumar1991@users.noreply.github.com>
Date: Wed, 1 Nov 2023 16:14:04 +0530
Subject: [PATCH 02/15] Update MDE_Process-IOCs.yaml

---
 .../Hunting Queries/MDE_Process-IOCs.yaml                   | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Solutions/MicrosoftDefenderForEndpoint/Hunting Queries/MDE_Process-IOCs.yaml b/Solutions/MicrosoftDefenderForEndpoint/Hunting Queries/MDE_Process-IOCs.yaml
index b81df8afb20..e1268a3f3ef 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/Hunting Queries/MDE_Process-IOCs.yaml	
+++ b/Solutions/MicrosoftDefenderForEndpoint/Hunting Queries/MDE_Process-IOCs.yaml	
@@ -21,9 +21,9 @@ query:  |
   | extend
       timestamp = TimeGenerated,
       AccountCustomEntity = iff(isnotempty(InitiatingProcessAccountUpn), InitiatingProcessAccountUpn, InitiatingProcessAccountName),
-      Name = tostring(split(AccountCustomEntity, '@', 0)[0]), UPNSuffix = tostring(split(AccountCustomEntity, '@', 1)[0]),
-      HostName = tostring(split(DeviceName, '.', 0)[0]), DnsDomain = tostring(strcat_array(array_slice(split(DeviceName, '.'), 1, -1), '.'))
+      HostName = tostring(split(DeviceName, '.', 0)[0]), DnsDomain = tostring(strcat_array(array_slice(split(DeviceName, '.'), 1, -1), '.')),
       FileHashCustomEntity = MD5
+  |extend Name = tostring(split(AccountCustomEntity, '@', 0)[0]), UPNSuffix = tostring(split(AccountCustomEntity, '@', 1)[0])    
   | extend Account_0_Name = Name
   | extend Account_0_UPNSuffix = UPNSuffix
   | extend Host_0_HostName = HostName
@@ -47,4 +47,4 @@ entityMappings:
         columnName: MD5
       - identifier: Value
         columnName: FileHashCustomEntity
-version: 1.0.1
\ No newline at end of file
+version: 1.0.1

From ef520ca0e8705a918d4005e1d8122c9f49750040 Mon Sep 17 00:00:00 2001
From: Github Bot <noreply@github.com>
Date: Wed, 1 Nov 2023 11:03:25 +0000
Subject: [PATCH 03/15] [skip ci] Github Bot Added package to Pull Request!

---
 .../Data/system_generated_metadata.json       |   57 +
 .../Package/3.0.1.zip                         |  Bin 0 -> 26486 bytes
 .../Package/createUiDefinition.json           |    6 +-
 .../Package/mainTemplate.json                 | 5344 +++++++++--------
 4 files changed, 2733 insertions(+), 2674 deletions(-)
 create mode 100644 Solutions/MicrosoftDefenderForEndpoint/Data/system_generated_metadata.json
 create mode 100644 Solutions/MicrosoftDefenderForEndpoint/Package/3.0.1.zip

diff --git a/Solutions/MicrosoftDefenderForEndpoint/Data/system_generated_metadata.json b/Solutions/MicrosoftDefenderForEndpoint/Data/system_generated_metadata.json
new file mode 100644
index 00000000000..48642faf63d
--- /dev/null
+++ b/Solutions/MicrosoftDefenderForEndpoint/Data/system_generated_metadata.json
@@ -0,0 +1,57 @@
+{
+  "Name": "MicrosoftDefenderForEndpoint",
+  "Author": "Microsoft - support@microsoft.com",
+  "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">",
+  "Description": "The [Microsoft Defender for Endpoint](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide) solution for Microsoft Sentinel enables you to ingest security alerts from the Defender for Endpoint platform, integrating them into your Sentinel Incidents queue. \r \n \r \n **Underlying Microsoft Technologies used:** \r \n \r \n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n\n a. [Codeless Connector Platform/Native Sentinel Polling](https://docs.microsoft.com/azure/sentinel/create-codeless-connector?tabs=deploy-via-arm-template%2Cconnect-via-the-azure-portal)",
+  "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\MicrosoftDefenderForEndpoint",
+  "Metadata": "SolutionMetadata.json",
+  "TemplateSpec": true,
+  "Is1PConnector": true,
+  "Version": "3.0.1",
+  "publisherId": "azuresentinel",
+  "offerId": "azure-sentinel-solution-microsoftdefenderendpoint",
+  "providers": [
+    "Microsoft"
+  ],
+  "categories": {
+    "domains": [
+      "Security - Threat Protection"
+    ],
+    "verticals": []
+  },
+  "firstPublishDate": "2022-01-31",
+  "support": {
+    "name": "Microsoft Corporation",
+    "email": "support@microsoft.com",
+    "tier": "Microsoft",
+    "link": "https://support.microsoft.com"
+  },
+  "Data Connectors": "[\n  \"Data Connectors/template_MicrosoftDefenderAdvancedThreatProtection.JSON\"\n]",
+  "Parsers": "[\n  \"AssignedIPAddress.txt\",\n  \"Devicefromip.txt\"\n]",
+  "Playbooks": [
+    "Playbooks/Isolate-MDEMachine/Isolate-MDE-Machine-entity-trigger/azuredeploy.json",
+    "Playbooks/Isolate-MDEMachine/Isolate-MDEMachine-alert-trigger/azuredeploy.json",
+    "Playbooks/Isolate-MDEMachine/Isolate-MDEMachine-incident-trigger/azuredeploy.json",
+    "Playbooks/Restrict-MDEAppExecution/Restrict-MDEAppExecution-alert-trigger/azuredeploy.json",
+    "Playbooks/Restrict-MDEAppExecution/Restrict-MDEAppExecution-incident-trigger/azuredeploy.json",
+    "Playbooks/Restrict-MDEDomain/Restrict-MDEDomain-alert-trigger/azuredeploy.json",
+    "Playbooks/Restrict-MDEDomain/Restrict-MDEDomain-entity-trigger/azuredeploy.json",
+    "Playbooks/Restrict-MDEDomain/Restrict-MDEDomain-incident-trigger/azuredeploy.json",
+    "Playbooks/Restrict-MDEFileHash/Restrict-MDEFileHash-alert-trigger/azuredeploy.json",
+    "Playbooks/Restrict-MDEFileHash/Restrict-MDEFileHash-entity-trigger/azuredeploy.json",
+    "Playbooks/Restrict-MDEFileHash/Restrict-MDEFileHash-incident-trigger/azuredeploy.json",
+    "Playbooks/Restrict-MDEIPAddress/Restrict-MDEIPAddress-alert-trigger/azuredeploy.json",
+    "Playbooks/Restrict-MDEIPAddress/Restrict-MDEIPAddress-entity-trigger/azuredeploy.json",
+    "Playbooks/Restrict-MDEIPAddress/Restrict-MDEIPAddress-incident-trigger/azuredeploy.json",
+    "Playbooks/Restrict-MDEUrl/Restrict-MDEUrl-alert-trigger/azuredeploy.json",
+    "Playbooks/Restrict-MDEUrl/Restrict-MDEUrl-entity-trigger/azuredeploy.json",
+    "Playbooks/Restrict-MDEUrl/Restrict-MDEUrl-incident-trigger/azuredeploy.json",
+    "Playbooks/Run-MDEAntivirus/Run-MDEAntivirus-alert-trigger/azuredeploy.json",
+    "Playbooks/Run-MDEAntivirus/Run-MDEAntivirus-incident-trigger/azuredeploy.json",
+    "Playbooks/Unisolate-MDEMachine/Unisolate-MDE-Machine-entity-trigger/azuredeploy.json",
+    "Playbooks/Unisolate-MDEMachine/Unisolate-MDEMachine-alert-trigger/azuredeploy.json",
+    "Playbooks/Unisolate-MDEMachine/Unisolate-MDEMachine-incident-trigger/azuredeploy.json"
+  ],
+  "Analytic Rules": "[\n  \"AquaBlizzardAVHits.yaml\"\n]",
+  "Hunting Queries": "[\n  \"MDE_Usage.yaml\",\n  \"MDE_Process-IOCs.yaml\"\n]"
+}
diff --git a/Solutions/MicrosoftDefenderForEndpoint/Package/3.0.1.zip b/Solutions/MicrosoftDefenderForEndpoint/Package/3.0.1.zip
new file mode 100644
index 0000000000000000000000000000000000000000..0f5b5bbab2cd4ee9de500858285afd2b59c19aad
GIT binary patch
literal 26486
zcmY&-Q*>rc+jMN(wr$%J+qP{_Y;$5exntY5GqG*_^StXj`A_;<-3Pm_)m>|Mb(Nwl
zC>R<L5D*lQt)`KN=1{_fHVhEZIRy|9=D$@FXEP&LGc_wQGjl6@D_1KAdj@M42m5Vp
zI|tl$<nKHK;c|L9?2Xi`gAI~$M#alRls;))9ce{P385=x?Uk*g@WTlu<)4?Cge^|1
zqqUPmhHgecI-c`RK6cXgeMG`ezFSIt$}>T-zOh^_VZ4MrnVgjbCY@O(^x26>15;8(
z{$f$LqaYuY^Ke>@UVI!{QFynX*VHlJ-|$H~Up1(~-ID!)=Be)`T#~9#^9Dm0t?q-w
zB<&e_E`SavhhwvBDVuFbGrhV!M_E+q6c9X;ZxAw8v?<3)^f|6XoByn!3i{w$4$O4;
z(NK&v!5IW~%&?qf)X50z7v(QZv8q!??M(6c3&(zW<tdnHw0c%c9JZ+C{x7&0qXY}N
zm_8Yzy;CuUVs{t9iFQRs%teCs;|A%#{@s8H!G4Q@R}$vsm)S+ztgGvuv~d2NZE`{i
zXqA{^S8?+gU0t(#9#Y+l;Im18YLae{*0aQC-)1y$nqvAEQi6mWYSDiA^<XS%xdC?W
zmr&6pSP6F0sOe1SMLO_s7w9gpQh0O_jBr9lu7n6()jYC2-n8L*xQOv4x*76WIeHyB
zQvA}?-Ff?Ejoa1UFEC}vumf}Us4ofNhio<|&f`2oRXmwBqP8@dAwyLTqLO3vH0_}U
z;7~JHiVO-`tv_jhP!_{eP>^7Ztl2VYGYi2x)IfEVKta!tR&W7|OPbk*!-hf!$Cc)9
zEYU*EaDXq(`rt6r$}zSFK@X4JgKy(7-lcm5%@kARF>pvN;&bDe(Blqh?>gm`Iodx(
zWaiva+2XXpMSuEqVTkK$JY(s9gR!8bmBoy4F9e-bwTvYRw}q?-oO((yDCpsEh|C;2
zY}R#*xl~L^)q|sx=C=dK!9-K4f+gS}mG4o3dj0CFq=pb2%7xexQecatPf*<N4uJv5
z4ZSV#CrR2k9aRbIm$H;%h%=q)tI5I}r!z?eepk6Ep109#F>Mi4D1krH0bQceC|RUx
zq(T?VgZ<oZ=VNv)MeKJKsSPGC16HFh&oB<H@5RIO65$2MfWPbk-iU|_ntU*^wxkD0
zNZue4GbmJmG&k%*zVbs1YlKT4Rs&(vG-8UI7u^_utK=*n{`t11I7-Fk7ShM0jH!$%
z&RB4zfL%-^!c8zHXMkrW`XSHmOd)EFl&l#>rwZzZ>^6$+>&RdyZW}Sr2suiSL*`X;
zhSoB5`Y99^$|66K$0m7KQyY*#--MX7yD0a}w2G1B2a#)E;Ev4*=X&mv#2~2tYIRuI
z==V0{rC)*~&>G-2t+-}CWvJ?Pz$ryxDbzC$&XO{LDsFMA?&b?G9+`L!9>t<M!Vq<y
z9t#$p$;7z<A^^hC{bQxP{)c)^UL|`c$p#@%TYW>JK$h^k&@{15RslIb&+h=I2#X??
z2B(wH`uo{uMXd`iRDyl>55JI^a6|Ilhs<|4n|W%JJEiil1DE<4*GWQ*g!H^NSxJT?
zT8~Ad#|$_Ju_>T3wzxld2`RjTD4~FVw(ET89KlUOD6Ofjon0stlyB?P*eFrr349WR
z;;dC}l`yn?$FPmF?Xu+(HcUJ_E<=j!S*Y6}PhOiD$}UBkj@J-je$K(1$Z`M9u?+di
zLq3I)?Ih@C7Xk4Z;W@ZF0L<rum*}cg^7p2nhaYDv{y1Bh|AXfECss!eMZ+Ifii8eU
z5TG2=G%4iHw8t$T@Jb8LUG~}0K86vD%Pd%7uy<|qLS%?os<{_fP&>3{3ki=>sOViK
zV0(bQtksSO@tVi@+^!Ym=M0f9$y<VF2Qc?%rr`w)p6l)y>YCCU_w9?J)I`Hf0xpnn
zzNk^t$DwA{yMViUk6dndS@-DT4#K0Dkhuo@_)Ifr&T}={b`vLW{gW9l7jsU#@f`#f
zTeaGtLdekYN{J-2<-kK-AQ*|c+Ju`0P>tFN#kAa9hJ0It@s`Ax?n9G)$4X#_PPyMH
zg+S&LOd~rsh0rG&(zmr=*pwc;ZXIG9HVf5Y=g>go$ts7x5`{AK@^#H5##_6pSqNTI
zfT$1t{M1VNCY7|RC1?xeMVuK3v`Obl+)DREeL~C$5+K$j5?xut0^5Uxu3k8ZW3}b;
zx~r)as?TGah!KWhk*@Ko_JZ&n0{3IBezkE+{%@5U>doP5-*Lh_efK0!j;tO7Eu?m!
zVCG2Py4QBgE*%3uC}lQ6tEtd0@E<tWwv^zP#MKc;x5q5zke%paWjV#womuIr6UX~d
zdFaZzE2PGj8fkv3Q9L0lzP@1?A0McyJ}EvN6icaspx@HdmQm9@hOAu8Jo`cT++0Ae
zxJg4#GoCRnl5DRgk(6;^sIWzldrXjvB6MPZ0uL5~-%Ig(>|BKu4e)(e+k_DC|H@x(
zT0V9MX3)tCRy(z12R3AL%6f1aza^vC<E7x%UHLR^4=wMS?fUA3D7m%eCJ0_<g&~{`
zp*CBy<~S8FfI6n&Zz+ZGXNc(KIHKnmY);0Rt(-PG0MarQ_OCSzX)^u)E)??0%EtDV
z=!&63t$rib^u|2{%<M({Y$(5SZ@V~(<Vy%CG<u~uvOt)VqKM2Pnij|`P4U~DzYf31
z<cbja1o&Dwv4u;HAU$^1yOz6s5OxPoKRf_0+#qRFD`ywBKbng7XfWvdSjl(1NsgzR
zp!Ye`P&q~%LY}g<b`x9l9vU;-wS9oVhAIGL?B>$Rt}LCs@5~iB@zMbm^)HGOGd;Y&
z%Mi>Q0k#1ie0e!MCTlG4Zd=<h$$()hjA}Q^x=ydJk9(!nDZM|N>6h`>fGX79Rr?`8
z>t!p_4x-Yg$d_ULc^IjFN8LaL4NCxN7XaleUX+86kH~gd{hrBDuj!N!$*4Pg7lQ!T
zT*r?$f=|ua+{p+}@I=vU7K_csl%#~nfxYc}Q^-{Ic^998nG)r6!B$7ONXmHcBO5<Z
zE>zS3o=cQMl`_q723*uH>jo=>BQbS82@M+(eOz}gte2^Hj`jc*@j7L}_Q++DxN5pS
z<3fs|pP|6##fsv1LU7B{_pYLvr9mg~Z_LBhdw*-dRNB@~rD%3dKK<20ijPxYYZ`Qi
z&n=N^uSN6DSN%haC4a!j``KpG1N3~@jMtEvkpp|V_w2lk(tx;}bJ^=L|M#HD%brL4
zcKCtK#z92~K>Sr=KjaHpNc**U4oFrze-2&6h%Pi*{s(C6mIA9zV#|iO!j`XSUX6~~
z_}k#%UVmFcU!c&91E)-{srUZR+VGh$<nTYrtgfiCd?De>S19_iG{Zxqa_?6J7%&*@
z`2G5j5T6^vI@;|VaV(d<$j)uLH!lnLHuvQyC(P*GA#ML2>j9d&oNP~^4PT4<p;3h9
zsQ`PLb{7S@sHW$X_6z_tu9nq%xus+46m0(-4?RWeX}pAe5VQxV5Hm)tgCcggVSNH`
z)}Q~mxPCi0FV?aC%AM)RW-<*(kH>6e@|yRCt~3}99wBwSF`h}~_%e7S0z+O7=qs8_
z=vPuabq@1erd~H#%~{otzl2q+5Pf(mTUD<9JmsW5r{p0!+dIm~na|>kw<q{QRQ&(s
z==X#SD}gQ$5GxP_5b{4cYG-6+uWDxJX!}o;{!fTr`T2NkN+jL<e53ibxM(ckDWOz&
zaLi<wtT(uuNZO2#w{t%43xSat$%DWN$;_Mj3VvKc?wnErB@wA@@nc6{GPrV9R#sJA
zXgr<3hH`wPAl&3OwA|ruwB;*M?tA$7TxM@K9BFyXtlgD%t_WHLHSs=<&O7YuJM{Xj
ztP5UVdc4?Lu-xZMb=p|)VQZ;ayab5sezeBoiv*ndsC+ImDj;?AND?e=Z&Ut^`V;V~
zOae*|-vSPL?>JX%y>B3k_kBFDUJC+v#qrT*C{P76dT>T}6Xz9C9<fdCUlUwA?j@V3
z{ZX<cLWEoW15uPuW@`SfE8MOi?sz^Ad32vaP~68Nm>Yv*5Fim)^W-E7HkaBSUgCak
zKUy6mScEP1JzW<nC5*T2{EGA7>>d?#Pj;|7S;>km?bR&8zIxKx3;m|U;t_=Swry<b
z#uYq}4Oe#3B9Yl=a-^Jh<PdmOVS~l@f!v-d9dp6kY?xn?M5TpGM33QJJk#ic+eiEQ
zTXu?^TjdkL(a76ob8@3_l8e43O6c)1${^CqGxju4VX_`dleNQpN*M2d%buetT84^v
zPk4H_gTF({Ddvg24f#2?*+;l|Ecm3fU_^@Z%=zBCTga(aTGmuMjLxQ8w#$Tg@Y~ML
z-}Rcx;x*!q4#vbh(m*<bCu0?F04mgFZ0I29piXio;nT*2(k!KB`t@b{>WVQ++Tw&J
zFFB#p_4wW9lkRXIS$XGYyjRq37KdMc+bCi;50$He?++~<SM5p67%Y75nXPh$C<z{-
z`kpo?DJ3cH-M!x0;k>GJC^B~`3(sACZkrV)vLSDh7$wG_WebE?WiR>c_J&-*`c_<+
z8E6%$huErYDG7vh6P@t8S-ATBC8Fn@GfhMpXH+f=&oz)uoBfvIanEzN&dc?{wX@ap
z733r?&-0Vtp623YUp|X~EP*0XLay*}*%TjC_TCM@+$f?xE4=R88H(|GB2-qS1iFgj
zcOU$CqhE~J?Z6JqLV!KR-|a8212ENv>Ur>MCl5jR7nFGzP7g(Onq<Oy&FepKsk9bc
zuv=#;A|#wNA{4BY^IH|wE~}C)OiAdG9<x=EtYn|7)8`ERTkae$WGb6mN>A5ogEPl7
zQ!WAd+;Y3NXYv6$Op#I$9pe(S2Bl*(eOu<U;n1AoMY-Arxm!$)&b=<pzec*-o2(Ey
z&jgWhztM61#YER~-T7zZ!j$H-IDGO>w?|xN84>kA=Ae@>HxTb8@9;hj8XYz><_ArK
zVBnV>1UOISZl)I&|AN<&X!;a{alX-x!qlHpA~$VyKuNHUA(kx>GvZ%%mP8DbB}9Vb
zW=IjN)rkmGxgWELpCkcjs<SoU(j--NA1KJ|QB>2oIPx3IQz7+}8a}<FLaQW?U9S1s
zM1N=4U5AotbZa{={~cFz(E3*<)P9j^@R#UXG0cD*RZ=Ea<;m2_eEvbA?w>G&EJCT!
zrxmX(L#Y^GG1#Lt0-SaU1}u6xz~3~y?GUSfK30T4dU%}7HML7rc{V&knWyV-lTJ>P
zUYw1*^kSgd-<@<_vtbG33&p9(&~ptYJM_QC93xaXx8c9VgVUx+_I?H)T_%%O@I64}
zVS9_vwtUIju%%Tl8n|8lFqU|%kC}5-GPKV#aWzhAH8ehAa0&F5bCOPe;7D9VWFzF(
zOykN0epw{bo;E;fl2T^C4CU;GlOBo~gCL&(FkwA^k?-*r1wC}i4tI{CJ7kg@Qta^K
z-|0`e+fnR<<%&_+r*ce$Mc{fg(cR`dcE(^&KZV!Ej#GnGEXk3`@+HAI(YPbaE(OUH
zBFI_vl@Xy=g4QbHvr(u*@`$+2i4^e6p;d;gz$^!8m%}7~N@<vLkx#AU%k6vyrDuA_
z%lbr_PkP=xLR)02)un6pA*g}4YZ}q`k|<;I9!{(onXtH*lbZadPiYX9$L6)IiNUWl
zyHr#e@$`xHHz_Hu0I*!e8GG?6k8diqaNnItiC;(1I!nezZY9Qz;kPIr#<7WCm$#63
z6l1iLHjL$dm`tkKT5fUh0iz<Lj-%IgYv#nM9k|-EIr@84py9ieoVGDj^Q<Hm{>6})
zZzx5>Z&i<qTUK_hPAP2URoa#!k#xQ(ZVb^(Qcz8DHRf>l52&EZbre4<W>(^vM=nXm
zh+2p&rOItqPf=JZbS*?9Pko}ara-1djs7(!PN!T(lgPuK3!ERUTCUJ8;<k~Yn0pSj
zYy}&3uBuY5phK%#W?jI84!f-5aoE)~;M1N<X*rBa%`BWKcIOiTelAC@Xc0bmf|@X~
zh^>(~gOgmwitoi^Q^1#NHL<8=b95$0|H}gBo~-p%Y`Pew#Ni3LLyDo~CAD?oqtpc{
zA;CcI=E0%#CA%|gXSE}H$DzP>zQAT1<EB-;V+=3lW%vW<zJvvI7`}wX+!zLiSNc#6
z|7)H-KQb^vcL9u<2p%HnR6MAe1+KV?)`}isYA$l>G>V)a{wXCZywIGFIynJtJmXKa
z*g(oYW_8#&9vIo-{V?LdDF<fQ{4&hoDS#QFs0ue?-p+wcLW2~oi0hZY;<&uH5pR3w
z8E$l;01CDWglRp7#3IsM0xY&5Rnexds)PnDUD4)9TTHFJp+swUBDP-aT+9LAn{HVn
zCOQ34u(>gFl#g_%Ja*1Jy|{&?oP>}#gZ<}gjJ*pmj$RE^tUazMTSo^o&h|5el`DH8
zThznU{dSolSu4gQyyw6$IcZXbvPmQr^<RdLl0MkG2=Lq^lp(~{e?2?=>$&Y;&j*E7
zxX%B2o)Xs}JuT##CFvZ$5>|jsgge^|JX%4aRu0#3mA%7A5{C7j9F8D#n73otE386y
znzu6<6W8E8F5KMt6J0B@B<_?a?ysWdyTw7G#L{r@c}0Fu9MgW97R*pAiusrhizawp
zxT(7)u0eZUxH-}nU2A_R-r8M&sTaEzeZVI;!-wM?_4FKqJLMTC<P|NJkrL`$NM=Wm
zOlDRLZd1T*DeTaWb@!L9V;WrBwS|Pf!w#<H^n66ybraWiemMd_HPbZYuoWx4E=46b
zQ6s%9Oroq*Ev`YQY++u6iIgCVF1YazzU?3U&Oi9TfAB;9;EDgiXZ#26Rf}P3P^H)9
z-XYd>S-B_)f}swf|9@v?68@Hm*?mmH=&k*)a!BYux{@+_U&VHvT8ZhSon-#yA-2^o
zLf7bPc6>c2K-pK8(5c6OKt)nah{h0HDqPhq7ym{3uZ}22=h>Hw*L4?Q@W(3tLv809
zWj%VtkpY)8Ber%+iqQIHM&5{F&WenbD4Rv}ARbb|_~>lV%zRo{mitxMEsV*Z`-vIm
zrLAPW9^aIxBImt&#EwJZPHpFIy}LH3U+3cD>%Pf-d7bYzlM~W3BYo2+z{@Al!Ozzr
zpQb8DG1>a5p8ZKY`M{F;TKWq>zrc7r4k8(yHy!Y*?98FHfM+`ZZK{>MSgy`MUgeF^
zOxDDVEt@$kzDVuF9UuG9)RUj6JL2)f?-E=_QuN{(dymJ%Cs3c0oSYozcX(+caYNv$
z@Y_P&VhuNM9rF2m{c27DL-QZ(>HlD}Pk`ttsHSSGPUk-@7{g|70@Cl=9YM4NPS`4k
zPhNU8jvqWS3sTl~*|JfxA2Kw@kGqouP6XmPc$*QPe<4&GogD5x{&DfNHuCFn$aT-j
z{+oR5^zzup!;{kFHIA^~iqhC_C8J=%adX!ACNh-*W2@h+YHF)Ltf@tp{a}khfQm_h
zFWAYo5Ay(Dg=^u|9(AuPYlnQZYUw<`r9U+Op6m_b$<aFxogPJJc~X%J_6;f^3bz06
zBavsQHRR0J6!sJ!eh$4JeNiE<6hRMrJn>etj1$$2QwjPTw93Mg?ap|(y-s0;$rz?%
zk4?Fef7kbC^&5#EFOJIc<JV_#{9CSN-YF-+Hl@8H8ONJ%JNpN-Ix;Ka=3QOXh)vDl
zkhJ{RV$uouI~G5hJtshYs;G440tJE$%l~Sm`fz0V$Y&mM&u^G<{Tfp{(|;lVMQZSH
zq;uUGs`*yd7&x3S=n`PY-LoT+U<T`^6+HDI+qiypNqB3@dZr{Qepp4FBCV0KTl}N3
zT7>g%9kmH3sF$JxB}OvIX6u??xPZN7-d3PfDaf*?zDdQ9$BTcYfjF!zIoW_V@f%H2
zuoJs|zdM;RaL6GW`Tj-ycKMl*KlUU^gb@RV6hc(2?RM5Av|=9bu{jv&7;Z|L_f=LI
z-W0NZ2Nb}t#Y-2#J9clY%w%!k)7*fLjwGz2Eljp0zWSmd;~~}KddoUKp1G2Lr^p3M
zc|G@JVZ?*<E~eZ%*1x;YQTv-P^mA|Kek(vZd`;XT_v}`n)b+$Ol=?2jNoBeCj*FY!
zL4*)-Bdd@yAUyolYUYZb+W&qpCJ%`p>3fkH!4dN-znnQ63+6V6nT$MRD>2s1$}`}v
zP7wZrnsH0D;-xV3S;p4gT7%w3DueOqUgZAGsJ{>mQ=)j$;x_Sx&;`xc2zJL6qJ@}X
z<A#`^?|KybRc>!~RbZ3H2bXhqolkOiZ{m;JReCqUN^|#OKtRrQ+;7lNaov*N=c!@>
zx2OZc#m11L4s2NA>Rhg^9&cNon3~Bx#*XcHC0GHT!4f_u>_}~cZI?4Gf-MrZCNMb#
zqLp$^gfg9RcvH}F)M9l}JXUin9}nM8M}W4!vFJQYB6Kfb8mg3MEXuZ~hNnlek6s}t
zUtJCT<nOT$SD4q<;#HRddy+jPv%{0-YMKB|l~LO}15N(47W;)y;!2L;02sSM141dG
zzp~S*#13CLzp4hThj?p<31g}qWoQO`V>D}Me)&E(n*M~fY<b3TB36sm>Mfwf)(8T|
z1OsB&SKS+6eS&el1seKFe>J}WfSXc#XaN&HU-Z3H<eMeo<OwOXD!62YgCYw>#Hcjq
zxr{%e3hJStfPwL`X~NZs)NCoYgiB@?R*BT@pi#LRHlFwrLSAe2?ultS?#T2@ax?jQ
zyxcXwWH*8S;BOp=0I^{Dma#|K>Z#M$;oUpq+9fKKQ9mAw{(JQ6iGit1X=TP_-sA<W
zH_!w1QCza4yJiTK<=sUBXzwe?wh(fC!<q&EFab><H(Lv1n4_7pOK7jfNLGh-j_J=-
z>w_t6BXXhmw;%H3y0*wYMIHA~-+kBbKBvY*Yux)zYHXH8a+G&kZ+Avjfvpp^>Pq~B
z@1GJy1Y7_v3U8-syOP&?RDQw>5DcVt2P9QYx{EE_xkKfazNr`EK?_BWU&&WzRC1l)
zN6Q>473I)fx0;)Hl&`yu1<?|QU#hU;AkrQ#(0%N#?;z*SX_F7Qhlz&m=?1RXv+!r^
zrr{vRdO137^V!I!eC2oAq4%;!`%M3`wiY9_UX@5}iF1kiL)iJNQ2z^b&+O5Mz>&ag
z66^5RsMY1B?Oa(V@6@5$uhRn59Y3o$|6x9-1M&rz8<=f7XOG&USe<RZ4{;asa~<aC
z?)ESzsNmp5q(DVppaRuB9Asw6>d>qAP&_nQHAco2BFy7l`jJ{xqPYv#m%Ai3B&>w!
z8XEx|p(7WMT6*JT`_I%95C*Oo8M+BKHxoeHLlOV@fbBpgy1hH^LwV9we8$Eq>9<eU
zrr)!~3|i{Dq3AvNhB13huStVHud66*nJ3lmzTJ9e;}!k)Ng5|^EZ}bEnUa)yxEJ2f
zRy17Hg7&OEgzv}6#^*y&lXMb5aY#RBmvpU5+T~*30H4JF6~apHa0-HJ8{tRjkO8ga
z8nS7q;|}Z40{Y`_6U9?*V*>g<v&*yA+S)pQ&5&h(;=_85$+14Q-rInTC&;>SxNhLo
zTOlYc`SEdjOzr2&hiokG>pFIps5m4q+2hg5{xn#?-WXhCny2;A2XhV4;Dki4AZLur
zIRy72==mepOFBD&WV|Rv_|C!^F{>{_{19l#{t*M$Q0+c9O!l!**7FrAzKNeS-*h?v
zr-1}dh!2L(OM;PP5lhH3Lx^e|V=)E|k!Wpx-}Xvu)w*5W&tWAeL2Zrw70tGOJR8Tl
z;owPZR_L0!oQr#}Q^0VtTH!|7p>(`UN!h{HnR<7VfEp4*dXj^16uo)SVu#CU<ueqc
zy+=;p1W&f352&fAHG6Z{xM#H}qRVQSr>*qZ*BLIR6)%leM@yAUux#S&t~1MRVYFVS
zWoau&-IP=^cw4r8lGW&z)oaTNtI}%AN~H}x$hDP5%vf7FztG^wfO)C)#&2;`Yr2N}
zo|p2&V&(bE?k_#gtCZPocLqIic?d>H!NuGkSwY1!kc{#ZI>d{8R09^9oNx?HwH?;W
zRwWlZpe{z4IWf_wMoCx$gt;Rvd9`G>8Clu^Ov=}<%H1wRCv8r>!jWcbc3tJ|XrT7d
z6O}2~8YJjWIlEU`x!O}zxsdRBe@|Ce*|@cSNS_*Izuz{T)jK@R$l!DM$L$NBqp`?k
z<(Usbd%Xylx%0#gu)w#yN2==kO_L8MYhq(=NxJ*PlTBo-yZ5{8RTT*>4g8|$H9ptW
z_n)8$OwLPage+>)^WBO3NJf>resmt^J=s%h8_E3{r3ALUQ{KDV>wzARd$Q!;cj&lq
zK1oi-QP63-wtAdfwE65PYsFaQ@7`GD-=c4AxFA4wYr7t254j*{yViPk`&D=B7T*_F
z?Y*di7xygxtDy*xWxayTRF|D+j_~eg?;XmxahoJ528n>@xR>!asEAyHq7W2pD{bm$
z&(Kw8L8oFf=^*IO`?tXjpjZmtUUorvz-}DGK~~JIY_F&I*>60o-g|+)iZ|$h2F%7a
zM7jJ=Nt@`n!}p!DSeonjxCL+PiY?n0IRH5YmaYfb2qFcmovM9nJf7RA5i1W1yhMyr
zt3%+fv`5Q&i`voA9h|GSD%PMuk0p^mh=ZwwM-Ix}+sj#Vcbkk)9u6+$%h<+;^MkVC
z7bhzZZECMUZg#h(up$k19CcMf+=Wq#?91&m|45g6z(Kf=-#|ArNBbrBCRPe%l9%GM
zq{7M6ETo-2*n2p7vS5Pzci^Jd>u0rmM<$l-e+FDIB?0@0%lc!F)HsDtypTb3XQ>WY
zwyJwRmh4NULDL7AM?<$JQD~Bbqes<a7-}Ao3^FZ2l0tA$mc?Mf-?c5(JWXlwnjKHm
z(=857%8oo-J8s?C(*2P>6Fv1hswOi$kLURDG~{$98Oi>2mZZd#Rs>~1;+up?h78Xt
zDav#fK%1Jx&5y6BLhpM!DR-W!NUR-Wk`uWNXN1~U;FTOt$dGg1xo0)Ub;C8rRvYqc
zK4+%9S@Nizy|2!*>4v#wtOVy85zZ8dHDB+$%VGH9>U?W{@cha%r;@))zleCs&6nb#
z$FKZ6In8+%ld+x&nq)dkTl=51^KjF_*Lxiac;n4D7pH{GUnQ9e)o1+J>jXaQK6T%&
zT?G!j`2zY~&!ecjgS!rPJ%bkw)cSJYMNjRE$`OMS`RrJ(5Q*UISgaT08Qdqcsh;Z*
z!6d&ZCMA-V#n88H#kxeh=op%is@BNHVJ5O7P4Y6we(mJI1wD;6b;qUcUD>i}6H9v*
zV+?|{5hCvGlx;qSPN_&L+@85HdQ%b`Xp`uDcudjiYzBPTC3m+^Grs1Z#mW9O+isds
z06{Ah8FW*s#CMlv8vuH*#HUQCe1aVz>7W3%Hzl#E2U56CcDT5XDa(*50Z1BDc(z~8
z^|41wr7BoMId#UwtXd^{Y=^0U#f0?;f^1<yEY`^@wL5WrQ|%mwdsxUrskmIGp=TK4
z=dVM^N_d{r<$UoDhfp|?jycx3bcZ&|6*A(6o&g=YnO~9WZw9+J^8N|q;i?d)LhQvk
z0M-Q84S(bhf?R`|bsHPt4W4;0X5LVrhKah;{C^^2t0FjawKtci5G$-a)pi!mB2H2Z
z)?h6vA77ut{3IT_{anduCS3e$wDGQj1Ir*fId|7$MJgvpU=;u$A!6e@!<Z5%G&3W_
zPL2*>4Nz-f=xJl;a!cv?E8a{sE9qTUbT}ig`@67Q`A{xhjpK;bXNNdRO}|~VW1x;A
z;^H8N_$e_{F&!n|m|pvwsPRyrrJqG_q8l?);E*Ij@mDPv8Vy<dlc7nMGl+Sd_{l!F
zm6tUbW1s^!!A4fsL`mDgC$*y?Oq!|uYh&Cwqp!-r-J|ghXTxefDu!-P9NiMR29SXN
zqR&qkWs@RuT=L^i%N^|LkTrKtL=^bo=ZK^n>rMF5X~t`^$x~l;z<KSlSZSI;u8r(g
zu+{lwnd5nk30gyz^_@bS&%(OkK1r}@!G82+N48ok_<fjI-iTrF0M?RX(3&Vi5Y$q$
zWLDBJ*T^B}jHa3fPT1J!JB7OS;)3kX+WrdRz5`!0nenmPKr~}x;C5sAu|4$L{$Fum
z8}1iNZ791FEIUz)d0ppvBnB<mK4nvv2vS6oI^UwyL9s{q0zoB%FI@*ENYvMO5+RCn
z_>wl~X&|5_E+8t*<Am}QWnUHL8WNUnWR7knQ*TL3yQyGtm0ECpxTww^kHJUl>v{ZG
z<Jrze(?JaXM-F2R;w?$co4az*cfLsLzZq?7_mX~_$9g3Grr`9qL?8i&3Es%X_ad$d
z;tkvSJv>{dR}$Q<2WA_w>9qk~LG{YGol7pbQC7!N7>eo51bt=D!j4FfB88`&-3oOc
z-Mv5fUq3%Ox-h_(>H3uu`Iua!qcFLM-zinmO;K?kaWdRgw4MJmGM%Sk8NHECxSWNJ
z<*JqNh$`}H1;04^wrTAB$@_G?ZfLbVD9YU6@pK>iXt)vCJ8>@885?6-27-1Hu*&9z
zZagh?KgR6U+;ct&lt~+TwdcV@ofmJ7bD6HU;G?bT*=t5fi@r5kLpwLkPkIlWX)uSk
z=<z3-1Sdq>bnr*N%aI4{@Olx5w?HB}q4xE=E))t~)JMWBoX?s)Pw?yP`_J1wxjP|l
zCH=j0{J{ToX)X6QR(WpnzEtV(41b%V^vsZTL`0k6Y)v{V#3#aY{RtD;kHVZjJ5cYy
zX7{w3R5O<^#?|5MOTifz1~Z<+{yddS&TulaDgHg72_r!qz@SN`zCSY`LQ@Pp@irKW
zVNI+=r_mk)5k__>=d9vQ*py4%9-}iJqsoS-F0WPRP~0MgxS|tLr8qKr+yJw+LV^Vm
z`#LH^i~@GBkQNLKUoU-RdGu<uAarCwDYg+vNU7b^{jo3{GQ#Q>^7Llybm#OA&-9`r
zh{d(`oygpbF(d_9T`V8VQ5{Sw$72H$XQ?AUhisP(45xn>7(8A=+OB%2`#Svo#T%;s
zC7l-mPl7;bXP+J<e&;}F{uh_h@Rmdc=P?V;V>wWe$VATgQ_0YS%1Ztb#m*+eu+Z-~
zOiS)~ZHxx1Aj1+7RIVtRQ=ackvzeL~OBB7u!lW>aEmGz#YBJ@U<x-J2thOeMOGNy2
zze>=HkvW>lx0yxJY_%u|mF;M^J7i4Q3}b;JG7pJbMJB_o&vf}z>|P6-yUwVQ%ta5-
zg-eXtGE!u5Ojc86jEV|^1Nils7;=7G5^I`Pbs2;^L#3)ix`7cdatH72eKRTamRZr;
zPSXcNGxwZ}<n@iVt%JzsOt-N+6DdIE%_Ja4oMdf^`PJ!xs_^~SSO%T+4D(`E?>Rc}
zei6l!6<kvuoIw%#yj*zOjafacC8Z$GyY>%T3fJ?wj5wm7{AMNc+F=ps_o|3-)7@E7
zgVl!y&U1Nf)SQTUa=bOEl1uZa2e#kag&HxyY!;&v<hFv9XJnKn^8_HHT0YfVd<Kr(
zHk@_>?uAPay!+GtmX^PJ>Q#np;$b-L$(gSrP#?xCnM}{z!O(_GiO=#tID)<Z*k1Rz
zt-L6GxD%T53peO6+rY*-Z&th-TjItPsui~ok($i2NK+LCdj84NO<*~OU;@dOGXMsJ
z3S734!dFXjyEowrUQrEQRZU;NPC!*n6=DXcrl?v)1GiGUMjc;B4Y+axqTCu%36Ux)
z!J=f12{h*%LmI0cUziiy&AFRYvM#Nm0+?X<hLzLx&2cmq;a%`MhJSrf(m5ET8<x&N
zJ2>_HU+6lD{m{1aUX=JFRo`@|jslL5_c!5l{36`fduBM`W}$zpWBx0(jhLEETze>+
zr~_N;m7BGLNMi;qJH>-o4|^eMWW3<pv@u%1C!hZ@KH$^jK+xFF<z~-nvF`i+`(QLv
zcEZ-q{|AD$6Nuj^kuiQRj*UdT+kZ`t=RiS_XAyyY@#AFv*%uq>=Vb_|0D*VJU~OEq
zFz&?RHi6-k)!{c~*~jluNqn3npEd_V_v){Gr4z#+up6!4l-t=&`k#H1hvG=E(T@yW
zmD7*FCH++4?<?fMbC!#Rpf3KB+2c%{CXKIk@nBV-Ngtuxrzc2XuwOD5G+6@g4~!vt
zI5x378TL*X_|6uQI*-u1T+cqgL%9;lLy+9YzD?URt~i*lluSA7{7nYm_V^?gBjJlI
zf#}9kU&9|93_0J5lHodDCj}KL;d_sMv6hHvi_LCz*P|j-fz|B@p1C3p-=1?-M^cVi
zN3=lYe9dF?0&G(Kwqau26Ol%#yr?{9J$XCj3hp<e6E~$Ix7E=DXTD)9uYCt$o{jj~
zJTf6G2V31>GOgX&>rD(yxvj$XH`|RFfObo>NHQ_{TEj#XX+Xek?E)P@eR20Tb83Nh
zC7|{;q5b|_=;Z$dzP(BfasYM2g`U+Op9R|T$LPBX6H(7}$<silb+q(kH`HEKq9<5{
zAyP6raSsuDI*LI=TE0Qtn>&F=uq$jXc?Qep)K?`*2}IYcTmw~4k;Sbq^eSYDM*3Ga
z9u)o2mk9U7fGJ_Pl;GjFL~_bE*uYQASDJu%CWv9?<{=7-<jo?$9#28$i|%AE;2OZj
z+*ySZVFUt6?9A#D3?o;-Y9Of=Rvsw-NSW<|L^WHXo%QD^6_;e}l$Qa^2#FPPqg9+j
z2a-&)gQ8j4C>AT|1~iM-nemL{GZ{()%fe_X_a(u&!hz6PxoZZJ>*3O!0sml6jwWG1
zng^28|JyY4|7}`B@$W$LnppDT<ZOs*#|<Og^K8LesxgO)cq)E6f=e9nl&BSS$C5x=
za9!#>8DI^Vw*Jpwfwa@E5Z_c^U~S49c1MmSB(g|Rpk-e`CNNkkR0whcig;L2prTHD
z79hpp2Yp=}vZH>Z7@K`rau5m!?K*a^FUqoDv?pyW88au4M+|=fAyNYRf3GV{beNHZ
zoK8*wmFG8Xaj=EfWd7YyRe~wyy}5LN%_HH?H)~X+ov3yO9olB7eflj=;M1?IpdDE{
znCd!W2XmE5@<@9c!=V~F8DGrXodd+Z?#a-T5{*329o)WcpzC9Qpe=Z}AmH_yJn|)Q
z3^^F2Z9B;+kiu+E7$MizFhSsX`VS1GZF$lT#FLm)hT$bie)xJG5|nA;4)I?=Vji{F
zL>=jIr*U8VXg+KCa*8msR)6@IcB8RPGSZ{2<0$iHFdcVlM!nMYafo_=@1}jsH<5RZ
zTVVTcmO=ap@AHj-K3Dpj)PDzH{<Z-6VQ^<>@-r}f`^Vc|NuVEySC40IiQAi^18Stb
z-T&sCeZ9cn@V7V5{XYNdKfd0u2M2)O;zIv2_{Z1Je|)_O6VWedbG%DeH!=n`r78I{
z`X#*?79y9fXspTIni`Z0+=kXy@(G~TCcz3UIT8S(tKlO6O1qDom=XX=JGN>q4rU6J
z!7PUXR-GW_W6TBlqs&YXlzLwQQjR86B5tk7?Ah%Xt;mdZTS6PR3+hYlfELJT2O9v=
zqxww0C!0NzPB4vapbfJT>y0A>B1V=qm>!h}^tzzS+LsQ%HP{eaHVn)F8A2l}1!4w|
zuwtVN%;>OzVCFv%ETTtRJh+7;DjlwcSh<O&6Rcqxdc-0sjTMob^$SMT3vfJhx`X24
zbfnf%Vy=F)ZZRwY0um1lLTjWnB+6$Wv17)P>T65o#WLJl3vbREmQN3opyex#!N^9u
zMPRZFgHZHs7Lb68im&y)o97TcQHQW^n$xzo?VS!!)$z<P#v~YO^$aoq<v{-=GW~4_
z*xGHlEJ(BX!Ph}Cm=Ccb=j6<CIs_^iZ_#w2n(n-~kPQOuSOPpbVuRN*X4w?M3^N&0
zoSAicUN|;BqYC(4j+DO75o3CF#=k;E{GwS3T~MK0{_C_R`FmU5wHzH*fOYUaQGX#j
zCUqy}i1EXuN+({f-%hJj-@eSbMYm?3CqPd3*fi2%S^q1N{ipp2EzK5o;XrbfQ~?{Z
zstey0&|C9{#knJRu;|yZi-jV!m5%d~L2x$b<p|==!s4&zWN`JHT*IU8n@r<yVeR_W
z1VF3%?dw+4L~A(DsR#v@p4$~t&rS5i`}x}5kCF~d%rXG(q$sR8b-Qqy<qjzG#l+bx
zdVF~{@nxtXa)tQudV2UhebwQamy&jX&VV{h%H?)6qCfc;X<OOuHlfDb%MK+z_Hjv~
z-GDv^hEb*9$)Nm4LsZp_TV;~4Md3o{xoi%aA?@jPe=c9TTRw9{LRQA-libn%X;#%d
znKa*ALGsSU5887oki-cyf!|cx!PWKT@7Jq;SI%g%D9H|HfU!pSBo+{`GdD*Aub}*I
zSv*lw0!BNe6Z^pS%<X!*zjyjr;81iYcV}8g)UyGs&IDM9uLil~HU0k=R?GX<v^Pn_
z#&Uu#Uj11JpEK<M$2pQWo^82%clF1Sm*uq6wKm^OT35FK4=Qm5lyhI^)~2J|Lh?u9
zIu)iJS;j;+xSb%i05i6Xr+XvYh5ej$=9yTY?Y@4GHQ-2zN<!S7#`;d`A0RQnV|VsT
z{usx~A$rB~e^Jur928*)pwTUpkqy406C&i4#F2<B(OryX^9eZ9;==VmmCod%E)fp?
zzA)PuncOsBpq_eWx&6IyVzOq^Ol2<?-9cB;p`8YLHStyEvj6pERp~QfrJFJRB&Fi=
z<NCI5?e25&-B3IVdB4Qu;&aOw^~k<VNdKkh=HuXKSd3u7Ka<3voI?iR9JA9BbFgLU
z&syX$ND`5tyQ2r&&G9y?i1l~m4a2!K)upsS(M~EO&1!Q-Xp;<&E-I@V`J7xTh2mAH
zuvz`!2uv0Xx`K#Utvgh8)I~u`4dh*dA07oNLW(UtLFN%mN-EU`0=i-&HGxJ3W6nqu
z{DDoCYFd=NrHAMAa}YhMX@V#z<b(kxQhW)d)L>hYYv?g=2;mQ#Z4!kxiId)#d5CgZ
zbzwlx73rooOjU8+`-MRRSOMV|<YN=3_rHl&W3IAt6}Eh}XtGdZ+Y{7okbvJO^^6hw
zBPdFUP;cYceoP;v<L<81Kp~^fUFT?T=o@Bl`sXq?m%v7}sNBn?B><l?>ue|Y=a#eZ
z&EUPw2-4;;@hie3F<_8)m;;xC5;tAEAgaq*IRlzPKyNniP#>lE00qU|s;72)J3h`#
zMUvO_+1kOp?$RgNRDYH^GyN*;5Q^gf?Opq<T0eM-4r;-xg*$iEspzarhEI_{QNzg)
zBC;z=4_*PDu`#E4AhJt=C~*}J#mg<j3|Z^=B7fz=wBM@x{(@HFez;SkD&>&Yh&flx
zpk#zS$?s|7vg;C;?BhIDw_}}<czsnj$&dQWGn6v|$b`B*3U#wsBl%zMo>kK8wZoYs
z7mEOx5!4-54jW?}4b`xA<ge@@z<0&;7M{@O61<zCI1ZMV_Rh_MtCV9aNye6B994*o
z;R^1;Ubsb__QmXoBxJL0_|K=YA*zCfcIoMb_J6&6;!lyK35qyD&(=QOftio}>lwjh
zb%`0Xof9E+1`7Ga$cSQq_waRJxus%xg<2=$$57MHK#~V3H)%|+w}^*ec^-#<jO{vT
z8v2^w0GT;`^q$8>7U{$0I%l^R|1X>wk)$O9eXvluPXcg6vU<*8ADSx^C!tSK3@^7t
znO7Cou(5t-n7?QRh8Hwdv3nHx3ZT2Zv1z6K%Wb1axnv{n7vw++5`jcovaOcm*vAo-
z43debwHxl?kQd<a;CpD)dZ3hcK!NM1uUNBuiqrVb(HIvz2}&pSDOvtXjt*5PSyY(&
zlV3m4b(-U|WO#QV$B&DzJrWQ)-CUo|lsZRV7RF=HQ;IQgu2W0_h7VboD~!ebl)vI{
z=7+f*AQ_>kb}C7o&;0G{?<QSfq+K|tO9v6Z|E>Tel1eAWGuxyyX*SqkBsj;iiqlP0
z6UnU@))TG89a|`voaa(6hRm&<C-@`WE?g?h>l`DB2PUaBDWDSR!bl_kB2F*VYe>Nh
zzD!+>M6RK0Kp7|1NR0{PZ=JkDf1V^F=}U@Y5Tv$_O&9r}=)D&PYulT>MR)K{7s47p
zVkjg1Z6A)wpW-&}a*f7&VvA5lPPAk&*L?(wz@B9f$+$}!iIFUO!D)%Mn&NU25rZ^A
z0l^brI1U-*H~aM5hX|60|J$D>79kiC;V8bxp{1`i*Cu{YR)jrbj$L{-OEG@WN${8}
z$gIESn(+3!&REy8r%@&mD3|2}8QtgDx*UxcV`qXUv@m(^v>2)dtP-f;LKacaq9_SI
z#997#GuN+R^HZ7Px^@@#p<{d+&u|!!#1!lf6SHs_-F&bGOtlU|V_8ZBnZq2aJK=wJ
zV<!(qX<M{m62Dv$^>mIgxyA@jc?OJOV91Pr-6C%-1O(B#TyeZD4u~Sp58v1qLB)1r
z%WHk*b5HmdXeHO00s8rmxFxBuVL*>j7^w<r(3i-G_7l_30TcYdXS5zXf;VHMZ_9wu
zcNx+#;!}qUN;&3QK*wI6Kh%-K2{~@)y(pDn=zS}9ia{A0W9Z#1ZA?Ic@aJ9CHC&Ml
zfh_EL0BWvg(c$kC!rGYiI^-VO(NvZjVn!+0d>3ixG|$uf!e6r?P0gSHSRs@yU!Np8
z@JgfQiWc44O!Z@Nbpd8xf%VNi!Dg|}#%g;tt?j7BC)k}99Qfo!w;Gg%8hXNRo<B(z
z5Y&m5VzGr|-urLOCAGI$>GFB9<A>TuNosYv8iK0yiCaQmht5`}eypJy7+Srp?$U>)
zBIndKJnZo&syA(l7n%X!^5=NCt6VD@7C0@jC+e%7cUU~vUPfMC3rFl$UZcee9#_K5
zV;TfZaCYu>Flo?CaI-LjLXva&as#U?OYJ5tN}R^>4uOhuGHs<KAWV?^VHWqSeRx2}
z2>~R1c<O}5jyx6_qGt;H=T=Bfq$KlrQ^Jp6f!v2#z*7Y!OuxyxflWsZXz9TIjRG)*
zB?(}GSVHc;*Mr2o0>PKBR_R_~^Z7Hx5j~0ZZwGyF1IPcJ48s3@nnn*6NF2MCYkWHn
zxgP4Cz289(7O=26@vEwre|xNHT=kVhSp(jZIx{MfS$6Fna^nhJEf`FDbngF}1%xKN
zwTDhI?jYN1mH<)}9FuLDhdaAEVV%5aZ$O^v5@>dQ)jpb;bdigrFKJvZI1!}#R}QR&
zjrvl<TMKX&&>Yp<BN3DT2?|G&n3v{>z`>6ha2Z6};`T-gX5->?SaFJ0K?D6j>7TXu
zv-a8eWyffNmboxlQvK(Ug;I%CdET)cW$6+Zn(3_H8x|RTVh`XuCeYdf6{rNY7`@!i
z23J9#3pvMiR(}4+$^NdYgYvhq31A*}5AAgHD9mwX&lx{sev4W7L2{DG742qt-tpoX
ziS-c($S~6aBrS13^D)t0BZIgc3V?p0E*(bMqzqIjYG%r4|BS=AXk?17m&&#hNKbCZ
z?xxCvq~fStYVkl+66%Rxul%VLp?^;&@0QzK2V*P)y#&EZUM%y6Vi=(i*p{W}54^oh
zI2|ZAy1e|t!6;QIWR<b}rOJId3PhCVsK$%>`cn}_fsn{BZl%BxAJ&BJvOJK|IH-J(
z(w(G6Tuh*{be$J)X^cd^q#q6MSgUWW#llr6PteX&=aU>|<6k&$mvxusv4xfT3o^nr
zH^bHa8=meWlQj>+-SJrC$PWY~$+sDmH`lZ(@AkW>(bli|-1yaZ|LR-I;#Km?3<`k*
z?9P%DD=TFK8vOgsF$2mcUv*H8lP*A2Xv6W&7T?XG{Ut#Q_6hHyrH)t};8f;f#Of4;
za%Q1y*01CyPpuMUIjr*#pJo9KYvlExvBWDLM3N(4FP2aUv<G<F16a6(Z>Etr73D$9
zfBk#u_1pb>>9yI_V)xl?g15>ayzyQ#w7P3Ggc{ln(MN_7fiK-up`rVP_i6X_f_$Uj
z)>VZB$QueSoYbN{szsQJ0QuXozCKke-O~PstsFFn7G(|W#puMrx@T<cY96><y%yLr
zI0+7zUX|1dV6)9jB-v&+;Hs_%(-Vd(s6|^!MM?65Akr$QEdhz;zp0Wem4MV~&`%}C
z`O~+w#lQ&J9j0&4*g7*>Z8uU~PaRaYY^p}Ch}x7+zeuR9YDtRiEs0&zh6C=*z(PMW
zy)WR0cys`Ye3xpR9NnhzzYE>b>XIY|KRF_l54^gN!)a3KHyyiUq{cI^D#MBpsAit$
zFwQ|lvz{0p@+<R7iU4hFpQwt*B@<x*F3IOlL)FVi_TKN=ohN=L=_IhAf)IPq0J+ZO
z0)A~`>}bL4q}Ik3=@3<|%dDeyP@a9@$Que0X#ha$6-O3~V2VdLMQ#~3SFfg>vAr-}
z%3(RCe<7H4nsSc@lZX<#P`sPvzo>@MAlj-Su3n;Yt*PA3E>_&qvuR#xxQWG8Gxk($
zIBMSK*D{OcSWAD>J%(Dffg33$>V|a;@Y|S%4k^HOc|{ESM@C>mE%BRSn3JPi!Fcfa
zU<FRCCRD(>kKj%e(jj6$ayBO<oe?r+ldUfWm-$`XI^fJ$og=g~Fz$V^_Dw<uH&Cw<
zSnn9ZxdPsC9?F^%7_bD=!UkqZ-4VzrxiZ)OB6(QJ^MJ}K_R&-!NKuYdyiZ-qxgl-;
z@ICr+dXQrwgZVt`@MsUuZ1#I0gCCSu7cpnvw4Ga~j$kVZ){9xt-4aFwTrLXXVV5_J
z{$T?xOLEmYSCfI2u3NH8cN%U2i-=XjG3J13p)J3-OE59lAmF!hKj8dE>HKc)x?Z-Q
z0laf*%bi-!lj2gP{+HTL*|}F#mH>)P5UmD$eQ_IP;CW>Y0t*rys!)2Kn%gqWTQoYe
zm~mmvm<iml${A!-naG_gRbB@b8)f8U4sA{oo(zr~JCr8of+fNnwJ#VEkIOXB{JOT7
z#o_M?*fX*qj(OzdKHvwa*)ouxMHLY~)CdFmKuRE<ahS=d3KRnczQHxcLAI}TGB42B
z5aEZiG1zPbmY-X-q3B~-G&JZrYRTFa<5^wiVB^sN9WC$(8esX6-btBPkYcy91a%IY
zbtbA+SE=X+vbeljvG*)q4N=>hg5cJ2A|&bVI9~O-qP{2SK0x`x7t$s_vub1xbBj<b
zWbT)KnMaq*pUnm4zrxr0QmxO`N?}j=FYJeTpu>CG=*`d3b8x^!c0ER^F4Ce>+6A~(
zJhcEeWl%%Ain{U0bMdrJb!_cTa7+4>H2SduiVT1%BbxQ3h@DnBJ#34ai`a&zBv6Z4
z0ie2{z0%wp3q4bPYeYnC{qV(27U>TdZLgLmzx*-8(Xb;p0x~o&0Seldu6n<Gxgm97
zS#Xm@25zN>$dgRDe&p0rWH6R$T_}&SjjE*FF5AH}(&7#O?z_>!34*k5s0k`ce(7Kf
zgJnf8m7=PxUsRMZv+P<Z+r}V8b9lBQ?S;+&$0J@Vak(9I3q5I};$~w%SkqnjY69cu
zx_N}2rT^M%iQDN2;~krDrffgtgf4)kQKDWf5FOIcRNm0kW2a9_p&awd8YPgfaGr=s
z`4I|8;y4SKsj;PRjI0S=wNqEckxaGImOlmQPmtmjN~NCjuN}oJmTMNw1bq(%qHc3T
zui=KwzWXRY`O7y<Eq`q@O?^Z|uh@Zm1`5ATigesrpmYryB`!`~{l-e5DVy{Uq(CpA
zDNsWKpoctSrkewnjbw-=2k=+EzLOdlf%xTF!vb>oFjBtwz(BUN%b9u6nG&wtF1=BD
zcAc1JSunwTVe5y<=hp5VHB%YJbmyp~Nj%AEDe=Jq8O0_Cvc6)-i*7VFBjS<s184tR
zRiXUSqRJ2fw=m%ZH`q)V)q{KED<BG;VvW%8#tgZg=%W3MX<;)`Uc|mepfq;iNr^wx
zEx{AkKuRs-yI2n@z!yd8KyE|=H1^BOc4`HD@IsywbNFG}%Yio;N^{}2QU$!kZa*Vw
z6!^d^YQ@{}N}kZnZ0trnW}b0t!1UKuLPy1&QCa2$@g{&CiVQpxx;W?mSJzht)e(f*
zUfco~C&4YaySuvummtC29fDrm-JRf0aJS$d+}+*b-R#!Bx3#Z!rmCm9YifSXOr5X4
z)8~9$GE)_&UN4aTK9~mqnU41;si-*GBj5z6+bjU?;a_*ji)#F>MP#Dg<Dd=FG9*+0
zRG2I`-PmVow#U^U4MOB1+5m*G0A&Cr7=Idkd}+INp(K?|xw(0Actx=S;oR^;G=SO&
zJ5;Vrn?DT>24?80OX^A^hr-@=oq!0;EWjLb?o9jZF4EjtK&u`t+=PX}T2&@uj-cA1
z5vkv{%+H{ias2Nhw6GY*?1&iKdcWto5wPIQ0x)Rq*|`-uhFRulc7jj<lyh_nhb#s~
z=U=*mQLy1~S}~IWbRhk|n3hyq^aQ&~zZ{Tnm8!=D);b|POEs>Y&HSKmr*x-8WiBYT
zkV!i<WvaHBo^Csn50<s-zds-NT#e2hem~h(!M>#KV!_mB>n*B%o^hYjJ8We3+IXdU
zACDN7moD{{zgG)TXEI)5$;uNC<|xBh7>g-N47sE0{5~aKJka8S>AWG@!X+lAJNLJp
z6d`5mUxsRLcIq7U)&mlgfI&Gn&?i6t6CsOEFCXo&M>oT!a2S>%&Vyms5dm6(n5`>L
z{EiC=Dn9=kMz|X?f_f!rZ1D2H*#pesKmKHf(l#ahPVZ;Ak*DGJTu<$xtdqeu?_<^t
zd1^ljVZ%dw`msW>v|+ksMThV1eS-PNrp)5-)N<U1q-WL0hf2kSeP<(RwLX#Qw{Dru
zNGbhsQCyT_W8;&ycjUl0?k`fvf~Lkh+`O%E2{J6aQIQiYj|n{QZ&wSB4py)aam<-B
zMg_ISjdW}Uztf9FA893zhAT)2GU{c9eaG$J@_7;Ls&28DYp2IC;(1d3Hj?=AwIaVV
z*YRQMLAL69mM0Z@tRDM$$1qGZj}(`p_Sm&iMRjjC;+$SzD>+*fepvIoZVK8S^<Qg5
z?HmkVYSbEFwp*cEGx8Ui!z?Yr*DMA)(LkOYpsN|s+E=k(l?GPn4sf8ym0c<=M9O?q
zG1wYb3&v5ckwZ<>4hLX_`lRng{fZqmJ^y7I$udM$McKcr9miuTprw6Vk33H15*6)A
z$46tgl>w(c$*ZUVleGFrSI@;QP2B9__^Qu80#Yf#D_bx1y{EnJR`y|5StEh?Gg=gE
z->rCzKhv8oEBvgTL#hBT?_$_&HEJ@Eo>XBraCXxhelYa=e>DbK-(T}(9z?BY`)i|i
zUrVua{ic>KTs()$(Q*xV`1ppiV2?tw*pq7ZZ@{VHY!=ri1FRr$YN#tT>;sMpvl45u
zUbQ-961zSQkrZ(c1DzC<g*aNB+Izz<qM-IrL;`W)xlb*Ey1K*sYKP`#>zJiewWpuG
zN~e?uPJmcExgw!G1EmcjLuGn3A~w<BxDbdzZHQurt&!y4!ta4*{ZrJWCwd6-2NJeH
z6W|yCI{Y=o_@yZX7oY?MumljZy5tkXvI87*8Y>`j?WixWKTaO9&CdO<R71&mx@!^g
z6lb@V6Je$dT&WQJQ4^v4;{mJZnRa>PLfouksxD+XUIC%O#cm)2?NHmF=t!t#Q1Aju
z1i4Agx&dDyKVf&HSoWfz93b;jtxZen$wU4WW5W$101-me1nRQ-6Eu8wjWyx&hlKE#
z2FO8vM+YPTQlY6(0WgsH9?~}GRH#ZAmG*z>wDXoAAqINVx-r4<ub{?Q_o?v@Q!tr7
zH5;PpBW7eagwU3`ApoX58z66<GK-yy0FVcmLkeMJldwTtNI)IaLjUWj!=!h!$kl(&
zF76e~mIO%PTDl$_8p6$(@3o5$RgNh~zJg)@B4_zOGb$iBqvCF$Y8l&_{ih%(gJyq`
zfRyvBS(g?5h8eH~<^U~x;Ryhng#~3$-6RgigYEe^D^yD1qY<{y-AZx#XiWW(`W}qY
zA?+M+xV`FxfDix^v_A>pQ&CPM^e1YyGFbEBND=<csY;^A$|Dcwq1LZMXmJ#R5?B1L
zpRkvOGZY_ZJw7^(R~9eUeK-mIa6&%Z>e0hN2kF=kDx0ByvyH<ESaf{4fh5q6B-Fkj
z{D{wj@qTPk#NjA<01}#JEfRP%Cx1v^s@bM2$%}sSXm4dsl+6%xsBUBkTX=g>f4uE(
z&*=RqJeuGMF+F*aYw(xpM-C%|_?-t{H9>Af;uPz>;29&)!J`*5htMtkYM*C*871ng
zjy5@~Vvp?qBN;YX3zBb7^~%<@=!)9gfB~So{7H`65;Haaz#lg@al1y2m>T>$4?aiG
z(N?mM?|mkwmKRmI#xeqbuRZrT0G7Dcq1a<@@g_~UXRF7MJ{ZjZ%7DRKRJ`K>-?~WS
zx)7Td0?N9`;cxhimxOyDh%q_7oJ)qc1Gw9wut1mm;$c9?!p`&e`SyxZ>v!I(f{c3t
zOmqCP&WNyE-b4Ip@J+$6wAd$PBKPG)vB*Ue)vvCQH{c9~0Gy!|@YFWG<_cIqk8IyO
z7=Zc5jL_|S{zN2@Xg^8#8J)9T@Zq2XpI9o}J=Ea3q*#DG<UiVRSh1FOfn<IBLW#S@
zv0piJ_YWPw3J1*%s`$G+bsF0zWcjt)zD$2x(B;Qa=jw%B0Fi*#BAq;%>H3r~ScqD@
zHc~@a85`N3BR_(-v`lWhBy83l&~#}H=iExp5dtDxn*Imt$nI<>nEcjd+W!gbSA9k>
zR4Q8RqGkQ3^@+nYbj0Ktq2Uf3bjOMRkUi~5J2EmUgk1$DP29$+oJpiFBPxhE>5&ZS
zAla$qvH4io9;ey#5}kU8I*JXqS96q#HGIAlm9vv_L%KY~cbJZtfVW;I*L|GW;e4EG
zMK$b5<XkR(&0Ws6tN7tD)5}fqf#;X1364(#7~{q2<WtY$rOzA5N67A^?*uy~aSqxE
z+KCI?hoXmzURrtv8G%8`$<?Xyp+v7k^jS2R`?Wi(za3PKC3+TNA=W(sg5rF4x<<dO
zU}PI9U>&BC%DW}<QL*&<(&Iof$F%rSrI&PI8Ymx4R#|XcNwA)r6bn6LjQ;|pg^M<j
z^)pqUb|!3$(kayUJk6t!by_(lSaQ$C{^oGm!_1~EH$f+@<<~h!{h_WxNARwrr)%xf
z&`tC>!x}Cad-7Gle|Y3LHb10Mz0)``N869urN_gKFvSy>!1}Nu5*}az@dlMT2T{=(
zHB@7QyB<puqQf$33i1#9+(@WI2mj&QdFmY{wIg4UO(qv)oKtrHkhMyifAu=4geb%o
z6q-blb@@G$bTOM#c#<y8iN8Kg|1**Ey;s({L!+kO3ew27gloa=mb~O!%7ie`@k7$m
z%cN4EqM@Uj<RO;^<w^tQ(GP7|8g(MaPIGTlO)%5o(5M`3)d0Ux+TO3Wdc@*FJh@h#
z`}YTQz)RjbGz;>9pq2?&*JCThvAj@682XYK>Tlp3McJyhPzOROr=fjqIc!lGRl~OB
zXBv6(u4+6U>9Az?`fmJ}G0{;ZUnG3ePp*8QrFy%9$X{dU^~Drn3Pvv3O&UTY@ApBN
z7E_ES4R$iyBn3V!)f_(>7CAB8mrn1zCch?hyzhjPNB7i9Ux0(deoEt*ZFLuZ>=Gf#
zur)C4jHKR2q*4Ylyts@^;DHStNuCs~s{v&V<7*QMc?*s=@rV!YMF)6Ir-lWfG6$`a
zIff^t+*%#en%)l;X3hp*h{_M?kJ(}hC^Y{P8$i*bh)yAt{lea>3T_t)fM8_zIIriy
zy<U}l;2(A}U}btQJnDWl71@gDV?hXJyl1anG%(S!ND|#rB*E<TrFtDBlUo}?eC<It
z-C_j=3uf8Tc^e83^jxl5-v?LHyDsnLy0?m2>`!~dZsKQWtgSC&eSEyP`}t58yn~R7
z!l>to&7h0Lj`YfUv$P}Y+|F3u-oG6s86KaXVJGJvsZJ;k`VFbEQp4tp2lL)x7JBA6
zGno1O)eyht_1<vI@w8s`tCQV&#pvTd*`GTiTpr32J=sP5C~;fhZmU(`l?*it?a2PI
z@>nq_s&pxt{l%abA{4$`dg>UnFE<}qoCzQcrJ3&1Gc(4oqr0RFcpql86Mxr~6X5FB
zPU0=CQ4gM-@LzYYz}>YJI4u4FXyH21piiMxOgaJ#0A{|Kch|kw6Au;l?qo~)YvV?F
z9UKZ*sbosNQ}tBFsC|l7z?9v}eERXSqCY{*S(I|KrsVkL;n$a6=3HtcmiJK&*kB4V
zL-OGW=2oH^|6DLjxIzjVhg3SH1@?A9XadV9VZ+cNg9ruVdoq|!?4~<H91m-Tk@5bT
z*2b(^s$jusW7)9f#YZ=0S-Tos<;Lj<YkXf>*OpC8VZ*MR*icClAAdg`&$R!8MM60~
z247lQr!<xiHp6;`1dR{UJWN08JMA_^8i=82q0oeKhOmpeK{@bn5X-cE?0ueU^sBJv
zf!zcFHf}}zE)anu62hs_NJL|4UU-{ELj&(bMyEVT116|QjIF0;m#iAWw3q)e=>xsX
zf%{^ZgOA#B^h>a%?TmV2**xLxt$rHBMLPAEC5;n=jH;xKCG`YiS$*fVw;~0h6$$}z
zSu>p4R6fsk(tP2~*0AOCoLT{j=Q7VXyN;;avgC@BLv_}(vW05X_M%GTBx=&KlkXie
z84Z=K%M?%MObx=^@~h8DA#*1Vzty$mqvX||z1}i0^HtIj5s#Kce`($-68S8k$}SD1
zan_)xxN<c#%&4Yn2BiNYF<;>_LztfG%BAJQ4Pu8ce^1Rtlj7s1>~TFsBf}y{E88LX
zL7nldjyD&Dg(5#|_oqUl9DS#ZXZb)U4=((K$8djr{4G<>H%A<}5%u;KdA<_&>b~|z
zq&V_xUmcJA^0>|L`<#^BlmtEMenr|Xtgn>`w>13aexf?$k69f{rBxLpTDL14t<BaZ
zc{+3p@K((Esyo-LDCLYI<ukL}XKdr@U~!Cg+Kib`LwHBR<e$>W^suHw-IPk6NOU`k
zsG%w9yuY(6Ckaf`wr5u|!<a|j(f+W<&Q*ww0Wt*7^>I;re&M$8G!7vy#G?M^xl=<M
zl%DaWqGR{CX;4d&lRne9ZVFK0wgR>U@-7;(TjR5$^$G{(bQG;LJ%_{c(SJy9zG+;t
zPcCaSBz?^qx|`KDwR>AmSW!8aM155u!@-S$m%{YCS(@4g1vV9nV(8M}hzeN-%bPF@
z)y+?Ra+`X<lx3EEiqWJhul8$AbZn+JDc)(=G$}TA_!XPX0G>OM2!&B&1z)bgUmy_^
zWNktn9cqVVV9-sc7ZzY3lDYUW`WuLooXkI|VN52F{Iz|@6vF*)!a$p7MjEmN)z80S
zmqCSF+;frzNrwBn6-wfXG7z*y0o^$889Ne*k0<CNIzhU!PP7AM`wIwCS`fmnz=AZR
zI9WqO=xSL8J`My0K^f6x5AQFjY6)H0dbks_9wl3JMTlXo=_W+z)8<Ub;1VLSA*_p^
zX6zXRkq;vGe#_k;yJ%Jx@<?+@vqc8SkMcK&C!TY(@rK1SOW@4h27L8kXQrIpOiN8E
zFI>gkEsZ=Mbdz4~Q@F;F4wafgIG@tFIBjN=CVfIc*KXp>`*B|+A~O1eq9L(8Q*-e9
z*9^@OF~%N82I5)EYRBSvx3AE<e~Pr})8S&RTm~E~v#*Ja;;p`A3e`%~&2Rsfi?76f
zNzeQPwzyd&B~)e$*L{;}N{<sBHz_w0UlhxTuQW~av5mA!_rOF~B9#(CK%nwK2O?1A
zxC97;d#@xrKq;XXQUt2<;%qub!xpl_?4Y@X@<dO^Jd4x*#yzM|sSIR~^BLtv_Q^He
zJ^LUww+b8DnlXAAKY+zKm9&&o3LnnQDwg!0dtPof%$Ze-y8t$~*nJf6*s^Fk@3?^u
z{A4JbTRX6@MaMmz_x4!PXHtxMNN=c=*QD8M;|is2B}uAE!Id}cP}sEXP8lb5DOwhf
zWhDvJG=x^`nRb@0RE#x8ZPFN6;p$lsP~jRouW;ZtY&ld!{0LLG>;Mu`Z~Kj8(x_8X
z;VO@n7~JoQBxjA&)i8ldOO`eQg>Vi{BxS!SqZ<v@+mXkmDt#vD(bIXvKwll{%<>Cp
zGfVM5wO&UUmbqLiEk__X5G&|`Hp!P1f~?bJl@eO`18q|4h2a=0jKVT349h)C45#&?
zj_w#s&jPoEuuB|>Z$g_9cpCW;TXaB78$C)6rv;u*^qh((r>JwmY1t7u#?DU&-;X#k
ze{C-d>fxQnUNKy-b$-|SXfW|m2v5{-vKV1oaED0ygRU?;qONXfovw4LvF(+_zqOeD
zWmG$>qTDXFc8tqHWB(wKgR!?7_sb}XNrIq%<PWD2&0=RUu+PR5jW)ZSOI8LK)ORCN
zrNxkRKp;UXEv)vLoO4siofR>Ua&;;}jFax`Yfy)^z+4#YyG=OG>}FluXx5)Zaq2RX
z+B`P&0(jD}gNc+c!=zeVyCLS-z!lSBaTHAliCnRxJK=Rr{F}&uH7uiZM9uEtJtY<6
zxA0tqdtCQT#Zgm;zJ<fpbnV-6mGyv*AiPg7GN@r?3E@(Vzv3__X1@G&Mh{F(`(|xI
z;olHJfh&OnSMbxnWw?QBQK%cUhEc8G1AdEBgkl8Jm`991sJ|3(WNlMb;@c}DJFEoE
z^;~~PDycqpUEcK5JXpQbT0~k^G!o0)aq017`umZ}Qyvrv%O}w|ZQf%fN6dVe1TiDl
zKRnH(;;j-`EfY+v_0xVcUPVg`RJ8g-opV)1+$UI+5etQ>how>)et$+Zkb7eBzuX#^
z^8d}PF~O|I+~*!#ap0sVQ#H)2zsDmf$9`d~Ti&qqd~|dWm)pL)zgE#pA3KR>OHcRN
z&^E52&RtB8%!+?hdMv|>%_gYHDYEHTy*UH7CVUDX=M+lVTPm%23BE463p>aV1I)!Y
zka<J<yMpZ!4fW1b3P%33-K)cZnDc4U%)vyfP%D6&DYXqZRVW4Gs>G>f(90!@^$?JG
zXK30AUlk_@ptRBC(H!(QH|NnA6#~Hths6F5VnwL5N(6t;ovs+hse!(Eo+r&fq?=ck
zzMVevPH^nSOw~QHplVTOV$xPd+@23|OK}KSyAIasoA~e@>Ypq-%^!FbsDEr+-Kz=L
z^l;0Bo!!7pI?6lgsD3&AS{CgB;`EwY#vE7%$@%9Fc)&3Klx4u>)=-KB+6a-Em7O$)
zN-EBqVN*-jXI|8AqeT!cve=B-Ge8z9I&y?d(AgYD#MdMn^R$18*mo{MVlT0XxZf<C
z1E7$iDt8_f*UbvVyw<e3V0&zhKJ5fy*Zqg*pa3?QemC;}dJeq)!*ft(0%i=fBW`0C
zqcg3pEQGgjC>+^R$kKK~g$?iSvDI-(2L^^NtKELwSzh)OzCg<0`8rFee-4CNLJb2h
zwEr<w6OHWCXb1=_n<0T=Nt>4XLqJo~&XP2|&}N^fZu5g(LfK1TvdukDBz0e-I~IG!
z2xs?eN3V?CRT-*?e9w$-3jH*F8MQegmz<Q4v@pM_c;51|mP!pZmWJ@iQYXetS-`^r
z6f#uAeT`H8HpntUQ5aMRyCnW`z7~}5@jF#TPx2XoZI{6cUL1aah)P70f{&4)-c}r*
zT~0|asuuPRKCfy+<@nj5GuX&+kM8>^0}{>1kL9M>ku>YDxRnoyO#R_8AUxJ?ZUDYo
ztj-1-nvyUI&G3;g5Nj73QsQg^FY*t9T(O?K5*H~ha)7dU41me9>Wja!4x+>v@iBJg
zH<4%$s<<Sz@EzTKx^{crPlUma_LYoqI2|;l@NmJ+?vvJDTl7^%dw2fZI`k6OZco5p
z;eQ$Gg^@w74%QT?XGR7XZTI5IIqF~Xv!I?K#4>0iO|${i$p|6{WQeFX{^n3(c*M)A
zRe)&;c;aQS9veLHPmhgyh81A00b`buQoD-Qy#$!h|7w3PV)$!JYqC5Xi>u)nYg7H7
zBD)z;NJ;wP8)U%oC;<_4*#;3Hw}qRd4iO2?pF_1-#VdRg4}&I-zB@4A1Ce7>xTOIC
zs7+48x(5KJm+%Ac)P;K>up6e3YI6Ny=9Px&`vb}<mHk64`SCXM@bdvc8&tw&H4aH3
z5CbX+?!QPO>u=2oRam+SB{i)c@&=!5E|2Qrk7>j22dM&<!4iw(NrvC=M`7*-!Ov7t
zOn-piDyca5trnVt^}^yh5tvaO8USpV8Y+Kr2s*^?%F9sQ`S>Sh9X<K{@1oie*!0ok
z&~)0TRz}O6!`HKj{^D0voSwZ0^Z$y5Ku3y58#Ht1H+;N|J--aU9SBx-pMP9WWQ7F!
zHta5d=sZE&U7}*|`b3{Bk{k0W%4E9G4^0C<SEEx-?J{a1Y;Llv^(Ig$*fNk;H3!fZ
zNyqGtMQlX#@4)=lz#4JB`Zk=+$H<EDnjB;r8#wChP84e0Pm5bLofdy*xK-V62Rdh7
zDWJ0D6HrF&5vnyIw&J>j%7#$-%XHoG+{H9QaJ$eVY@+Nzo(WHMNzmFTk=JK&^)hC7
zm=qTngD;TWp8_f^0dyHS%B=DXkzK4b8T$=&5Aou>pFHODJ4d~DMEQE%aig_#d#-l$
z_42i)1uLLl!C`S(4%B^6m?!en{d^4b(!e$qKJa_EA4z&%*YQ^Bd*$wzUtN0KK3Ht)
zyWF}N#3}yTbcw$6aCv<L`{oK~$odzU*=&odAZQf*=`>}rXKd*`W|A=N%dDWgt&Vf_
zhe%AnrKAbu;ogU64!B@jrZH?j!{j91he#@aDSr&5tW-Z^TIbHB{^}dca=~A;;7sLV
z-VJi(((vZ#JN}kV(k|d-Ux|PY-L@}M7KAdbj-9#akOD#FN}EOX*{z|L%7Z#rO*>`7
zz<y(v$94-IS5QH=*knY-$=Swz*C|ERm9N8H)dnvQ_N|IauNlojR`6u{*8RO*2jeMf
z(69K50*uUf*sMzwQjX4&*}cz#_g#~M)|5^cz|i-x44Lc_a**QmBh_pD1Huh`8X}>3
z2#wxhD(7(8K3FY`*I<0X^h6ouT32mJIYh2pP78NolbYo^<xytps<aPsWOt$1LZM+D
zQa~q5t~x{Ua^XE{Q^awgY@_<Zk+$6vs!C_?o`;A*qGvGK`%BQbZxw=ZRwF)^mTj2N
z1THW23u4r^;h-SvQD5(n?_>K_+JUz*%`v^hCD(fFaoOm}j$3c?<Jei<Bb{<RleX{7
zKEXO{i;ZalSNM@PHo4CDo=b`%i_N>lFQ)=3Sko0{zoWsJAj8bf=k;v{;km%eZ|)Z{
z@K-+TROV`IYjlKkZeoKy1rk0#ei~!2<LOyH{X8tC{#{Bq`1W_CaM$g81(?j~Y)yff
z>PNOm^V?;a*bDhCNNU@L!_o4yjj~PKco+5dz-r=!tIQPdvCwDq2sP*HPV(YU>s6P#
zTqU-I{ATVKEvf9m<kf9!ff)QoW5N&X>2jcp$<rjmlOHCut>JB|=(g6d%Edmscu}P;
zq#e@u<AWmuG?E_hJ3Noo-?{~?_0R$AUY}yv9zt3>kksb}ZZs?F6zTI@#)^((&b{f5
zA70CoN@aa3>sG=Y8e;FeHTMa3gvVdL4o+@$N{L=<-n7puc%$t~(RTiwAoM;8YaU#4
z-HN4dYo~9O`Ay|Ft><Ae7P7ea9Qro4#owF_ySUHOnE--Z%{)l&8TZ)XJh11Cx6)MR
z#H^MSE6WQRmGv>`{bD|&N!C>??It?jWQjxhz`EVs_G0I_91@YR&#17T)Ahxhw7a*b
z&ABM-g!>s|I>{hsC7w>O@wh2yNG$J8DBxQqpgLH>mezXE^`WSx(j-K33;@;20fmy}
zu@T6%xImEirV)jQSOK&<yp!DUmCerp5v_|Zb_$9lX0=F|QT$X-?$Ddq#;&HV*o^*t
zdq&xwcy52vJc&o=OjG>iVSI2Ca)tpxOoe}cV1H`tQ1H=Yz1VhlBv=9=kh8Rd@CH@?
zY$BoVz~s@u?}y9PwQ?KkB!i@Acj_4gO(SsiRev;gmDt`l{FkHOs}&m;#{}b5BMj@|
zRjUy!N>;B4Wz5!F)lH~qTXCNLh(=%S_`CcF^LHb$<8i2-T;Kcqdx_4Eq=DG2;y$hP
zKLa9(+MXZXA_~Ju;UMxVpLTMc;5b{1Wl+@ueN>aoQ6VSf?Rsz>A|7RL0mzO7q~q?s
zfae;caF(#uGg4`sl}X^z7TUaUwWam2z}<RANT}s{aqs-w&(qP-dzQa3GlBJGzhT8i
zAuG`M#GfmXd3N)s*e7YBV|QOW$pr%Bi#}35lNQUv#4y||vqzlcdJ`O{!{=v~LX+Xc
z{3o>2s=Xz_xWj>6nh<;Adr}J9jEA2{8V+zjO0jv8h-4YiN#UgPY>wqOlpnVu7RgUb
zGj4Y6I(vCn1zKQwUbag{fg1HIIuF1s1-%7oiLR73Cf`WUQ&U2x^WeD5A1`uHbhJ>k
z@D(NW&l|#Ay>CzbOiAY`$Ii`529K4w+XU0!{ZOMK^dc{DO(-*8c~=t0P?|^OSl%g1
zzPaj;bUkqr{(Aen!&55H-*u&)(8vm{U-a2Ox#Nn$Z2{U>s=iv&+T$`sQ!I7D{#3Ku
zHXFpZIvb*SPQa)FWY$hcB)|}vF_C!NK1?1VBLQ2$(&M1vQfE>@-_)^1MG!BzMTr=v
zW^MIyezeon_8Byi9$Y2hdD(li=6c?{xOI6Uc6O9?c0>}qk-MJ#IGYl0y}vf?h%>8Z
zGZCHCZ|Z6?V{A)@jpip{70d@jcj&U(pZ+wq+X4^FD><Jcu!%+m<}X(deJKeum@I6|
zGt!~#BE+1s7_7!2*yF(w>_W+@_EP+&df?Ie@Q0+m((yvi=lSwMk*K;#`CsXy*jAZK
zYzvq!BLc$wtq$HgX?yY;0Q=dg)BERWQx2E!d#~TC1?;@vGf{SK4sxK-`(9f7p0eL5
zdmGRW6*h+^n8}at_JKxVD{#tzok7gm8t3XlTQyW@c66mO)w6F3IypDqGls_9oR!~p
z%xhZ-KC=YzyTwBzJMM%8xxSKkRM6d;W*)e%BU%kzmx~x7@O*|SD)T$1Hf0tEcYI;d
zht$Fr_3Pb%K@9LpBXvYNjyCB*`An;jK?E`Zk?_dh)|5mV7vHGL8FD-RdyJH{$Gh`M
zrC_g-tA*iR8rMPHYJJw#4D)0**XQK7i5L$TJG<u9*zViGgriw?3vA_TMGT;wK)k_#
zV4c4?M~JKYOnwhMe#FIO%;k)PE#ogQ=9THc<HJW|t5GKAUw{?e^CcHYvyQhGPft@a
zT+b}w9l7Iiei1U^5ILw>Yh9A0PZ($;dR}Zs(e1T&LALn2s0s6UJcWYdqy1j+(xIj=
zk0$NkDc3U|lZ_>DhmoQipSTx}_X2;NYwnO1-r`&Be=+@CV)iXQZ6Dt%)(RHiYEx5(
zWGJ09&%fBX@*1r&J42pq#~+M{?3`wtI;R+A+ds;WDKWSc39mn;I6+G%HVZ6bKT4|(
z*vXl4l5zG^);I}&6hcp-s8IKwqI}r$6o+5Fi~u)w68taL-h{5}ydU25Z*iX2zkJxs
z$N0t#Jaq)0Lmk}zK$K|e)Nb3cXH*#Z65;wde?!F2`N@nN{}ApO$H>pO%j``^MK~^q
zk1YqI$EHm!G4%{YK^KPQ8;c=UbI$C`Bdrys3(WZ{sX4oT=Gzq-DmioQcYld_$;I7Q
ze-+18?e`Gh#RE4a>E)o;!_Vu9KtSmUlNM66@h-u2RTP8Z%v2wBDmgaio*q7@?Yw`5
z7*@u`tmYvVFB#Xe6Sh6e8Xg)(7chaOC52r3)B+^c>M4fq>j->N%xd!|^jqTDX7o-@
zD^ug55$l@FOsmhRuo%P68OD%M43gm4wsP!ISf$*x7wtt<860WHd^Jk=qF7mtxjl(L
z4{e7_xh0d}BhRYlW{xj<7_)<cVj5n^=ux(_%@~-<eI*>*moo>Eao}%mu#U&=wqVXU
zLrZXd2J*D2REDEPADe$n(yudEDkn>VkS?4_rQ#UN*|KIEm-wz(aOe}awC(C!hCCg+
z%lpBg{e_5Vx8}Tmr{R+I5{K*oj()#rR=Ut8X5Y@0hg@_S#MOzhdAL!$ApaQ8oyrTW
zny(FTpuBhcxL7|aC3!=rHVmCPi~UwB;VxE97C<Fj6R&-nSadHiwfu|v0rdeZn_VmK
z;^C6-()#{YIr}GQk*)~KR87teZXk*Q!IJO6nDLD{+Oh;d0P!<mF+q`Pf-v!=C8e%i
zs&9`4xbyXSq!tnw6{b*U`?{1!HkxSh{#8AlJ3ef`-!4m1Ks|;;$DBnsOqy(|q+eZ%
zFUUx=5h8!ZY1nn}V(p3mF>q_NRhr)S`r<YAExE981DWVtz>c^gzU1K%f>JU;@G|EC
zC2nc=g6OtFI<JU^XDQsv9vFHpn)hTl^@y6vFKG|-3Gd6kCt-Xce$SiOWHNIEsp7B8
z0c|!Mo77ryuqb!Tu7S6LnK)Iqm+H~q5{o)DBA&=n<a19K(VS|s&K|XKgUESscctvB
zHf52>vJhskDO7Wp#Au?k?)2VsTNubHg;Peut$^Bz-?UgxBiL;8DgR_F8fqRYBvSO5
zlRnA0vM+S4t8J$#?X>(1qdUv$$B;&JpUWBT5jnV?CUH~vduhULn1B>Gs6TGVTRgjo
z#G}0&`S(oQxO(4x3By7zE{o2K0=aJSXl5UM!-;e7yV+=tjFZ>i`!(e(af%C0+k;t&
zlfzQ8O}sz_v%m?1>&Jm&F}H$FHcae9v9!8QHo_(KXZ9hJ(Upf0wshm_J)0L3LV1>j
zfabR}$#I!iQo_~m3%SqQm&pd1k_pu&wK~2GmEJc8JL^Ud-um&c`_aP@YnLrf7O~Tw
z^UdBKWeiuDpW^*BWW$U(kS!k7$cTr-;d8$#^bMDnfNDU+aZeFMXHK&5_6Bva{!Xy6
z(nc6SM`k4H8u6a-%&Q>E4byAlK_SR!)r_JSs?c$Y7Gq^fnaM~NX^SUSPvul?)t&?y
zYcvm*tn(1TjKScru8zn1?GGp=SqMl>sQ-O;8*oMO|91Q@d)@rchy2f)<p1vpG2o4J
Z{=W+4O0qDp|89W<pF!a3s_DPp{{ffRDUSdE

literal 0
HcmV?d00001

diff --git a/Solutions/MicrosoftDefenderForEndpoint/Package/createUiDefinition.json b/Solutions/MicrosoftDefenderForEndpoint/Package/createUiDefinition.json
index 5900e036c68..a701d735a73 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/Package/createUiDefinition.json
+++ b/Solutions/MicrosoftDefenderForEndpoint/Package/createUiDefinition.json
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/MicrosoftDefenderForEndpoint/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution.\n\nThe [Microsoft Defender for Endpoint](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide) solution for Microsoft Sentinel enables you to ingest security alerts from the Defender for Endpoint platform, integrating them into your Microsoft Sentinel Incidents queue. \r \n \r \n **Underlying Microsoft Technologies used:** \r \n \r \n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n\n a. [Codeless Connector Platform/Native Microsoft Sentinel Polling](https://docs.microsoft.com/azure/sentinel/create-codeless-connector?tabs=deploy-via-arm-template%2Cconnect-via-the-azure-portal)\n\n**Data Connectors:** 1, **Parsers:** 2, **Analytic Rules:** 1, **Hunting Queries:** 2, **Playbooks:** 22\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [Microsoft Defender for Endpoint](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide) solution for Microsoft Sentinel enables you to ingest security alerts from the Defender for Endpoint platform, integrating them into your Sentinel Incidents queue. \r \n \r \n **Underlying Microsoft Technologies used:** \r \n \r \n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n\n a. [Codeless Connector Platform/Native Sentinel Polling](https://docs.microsoft.com/azure/sentinel/create-codeless-connector?tabs=deploy-via-arm-template%2Cconnect-via-the-azure-portal)\n\n**Data Connectors:** 1, **Parsers:** 2, **Analytic Rules:** 1, **Hunting Queries:** 2, **Playbooks:** 22\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -60,7 +60,7 @@
             "name": "dataconnectors1-text",
             "type": "Microsoft.Common.TextBlock",
             "options": {
-              "text": "This solution installs the data connector for ingesting Microsoft Defender for Endpoint logs into Microsoft Sentinel, using Codeless Connector Platform and Native Microsoft Sentinel Polling. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
+              "text": "This Solution installs the data connector for MicrosoftDefenderForEndpoint. You can get MicrosoftDefenderForEndpoint custom log data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
             }
           },
           {
@@ -211,4 +211,4 @@
       "workspace": "[basics('workspace')]"
     }
   }
-}
\ No newline at end of file
+}
diff --git a/Solutions/MicrosoftDefenderForEndpoint/Package/mainTemplate.json b/Solutions/MicrosoftDefenderForEndpoint/Package/mainTemplate.json
index 035c113b772..f9cd73aaab6 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/Package/mainTemplate.json
+++ b/Solutions/MicrosoftDefenderForEndpoint/Package/mainTemplate.json
@@ -30,32 +30,26 @@
     }
   },
   "variables": {
+    "solutionId": "azuresentinel.azure-sentinel-solution-microsoftdefenderendpoint",
+    "_solutionId": "[variables('solutionId')]",
     "email": "support@microsoft.com",
     "_email": "[variables('email')]",
     "_solutionName": "MicrosoftDefenderForEndpoint",
-    "_solutionVersion": "3.0.0",
-    "solutionId": "azuresentinel.azure-sentinel-solution-microsoftdefenderendpoint",
-    "_solutionId": "[variables('solutionId')]",
+    "_solutionVersion": "3.0.1",
     "uiConfigId1": "MicrosoftDefenderAdvancedThreatProtection",
     "_uiConfigId1": "[variables('uiConfigId1')]",
     "dataConnectorContentId1": "MicrosoftDefenderAdvancedThreatProtection",
     "_dataConnectorContentId1": "[variables('dataConnectorContentId1')]",
     "dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
     "_dataConnectorId1": "[variables('dataConnectorId1')]",
-    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))),variables('dataConnectorVersion1')))]",
+    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]",
     "dataConnectorVersion1": "1.0.0",
     "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]",
-    "analyticRuleVersion1": "1.0.1",
-    "analyticRulecontentId1": "18dbdc22-b69f-4109-9e39-723d9465f45f",
-    "_analyticRulecontentId1": "[variables('analyticRulecontentId1')]",
-    "analyticRuleId1": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId1'))]",
-    "analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId1'))),variables('analyticRuleVersion1')))]",
-    "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId1'),'-', variables('analyticRuleVersion1'))))]",
     "parserName1": "AssignedIPAddress",
     "_parserName1": "[concat(parameters('workspace'),'/',variables('parserName1'))]",
     "parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), variables('parserName1'))]",
     "_parserId1": "[variables('parserId1')]",
-    "parserTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-pr-',uniquestring(variables('_parserContentId1'))),variables('parserVersion1')))]",
+    "parserTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring(variables('_parserContentId1'))))]",
     "parserVersion1": "1.0.0",
     "parserContentId1": "AssignedIPAddress-Parser",
     "_parserContentId1": "[variables('parserContentId1')]",
@@ -64,201 +58,207 @@
     "_parserName2": "[concat(parameters('workspace'),'/',variables('parserName2'))]",
     "parserId2": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), variables('parserName2'))]",
     "_parserId2": "[variables('parserId2')]",
-    "parserTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-pr-',uniquestring(variables('_parserContentId2'))),variables('parserVersion2')))]",
+    "parserTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring(variables('_parserContentId2'))))]",
     "parserVersion2": "1.0.0",
     "parserContentId2": "Devicefromip-Parser",
     "_parserContentId2": "[variables('parserContentId2')]",
     "_parsercontentProductId2": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('_parserContentId2'),'-', variables('parserVersion2'))))]",
-    "huntingQueryVersion1": "1.0.1",
-    "huntingQuerycontentId1": "c63ae777-d5e0-4113-8c9a-c2c9d3d09fcd",
-    "_huntingQuerycontentId1": "[variables('huntingQuerycontentId1')]",
-    "huntingQueryId1": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId1'))]",
-    "huntingQueryTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId1'))),variables('huntingQueryVersion1')))]",
-    "_huntingQuerycontentProductId1": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId1'),'-', variables('huntingQueryVersion1'))))]",
-    "huntingQueryVersion2": "1.0.0",
-    "huntingQuerycontentId2": "4a3073ac-7383-48a9-90a8-eb6716183a54",
-    "_huntingQuerycontentId2": "[variables('huntingQuerycontentId2')]",
-    "huntingQueryId2": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId2'))]",
-    "huntingQueryTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId2'))),variables('huntingQueryVersion2')))]",
-    "_huntingQuerycontentProductId2": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId2'),'-', variables('huntingQueryVersion2'))))]",
-    "Isolate-MDEMachine-alert-trigger": "Isolate-MDEMachine-alert-trigger",
-    "_Isolate-MDEMachine-alert-trigger": "[variables('Isolate-MDEMachine-alert-trigger')]",
+    "Isolate-MDE-Machine-entity-trigger": "Isolate-MDE-Machine-entity-trigger",
+    "_Isolate-MDE-Machine-entity-trigger": "[variables('Isolate-MDE-Machine-entity-trigger')]",
     "playbookVersion1": "1.0",
-    "playbookContentId1": "Isolate-MDEMachine-alert-trigger",
+    "playbookContentId1": "Isolate-MDE-Machine-entity-trigger",
     "_playbookContentId1": "[variables('playbookContentId1')]",
     "playbookId1": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId1'))]",
-    "playbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId1'))),variables('playbookVersion1')))]",
+    "playbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId1'))))]",
     "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
     "_playbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId1'),'-', variables('playbookVersion1'))))]",
-    "Isolate-MDEMachine-incident-trigger": "Isolate-MDEMachine-incident-trigger",
-    "_Isolate-MDEMachine-incident-trigger": "[variables('Isolate-MDEMachine-incident-trigger')]",
+    "blanks": "[replace('b', 'b', '')]",
+    "Isolate-MDEMachine-alert-trigger": "Isolate-MDEMachine-alert-trigger",
+    "_Isolate-MDEMachine-alert-trigger": "[variables('Isolate-MDEMachine-alert-trigger')]",
     "playbookVersion2": "1.0",
-    "playbookContentId2": "Isolate-MDEMachine-incident-trigger",
+    "playbookContentId2": "Isolate-MDEMachine-alert-trigger",
     "_playbookContentId2": "[variables('playbookContentId2')]",
     "playbookId2": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId2'))]",
-    "playbookTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId2'))),variables('playbookVersion2')))]",
+    "playbookTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId2'))))]",
     "_playbookcontentProductId2": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId2'),'-', variables('playbookVersion2'))))]",
-    "Restrict-MDEAppExecution-alert-trigger": "Restrict-MDEAppExecution-alert-trigger",
-    "_Restrict-MDEAppExecution-alert-trigger": "[variables('Restrict-MDEAppExecution-alert-trigger')]",
+    "Isolate-MDEMachine-incident-trigger": "Isolate-MDEMachine-incident-trigger",
+    "_Isolate-MDEMachine-incident-trigger": "[variables('Isolate-MDEMachine-incident-trigger')]",
     "playbookVersion3": "1.0",
-    "playbookContentId3": "Restrict-MDEAppExecution-alert-trigger",
+    "playbookContentId3": "Isolate-MDEMachine-incident-trigger",
     "_playbookContentId3": "[variables('playbookContentId3')]",
     "playbookId3": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId3'))]",
-    "playbookTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId3'))),variables('playbookVersion3')))]",
+    "playbookTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId3'))))]",
     "_playbookcontentProductId3": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId3'),'-', variables('playbookVersion3'))))]",
-    "Restrict-MDEAppExecution-incident-trigger": "Restrict-MDEAppExecution-incident-trigger",
-    "_Restrict-MDEAppExecution-incident-trigger": "[variables('Restrict-MDEAppExecution-incident-trigger')]",
+    "Restrict-MDEAppExecution-alert-trigger": "Restrict-MDEAppExecution-alert-trigger",
+    "_Restrict-MDEAppExecution-alert-trigger": "[variables('Restrict-MDEAppExecution-alert-trigger')]",
     "playbookVersion4": "1.0",
-    "playbookContentId4": "Restrict-MDEAppExecution-incident-trigger",
+    "playbookContentId4": "Restrict-MDEAppExecution-alert-trigger",
     "_playbookContentId4": "[variables('playbookContentId4')]",
     "playbookId4": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId4'))]",
-    "playbookTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId4'))),variables('playbookVersion4')))]",
+    "playbookTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId4'))))]",
     "_playbookcontentProductId4": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId4'),'-', variables('playbookVersion4'))))]",
-    "Restrict-MDEDomain-alert-trigger": "Restrict-MDEDomain-alert-trigger",
-    "_Restrict-MDEDomain-alert-trigger": "[variables('Restrict-MDEDomain-alert-trigger')]",
+    "Restrict-MDEAppExecution-incident-trigger": "Restrict-MDEAppExecution-incident-trigger",
+    "_Restrict-MDEAppExecution-incident-trigger": "[variables('Restrict-MDEAppExecution-incident-trigger')]",
     "playbookVersion5": "1.0",
-    "playbookContentId5": "Restrict-MDEDomain-alert-trigger",
+    "playbookContentId5": "Restrict-MDEAppExecution-incident-trigger",
     "_playbookContentId5": "[variables('playbookContentId5')]",
     "playbookId5": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId5'))]",
-    "playbookTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId5'))),variables('playbookVersion5')))]",
+    "playbookTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId5'))))]",
     "_playbookcontentProductId5": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId5'),'-', variables('playbookVersion5'))))]",
-    "Restrict-MDEDomain-incident-trigger": "Restrict-MDEDomain-incident-trigger",
-    "_Restrict-MDEDomain-incident-trigger": "[variables('Restrict-MDEDomain-incident-trigger')]",
+    "Restrict-MDEDomain-alert-trigger": "Restrict-MDEDomain-alert-trigger",
+    "_Restrict-MDEDomain-alert-trigger": "[variables('Restrict-MDEDomain-alert-trigger')]",
     "playbookVersion6": "1.0",
-    "playbookContentId6": "Restrict-MDEDomain-incident-trigger",
+    "playbookContentId6": "Restrict-MDEDomain-alert-trigger",
     "_playbookContentId6": "[variables('playbookContentId6')]",
     "playbookId6": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId6'))]",
-    "playbookTemplateSpecName6": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId6'))),variables('playbookVersion6')))]",
+    "playbookTemplateSpecName6": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId6'))))]",
     "_playbookcontentProductId6": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId6'),'-', variables('playbookVersion6'))))]",
-    "Restrict-MDEFileHash-alert-trigger": "Restrict-MDEFileHash-alert-trigger",
-    "_Restrict-MDEFileHash-alert-trigger": "[variables('Restrict-MDEFileHash-alert-trigger')]",
+    "Restrict-MDEDomain-entity-trigger": "Restrict-MDEDomain-entity-trigger",
+    "_Restrict-MDEDomain-entity-trigger": "[variables('Restrict-MDEDomain-entity-trigger')]",
     "playbookVersion7": "1.0",
-    "playbookContentId7": "Restrict-MDEFileHash-alert-trigger",
+    "playbookContentId7": "Restrict-MDEDomain-entity-trigger",
     "_playbookContentId7": "[variables('playbookContentId7')]",
     "playbookId7": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId7'))]",
-    "playbookTemplateSpecName7": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId7'))),variables('playbookVersion7')))]",
+    "playbookTemplateSpecName7": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId7'))))]",
     "_playbookcontentProductId7": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId7'),'-', variables('playbookVersion7'))))]",
-    "Restrict-MDEFileHash-incident-trigger": "Restrict-MDEFileHash-incident-trigger",
-    "_Restrict-MDEFileHash-incident-trigger": "[variables('Restrict-MDEFileHash-incident-trigger')]",
+    "Restrict-MDEDomain-incident-trigger": "Restrict-MDEDomain-incident-trigger",
+    "_Restrict-MDEDomain-incident-trigger": "[variables('Restrict-MDEDomain-incident-trigger')]",
     "playbookVersion8": "1.0",
-    "playbookContentId8": "Restrict-MDEFileHash-incident-trigger",
+    "playbookContentId8": "Restrict-MDEDomain-incident-trigger",
     "_playbookContentId8": "[variables('playbookContentId8')]",
     "playbookId8": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId8'))]",
-    "playbookTemplateSpecName8": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId8'))),variables('playbookVersion8')))]",
+    "playbookTemplateSpecName8": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId8'))))]",
     "_playbookcontentProductId8": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId8'),'-', variables('playbookVersion8'))))]",
-    "Restrict-MDEIPAddress-alert-trigger": "Restrict-MDEIPAddress-alert-trigger",
-    "_Restrict-MDEIPAddress-alert-trigger": "[variables('Restrict-MDEIPAddress-alert-trigger')]",
+    "Restrict-MDEFileHash-alert-trigger": "Restrict-MDEFileHash-alert-trigger",
+    "_Restrict-MDEFileHash-alert-trigger": "[variables('Restrict-MDEFileHash-alert-trigger')]",
     "playbookVersion9": "1.0",
-    "playbookContentId9": "Restrict-MDEIPAddress-alert-trigger",
+    "playbookContentId9": "Restrict-MDEFileHash-alert-trigger",
     "_playbookContentId9": "[variables('playbookContentId9')]",
     "playbookId9": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId9'))]",
-    "playbookTemplateSpecName9": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId9'))),variables('playbookVersion9')))]",
+    "playbookTemplateSpecName9": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId9'))))]",
     "_playbookcontentProductId9": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId9'),'-', variables('playbookVersion9'))))]",
-    "Restrict-MDEIPAddress-incident-trigger": "Restrict-MDEIPAddress-incident-trigger",
-    "_Restrict-MDEIPAddress-incident-trigger": "[variables('Restrict-MDEIPAddress-incident-trigger')]",
+    "Restrict-MDEFileHash-entity-trigger": "Restrict-MDEFileHash-entity-trigger",
+    "_Restrict-MDEFileHash-entity-trigger": "[variables('Restrict-MDEFileHash-entity-trigger')]",
     "playbookVersion10": "1.0",
-    "playbookContentId10": "Restrict-MDEIPAddress-incident-trigger",
+    "playbookContentId10": "Restrict-MDEFileHash-entity-trigger",
     "_playbookContentId10": "[variables('playbookContentId10')]",
     "playbookId10": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId10'))]",
-    "playbookTemplateSpecName10": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId10'))),variables('playbookVersion10')))]",
+    "playbookTemplateSpecName10": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId10'))))]",
     "_playbookcontentProductId10": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId10'),'-', variables('playbookVersion10'))))]",
-    "Restrict-MDEUrl-alert-trigger": "Restrict-MDEUrl-alert-trigger",
-    "_Restrict-MDEUrl-alert-trigger": "[variables('Restrict-MDEUrl-alert-trigger')]",
+    "Restrict-MDEFileHash-incident-trigger": "Restrict-MDEFileHash-incident-trigger",
+    "_Restrict-MDEFileHash-incident-trigger": "[variables('Restrict-MDEFileHash-incident-trigger')]",
     "playbookVersion11": "1.0",
-    "playbookContentId11": "Restrict-MDEUrl-alert-trigger",
+    "playbookContentId11": "Restrict-MDEFileHash-incident-trigger",
     "_playbookContentId11": "[variables('playbookContentId11')]",
     "playbookId11": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId11'))]",
-    "playbookTemplateSpecName11": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId11'))),variables('playbookVersion11')))]",
+    "playbookTemplateSpecName11": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId11'))))]",
     "_playbookcontentProductId11": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId11'),'-', variables('playbookVersion11'))))]",
-    "Restrict-MDEUrl-incident-trigger": "Restrict-MDEUrl-incident-trigger",
-    "_Restrict-MDEUrl-incident-trigger": "[variables('Restrict-MDEUrl-incident-trigger')]",
+    "Restrict-MDEIPAddress-alert-trigger": "Restrict-MDEIPAddress-alert-trigger",
+    "_Restrict-MDEIPAddress-alert-trigger": "[variables('Restrict-MDEIPAddress-alert-trigger')]",
     "playbookVersion12": "1.0",
-    "playbookContentId12": "Restrict-MDEUrl-incident-trigger",
+    "playbookContentId12": "Restrict-MDEIPAddress-alert-trigger",
     "_playbookContentId12": "[variables('playbookContentId12')]",
     "playbookId12": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId12'))]",
-    "playbookTemplateSpecName12": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId12'))),variables('playbookVersion12')))]",
+    "playbookTemplateSpecName12": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId12'))))]",
     "_playbookcontentProductId12": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId12'),'-', variables('playbookVersion12'))))]",
-    "Run-MDEAntivirus-alert-trigger": "Run-MDEAntivirus-alert-trigger",
-    "_Run-MDEAntivirus-alert-trigger": "[variables('Run-MDEAntivirus-alert-trigger')]",
+    "Restrict-MDEIPAddress-entity-trigger": "Restrict-MDEIPAddress-entity-trigger",
+    "_Restrict-MDEIPAddress-entity-trigger": "[variables('Restrict-MDEIPAddress-entity-trigger')]",
     "playbookVersion13": "1.0",
-    "playbookContentId13": "Run-MDEAntivirus-alert-trigger",
+    "playbookContentId13": "Restrict-MDEIPAddress-entity-trigger",
     "_playbookContentId13": "[variables('playbookContentId13')]",
     "playbookId13": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId13'))]",
-    "playbookTemplateSpecName13": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId13'))),variables('playbookVersion13')))]",
+    "playbookTemplateSpecName13": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId13'))))]",
     "_playbookcontentProductId13": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId13'),'-', variables('playbookVersion13'))))]",
-    "Run-MDEAntivirus-incident-trigger": "Run-MDEAntivirus-incident-trigger",
-    "_Run-MDEAntivirus-incident-trigger": "[variables('Run-MDEAntivirus-incident-trigger')]",
-    "playbookVersion14": "1.1",
-    "playbookContentId14": "Run-MDEAntivirus-incident-trigger",
+    "Restrict-MDEIPAddress-incident-trigger": "Restrict-MDEIPAddress-incident-trigger",
+    "_Restrict-MDEIPAddress-incident-trigger": "[variables('Restrict-MDEIPAddress-incident-trigger')]",
+    "playbookVersion14": "1.0",
+    "playbookContentId14": "Restrict-MDEIPAddress-incident-trigger",
     "_playbookContentId14": "[variables('playbookContentId14')]",
     "playbookId14": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId14'))]",
-    "playbookTemplateSpecName14": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId14'))),variables('playbookVersion14')))]",
+    "playbookTemplateSpecName14": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId14'))))]",
     "_playbookcontentProductId14": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId14'),'-', variables('playbookVersion14'))))]",
-    "Unisolate-MDEMachine-alert-trigger": "Unisolate-MDEMachine-alert-trigger",
-    "_Unisolate-MDEMachine-alert-trigger": "[variables('Unisolate-MDEMachine-alert-trigger')]",
+    "Restrict-MDEUrl-alert-trigger": "Restrict-MDEUrl-alert-trigger",
+    "_Restrict-MDEUrl-alert-trigger": "[variables('Restrict-MDEUrl-alert-trigger')]",
     "playbookVersion15": "1.0",
-    "playbookContentId15": "Unisolate-MDEMachine-alert-trigger",
+    "playbookContentId15": "Restrict-MDEUrl-alert-trigger",
     "_playbookContentId15": "[variables('playbookContentId15')]",
     "playbookId15": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId15'))]",
-    "playbookTemplateSpecName15": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId15'))),variables('playbookVersion15')))]",
+    "playbookTemplateSpecName15": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId15'))))]",
     "_playbookcontentProductId15": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId15'),'-', variables('playbookVersion15'))))]",
-    "Unisolate-MDEMachine-incident-trigger": "Unisolate-MDEMachine-incident-trigger",
-    "_Unisolate-MDEMachine-incident-trigger": "[variables('Unisolate-MDEMachine-incident-trigger')]",
-    "playbookVersion16": "1.1",
-    "playbookContentId16": "Unisolate-MDEMachine-incident-trigger",
+    "Restrict-MDEUrl-entity-trigger": "Restrict-MDEUrl-entity-trigger",
+    "_Restrict-MDEUrl-entity-trigger": "[variables('Restrict-MDEUrl-entity-trigger')]",
+    "playbookVersion16": "1.0",
+    "playbookContentId16": "Restrict-MDEUrl-entity-trigger",
     "_playbookContentId16": "[variables('playbookContentId16')]",
     "playbookId16": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId16'))]",
-    "playbookTemplateSpecName16": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId16'))),variables('playbookVersion16')))]",
+    "playbookTemplateSpecName16": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId16'))))]",
     "_playbookcontentProductId16": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId16'),'-', variables('playbookVersion16'))))]",
-    "Restrict-MDEDomain-entity-trigger": "Restrict-MDEDomain-entity-trigger",
-    "_Restrict-MDEDomain-entity-trigger": "[variables('Restrict-MDEDomain-entity-trigger')]",
+    "Restrict-MDEUrl-incident-trigger": "Restrict-MDEUrl-incident-trigger",
+    "_Restrict-MDEUrl-incident-trigger": "[variables('Restrict-MDEUrl-incident-trigger')]",
     "playbookVersion17": "1.0",
-    "playbookContentId17": "Restrict-MDEDomain-entity-trigger",
+    "playbookContentId17": "Restrict-MDEUrl-incident-trigger",
     "_playbookContentId17": "[variables('playbookContentId17')]",
     "playbookId17": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId17'))]",
-    "playbookTemplateSpecName17": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId17'))),variables('playbookVersion17')))]",
+    "playbookTemplateSpecName17": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId17'))))]",
     "_playbookcontentProductId17": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId17'),'-', variables('playbookVersion17'))))]",
-    "blanks": "[replace('b', 'b', '')]",
-    "Restrict-MDEFileHash-entity-trigger": "Restrict-MDEFileHash-entity-trigger",
-    "_Restrict-MDEFileHash-entity-trigger": "[variables('Restrict-MDEFileHash-entity-trigger')]",
+    "Run-MDEAntivirus-alert-trigger": "Run-MDEAntivirus-alert-trigger",
+    "_Run-MDEAntivirus-alert-trigger": "[variables('Run-MDEAntivirus-alert-trigger')]",
     "playbookVersion18": "1.0",
-    "playbookContentId18": "Restrict-MDEFileHash-entity-trigger",
+    "playbookContentId18": "Run-MDEAntivirus-alert-trigger",
     "_playbookContentId18": "[variables('playbookContentId18')]",
     "playbookId18": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId18'))]",
-    "playbookTemplateSpecName18": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId18'))),variables('playbookVersion18')))]",
+    "playbookTemplateSpecName18": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId18'))))]",
     "_playbookcontentProductId18": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId18'),'-', variables('playbookVersion18'))))]",
-    "Restrict-MDEIPAddress-entity-trigger": "Restrict-MDEIPAddress-entity-trigger",
-    "_Restrict-MDEIPAddress-entity-trigger": "[variables('Restrict-MDEIPAddress-entity-trigger')]",
-    "playbookVersion19": "1.0",
-    "playbookContentId19": "Restrict-MDEIPAddress-entity-trigger",
+    "Run-MDEAntivirus-incident-trigger": "Run-MDEAntivirus-incident-trigger",
+    "_Run-MDEAntivirus-incident-trigger": "[variables('Run-MDEAntivirus-incident-trigger')]",
+    "playbookVersion19": "1.1",
+    "playbookContentId19": "Run-MDEAntivirus-incident-trigger",
     "_playbookContentId19": "[variables('playbookContentId19')]",
     "playbookId19": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId19'))]",
-    "playbookTemplateSpecName19": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId19'))),variables('playbookVersion19')))]",
+    "playbookTemplateSpecName19": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId19'))))]",
     "_playbookcontentProductId19": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId19'),'-', variables('playbookVersion19'))))]",
-    "Restrict-MDEUrl-entity-trigger": "Restrict-MDEUrl-entity-trigger",
-    "_Restrict-MDEUrl-entity-trigger": "[variables('Restrict-MDEUrl-entity-trigger')]",
+    "Unisolate-MDE-Machine-entity-trigger": "Unisolate-MDE-Machine-entity-trigger",
+    "_Unisolate-MDE-Machine-entity-trigger": "[variables('Unisolate-MDE-Machine-entity-trigger')]",
     "playbookVersion20": "1.0",
-    "playbookContentId20": "Restrict-MDEUrl-entity-trigger",
+    "playbookContentId20": "Unisolate-MDE-Machine-entity-trigger",
     "_playbookContentId20": "[variables('playbookContentId20')]",
     "playbookId20": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId20'))]",
-    "playbookTemplateSpecName20": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId20'))),variables('playbookVersion20')))]",
+    "playbookTemplateSpecName20": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId20'))))]",
     "_playbookcontentProductId20": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId20'),'-', variables('playbookVersion20'))))]",
-    "Isolate-MDE-Machine-entity-trigger": "Isolate-MDE-Machine-entity-trigger",
-    "_Isolate-MDE-Machine-entity-trigger": "[variables('Isolate-MDE-Machine-entity-trigger')]",
+    "Unisolate-MDEMachine-alert-trigger": "Unisolate-MDEMachine-alert-trigger",
+    "_Unisolate-MDEMachine-alert-trigger": "[variables('Unisolate-MDEMachine-alert-trigger')]",
     "playbookVersion21": "1.0",
-    "playbookContentId21": "Isolate-MDE-Machine-entity-trigger",
+    "playbookContentId21": "Unisolate-MDEMachine-alert-trigger",
     "_playbookContentId21": "[variables('playbookContentId21')]",
     "playbookId21": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId21'))]",
-    "playbookTemplateSpecName21": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId21'))),variables('playbookVersion21')))]",
+    "playbookTemplateSpecName21": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId21'))))]",
     "_playbookcontentProductId21": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId21'),'-', variables('playbookVersion21'))))]",
-    "Unisolate-MDE-Machine-entity-trigger": "Unisolate-MDE-Machine-entity-trigger",
-    "_Unisolate-MDE-Machine-entity-trigger": "[variables('Unisolate-MDE-Machine-entity-trigger')]",
-    "playbookVersion22": "1.0",
-    "playbookContentId22": "Unisolate-MDE-Machine-entity-trigger",
+    "Unisolate-MDEMachine-incident-trigger": "Unisolate-MDEMachine-incident-trigger",
+    "_Unisolate-MDEMachine-incident-trigger": "[variables('Unisolate-MDEMachine-incident-trigger')]",
+    "playbookVersion22": "1.1",
+    "playbookContentId22": "Unisolate-MDEMachine-incident-trigger",
     "_playbookContentId22": "[variables('playbookContentId22')]",
     "playbookId22": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId22'))]",
-    "playbookTemplateSpecName22": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId22'))),variables('playbookVersion22')))]",
+    "playbookTemplateSpecName22": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId22'))))]",
     "_playbookcontentProductId22": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId22'),'-', variables('playbookVersion22'))))]",
+    "analyticRuleVersion1": "1.0.1",
+    "analyticRulecontentId1": "18dbdc22-b69f-4109-9e39-723d9465f45f",
+    "_analyticRulecontentId1": "[variables('analyticRulecontentId1')]",
+    "analyticRuleId1": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId1'))]",
+    "analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId1'))))]",
+    "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId1'),'-', variables('analyticRuleVersion1'))))]",
+    "huntingQueryVersion1": "1.0.2",
+    "huntingQuerycontentId1": "c63ae777-d5e0-4113-8c9a-c2c9d3d09fcd",
+    "_huntingQuerycontentId1": "[variables('huntingQuerycontentId1')]",
+    "huntingQueryId1": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId1'))]",
+    "huntingQueryTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId1'))))]",
+    "_huntingQuerycontentProductId1": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId1'),'-', variables('huntingQueryVersion1'))))]",
+    "huntingQueryVersion2": "1.0.1",
+    "huntingQuerycontentId2": "4a3073ac-7383-48a9-90a8-eb6716183a54",
+    "_huntingQuerycontentId2": "[variables('huntingQuerycontentId2')]",
+    "huntingQueryId2": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId2'))]",
+    "huntingQueryTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId2'))))]",
+    "_huntingQuerycontentProductId2": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId2'),'-', variables('huntingQueryVersion2'))))]",
     "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
   },
   "resources": [
@@ -271,7 +271,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "MicrosoftDefenderForEndpoint data connector with template version 3.0.0",
+        "description": "MicrosoftDefenderForEndpoint data connector with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('dataConnectorVersion1')]",
@@ -421,132 +421,6 @@
         }
       }
     },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('analyticRuleTemplateSpecName1')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "AquaBlizzardAVHits_AnalyticalRules Analytics Rule with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('analyticRuleVersion1')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('analyticRulecontentId1')]",
-              "apiVersion": "2022-04-01-preview",
-              "kind": "Scheduled",
-              "location": "[parameters('workspace-location')]",
-              "properties": {
-                "description": "Identifies a match in the Security Alert table for MDATP hits related to the Aqua Blizzard actor",
-                "displayName": "Aqua Blizzard AV hits - Feb 2022",
-                "enabled": false,
-                "query": "let iocs = externaldata(DateAdded:string,IoC:string,Type:string) [@\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample%20Data/Feeds/ActiniumIOC.csv\"] with (format=\"csv\", ignoreFirstRecord=True);\nlet AVHits = (iocs | where Type =~ \"AVDetection\"| project IoC);\nSecurityAlert\n| where ProviderName == 'MDATP'\n| extend ThreatName_ = tostring(parse_json(ExtendedProperties).ThreatName)\n| where ThreatName_ has_any (AVHits)\n| extend Directory = tostring(parse_json(Entities)[0].Directory), SHA256 = tostring(parse_json(tostring(parse_json(Entities)[0].FileHashes))[2].Value), FileName = tostring(parse_json(Entities)[0].Name), Hostname = tostring(parse_json(Entities)[6].FQDN)| extend AccountName = tostring(parse_json(tostring(parse_json(Entities)[6].LoggedOnUsers))[0].AccountName)\n| project TimeGenerated, AlertName, ThreatName_, ProviderName, AlertSeverity, Description, RemediationSteps, ExtendedProperties, Entities, FileName,SHA256, Directory, Hostname, AccountName\n| extend timestamp = TimeGenerated, HostCustomEntity = Hostname , AccountCustomEntity = AccountName,  FileHashCustomEntity = SHA256, FileHashType = \"SHA256\"\n",
-                "queryFrequency": "PT6H",
-                "queryPeriod": "PT6H",
-                "severity": "High",
-                "suppressionDuration": "PT1H",
-                "suppressionEnabled": false,
-                "triggerOperator": "GreaterThan",
-                "triggerThreshold": 0,
-                "status": "Available",
-                "requiredDataConnectors": [
-                  {
-                    "connectorId": "MicrosoftDefenderAdvancedThreatProtection",
-                    "dataTypes": [
-                      "SecurityAlert (MDATP)"
-                    ]
-                  }
-                ],
-                "tactics": [
-                  "Persistence"
-                ],
-                "techniques": [
-                  "T1137"
-                ],
-                "entityMappings": [
-                  {
-                    "fieldMappings": [
-                      {
-                        "columnName": "AccountCustomEntity",
-                        "identifier": "FullName"
-                      }
-                    ],
-                    "entityType": "Account"
-                  },
-                  {
-                    "fieldMappings": [
-                      {
-                        "columnName": "HostCustomEntity",
-                        "identifier": "FullName"
-                      }
-                    ],
-                    "entityType": "Host"
-                  },
-                  {
-                    "fieldMappings": [
-                      {
-                        "columnName": "FileHashType",
-                        "identifier": "Algorithm"
-                      },
-                      {
-                        "columnName": "FileHashCustomEntity",
-                        "identifier": "Value"
-                      }
-                    ],
-                    "entityType": "FileHash"
-                  }
-                ]
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId1'),'/'))))]",
-              "properties": {
-                "description": "MicrosoftDefenderForEndpoint Analytics Rule 1",
-                "parentId": "[variables('analyticRuleId1')]",
-                "contentId": "[variables('_analyticRulecontentId1')]",
-                "kind": "AnalyticsRule",
-                "version": "[variables('analyticRuleVersion1')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "MicrosoftDefenderForEndpoint",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "Microsoft Corporation",
-                  "email": "support@microsoft.com",
-                  "tier": "Microsoft",
-                  "link": "https://support.microsoft.com"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_analyticRulecontentId1')]",
-        "contentKind": "AnalyticsRule",
-        "displayName": "Aqua Blizzard AV hits - Feb 2022",
-        "contentProductId": "[variables('_analyticRulecontentProductId1')]",
-        "id": "[variables('_analyticRulecontentProductId1')]",
-        "version": "[variables('analyticRuleVersion1')]"
-      }
-    },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
@@ -556,7 +430,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "AssignedIPAddress Data Parser with template version 3.0.0",
+        "description": "AssignedIPAddress Data Parser with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('parserVersion1')]",
@@ -573,7 +447,7 @@
                 "displayName": "AssignedIPAddress",
                 "category": "Samples",
                 "functionAlias": "AssignedIPAddress",
-                "query": "\nlet AssignedIPAddresses = (Device:string, Timestamp:datetime = datetime(null))\r\n{\r\nlet t = coalesce(Timestamp, now());\r\nlet adapters = materialize(\r\n    DeviceNetworkInfo \r\n    | where Timestamp between(max_of(t - 1d, ago(30d)) .. t)\r\n    | where DeviceId == Device or DeviceName == Device\r\n    | top 500 by Timestamp);\r\nlet lastReportId = tolong(toscalar(adapters | summarize arg_max(Timestamp, ReportId) | project ReportId));\r\nadapters | where ReportId == lastReportId\r\n| project Timestamp, NetworkAdapterType, IpAddresses = todynamic(tostring(IPAddresses)), ConnectedNetworks\r\n| mv-expand IpAddresses\r\n| project Timestamp, IPAddress = tostring(IpAddresses.IPAddress), IPType = tostring(IpAddresses.AddressType), NetworkAdapterType, ConnectedNetworks\r\n};\r\n",
+                "query": "\nlet AssignedIPAddresses = (Device:string, Timestamp:datetime = datetime(null))\n{\nlet t = coalesce(Timestamp, now());\nlet adapters = materialize(\n    DeviceNetworkInfo \n    | where Timestamp between(max_of(t - 1d, ago(30d)) .. t)\n    | where DeviceId == Device or DeviceName == Device\n    | top 500 by Timestamp);\nlet lastReportId = tolong(toscalar(adapters | summarize arg_max(Timestamp, ReportId) | project ReportId));\nadapters | where ReportId == lastReportId\n| project Timestamp, NetworkAdapterType, IpAddresses = todynamic(tostring(IPAddresses)), ConnectedNetworks\n| mv-expand IpAddresses\n| project Timestamp, IPAddress = tostring(IpAddresses.IPAddress), IPType = tostring(IpAddresses.AddressType), NetworkAdapterType, ConnectedNetworks\n};\n",
                 "functionParameters": "",
                 "version": 1,
                 "tags": [
@@ -589,7 +463,7 @@
               "apiVersion": "2022-01-01-preview",
               "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('_parserId1'),'/'))))]",
               "dependsOn": [
-                "[variables('_parserName1')]"
+                "[variables('_parserId1')]"
               ],
               "properties": {
                 "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), variables('parserName1'))]",
@@ -638,7 +512,7 @@
         "displayName": "AssignedIPAddress",
         "category": "Samples",
         "functionAlias": "AssignedIPAddress",
-        "query": "\nlet AssignedIPAddresses = (Device:string, Timestamp:datetime = datetime(null))\r\n{\r\nlet t = coalesce(Timestamp, now());\r\nlet adapters = materialize(\r\n    DeviceNetworkInfo \r\n    | where Timestamp between(max_of(t - 1d, ago(30d)) .. t)\r\n    | where DeviceId == Device or DeviceName == Device\r\n    | top 500 by Timestamp);\r\nlet lastReportId = tolong(toscalar(adapters | summarize arg_max(Timestamp, ReportId) | project ReportId));\r\nadapters | where ReportId == lastReportId\r\n| project Timestamp, NetworkAdapterType, IpAddresses = todynamic(tostring(IPAddresses)), ConnectedNetworks\r\n| mv-expand IpAddresses\r\n| project Timestamp, IPAddress = tostring(IpAddresses.IPAddress), IPType = tostring(IpAddresses.AddressType), NetworkAdapterType, ConnectedNetworks\r\n};\r\n",
+        "query": "\nlet AssignedIPAddresses = (Device:string, Timestamp:datetime = datetime(null))\n{\nlet t = coalesce(Timestamp, now());\nlet adapters = materialize(\n    DeviceNetworkInfo \n    | where Timestamp between(max_of(t - 1d, ago(30d)) .. t)\n    | where DeviceId == Device or DeviceName == Device\n    | top 500 by Timestamp);\nlet lastReportId = tolong(toscalar(adapters | summarize arg_max(Timestamp, ReportId) | project ReportId));\nadapters | where ReportId == lastReportId\n| project Timestamp, NetworkAdapterType, IpAddresses = todynamic(tostring(IPAddresses)), ConnectedNetworks\n| mv-expand IpAddresses\n| project Timestamp, IPAddress = tostring(IpAddresses.IPAddress), IPType = tostring(IpAddresses.AddressType), NetworkAdapterType, ConnectedNetworks\n};\n",
         "functionParameters": "",
         "version": 1,
         "tags": [
@@ -688,7 +562,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Devicefromip Data Parser with template version 3.0.0",
+        "description": "Devicefromip Data Parser with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('parserVersion2')]",
@@ -705,7 +579,7 @@
                 "displayName": "Devicefromip",
                 "category": "Samples",
                 "functionAlias": "Devicefromip",
-                "query": "\nlet DeviceFromIP2 = (T:(IP:string), Timestamp:datetime = datetime(null))\r\n{\r\nlet t = coalesce(Timestamp, now());\r\nlet lastReportIds = DeviceNetworkInfo \r\n    | where Timestamp between(max_of(t - 1d, ago(30d)) .. t)\r\n    | summarize arg_max(Timestamp, ReportId) by DeviceId;\r\nlet adapters = DeviceNetworkInfo\r\n    | where Timestamp between(max_of(t - 1d, ago(30d)) .. t)\r\n    | lookup kind = inner lastReportIds on ReportId, DeviceId\r\n    | mv-expand todynamic(IPAddresses)\r\n    | project DeviceId, IP = tostring(IPAddresses.IPAddress);\r\nT | join adapters on IP | project-away IP1\r\n};\r\n",
+                "query": "\nlet DeviceFromIP2 = (T:(IP:string), Timestamp:datetime = datetime(null))\n{\nlet t = coalesce(Timestamp, now());\nlet lastReportIds = DeviceNetworkInfo \n    | where Timestamp between(max_of(t - 1d, ago(30d)) .. t)\n    | summarize arg_max(Timestamp, ReportId) by DeviceId;\nlet adapters = DeviceNetworkInfo\n    | where Timestamp between(max_of(t - 1d, ago(30d)) .. t)\n    | lookup kind = inner lastReportIds on ReportId, DeviceId\n    | mv-expand todynamic(IPAddresses)\n    | project DeviceId, IP = tostring(IPAddresses.IPAddress);\nT | join adapters on IP | project-away IP1\n};\n",
                 "functionParameters": "",
                 "version": 1,
                 "tags": [
@@ -721,7 +595,7 @@
               "apiVersion": "2022-01-01-preview",
               "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Parser-', last(split(variables('_parserId2'),'/'))))]",
               "dependsOn": [
-                "[variables('_parserName2')]"
+                "[variables('_parserId2')]"
               ],
               "properties": {
                 "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), variables('parserName2'))]",
@@ -770,7 +644,7 @@
         "displayName": "Devicefromip",
         "category": "Samples",
         "functionAlias": "Devicefromip",
-        "query": "\nlet DeviceFromIP2 = (T:(IP:string), Timestamp:datetime = datetime(null))\r\n{\r\nlet t = coalesce(Timestamp, now());\r\nlet lastReportIds = DeviceNetworkInfo \r\n    | where Timestamp between(max_of(t - 1d, ago(30d)) .. t)\r\n    | summarize arg_max(Timestamp, ReportId) by DeviceId;\r\nlet adapters = DeviceNetworkInfo\r\n    | where Timestamp between(max_of(t - 1d, ago(30d)) .. t)\r\n    | lookup kind = inner lastReportIds on ReportId, DeviceId\r\n    | mv-expand todynamic(IPAddresses)\r\n    | project DeviceId, IP = tostring(IPAddresses.IPAddress);\r\nT | join adapters on IP | project-away IP1\r\n};\r\n",
+        "query": "\nlet DeviceFromIP2 = (T:(IP:string), Timestamp:datetime = datetime(null))\n{\nlet t = coalesce(Timestamp, now());\nlet lastReportIds = DeviceNetworkInfo \n    | where Timestamp between(max_of(t - 1d, ago(30d)) .. t)\n    | summarize arg_max(Timestamp, ReportId) by DeviceId;\nlet adapters = DeviceNetworkInfo\n    | where Timestamp between(max_of(t - 1d, ago(30d)) .. t)\n    | lookup kind = inner lastReportIds on ReportId, DeviceId\n    | mv-expand todynamic(IPAddresses)\n    | project DeviceId, IP = tostring(IPAddresses.IPAddress);\nT | join adapters on IP | project-away IP1\n};\n",
         "functionParameters": "",
         "version": 1,
         "tags": [
@@ -814,56 +688,200 @@
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryTemplateSpecName1')]",
+      "name": "[variables('playbookTemplateSpecName1')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "MDE_Usage_HuntingQueries Hunting Query with template version 3.0.0",
+        "description": "Isolate-MDE-Machine-entityTrigger Playbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryVersion1')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "type": "Microsoft.OperationalInsights/savedSearches",
-              "apiVersion": "2022-10-01",
-              "name": "MicrosoftDefenderForEndpoint_Hunting_Query_1",
-              "location": "[parameters('workspace-location')]",
-              "properties": {
-                "eTag": "*",
-                "displayName": "Probable AdFind Recon Tool Usage",
-                "category": "Hunting Queries",
-                "query": "\nlet args = dynamic([\"objectcategory\",\"domainlist\",\"dcmodes\",\"adinfo\",\"trustdmp\",\"computers_pwdnotreqd\",\"Domain Admins\", \"objectcategory=person\", \"objectcategory=computer\", \"objectcategory=*\",\"dclist\"]);\nlet parentProcesses = dynamic([\"pwsh.exe\",\"powershell.exe\",\"cmd.exe\"]);\nDeviceProcessEvents\n//looks for execution from a shell\n| where InitiatingProcessFileName in (parentProcesses)\n// main filter\n| where FileName =~ \"AdFind.exe\" or SHA256 == \"c92c158d7c37fea795114fa6491fe5f145ad2f8c08776b18ae79db811e8e36a3\"\n   // AdFind common Flags to check for from various threat actor TTPs\n    or ProcessCommandLine has_any (args)\n| extend AccountCustomEntity = AccountName, HostCustomEntity = DeviceName, ProcessCustomEntity = InitiatingProcessFileName, CommandLineCustomEntity = ProcessCommandLine, AlgorithmCustomEntity = \"SHA256\", FileHashCustomEntity = SHA256\n",
-                "version": 2,
-                "tags": [
-                  {
-                    "name": "description",
-                    "value": "Identifies the host and account that executed AdFind by hash and filename in addition to common and unique flags that are used by many threat actors in discovery."
+          "contentVersion": "[variables('playbookVersion1')]",
+          "parameters": {
+            "PlaybookName": {
+              "defaultValue": "Isolate-MDE-Machine-entityTrigger",
+              "type": "string"
+            }
+          },
+          "variables": {
+            "MicrosoftSentinelConnectionName": "[[concat('MicrosoftSentinel-', parameters('PlaybookName'))]",
+            "WdatpConnectionName": "[[concat('Wdatp-', parameters('PlaybookName'))]",
+            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
+            "_connection-2": "[[variables('connection-2')]",
+            "connection-3": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Wdatp')]",
+            "_connection-3": "[[variables('connection-3')]",
+            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
+            "workspace-name": "[parameters('workspace')]",
+            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
+          },
+          "resources": [
+            {
+              "properties": {
+                "provisioningState": "Succeeded",
+                "state": "Enabled",
+                "definition": {
+                  "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
+                  "contentVersion": "1.0.0.0",
+                  "parameters": {
+                    "$connections": {
+                      "type": "Object"
+                    }
                   },
-                  {
-                    "name": "tactics",
-                    "value": "Discovery"
+                  "triggers": {
+                    "Microsoft_Sentinel_entity": {
+                      "type": "ApiConnectionWebhook",
+                      "inputs": {
+                        "body": {
+                          "callback_url": "@{listCallbackUrl()}"
+                        },
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['microsoftsentinel']['connectionId']"
+                          }
+                        },
+                        "path": "/entity/@{encodeURIComponent('Host')}"
+                      }
+                    }
                   },
-                  {
-                    "name": "techniques",
-                    "value": "T1018"
+                  "actions": {
+                    "Actions_-_Isolate_machine": {
+                      "type": "ApiConnection",
+                      "inputs": {
+                        "body": {
+                          "Comment": "Host is isolated from Microsoft Sentinel using playbook Isolate-MDE-machine-entityTrigger.",
+                          "IsolationType": "Full"
+                        },
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['wdatp']['connectionId']"
+                          }
+                        },
+                        "method": "post",
+                        "path": "/api/machines/@{encodeURIComponent(triggerBody()?['entity']?['properties']?['additionalData']?['MdatpDeviceId'])}/isolate"
+                      }
+                    },
+                    "Condition": {
+                      "actions": {
+                        "Add_comment_to_incident_(V3)_-_device_isolated": {
+                          "type": "ApiConnection",
+                          "inputs": {
+                            "body": {
+                              "incidentArmId": "@triggerBody()?['IncidentArmID']",
+                              "message": "<p>Host - @{triggerBody()?['Entity']?['properties']?['HostName']} - is succesfully isolated!</p>"
+                            },
+                            "host": {
+                              "connection": {
+                                "name": "@parameters('$connections')['microsoftsentinel']['connectionId']"
+                              }
+                            },
+                            "method": "post",
+                            "path": "/Incidents/Comment"
+                          }
+                        }
+                      },
+                      "runAfter": {
+                        "Actions_-_Isolate_machine": [
+                          "Succeeded"
+                        ]
+                      },
+                      "expression": {
+                        "and": [
+                          {
+                            "not": {
+                              "equals": [
+                                "@triggerBody()?['IncidentArmID']",
+                                "@null"
+                              ]
+                            }
+                          }
+                        ]
+                      },
+                      "type": "If"
+                    }
                   }
-                ]
+                },
+                "parameters": {
+                  "$connections": {
+                    "value": {
+                      "microsoftsentinel": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
+                        "connectionName": "[[variables('MicrosoftSentinelConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
+                        "connectionProperties": {
+                          "authentication": {
+                            "type": "ManagedServiceIdentity"
+                          }
+                        }
+                      },
+                      "wdatp": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('WdatpConnectionName'))]",
+                        "connectionName": "[[variables('WdatpConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Wdatp')]",
+                        "connectionProperties": {
+                          "authentication": {
+                            "type": "ManagedServiceIdentity"
+                          }
+                        }
+                      }
+                    }
+                  }
+                }
+              },
+              "name": "[[parameters('PlaybookName')]",
+              "type": "Microsoft.Logic/workflows",
+              "location": "[[variables('workspace-location-inline')]",
+              "tags": {
+                "hidden-SentinelTemplateName": "Isolate-MDE-Machine-entityTrigger",
+                "hidden-SentinelTemplateVersion": "1.0",
+                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
+              },
+              "identity": {
+                "type": "SystemAssigned"
+              },
+              "apiVersion": "2017-07-01",
+              "dependsOn": [
+                "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
+                "[[resourceId('Microsoft.Web/connections', variables('WdatpConnectionName'))]"
+              ]
+            },
+            {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('MicrosoftSentinelConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
+              "properties": {
+                "displayName": "[[variables('MicrosoftSentinelConnectionName')]",
+                "parameterValueType": "Alternative",
+                "api": {
+                  "id": "[[variables('_connection-2')]"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('WdatpConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
+              "properties": {
+                "displayName": "[[variables('WdatpConnectionName')]",
+                "parameterValueType": "Alternative",
+                "api": {
+                  "id": "[[variables('_connection-3')]"
+                }
               }
             },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId1'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId1'),'/'))))]",
               "properties": {
-                "description": "MicrosoftDefenderForEndpoint Hunting Query 1",
-                "parentId": "[variables('huntingQueryId1')]",
-                "contentId": "[variables('_huntingQuerycontentId1')]",
-                "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryVersion1')]",
+                "parentId": "[variables('playbookId1')]",
+                "contentId": "[variables('_playbookContentId1')]",
+                "kind": "Playbook",
+                "version": "[variables('playbookVersion1')]",
                 "source": {
                   "kind": "Solution",
                   "name": "MicrosoftDefenderForEndpoint",
@@ -881,139 +899,77 @@
                 }
               }
             }
-          ]
+          ],
+          "metadata": {
+            "title": "Isolate MDE Machine using entity trigger",
+            "description": "This playbook will isolate Microsoft Defender for Endpoint (MDE) device using entity trigger.",
+            "postDeployment": [
+              "1. Add Microsoft Sentinel Responder role to the managed identity.",
+              "2. Assign Machine.Isolate API permissions to the managed identity."
+            ],
+            "lastUpdateTime": "2022-12-22T00:00:00Z",
+            "tags": [
+              "Host"
+            ],
+            "releaseNotes": {
+              "version": "1.0",
+              "title": "[variables('blanks')]",
+              "notes": [
+                "Initial version"
+              ]
+            }
+          }
         },
         "packageKind": "Solution",
         "packageVersion": "[variables('_solutionVersion')]",
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_huntingQuerycontentId1')]",
-        "contentKind": "HuntingQuery",
-        "displayName": "Probable AdFind Recon Tool Usage",
-        "contentProductId": "[variables('_huntingQuerycontentProductId1')]",
-        "id": "[variables('_huntingQuerycontentProductId1')]",
-        "version": "[variables('huntingQueryVersion1')]"
+        "contentId": "[variables('_playbookContentId1')]",
+        "contentKind": "Playbook",
+        "displayName": "Isolate-MDE-Machine-entityTrigger",
+        "contentProductId": "[variables('_playbookcontentProductId1')]",
+        "id": "[variables('_playbookcontentProductId1')]",
+        "version": "[variables('playbookVersion1')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryTemplateSpecName2')]",
+      "name": "[variables('playbookTemplateSpecName2')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "MDE_Process-IOCs_HuntingQueries Hunting Query with template version 3.0.0",
+        "description": "Isolate-MDEMachine Playbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryVersion2')]",
-          "parameters": {},
-          "variables": {},
+          "contentVersion": "[variables('playbookVersion2')]",
+          "parameters": {
+            "PlaybookName": {
+              "defaultValue": "Isolate-MDEMachine",
+              "type": "string"
+            }
+          },
+          "variables": {
+            "AzureSentinelConnectionName": "[[concat('azuresentinel-', parameters('PlaybookName'))]",
+            "MDATPConnectionName": "[[concat('wdatp-', parameters('PlaybookName'))]",
+            "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
+            "_connection-1": "[[variables('connection-1')]",
+            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/wdatp')]",
+            "_connection-2": "[[variables('connection-2')]",
+            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
+            "workspace-name": "[parameters('workspace')]",
+            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
+          },
           "resources": [
             {
-              "type": "Microsoft.OperationalInsights/savedSearches",
-              "apiVersion": "2022-10-01",
-              "name": "MicrosoftDefenderForEndpoint_Hunting_Query_2",
-              "location": "[parameters('workspace-location')]",
-              "properties": {
-                "eTag": "*",
-                "displayName": "SUNBURST suspicious SolarWinds child processes",
-                "category": "Hunting Queries",
-                "query": "\nlet excludeProcs = dynamic([@\"\\SolarWinds\\Orion\\APM\\APMServiceControl.exe\", @\"\\SolarWinds\\Orion\\ExportToPDFCmd.Exe\", @\"\\SolarWinds.Credentials\\SolarWinds.Credentials.Orion.WebApi.exe\", @\"\\SolarWinds\\Orion\\Topology\\SolarWinds.Orion.Topology.Calculator.exe\", @\"\\SolarWinds\\Orion\\Database-Maint.exe\", @\"\\SolarWinds.Orion.ApiPoller.Service\\SolarWinds.Orion.ApiPoller.Service.exe\", @\"\\Windows\\SysWOW64\\WerFault.exe\"]);\nDeviceProcessEvents\n| where InitiatingProcessFileName =~ \"solarwinds.businesslayerhost.exe\"\n| where not(FolderPath has_any (excludeProcs))\n| extend\n    timestamp = TimeGenerated,\n    AccountCustomEntity = iff(isnotempty(InitiatingProcessAccountUpn), InitiatingProcessAccountUpn, InitiatingProcessAccountName),\n    HostCustomEntity = DeviceName,\n    FileHashCustomEntity = MD5\n",
-                "version": 2,
-                "tags": [
-                  {
-                    "name": "description",
-                    "value": "Identifies suspicious child processes of SolarWinds.Orion.Core.BusinessLayer.dll that may be evidence of the SUNBURST backdoor"
-                  },
-                  {
-                    "name": "tactics",
-                    "value": "Execution,Persistence"
-                  }
-                ]
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId2'),'/'))))]",
-              "properties": {
-                "description": "MicrosoftDefenderForEndpoint Hunting Query 2",
-                "parentId": "[variables('huntingQueryId2')]",
-                "contentId": "[variables('_huntingQuerycontentId2')]",
-                "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryVersion2')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "MicrosoftDefenderForEndpoint",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "Microsoft Corporation",
-                  "email": "support@microsoft.com",
-                  "tier": "Microsoft",
-                  "link": "https://support.microsoft.com"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_huntingQuerycontentId2')]",
-        "contentKind": "HuntingQuery",
-        "displayName": "SUNBURST suspicious SolarWinds child processes",
-        "contentProductId": "[variables('_huntingQuerycontentProductId2')]",
-        "id": "[variables('_huntingQuerycontentProductId2')]",
-        "version": "[variables('huntingQueryVersion2')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName1')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "Isolate-MDEMachine Playbook with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion1')]",
-          "parameters": {
-            "PlaybookName": {
-              "defaultValue": "Isolate-MDEMachine",
-              "type": "string"
-            }
-          },
-          "variables": {
-            "AzureSentinelConnectionName": "[[concat('azuresentinel-', parameters('PlaybookName'))]",
-            "MDATPConnectionName": "[[concat('wdatp-', parameters('PlaybookName'))]",
-            "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
-            "_connection-1": "[[variables('connection-1')]",
-            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/wdatp')]",
-            "_connection-2": "[[variables('connection-2')]",
-            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
-            "workspace-name": "[parameters('workspace')]",
-            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
-          },
-          "resources": [
-            {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('AzureSentinelConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "kind": "V1",
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('AzureSentinelConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
               "properties": {
                 "displayName": "[[parameters('PlaybookName')]",
                 "parameterValueType": "Alternative",
@@ -1229,12 +1185,12 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId1'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId2'),'/'))))]",
               "properties": {
-                "parentId": "[variables('playbookId1')]",
-                "contentId": "[variables('_playbookContentId1')]",
+                "parentId": "[variables('playbookId2')]",
+                "contentId": "[variables('_playbookContentId2')]",
                 "kind": "Playbook",
-                "version": "[variables('playbookVersion1')]",
+                "version": "[variables('playbookVersion2')]",
                 "source": {
                   "kind": "Solution",
                   "name": "MicrosoftDefenderForEndpoint",
@@ -1282,27 +1238,27 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId1')]",
+        "contentId": "[variables('_playbookContentId2')]",
         "contentKind": "Playbook",
         "displayName": "Isolate-MDEMachine",
-        "contentProductId": "[variables('_playbookcontentProductId1')]",
-        "id": "[variables('_playbookcontentProductId1')]",
-        "version": "[variables('playbookVersion1')]"
+        "contentProductId": "[variables('_playbookcontentProductId2')]",
+        "id": "[variables('_playbookcontentProductId2')]",
+        "version": "[variables('playbookVersion2')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName2')]",
+      "name": "[variables('playbookTemplateSpecName3')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Isolate-MDEMachine Playbook with template version 3.0.0",
+        "description": "Isolate-MDEMachine Playbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion2')]",
+          "contentVersion": "[variables('playbookVersion3')]",
           "parameters": {
             "PlaybookName": {
               "defaultValue": "Isolate-MDEMachine",
@@ -1525,12 +1481,12 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId2'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId3'),'/'))))]",
               "properties": {
-                "parentId": "[variables('playbookId2')]",
-                "contentId": "[variables('_playbookContentId2')]",
+                "parentId": "[variables('playbookId3')]",
+                "contentId": "[variables('_playbookContentId3')]",
                 "kind": "Playbook",
-                "version": "[variables('playbookVersion2')]",
+                "version": "[variables('playbookVersion3')]",
                 "source": {
                   "kind": "Solution",
                   "name": "MicrosoftDefenderForEndpoint",
@@ -1578,27 +1534,27 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId2')]",
+        "contentId": "[variables('_playbookContentId3')]",
         "contentKind": "Playbook",
         "displayName": "Isolate-MDEMachine",
-        "contentProductId": "[variables('_playbookcontentProductId2')]",
-        "id": "[variables('_playbookcontentProductId2')]",
-        "version": "[variables('playbookVersion2')]"
+        "contentProductId": "[variables('_playbookcontentProductId3')]",
+        "id": "[variables('_playbookcontentProductId3')]",
+        "version": "[variables('playbookVersion3')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName3')]",
+      "name": "[variables('playbookTemplateSpecName4')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Restrict-MDEAppExecution Playbook with template version 3.0.0",
+        "description": "Restrict-MDEAppExecution Playbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion3')]",
+          "contentVersion": "[variables('playbookVersion4')]",
           "parameters": {
             "PlaybookName": {
               "defaultValue": "Restrict-MDEAppExecution",
@@ -1837,12 +1793,12 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId3'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId4'),'/'))))]",
               "properties": {
-                "parentId": "[variables('playbookId3')]",
-                "contentId": "[variables('_playbookContentId3')]",
+                "parentId": "[variables('playbookId4')]",
+                "contentId": "[variables('_playbookContentId4')]",
                 "kind": "Playbook",
-                "version": "[variables('playbookVersion3')]",
+                "version": "[variables('playbookVersion4')]",
                 "source": {
                   "kind": "Solution",
                   "name": "MicrosoftDefenderForEndpoint",
@@ -1890,27 +1846,27 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId3')]",
+        "contentId": "[variables('_playbookContentId4')]",
         "contentKind": "Playbook",
         "displayName": "Restrict-MDEAppExecution",
-        "contentProductId": "[variables('_playbookcontentProductId3')]",
-        "id": "[variables('_playbookcontentProductId3')]",
-        "version": "[variables('playbookVersion3')]"
+        "contentProductId": "[variables('_playbookcontentProductId4')]",
+        "id": "[variables('_playbookcontentProductId4')]",
+        "version": "[variables('playbookVersion4')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName4')]",
+      "name": "[variables('playbookTemplateSpecName5')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Restrict-MDEAppExecution Playbook with template version 3.0.0",
+        "description": "Restrict-MDEAppExecution Playbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion4')]",
+          "contentVersion": "[variables('playbookVersion5')]",
           "parameters": {
             "PlaybookName": {
               "defaultValue": "Restrict-MDEAppExecution",
@@ -2132,12 +2088,12 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId4'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId5'),'/'))))]",
               "properties": {
-                "parentId": "[variables('playbookId4')]",
-                "contentId": "[variables('_playbookContentId4')]",
+                "parentId": "[variables('playbookId5')]",
+                "contentId": "[variables('_playbookContentId5')]",
                 "kind": "Playbook",
-                "version": "[variables('playbookVersion4')]",
+                "version": "[variables('playbookVersion5')]",
                 "source": {
                   "kind": "Solution",
                   "name": "MicrosoftDefenderForEndpoint",
@@ -2185,27 +2141,27 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId4')]",
+        "contentId": "[variables('_playbookContentId5')]",
         "contentKind": "Playbook",
         "displayName": "Restrict-MDEAppExecution",
-        "contentProductId": "[variables('_playbookcontentProductId4')]",
-        "id": "[variables('_playbookcontentProductId4')]",
-        "version": "[variables('playbookVersion4')]"
+        "contentProductId": "[variables('_playbookcontentProductId5')]",
+        "id": "[variables('_playbookcontentProductId5')]",
+        "version": "[variables('playbookVersion5')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName5')]",
+      "name": "[variables('playbookTemplateSpecName6')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Restrict-MDEDomain Playbook with template version 3.0.0",
+        "description": "Restrict-MDEDomain Playbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion5')]",
+          "contentVersion": "[variables('playbookVersion6')]",
           "parameters": {
             "PlaybookName": {
               "defaultValue": "Restrict-MDEDomain",
@@ -2538,12 +2494,12 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId5'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId6'),'/'))))]",
               "properties": {
-                "parentId": "[variables('playbookId5')]",
-                "contentId": "[variables('_playbookContentId5')]",
+                "parentId": "[variables('playbookId6')]",
+                "contentId": "[variables('_playbookContentId6')]",
                 "kind": "Playbook",
-                "version": "[variables('playbookVersion5')]",
+                "version": "[variables('playbookVersion6')]",
                 "source": {
                   "kind": "Solution",
                   "name": "MicrosoftDefenderForEndpoint",
@@ -2591,30 +2547,30 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId5')]",
+        "contentId": "[variables('_playbookContentId6')]",
         "contentKind": "Playbook",
         "displayName": "Restrict-MDEDomain",
-        "contentProductId": "[variables('_playbookcontentProductId5')]",
-        "id": "[variables('_playbookcontentProductId5')]",
-        "version": "[variables('playbookVersion5')]"
+        "contentProductId": "[variables('_playbookcontentProductId6')]",
+        "id": "[variables('_playbookcontentProductId6')]",
+        "version": "[variables('playbookVersion6')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName6')]",
+      "name": "[variables('playbookTemplateSpecName7')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Restrict-MDEDomain Playbook with template version 3.0.0",
+        "description": "Restrict-MDEDomain-entityTrigger Playbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion6')]",
+          "contentVersion": "[variables('playbookVersion7')]",
           "parameters": {
             "PlaybookName": {
-              "defaultValue": "Restrict-MDEDomain",
+              "defaultValue": "Restrict-MDEDomain-entityTrigger",
               "type": "string"
             }
           },
@@ -2640,7 +2596,7 @@
                     }
                   },
                   "triggers": {
-                    "Microsoft_Sentinel_incident": {
+                    "Microsoft_Sentinel_entity_(DNS)": {
                       "type": "ApiConnectionWebhook",
                       "inputs": {
                         "body": {
@@ -2648,86 +2604,78 @@
                         },
                         "host": {
                           "connection": {
-                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                            "name": "@parameters('$connections')['azuresentinel_1']['connectionId']"
                           }
                         },
-                        "path": "/incident-creation"
+                        "path": "/entity/@{encodeURIComponent('DNS')}"
                       }
                     }
                   },
                   "actions": {
-                    "Entities_-_Get_DNS": {
-                      "type": "ApiConnection",
-                      "inputs": {
-                        "body": "@triggerBody()?['object']?['properties']?['relatedEntities']",
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                          }
-                        },
-                        "method": "post",
-                        "path": "/entities/dnsresolution"
-                      }
-                    },
-                    "For_each": {
-                      "foreach": "@body('Entities_-_Get_DNS')?['Dnsresolutions']",
+                    "Condition": {
                       "actions": {
                         "Add_comment_to_incident_(V3)": {
-                          "runAfter": {
-                            "HTTP": [
-                              "Succeeded"
-                            ]
-                          },
                           "type": "ApiConnection",
                           "inputs": {
                             "body": {
-                              "incidentArmId": "@triggerBody()?['object']?['id']",
-                              "message": "<p>@{items('For_each')?['DomainName']} was added to MDE Indicators with action: AlertandBlock via playbook.</p>"
+                              "incidentArmId": "@triggerBody()?['IncidentArmID']",
+                              "message": "<p><br>\nAn AlertAndBlock request has been sent to the security centre API for the domain: @{triggerBody()?['Entity']?['properties']?['DomainName']}. Note that the expiration time on this request is 90 days.<br>\nThe response from the API was: @{outputs('HTTP_-_AlertAndBlock')['statusCode']}</p>"
                             },
                             "host": {
                               "connection": {
-                                "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                                "name": "@parameters('$connections')['azuresentinel_1']['connectionId']"
                               }
                             },
                             "method": "post",
                             "path": "/Incidents/Comment"
                           }
-                        },
-                        "HTTP": {
-                          "type": "Http",
-                          "inputs": {
-                            "authentication": {
-                              "audience": "https://api.securitycenter.windows.com/",
-                              "type": "ManagedServiceIdentity"
-                            },
-                            "body": {
-                              "action": "AlertAndBlock",
-                              "application": "Microsoft Sentinel",
-                              "description": "@{triggerBody()?['object']?['properties']?['incidentNumber']}-@{triggerBody()?['object']?['properties']?['title']}",
-                              "expirationTime": "@{addDays(utcNow(), 90)}",
-                              "indicatorType": "DomainName",
-                              "indicatorValue": "@{items('For_each')?['DomainName']}",
-                              "severity": "@{triggerBody()?['object']?['properties']?['severity']}",
-                              "title": "@{guid()}"
-                            },
-                            "method": "POST",
-                            "uri": "https://api.securitycenter.windows.com/api/indicators"
-                          }
                         }
                       },
                       "runAfter": {
-                        "Entities_-_Get_DNS": [
+                        "HTTP_-_AlertAndBlock": [
                           "Succeeded"
                         ]
                       },
-                      "type": "Foreach"
-                    }
-                  }
-                },
+                      "expression": {
+                        "and": [
+                          {
+                            "not": {
+                              "equals": [
+                                "@triggerBody()?['IncidentArmID']",
+                                "@null"
+                              ]
+                            }
+                          }
+                        ]
+                      },
+                      "type": "If"
+                    },
+                    "HTTP_-_AlertAndBlock": {
+                      "type": "Http",
+                      "inputs": {
+                        "authentication": {
+                          "audience": "https://api.securitycenter.windows.com/",
+                          "type": "ManagedServiceIdentity"
+                        },
+                        "body": {
+                          "action": "AlertAndBlock",
+                          "application": "Microsoft Sentinel",
+                          "description": "This block command has been made through the Restrict-MDEDomain-entityTrigger. Ran on URL Entity from Sentinel Incident with ARM ID: @{triggerBody()?['IncidentArmID']}. Entity properties: @{triggerBody()?['Entity']?['properties']}",
+                          "expirationTime": "@{addDays(utcNow(), 90)}",
+                          "indicatorType": "DomainName",
+                          "indicatorValue": "@{triggerBody()?['Entity']?['properties']?['DomainName']}",
+                          "title": "@{guid()}"
+                        },
+                        "method": "POST",
+                        "uri": "https://api.securitycenter.windows.com/api/indicators"
+                      }
+                    }
+                  }
+                },
                 "parameters": {
                   "$connections": {
                     "value": {
-                      "azuresentinel": {
+                      "azuresentinel_1": {
                         "connectionId": "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
                         "connectionName": "[[variables('MicrosoftSentinelConnectionName')]",
                         "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
@@ -2745,8 +2693,7 @@
               "type": "Microsoft.Logic/workflows",
               "location": "[[variables('workspace-location-inline')]",
               "tags": {
-                "LogicAppsCategory": "security",
-                "hidden-SentinelTemplateName": "Restrict-MDEDomain",
+                "hidden-SentinelTemplateName": "Restrict-MDEDomain-entityTrigger",
                 "hidden-SentinelTemplateVersion": "1.0",
                 "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
               },
@@ -2775,12 +2722,12 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId6'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId7'),'/'))))]",
               "properties": {
-                "parentId": "[variables('playbookId6')]",
-                "contentId": "[variables('_playbookContentId6')]",
+                "parentId": "[variables('playbookId7')]",
+                "contentId": "[variables('_playbookContentId7')]",
                 "kind": "Playbook",
-                "version": "[variables('playbookVersion6')]",
+                "version": "[variables('playbookVersion7')]",
                 "source": {
                   "kind": "Solution",
                   "name": "MicrosoftDefenderForEndpoint",
@@ -2800,27 +2747,27 @@
             }
           ],
           "metadata": {
-            "title": "Restrict MDE Domain - Incident Triggered",
-            "description": "This play book will take DNS entities and generate alert and block threat indicators for each domain in Microsoft Defender for Endpoint for 90 days.",
-            "prerequisites": [
-              "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to assign Microsoft Sentinel Responder role to the managed identity \n\n - You will need to grant Ti.ReadWrite permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"
+            "title": "Restrict MDE Domain - Entity Triggered",
+            "description": "This playbook will take the triggering entity and generate an alert and block threat indicator for the domain in MDE for 90 days.",
+            "prerequisites": "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions and assign Microsoft Sentinel Reader to the resource group for the managed identity. Run the following code replacing the managed identity object id, subscriptionId and resource group. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $SubscriptionId = '<Enter your subsciption id here>' \n\n $ResourceGroup = '<Enter your resource group here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $RoleName = 'Microsoft Sentinel Responder' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n New-AzRoleAssignment -ObjectId $MIGuid -RoleDefinitionName $RoleName -Scope /subscriptions/$SubscriptionId/resourcegroups/$ResourceGroup \n\n ```",
+            "postDeployment": [
+              "1. Add Microsoft Sentinel Responder role to the managed identity.",
+              "2. Assign Ti.ReadWrite API permissions to the managed identity."
             ],
-            "lastUpdateTime": "2022-07-14T00:00:00Z",
+            "lastUpdateTime": "2023-02-26T00:00:00Z",
             "entities": [
-              "dnsresolution"
+              "Url"
             ],
             "tags": [
               "Remediation"
             ],
-            "releaseNotes": [
-              {
-                "version": "1.0.0",
-                "title": "Restrict MDE Domain",
-                "notes": [
-                  "Initial version"
-                ]
-              }
-            ]
+            "releaseNotes": {
+              "version": "1.0",
+              "title": "[variables('blanks')]",
+              "notes": [
+                "Initial version"
+              ]
+            }
           }
         },
         "packageKind": "Solution",
@@ -2828,115 +2775,98 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId6')]",
+        "contentId": "[variables('_playbookContentId7')]",
         "contentKind": "Playbook",
-        "displayName": "Restrict-MDEDomain",
-        "contentProductId": "[variables('_playbookcontentProductId6')]",
-        "id": "[variables('_playbookcontentProductId6')]",
-        "version": "[variables('playbookVersion6')]"
+        "displayName": "Restrict-MDEDomain-entityTrigger",
+        "contentProductId": "[variables('_playbookcontentProductId7')]",
+        "id": "[variables('_playbookcontentProductId7')]",
+        "version": "[variables('playbookVersion7')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName7')]",
+      "name": "[variables('playbookTemplateSpecName8')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Restrict-MDEFileHash Playbook with template version 3.0.0",
+        "description": "Restrict-MDEDomain Playbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion7')]",
+          "contentVersion": "[variables('playbookVersion8')]",
           "parameters": {
             "PlaybookName": {
-              "defaultValue": "Restrict-MDEFileHash",
-              "type": "String"
+              "defaultValue": "Restrict-MDEDomain",
+              "type": "string"
             }
           },
           "variables": {
-            "AzureSentinelConnectionName": "[[concat('azuresentinel-', parameters('PlaybookName'))]",
-            "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
-            "_connection-1": "[[variables('connection-1')]",
+            "MicrosoftSentinelConnectionName": "[[concat('MicrosoftSentinel-', parameters('PlaybookName'))]",
+            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
+            "_connection-2": "[[variables('connection-2')]",
             "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
             "workspace-name": "[parameters('workspace')]",
             "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
           },
           "resources": [
             {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('AzureSentinelConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "kind": "V1",
-              "properties": {
-                "displayName": "[[parameters('PlaybookName')]",
-                "parameterValueType": "Alternative",
-                "api": {
-                  "id": "[[variables('_connection-1')]"
-                }
-              }
-            },
-            {
-              "type": "Microsoft.Logic/workflows",
-              "apiVersion": "2017-07-01",
-              "name": "[[parameters('PlaybookName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "tags": {
-                "LogicAppsCategory": "security",
-                "hidden-SentinelTemplateName": "Restrict-MDEFileHash_alert",
-                "hidden-SentinelTemplateVersion": "1.0",
-                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
-              },
-              "dependsOn": [
-                "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]"
-              ],
-              "identity": {
-                "type": "SystemAssigned"
-              },
               "properties": {
+                "provisioningState": "Succeeded",
                 "state": "Enabled",
                 "definition": {
                   "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
-                  "actions": {
-                    "Alert_-_Get_incident": {
+                  "contentVersion": "1.0.0.0",
+                  "parameters": {
+                    "$connections": {
+                      "type": "Object"
+                    }
+                  },
+                  "triggers": {
+                    "Microsoft_Sentinel_incident": {
+                      "type": "ApiConnectionWebhook",
                       "inputs": {
+                        "body": {
+                          "callback_url": "@{listCallbackUrl()}"
+                        },
                         "host": {
                           "connection": {
                             "name": "@parameters('$connections')['azuresentinel']['connectionId']"
                           }
                         },
-                        "method": "get",
-                        "path": "/Incidents/subscriptions/@{encodeURIComponent(triggerBody()?['WorkspaceSubscriptionId'])}/resourceGroups/@{encodeURIComponent(triggerBody()?['WorkspaceResourceGroup'])}/workspaces/@{encodeURIComponent(triggerBody()?['WorkspaceId'])}/alerts/@{encodeURIComponent(triggerBody()?['SystemAlertId'])}"
-                      },
-                      "type": "ApiConnection"
-                    },
-                    "Entities_-_Get_FileHashes": {
+                        "path": "/incident-creation"
+                      }
+                    }
+                  },
+                  "actions": {
+                    "Entities_-_Get_DNS": {
+                      "type": "ApiConnection",
                       "inputs": {
-                        "body": "@triggerBody()?['Entities']",
+                        "body": "@triggerBody()?['object']?['properties']?['relatedEntities']",
                         "host": {
                           "connection": {
                             "name": "@parameters('$connections')['azuresentinel']['connectionId']"
                           }
                         },
                         "method": "post",
-                        "path": "/entities/filehash"
-                      },
-                      "runAfter": {
-                        "Alert_-_Get_incident": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "ApiConnection"
+                        "path": "/entities/dnsresolution"
+                      }
                     },
                     "For_each": {
+                      "foreach": "@body('Entities_-_Get_DNS')?['Dnsresolutions']",
                       "actions": {
                         "Add_comment_to_incident_(V3)": {
+                          "runAfter": {
+                            "HTTP": [
+                              "Succeeded"
+                            ]
+                          },
+                          "type": "ApiConnection",
                           "inputs": {
                             "body": {
-                              "incidentArmId": "@body('Alert_-_Get_incident')?['id']",
-                              "message": "<p>@{items('For_each')?['Value']} was added to MDE Indicators with action: AlertandBlock via playbook.</p>"
+                              "incidentArmId": "@triggerBody()?['object']?['id']",
+                              "message": "<p>@{items('For_each')?['DomainName']} was added to MDE Indicators with action: AlertandBlock via playbook.</p>"
                             },
                             "host": {
                               "connection": {
@@ -2945,112 +2875,46 @@
                             },
                             "method": "post",
                             "path": "/Incidents/Comment"
-                          },
-                          "runAfter": {
-                            "Switch": [
-                              "Succeeded"
-                            ]
-                          },
-                          "type": "ApiConnection"
+                          }
                         },
-                        "Switch": {
-                          "cases": {
-                            "Case": {
-                              "actions": {
-                                "HTTP": {
-                                  "inputs": {
-                                    "authentication": {
-                                      "audience": "https://api.securitycenter.windows.com/",
-                                      "type": "ManagedServiceIdentity"
-                                    },
-                                    "body": {
-                                      "action": "AlertAndBlock",
-                                      "application": "Microsoft Sentinel",
-                                      "description": "@{body('Alert_-_Get_incident')?['properties']?['incidentNumber']}-@{body('Alert_-_Get_incident')?['properties']?['title']}",
-                                      "expirationTime": "@{addDays(triggerBody()?['TimeGenerated'], 90)}",
-                                      "indicatorType": "FileSha1",
-                                      "indicatorValue": "@{items('For_each')?['Value']}",
-                                      "severity": "@{body('Alert_-_Get_incident')?['properties']?['severity']}",
-                                      "title": "@{guid()}"
-                                    },
-                                    "method": "POST",
-                                    "uri": "https://api.securitycenter.windows.com/api/indicators"
-                                  },
-                                  "type": "Http"
-                                }
-                              },
-                              "case": "SHA1"
+                        "HTTP": {
+                          "type": "Http",
+                          "inputs": {
+                            "authentication": {
+                              "audience": "https://api.securitycenter.windows.com/",
+                              "type": "ManagedServiceIdentity"
                             },
-                            "Case_2": {
-                              "actions": {
-                                "HTTP_2": {
-                                  "inputs": {
-                                    "authentication": {
-                                      "audience": "https://api.securitycenter.windows.com/",
-                                      "type": "ManagedServiceIdentity"
-                                    },
-                                    "body": {
-                                      "action": "AlertAndBlock",
-                                      "application": "Microsoft Sentinel",
-                                      "description": "@{body('Alert_-_Get_incident')?['properties']?['incidentNumber']}-@{body('Alert_-_Get_incident')?['properties']?['title']}",
-                                      "expirationTime": "@{addDays(triggerBody()?['TimeGenerated'], 90)}",
-                                      "indicatorType": "FileSha256",
-                                      "indicatorValue": "@{items('For_each')?['Value']}",
-                                      "severity": "@{body('Alert_-_Get_incident')?['properties']?['severity']}",
-                                      "title": "@{guid()}"
-                                    },
-                                    "method": "POST",
-                                    "uri": "https://api.securitycenter.windows.com/api/indicators"
-                                  },
-                                  "type": "Http"
-                                }
-                              },
-                              "case": "SHA256"
-                            }
-                          },
-                          "expression": "@items('For_each')?['Algorithm']",
-                          "type": "Switch"
-                        }
-                      },
-                      "foreach": "@body('Entities_-_Get_FileHashes')?['Filehashes']",
+                            "body": {
+                              "action": "AlertAndBlock",
+                              "application": "Microsoft Sentinel",
+                              "description": "@{triggerBody()?['object']?['properties']?['incidentNumber']}-@{triggerBody()?['object']?['properties']?['title']}",
+                              "expirationTime": "@{addDays(utcNow(), 90)}",
+                              "indicatorType": "DomainName",
+                              "indicatorValue": "@{items('For_each')?['DomainName']}",
+                              "severity": "@{triggerBody()?['object']?['properties']?['severity']}",
+                              "title": "@{guid()}"
+                            },
+                            "method": "POST",
+                            "uri": "https://api.securitycenter.windows.com/api/indicators"
+                          }
+                        }
+                      },
                       "runAfter": {
-                        "Entities_-_Get_FileHashes": [
+                        "Entities_-_Get_DNS": [
                           "Succeeded"
                         ]
                       },
                       "type": "Foreach"
                     }
-                  },
-                  "contentVersion": "1.0.0.0",
-                  "parameters": {
-                    "$connections": {
-                      "type": "Object"
-                    }
-                  },
-                  "triggers": {
-                    "Microsoft_Sentinel_alert": {
-                      "inputs": {
-                        "body": {
-                          "callback_url": "@{listCallbackUrl()}"
-                        },
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                          }
-                        },
-                        "path": "/subscribe"
-                      },
-                      "type": "ApiConnectionWebhook"
-                    }
                   }
                 },
                 "parameters": {
                   "$connections": {
                     "value": {
                       "azuresentinel": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]",
-                        "connectionName": "[[variables('AzureSentinelConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
+                        "connectionName": "[[variables('MicrosoftSentinelConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
                         "connectionProperties": {
                           "authentication": {
                             "type": "ManagedServiceIdentity"
@@ -3060,17 +2924,47 @@
                     }
                   }
                 }
+              },
+              "name": "[[parameters('PlaybookName')]",
+              "type": "Microsoft.Logic/workflows",
+              "location": "[[variables('workspace-location-inline')]",
+              "tags": {
+                "LogicAppsCategory": "security",
+                "hidden-SentinelTemplateName": "Restrict-MDEDomain",
+                "hidden-SentinelTemplateVersion": "1.0",
+                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
+              },
+              "identity": {
+                "type": "SystemAssigned"
+              },
+              "apiVersion": "2017-07-01",
+              "dependsOn": [
+                "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]"
+              ]
+            },
+            {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('MicrosoftSentinelConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
+              "properties": {
+                "displayName": "[[variables('MicrosoftSentinelConnectionName')]",
+                "parameterValueType": "Alternative",
+                "api": {
+                  "id": "[[variables('_connection-2')]"
+                }
               }
             },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId7'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId8'),'/'))))]",
               "properties": {
-                "parentId": "[variables('playbookId7')]",
-                "contentId": "[variables('_playbookContentId7')]",
+                "parentId": "[variables('playbookId8')]",
+                "contentId": "[variables('_playbookContentId8')]",
                 "kind": "Playbook",
-                "version": "[variables('playbookVersion7')]",
+                "version": "[variables('playbookVersion8')]",
                 "source": {
                   "kind": "Solution",
                   "name": "MicrosoftDefenderForEndpoint",
@@ -3090,14 +2984,14 @@
             }
           ],
           "metadata": {
-            "title": "Restrict MDE FileHash - Alert Triggered",
-            "description": "This playbook will take FileHash entities and generate alert and block threat indicators for each file hash in MDE for 90 days.",
+            "title": "Restrict MDE Domain - Incident Triggered",
+            "description": "This play book will take DNS entities and generate alert and block threat indicators for each domain in Microsoft Defender for Endpoint for 90 days.",
             "prerequisites": [
-              "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"
+              "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to assign Microsoft Sentinel Responder role to the managed identity \n\n - You will need to grant Ti.ReadWrite permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"
             ],
             "lastUpdateTime": "2022-07-14T00:00:00Z",
             "entities": [
-              "FileHash"
+              "dnsresolution"
             ],
             "tags": [
               "Remediation"
@@ -3105,7 +2999,7 @@
             "releaseNotes": [
               {
                 "version": "1.0.0",
-                "title": "Restrict MDE FileHash",
+                "title": "Restrict MDE Domain",
                 "notes": [
                   "Initial version"
                 ]
@@ -3118,27 +3012,27 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId7')]",
+        "contentId": "[variables('_playbookContentId8')]",
         "contentKind": "Playbook",
-        "displayName": "Restrict-MDEFileHash",
-        "contentProductId": "[variables('_playbookcontentProductId7')]",
-        "id": "[variables('_playbookcontentProductId7')]",
-        "version": "[variables('playbookVersion7')]"
+        "displayName": "Restrict-MDEDomain",
+        "contentProductId": "[variables('_playbookcontentProductId8')]",
+        "id": "[variables('_playbookcontentProductId8')]",
+        "version": "[variables('playbookVersion8')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName8')]",
+      "name": "[variables('playbookTemplateSpecName9')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Restrict-MDEFileHash Playbook with template version 3.0.0",
+        "description": "Restrict-MDEFileHash Playbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion8')]",
+          "contentVersion": "[variables('playbookVersion9')]",
           "parameters": {
             "PlaybookName": {
               "defaultValue": "Restrict-MDEFileHash",
@@ -3175,7 +3069,7 @@
               "location": "[[variables('workspace-location-inline')]",
               "tags": {
                 "LogicAppsCategory": "security",
-                "hidden-SentinelTemplateName": "Restrict-MDEFileHash",
+                "hidden-SentinelTemplateName": "Restrict-MDEFileHash_alert",
                 "hidden-SentinelTemplateVersion": "1.0",
                 "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
               },
@@ -3190,9 +3084,21 @@
                 "definition": {
                   "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
                   "actions": {
+                    "Alert_-_Get_incident": {
+                      "inputs": {
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                          }
+                        },
+                        "method": "get",
+                        "path": "/Incidents/subscriptions/@{encodeURIComponent(triggerBody()?['WorkspaceSubscriptionId'])}/resourceGroups/@{encodeURIComponent(triggerBody()?['WorkspaceResourceGroup'])}/workspaces/@{encodeURIComponent(triggerBody()?['WorkspaceId'])}/alerts/@{encodeURIComponent(triggerBody()?['SystemAlertId'])}"
+                      },
+                      "type": "ApiConnection"
+                    },
                     "Entities_-_Get_FileHashes": {
                       "inputs": {
-                        "body": "@triggerBody()?['object']?['properties']?['relatedEntities']",
+                        "body": "@triggerBody()?['Entities']",
                         "host": {
                           "connection": {
                             "name": "@parameters('$connections')['azuresentinel']['connectionId']"
@@ -3201,6 +3107,11 @@
                         "method": "post",
                         "path": "/entities/filehash"
                       },
+                      "runAfter": {
+                        "Alert_-_Get_incident": [
+                          "Succeeded"
+                        ]
+                      },
                       "type": "ApiConnection"
                     },
                     "For_each": {
@@ -3208,7 +3119,7 @@
                         "Add_comment_to_incident_(V3)": {
                           "inputs": {
                             "body": {
-                              "incidentArmId": "@triggerBody()?['object']?['id']",
+                              "incidentArmId": "@body('Alert_-_Get_incident')?['id']",
                               "message": "<p>@{items('For_each')?['Value']} was added to MDE Indicators with action: AlertandBlock via playbook.</p>"
                             },
                             "host": {
@@ -3239,11 +3150,11 @@
                                     "body": {
                                       "action": "AlertAndBlock",
                                       "application": "Microsoft Sentinel",
-                                      "description": "@{triggerBody()?['object']?['properties']?['incidentNumber']}-@{triggerBody()?['object']?['properties']?['title']}",
-                                      "expirationTime": "@{addDays(triggerBody()?['object']?['properties']?['createdTimeUtc'], 90)}",
+                                      "description": "@{body('Alert_-_Get_incident')?['properties']?['incidentNumber']}-@{body('Alert_-_Get_incident')?['properties']?['title']}",
+                                      "expirationTime": "@{addDays(triggerBody()?['TimeGenerated'], 90)}",
                                       "indicatorType": "FileSha1",
                                       "indicatorValue": "@{items('For_each')?['Value']}",
-                                      "severity": "@{triggerBody()?['object']?['properties']?['severity']}",
+                                      "severity": "@{body('Alert_-_Get_incident')?['properties']?['severity']}",
                                       "title": "@{guid()}"
                                     },
                                     "method": "POST",
@@ -3265,11 +3176,11 @@
                                     "body": {
                                       "action": "AlertAndBlock",
                                       "application": "Microsoft Sentinel",
-                                      "description": "@{triggerBody()?['object']?['properties']?['incidentNumber']}-@{triggerBody()?['object']?['properties']?['title']}",
-                                      "expirationTime": "@{addDays(triggerBody()?['object']?['properties']?['createdTimeUtc'], 90)}",
+                                      "description": "@{body('Alert_-_Get_incident')?['properties']?['incidentNumber']}-@{body('Alert_-_Get_incident')?['properties']?['title']}",
+                                      "expirationTime": "@{addDays(triggerBody()?['TimeGenerated'], 90)}",
                                       "indicatorType": "FileSha256",
                                       "indicatorValue": "@{items('For_each')?['Value']}",
-                                      "severity": "@{triggerBody()?['object']?['properties']?['severity']}",
+                                      "severity": "@{body('Alert_-_Get_incident')?['properties']?['severity']}",
                                       "title": "@{guid()}"
                                     },
                                     "method": "POST",
@@ -3301,7 +3212,7 @@
                     }
                   },
                   "triggers": {
-                    "Microsoft_Sentinel_incident": {
+                    "Microsoft_Sentinel_alert": {
                       "inputs": {
                         "body": {
                           "callback_url": "@{listCallbackUrl()}"
@@ -3311,7 +3222,7 @@
                             "name": "@parameters('$connections')['azuresentinel']['connectionId']"
                           }
                         },
-                        "path": "/incident-creation"
+                        "path": "/subscribe"
                       },
                       "type": "ApiConnectionWebhook"
                     }
@@ -3338,12 +3249,12 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId8'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId9'),'/'))))]",
               "properties": {
-                "parentId": "[variables('playbookId8')]",
-                "contentId": "[variables('_playbookContentId8')]",
+                "parentId": "[variables('playbookId9')]",
+                "contentId": "[variables('_playbookContentId9')]",
                 "kind": "Playbook",
-                "version": "[variables('playbookVersion8')]",
+                "version": "[variables('playbookVersion9')]",
                 "source": {
                   "kind": "Solution",
                   "name": "MicrosoftDefenderForEndpoint",
@@ -3363,7 +3274,7 @@
             }
           ],
           "metadata": {
-            "title": "Restrict MDE FileHash - Incident Triggered",
+            "title": "Restrict MDE FileHash - Alert Triggered",
             "description": "This playbook will take FileHash entities and generate alert and block threat indicators for each file hash in MDE for 90 days.",
             "prerequisites": [
               "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"
@@ -3391,195 +3302,196 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId8')]",
+        "contentId": "[variables('_playbookContentId9')]",
         "contentKind": "Playbook",
         "displayName": "Restrict-MDEFileHash",
-        "contentProductId": "[variables('_playbookcontentProductId8')]",
-        "id": "[variables('_playbookcontentProductId8')]",
-        "version": "[variables('playbookVersion8')]"
+        "contentProductId": "[variables('_playbookcontentProductId9')]",
+        "id": "[variables('_playbookcontentProductId9')]",
+        "version": "[variables('playbookVersion9')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName9')]",
+      "name": "[variables('playbookTemplateSpecName10')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Restrict-MDEIpAddress Playbook with template version 3.0.0",
+        "description": "Restrict-MDEFileHash-entityTrigger Playbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion9')]",
+          "contentVersion": "[variables('playbookVersion10')]",
           "parameters": {
             "PlaybookName": {
-              "defaultValue": "Restrict-MDEIpAddress",
-              "type": "String"
+              "defaultValue": "Restrict-MDEFileHash-entityTrigger",
+              "type": "string"
             }
           },
           "variables": {
-            "AzureSentinelConnectionName": "[[concat('azuresentinel-', parameters('PlaybookName'))]",
-            "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
-            "_connection-1": "[[variables('connection-1')]",
+            "MicrosoftSentinelConnectionName": "[[concat('MicrosoftSentinel-', parameters('PlaybookName'))]",
+            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
+            "_connection-2": "[[variables('connection-2')]",
             "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
             "workspace-name": "[parameters('workspace')]",
             "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
           },
           "resources": [
             {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('AzureSentinelConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "kind": "V1",
-              "properties": {
-                "displayName": "[[parameters('PlaybookName')]",
-                "parameterValueType": "Alternative",
-                "api": {
-                  "id": "[[variables('_connection-1')]"
-                }
-              }
-            },
-            {
-              "type": "Microsoft.Logic/workflows",
-              "apiVersion": "2017-07-01",
-              "name": "[[parameters('PlaybookName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "tags": {
-                "LogicAppsCategory": "security",
-                "hidden-SentinelTemplateName": "Restrict-MDEIPAddress_alert",
-                "hidden-SentinelTemplateVersion": "1.0",
-                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
-              },
-              "dependsOn": [
-                "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]"
-              ],
-              "identity": {
-                "type": "SystemAssigned"
-              },
               "properties": {
+                "provisioningState": "Succeeded",
                 "state": "Enabled",
                 "definition": {
                   "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
-                  "actions": {
-                    "Alert_-_Get_incident": {
+                  "contentVersion": "1.0.0.0",
+                  "parameters": {
+                    "$connections": {
+                      "type": "Object"
+                    }
+                  },
+                  "triggers": {
+                    "Microsoft_Sentinel_entity_(FileHash)": {
+                      "type": "ApiConnectionWebhook",
                       "inputs": {
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                          }
+                        "body": {
+                          "callback_url": "@{listCallbackUrl()}"
                         },
-                        "method": "get",
-                        "path": "/Incidents/subscriptions/@{encodeURIComponent(triggerBody()?['WorkspaceSubscriptionId'])}/resourceGroups/@{encodeURIComponent(triggerBody()?['WorkspaceResourceGroup'])}/workspaces/@{encodeURIComponent(triggerBody()?['WorkspaceId'])}/alerts/@{encodeURIComponent(triggerBody()?['SystemAlertId'])}"
-                      },
-                      "type": "ApiConnection"
-                    },
-                    "Entities_-_Get_IPs": {
-                      "inputs": {
-                        "body": "@triggerBody()?['Entities']",
                         "host": {
                           "connection": {
-                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                            "name": "@parameters('$connections')['azuresentinel_2']['connectionId']"
                           }
                         },
-                        "method": "post",
-                        "path": "/entities/ip"
-                      },
-                      "runAfter": {
-                        "Alert_-_Get_incident": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "ApiConnection"
-                    },
-                    "For_each": {
+                        "path": "/entity/@{encodeURIComponent('FileHash')}"
+                      }
+                    }
+                  },
+                  "actions": {
+                    "Condition": {
                       "actions": {
-                        "Add_comment_to_incident_(V3)": {
+                        "Add_comment_to_incident_(V3)_2": {
+                          "type": "ApiConnection",
                           "inputs": {
                             "body": {
-                              "incidentArmId": "@body('Alert_-_Get_incident')?['id']",
-                              "message": "<p>@{items('For_each')?['Address']} was added to MDE Indicators with action: AlertandBlock via playbook.</p>"
+                              "incidentArmId": "@triggerBody()?['IncidentArmID']",
+                              "message": "<p>An AlertAndBlock request has been sent to the security centre API for file with hash: @{triggerBody()?['Entity']?['properties']?['Value']}. Note that the expiration time on this is 90 days.<br>\nThe response from the API was: @{outputs('HTTP_Alert_and_Block_Sha1')['statusCode']}</p>"
                             },
                             "host": {
                               "connection": {
-                                "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                                "name": "@parameters('$connections')['azuresentinel_2']['connectionId']"
                               }
                             },
                             "method": "post",
                             "path": "/Incidents/Comment"
-                          },
-                          "runAfter": {
-                            "HTTP": [
-                              "Succeeded"
-                            ]
-                          },
-                          "type": "ApiConnection"
-                        },
-                        "HTTP": {
-                          "inputs": {
-                            "authentication": {
-                              "audience": "https://api.securitycenter.windows.com",
-                              "type": "ManagedServiceIdentity"
-                            },
-                            "body": {
-                              "action": "AlertAndBlock",
-                              "application": "Microsoft Sentinel",
-                              "description": "@{body('Alert_-_Get_incident')?['properties']?['incidentNumber']}-@{body('Alert_-_Get_incident')?['properties']?['title']}",
-                              "expirationTime": "@{addDays(string(triggerbody()['TimeGenerated']), 90)}",
-                              "indicatorType": "IpAddress",
-                              "indicatorValue": "@{items('For_each')?['Address']}",
-                              "severity": "@{body('Alert_-_Get_incident')?['properties']?['severity']}",
-                              "title": "@{guid()}"
-                            },
-                            "headers": {
-                              "Content-type": "application/json"
-                            },
-                            "method": "POST",
-                            "uri": "https://api.securitycenter.windows.com/api/indicators"
-                          },
-                          "type": "Http"
+                          }
                         }
                       },
-                      "foreach": "@body('Entities_-_Get_IPs')?['IPs']",
                       "runAfter": {
-                        "Entities_-_Get_IPs": [
+                        "Switch": [
                           "Succeeded"
                         ]
                       },
-                      "type": "Foreach"
-                    }
-                  },
-                  "contentVersion": "1.0.0.0",
-                  "parameters": {
-                    "$connections": {
-                      "type": "Object"
-                    }
-                  },
-                  "triggers": {
-                    "Microsoft_Sentinel_alert": {
-                      "inputs": {
-                        "body": {
-                          "callback_url": "@{listCallbackUrl()}"
-                        },
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                      "expression": {
+                        "and": [
+                          {
+                            "not": {
+                              "equals": [
+                                "@triggerBody()?['IncidentArmID']",
+                                "@null"
+                              ]
+                            }
+                          },
+                          {
+                            "or": [
+                              {
+                                "equals": [
+                                  "@triggerBody()?['Entity']?['properties']?['Algorithm']",
+                                  "SHA1"
+                                ]
+                              },
+                              {
+                                "equals": [
+                                  "@triggerBody()?['Entity']?['properties']?['Algorithm']",
+                                  "SHA256"
+                                ]
+                              }
+                            ]
+                          }
+                        ]
+                      },
+                      "type": "If"
+                    },
+                    "Switch": {
+                      "cases": {
+                        "If_Encoding_==_SHA1": {
+                          "case": "SHA1",
+                          "actions": {
+                            "HTTP_Alert_and_Block_Sha1": {
+                              "type": "Http",
+                              "inputs": {
+                                "authentication": {
+                                  "audience": "https://api.securitycenter.windows.com/",
+                                  "type": "ManagedServiceIdentity"
+                                },
+                                "body": {
+                                  "action": "AlertAndBlock",
+                                  "application": "Microsoft Sentinel",
+                                  "description": "Placeholder description from Automated Restrict-MDEFileHash-entityTrigger App. Incident ARM ID: @{triggerBody()?['IncidentArmID']} File Entity Properties: @{triggerBody()?['Entity']?['properties']}",
+                                  "expirationTime": "@{addDays(utcNow(), 90)}",
+                                  "indicatorType": "FileSha1",
+                                  "indicatorValue": "@{triggerBody()?['Entity']?['properties']?['Value']}",
+                                  "title": "@{guid()}"
+                                },
+                                "headers": {
+                                  "Content-type": "application/json"
+                                },
+                                "method": "POST",
+                                "uri": "https://api.securitycenter.windows.com/api/indicators"
+                              }
+                            }
                           }
                         },
-                        "path": "/subscribe"
+                        "If_Encoding_==_SHA256": {
+                          "case": "SHA256",
+                          "actions": {
+                            "HTTP_Alert_and_Block_Sha256": {
+                              "type": "Http",
+                              "inputs": {
+                                "authentication": {
+                                  "audience": "https://api.securitycenter.windows.com/",
+                                  "type": "ManagedServiceIdentity"
+                                },
+                                "body": {
+                                  "action": "AlertAndBlock",
+                                  "application": "Microsoft Sentinel",
+                                  "description": "Placeholder description from Automated Restrict-MDEFileHash-entityTrigger App. Incident ARM ID: @{triggerBody()?['IncidentArmID']} File Entity Properties: @{triggerBody()?['Entity']?['properties']}",
+                                  "expirationTime": "@{addDays(utcNow(), 90)}",
+                                  "indicatorType": "FileSha256",
+                                  "indicatorValue": "@{triggerBody()?['Entity']?['properties']?['Value']}",
+                                  "title": "@{guid()}"
+                                },
+                                "headers": {
+                                  "Content-type": "application/json"
+                                },
+                                "method": "POST",
+                                "uri": "https://api.securitycenter.windows.com/api/indicators"
+                              }
+                            }
+                          }
+                        }
                       },
-                      "type": "ApiConnectionWebhook"
+                      "expression": "@triggerBody()?['Entity']?['properties']?['Algorithm']",
+                      "type": "Switch"
                     }
                   }
                 },
                 "parameters": {
                   "$connections": {
                     "value": {
-                      "azuresentinel": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]",
-                        "connectionName": "[[variables('AzureSentinelConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
+                      "azuresentinel_2": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
+                        "connectionName": "[[variables('MicrosoftSentinelConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
                         "connectionProperties": {
                           "authentication": {
                             "type": "ManagedServiceIdentity"
@@ -3589,17 +3501,46 @@
                     }
                   }
                 }
+              },
+              "name": "[[parameters('PlaybookName')]",
+              "type": "Microsoft.Logic/workflows",
+              "location": "[[variables('workspace-location-inline')]",
+              "tags": {
+                "hidden-SentinelTemplateName": "Restrict-MDEFileHash-entityTrigger",
+                "hidden-SentinelTemplateVersion": "1.0",
+                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
+              },
+              "identity": {
+                "type": "SystemAssigned"
+              },
+              "apiVersion": "2017-07-01",
+              "dependsOn": [
+                "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]"
+              ]
+            },
+            {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('MicrosoftSentinelConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
+              "properties": {
+                "displayName": "[[variables('MicrosoftSentinelConnectionName')]",
+                "parameterValueType": "Alternative",
+                "api": {
+                  "id": "[[variables('_connection-2')]"
+                }
               }
             },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId9'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId10'),'/'))))]",
               "properties": {
-                "parentId": "[variables('playbookId9')]",
-                "contentId": "[variables('_playbookContentId9')]",
+                "parentId": "[variables('playbookId10')]",
+                "contentId": "[variables('_playbookContentId10')]",
                 "kind": "Playbook",
-                "version": "[variables('playbookVersion9')]",
+                "version": "[variables('playbookVersion10')]",
                 "source": {
                   "kind": "Solution",
                   "name": "MicrosoftDefenderForEndpoint",
@@ -3619,27 +3560,24 @@
             }
           ],
           "metadata": {
-            "title": "Restrict MDE Ip Address - Alert Triggered",
-            "description": "This playbook will take IP entities and generate alert and block threat indicators for each IP in MDE for 90 days.",
-            "prerequisites": [
-              "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions and assign Microsoft Sentinel Reader to the resource group for the managed identity. Run the following code replacing the managed identity object id, subscriptionId and resource group. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $SubscriptionId = '<Enter your subsciption id here>' \n\n $ResourceGroup = '<Enter your resource group here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $RoleName = 'Microsoft Sentinel Responder' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n New-AzRoleAssignment -ObjectId $MIGuid -RoleDefinitionName $RoleName -Scope /subscriptions/$SubscriptionId/resourcegroups/$ResourceGroup \n\n ```"
-            ],
-            "lastUpdateTime": "2022-07-14T00:00:00Z",
+            "title": "Restrict MDE FileHash - Entity Triggered",
+            "description": "This playbook will take the triggering FileHash entity and generate an alert and block threat indicator for the file hash in MDE for 90 days.",
+            "prerequisites": "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions and assign Microsoft Sentinel Reader to the resource group for the managed identity. Run the following code replacing the managed identity object id, subscriptionId and resource group. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $SubscriptionId = '<Enter your subsciption id here>' \n\n $ResourceGroup = '<Enter your resource group here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $RoleName = 'Microsoft Sentinel Responder' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n New-AzRoleAssignment -ObjectId $MIGuid -RoleDefinitionName $RoleName -Scope /subscriptions/$SubscriptionId/resourcegroups/$ResourceGroup \n\n ```",
+            "postDeployment": [],
+            "lastUpdateTime": "2023-02-26T00:00:00Z",
             "entities": [
-              "Ip"
+              "FileHash"
             ],
             "tags": [
               "Remediation"
             ],
-            "releaseNotes": [
-              {
-                "version": "1.0.0",
-                "title": "Restrict MDE Ip Address",
-                "notes": [
-                  "Initial version"
-                ]
-              }
-            ]
+            "releaseNotes": {
+              "version": "1.0",
+              "title": "[variables('blanks')]",
+              "notes": [
+                "Initial version"
+              ]
+            }
           }
         },
         "packageKind": "Solution",
@@ -3647,30 +3585,30 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId9')]",
+        "contentId": "[variables('_playbookContentId10')]",
         "contentKind": "Playbook",
-        "displayName": "Restrict-MDEIpAddress",
-        "contentProductId": "[variables('_playbookcontentProductId9')]",
-        "id": "[variables('_playbookcontentProductId9')]",
-        "version": "[variables('playbookVersion9')]"
+        "displayName": "Restrict-MDEFileHash-entityTrigger",
+        "contentProductId": "[variables('_playbookcontentProductId10')]",
+        "id": "[variables('_playbookcontentProductId10')]",
+        "version": "[variables('playbookVersion10')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName10')]",
+      "name": "[variables('playbookTemplateSpecName11')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Restrict-MDEIpAddress Playbook with template version 3.0.0",
+        "description": "Restrict-MDEFileHash Playbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion10')]",
+          "contentVersion": "[variables('playbookVersion11')]",
           "parameters": {
             "PlaybookName": {
-              "defaultValue": "Restrict-MDEIpAddress",
+              "defaultValue": "Restrict-MDEFileHash",
               "type": "String"
             }
           },
@@ -3704,7 +3642,7 @@
               "location": "[[variables('workspace-location-inline')]",
               "tags": {
                 "LogicAppsCategory": "security",
-                "hidden-SentinelTemplateName": "Restrict-MDEIPAddress",
+                "hidden-SentinelTemplateName": "Restrict-MDEFileHash",
                 "hidden-SentinelTemplateVersion": "1.0",
                 "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
               },
@@ -3719,7 +3657,7 @@
                 "definition": {
                   "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
                   "actions": {
-                    "Entities_-_Get_IPs": {
+                    "Entities_-_Get_FileHashes": {
                       "inputs": {
                         "body": "@triggerBody()?['object']?['properties']?['relatedEntities']",
                         "host": {
@@ -3728,7 +3666,7 @@
                           }
                         },
                         "method": "post",
-                        "path": "/entities/ip"
+                        "path": "/entities/filehash"
                       },
                       "type": "ApiConnection"
                     },
@@ -3738,7 +3676,7 @@
                           "inputs": {
                             "body": {
                               "incidentArmId": "@triggerBody()?['object']?['id']",
-                              "message": "<p>@{items('For_each')?['Address']} was added to MDE Indicators with action: AlertandBlock via playbook.</p>"
+                              "message": "<p>@{items('For_each')?['Value']} was added to MDE Indicators with action: AlertandBlock via playbook.</p>"
                             },
                             "host": {
                               "connection": {
@@ -3749,40 +3687,74 @@
                             "path": "/Incidents/Comment"
                           },
                           "runAfter": {
-                            "HTTP": [
+                            "Switch": [
                               "Succeeded"
                             ]
                           },
                           "type": "ApiConnection"
                         },
-                        "HTTP": {
-                          "inputs": {
-                            "authentication": {
-                              "audience": "https://api.securitycenter.windows.com",
-                              "type": "ManagedServiceIdentity"
-                            },
-                            "body": {
-                              "action": "AlertAndBlock",
-                              "application": "Microsoft Sentinel",
-                              "description": "@{triggerBody()?['object']?['properties']?['incidentNumber']}-@{triggerBody()?['object']?['properties']?['title']}",
-                              "expirationTime": "@{addDays(string(triggerbody()['object']?['properties']?['createdTimeUtc']), 90)}",
-                              "indicatorType": "IpAddress",
-                              "indicatorValue": "@{items('For_each')?['Address']}",
-                              "severity": "@{triggerBody()?['object']?['properties']?['severity']}",
-                              "title": "@{guid()}"
-                            },
-                            "headers": {
-                              "Content-type": "application/json"
+                        "Switch": {
+                          "cases": {
+                            "Case": {
+                              "actions": {
+                                "HTTP": {
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://api.securitycenter.windows.com/",
+                                      "type": "ManagedServiceIdentity"
+                                    },
+                                    "body": {
+                                      "action": "AlertAndBlock",
+                                      "application": "Microsoft Sentinel",
+                                      "description": "@{triggerBody()?['object']?['properties']?['incidentNumber']}-@{triggerBody()?['object']?['properties']?['title']}",
+                                      "expirationTime": "@{addDays(triggerBody()?['object']?['properties']?['createdTimeUtc'], 90)}",
+                                      "indicatorType": "FileSha1",
+                                      "indicatorValue": "@{items('For_each')?['Value']}",
+                                      "severity": "@{triggerBody()?['object']?['properties']?['severity']}",
+                                      "title": "@{guid()}"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://api.securitycenter.windows.com/api/indicators"
+                                  },
+                                  "type": "Http"
+                                }
+                              },
+                              "case": "SHA1"
                             },
-                            "method": "POST",
-                            "uri": "https://api.securitycenter.windows.com/api/indicators"
+                            "Case_2": {
+                              "actions": {
+                                "HTTP_2": {
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://api.securitycenter.windows.com/",
+                                      "type": "ManagedServiceIdentity"
+                                    },
+                                    "body": {
+                                      "action": "AlertAndBlock",
+                                      "application": "Microsoft Sentinel",
+                                      "description": "@{triggerBody()?['object']?['properties']?['incidentNumber']}-@{triggerBody()?['object']?['properties']?['title']}",
+                                      "expirationTime": "@{addDays(triggerBody()?['object']?['properties']?['createdTimeUtc'], 90)}",
+                                      "indicatorType": "FileSha256",
+                                      "indicatorValue": "@{items('For_each')?['Value']}",
+                                      "severity": "@{triggerBody()?['object']?['properties']?['severity']}",
+                                      "title": "@{guid()}"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://api.securitycenter.windows.com/api/indicators"
+                                  },
+                                  "type": "Http"
+                                }
+                              },
+                              "case": "SHA256"
+                            }
                           },
-                          "type": "Http"
+                          "expression": "@items('For_each')?['Algorithm']",
+                          "type": "Switch"
                         }
                       },
-                      "foreach": "@body('Entities_-_Get_IPs')?['IPs']",
+                      "foreach": "@body('Entities_-_Get_FileHashes')?['Filehashes']",
                       "runAfter": {
-                        "Entities_-_Get_IPs": [
+                        "Entities_-_Get_FileHashes": [
                           "Succeeded"
                         ]
                       },
@@ -3833,12 +3805,12 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId10'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId11'),'/'))))]",
               "properties": {
-                "parentId": "[variables('playbookId10')]",
-                "contentId": "[variables('_playbookContentId10')]",
+                "parentId": "[variables('playbookId11')]",
+                "contentId": "[variables('_playbookContentId11')]",
                 "kind": "Playbook",
-                "version": "[variables('playbookVersion10')]",
+                "version": "[variables('playbookVersion11')]",
                 "source": {
                   "kind": "Solution",
                   "name": "MicrosoftDefenderForEndpoint",
@@ -3858,14 +3830,14 @@
             }
           ],
           "metadata": {
-            "title": "Restrict MDE Ip Address - Incident Triggered",
-            "description": "This playbook will take IP entities and generate alert and block threat indicators for each IP in MDE for 90 days.",
+            "title": "Restrict MDE FileHash - Incident Triggered",
+            "description": "This playbook will take FileHash entities and generate alert and block threat indicators for each file hash in MDE for 90 days.",
             "prerequisites": [
-              "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions and assign Microsoft Sentinel Reader to the resource group for the managed identity. Run the following code replacing the managed identity object id, subscriptionId and resource group. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $SubscriptionId = '<Enter your subsciption id here>' \n\n $ResourceGroup = '<Enter your resource group here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $RoleName = 'Microsoft Sentinel Responder' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n New-AzRoleAssignment -ObjectId $MIGuid -RoleDefinitionName $RoleName -Scope /subscriptions/$SubscriptionId/resourcegroups/$ResourceGroup \n\n ```"
+              "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"
             ],
             "lastUpdateTime": "2022-07-14T00:00:00Z",
             "entities": [
-              "Ip"
+              "FileHash"
             ],
             "tags": [
               "Remediation"
@@ -3873,7 +3845,7 @@
             "releaseNotes": [
               {
                 "version": "1.0.0",
-                "title": "Restrict MDE Ip Address",
+                "title": "Restrict MDE FileHash",
                 "notes": [
                   "Initial version"
                 ]
@@ -3886,30 +3858,30 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId10')]",
+        "contentId": "[variables('_playbookContentId11')]",
         "contentKind": "Playbook",
-        "displayName": "Restrict-MDEIpAddress",
-        "contentProductId": "[variables('_playbookcontentProductId10')]",
-        "id": "[variables('_playbookcontentProductId10')]",
-        "version": "[variables('playbookVersion10')]"
+        "displayName": "Restrict-MDEFileHash",
+        "contentProductId": "[variables('_playbookcontentProductId11')]",
+        "id": "[variables('_playbookcontentProductId11')]",
+        "version": "[variables('playbookVersion11')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName11')]",
+      "name": "[variables('playbookTemplateSpecName12')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Restrict-MDEUrl Playbook with template version 3.0.0",
+        "description": "Restrict-MDEIpAddress Playbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion11')]",
+          "contentVersion": "[variables('playbookVersion12')]",
           "parameters": {
             "PlaybookName": {
-              "defaultValue": "Restrict-MDEUrl",
+              "defaultValue": "Restrict-MDEIpAddress",
               "type": "String"
             }
           },
@@ -3943,7 +3915,7 @@
               "location": "[[variables('workspace-location-inline')]",
               "tags": {
                 "LogicAppsCategory": "security",
-                "hidden-SentinelTemplateName": "Restrict-MDEUrl_alert",
+                "hidden-SentinelTemplateName": "Restrict-MDEIPAddress_alert",
                 "hidden-SentinelTemplateVersion": "1.0",
                 "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
               },
@@ -3970,7 +3942,7 @@
                       },
                       "type": "ApiConnection"
                     },
-                    "Entities_-_Get_URLs": {
+                    "Entities_-_Get_IPs": {
                       "inputs": {
                         "body": "@triggerBody()?['Entities']",
                         "host": {
@@ -3979,7 +3951,7 @@
                           }
                         },
                         "method": "post",
-                        "path": "/entities/url"
+                        "path": "/entities/ip"
                       },
                       "runAfter": {
                         "Alert_-_Get_incident": [
@@ -3994,7 +3966,7 @@
                           "inputs": {
                             "body": {
                               "incidentArmId": "@body('Alert_-_Get_incident')?['id']",
-                              "message": "<p>@{items('For_each')?['Url']} was added to MDE Indicators with action: AlertandBlock via playbook.</p>"
+                              "message": "<p>@{items('For_each')?['Address']} was added to MDE Indicators with action: AlertandBlock via playbook.</p>"
                             },
                             "host": {
                               "connection": {
@@ -4021,9 +3993,9 @@
                               "action": "AlertAndBlock",
                               "application": "Microsoft Sentinel",
                               "description": "@{body('Alert_-_Get_incident')?['properties']?['incidentNumber']}-@{body('Alert_-_Get_incident')?['properties']?['title']}",
-                              "expirationTime": "@{formatDateTime(addDays(string(triggerbody()['TimeGenerated']), 90), 'yyyy-MM-ddTHH:mm:ssZ')}",
-                              "indicatorType": "Url",
-                              "indicatorValue": "@{items('For_each')?['Url']}",
+                              "expirationTime": "@{addDays(string(triggerbody()['TimeGenerated']), 90)}",
+                              "indicatorType": "IpAddress",
+                              "indicatorValue": "@{items('For_each')?['Address']}",
                               "severity": "@{body('Alert_-_Get_incident')?['properties']?['severity']}",
                               "title": "@{guid()}"
                             },
@@ -4036,9 +4008,9 @@
                           "type": "Http"
                         }
                       },
-                      "foreach": "@body('Entities_-_Get_URLs')?['URLs']",
+                      "foreach": "@body('Entities_-_Get_IPs')?['IPs']",
                       "runAfter": {
-                        "Entities_-_Get_URLs": [
+                        "Entities_-_Get_IPs": [
                           "Succeeded"
                         ]
                       },
@@ -4089,12 +4061,12 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId11'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId12'),'/'))))]",
               "properties": {
-                "parentId": "[variables('playbookId11')]",
-                "contentId": "[variables('_playbookContentId11')]",
+                "parentId": "[variables('playbookId12')]",
+                "contentId": "[variables('_playbookContentId12')]",
                 "kind": "Playbook",
-                "version": "[variables('playbookVersion11')]",
+                "version": "[variables('playbookVersion12')]",
                 "source": {
                   "kind": "Solution",
                   "name": "MicrosoftDefenderForEndpoint",
@@ -4114,14 +4086,14 @@
             }
           ],
           "metadata": {
-            "title": "Restrict MDE Url - Alert Triggered",
-            "description": "This playbook will take Url entities and generate alert and block threat indicators for each IP in MDE for 90 days.",
+            "title": "Restrict MDE Ip Address - Alert Triggered",
+            "description": "This playbook will take IP entities and generate alert and block threat indicators for each IP in MDE for 90 days.",
             "prerequisites": [
-              "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"
+              "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions and assign Microsoft Sentinel Reader to the resource group for the managed identity. Run the following code replacing the managed identity object id, subscriptionId and resource group. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $SubscriptionId = '<Enter your subsciption id here>' \n\n $ResourceGroup = '<Enter your resource group here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $RoleName = 'Microsoft Sentinel Responder' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n New-AzRoleAssignment -ObjectId $MIGuid -RoleDefinitionName $RoleName -Scope /subscriptions/$SubscriptionId/resourcegroups/$ResourceGroup \n\n ```"
             ],
             "lastUpdateTime": "2022-07-14T00:00:00Z",
             "entities": [
-              "Url"
+              "Ip"
             ],
             "tags": [
               "Remediation"
@@ -4129,7 +4101,7 @@
             "releaseNotes": [
               {
                 "version": "1.0.0",
-                "title": "Restrict MDE Url",
+                "title": "Restrict MDE Ip Address",
                 "notes": [
                   "Initial version"
                 ]
@@ -4142,178 +4114,141 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId11')]",
+        "contentId": "[variables('_playbookContentId12')]",
         "contentKind": "Playbook",
-        "displayName": "Restrict-MDEUrl",
-        "contentProductId": "[variables('_playbookcontentProductId11')]",
-        "id": "[variables('_playbookcontentProductId11')]",
-        "version": "[variables('playbookVersion11')]"
+        "displayName": "Restrict-MDEIpAddress",
+        "contentProductId": "[variables('_playbookcontentProductId12')]",
+        "id": "[variables('_playbookcontentProductId12')]",
+        "version": "[variables('playbookVersion12')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName12')]",
+      "name": "[variables('playbookTemplateSpecName13')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Restrict-MDEUrl Playbook with template version 3.0.0",
+        "description": "Restrict-MDEIP-entityTrigger Playbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion12')]",
+          "contentVersion": "[variables('playbookVersion13')]",
           "parameters": {
             "PlaybookName": {
-              "defaultValue": "Restrict-MDEUrl",
-              "type": "String"
+              "defaultValue": "Restrict-MDEIP-entityTrigger",
+              "type": "string"
             }
           },
           "variables": {
-            "AzureSentinelConnectionName": "[[concat('azuresentinel-', parameters('PlaybookName'))]",
-            "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
-            "_connection-1": "[[variables('connection-1')]",
+            "MicrosoftSentinelConnectionName": "[[concat('MicrosoftSentinel-', parameters('PlaybookName'))]",
+            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
+            "_connection-2": "[[variables('connection-2')]",
             "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
             "workspace-name": "[parameters('workspace')]",
             "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
           },
           "resources": [
             {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('AzureSentinelConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "kind": "V1",
-              "properties": {
-                "displayName": "[[parameters('PlaybookName')]",
-                "parameterValueType": "Alternative",
-                "api": {
-                  "id": "[[variables('_connection-1')]"
-                }
-              }
-            },
-            {
-              "type": "Microsoft.Logic/workflows",
-              "apiVersion": "2017-07-01",
-              "name": "[[parameters('PlaybookName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "tags": {
-                "LogicAppsCategory": "security",
-                "hidden-SentinelTemplateName": "Restrict-MDEUrl",
-                "hidden-SentinelTemplateVersion": "1.0",
-                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
-              },
-              "dependsOn": [
-                "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]"
-              ],
-              "identity": {
-                "type": "SystemAssigned"
-              },
               "properties": {
+                "provisioningState": "Succeeded",
                 "state": "Enabled",
                 "definition": {
                   "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
-                  "actions": {
-                    "Entities_-_Get_URLs": {
+                  "contentVersion": "1.0.0.0",
+                  "parameters": {
+                    "$connections": {
+                      "type": "Object"
+                    }
+                  },
+                  "triggers": {
+                    "Microsoft_Sentinel_entity_(IP)": {
+                      "type": "ApiConnectionWebhook",
                       "inputs": {
-                        "body": "@triggerBody()?['object']?['properties']?['relatedEntities']",
+                        "body": {
+                          "callback_url": "@{listCallbackUrl()}"
+                        },
                         "host": {
                           "connection": {
-                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                            "name": "@parameters('$connections')['azuresentinel_1']['connectionId']"
                           }
                         },
-                        "method": "post",
-                        "path": "/entities/url"
-                      },
-                      "type": "ApiConnection"
-                    },
-                    "For_each": {
+                        "path": "/entity/@{encodeURIComponent('IP')}"
+                      }
+                    }
+                  },
+                  "actions": {
+                    "Condition": {
                       "actions": {
                         "Add_comment_to_incident_(V3)": {
+                          "type": "ApiConnection",
                           "inputs": {
                             "body": {
-                              "incidentArmId": "@triggerBody()?['object']?['id']",
-                              "message": "<p>@{items('For_each')?['Url']} was added to MDE Indicators with action: AlertandBlock via playbook.</p>"
+                              "incidentArmId": "@triggerBody()?['IncidentArmID']",
+                              "message": "<p>An AlertAndBlock request has been sent to the security centre API for the IP address@{triggerBody()?['Entity']?['properties']?['Address']} . Note that the expiration time for this request is 90 days.<br>\nHTTP Response of AlertAndBlock request: @{outputs('HTTP_-_Alert_And_Block_IP')['statusCode']}</p>"
                             },
                             "host": {
                               "connection": {
-                                "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                                "name": "@parameters('$connections')['azuresentinel_1']['connectionId']"
                               }
                             },
                             "method": "post",
                             "path": "/Incidents/Comment"
-                          },
-                          "runAfter": {
-                            "HTTP": [
-                              "Succeeded"
-                            ]
-                          },
-                          "type": "ApiConnection"
-                        },
-                        "HTTP": {
-                          "inputs": {
-                            "authentication": {
-                              "audience": "https://api.securitycenter.windows.com",
-                              "type": "ManagedServiceIdentity"
-                            },
-                            "body": {
-                              "action": "AlertAndBlock",
-                              "application": "Microsoft Sentinel",
-                              "description": "@{triggerBody()?['object']?['properties']?['incidentNumber']}-@{triggerBody()?['object']?['properties']?['title']}",
-                              "expirationTime": "@{formatDateTime(addDays(triggerBody()?['object']?['properties']?['createdTimeUtc'], 90), 'yyyy-MM-ddTHH:mm:ssZ')}",
-                              "indicatorType": "Url",
-                              "indicatorValue": "@{items('For_each')?['Url']}",
-                              "severity": "@{triggerBody()?['object']?['properties']?['severity']}",
-                              "title": "@{guid()}"
-                            },
-                            "headers": {
-                              "Content-type": "application/json"
-                            },
-                            "method": "POST",
-                            "uri": "https://api.securitycenter.windows.com/api/indicators"
-                          },
-                          "type": "Http"
+                          }
                         }
                       },
-                      "foreach": "@body('Entities_-_Get_URLs')?['URLs']",
                       "runAfter": {
-                        "Entities_-_Get_URLs": [
+                        "HTTP_-_Alert_And_Block_IP": [
                           "Succeeded"
                         ]
                       },
-                      "type": "Foreach"
-                    }
-                  },
-                  "contentVersion": "1.0.0.0",
-                  "parameters": {
-                    "$connections": {
-                      "type": "Object"
-                    }
-                  },
-                  "triggers": {
-                    "Microsoft_Sentinel_incident": {
+                      "expression": {
+                        "and": [
+                          {
+                            "not": {
+                              "equals": [
+                                "@triggerBody()?['IncidentArmID']",
+                                "@null"
+                              ]
+                            }
+                          }
+                        ]
+                      },
+                      "type": "If"
+                    },
+                    "HTTP_-_Alert_And_Block_IP": {
+                      "type": "Http",
                       "inputs": {
+                        "authentication": {
+                          "audience": "https://api.securitycenter.windows.com",
+                          "type": "ManagedServiceIdentity"
+                        },
                         "body": {
-                          "callback_url": "@{listCallbackUrl()}"
+                          "action": "AlertAndBlock",
+                          "application": "Microsoft Sentinel",
+                          "description": "IP blocked by Restrict-MDEIP-entityTrigger Logic app from an entity in Sentinel Incident (ARM ID): @{triggerBody()?['IncidentArmID']}. Properties: @{triggerBody()?['Entity']?['properties']}",
+                          "expirationTime": "@{addDays(utcNow(), 90)}",
+                          "indicatorType": "IpAddress",
+                          "indicatorValue": "@{triggerBody()?['Entity']?['properties']?['Address']}",
+                          "title": "@{guid()}"
                         },
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                          }
+                        "headers": {
+                          "Content-type": "application/json"
                         },
-                        "path": "/incident-creation"
-                      },
-                      "type": "ApiConnectionWebhook"
+                        "method": "POST",
+                        "uri": "https://api.securitycenter.windows.com/api/indicators"
+                      }
                     }
                   }
                 },
                 "parameters": {
                   "$connections": {
                     "value": {
-                      "azuresentinel": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]",
-                        "connectionName": "[[variables('AzureSentinelConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
+                      "azuresentinel_1": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
+                        "connectionName": "[[variables('MicrosoftSentinelConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
                         "connectionProperties": {
                           "authentication": {
                             "type": "ManagedServiceIdentity"
@@ -4323,17 +4258,46 @@
                     }
                   }
                 }
+              },
+              "name": "[[parameters('PlaybookName')]",
+              "type": "Microsoft.Logic/workflows",
+              "location": "[[variables('workspace-location-inline')]",
+              "tags": {
+                "hidden-SentinelTemplateName": "Restrict-MDEIP-entityTrigger",
+                "hidden-SentinelTemplateVersion": "1.0",
+                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
+              },
+              "identity": {
+                "type": "SystemAssigned"
+              },
+              "apiVersion": "2017-07-01",
+              "dependsOn": [
+                "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]"
+              ]
+            },
+            {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('MicrosoftSentinelConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
+              "properties": {
+                "displayName": "[[variables('MicrosoftSentinelConnectionName')]",
+                "parameterValueType": "Alternative",
+                "api": {
+                  "id": "[[variables('_connection-2')]"
+                }
               }
             },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId12'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId13'),'/'))))]",
               "properties": {
-                "parentId": "[variables('playbookId12')]",
-                "contentId": "[variables('_playbookContentId12')]",
+                "parentId": "[variables('playbookId13')]",
+                "contentId": "[variables('_playbookContentId13')]",
                 "kind": "Playbook",
-                "version": "[variables('playbookVersion12')]",
+                "version": "[variables('playbookVersion13')]",
                 "source": {
                   "kind": "Solution",
                   "name": "MicrosoftDefenderForEndpoint",
@@ -4353,27 +4317,24 @@
             }
           ],
           "metadata": {
-            "title": "Restrict MDE Url - Incident Triggered",
-            "description": "This playbook will take Url entities and generate alert and block threat indicators for each IP in MDE for 90 days.",
-            "prerequisites": [
-              "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"
-            ],
-            "lastUpdateTime": "2022-07-14T00:00:00Z",
+            "title": "Restrict MDE Ip Address - Entity Triggered",
+            "description": "This playbook will and generate alert and block threat indicators for the IP entity in MDE for 90 days.",
+            "prerequisites": "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions and assign Microsoft Sentinel Reader to the resource group for the managed identity. Run the following code replacing the managed identity object id, subscriptionId and resource group. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $SubscriptionId = '<Enter your subsciption id here>' \n\n $ResourceGroup = '<Enter your resource group here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $RoleName = 'Microsoft Sentinel Responder' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n New-AzRoleAssignment -ObjectId $MIGuid -RoleDefinitionName $RoleName -Scope /subscriptions/$SubscriptionId/resourcegroups/$ResourceGroup \n\n ```",
+            "postDeployment": [],
+            "lastUpdateTime": "2023-02-26T00:00:00Z",
             "entities": [
-              "Url"
+              "Ip"
             ],
             "tags": [
               "Remediation"
             ],
-            "releaseNotes": [
-              {
-                "version": "1.0.0",
-                "title": "Restrict MDE Url",
-                "notes": [
-                  "Initial version"
-                ]
-              }
-            ]
+            "releaseNotes": {
+              "version": "1.0",
+              "title": "[variables('blanks')]",
+              "notes": [
+                "Initial version"
+              ]
+            }
           }
         },
         "packageKind": "Solution",
@@ -4381,52 +4342,37 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId12')]",
+        "contentId": "[variables('_playbookContentId13')]",
         "contentKind": "Playbook",
-        "displayName": "Restrict-MDEUrl",
-        "contentProductId": "[variables('_playbookcontentProductId12')]",
-        "id": "[variables('_playbookcontentProductId12')]",
-        "version": "[variables('playbookVersion12')]"
+        "displayName": "Restrict-MDEIP-entityTrigger",
+        "contentProductId": "[variables('_playbookcontentProductId13')]",
+        "id": "[variables('_playbookcontentProductId13')]",
+        "version": "[variables('playbookVersion13')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName13')]",
+      "name": "[variables('playbookTemplateSpecName14')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Run-MDEAntivirus Playbook with template version 3.0.0",
+        "description": "Restrict-MDEIpAddress Playbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion13')]",
+          "contentVersion": "[variables('playbookVersion14')]",
           "parameters": {
             "PlaybookName": {
-              "defaultValue": "Run-MDEAntivirus",
-              "type": "string"
-            },
-            "SentinelResourceGroupName": {
-              "defaultValue": "",
-              "type": "string"
-            },
-            "SentinelSubscriptionId": {
-              "defaultValue": "",
-              "type": "string"
+              "defaultValue": "Restrict-MDEIpAddress",
+              "type": "String"
             }
           },
           "variables": {
             "AzureSentinelConnectionName": "[[concat('azuresentinel-', parameters('PlaybookName'))]",
-            "MDATPConnectionName": "[[concat('wdatp-', parameters('PlaybookName'))]",
-            "roleAssignmentName": "[[guid(subscription().subscriptionId, resourceGroup().id)]",
-            "ASSubscriptionId": "[[if(empty(parameters('SentinelSubscriptionId')), subscription().subscriptionId, parameters('SentinelSubscriptionId'))]",
-            "roleDefinitionId": "[[concat('/subscriptions/', variables('ASSubscriptionId'),'/providers/Microsoft.Authorization/roleDefinitions/ab8e14d6-4a74-4a29-9ba8-549422addade')]",
-            "_roleDefinitionId": "[[variables('roleDefinitionId')]",
             "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
             "_connection-1": "[[variables('connection-1')]",
-            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/wdatp')]",
-            "_connection-2": "[[variables('connection-2')]",
             "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
             "workspace-name": "[parameters('workspace')]",
             "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
@@ -4446,20 +4392,6 @@
                 }
               }
             },
-            {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('MDATPConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "kind": "V1",
-              "properties": {
-                "displayName": "[[parameters('PlaybookName')]",
-                "parameterValueType": "Alternative",
-                "api": {
-                  "id": "[[variables('_connection-2')]"
-                }
-              }
-            },
             {
               "type": "Microsoft.Logic/workflows",
               "apiVersion": "2017-07-01",
@@ -4467,224 +4399,89 @@
               "location": "[[variables('workspace-location-inline')]",
               "tags": {
                 "LogicAppsCategory": "security",
-                "hidden-SentinelTemplateName": "Run-MDEAntivirus_alert",
+                "hidden-SentinelTemplateName": "Restrict-MDEIPAddress",
                 "hidden-SentinelTemplateVersion": "1.0",
                 "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
               },
+              "dependsOn": [
+                "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]"
+              ],
               "identity": {
                 "type": "SystemAssigned"
               },
-              "dependsOn": [
-                "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]",
-                "[[resourceId('Microsoft.Web/connections', variables('MDATPConnectionName'))]"
-              ],
               "properties": {
                 "state": "Enabled",
                 "definition": {
                   "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
                   "actions": {
-                    "Alert_-_Get_incident": {
-                      "inputs": {
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                          }
-                        },
-                        "method": "get",
-                        "path": "/Incidents/subscriptions/@{encodeURIComponent(triggerBody()?['WorkspaceSubscriptionId'])}/resourceGroups/@{encodeURIComponent(triggerBody()?['WorkspaceResourceGroup'])}/workspaces/@{encodeURIComponent(triggerBody()?['WorkspaceId'])}/alerts/@{encodeURIComponent(triggerBody()?['SystemAlertId'])}"
-                      },
-                      "runAfter": {
-                        "Initialize_variable": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "ApiConnection"
-                    },
-                    "Entities_-_Get_Hosts": {
+                    "Entities_-_Get_IPs": {
                       "inputs": {
-                        "body": "@triggerBody()?['Entities']",
+                        "body": "@triggerBody()?['object']?['properties']?['relatedEntities']",
                         "host": {
                           "connection": {
                             "name": "@parameters('$connections')['azuresentinel']['connectionId']"
                           }
                         },
                         "method": "post",
-                        "path": "/entities/host"
-                      },
-                      "runAfter": {
-                        "Alert_-_Get_incident": [
-                          "Succeeded"
-                        ]
+                        "path": "/entities/ip"
                       },
                       "type": "ApiConnection"
                     },
                     "For_each": {
                       "actions": {
-                        "Condition": {
-                          "actions": {
-                            "Machines_-_Get_single_machine": {
-                              "inputs": {
-                                "host": {
-                                  "connection": {
-                                    "name": "@parameters('$connections')['wdatp']['connectionId']"
-                                  }
-                                },
-                                "method": "get",
-                                "path": "/api/machines/@{encodeURIComponent(items('For_each')?['HostName'])}"
-                              },
-                              "type": "ApiConnection"
+                        "Add_comment_to_incident_(V3)": {
+                          "inputs": {
+                            "body": {
+                              "incidentArmId": "@triggerBody()?['object']?['id']",
+                              "message": "<p>@{items('For_each')?['Address']} was added to MDE Indicators with action: AlertandBlock via playbook.</p>"
                             },
-                            "Set_variable": {
-                              "inputs": {
-                                "name": "MDEDeviceId",
-                                "value": "@body('Machines_-_Get_single_machine')?['id']"
-                              },
-                              "runAfter": {
-                                "Machines_-_Get_single_machine": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "type": "SetVariable"
-                            }
+                            "host": {
+                              "connection": {
+                                "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                              }
+                            },
+                            "method": "post",
+                            "path": "/Incidents/Comment"
                           },
-                          "else": {
-                            "actions": {
-                              "Machines_-_Get_single_machine_2": {
-                                "inputs": {
-                                  "host": {
-                                    "connection": {
-                                      "name": "@parameters('$connections')['wdatp']['connectionId']"
-                                    }
-                                  },
-                                  "method": "get",
-                                  "path": "/api/machines/@{encodeURIComponent(items('For_each')?['MdatpDeviceId'])}"
-                                },
-                                "type": "ApiConnection"
-                              },
-                              "Set_variable_2": {
-                                "inputs": {
-                                  "name": "MDEDeviceId",
-                                  "value": "@body('Machines_-_Get_single_machine_2')?['id']"
-                                },
-                                "runAfter": {
-                                  "Machines_-_Get_single_machine_2": [
-                                    "Succeeded"
-                                  ]
-                                },
-                                "type": "SetVariable"
-                              }
-                            }
-                          },
-                          "expression": {
-                            "and": [
-                              {
-                                "equals": [
-                                  "@items('For_each')?['MdatpDeviceId']",
-                                  "@null"
-                                ]
-                              }
+                          "runAfter": {
+                            "HTTP": [
+                              "Succeeded"
                             ]
                           },
-                          "type": "If"
+                          "type": "ApiConnection"
                         },
-                        "Condition_2": {
-                          "actions": {
-                            "Actions_-_Run_antivirus_scan": {
-                              "inputs": {
-                                "body": {
-                                  "Comment": "AV Scan run from playbook for Microsoft Sentinel Incident: @{body('Alert_-_Get_incident')?['properties']?['incidentNumber']} -  @{body('Alert_-_Get_incident')?['properties']?['title']}",
-                                  "ScanType": "Full"
-                                },
-                                "host": {
-                                  "connection": {
-                                    "name": "@parameters('$connections')['wdatp']['connectionId']"
-                                  }
-                                },
-                                "method": "post",
-                                "path": "/api/machines/@{encodeURIComponent(variables('MDEDeviceId'))}/runAntiVirusScan"
-                              },
-                              "type": "ApiConnection"
+                        "HTTP": {
+                          "inputs": {
+                            "authentication": {
+                              "audience": "https://api.securitycenter.windows.com",
+                              "type": "ManagedServiceIdentity"
                             },
-                            "Add_comment_to_incident_(V3)": {
-                              "inputs": {
-                                "body": {
-                                  "incidentArmId": "@body('Alert_-_Get_incident')?['id']",
-                                  "message": "<p>@{items('For_each')?['HostName']} (MDE Device ID: @{body('Machines_-_Get_single_machine')?['id']}) had a full AV scan triggered and the status was @{body('Actions_-_Run_antivirus_scan')?['status']}</p>"
-                                },
-                                "host": {
-                                  "connection": {
-                                    "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                                  }
-                                },
-                                "method": "post",
-                                "path": "/Incidents/Comment"
-                              },
-                              "runAfter": {
-                                "Actions_-_Run_antivirus_scan": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "type": "ApiConnection"
-                            }
-                          },
-                          "else": {
-                            "actions": {
-                              "Add_comment_to_incident_(V3)_2": {
-                                "inputs": {
-                                  "body": {
-                                    "incidentArmId": "@body('Alert_-_Get_incident')?['id']",
-                                    "message": "<p>@{items('For_each')?['HostName']} could not be found in MDE, so no AV scan was run.</p>"
-                                  },
-                                  "host": {
-                                    "connection": {
-                                      "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                                    }
-                                  },
-                                  "method": "post",
-                                  "path": "/Incidents/Comment"
-                                },
-                                "type": "ApiConnection"
-                              }
-                            }
-                          },
-                          "expression": {
-                            "and": [
-                              {
-                                "not": {
-                                  "equals": [
-                                    "@variables('MDEDeviceId')",
-                                    "@null"
-                                  ]
-                                }
-                              }
-                            ]
-                          },
-                          "runAfter": {
-                            "Condition": [
-                              "Succeeded"
-                            ]
+                            "body": {
+                              "action": "AlertAndBlock",
+                              "application": "Microsoft Sentinel",
+                              "description": "@{triggerBody()?['object']?['properties']?['incidentNumber']}-@{triggerBody()?['object']?['properties']?['title']}",
+                              "expirationTime": "@{addDays(string(triggerbody()['object']?['properties']?['createdTimeUtc']), 90)}",
+                              "indicatorType": "IpAddress",
+                              "indicatorValue": "@{items('For_each')?['Address']}",
+                              "severity": "@{triggerBody()?['object']?['properties']?['severity']}",
+                              "title": "@{guid()}"
+                            },
+                            "headers": {
+                              "Content-type": "application/json"
+                            },
+                            "method": "POST",
+                            "uri": "https://api.securitycenter.windows.com/api/indicators"
                           },
-                          "type": "If"
+                          "type": "Http"
                         }
                       },
-                      "foreach": "@body('Entities_-_Get_Hosts')?['Hosts']",
+                      "foreach": "@body('Entities_-_Get_IPs')?['IPs']",
                       "runAfter": {
-                        "Entities_-_Get_Hosts": [
+                        "Entities_-_Get_IPs": [
                           "Succeeded"
                         ]
                       },
                       "type": "Foreach"
-                    },
-                    "Initialize_variable": {
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "MDEDeviceId",
-                            "type": "string"
-                          }
-                        ]
-                      },
-                      "type": "InitializeVariable"
                     }
                   },
                   "contentVersion": "1.0.0.0",
@@ -4694,7 +4491,7 @@
                     }
                   },
                   "triggers": {
-                    "Microsoft_Sentinel_alert": {
+                    "Microsoft_Sentinel_incident": {
                       "inputs": {
                         "body": {
                           "callback_url": "@{listCallbackUrl()}"
@@ -4704,7 +4501,7 @@
                             "name": "@parameters('$connections')['azuresentinel']['connectionId']"
                           }
                         },
-                        "path": "/subscribe"
+                        "path": "/incident-creation"
                       },
                       "type": "ApiConnectionWebhook"
                     }
@@ -4722,43 +4519,21 @@
                             "type": "ManagedServiceIdentity"
                           }
                         }
-                      },
-                      "wdatp": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('MDATPConnectionName'))]",
-                        "connectionName": "[[variables('MDATPConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/wdatp')]",
-                        "connectionProperties": {
-                          "authentication": {
-                            "type": "ManagedServiceIdentity"
-                          }
-                        }
                       }
                     }
                   }
                 }
               }
             },
-            {
-              "type": "Microsoft.Authorization/roleAssignments",
-              "apiVersion": "2022-04-01",
-              "name": "[[variables('roleAssignmentName')]",
-              "dependsOn": [
-                "[[resourceId('Microsoft.Logic/workflows', parameters('PlaybookName'))]"
-              ],
-              "properties": {
-                "roleDefinitionId": "[[variables('_roleDefinitionId')]",
-                "principalId": "[[reference(resourceId('Microsoft.Logic/workflows', parameters('PlaybookName')), '2019-05-01', 'full').identity.principalId]"
-              }
-            },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId13'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId14'),'/'))))]",
               "properties": {
-                "parentId": "[variables('playbookId13')]",
-                "contentId": "[variables('_playbookContentId13')]",
+                "parentId": "[variables('playbookId14')]",
+                "contentId": "[variables('_playbookContentId14')]",
                 "kind": "Playbook",
-                "version": "[variables('playbookVersion13')]",
+                "version": "[variables('playbookVersion14')]",
                 "source": {
                   "kind": "Solution",
                   "name": "MicrosoftDefenderForEndpoint",
@@ -4778,14 +4553,14 @@
             }
           ],
           "metadata": {
-            "title": "Run MDE Antivirus - Alert Triggered",
-            "description": "This playbook will run a antivirus (full) scan on the machine in Microsoft Defender for Endpoint.",
+            "title": "Restrict MDE Ip Address - Incident Triggered",
+            "description": "This playbook will take IP entities and generate alert and block threat indicators for each IP in MDE for 90 days.",
             "prerequisites": [
-              "- You will need to grant Machine.Scan, Machine.Read.All, and Machine.ReadWrite.All permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Machine.Scan' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id $PermissionName = 'Machine.Read.All' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id $PermissionName = 'Machine.ReadWrite.All' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"
+              "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions and assign Microsoft Sentinel Reader to the resource group for the managed identity. Run the following code replacing the managed identity object id, subscriptionId and resource group. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $SubscriptionId = '<Enter your subsciption id here>' \n\n $ResourceGroup = '<Enter your resource group here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $RoleName = 'Microsoft Sentinel Responder' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n New-AzRoleAssignment -ObjectId $MIGuid -RoleDefinitionName $RoleName -Scope /subscriptions/$SubscriptionId/resourcegroups/$ResourceGroup \n\n ```"
             ],
-            "lastUpdateTime": "2022-02-14T00:00:00Z",
+            "lastUpdateTime": "2022-07-14T00:00:00Z",
             "entities": [
-              "Host"
+              "Ip"
             ],
             "tags": [
               "Remediation"
@@ -4793,7 +4568,7 @@
             "releaseNotes": [
               {
                 "version": "1.0.0",
-                "title": "Run MDE Antivirus",
+                "title": "Restrict MDE Ip Address",
                 "notes": [
                   "Initial version"
                 ]
@@ -4806,40 +4581,37 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId13')]",
+        "contentId": "[variables('_playbookContentId14')]",
         "contentKind": "Playbook",
-        "displayName": "Run-MDEAntivirus",
-        "contentProductId": "[variables('_playbookcontentProductId13')]",
-        "id": "[variables('_playbookcontentProductId13')]",
-        "version": "[variables('playbookVersion13')]"
+        "displayName": "Restrict-MDEIpAddress",
+        "contentProductId": "[variables('_playbookcontentProductId14')]",
+        "id": "[variables('_playbookcontentProductId14')]",
+        "version": "[variables('playbookVersion14')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName14')]",
+      "name": "[variables('playbookTemplateSpecName15')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Run-MDEAntivirus Playbook with template version 3.0.0",
+        "description": "Restrict-MDEUrl Playbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion14')]",
+          "contentVersion": "[variables('playbookVersion15')]",
           "parameters": {
             "PlaybookName": {
-              "defaultValue": "Run-MDEAntivirus",
-              "type": "string"
+              "defaultValue": "Restrict-MDEUrl",
+              "type": "String"
             }
           },
           "variables": {
             "AzureSentinelConnectionName": "[[concat('azuresentinel-', parameters('PlaybookName'))]",
-            "MDATPConnectionName": "[[concat('wdatp-', parameters('PlaybookName'))]",
             "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
             "_connection-1": "[[variables('connection-1')]",
-            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/wdatp')]",
-            "_connection-2": "[[variables('connection-2')]",
             "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
             "workspace-name": "[parameters('workspace')]",
             "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
@@ -4859,20 +4631,6 @@
                 }
               }
             },
-            {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('MDATPConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "kind": "V1",
-              "properties": {
-                "displayName": "[[parameters('PlaybookName')]",
-                "parameterValueType": "Alternative",
-                "api": {
-                  "id": "[[variables('_connection-2')]"
-                }
-              }
-            },
             {
               "type": "Microsoft.Logic/workflows",
               "apiVersion": "2017-07-01",
@@ -4880,207 +4638,106 @@
               "location": "[[variables('workspace-location-inline')]",
               "tags": {
                 "LogicAppsCategory": "security",
-                "hidden-SentinelTemplateName": "Run-MDEAntivirus",
-                "hidden-SentinelTemplateVersion": "1.1",
+                "hidden-SentinelTemplateName": "Restrict-MDEUrl_alert",
+                "hidden-SentinelTemplateVersion": "1.0",
                 "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
               },
+              "dependsOn": [
+                "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]"
+              ],
               "identity": {
                 "type": "SystemAssigned"
               },
-              "dependsOn": [
-                "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]",
-                "[[resourceId('Microsoft.Web/connections', variables('MDATPConnectionName'))]"
-              ],
               "properties": {
                 "state": "Enabled",
                 "definition": {
                   "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
                   "actions": {
-                    "Entities_-_Get_Hosts": {
+                    "Alert_-_Get_incident": {
                       "inputs": {
-                        "body": "@triggerBody()?['object']?['properties']?['relatedEntities']",
                         "host": {
                           "connection": {
                             "name": "@parameters('$connections')['azuresentinel']['connectionId']"
                           }
                         },
-                        "method": "post",
-                        "path": "/entities/host"
-                      },
-                      "runAfter": {
-                        "Initialize_variable": [
-                          "Succeeded"
-                        ]
+                        "method": "get",
+                        "path": "/Incidents/subscriptions/@{encodeURIComponent(triggerBody()?['WorkspaceSubscriptionId'])}/resourceGroups/@{encodeURIComponent(triggerBody()?['WorkspaceResourceGroup'])}/workspaces/@{encodeURIComponent(triggerBody()?['WorkspaceId'])}/alerts/@{encodeURIComponent(triggerBody()?['SystemAlertId'])}"
+                      },
+                      "type": "ApiConnection"
+                    },
+                    "Entities_-_Get_URLs": {
+                      "inputs": {
+                        "body": "@triggerBody()?['Entities']",
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                          }
+                        },
+                        "method": "post",
+                        "path": "/entities/url"
+                      },
+                      "runAfter": {
+                        "Alert_-_Get_incident": [
+                          "Succeeded"
+                        ]
                       },
                       "type": "ApiConnection"
                     },
                     "For_each": {
                       "actions": {
-                        "Condition": {
-                          "actions": {
-                            "Machines_-_Get_single_machine": {
-                              "inputs": {
-                                "host": {
-                                  "connection": {
-                                    "name": "@parameters('$connections')['wdatp']['connectionId']"
-                                  }
-                                },
-                                "method": "get",
-                                "path": "/api/machines/@{encodeURIComponent(items('For_each')?['HostName'])}"
-                              },
-                              "type": "ApiConnection"
+                        "Add_comment_to_incident_(V3)": {
+                          "inputs": {
+                            "body": {
+                              "incidentArmId": "@body('Alert_-_Get_incident')?['id']",
+                              "message": "<p>@{items('For_each')?['Url']} was added to MDE Indicators with action: AlertandBlock via playbook.</p>"
                             },
-                            "Set_variable": {
-                              "inputs": {
-                                "name": "MDEDeviceId",
-                                "value": "@body('Machines_-_Get_single_machine')?['id']"
-                              },
-                              "runAfter": {
-                                "Machines_-_Get_single_machine": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "type": "SetVariable"
-                            }
-                          },
-                          "else": {
-                            "actions": {
-                              "Machines_-_Get_single_machine_2": {
-                                "inputs": {
-                                  "host": {
-                                    "connection": {
-                                      "name": "@parameters('$connections')['wdatp']['connectionId']"
-                                    }
-                                  },
-                                  "method": "get",
-                                  "path": "/api/machines/@{encodeURIComponent(items('For_each')?['MdatpDeviceId'])}"
-                                },
-                                "type": "ApiConnection"
-                              },
-                              "Set_variable_2": {
-                                "inputs": {
-                                  "name": "MDEDeviceId",
-                                  "value": "@body('Machines_-_Get_single_machine_2')?['id']"
-                                },
-                                "runAfter": {
-                                  "Machines_-_Get_single_machine_2": [
-                                    "Succeeded"
-                                  ]
-                                },
-                                "type": "SetVariable"
-                              }
-                            }
-                          },
-                          "expression": {
-                            "and": [
-                              {
-                                "equals": [
-                                  "@items('For_each')?['MdatpDeviceId']",
-                                  "@null"
-                                ]
+                            "host": {
+                              "connection": {
+                                "name": "@parameters('$connections')['azuresentinel']['connectionId']"
                               }
-                            ]
-                          },
-                          "type": "If"
-                        },
-                        "Condition_2": {
-                          "actions": {
-                            "Actions_-_Run_antivirus_scan": {
-                              "inputs": {
-                                "body": {
-                                  "Comment": "AV Scan run from playbook for Microsoft Sentinel Incident:  @{triggerBody()?['object']?['properties']?['incidentNumber']}- @{triggerBody()?['object']?['properties']?['title']}",
-                                  "ScanType": "Full"
-                                },
-                                "host": {
-                                  "connection": {
-                                    "name": "@parameters('$connections')['wdatp']['connectionId']"
-                                  }
-                                },
-                                "method": "post",
-                                "path": "/api/machines/@{encodeURIComponent(variables('MDEDeviceId'))}/runAntiVirusScan"
-                              },
-                              "type": "ApiConnection"
                             },
-                            "Add_comment_to_incident_(V3)": {
-                              "inputs": {
-                                "body": {
-                                  "incidentArmId": "@triggerBody()?['object']?['id']",
-                                  "message": "<p>@{items('For_each')?['HostName']} (MDE Device ID: @{body('Machines_-_Get_single_machine')?['id']}) had a full AV scan triggered and the status was @{body('Actions_-_Run_antivirus_scan')?['status']}</p>"
-                                },
-                                "host": {
-                                  "connection": {
-                                    "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                                  }
-                                },
-                                "method": "post",
-                                "path": "/Incidents/Comment"
-                              },
-                              "runAfter": {
-                                "Actions_-_Run_antivirus_scan": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "type": "ApiConnection"
-                            }
-                          },
-                          "else": {
-                            "actions": {
-                              "Add_comment_to_incident_(V3)_2": {
-                                "inputs": {
-                                  "body": {
-                                    "incidentArmId": "@triggerBody()?['object']?['id']",
-                                    "message": "<p>@{items('For_each')?['HostName']} could not be found in MDE, so no AV scan was run.</p>"
-                                  },
-                                  "host": {
-                                    "connection": {
-                                      "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                                    }
-                                  },
-                                  "method": "post",
-                                  "path": "/Incidents/Comment"
-                                },
-                                "type": "ApiConnection"
-                              }
-                            }
-                          },
-                          "expression": {
-                            "and": [
-                              {
-                                "not": {
-                                  "equals": [
-                                    "@variables('MDEDeviceId')",
-                                    "@null"
-                                  ]
-                                }
-                              }
-                            ]
+                            "method": "post",
+                            "path": "/Incidents/Comment"
                           },
                           "runAfter": {
-                            "Condition": [
+                            "HTTP": [
                               "Succeeded"
                             ]
                           },
-                          "type": "If"
+                          "type": "ApiConnection"
+                        },
+                        "HTTP": {
+                          "inputs": {
+                            "authentication": {
+                              "audience": "https://api.securitycenter.windows.com",
+                              "type": "ManagedServiceIdentity"
+                            },
+                            "body": {
+                              "action": "AlertAndBlock",
+                              "application": "Microsoft Sentinel",
+                              "description": "@{body('Alert_-_Get_incident')?['properties']?['incidentNumber']}-@{body('Alert_-_Get_incident')?['properties']?['title']}",
+                              "expirationTime": "@{formatDateTime(addDays(string(triggerbody()['TimeGenerated']), 90), 'yyyy-MM-ddTHH:mm:ssZ')}",
+                              "indicatorType": "Url",
+                              "indicatorValue": "@{items('For_each')?['Url']}",
+                              "severity": "@{body('Alert_-_Get_incident')?['properties']?['severity']}",
+                              "title": "@{guid()}"
+                            },
+                            "headers": {
+                              "Content-type": "application/json"
+                            },
+                            "method": "POST",
+                            "uri": "https://api.securitycenter.windows.com/api/indicators"
+                          },
+                          "type": "Http"
                         }
                       },
-                      "foreach": "@body('Entities_-_Get_Hosts')?['Hosts']",
+                      "foreach": "@body('Entities_-_Get_URLs')?['URLs']",
                       "runAfter": {
-                        "Entities_-_Get_Hosts": [
+                        "Entities_-_Get_URLs": [
                           "Succeeded"
                         ]
                       },
                       "type": "Foreach"
-                    },
-                    "Initialize_variable": {
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "MDEDeviceId",
-                            "type": "string"
-                          }
-                        ]
-                      },
-                      "type": "InitializeVariable"
                     }
                   },
                   "contentVersion": "1.0.0.0",
@@ -5090,7 +4747,7 @@
                     }
                   },
                   "triggers": {
-                    "Microsoft_Sentinel_incident": {
+                    "Microsoft_Sentinel_alert": {
                       "inputs": {
                         "body": {
                           "callback_url": "@{listCallbackUrl()}"
@@ -5100,7 +4757,7 @@
                             "name": "@parameters('$connections')['azuresentinel']['connectionId']"
                           }
                         },
-                        "path": "/incident-creation"
+                        "path": "/subscribe"
                       },
                       "type": "ApiConnectionWebhook"
                     }
@@ -5118,16 +4775,6 @@
                             "type": "ManagedServiceIdentity"
                           }
                         }
-                      },
-                      "wdatp": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('MDATPConnectionName'))]",
-                        "connectionName": "[[variables('MDATPConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/wdatp')]",
-                        "connectionProperties": {
-                          "authentication": {
-                            "type": "ManagedServiceIdentity"
-                          }
-                        }
                       }
                     }
                   }
@@ -5137,12 +4784,12 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId14'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId15'),'/'))))]",
               "properties": {
-                "parentId": "[variables('playbookId14')]",
-                "contentId": "[variables('_playbookContentId14')]",
+                "parentId": "[variables('playbookId15')]",
+                "contentId": "[variables('_playbookContentId15')]",
                 "kind": "Playbook",
-                "version": "[variables('playbookVersion14')]",
+                "version": "[variables('playbookVersion15')]",
                 "source": {
                   "kind": "Solution",
                   "name": "MicrosoftDefenderForEndpoint",
@@ -5162,14 +4809,14 @@
             }
           ],
           "metadata": {
-            "title": "Run MDE Antivirus - Incident Triggered",
-            "description": "This playbook will run a antivirus (full) scan on the machine in Microsoft Defender for Endpoint.",
+            "title": "Restrict MDE Url - Alert Triggered",
+            "description": "This playbook will take Url entities and generate alert and block threat indicators for each IP in MDE for 90 days.",
             "prerequisites": [
-              "- You will need to grant Machine.Scan, Machine.Read.All, and Machine.ReadWrite.All permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Machine.Scan' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id $PermissionName = 'Machine.Read.All' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id $PermissionName = 'Machine.ReadWrite.All' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"
+              "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"
             ],
             "lastUpdateTime": "2022-07-14T00:00:00Z",
             "entities": [
-              "Host"
+              "Url"
             ],
             "tags": [
               "Remediation"
@@ -5177,7 +4824,7 @@
             "releaseNotes": [
               {
                 "version": "1.0.0",
-                "title": "Run MDE Antivirus",
+                "title": "Restrict MDE Url",
                 "notes": [
                   "Initial version"
                 ]
@@ -5190,70 +4837,281 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId14')]",
+        "contentId": "[variables('_playbookContentId15')]",
         "contentKind": "Playbook",
-        "displayName": "Run-MDEAntivirus",
-        "contentProductId": "[variables('_playbookcontentProductId14')]",
-        "id": "[variables('_playbookcontentProductId14')]",
-        "version": "[variables('playbookVersion14')]"
+        "displayName": "Restrict-MDEUrl",
+        "contentProductId": "[variables('_playbookcontentProductId15')]",
+        "id": "[variables('_playbookcontentProductId15')]",
+        "version": "[variables('playbookVersion15')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName15')]",
+      "name": "[variables('playbookTemplateSpecName16')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Unisolate-MDEMachine Playbook with template version 3.0.0",
+        "description": "Restrict-MDEUrl-entityTrigger Playbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion15')]",
+          "contentVersion": "[variables('playbookVersion16')]",
           "parameters": {
             "PlaybookName": {
-              "defaultValue": "Unisolate-MDEMachine",
+              "defaultValue": "Restrict-MDEUrl-entityTrigger",
               "type": "string"
             }
           },
           "variables": {
-            "AzureSentinelConnectionName": "[[concat('azuresentinel-', parameters('PlaybookName'))]",
-            "MDATPConnectionName": "[[concat('wdatp-', parameters('PlaybookName'))]",
-            "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
-            "_connection-1": "[[variables('connection-1')]",
-            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/wdatp')]",
+            "MicrosoftSentinelConnectionName": "[[concat('MicrosoftSentinel-', parameters('PlaybookName'))]",
+            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
             "_connection-2": "[[variables('connection-2')]",
             "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
             "workspace-name": "[parameters('workspace')]",
             "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
           },
           "resources": [
+            {
+              "properties": {
+                "provisioningState": "Succeeded",
+                "state": "Enabled",
+                "definition": {
+                  "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
+                  "contentVersion": "1.0.0.0",
+                  "parameters": {
+                    "$connections": {
+                      "type": "Object"
+                    }
+                  },
+                  "triggers": {
+                    "Microsoft_Sentinel_entity_(URL)": {
+                      "type": "ApiConnectionWebhook",
+                      "inputs": {
+                        "body": {
+                          "callback_url": "@{listCallbackUrl()}"
+                        },
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['azuresentinel_1']['connectionId']"
+                          }
+                        },
+                        "path": "/entity/@{encodeURIComponent('UrlEntity')}"
+                      }
+                    }
+                  },
+                  "actions": {
+                    "Condition": {
+                      "actions": {
+                        "Add_comment_to_incident_(V3)": {
+                          "type": "ApiConnection",
+                          "inputs": {
+                            "body": {
+                              "incidentArmId": "@triggerBody()?['IncidentArmID']",
+                              "message": "<p>An AlertAndBlock request has been sent to the security centre API to block the URL: @{triggerBody()?['Entity']?['properties']?['Url']}. Note that the expiration time on this is 90 days.<br>\nThe response from the API was: @{outputs('HTTP_-_Alert_And_Block_URL')['statusCode']}</p>"
+                            },
+                            "host": {
+                              "connection": {
+                                "name": "@parameters('$connections')['azuresentinel_1']['connectionId']"
+                              }
+                            },
+                            "method": "post",
+                            "path": "/Incidents/Comment"
+                          }
+                        }
+                      },
+                      "runAfter": {
+                        "HTTP_-_Alert_And_Block_URL": [
+                          "Succeeded"
+                        ]
+                      },
+                      "expression": {
+                        "and": [
+                          {
+                            "not": {
+                              "equals": [
+                                "@triggerBody()?['IncidentArmID']",
+                                "@null"
+                              ]
+                            }
+                          }
+                        ]
+                      },
+                      "type": "If"
+                    },
+                    "HTTP_-_Alert_And_Block_URL": {
+                      "type": "Http",
+                      "inputs": {
+                        "authentication": {
+                          "audience": "https://api.securitycenter.windows.com/",
+                          "type": "ManagedServiceIdentity"
+                        },
+                        "body": {
+                          "action": "AlertAndBlock",
+                          "application": "Microsoft Sentinel",
+                          "description": "This block command has been made through the Restrict-MDEUrl-entityTrigger. Ran on URL Entity from Sentinel Incident with ARM ID: @{triggerBody()?['IncidentArmID']}. Entity properties: @{triggerBody()?['Entity']?['properties']}",
+                          "expirationTime": "@{addDays(utcNow(), 90)}",
+                          "indicatorType": "Url",
+                          "indicatorValue": "@{triggerBody()?['Entity']?['properties']?['Url']}",
+                          "title": "@{guid()}"
+                        },
+                        "method": "POST",
+                        "uri": "https://api.securitycenter.windows.com/api/indicators"
+                      }
+                    }
+                  }
+                },
+                "parameters": {
+                  "$connections": {
+                    "value": {
+                      "azuresentinel_1": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
+                        "connectionName": "[[variables('MicrosoftSentinelConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
+                        "connectionProperties": {
+                          "authentication": {
+                            "type": "ManagedServiceIdentity"
+                          }
+                        }
+                      }
+                    }
+                  }
+                }
+              },
+              "name": "[[parameters('PlaybookName')]",
+              "type": "Microsoft.Logic/workflows",
+              "location": "[[variables('workspace-location-inline')]",
+              "tags": {
+                "hidden-SentinelTemplateName": "Restrict-MDEUrl-entityTrigger",
+                "hidden-SentinelTemplateVersion": "1.0",
+                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
+              },
+              "identity": {
+                "type": "SystemAssigned"
+              },
+              "apiVersion": "2017-07-01",
+              "dependsOn": [
+                "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]"
+              ]
+            },
             {
               "type": "Microsoft.Web/connections",
               "apiVersion": "2016-06-01",
-              "name": "[[variables('AzureSentinelConnectionName')]",
+              "name": "[[variables('MicrosoftSentinelConnectionName')]",
               "location": "[[variables('workspace-location-inline')]",
               "kind": "V1",
               "properties": {
-                "displayName": "[[parameters('PlaybookName')]",
+                "displayName": "[[variables('MicrosoftSentinelConnectionName')]",
                 "parameterValueType": "Alternative",
                 "api": {
-                  "id": "[[variables('_connection-1')]"
+                  "id": "[[variables('_connection-2')]"
                 }
               }
             },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId16'),'/'))))]",
+              "properties": {
+                "parentId": "[variables('playbookId16')]",
+                "contentId": "[variables('_playbookContentId16')]",
+                "kind": "Playbook",
+                "version": "[variables('playbookVersion16')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "MicrosoftDefenderForEndpoint",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Microsoft Corporation",
+                  "email": "support@microsoft.com",
+                  "tier": "Microsoft",
+                  "link": "https://support.microsoft.com"
+                }
+              }
+            }
+          ],
+          "metadata": {
+            "title": "Restrict MDE URL - Entity Triggered",
+            "description": "This playbook will take the triggering entity and generate an alert and block threat indicator for the URL in MDE for 90 days.",
+            "prerequisites": "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions and assign Microsoft Sentinel Reader to the resource group for the managed identity. Run the following code replacing the managed identity object id, subscriptionId and resource group. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $SubscriptionId = '<Enter your subsciption id here>' \n\n $ResourceGroup = '<Enter your resource group here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $RoleName = 'Microsoft Sentinel Responder' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n New-AzRoleAssignment -ObjectId $MIGuid -RoleDefinitionName $RoleName -Scope /subscriptions/$SubscriptionId/resourcegroups/$ResourceGroup \n\n ```",
+            "postDeployment": [
+              "1. Add Microsoft Sentinel Responder role to the managed identity.",
+              "2. Assign Ti.ReadWrite API permissions to the managed identity."
+            ],
+            "lastUpdateTime": "2023-02-26T00:00:00Z",
+            "entities": [
+              "dnsresolution"
+            ],
+            "tags": [
+              "Remediation"
+            ],
+            "releaseNotes": {
+              "version": "1.0",
+              "title": "[variables('blanks')]",
+              "notes": [
+                "Initial version"
+              ]
+            }
+          }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_playbookContentId16')]",
+        "contentKind": "Playbook",
+        "displayName": "Restrict-MDEUrl-entityTrigger",
+        "contentProductId": "[variables('_playbookcontentProductId16')]",
+        "id": "[variables('_playbookcontentProductId16')]",
+        "version": "[variables('playbookVersion16')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('playbookTemplateSpecName17')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "Restrict-MDEUrl Playbook with template version 3.0.1",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('playbookVersion17')]",
+          "parameters": {
+            "PlaybookName": {
+              "defaultValue": "Restrict-MDEUrl",
+              "type": "String"
+            }
+          },
+          "variables": {
+            "AzureSentinelConnectionName": "[[concat('azuresentinel-', parameters('PlaybookName'))]",
+            "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
+            "_connection-1": "[[variables('connection-1')]",
+            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
+            "workspace-name": "[parameters('workspace')]",
+            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
+          },
+          "resources": [
             {
               "type": "Microsoft.Web/connections",
               "apiVersion": "2016-06-01",
-              "name": "[[variables('MDATPConnectionName')]",
+              "name": "[[variables('AzureSentinelConnectionName')]",
               "location": "[[variables('workspace-location-inline')]",
               "kind": "V1",
               "properties": {
                 "displayName": "[[parameters('PlaybookName')]",
                 "parameterValueType": "Alternative",
                 "api": {
-                  "id": "[[variables('_connection-2')]"
+                  "id": "[[variables('_connection-1')]"
                 }
               }
             },
@@ -5264,131 +5122,85 @@
               "location": "[[variables('workspace-location-inline')]",
               "tags": {
                 "LogicAppsCategory": "security",
-                "hidden-SentinelTemplateName": "Unisolate-MDEMachine_alert",
+                "hidden-SentinelTemplateName": "Restrict-MDEUrl",
                 "hidden-SentinelTemplateVersion": "1.0",
                 "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
               },
+              "dependsOn": [
+                "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]"
+              ],
               "identity": {
                 "type": "SystemAssigned"
               },
-              "dependsOn": [
-                "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]",
-                "[[resourceId('Microsoft.Web/connections', variables('MDATPConnectionName'))]"
-              ],
               "properties": {
                 "state": "Enabled",
                 "definition": {
                   "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
                   "actions": {
-                    "Alert_-_Get_incident": {
+                    "Entities_-_Get_URLs": {
                       "inputs": {
+                        "body": "@triggerBody()?['object']?['properties']?['relatedEntities']",
                         "host": {
                           "connection": {
                             "name": "@parameters('$connections')['azuresentinel']['connectionId']"
                           }
                         },
-                        "method": "get",
-                        "path": "/Incidents/subscriptions/@{encodeURIComponent(triggerBody()?['WorkspaceSubscriptionId'])}/resourceGroups/@{encodeURIComponent(triggerBody()?['WorkspaceResourceGroup'])}/workspaces/@{encodeURIComponent(triggerBody()?['WorkspaceId'])}/alerts/@{encodeURIComponent(triggerBody()?['SystemAlertId'])}"
-                      },
-                      "type": "ApiConnection"
-                    },
-                    "Entities_-_Get_Hosts": {
-                      "inputs": {
-                        "body": "@triggerBody()?['Entities']",
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                          }
-                        },
-                        "method": "post",
-                        "path": "/entities/host"
-                      },
-                      "runAfter": {
-                        "Alert_-_Get_incident": [
-                          "Succeeded"
-                        ]
+                        "method": "post",
+                        "path": "/entities/url"
                       },
                       "type": "ApiConnection"
                     },
                     "For_each": {
                       "actions": {
-                        "Condition": {
-                          "actions": {
-                            "Actions_-_Unisolate_machine": {
-                              "inputs": {
-                                "body": {
-                                  "Comment": "Relased from isolation from playbook for Microsoft Sentinel Incident:  @{body('Alert_-_Get_incident')?['properties']?['incidentNumber']} - @{body('Alert_-_Get_incident')?['properties']?['title']}"
-                                },
-                                "host": {
-                                  "connection": {
-                                    "name": "@parameters('$connections')['wdatp']['connectionId']"
-                                  }
-                                },
-                                "method": "post",
-                                "path": "/api/machines/@{encodeURIComponent(items('For_each')?['MdatpDeviceId'])}/unisolate"
-                              },
-                              "type": "ApiConnection"
+                        "Add_comment_to_incident_(V3)": {
+                          "inputs": {
+                            "body": {
+                              "incidentArmId": "@triggerBody()?['object']?['id']",
+                              "message": "<p>@{items('For_each')?['Url']} was added to MDE Indicators with action: AlertandBlock via playbook.</p>"
                             },
-                            "Add_comment_to_incident_(V3)": {
-                              "inputs": {
-                                "body": {
-                                  "incidentArmId": "@body('Alert_-_Get_incident')?['id']",
-                                  "message": "<p>@{items('For_each')?['HostName']} was released from isolation in MDE and the status was </p>"
-                                },
-                                "host": {
-                                  "connection": {
-                                    "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                                  }
-                                },
-                                "method": "post",
-                                "path": "/Incidents/Comment"
-                              },
-                              "runAfter": {
-                                "Actions_-_Unisolate_machine": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "type": "ApiConnection"
-                            }
-                          },
-                          "else": {
-                            "actions": {
-                              "Add_comment_to_incident_(V3)_2": {
-                                "inputs": {
-                                  "body": {
-                                    "incidentArmId": "@body('Alert_-_Get_incident')?['id']",
-                                    "message": "<p>@{items('For_each')?['HostName']} does not have MDEDeviceID in the Entities list. &nbsp;It was not released from isolation.&nbsp;</p>"
-                                  },
-                                  "host": {
-                                    "connection": {
-                                      "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                                    }
-                                  },
-                                  "method": "post",
-                                  "path": "/Incidents/Comment"
-                                },
-                                "type": "ApiConnection"
+                            "host": {
+                              "connection": {
+                                "name": "@parameters('$connections')['azuresentinel']['connectionId']"
                               }
-                            }
+                            },
+                            "method": "post",
+                            "path": "/Incidents/Comment"
                           },
-                          "expression": {
-                            "and": [
-                              {
-                                "not": {
-                                  "equals": [
-                                    "@items('For_each')?['MdatpDeviceId']",
-                                    "@null"
-                                  ]
-                                }
-                              }
+                          "runAfter": {
+                            "HTTP": [
+                              "Succeeded"
                             ]
                           },
-                          "type": "If"
+                          "type": "ApiConnection"
+                        },
+                        "HTTP": {
+                          "inputs": {
+                            "authentication": {
+                              "audience": "https://api.securitycenter.windows.com",
+                              "type": "ManagedServiceIdentity"
+                            },
+                            "body": {
+                              "action": "AlertAndBlock",
+                              "application": "Microsoft Sentinel",
+                              "description": "@{triggerBody()?['object']?['properties']?['incidentNumber']}-@{triggerBody()?['object']?['properties']?['title']}",
+                              "expirationTime": "@{formatDateTime(addDays(triggerBody()?['object']?['properties']?['createdTimeUtc'], 90), 'yyyy-MM-ddTHH:mm:ssZ')}",
+                              "indicatorType": "Url",
+                              "indicatorValue": "@{items('For_each')?['Url']}",
+                              "severity": "@{triggerBody()?['object']?['properties']?['severity']}",
+                              "title": "@{guid()}"
+                            },
+                            "headers": {
+                              "Content-type": "application/json"
+                            },
+                            "method": "POST",
+                            "uri": "https://api.securitycenter.windows.com/api/indicators"
+                          },
+                          "type": "Http"
                         }
                       },
-                      "foreach": "@body('Entities_-_Get_Hosts')?['Hosts']",
+                      "foreach": "@body('Entities_-_Get_URLs')?['URLs']",
                       "runAfter": {
-                        "Entities_-_Get_Hosts": [
+                        "Entities_-_Get_URLs": [
                           "Succeeded"
                         ]
                       },
@@ -5402,7 +5214,7 @@
                     }
                   },
                   "triggers": {
-                    "Microsoft_Sentinel_alert": {
+                    "Microsoft_Sentinel_incident": {
                       "inputs": {
                         "body": {
                           "callback_url": "@{listCallbackUrl()}"
@@ -5412,7 +5224,7 @@
                             "name": "@parameters('$connections')['azuresentinel']['connectionId']"
                           }
                         },
-                        "path": "/subscribe"
+                        "path": "/incident-creation"
                       },
                       "type": "ApiConnectionWebhook"
                     }
@@ -5430,16 +5242,6 @@
                             "type": "ManagedServiceIdentity"
                           }
                         }
-                      },
-                      "wdatp": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('MDATPConnectionName'))]",
-                        "connectionName": "[[variables('MDATPConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/wdatp')]",
-                        "connectionProperties": {
-                          "authentication": {
-                            "type": "ManagedServiceIdentity"
-                          }
-                        }
                       }
                     }
                   }
@@ -5449,12 +5251,12 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId15'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId17'),'/'))))]",
               "properties": {
-                "parentId": "[variables('playbookId15')]",
-                "contentId": "[variables('_playbookContentId15')]",
+                "parentId": "[variables('playbookId17')]",
+                "contentId": "[variables('_playbookContentId17')]",
                 "kind": "Playbook",
-                "version": "[variables('playbookVersion15')]",
+                "version": "[variables('playbookVersion17')]",
                 "source": {
                   "kind": "Solution",
                   "name": "MicrosoftDefenderForEndpoint",
@@ -5474,14 +5276,14 @@
             }
           ],
           "metadata": {
-            "title": "Unisolate MDE Machine - Alert Triggered",
-            "description": "This playbook will release a machine from isolation in Microsoft Defender for Endpoint.",
+            "title": "Restrict MDE Url - Incident Triggered",
+            "description": "This playbook will take Url entities and generate alert and block threat indicators for each IP in MDE for 90 days.",
             "prerequisites": [
-              "- You will need to grant Machine.Isolate permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Machine.Isolate' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"
+              "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"
             ],
             "lastUpdateTime": "2022-07-14T00:00:00Z",
             "entities": [
-              "Host"
+              "Url"
             ],
             "tags": [
               "Remediation"
@@ -5489,7 +5291,7 @@
             "releaseNotes": [
               {
                 "version": "1.0.0",
-                "title": "Unisolate MDE Machine",
+                "title": "Restrict MDE Url",
                 "notes": [
                   "Initial version"
                 ]
@@ -5502,36 +5304,48 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId15')]",
+        "contentId": "[variables('_playbookContentId17')]",
         "contentKind": "Playbook",
-        "displayName": "Unisolate-MDEMachine",
-        "contentProductId": "[variables('_playbookcontentProductId15')]",
-        "id": "[variables('_playbookcontentProductId15')]",
-        "version": "[variables('playbookVersion15')]"
+        "displayName": "Restrict-MDEUrl",
+        "contentProductId": "[variables('_playbookcontentProductId17')]",
+        "id": "[variables('_playbookcontentProductId17')]",
+        "version": "[variables('playbookVersion17')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName16')]",
+      "name": "[variables('playbookTemplateSpecName18')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Unisolate-MDEMachine Playbook with template version 3.0.0",
+        "description": "Run-MDEAntivirus Playbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion16')]",
+          "contentVersion": "[variables('playbookVersion18')]",
           "parameters": {
             "PlaybookName": {
-              "defaultValue": "Unisolate-MDEMachine",
+              "defaultValue": "Run-MDEAntivirus",
+              "type": "string"
+            },
+            "SentinelResourceGroupName": {
+              "defaultValue": "",
+              "type": "string"
+            },
+            "SentinelSubscriptionId": {
+              "defaultValue": "",
               "type": "string"
             }
           },
           "variables": {
             "AzureSentinelConnectionName": "[[concat('azuresentinel-', parameters('PlaybookName'))]",
             "MDATPConnectionName": "[[concat('wdatp-', parameters('PlaybookName'))]",
+            "roleAssignmentName": "[[guid(subscription().subscriptionId, resourceGroup().id)]",
+            "ASSubscriptionId": "[[if(empty(parameters('SentinelSubscriptionId')), subscription().subscriptionId, parameters('SentinelSubscriptionId'))]",
+            "roleDefinitionId": "[[concat('/subscriptions/', variables('ASSubscriptionId'),'/providers/Microsoft.Authorization/roleDefinitions/ab8e14d6-4a74-4a29-9ba8-549422addade')]",
+            "_roleDefinitionId": "[[variables('roleDefinitionId')]",
             "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
             "_connection-1": "[[variables('connection-1')]",
             "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/wdatp')]",
@@ -5576,8 +5390,8 @@
               "location": "[[variables('workspace-location-inline')]",
               "tags": {
                 "LogicAppsCategory": "security",
-                "hidden-SentinelTemplateName": "Unisolate-MDEMachine",
-                "hidden-SentinelTemplateVersion": "1.1",
+                "hidden-SentinelTemplateName": "Run-MDEAntivirus_alert",
+                "hidden-SentinelTemplateVersion": "1.0",
                 "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
               },
               "identity": {
@@ -5592,9 +5406,26 @@
                 "definition": {
                   "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
                   "actions": {
+                    "Alert_-_Get_incident": {
+                      "inputs": {
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                          }
+                        },
+                        "method": "get",
+                        "path": "/Incidents/subscriptions/@{encodeURIComponent(triggerBody()?['WorkspaceSubscriptionId'])}/resourceGroups/@{encodeURIComponent(triggerBody()?['WorkspaceResourceGroup'])}/workspaces/@{encodeURIComponent(triggerBody()?['WorkspaceId'])}/alerts/@{encodeURIComponent(triggerBody()?['SystemAlertId'])}"
+                      },
+                      "runAfter": {
+                        "Initialize_variable": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "ApiConnection"
+                    },
                     "Entities_-_Get_Hosts": {
                       "inputs": {
-                        "body": "@triggerBody()?['object']?['properties']?['relatedEntities']",
+                        "body": "@triggerBody()?['Entities']",
                         "host": {
                           "connection": {
                             "name": "@parameters('$connections')['azuresentinel']['connectionId']"
@@ -5603,81 +5434,159 @@
                         "method": "post",
                         "path": "/entities/host"
                       },
+                      "runAfter": {
+                        "Alert_-_Get_incident": [
+                          "Succeeded"
+                        ]
+                      },
                       "type": "ApiConnection"
                     },
                     "For_each": {
                       "actions": {
                         "Condition": {
                           "actions": {
-                            "Actions_-_Unisolate_machine": {
+                            "Machines_-_Get_single_machine": {
                               "inputs": {
-                                "body": {
-                                  "Comment": "Relased from isolation from playbook for Microsoft Sentinel Incident:  @{triggerBody()?['object']?['properties']?['incidentNumber']} - @{triggerBody()?['object']?['properties']?['title']}"
-                                },
                                 "host": {
                                   "connection": {
                                     "name": "@parameters('$connections')['wdatp']['connectionId']"
                                   }
                                 },
-                                "method": "post",
-                                "path": "/api/machines/@{encodeURIComponent(items('For_each')?['additionalData']?['MdatpDeviceId'])}/unisolate"
+                                "method": "get",
+                                "path": "/api/machines/@{encodeURIComponent(items('For_each')?['HostName'])}"
                               },
                               "type": "ApiConnection"
                             },
-                            "Add_comment_to_incident_(V3)": {
+                            "Set_variable": {
                               "inputs": {
-                                "body": {
-                                  "incidentArmId": "@triggerBody()?['object']?['id']",
-                                  "message": "<p>@{items('For_each')?['HostName']} was released from isolation in MDE and the status was </p>"
-                                },
-                                "host": {
-                                  "connection": {
-                                    "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                                  }
-                                },
-                                "method": "post",
-                                "path": "/Incidents/Comment"
+                                "name": "MDEDeviceId",
+                                "value": "@body('Machines_-_Get_single_machine')?['id']"
                               },
                               "runAfter": {
-                                "Actions_-_Unisolate_machine": [
+                                "Machines_-_Get_single_machine": [
                                   "Succeeded"
                                 ]
                               },
-                              "type": "ApiConnection"
+                              "type": "SetVariable"
                             }
                           },
                           "else": {
                             "actions": {
-                              "Add_comment_to_incident_(V3)_2": {
+                              "Machines_-_Get_single_machine_2": {
                                 "inputs": {
-                                  "body": {
-                                    "incidentArmId": "@triggerBody()?['object']?['id']",
-                                    "message": "<p>@{items('For_each')?['HostName']} does not have MDEDeviceID in the Entities list. &nbsp;It was not released from isolation.&nbsp;</p>"
-                                  },
                                   "host": {
                                     "connection": {
-                                      "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                                      "name": "@parameters('$connections')['wdatp']['connectionId']"
                                     }
                                   },
-                                  "method": "post",
-                                  "path": "/Incidents/Comment"
+                                  "method": "get",
+                                  "path": "/api/machines/@{encodeURIComponent(items('For_each')?['MdatpDeviceId'])}"
                                 },
                                 "type": "ApiConnection"
+                              },
+                              "Set_variable_2": {
+                                "inputs": {
+                                  "name": "MDEDeviceId",
+                                  "value": "@body('Machines_-_Get_single_machine_2')?['id']"
+                                },
+                                "runAfter": {
+                                  "Machines_-_Get_single_machine_2": [
+                                    "Succeeded"
+                                  ]
+                                },
+                                "type": "SetVariable"
                               }
                             }
                           },
                           "expression": {
                             "and": [
                               {
-                                "not": {
+                                "equals": [
+                                  "@items('For_each')?['MdatpDeviceId']",
+                                  "@null"
+                                ]
+                              }
+                            ]
+                          },
+                          "type": "If"
+                        },
+                        "Condition_2": {
+                          "actions": {
+                            "Actions_-_Run_antivirus_scan": {
+                              "inputs": {
+                                "body": {
+                                  "Comment": "AV Scan run from playbook for Microsoft Sentinel Incident: @{body('Alert_-_Get_incident')?['properties']?['incidentNumber']} -  @{body('Alert_-_Get_incident')?['properties']?['title']}",
+                                  "ScanType": "Full"
+                                },
+                                "host": {
+                                  "connection": {
+                                    "name": "@parameters('$connections')['wdatp']['connectionId']"
+                                  }
+                                },
+                                "method": "post",
+                                "path": "/api/machines/@{encodeURIComponent(variables('MDEDeviceId'))}/runAntiVirusScan"
+                              },
+                              "type": "ApiConnection"
+                            },
+                            "Add_comment_to_incident_(V3)": {
+                              "inputs": {
+                                "body": {
+                                  "incidentArmId": "@body('Alert_-_Get_incident')?['id']",
+                                  "message": "<p>@{items('For_each')?['HostName']} (MDE Device ID: @{body('Machines_-_Get_single_machine')?['id']}) had a full AV scan triggered and the status was @{body('Actions_-_Run_antivirus_scan')?['status']}</p>"
+                                },
+                                "host": {
+                                  "connection": {
+                                    "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                                  }
+                                },
+                                "method": "post",
+                                "path": "/Incidents/Comment"
+                              },
+                              "runAfter": {
+                                "Actions_-_Run_antivirus_scan": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "type": "ApiConnection"
+                            }
+                          },
+                          "else": {
+                            "actions": {
+                              "Add_comment_to_incident_(V3)_2": {
+                                "inputs": {
+                                  "body": {
+                                    "incidentArmId": "@body('Alert_-_Get_incident')?['id']",
+                                    "message": "<p>@{items('For_each')?['HostName']} could not be found in MDE, so no AV scan was run.</p>"
+                                  },
+                                  "host": {
+                                    "connection": {
+                                      "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                                    }
+                                  },
+                                  "method": "post",
+                                  "path": "/Incidents/Comment"
+                                },
+                                "type": "ApiConnection"
+                              }
+                            }
+                          },
+                          "expression": {
+                            "and": [
+                              {
+                                "not": {
                                   "equals": [
-                                    "@items('For_each')?['additionalData']?['MdatpDeviceId']",
+                                    "@variables('MDEDeviceId')",
                                     "@null"
                                   ]
                                 }
                               }
                             ]
                           },
+                          "runAfter": {
+                            "Condition": [
+                              "Succeeded"
+                            ]
+                          },
                           "type": "If"
                         }
                       },
@@ -5688,6 +5597,17 @@
                         ]
                       },
                       "type": "Foreach"
+                    },
+                    "Initialize_variable": {
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "MDEDeviceId",
+                            "type": "string"
+                          }
+                        ]
+                      },
+                      "type": "InitializeVariable"
                     }
                   },
                   "contentVersion": "1.0.0.0",
@@ -5697,7 +5617,7 @@
                     }
                   },
                   "triggers": {
-                    "Microsoft_Sentinel_incident": {
+                    "Microsoft_Sentinel_alert": {
                       "inputs": {
                         "body": {
                           "callback_url": "@{listCallbackUrl()}"
@@ -5707,7 +5627,7 @@
                             "name": "@parameters('$connections')['azuresentinel']['connectionId']"
                           }
                         },
-                        "path": "/incident-creation"
+                        "path": "/subscribe"
                       },
                       "type": "ApiConnectionWebhook"
                     }
@@ -5741,15 +5661,27 @@
                 }
               }
             },
+            {
+              "type": "Microsoft.Authorization/roleAssignments",
+              "apiVersion": "2022-04-01",
+              "name": "[[variables('roleAssignmentName')]",
+              "dependsOn": [
+                "[[resourceId('Microsoft.Logic/workflows', parameters('PlaybookName'))]"
+              ],
+              "properties": {
+                "roleDefinitionId": "[[variables('_roleDefinitionId')]",
+                "principalId": "[[reference(resourceId('Microsoft.Logic/workflows', parameters('PlaybookName')), '2017-07-01', 'full').identity.principalId]"
+              }
+            },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId16'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId18'),'/'))))]",
               "properties": {
-                "parentId": "[variables('playbookId16')]",
-                "contentId": "[variables('_playbookContentId16')]",
+                "parentId": "[variables('playbookId18')]",
+                "contentId": "[variables('_playbookContentId18')]",
                 "kind": "Playbook",
-                "version": "[variables('playbookVersion16')]",
+                "version": "[variables('playbookVersion18')]",
                 "source": {
                   "kind": "Solution",
                   "name": "MicrosoftDefenderForEndpoint",
@@ -5769,12 +5701,12 @@
             }
           ],
           "metadata": {
-            "title": "Unisolate MDE Machine - Incident Triggered",
-            "description": "This playbook will release a machine from isolation in Microsoft Defender for Endpoint.",
+            "title": "Run MDE Antivirus - Alert Triggered",
+            "description": "This playbook will run a antivirus (full) scan on the machine in Microsoft Defender for Endpoint.",
             "prerequisites": [
-              "- You will need to grant Machine.Isolate permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Machine.Isolate' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"
+              "- You will need to grant Machine.Scan, Machine.Read.All, and Machine.ReadWrite.All permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Machine.Scan' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id $PermissionName = 'Machine.Read.All' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id $PermissionName = 'Machine.ReadWrite.All' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"
             ],
-            "lastUpdateTime": "2022-07-14T00:00:00Z",
+            "lastUpdateTime": "2022-02-14T00:00:00Z",
             "entities": [
               "Host"
             ],
@@ -5784,7 +5716,7 @@
             "releaseNotes": [
               {
                 "version": "1.0.0",
-                "title": "Unisolate MDE Machine",
+                "title": "Run MDE Antivirus",
                 "notes": [
                   "Initial version"
                 ]
@@ -5797,36 +5729,39 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId16')]",
+        "contentId": "[variables('_playbookContentId18')]",
         "contentKind": "Playbook",
-        "displayName": "Unisolate-MDEMachine",
-        "contentProductId": "[variables('_playbookcontentProductId16')]",
-        "id": "[variables('_playbookcontentProductId16')]",
-        "version": "[variables('playbookVersion16')]"
+        "displayName": "Run-MDEAntivirus",
+        "contentProductId": "[variables('_playbookcontentProductId18')]",
+        "id": "[variables('_playbookcontentProductId18')]",
+        "version": "[variables('playbookVersion18')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName17')]",
+      "name": "[variables('playbookTemplateSpecName19')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Restrict-MDEDomain-entityTrigger Playbook with template version 3.0.0",
+        "description": "Run-MDEAntivirus Playbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion17')]",
+          "contentVersion": "[variables('playbookVersion19')]",
           "parameters": {
             "PlaybookName": {
-              "defaultValue": "Restrict-MDEDomain-entityTrigger",
+              "defaultValue": "Run-MDEAntivirus",
               "type": "string"
             }
           },
           "variables": {
-            "MicrosoftSentinelConnectionName": "[[concat('MicrosoftSentinel-', parameters('PlaybookName'))]",
-            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
+            "AzureSentinelConnectionName": "[[concat('azuresentinel-', parameters('PlaybookName'))]",
+            "MDATPConnectionName": "[[concat('wdatp-', parameters('PlaybookName'))]",
+            "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
+            "_connection-1": "[[variables('connection-1')]",
+            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/wdatp')]",
             "_connection-2": "[[variables('connection-2')]",
             "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
             "workspace-name": "[parameters('workspace')]",
@@ -5834,101 +5769,283 @@
           },
           "resources": [
             {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('AzureSentinelConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
+              "properties": {
+                "displayName": "[[parameters('PlaybookName')]",
+                "parameterValueType": "Alternative",
+                "api": {
+                  "id": "[[variables('_connection-1')]"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('MDATPConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
+              "properties": {
+                "displayName": "[[parameters('PlaybookName')]",
+                "parameterValueType": "Alternative",
+                "api": {
+                  "id": "[[variables('_connection-2')]"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.Logic/workflows",
+              "apiVersion": "2017-07-01",
+              "name": "[[parameters('PlaybookName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "tags": {
+                "LogicAppsCategory": "security",
+                "hidden-SentinelTemplateName": "Run-MDEAntivirus",
+                "hidden-SentinelTemplateVersion": "1.1",
+                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
+              },
+              "identity": {
+                "type": "SystemAssigned"
+              },
+              "dependsOn": [
+                "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]",
+                "[[resourceId('Microsoft.Web/connections', variables('MDATPConnectionName'))]"
+              ],
               "properties": {
-                "provisioningState": "Succeeded",
                 "state": "Enabled",
                 "definition": {
                   "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
-                  "contentVersion": "1.0.0.0",
-                  "parameters": {
-                    "$connections": {
-                      "type": "Object"
-                    }
-                  },
-                  "triggers": {
-                    "Microsoft_Sentinel_entity_(DNS)": {
-                      "type": "ApiConnectionWebhook",
+                  "actions": {
+                    "Entities_-_Get_Hosts": {
                       "inputs": {
-                        "body": {
-                          "callback_url": "@{listCallbackUrl()}"
-                        },
+                        "body": "@triggerBody()?['object']?['properties']?['relatedEntities']",
                         "host": {
                           "connection": {
-                            "name": "@parameters('$connections')['azuresentinel_1']['connectionId']"
+                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
                           }
                         },
-                        "path": "/entity/@{encodeURIComponent('DNS')}"
-                      }
-                    }
-                  },
-                  "actions": {
-                    "Condition": {
-                      "actions": {
-                        "Add_comment_to_incident_(V3)": {
-                          "type": "ApiConnection",
-                          "inputs": {
-                            "body": {
-                              "incidentArmId": "@triggerBody()?['IncidentArmID']",
-                              "message": "<p><br>\nAn AlertAndBlock request has been sent to the security centre API for the domain: @{triggerBody()?['Entity']?['properties']?['DomainName']}. Note that the expiration time on this request is 90 days.<br>\nThe response from the API was: @{outputs('HTTP_-_AlertAndBlock')['statusCode']}</p>"
-                            },
-                            "host": {
-                              "connection": {
-                                "name": "@parameters('$connections')['azuresentinel_1']['connectionId']"
-                              }
-                            },
-                            "method": "post",
-                            "path": "/Incidents/Comment"
-                          }
-                        }
+                        "method": "post",
+                        "path": "/entities/host"
                       },
                       "runAfter": {
-                        "HTTP_-_AlertAndBlock": [
+                        "Initialize_variable": [
                           "Succeeded"
                         ]
                       },
-                      "expression": {
-                        "and": [
-                          {
-                            "not": {
-                              "equals": [
-                                "@triggerBody()?['IncidentArmID']",
-                                "@null"
-                              ]
-                            }
-                          }
-                        ]
-                      },
-                      "type": "If"
+                      "type": "ApiConnection"
                     },
-                    "HTTP_-_AlertAndBlock": {
-                      "type": "Http",
-                      "inputs": {
-                        "authentication": {
-                          "audience": "https://api.securitycenter.windows.com/",
-                          "type": "ManagedServiceIdentity"
+                    "For_each": {
+                      "actions": {
+                        "Condition": {
+                          "actions": {
+                            "Machines_-_Get_single_machine": {
+                              "inputs": {
+                                "host": {
+                                  "connection": {
+                                    "name": "@parameters('$connections')['wdatp']['connectionId']"
+                                  }
+                                },
+                                "method": "get",
+                                "path": "/api/machines/@{encodeURIComponent(items('For_each')?['HostName'])}"
+                              },
+                              "type": "ApiConnection"
+                            },
+                            "Set_variable": {
+                              "inputs": {
+                                "name": "MDEDeviceId",
+                                "value": "@body('Machines_-_Get_single_machine')?['id']"
+                              },
+                              "runAfter": {
+                                "Machines_-_Get_single_machine": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "type": "SetVariable"
+                            }
+                          },
+                          "else": {
+                            "actions": {
+                              "Machines_-_Get_single_machine_2": {
+                                "inputs": {
+                                  "host": {
+                                    "connection": {
+                                      "name": "@parameters('$connections')['wdatp']['connectionId']"
+                                    }
+                                  },
+                                  "method": "get",
+                                  "path": "/api/machines/@{encodeURIComponent(items('For_each')?['MdatpDeviceId'])}"
+                                },
+                                "type": "ApiConnection"
+                              },
+                              "Set_variable_2": {
+                                "inputs": {
+                                  "name": "MDEDeviceId",
+                                  "value": "@body('Machines_-_Get_single_machine_2')?['id']"
+                                },
+                                "runAfter": {
+                                  "Machines_-_Get_single_machine_2": [
+                                    "Succeeded"
+                                  ]
+                                },
+                                "type": "SetVariable"
+                              }
+                            }
+                          },
+                          "expression": {
+                            "and": [
+                              {
+                                "equals": [
+                                  "@items('For_each')?['MdatpDeviceId']",
+                                  "@null"
+                                ]
+                              }
+                            ]
+                          },
+                          "type": "If"
                         },
+                        "Condition_2": {
+                          "actions": {
+                            "Actions_-_Run_antivirus_scan": {
+                              "inputs": {
+                                "body": {
+                                  "Comment": "AV Scan run from playbook for Microsoft Sentinel Incident:  @{triggerBody()?['object']?['properties']?['incidentNumber']}- @{triggerBody()?['object']?['properties']?['title']}",
+                                  "ScanType": "Full"
+                                },
+                                "host": {
+                                  "connection": {
+                                    "name": "@parameters('$connections')['wdatp']['connectionId']"
+                                  }
+                                },
+                                "method": "post",
+                                "path": "/api/machines/@{encodeURIComponent(variables('MDEDeviceId'))}/runAntiVirusScan"
+                              },
+                              "type": "ApiConnection"
+                            },
+                            "Add_comment_to_incident_(V3)": {
+                              "inputs": {
+                                "body": {
+                                  "incidentArmId": "@triggerBody()?['object']?['id']",
+                                  "message": "<p>@{items('For_each')?['HostName']} (MDE Device ID: @{body('Machines_-_Get_single_machine')?['id']}) had a full AV scan triggered and the status was @{body('Actions_-_Run_antivirus_scan')?['status']}</p>"
+                                },
+                                "host": {
+                                  "connection": {
+                                    "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                                  }
+                                },
+                                "method": "post",
+                                "path": "/Incidents/Comment"
+                              },
+                              "runAfter": {
+                                "Actions_-_Run_antivirus_scan": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "type": "ApiConnection"
+                            }
+                          },
+                          "else": {
+                            "actions": {
+                              "Add_comment_to_incident_(V3)_2": {
+                                "inputs": {
+                                  "body": {
+                                    "incidentArmId": "@triggerBody()?['object']?['id']",
+                                    "message": "<p>@{items('For_each')?['HostName']} could not be found in MDE, so no AV scan was run.</p>"
+                                  },
+                                  "host": {
+                                    "connection": {
+                                      "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                                    }
+                                  },
+                                  "method": "post",
+                                  "path": "/Incidents/Comment"
+                                },
+                                "type": "ApiConnection"
+                              }
+                            }
+                          },
+                          "expression": {
+                            "and": [
+                              {
+                                "not": {
+                                  "equals": [
+                                    "@variables('MDEDeviceId')",
+                                    "@null"
+                                  ]
+                                }
+                              }
+                            ]
+                          },
+                          "runAfter": {
+                            "Condition": [
+                              "Succeeded"
+                            ]
+                          },
+                          "type": "If"
+                        }
+                      },
+                      "foreach": "@body('Entities_-_Get_Hosts')?['Hosts']",
+                      "runAfter": {
+                        "Entities_-_Get_Hosts": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "Foreach"
+                    },
+                    "Initialize_variable": {
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "MDEDeviceId",
+                            "type": "string"
+                          }
+                        ]
+                      },
+                      "type": "InitializeVariable"
+                    }
+                  },
+                  "contentVersion": "1.0.0.0",
+                  "parameters": {
+                    "$connections": {
+                      "type": "Object"
+                    }
+                  },
+                  "triggers": {
+                    "Microsoft_Sentinel_incident": {
+                      "inputs": {
                         "body": {
-                          "action": "AlertAndBlock",
-                          "application": "Microsoft Sentinel",
-                          "description": "This block command has been made through the Restrict-MDEDomain-entityTrigger. Ran on URL Entity from Microsoft Sentinel Incident with ARM ID: @{triggerBody()?['IncidentArmID']}. Entity properties: @{triggerBody()?['Entity']?['properties']}",
-                          "expirationTime": "@{addDays(utcNow(), 90)}",
-                          "indicatorType": "DomainName",
-                          "indicatorValue": "@{triggerBody()?['Entity']?['properties']?['DomainName']}",
-                          "title": "@{guid()}"
+                          "callback_url": "@{listCallbackUrl()}"
                         },
-                        "method": "POST",
-                        "uri": "https://api.securitycenter.windows.com/api/indicators"
-                      }
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                          }
+                        },
+                        "path": "/incident-creation"
+                      },
+                      "type": "ApiConnectionWebhook"
                     }
                   }
                 },
                 "parameters": {
                   "$connections": {
                     "value": {
-                      "azuresentinel_1": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
-                        "connectionName": "[[variables('MicrosoftSentinelConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
+                      "azuresentinel": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]",
+                        "connectionName": "[[variables('AzureSentinelConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
+                        "connectionProperties": {
+                          "authentication": {
+                            "type": "ManagedServiceIdentity"
+                          }
+                        }
+                      },
+                      "wdatp": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('MDATPConnectionName'))]",
+                        "connectionName": "[[variables('MDATPConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/wdatp')]",
                         "connectionProperties": {
                           "authentication": {
                             "type": "ManagedServiceIdentity"
@@ -5938,46 +6055,17 @@
                     }
                   }
                 }
-              },
-              "name": "[[parameters('PlaybookName')]",
-              "type": "Microsoft.Logic/workflows",
-              "location": "[[variables('workspace-location-inline')]",
-              "tags": {
-                "hidden-SentinelTemplateName": "Restrict-MDEDomain-entityTrigger",
-                "hidden-SentinelTemplateVersion": "1.0",
-                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
-              },
-              "identity": {
-                "type": "SystemAssigned"
-              },
-              "apiVersion": "2017-07-01",
-              "dependsOn": [
-                "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]"
-              ]
-            },
-            {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('MicrosoftSentinelConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "kind": "V1",
-              "properties": {
-                "displayName": "[[variables('MicrosoftSentinelConnectionName')]",
-                "parameterValueType": "Alternative",
-                "api": {
-                  "id": "[[variables('_connection-2')]"
-                }
               }
             },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId17'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId19'),'/'))))]",
               "properties": {
-                "parentId": "[variables('playbookId17')]",
-                "contentId": "[variables('_playbookContentId17')]",
+                "parentId": "[variables('playbookId19')]",
+                "contentId": "[variables('_playbookContentId19')]",
                 "kind": "Playbook",
-                "version": "[variables('playbookVersion17')]",
+                "version": "[variables('playbookVersion19')]",
                 "source": {
                   "kind": "Solution",
                   "name": "MicrosoftDefenderForEndpoint",
@@ -5997,27 +6085,27 @@
             }
           ],
           "metadata": {
-            "title": "Restrict MDE Domain - Entity Triggered",
-            "description": "This playbook will take the triggering entity and generate an alert and block threat indicator for the domain in MDE for 90 days.",
-            "prerequisites": "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions and assign Microsoft Sentinel Reader to the resource group for the managed identity. Run the following code replacing the managed identity object id, subscriptionId and resource group. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $SubscriptionId = '<Enter your subsciption id here>' \n\n $ResourceGroup = '<Enter your resource group here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $RoleName = 'Microsoft Sentinel Responder' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n New-AzRoleAssignment -ObjectId $MIGuid -RoleDefinitionName $RoleName -Scope /subscriptions/$SubscriptionId/resourcegroups/$ResourceGroup \n\n ```",
-            "postDeployment": [
-              "1. Add Microsoft Sentinel Responder role to the managed identity.",
-              "2. Assign Ti.ReadWrite API permissions to the managed identity."
+            "title": "Run MDE Antivirus - Incident Triggered",
+            "description": "This playbook will run a antivirus (full) scan on the machine in Microsoft Defender for Endpoint.",
+            "prerequisites": [
+              "- You will need to grant Machine.Scan, Machine.Read.All, and Machine.ReadWrite.All permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Machine.Scan' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id $PermissionName = 'Machine.Read.All' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id $PermissionName = 'Machine.ReadWrite.All' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"
             ],
-            "lastUpdateTime": "2023-02-26T00:00:00Z",
+            "lastUpdateTime": "2022-07-14T00:00:00Z",
             "entities": [
-              "Url"
+              "Host"
             ],
             "tags": [
               "Remediation"
             ],
-            "releaseNotes": {
-              "version": "1.0",
-              "title": "[variables('blanks')]",
-              "notes": [
-                "Initial version"
-              ]
-            }
+            "releaseNotes": [
+              {
+                "version": "1.0.0",
+                "title": "Run MDE Antivirus",
+                "notes": [
+                  "Initial version"
+                ]
+              }
+            ]
           }
         },
         "packageKind": "Solution",
@@ -6025,37 +6113,40 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId17')]",
+        "contentId": "[variables('_playbookContentId19')]",
         "contentKind": "Playbook",
-        "displayName": "Restrict-MDEDomain-entityTrigger",
-        "contentProductId": "[variables('_playbookcontentProductId17')]",
-        "id": "[variables('_playbookcontentProductId17')]",
-        "version": "[variables('playbookVersion17')]"
+        "displayName": "Run-MDEAntivirus",
+        "contentProductId": "[variables('_playbookcontentProductId19')]",
+        "id": "[variables('_playbookcontentProductId19')]",
+        "version": "[variables('playbookVersion19')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName18')]",
+      "name": "[variables('playbookTemplateSpecName20')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Restrict-MDEFileHash-entityTrigger Playbook with template version 3.0.0",
+        "description": "Unisolate-MDE-Machine-entityTrigger Playbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion18')]",
+          "contentVersion": "[variables('playbookVersion20')]",
           "parameters": {
             "PlaybookName": {
-              "defaultValue": "Restrict-MDEFileHash-entityTrigger",
+              "defaultValue": "Unisolate-MDE-Machine-entityTrigger",
               "type": "string"
             }
           },
           "variables": {
             "MicrosoftSentinelConnectionName": "[[concat('MicrosoftSentinel-', parameters('PlaybookName'))]",
+            "WdatpConnectionName": "[[concat('Wdatp-', parameters('PlaybookName'))]",
             "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
             "_connection-2": "[[variables('connection-2')]",
+            "connection-3": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Wdatp')]",
+            "_connection-3": "[[variables('connection-3')]",
             "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
             "workspace-name": "[parameters('workspace')]",
             "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
@@ -6074,7 +6165,7 @@
                     }
                   },
                   "triggers": {
-                    "Microsoft_Sentinel_entity_(FileHash)": {
+                    "Microsoft_Sentinel_entity": {
                       "type": "ApiConnectionWebhook",
                       "inputs": {
                         "body": {
@@ -6082,26 +6173,41 @@
                         },
                         "host": {
                           "connection": {
-                            "name": "@parameters('$connections')['azuresentinel_2']['connectionId']"
+                            "name": "@parameters('$connections')['microsoftsentinel']['connectionId']"
                           }
                         },
-                        "path": "/entity/@{encodeURIComponent('FileHash')}"
+                        "path": "/entity/@{encodeURIComponent('Host')}"
                       }
                     }
                   },
                   "actions": {
+                    "Actions_-_Unisolate_machine": {
+                      "type": "ApiConnection",
+                      "inputs": {
+                        "body": {
+                          "Comment": "Host is unisolated from Microsoft Sentinel using playbook Unisolate-MDE-machine-entityTrigger."
+                        },
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['wdatp']['connectionId']"
+                          }
+                        },
+                        "method": "post",
+                        "path": "/api/machines/@{encodeURIComponent(triggerBody()?['entity']?['properties']?['additionalData']?['MdatpDeviceId'])}/unisolate"
+                      }
+                    },
                     "Condition": {
                       "actions": {
-                        "Add_comment_to_incident_(V3)_2": {
+                        "Add_comment_to_incident_(V3)_-_device_unisolated": {
                           "type": "ApiConnection",
                           "inputs": {
                             "body": {
                               "incidentArmId": "@triggerBody()?['IncidentArmID']",
-                              "message": "<p>An AlertAndBlock request has been sent to the security centre API for file with hash: @{triggerBody()?['Entity']?['properties']?['Value']}. Note that the expiration time on this is 90 days.<br>\nThe response from the API was: @{outputs('HTTP_Alert_and_Block_Sha1')['statusCode']}</p>"
+                              "message": "<p>Host - @{triggerBody()?['Entity']?['properties']?['HostName']} - is succesfully unisolated!</p>"
                             },
                             "host": {
                               "connection": {
-                                "name": "@parameters('$connections')['azuresentinel_2']['connectionId']"
+                                "name": "@parameters('$connections')['microsoftsentinel']['connectionId']"
                               }
                             },
                             "method": "post",
@@ -6110,7 +6216,7 @@
                         }
                       },
                       "runAfter": {
-                        "Switch": [
+                        "Actions_-_Unisolate_machine": [
                           "Succeeded"
                         ]
                       },
@@ -6123,95 +6229,17 @@
                                 "@null"
                               ]
                             }
-                          },
-                          {
-                            "or": [
-                              {
-                                "equals": [
-                                  "@triggerBody()?['Entity']?['properties']?['Algorithm']",
-                                  "SHA1"
-                                ]
-                              },
-                              {
-                                "equals": [
-                                  "@triggerBody()?['Entity']?['properties']?['Algorithm']",
-                                  "SHA256"
-                                ]
-                              }
-                            ]
                           }
                         ]
                       },
                       "type": "If"
-                    },
-                    "Switch": {
-                      "cases": {
-                        "If_Encoding_==_SHA1": {
-                          "case": "SHA1",
-                          "actions": {
-                            "HTTP_Alert_and_Block_Sha1": {
-                              "type": "Http",
-                              "inputs": {
-                                "authentication": {
-                                  "audience": "https://api.securitycenter.windows.com/",
-                                  "type": "ManagedServiceIdentity"
-                                },
-                                "body": {
-                                  "action": "AlertAndBlock",
-                                  "application": "Microsoft Sentinel",
-                                  "description": "Placeholder description from Automated Restrict-MDEFileHash-entityTrigger App. Incident ARM ID: @{triggerBody()?['IncidentArmID']} File Entity Properties: @{triggerBody()?['Entity']?['properties']}",
-                                  "expirationTime": "@{addDays(utcNow(), 90)}",
-                                  "indicatorType": "FileSha1",
-                                  "indicatorValue": "@{triggerBody()?['Entity']?['properties']?['Value']}",
-                                  "title": "@{guid()}"
-                                },
-                                "headers": {
-                                  "Content-type": "application/json"
-                                },
-                                "method": "POST",
-                                "uri": "https://api.securitycenter.windows.com/api/indicators"
-                              }
-                            }
-                          }
-                        },
-                        "If_Encoding_==_SHA256": {
-                          "case": "SHA256",
-                          "actions": {
-                            "HTTP_Alert_and_Block_Sha256": {
-                              "type": "Http",
-                              "inputs": {
-                                "authentication": {
-                                  "audience": "https://api.securitycenter.windows.com/",
-                                  "type": "ManagedServiceIdentity"
-                                },
-                                "body": {
-                                  "action": "AlertAndBlock",
-                                  "application": "Microsoft Sentinel",
-                                  "description": "Placeholder description from Automated Restrict-MDEFileHash-entityTrigger App. Incident ARM ID: @{triggerBody()?['IncidentArmID']} File Entity Properties: @{triggerBody()?['Entity']?['properties']}",
-                                  "expirationTime": "@{addDays(utcNow(), 90)}",
-                                  "indicatorType": "FileSha256",
-                                  "indicatorValue": "@{triggerBody()?['Entity']?['properties']?['Value']}",
-                                  "title": "@{guid()}"
-                                },
-                                "headers": {
-                                  "Content-type": "application/json"
-                                },
-                                "method": "POST",
-                                "uri": "https://api.securitycenter.windows.com/api/indicators"
-                              }
-                            }
-                          }
-                        }
-                      },
-                      "expression": "@triggerBody()?['Entity']?['properties']?['Algorithm']",
-                      "type": "Switch"
                     }
                   }
                 },
                 "parameters": {
                   "$connections": {
                     "value": {
-                      "azuresentinel_2": {
+                      "microsoftsentinel": {
                         "connectionId": "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
                         "connectionName": "[[variables('MicrosoftSentinelConnectionName')]",
                         "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
@@ -6220,6 +6248,16 @@
                             "type": "ManagedServiceIdentity"
                           }
                         }
+                      },
+                      "wdatp": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('WdatpConnectionName'))]",
+                        "connectionName": "[[variables('WdatpConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Wdatp')]",
+                        "connectionProperties": {
+                          "authentication": {
+                            "type": "ManagedServiceIdentity"
+                          }
+                        }
                       }
                     }
                   }
@@ -6229,7 +6267,7 @@
               "type": "Microsoft.Logic/workflows",
               "location": "[[variables('workspace-location-inline')]",
               "tags": {
-                "hidden-SentinelTemplateName": "Restrict-MDEFileHash-entityTrigger",
+                "hidden-SentinelTemplateName": "Unisolate-MDE-Machine-entityTrigger",
                 "hidden-SentinelTemplateVersion": "1.0",
                 "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
               },
@@ -6238,7 +6276,8 @@
               },
               "apiVersion": "2017-07-01",
               "dependsOn": [
-                "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]"
+                "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
+                "[[resourceId('Microsoft.Web/connections', variables('WdatpConnectionName'))]"
               ]
             },
             {
@@ -6255,15 +6294,29 @@
                 }
               }
             },
+            {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('WdatpConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
+              "properties": {
+                "displayName": "[[variables('WdatpConnectionName')]",
+                "parameterValueType": "Alternative",
+                "api": {
+                  "id": "[[variables('_connection-3')]"
+                }
+              }
+            },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId18'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId20'),'/'))))]",
               "properties": {
-                "parentId": "[variables('playbookId18')]",
-                "contentId": "[variables('_playbookContentId18')]",
+                "parentId": "[variables('playbookId20')]",
+                "contentId": "[variables('_playbookContentId20')]",
                 "kind": "Playbook",
-                "version": "[variables('playbookVersion18')]",
+                "version": "[variables('playbookVersion20')]",
                 "source": {
                   "kind": "Solution",
                   "name": "MicrosoftDefenderForEndpoint",
@@ -6283,15 +6336,15 @@
             }
           ],
           "metadata": {
-            "title": "Restrict MDE FileHash - Entity Triggered",
-            "description": "This playbook will take the triggering FileHash entity and generate an alert and block threat indicator for the file hash in MDE for 90 days.",
-            "prerequisites": "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions and assign Microsoft Sentinel Reader to the resource group for the managed identity. Run the following code replacing the managed identity object id, subscriptionId and resource group. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $SubscriptionId = '<Enter your subsciption id here>' \n\n $ResourceGroup = '<Enter your resource group here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $RoleName = 'Microsoft Sentinel Responder' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n New-AzRoleAssignment -ObjectId $MIGuid -RoleDefinitionName $RoleName -Scope /subscriptions/$SubscriptionId/resourcegroups/$ResourceGroup \n\n ```",
-            "lastUpdateTime": "2023-02-26T00:00:00Z",
-            "entities": [
-              "FileHash"
+            "title": "Unisolate MDE Machine using entity trigger",
+            "description": "This playbook will unisolate Microsoft Defender for Endpoint (MDE) device using entity trigger.",
+            "postDeployment": [
+              "1. Add Microsoft Sentinel Responder role to the managed identity.",
+              "2. Assign Machine.Isolate API permissions to the managed identity."
             ],
-            "tags": [
-              "Remediation"
+            "lastUpdateTime": "2022-12-22T00:00:00Z",
+            "entities": [
+              "Host"
             ],
             "releaseNotes": {
               "version": "1.0",
@@ -6307,36 +6360,39 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId18')]",
+        "contentId": "[variables('_playbookContentId20')]",
         "contentKind": "Playbook",
-        "displayName": "Restrict-MDEFileHash-entityTrigger",
-        "contentProductId": "[variables('_playbookcontentProductId18')]",
-        "id": "[variables('_playbookcontentProductId18')]",
-        "version": "[variables('playbookVersion18')]"
+        "displayName": "Unisolate-MDE-Machine-entityTrigger",
+        "contentProductId": "[variables('_playbookcontentProductId20')]",
+        "id": "[variables('_playbookcontentProductId20')]",
+        "version": "[variables('playbookVersion20')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName19')]",
+      "name": "[variables('playbookTemplateSpecName21')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Restrict-MDEIP-entityTrigger Playbook with template version 3.0.0",
+        "description": "Unisolate-MDEMachine Playbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion19')]",
+          "contentVersion": "[variables('playbookVersion21')]",
           "parameters": {
             "PlaybookName": {
-              "defaultValue": "Restrict-MDEIP-entityTrigger",
+              "defaultValue": "Unisolate-MDEMachine",
               "type": "string"
             }
           },
           "variables": {
-            "MicrosoftSentinelConnectionName": "[[concat('MicrosoftSentinel-', parameters('PlaybookName'))]",
-            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
+            "AzureSentinelConnectionName": "[[concat('azuresentinel-', parameters('PlaybookName'))]",
+            "MDATPConnectionName": "[[concat('wdatp-', parameters('PlaybookName'))]",
+            "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
+            "_connection-1": "[[variables('connection-1')]",
+            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/wdatp')]",
             "_connection-2": "[[variables('connection-2')]",
             "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
             "workspace-name": "[parameters('workspace')]",
@@ -6344,153 +6400,231 @@
           },
           "resources": [
             {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('AzureSentinelConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
               "properties": {
-                "provisioningState": "Succeeded",
-                "state": "Enabled",
-                "definition": {
-                  "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
-                  "contentVersion": "1.0.0.0",
-                  "parameters": {
-                    "$connections": {
-                      "type": "Object"
-                    }
-                  },
-                  "triggers": {
-                    "Microsoft_Sentinel_entity_(IP)": {
-                      "type": "ApiConnectionWebhook",
-                      "inputs": {
-                        "body": {
-                          "callback_url": "@{listCallbackUrl()}"
-                        },
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['azuresentinel_1']['connectionId']"
-                          }
-                        },
-                        "path": "/entity/@{encodeURIComponent('IP')}"
-                      }
-                    }
-                  },
+                "displayName": "[[parameters('PlaybookName')]",
+                "parameterValueType": "Alternative",
+                "api": {
+                  "id": "[[variables('_connection-1')]"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('MDATPConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
+              "properties": {
+                "displayName": "[[parameters('PlaybookName')]",
+                "parameterValueType": "Alternative",
+                "api": {
+                  "id": "[[variables('_connection-2')]"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.Logic/workflows",
+              "apiVersion": "2017-07-01",
+              "name": "[[parameters('PlaybookName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "tags": {
+                "LogicAppsCategory": "security",
+                "hidden-SentinelTemplateName": "Unisolate-MDEMachine_alert",
+                "hidden-SentinelTemplateVersion": "1.0",
+                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
+              },
+              "identity": {
+                "type": "SystemAssigned"
+              },
+              "dependsOn": [
+                "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]",
+                "[[resourceId('Microsoft.Web/connections', variables('MDATPConnectionName'))]"
+              ],
+              "properties": {
+                "state": "Enabled",
+                "definition": {
+                  "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
                   "actions": {
-                    "Condition": {
-                      "actions": {
-                        "Add_comment_to_incident_(V3)": {
-                          "type": "ApiConnection",
-                          "inputs": {
-                            "body": {
-                              "incidentArmId": "@triggerBody()?['IncidentArmID']",
-                              "message": "<p>An AlertAndBlock request has been sent to the security centre API for the IP address@{triggerBody()?['Entity']?['properties']?['Address']} . Note that the expiration time for this request is 90 days.<br>\nHTTP Response of AlertAndBlock request: @{outputs('HTTP_-_Alert_And_Block_IP')['statusCode']}</p>"
-                            },
-                            "host": {
-                              "connection": {
-                                "name": "@parameters('$connections')['azuresentinel_1']['connectionId']"
-                              }
-                            },
-                            "method": "post",
-                            "path": "/Incidents/Comment"
+                    "Alert_-_Get_incident": {
+                      "inputs": {
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
                           }
-                        }
+                        },
+                        "method": "get",
+                        "path": "/Incidents/subscriptions/@{encodeURIComponent(triggerBody()?['WorkspaceSubscriptionId'])}/resourceGroups/@{encodeURIComponent(triggerBody()?['WorkspaceResourceGroup'])}/workspaces/@{encodeURIComponent(triggerBody()?['WorkspaceId'])}/alerts/@{encodeURIComponent(triggerBody()?['SystemAlertId'])}"
+                      },
+                      "type": "ApiConnection"
+                    },
+                    "Entities_-_Get_Hosts": {
+                      "inputs": {
+                        "body": "@triggerBody()?['Entities']",
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                          }
+                        },
+                        "method": "post",
+                        "path": "/entities/host"
                       },
                       "runAfter": {
-                        "HTTP_-_Alert_And_Block_IP": [
+                        "Alert_-_Get_incident": [
                           "Succeeded"
                         ]
                       },
-                      "expression": {
-                        "and": [
-                          {
-                            "not": {
-                              "equals": [
-                                "@triggerBody()?['IncidentArmID']",
-                                "@null"
-                              ]
+                      "type": "ApiConnection"
+                    },
+                    "For_each": {
+                      "actions": {
+                        "Condition": {
+                          "actions": {
+                            "Actions_-_Unisolate_machine": {
+                              "inputs": {
+                                "body": {
+                                  "Comment": "Relased from isolation from playbook for Microsoft Sentinel Incident:  @{body('Alert_-_Get_incident')?['properties']?['incidentNumber']} - @{body('Alert_-_Get_incident')?['properties']?['title']}"
+                                },
+                                "host": {
+                                  "connection": {
+                                    "name": "@parameters('$connections')['wdatp']['connectionId']"
+                                  }
+                                },
+                                "method": "post",
+                                "path": "/api/machines/@{encodeURIComponent(items('For_each')?['MdatpDeviceId'])}/unisolate"
+                              },
+                              "type": "ApiConnection"
+                            },
+                            "Add_comment_to_incident_(V3)": {
+                              "inputs": {
+                                "body": {
+                                  "incidentArmId": "@body('Alert_-_Get_incident')?['id']",
+                                  "message": "<p>@{items('For_each')?['HostName']} was released from isolation in MDE and the status was </p>"
+                                },
+                                "host": {
+                                  "connection": {
+                                    "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                                  }
+                                },
+                                "method": "post",
+                                "path": "/Incidents/Comment"
+                              },
+                              "runAfter": {
+                                "Actions_-_Unisolate_machine": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "type": "ApiConnection"
                             }
-                          }
+                          },
+                          "else": {
+                            "actions": {
+                              "Add_comment_to_incident_(V3)_2": {
+                                "inputs": {
+                                  "body": {
+                                    "incidentArmId": "@body('Alert_-_Get_incident')?['id']",
+                                    "message": "<p>@{items('For_each')?['HostName']} does not have MDEDeviceID in the Entities list. &nbsp;It was not released from isolation.&nbsp;</p>"
+                                  },
+                                  "host": {
+                                    "connection": {
+                                      "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                                    }
+                                  },
+                                  "method": "post",
+                                  "path": "/Incidents/Comment"
+                                },
+                                "type": "ApiConnection"
+                              }
+                            }
+                          },
+                          "expression": {
+                            "and": [
+                              {
+                                "not": {
+                                  "equals": [
+                                    "@items('For_each')?['MdatpDeviceId']",
+                                    "@null"
+                                  ]
+                                }
+                              }
+                            ]
+                          },
+                          "type": "If"
+                        }
+                      },
+                      "foreach": "@body('Entities_-_Get_Hosts')?['Hosts']",
+                      "runAfter": {
+                        "Entities_-_Get_Hosts": [
+                          "Succeeded"
                         ]
                       },
-                      "type": "If"
-                    },
-                    "HTTP_-_Alert_And_Block_IP": {
-                      "type": "Http",
+                      "type": "Foreach"
+                    }
+                  },
+                  "contentVersion": "1.0.0.0",
+                  "parameters": {
+                    "$connections": {
+                      "type": "Object"
+                    }
+                  },
+                  "triggers": {
+                    "Microsoft_Sentinel_alert": {
                       "inputs": {
-                        "authentication": {
-                          "audience": "https://api.securitycenter.windows.com",
-                          "type": "ManagedServiceIdentity"
-                        },
                         "body": {
-                          "action": "AlertAndBlock",
-                          "application": "Microsoft Sentinel",
-                          "description": "IP blocked by Restrict-MDEIP-entityTrigger Logic app from an entity in Microsoft Sentinel Incident (ARM ID): @{triggerBody()?['IncidentArmID']}. Properties: @{triggerBody()?['Entity']?['properties']}",
-                          "expirationTime": "@{addDays(utcNow(), 90)}",
-                          "indicatorType": "IpAddress",
-                          "indicatorValue": "@{triggerBody()?['Entity']?['properties']?['Address']}",
-                          "title": "@{guid()}"
+                          "callback_url": "@{listCallbackUrl()}"
                         },
-                        "headers": {
-                          "Content-type": "application/json"
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                          }
                         },
-                        "method": "POST",
-                        "uri": "https://api.securitycenter.windows.com/api/indicators"
-                      }
+                        "path": "/subscribe"
+                      },
+                      "type": "ApiConnectionWebhook"
                     }
                   }
                 },
                 "parameters": {
                   "$connections": {
                     "value": {
-                      "azuresentinel_1": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
-                        "connectionName": "[[variables('MicrosoftSentinelConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
+                      "azuresentinel": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]",
+                        "connectionName": "[[variables('AzureSentinelConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
                         "connectionProperties": {
                           "authentication": {
                             "type": "ManagedServiceIdentity"
                           }
                         }
-                      }
-                    }
-                  }
-                }
-              },
-              "name": "[[parameters('PlaybookName')]",
-              "type": "Microsoft.Logic/workflows",
-              "location": "[[variables('workspace-location-inline')]",
-              "tags": {
-                "hidden-SentinelTemplateName": "Restrict-MDEIP-entityTrigger",
-                "hidden-SentinelTemplateVersion": "1.0",
-                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
-              },
-              "identity": {
-                "type": "SystemAssigned"
-              },
-              "apiVersion": "2017-07-01",
-              "dependsOn": [
-                "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]"
-              ]
-            },
-            {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('MicrosoftSentinelConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "kind": "V1",
-              "properties": {
-                "displayName": "[[variables('MicrosoftSentinelConnectionName')]",
-                "parameterValueType": "Alternative",
-                "api": {
-                  "id": "[[variables('_connection-2')]"
+                      },
+                      "wdatp": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('MDATPConnectionName'))]",
+                        "connectionName": "[[variables('MDATPConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/wdatp')]",
+                        "connectionProperties": {
+                          "authentication": {
+                            "type": "ManagedServiceIdentity"
+                          }
+                        }
+                      }
+                    }
+                  }
                 }
               }
             },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId19'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId21'),'/'))))]",
               "properties": {
-                "parentId": "[variables('playbookId19')]",
-                "contentId": "[variables('_playbookContentId19')]",
+                "parentId": "[variables('playbookId21')]",
+                "contentId": "[variables('_playbookContentId21')]",
                 "kind": "Playbook",
-                "version": "[variables('playbookVersion19')]",
+                "version": "[variables('playbookVersion21')]",
                 "source": {
                   "kind": "Solution",
                   "name": "MicrosoftDefenderForEndpoint",
@@ -6510,23 +6644,27 @@
             }
           ],
           "metadata": {
-            "title": "Restrict MDE Ip Address - Entity Triggered",
-            "description": "This playbook will and generate alert and block threat indicators for the IP entity in MDE for 90 days.",
-            "prerequisites": "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions and assign Microsoft Sentinel Reader to the resource group for the managed identity. Run the following code replacing the managed identity object id, subscriptionId and resource group. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $SubscriptionId = '<Enter your subsciption id here>' \n\n $ResourceGroup = '<Enter your resource group here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $RoleName = 'Microsoft Sentinel Responder' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n New-AzRoleAssignment -ObjectId $MIGuid -RoleDefinitionName $RoleName -Scope /subscriptions/$SubscriptionId/resourcegroups/$ResourceGroup \n\n ```",
-            "lastUpdateTime": "2023-02-26T00:00:00Z",
+            "title": "Unisolate MDE Machine - Alert Triggered",
+            "description": "This playbook will release a machine from isolation in Microsoft Defender for Endpoint.",
+            "prerequisites": [
+              "- You will need to grant Machine.Isolate permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Machine.Isolate' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"
+            ],
+            "lastUpdateTime": "2022-07-14T00:00:00Z",
             "entities": [
-              "Ip"
+              "Host"
             ],
             "tags": [
               "Remediation"
             ],
-            "releaseNotes": {
-              "version": "1.0",
-              "title": "[variables('blanks')]",
-              "notes": [
-                "Initial version"
-              ]
-            }
+            "releaseNotes": [
+              {
+                "version": "1.0.0",
+                "title": "Unisolate MDE Machine",
+                "notes": [
+                  "Initial version"
+                ]
+              }
+            ]
           }
         },
         "packageKind": "Solution",
@@ -6534,36 +6672,39 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId19')]",
+        "contentId": "[variables('_playbookContentId21')]",
         "contentKind": "Playbook",
-        "displayName": "Restrict-MDEIP-entityTrigger",
-        "contentProductId": "[variables('_playbookcontentProductId19')]",
-        "id": "[variables('_playbookcontentProductId19')]",
-        "version": "[variables('playbookVersion19')]"
+        "displayName": "Unisolate-MDEMachine",
+        "contentProductId": "[variables('_playbookcontentProductId21')]",
+        "id": "[variables('_playbookcontentProductId21')]",
+        "version": "[variables('playbookVersion21')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName20')]",
+      "name": "[variables('playbookTemplateSpecName22')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Restrict-MDEUrl-entityTrigger Playbook with template version 3.0.0",
+        "description": "Unisolate-MDEMachine Playbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion20')]",
+          "contentVersion": "[variables('playbookVersion22')]",
           "parameters": {
             "PlaybookName": {
-              "defaultValue": "Restrict-MDEUrl-entityTrigger",
+              "defaultValue": "Unisolate-MDEMachine",
               "type": "string"
             }
           },
           "variables": {
-            "MicrosoftSentinelConnectionName": "[[concat('MicrosoftSentinel-', parameters('PlaybookName'))]",
-            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
+            "AzureSentinelConnectionName": "[[concat('azuresentinel-', parameters('PlaybookName'))]",
+            "MDATPConnectionName": "[[concat('wdatp-', parameters('PlaybookName'))]",
+            "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
+            "_connection-1": "[[variables('connection-1')]",
+            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/wdatp')]",
             "_connection-2": "[[variables('connection-2')]",
             "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
             "workspace-name": "[parameters('workspace')]",
@@ -6571,101 +6712,194 @@
           },
           "resources": [
             {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('AzureSentinelConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
+              "properties": {
+                "displayName": "[[parameters('PlaybookName')]",
+                "parameterValueType": "Alternative",
+                "api": {
+                  "id": "[[variables('_connection-1')]"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('MDATPConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
+              "properties": {
+                "displayName": "[[parameters('PlaybookName')]",
+                "parameterValueType": "Alternative",
+                "api": {
+                  "id": "[[variables('_connection-2')]"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.Logic/workflows",
+              "apiVersion": "2017-07-01",
+              "name": "[[parameters('PlaybookName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "tags": {
+                "LogicAppsCategory": "security",
+                "hidden-SentinelTemplateName": "Unisolate-MDEMachine",
+                "hidden-SentinelTemplateVersion": "1.1",
+                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
+              },
+              "identity": {
+                "type": "SystemAssigned"
+              },
+              "dependsOn": [
+                "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]",
+                "[[resourceId('Microsoft.Web/connections', variables('MDATPConnectionName'))]"
+              ],
               "properties": {
-                "provisioningState": "Succeeded",
                 "state": "Enabled",
                 "definition": {
                   "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
-                  "contentVersion": "1.0.0.0",
-                  "parameters": {
-                    "$connections": {
-                      "type": "Object"
-                    }
-                  },
-                  "triggers": {
-                    "Microsoft_Sentinel_entity_(URL)": {
-                      "type": "ApiConnectionWebhook",
+                  "actions": {
+                    "Entities_-_Get_Hosts": {
                       "inputs": {
-                        "body": {
-                          "callback_url": "@{listCallbackUrl()}"
-                        },
+                        "body": "@triggerBody()?['object']?['properties']?['relatedEntities']",
                         "host": {
                           "connection": {
-                            "name": "@parameters('$connections')['azuresentinel_1']['connectionId']"
+                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
                           }
                         },
-                        "path": "/entity/@{encodeURIComponent('UrlEntity')}"
-                      }
-                    }
-                  },
-                  "actions": {
-                    "Condition": {
+                        "method": "post",
+                        "path": "/entities/host"
+                      },
+                      "type": "ApiConnection"
+                    },
+                    "For_each": {
                       "actions": {
-                        "Add_comment_to_incident_(V3)": {
-                          "type": "ApiConnection",
-                          "inputs": {
-                            "body": {
-                              "incidentArmId": "@triggerBody()?['IncidentArmID']",
-                              "message": "<p>An AlertAndBlock request has been sent to the security centre API to block the URL: @{triggerBody()?['Entity']?['properties']?['Url']}. Note that the expiration time on this is 90 days.<br>\nThe response from the API was: @{outputs('HTTP_-_Alert_And_Block_URL')['statusCode']}</p>"
+                        "Condition": {
+                          "actions": {
+                            "Actions_-_Unisolate_machine": {
+                              "inputs": {
+                                "body": {
+                                  "Comment": "Relased from isolation from playbook for Microsoft Sentinel Incident:  @{triggerBody()?['object']?['properties']?['incidentNumber']} - @{triggerBody()?['object']?['properties']?['title']}"
+                                },
+                                "host": {
+                                  "connection": {
+                                    "name": "@parameters('$connections')['wdatp']['connectionId']"
+                                  }
+                                },
+                                "method": "post",
+                                "path": "/api/machines/@{encodeURIComponent(items('For_each')?['additionalData']?['MdatpDeviceId'])}/unisolate"
+                              },
+                              "type": "ApiConnection"
                             },
-                            "host": {
-                              "connection": {
-                                "name": "@parameters('$connections')['azuresentinel_1']['connectionId']"
+                            "Add_comment_to_incident_(V3)": {
+                              "inputs": {
+                                "body": {
+                                  "incidentArmId": "@triggerBody()?['object']?['id']",
+                                  "message": "<p>@{items('For_each')?['HostName']} was released from isolation in MDE and the status was </p>"
+                                },
+                                "host": {
+                                  "connection": {
+                                    "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                                  }
+                                },
+                                "method": "post",
+                                "path": "/Incidents/Comment"
+                              },
+                              "runAfter": {
+                                "Actions_-_Unisolate_machine": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "type": "ApiConnection"
+                            }
+                          },
+                          "else": {
+                            "actions": {
+                              "Add_comment_to_incident_(V3)_2": {
+                                "inputs": {
+                                  "body": {
+                                    "incidentArmId": "@triggerBody()?['object']?['id']",
+                                    "message": "<p>@{items('For_each')?['HostName']} does not have MDEDeviceID in the Entities list. &nbsp;It was not released from isolation.&nbsp;</p>"
+                                  },
+                                  "host": {
+                                    "connection": {
+                                      "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                                    }
+                                  },
+                                  "method": "post",
+                                  "path": "/Incidents/Comment"
+                                },
+                                "type": "ApiConnection"
                               }
-                            },
-                            "method": "post",
-                            "path": "/Incidents/Comment"
-                          }
+                            }
+                          },
+                          "expression": {
+                            "and": [
+                              {
+                                "not": {
+                                  "equals": [
+                                    "@items('For_each')?['additionalData']?['MdatpDeviceId']",
+                                    "@null"
+                                  ]
+                                }
+                              }
+                            ]
+                          },
+                          "type": "If"
                         }
                       },
+                      "foreach": "@body('Entities_-_Get_Hosts')?['Hosts']",
                       "runAfter": {
-                        "HTTP_-_Alert_And_Block_URL": [
+                        "Entities_-_Get_Hosts": [
                           "Succeeded"
                         ]
                       },
-                      "expression": {
-                        "and": [
-                          {
-                            "not": {
-                              "equals": [
-                                "@triggerBody()?['IncidentArmID']",
-                                "@null"
-                              ]
-                            }
-                          }
-                        ]
-                      },
-                      "type": "If"
-                    },
-                    "HTTP_-_Alert_And_Block_URL": {
-                      "type": "Http",
-                      "inputs": {
-                        "authentication": {
-                          "audience": "https://api.securitycenter.windows.com/",
-                          "type": "ManagedServiceIdentity"
-                        },
+                      "type": "Foreach"
+                    }
+                  },
+                  "contentVersion": "1.0.0.0",
+                  "parameters": {
+                    "$connections": {
+                      "type": "Object"
+                    }
+                  },
+                  "triggers": {
+                    "Microsoft_Sentinel_incident": {
+                      "inputs": {
                         "body": {
-                          "action": "AlertAndBlock",
-                          "application": "Microsoft Sentinel",
-                          "description": "This block command has been made through the Restrict-MDEUrl-entityTrigger. Ran on URL Entity from Microsoft Sentinel Incident with ARM ID: @{triggerBody()?['IncidentArmID']}. Entity properties: @{triggerBody()?['Entity']?['properties']}",
-                          "expirationTime": "@{addDays(utcNow(), 90)}",
-                          "indicatorType": "Url",
-                          "indicatorValue": "@{triggerBody()?['Entity']?['properties']?['Url']}",
-                          "title": "@{guid()}"
+                          "callback_url": "@{listCallbackUrl()}"
                         },
-                        "method": "POST",
-                        "uri": "https://api.securitycenter.windows.com/api/indicators"
-                      }
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                          }
+                        },
+                        "path": "/incident-creation"
+                      },
+                      "type": "ApiConnectionWebhook"
                     }
                   }
                 },
                 "parameters": {
                   "$connections": {
                     "value": {
-                      "azuresentinel_1": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
-                        "connectionName": "[[variables('MicrosoftSentinelConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
+                      "azuresentinel": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]",
+                        "connectionName": "[[variables('AzureSentinelConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
+                        "connectionProperties": {
+                          "authentication": {
+                            "type": "ManagedServiceIdentity"
+                          }
+                        }
+                      },
+                      "wdatp": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('MDATPConnectionName'))]",
+                        "connectionName": "[[variables('MDATPConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/wdatp')]",
                         "connectionProperties": {
                           "authentication": {
                             "type": "ManagedServiceIdentity"
@@ -6675,46 +6909,17 @@
                     }
                   }
                 }
-              },
-              "name": "[[parameters('PlaybookName')]",
-              "type": "Microsoft.Logic/workflows",
-              "location": "[[variables('workspace-location-inline')]",
-              "tags": {
-                "hidden-SentinelTemplateName": "Restrict-MDEUrl-entityTrigger",
-                "hidden-SentinelTemplateVersion": "1.0",
-                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
-              },
-              "identity": {
-                "type": "SystemAssigned"
-              },
-              "apiVersion": "2017-07-01",
-              "dependsOn": [
-                "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]"
-              ]
-            },
-            {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('MicrosoftSentinelConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "kind": "V1",
-              "properties": {
-                "displayName": "[[variables('MicrosoftSentinelConnectionName')]",
-                "parameterValueType": "Alternative",
-                "api": {
-                  "id": "[[variables('_connection-2')]"
-                }
               }
             },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId20'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId22'),'/'))))]",
               "properties": {
-                "parentId": "[variables('playbookId20')]",
-                "contentId": "[variables('_playbookContentId20')]",
+                "parentId": "[variables('playbookId22')]",
+                "contentId": "[variables('_playbookContentId22')]",
                 "kind": "Playbook",
-                "version": "[variables('playbookVersion20')]",
+                "version": "[variables('playbookVersion22')]",
                 "source": {
                   "kind": "Solution",
                   "name": "MicrosoftDefenderForEndpoint",
@@ -6734,27 +6939,27 @@
             }
           ],
           "metadata": {
-            "title": "Restrict MDE URL - Entity Triggered",
-            "description": "This playbook will take the triggering entity and generate an alert and block threat indicator for the URL in MDE for 90 days.",
-            "prerequisites": "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions and assign Microsoft Sentinel Reader to the resource group for the managed identity. Run the following code replacing the managed identity object id, subscriptionId and resource group. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $SubscriptionId = '<Enter your subsciption id here>' \n\n $ResourceGroup = '<Enter your resource group here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $RoleName = 'Microsoft Sentinel Responder' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n New-AzRoleAssignment -ObjectId $MIGuid -RoleDefinitionName $RoleName -Scope /subscriptions/$SubscriptionId/resourcegroups/$ResourceGroup \n\n ```",
-            "postDeployment": [
-              "1. Add Microsoft Sentinel Responder role to the managed identity.",
-              "2. Assign Ti.ReadWrite API permissions to the managed identity."
+            "title": "Unisolate MDE Machine - Incident Triggered",
+            "description": "This playbook will release a machine from isolation in Microsoft Defender for Endpoint.",
+            "prerequisites": [
+              "- You will need to grant Machine.Isolate permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Machine.Isolate' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"
             ],
-            "lastUpdateTime": "2023-02-26T00:00:00Z",
+            "lastUpdateTime": "2022-07-14T00:00:00Z",
             "entities": [
-              "dnsresolution"
+              "Host"
             ],
             "tags": [
               "Remediation"
             ],
-            "releaseNotes": {
-              "version": "1.0",
-              "title": "[variables('blanks')]",
-              "notes": [
-                "Initial version"
-              ]
-            }
+            "releaseNotes": [
+              {
+                "version": "1.0.0",
+                "title": "Unisolate MDE Machine",
+                "notes": [
+                  "Initial version"
+                ]
+              }
+            ]
           }
         },
         "packageKind": "Solution",
@@ -6762,211 +6967,108 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId20')]",
+        "contentId": "[variables('_playbookContentId22')]",
         "contentKind": "Playbook",
-        "displayName": "Restrict-MDEUrl-entityTrigger",
-        "contentProductId": "[variables('_playbookcontentProductId20')]",
-        "id": "[variables('_playbookcontentProductId20')]",
-        "version": "[variables('playbookVersion20')]"
+        "displayName": "Unisolate-MDEMachine",
+        "contentProductId": "[variables('_playbookcontentProductId22')]",
+        "id": "[variables('_playbookcontentProductId22')]",
+        "version": "[variables('playbookVersion22')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName21')]",
+      "name": "[variables('analyticRuleTemplateSpecName1')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Isolate-MDE-Machine-entityTrigger Playbook with template version 3.0.0",
+        "description": "AquaBlizzardAVHits_AnalyticalRules Analytics Rule with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion21')]",
-          "parameters": {
-            "PlaybookName": {
-              "defaultValue": "Isolate-MDE-Machine-entityTrigger",
-              "type": "string"
-            }
-          },
-          "variables": {
-            "MicrosoftSentinelConnectionName": "[[concat('MicrosoftSentinel-', parameters('PlaybookName'))]",
-            "WdatpConnectionName": "[[concat('Wdatp-', parameters('PlaybookName'))]",
-            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
-            "_connection-2": "[[variables('connection-2')]",
-            "connection-3": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Wdatp')]",
-            "_connection-3": "[[variables('connection-3')]",
-            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
-            "workspace-name": "[parameters('workspace')]",
-            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
-          },
+          "contentVersion": "[variables('analyticRuleVersion1')]",
+          "parameters": {},
+          "variables": {},
           "resources": [
             {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRulecontentId1')]",
+              "apiVersion": "2022-04-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
               "properties": {
-                "provisioningState": "Succeeded",
-                "state": "Enabled",
-                "definition": {
-                  "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
-                  "contentVersion": "1.0.0.0",
-                  "parameters": {
-                    "$connections": {
-                      "type": "Object"
-                    }
-                  },
-                  "triggers": {
-                    "Microsoft_Sentinel_entity": {
-                      "type": "ApiConnectionWebhook",
-                      "inputs": {
-                        "body": {
-                          "callback_url": "@{listCallbackUrl()}"
-                        },
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['microsoftsentinel']['connectionId']"
-                          }
-                        },
-                        "path": "/entity/@{encodeURIComponent('Host')}"
-                      }
-                    }
-                  },
-                  "actions": {
-                    "Actions_-_Isolate_machine": {
-                      "type": "ApiConnection",
-                      "inputs": {
-                        "body": {
-                          "Comment": "Host is isolated from Microsoft Sentinel using playbook Isolate-MDE-machine-entityTrigger.",
-                          "IsolationType": "Full"
-                        },
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['wdatp']['connectionId']"
-                          }
-                        },
-                        "method": "post",
-                        "path": "/api/machines/@{encodeURIComponent(triggerBody()?['entity']?['properties']?['additionalData']?['MdatpDeviceId'])}/isolate"
-                      }
-                    },
-                    "Condition": {
-                      "actions": {
-                        "Add_comment_to_incident_(V3)_-_device_isolated": {
-                          "type": "ApiConnection",
-                          "inputs": {
-                            "body": {
-                              "incidentArmId": "@triggerBody()?['IncidentArmID']",
-                              "message": "<p>Host - @{triggerBody()?['Entity']?['properties']?['HostName']} - is succesfully isolated!</p>"
-                            },
-                            "host": {
-                              "connection": {
-                                "name": "@parameters('$connections')['microsoftsentinel']['connectionId']"
-                              }
-                            },
-                            "method": "post",
-                            "path": "/Incidents/Comment"
-                          }
-                        }
-                      },
-                      "runAfter": {
-                        "Actions_-_Isolate_machine": [
-                          "Succeeded"
-                        ]
-                      },
-                      "expression": {
-                        "and": [
-                          {
-                            "not": {
-                              "equals": [
-                                "@triggerBody()?['IncidentArmID']",
-                                "@null"
-                              ]
-                            }
-                          }
-                        ]
-                      },
-                      "type": "If"
-                    }
+                "description": "Identifies a match in the Security Alert table for MDATP hits related to the Aqua Blizzard actor",
+                "displayName": "Aqua Blizzard AV hits - Feb 2022",
+                "enabled": false,
+                "query": "let iocs = externaldata(DateAdded:string,IoC:string,Type:string) [@\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample%20Data/Feeds/ActiniumIOC.csv\"] with (format=\"csv\", ignoreFirstRecord=True);\nlet AVHits = (iocs | where Type =~ \"AVDetection\"| project IoC);\nSecurityAlert\n| where ProviderName == 'MDATP'\n| extend ThreatName_ = tostring(parse_json(ExtendedProperties).ThreatName)\n| where ThreatName_ has_any (AVHits)\n| extend Directory = tostring(parse_json(Entities)[0].Directory), SHA256 = tostring(parse_json(tostring(parse_json(Entities)[0].FileHashes))[2].Value), FileName = tostring(parse_json(Entities)[0].Name), Hostname = tostring(parse_json(Entities)[6].FQDN)| extend AccountName = tostring(parse_json(tostring(parse_json(Entities)[6].LoggedOnUsers))[0].AccountName)\n| project TimeGenerated, AlertName, ThreatName_, ProviderName, AlertSeverity, Description, RemediationSteps, ExtendedProperties, Entities, FileName,SHA256, Directory, Hostname, AccountName\n| extend timestamp = TimeGenerated, HostCustomEntity = Hostname , AccountCustomEntity = AccountName,  FileHashCustomEntity = SHA256, FileHashType = \"SHA256\"\n",
+                "queryFrequency": "PT6H",
+                "queryPeriod": "PT6H",
+                "severity": "High",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "connectorId": "MicrosoftDefenderAdvancedThreatProtection",
+                    "dataTypes": [
+                      "SecurityAlert (MDATP)"
+                    ]
                   }
-                },
-                "parameters": {
-                  "$connections": {
-                    "value": {
-                      "microsoftsentinel": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
-                        "connectionName": "[[variables('MicrosoftSentinelConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
-                        "connectionProperties": {
-                          "authentication": {
-                            "type": "ManagedServiceIdentity"
-                          }
-                        }
+                ],
+                "tactics": [
+                  "Persistence"
+                ],
+                "techniques": [
+                  "T1137"
+                ],
+                "entityMappings": [
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "FullName",
+                        "columnName": "AccountCustomEntity"
+                      }
+                    ],
+                    "entityType": "Account"
+                  },
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "FullName",
+                        "columnName": "HostCustomEntity"
+                      }
+                    ],
+                    "entityType": "Host"
+                  },
+                  {
+                    "fieldMappings": [
+                      {
+                        "identifier": "Algorithm",
+                        "columnName": "FileHashType"
                       },
-                      "wdatp": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('WdatpConnectionName'))]",
-                        "connectionName": "[[variables('WdatpConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Wdatp')]",
-                        "connectionProperties": {
-                          "authentication": {
-                            "type": "ManagedServiceIdentity"
-                          }
-                        }
+                      {
+                        "identifier": "Value",
+                        "columnName": "FileHashCustomEntity"
                       }
-                    }
+                    ],
+                    "entityType": "FileHash"
                   }
-                }
-              },
-              "name": "[[parameters('PlaybookName')]",
-              "type": "Microsoft.Logic/workflows",
-              "location": "[[variables('workspace-location-inline')]",
-              "tags": {
-                "hidden-SentinelTemplateName": "Isolate-MDE-Machine-entityTrigger",
-                "hidden-SentinelTemplateVersion": "1.0",
-                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
-              },
-              "identity": {
-                "type": "SystemAssigned"
-              },
-              "apiVersion": "2017-07-01",
-              "dependsOn": [
-                "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
-                "[[resourceId('Microsoft.Web/connections', variables('WdatpConnectionName'))]"
-              ]
-            },
-            {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('MicrosoftSentinelConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "kind": "V1",
-              "properties": {
-                "displayName": "[[variables('MicrosoftSentinelConnectionName')]",
-                "parameterValueType": "Alternative",
-                "api": {
-                  "id": "[[variables('_connection-2')]"
-                }
-              }
-            },
-            {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('WdatpConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "kind": "V1",
-              "properties": {
-                "displayName": "[[variables('WdatpConnectionName')]",
-                "parameterValueType": "Alternative",
-                "api": {
-                  "id": "[[variables('_connection-3')]"
-                }
+                ]
               }
             },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId21'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId1'),'/'))))]",
               "properties": {
-                "parentId": "[variables('playbookId21')]",
-                "contentId": "[variables('_playbookContentId21')]",
-                "kind": "Playbook",
-                "version": "[variables('playbookVersion21')]",
+                "description": "MicrosoftDefenderForEndpoint Analytics Rule 1",
+                "parentId": "[variables('analyticRuleId1')]",
+                "contentId": "[variables('_analyticRulecontentId1')]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleVersion1')]",
                 "source": {
                   "kind": "Solution",
                   "name": "MicrosoftDefenderForEndpoint",
@@ -6984,236 +7086,155 @@
                 }
               }
             }
-          ],
-          "metadata": {
-            "title": "Isolate MDE Machine using entity trigger",
-            "description": "This playbook will isolate Microsoft Defender for Endpoint (MDE) device using entity trigger.",
-            "postDeployment": [
-              "1. Add Microsoft Sentinel Responder role to the managed identity.",
-              "2. Assign Machine.Isolate API permissions to the managed identity."
-            ],
-            "lastUpdateTime": "2022-12-22T00:00:00Z",
-            "tags": [
-              "Host"
-            ],
-            "releaseNotes": {
-              "version": "1.0",
-              "title": "[variables('blanks')]",
-              "notes": [
-                "Initial version"
-              ]
-            }
-          }
+          ]
         },
         "packageKind": "Solution",
         "packageVersion": "[variables('_solutionVersion')]",
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId21')]",
-        "contentKind": "Playbook",
-        "displayName": "Isolate-MDE-Machine-entityTrigger",
-        "contentProductId": "[variables('_playbookcontentProductId21')]",
-        "id": "[variables('_playbookcontentProductId21')]",
-        "version": "[variables('playbookVersion21')]"
+        "contentId": "[variables('_analyticRulecontentId1')]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Aqua Blizzard AV hits - Feb 2022",
+        "contentProductId": "[variables('_analyticRulecontentProductId1')]",
+        "id": "[variables('_analyticRulecontentProductId1')]",
+        "version": "[variables('analyticRuleVersion1')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName22')]",
+      "name": "[variables('huntingQueryTemplateSpecName1')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Unisolate-MDE-Machine-entityTrigger Playbook with template version 3.0.0",
+        "description": "MDE_Usage_HuntingQueries Hunting Query with template version 3.0.1",
         "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion22')]",
-          "parameters": {
-            "PlaybookName": {
-              "defaultValue": "Unisolate-MDE-Machine-entityTrigger",
-              "type": "string"
-            }
-          },
-          "variables": {
-            "MicrosoftSentinelConnectionName": "[[concat('MicrosoftSentinel-', parameters('PlaybookName'))]",
-            "WdatpConnectionName": "[[concat('Wdatp-', parameters('PlaybookName'))]",
-            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
-            "_connection-2": "[[variables('connection-2')]",
-            "connection-3": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Wdatp')]",
-            "_connection-3": "[[variables('connection-3')]",
-            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
-            "workspace-name": "[parameters('workspace')]",
-            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
-          },
-          "resources": [
-            {
-              "properties": {
-                "provisioningState": "Succeeded",
-                "state": "Enabled",
-                "definition": {
-                  "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
-                  "contentVersion": "1.0.0.0",
-                  "parameters": {
-                    "$connections": {
-                      "type": "Object"
-                    }
-                  },
-                  "triggers": {
-                    "Microsoft_Sentinel_entity": {
-                      "type": "ApiConnectionWebhook",
-                      "inputs": {
-                        "body": {
-                          "callback_url": "@{listCallbackUrl()}"
-                        },
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['microsoftsentinel']['connectionId']"
-                          }
-                        },
-                        "path": "/entity/@{encodeURIComponent('Host')}"
-                      }
-                    }
-                  },
-                  "actions": {
-                    "Actions_-_Unisolate_machine": {
-                      "type": "ApiConnection",
-                      "inputs": {
-                        "body": {
-                          "Comment": "Host is unisolated from Microsoft Sentinel using playbook Unisolate-MDE-machine-entityTrigger."
-                        },
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['wdatp']['connectionId']"
-                          }
-                        },
-                        "method": "post",
-                        "path": "/api/machines/@{encodeURIComponent(triggerBody()?['entity']?['properties']?['additionalData']?['MdatpDeviceId'])}/unisolate"
-                      }
-                    },
-                    "Condition": {
-                      "actions": {
-                        "Add_comment_to_incident_(V3)_-_device_unisolated": {
-                          "type": "ApiConnection",
-                          "inputs": {
-                            "body": {
-                              "incidentArmId": "@triggerBody()?['IncidentArmID']",
-                              "message": "<p>Host - @{triggerBody()?['Entity']?['properties']?['HostName']} - is succesfully unisolated!</p>"
-                            },
-                            "host": {
-                              "connection": {
-                                "name": "@parameters('$connections')['microsoftsentinel']['connectionId']"
-                              }
-                            },
-                            "method": "post",
-                            "path": "/Incidents/Comment"
-                          }
-                        }
-                      },
-                      "runAfter": {
-                        "Actions_-_Unisolate_machine": [
-                          "Succeeded"
-                        ]
-                      },
-                      "expression": {
-                        "and": [
-                          {
-                            "not": {
-                              "equals": [
-                                "@triggerBody()?['IncidentArmID']",
-                                "@null"
-                              ]
-                            }
-                          }
-                        ]
-                      },
-                      "type": "If"
-                    }
-                  }
-                },
-                "parameters": {
-                  "$connections": {
-                    "value": {
-                      "microsoftsentinel": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
-                        "connectionName": "[[variables('MicrosoftSentinelConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
-                        "connectionProperties": {
-                          "authentication": {
-                            "type": "ManagedServiceIdentity"
-                          }
-                        }
-                      },
-                      "wdatp": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('WdatpConnectionName'))]",
-                        "connectionName": "[[variables('WdatpConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Wdatp')]",
-                        "connectionProperties": {
-                          "authentication": {
-                            "type": "ManagedServiceIdentity"
-                          }
-                        }
-                      }
-                    }
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('huntingQueryVersion1')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.OperationalInsights/savedSearches",
+              "apiVersion": "2022-10-01",
+              "name": "MicrosoftDefenderForEndpoint_Hunting_Query_1",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "eTag": "*",
+                "displayName": "Probable AdFind Recon Tool Usage",
+                "category": "Hunting Queries",
+                "query": "let args = dynamic([\"objectcategory\",\"domainlist\",\"dcmodes\",\"adinfo\",\"trustdmp\",\"computers_pwdnotreqd\",\"Domain Admins\", \"objectcategory=person\", \"objectcategory=computer\", \"objectcategory=*\",\"dclist\"]);\nlet parentProcesses = dynamic([\"pwsh.exe\",\"powershell.exe\",\"cmd.exe\"]);\nDeviceProcessEvents\n//looks for execution from a shell\n| where InitiatingProcessFileName in (parentProcesses)\n// main filter\n| where FileName =~ \"AdFind.exe\" or SHA256 == \"c92c158d7c37fea795114fa6491fe5f145ad2f8c08776b18ae79db811e8e36a3\"\n   // AdFind common Flags to check for from various threat actor TTPs\n    or ProcessCommandLine has_any (args)\n| extend ProcessCustomEntity = InitiatingProcessFileName, CommandLineCustomEntity = ProcessCommandLine, AlgorithmCustomEntity = \"SHA256\", FileHashCustomEntity = SHA256,Name = tostring(split(AccountName, '@', 0)[0]), UPNSuffix = tostring(split(AccountName, '@', 1)[0]),HostName = tostring(split(DeviceName, '.', 0)[0]), DnsDomain = tostring(strcat_array(array_slice(split(DeviceName, '.'), 1, -1), '.'))\n | extend Account_0_Name = Name\n | extend Account_0_UPNSuffix = UPNSuffix\n | extend Host_0_HostName = HostName\n | extend Host_0_DnsDomain = DnsDomain\n",
+                "version": 2,
+                "tags": [
+                  {
+                    "name": "description",
+                    "value": "Identifies the host and account that executed AdFind by hash and filename in addition to common and unique flags that are used by many threat actors in discovery."
+                  },
+                  {
+                    "name": "tactics",
+                    "value": "Discovery"
+                  },
+                  {
+                    "name": "techniques",
+                    "value": "T1018"
                   }
-                }
-              },
-              "name": "[[parameters('PlaybookName')]",
-              "type": "Microsoft.Logic/workflows",
-              "location": "[[variables('workspace-location-inline')]",
-              "tags": {
-                "hidden-SentinelTemplateName": "Unisolate-MDE-Machine-entityTrigger",
-                "hidden-SentinelTemplateVersion": "1.0",
-                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
-              },
-              "identity": {
-                "type": "SystemAssigned"
-              },
-              "apiVersion": "2017-07-01",
-              "dependsOn": [
-                "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
-                "[[resourceId('Microsoft.Web/connections', variables('WdatpConnectionName'))]"
-              ]
+                ]
+              }
             },
             {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('MicrosoftSentinelConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "kind": "V1",
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId1'),'/'))))]",
               "properties": {
-                "displayName": "[[variables('MicrosoftSentinelConnectionName')]",
-                "parameterValueType": "Alternative",
-                "api": {
-                  "id": "[[variables('_connection-2')]"
+                "description": "MicrosoftDefenderForEndpoint Hunting Query 1",
+                "parentId": "[variables('huntingQueryId1')]",
+                "contentId": "[variables('_huntingQuerycontentId1')]",
+                "kind": "HuntingQuery",
+                "version": "[variables('huntingQueryVersion1')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "MicrosoftDefenderForEndpoint",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Microsoft Corporation",
+                  "email": "support@microsoft.com",
+                  "tier": "Microsoft",
+                  "link": "https://support.microsoft.com"
                 }
               }
-            },
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_huntingQuerycontentId1')]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Probable AdFind Recon Tool Usage",
+        "contentProductId": "[variables('_huntingQuerycontentProductId1')]",
+        "id": "[variables('_huntingQuerycontentProductId1')]",
+        "version": "[variables('huntingQueryVersion1')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('huntingQueryTemplateSpecName2')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "MDE_Process-IOCs_HuntingQueries Hunting Query with template version 3.0.1",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('huntingQueryVersion2')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
             {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('WdatpConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "kind": "V1",
+              "type": "Microsoft.OperationalInsights/savedSearches",
+              "apiVersion": "2022-10-01",
+              "name": "MicrosoftDefenderForEndpoint_Hunting_Query_2",
+              "location": "[parameters('workspace-location')]",
               "properties": {
-                "displayName": "[[variables('WdatpConnectionName')]",
-                "parameterValueType": "Alternative",
-                "api": {
-                  "id": "[[variables('_connection-3')]"
-                }
+                "eTag": "*",
+                "displayName": "SUNBURST suspicious SolarWinds child processes",
+                "category": "Hunting Queries",
+                "query": "let excludeProcs = dynamic([@\"\\SolarWinds\\Orion\\APM\\APMServiceControl.exe\", @\"\\SolarWinds\\Orion\\ExportToPDFCmd.Exe\", @\"\\SolarWinds.Credentials\\SolarWinds.Credentials.Orion.WebApi.exe\", @\"\\SolarWinds\\Orion\\Topology\\SolarWinds.Orion.Topology.Calculator.exe\", @\"\\SolarWinds\\Orion\\Database-Maint.exe\", @\"\\SolarWinds.Orion.ApiPoller.Service\\SolarWinds.Orion.ApiPoller.Service.exe\", @\"\\Windows\\SysWOW64\\WerFault.exe\"]);\nDeviceProcessEvents\n| where InitiatingProcessFileName =~ \"solarwinds.businesslayerhost.exe\"\n| where not(FolderPath has_any (excludeProcs))\n| extend\n    timestamp = TimeGenerated,\n    AccountCustomEntity = iff(isnotempty(InitiatingProcessAccountUpn), InitiatingProcessAccountUpn, InitiatingProcessAccountName),\n    HostName = tostring(split(DeviceName, '.', 0)[0]), DnsDomain = tostring(strcat_array(array_slice(split(DeviceName, '.'), 1, -1), '.')),\n    FileHashCustomEntity = MD5\n|extend Name = tostring(split(AccountCustomEntity, '@', 0)[0]), UPNSuffix = tostring(split(AccountCustomEntity, '@', 1)[0])    \n| extend Account_0_Name = Name\n| extend Account_0_UPNSuffix = UPNSuffix\n| extend Host_0_HostName = HostName\n| extend Host_0_DnsDomain = DnsDomain \n",
+                "version": 2,
+                "tags": [
+                  {
+                    "name": "description",
+                    "value": "Identifies suspicious child processes of SolarWinds.Orion.Core.BusinessLayer.dll that may be evidence of the SUNBURST backdoor"
+                  },
+                  {
+                    "name": "tactics",
+                    "value": "Execution,Persistence"
+                  }
+                ]
               }
             },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId22'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId2'),'/'))))]",
               "properties": {
-                "parentId": "[variables('playbookId22')]",
-                "contentId": "[variables('_playbookContentId22')]",
-                "kind": "Playbook",
-                "version": "[variables('playbookVersion22')]",
+                "description": "MicrosoftDefenderForEndpoint Hunting Query 2",
+                "parentId": "[variables('huntingQueryId2')]",
+                "contentId": "[variables('_huntingQuerycontentId2')]",
+                "kind": "HuntingQuery",
+                "version": "[variables('huntingQueryVersion2')]",
                 "source": {
                   "kind": "Solution",
                   "name": "MicrosoftDefenderForEndpoint",
@@ -7231,38 +7252,19 @@
                 }
               }
             }
-          ],
-          "metadata": {
-            "title": "Unisolate MDE Machine using entity trigger",
-            "description": "This playbook will unisolate Microsoft Defender for Endpoint (MDE) device using entity trigger.",
-            "postDeployment": [
-              "1. Add Microsoft Sentinel Responder role to the managed identity.",
-              "2. Assign Machine.Isolate API permissions to the managed identity."
-            ],
-            "lastUpdateTime": "2022-12-22T00:00:00Z",
-            "entities": [
-              "Host"
-            ],
-            "releaseNotes": {
-              "version": "1.0",
-              "title": "[variables('blanks')]",
-              "notes": [
-                "Initial version"
-              ]
-            }
-          }
+          ]
         },
         "packageKind": "Solution",
         "packageVersion": "[variables('_solutionVersion')]",
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId22')]",
-        "contentKind": "Playbook",
-        "displayName": "Unisolate-MDE-Machine-entityTrigger",
-        "contentProductId": "[variables('_playbookcontentProductId22')]",
-        "id": "[variables('_playbookcontentProductId22')]",
-        "version": "[variables('playbookVersion22')]"
+        "contentId": "[variables('_huntingQuerycontentId2')]",
+        "contentKind": "HuntingQuery",
+        "displayName": "SUNBURST suspicious SolarWinds child processes",
+        "contentProductId": "[variables('_huntingQuerycontentProductId2')]",
+        "id": "[variables('_huntingQuerycontentProductId2')]",
+        "version": "[variables('huntingQueryVersion2')]"
       }
     },
     {
@@ -7270,12 +7272,12 @@
       "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "3.0.0",
+        "version": "3.0.1",
         "kind": "Solution",
         "contentSchemaVersion": "3.0.0",
         "displayName": "MicrosoftDefenderForEndpoint",
         "publisherDisplayName": "Microsoft Sentinel, Microsoft Corporation",
-        "descriptionHtml": "<p><strong>Note:</strong> <em>Please refer to the following before installing the solution: \r \n • Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/MicrosoftDefenderForEndpoint/ReleaseNotes.md\">Release Notes</a>\r \n • There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</em></p>\n<p>The <a href=\"https://zoom.us/\">Zoom</a> Reports solution enables you to ingest Zoom Reports' events into Microsoft Sentinel through the <a href=\"https://developers.zoom.us/docs/api/\">Zoom Report REST API</a></p>\n<p><strong>Underlying Microsoft Technologies used:</strong></p>\n<p>This solution takes a dependency on the following technologies, and some of these dependencies either may be in <a href=\"https://azure.microsoft.com/support/legal/preview-supplemental-terms/\">Preview</a> state or might result in additional ingestion or operational costs:</p>\n<ol type=\"a\">\n<li>\n<pre><code>[Azure Monitor HTTP Data Collector API](https://docs.microsoft.com/azure/azure-monitor/logs/data-collector-api)\n</code></pre>\n</li>\n<li>\n<pre><code>[Azure Functions](https://azure.microsoft.com/services/functions/#overview)\n</code></pre>\n</li>\n</ol>\n<p><strong>Data Connectors:</strong> 1, <strong>Parsers:</strong> 1, <strong>Workbooks:</strong> 1</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "descriptionHtml": "<p><strong>Note:</strong> <em>There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</em></p>\n<p>The <a href=\"https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide\">Microsoft Defender for Endpoint</a> solution for Microsoft Sentinel enables you to ingest security alerts from the Defender for Endpoint platform, integrating them into your Sentinel Incidents queue.</p>\n<p><strong>Underlying Microsoft Technologies used:</strong></p>\n<p>This solution takes a dependency on the following technologies, and some of these dependencies either may be in <a href=\"https://azure.microsoft.com/support/legal/preview-supplemental-terms/\">Preview</a> state or might result in additional ingestion or operational costs:</p>\n<ol type=\"a\">\n<li><a href=\"https://docs.microsoft.com/azure/sentinel/create-codeless-connector?tabs=deploy-via-arm-template%2Cconnect-via-the-azure-portal\">Codeless Connector Platform/Native Sentinel Polling</a></li>\n</ol>\n<p><strong>Data Connectors:</strong> 1, <strong>Parsers:</strong> 2, <strong>Analytic Rules:</strong> 1, <strong>Hunting Queries:</strong> 2, <strong>Playbooks:</strong> 22</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
         "contentKind": "Solution",
         "contentProductId": "[variables('_solutioncontentProductId')]",
         "id": "[variables('_solutioncontentProductId')]",
@@ -7305,11 +7307,6 @@
               "contentId": "[variables('_dataConnectorContentId1')]",
               "version": "[variables('dataConnectorVersion1')]"
             },
-            {
-              "kind": "AnalyticsRule",
-              "contentId": "[variables('analyticRulecontentId1')]",
-              "version": "[variables('analyticRuleVersion1')]"
-            },
             {
               "kind": "Parser",
               "contentId": "[variables('_parserContentId1')]",
@@ -7320,125 +7317,130 @@
               "contentId": "[variables('_parserContentId2')]",
               "version": "[variables('parserVersion2')]"
             },
-            {
-              "kind": "HuntingQuery",
-              "contentId": "[variables('_huntingQuerycontentId1')]",
-              "version": "[variables('huntingQueryVersion1')]"
-            },
-            {
-              "kind": "HuntingQuery",
-              "contentId": "[variables('_huntingQuerycontentId2')]",
-              "version": "[variables('huntingQueryVersion2')]"
-            },
             {
               "kind": "Playbook",
-              "contentId": "[variables('_Isolate-MDEMachine-alert-trigger')]",
+              "contentId": "[variables('_Isolate-MDE-Machine-entity-trigger')]",
               "version": "[variables('playbookVersion1')]"
             },
             {
               "kind": "Playbook",
-              "contentId": "[variables('_Isolate-MDEMachine-incident-trigger')]",
+              "contentId": "[variables('_Isolate-MDEMachine-alert-trigger')]",
               "version": "[variables('playbookVersion2')]"
             },
             {
               "kind": "Playbook",
-              "contentId": "[variables('_Restrict-MDEAppExecution-alert-trigger')]",
+              "contentId": "[variables('_Isolate-MDEMachine-incident-trigger')]",
               "version": "[variables('playbookVersion3')]"
             },
             {
               "kind": "Playbook",
-              "contentId": "[variables('_Restrict-MDEAppExecution-incident-trigger')]",
+              "contentId": "[variables('_Restrict-MDEAppExecution-alert-trigger')]",
               "version": "[variables('playbookVersion4')]"
             },
             {
               "kind": "Playbook",
-              "contentId": "[variables('_Restrict-MDEDomain-alert-trigger')]",
+              "contentId": "[variables('_Restrict-MDEAppExecution-incident-trigger')]",
               "version": "[variables('playbookVersion5')]"
             },
             {
               "kind": "Playbook",
-              "contentId": "[variables('_Restrict-MDEDomain-incident-trigger')]",
+              "contentId": "[variables('_Restrict-MDEDomain-alert-trigger')]",
               "version": "[variables('playbookVersion6')]"
             },
             {
               "kind": "Playbook",
-              "contentId": "[variables('_Restrict-MDEFileHash-alert-trigger')]",
+              "contentId": "[variables('_Restrict-MDEDomain-entity-trigger')]",
               "version": "[variables('playbookVersion7')]"
             },
             {
               "kind": "Playbook",
-              "contentId": "[variables('_Restrict-MDEFileHash-incident-trigger')]",
+              "contentId": "[variables('_Restrict-MDEDomain-incident-trigger')]",
               "version": "[variables('playbookVersion8')]"
             },
             {
               "kind": "Playbook",
-              "contentId": "[variables('_Restrict-MDEIPAddress-alert-trigger')]",
+              "contentId": "[variables('_Restrict-MDEFileHash-alert-trigger')]",
               "version": "[variables('playbookVersion9')]"
             },
             {
               "kind": "Playbook",
-              "contentId": "[variables('_Restrict-MDEIPAddress-incident-trigger')]",
+              "contentId": "[variables('_Restrict-MDEFileHash-entity-trigger')]",
               "version": "[variables('playbookVersion10')]"
             },
             {
               "kind": "Playbook",
-              "contentId": "[variables('_Restrict-MDEUrl-alert-trigger')]",
+              "contentId": "[variables('_Restrict-MDEFileHash-incident-trigger')]",
               "version": "[variables('playbookVersion11')]"
             },
             {
               "kind": "Playbook",
-              "contentId": "[variables('_Restrict-MDEUrl-incident-trigger')]",
+              "contentId": "[variables('_Restrict-MDEIPAddress-alert-trigger')]",
               "version": "[variables('playbookVersion12')]"
             },
             {
               "kind": "Playbook",
-              "contentId": "[variables('_Run-MDEAntivirus-alert-trigger')]",
+              "contentId": "[variables('_Restrict-MDEIPAddress-entity-trigger')]",
               "version": "[variables('playbookVersion13')]"
             },
             {
               "kind": "Playbook",
-              "contentId": "[variables('_Run-MDEAntivirus-incident-trigger')]",
+              "contentId": "[variables('_Restrict-MDEIPAddress-incident-trigger')]",
               "version": "[variables('playbookVersion14')]"
             },
             {
               "kind": "Playbook",
-              "contentId": "[variables('_Unisolate-MDEMachine-alert-trigger')]",
+              "contentId": "[variables('_Restrict-MDEUrl-alert-trigger')]",
               "version": "[variables('playbookVersion15')]"
             },
             {
               "kind": "Playbook",
-              "contentId": "[variables('_Unisolate-MDEMachine-incident-trigger')]",
+              "contentId": "[variables('_Restrict-MDEUrl-entity-trigger')]",
               "version": "[variables('playbookVersion16')]"
             },
             {
               "kind": "Playbook",
-              "contentId": "[variables('_Restrict-MDEDomain-entity-trigger')]",
+              "contentId": "[variables('_Restrict-MDEUrl-incident-trigger')]",
               "version": "[variables('playbookVersion17')]"
             },
             {
               "kind": "Playbook",
-              "contentId": "[variables('_Restrict-MDEFileHash-entity-trigger')]",
+              "contentId": "[variables('_Run-MDEAntivirus-alert-trigger')]",
               "version": "[variables('playbookVersion18')]"
             },
             {
               "kind": "Playbook",
-              "contentId": "[variables('_Restrict-MDEIPAddress-entity-trigger')]",
+              "contentId": "[variables('_Run-MDEAntivirus-incident-trigger')]",
               "version": "[variables('playbookVersion19')]"
             },
             {
               "kind": "Playbook",
-              "contentId": "[variables('_Restrict-MDEUrl-entity-trigger')]",
+              "contentId": "[variables('_Unisolate-MDE-Machine-entity-trigger')]",
               "version": "[variables('playbookVersion20')]"
             },
             {
               "kind": "Playbook",
-              "contentId": "[variables('_Isolate-MDE-Machine-entity-trigger')]",
+              "contentId": "[variables('_Unisolate-MDEMachine-alert-trigger')]",
               "version": "[variables('playbookVersion21')]"
             },
             {
               "kind": "Playbook",
-              "contentId": "[variables('_Unisolate-MDE-Machine-entity-trigger')]",
+              "contentId": "[variables('_Unisolate-MDEMachine-incident-trigger')]",
               "version": "[variables('playbookVersion22')]"
+            },
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRulecontentId1')]",
+              "version": "[variables('analyticRuleVersion1')]"
+            },
+            {
+              "kind": "HuntingQuery",
+              "contentId": "[variables('_huntingQuerycontentId1')]",
+              "version": "[variables('huntingQueryVersion1')]"
+            },
+            {
+              "kind": "HuntingQuery",
+              "contentId": "[variables('_huntingQuerycontentId2')]",
+              "version": "[variables('huntingQueryVersion2')]"
             }
           ]
         },

From dd633a4a19001f8dbd9bce444e6620499db34010 Mon Sep 17 00:00:00 2001
From: Manish Kumar <97503740+manishkumar1991@users.noreply.github.com>
Date: Fri, 3 Nov 2023 12:42:51 +0530
Subject: [PATCH 04/15] Update MDE_Usage.yaml

---
 .../Hunting Queries/MDE_Usage.yaml                          | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/Solutions/MicrosoftDefenderForEndpoint/Hunting Queries/MDE_Usage.yaml b/Solutions/MicrosoftDefenderForEndpoint/Hunting Queries/MDE_Usage.yaml
index 43e1e72b3e1..80303510767 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/Hunting Queries/MDE_Usage.yaml	
+++ b/Solutions/MicrosoftDefenderForEndpoint/Hunting Queries/MDE_Usage.yaml	
@@ -26,6 +26,10 @@ query: |
   | extend Account_0_UPNSuffix = UPNSuffix
   | extend Host_0_HostName = HostName
   | extend Host_0_DnsDomain = DnsDomain
+  | extend Process_0_ProcessId = ProcessCustomEntity
+  | extend Process_0_CommandLine = CommandLineCustomEntity
+  | extend FileHash_0_Algorithm = AlgorithmCustomEntity
+  | extend FileHash_0_Value = FileHashCustomEntity
 entityMappings:
   - entityType: Account
     fieldMappings:
@@ -51,4 +55,4 @@ entityMappings:
         columnName: AlgorithmCustomEntity
       - identifier: Value
         columnName: FileHashCustomEntity
-version: 1.0.2
\ No newline at end of file
+version: 1.0.2

From de6b1b259f2105e433a5958cf7140926fc69becb Mon Sep 17 00:00:00 2001
From: Manish Kumar <97503740+manishkumar1991@users.noreply.github.com>
Date: Fri, 3 Nov 2023 12:52:14 +0530
Subject: [PATCH 05/15] Update MDE_Process-IOCs.yaml

---
 .../Hunting Queries/MDE_Process-IOCs.yaml                   | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/Solutions/MicrosoftDefenderForEndpoint/Hunting Queries/MDE_Process-IOCs.yaml b/Solutions/MicrosoftDefenderForEndpoint/Hunting Queries/MDE_Process-IOCs.yaml
index e1268a3f3ef..b431533c2d0 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/Hunting Queries/MDE_Process-IOCs.yaml	
+++ b/Solutions/MicrosoftDefenderForEndpoint/Hunting Queries/MDE_Process-IOCs.yaml	
@@ -22,12 +22,14 @@ query:  |
       timestamp = TimeGenerated,
       AccountCustomEntity = iff(isnotempty(InitiatingProcessAccountUpn), InitiatingProcessAccountUpn, InitiatingProcessAccountName),
       HostName = tostring(split(DeviceName, '.', 0)[0]), DnsDomain = tostring(strcat_array(array_slice(split(DeviceName, '.'), 1, -1), '.')),
-      FileHashCustomEntity = MD5
+      AlgorithmCustomEntity = "MD5",FileHashCustomEntity = MD5
   |extend Name = tostring(split(AccountCustomEntity, '@', 0)[0]), UPNSuffix = tostring(split(AccountCustomEntity, '@', 1)[0])    
   | extend Account_0_Name = Name
   | extend Account_0_UPNSuffix = UPNSuffix
   | extend Host_0_HostName = HostName
   | extend Host_0_DnsDomain = DnsDomain 
+  | extend FileHash_0_Algorithm = AlgorithmCustomEntity
+  | extend FileHash_0_Value = FileHashCustomEntity 
 entityMappings:
   - entityType: Account
     fieldMappings:
@@ -44,7 +46,7 @@ entityMappings:
   - entityType: FileHash
     fieldMappings:
       - identifier: Algorithm
-        columnName: MD5
+        columnName: AlgorithmCustomEntity
       - identifier: Value
         columnName: FileHashCustomEntity
 version: 1.0.1

From ac1ca1024b8660f07ea5bcaae1d729a1861dffb0 Mon Sep 17 00:00:00 2001
From: v-atulyadav <104008048+v-atulyadav@users.noreply.github.com>
Date: Mon, 6 Nov 2023 14:58:57 +0530
Subject: [PATCH 06/15] validation checking

---
 .../Package/3.0.1.zip                         | Bin 26486 -> 29951 bytes
 .../Package/mainTemplate.json                 |   4 ++--
 .../azuredeploy.json                          |   2 +-
 .../azuredeploy.json                          |   2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Solutions/MicrosoftDefenderForEndpoint/Package/3.0.1.zip b/Solutions/MicrosoftDefenderForEndpoint/Package/3.0.1.zip
index 0f5b5bbab2cd4ee9de500858285afd2b59c19aad..5d0bf51c1248a5fe18e850a6d5f05382b934a8cb 100644
GIT binary patch
literal 29951
zcmX_nV{m9qux)JHwr$(CZQHhO+vbUF+b2#=Y$rG0eXs7H>0SM!t9lx<W=(GeX<!f(
z00008fK@j$b=9wx9y=%ifPQiS0Q6t2v6HExi>a!mh^d*Sou!MVy&avEv%TGpmbX22
zC*n_^Kp${nTZ4&(dRw$LbaAghW3n^=xuY$qpdlt;tF)!2b2@eswYcQN4!5wA{^EOK
zw6g>~1PnbV4&3QoHs+%K_ba%Nm;b8bpwcEcNzZVG4t|`N9f^#k7&?t<Cgl04P$NT9
zW&Toej{`psgwse`&Q44mYH?VPujk+i&tcdUjgKnC&|c}jf6MguGWKQ<Qr1Wi<@N<?
ze9E$u-C*PK&fmY0=`xlEA;YyZpDuE!vYCKH1+PKE3>XtOv*=F%Fpgh&{$*5Q1DvQ?
zu+^EED?E#`Mi?=faVT@KdvEzXx(KyJ#g?VGqV|KJ?2?SsEXobVg0O{lmy+9ae}TX}
zM~5L&K!xJuj)kn)UkY=epPU%460z~JLD*hD<lo3&Wia$f%HF>{vt*lhcGeafhIVxC
z4U-r~B&5_$M#qm`$?Ta1Tj?@-|D_WxS~uk3S@y-J74-vKN?%2QlbBB`G^n)^h#@6A
z$kOrbCmaPS&O{hFmu<618xD1b^mvxRq5`3X;VW<?MChnJlNbo5jWobSOf=KXlFrG{
zYSR$omZd%^+OMeJuJwI^D2az2n6XCj76*8e!4AfDlAmFTBVmBBD@9_YOoEm0bf%V~
zHL?I0V&+1YO-P}6NO2%7g{2@NK+RgQWKw4qf&GaG`%?r4wn$jRZc|v%$R!#(5Fm0=
zwR>-h7HEOl@TJiZ6lzj6&ho(T?!HIl-zWsv+Kr4xnu+2xAgFfx2ZOh;(=KSW8qWHR
zbzTvv8E0gs2z5Y_qhAM#(7wh4Hcc4F5pqgd><H()|9(YlJ1MYhsIq72E=DJ>Q^Tes
zC-$IC*ER7}DKpUkno5k%2N(wxO|1fgfTdq?Kmn{MKR`{{#qX9I_BN1vfuqesD6}08
z58;fYgZ>FQaajys4wZ|zkg$^{jS;xn%88~qMilI9t~*hz-f$&p<(VUSHTA|t!MlSh
zM=Wuqir~JhpWZK>JZ$z6u|jTKwc&`RfGU)@?2Pb|9(*isUM^4!c#2&BSCP@d(N74r
zc4XD!?2GVq1XDGD?fC<sZ_ME~bsv$FULY*$QZ!NX=0kk|#hjHB$DcL%elr&5uU>k2
zOjS$?#-a-u^b#Tgc7hQp9V#Qi4{5fJ6vD=E@#+Coiojm*ZUf-JpA1&Uj=)(4NEm_~
zBDb<5q=WIIAJgO@7U!w#Md`<Cs?6A`-0ZI1wuGqkOtJiB;{H_Y+@%Q1ThqReaiNgb
z0o-jZni|Y&f-so@VrkBBjg=m<ebukK)=DNq;>}9B@dOsIbgle;lWF4!dl@Hsj~G5>
zCd?#kF*KOLx#f9q2|$W{AGu^HRNC|2Hn<gSrx`%qsbTNvvr<8S#inugqw)y#IX=f&
zJ=kV3R9Ug(`tS54$J|ZoHH(v17$|Ta_MAJH&t5JmWvb>$%`TbBZ7!T@mmKE^#o`i+
z`XnV8j=UmsM9*1JGzycpD%LW=++~C?bD;p?<2-L%gldp+exRcK5!&4VTsX+YkK;k1
zgn!U!v@(nKl#TolcOk+1yML?J)L2V!Z2#ntBx(>m`FXNgdXuGSk~MM<e*eY$GIJOd
z<H5UTDcUatd<;3^xdq)_7}y=qYj}w_u=fWCxo)x}RZ2&-$Ft}+&MZ?%&!fo97r<OD
zLUS1fNpklF{_8%BL}{enrKj;B5Y%IO!Ac)tIEFFRf=vg4XyKk2879rbBV>P$v`JC1
zAG6y~35$c)R}3U$2b;0jeS_0<Gg#cW1Q(Di*dcOHc;^D_^vFB_gx)sqODrE)eD7@V
zHjt2FocqlV5X2Y$X#RGT(f__1?ba)kJ6ql}WN8mhMNZIM9cE&_i7n@?mUO*Q&)xrS
zH6y>!-f474CdR_5Cajb^&b_G`iKozT`Vs_QWR?2r+Rk1}`hd0|GoK;b(YUxRIib_q
zl6bxf*rVO#OCi9Q8SCS0?IRQLPFWIk5lhPCuIWsiO2EBc?DC34H6<sg9WT}>L8{(G
zL=Sy&s+4N#D)9{~>M6pU9d%tqqF4x9LMfx@h73Wd?d*>7sX85M!UN83$HJ^8q3bG8
zmrB!66L_%B3RNeq#SIbQt*b^4g||f0B-%vH`L7A5daq$kZD;MooZFvox;rqI`Ux95
z({(-L4}v<}3_v<lENDA(Z}pC*4i>~_5!{7|fIR3Aj7vvK5b|F=>><@XHe;|@49U`r
zf;#q$<czsOThKBP)PgGnJL~97uf;gd?Zx%45h!fn+q!;<OKM1!W`(bz5;K+&DSQF!
zORd)M0!cWwfM!_911S4TKwW?EKAJ{dO^(L-NB~mjdD;#U5O4(@t(Lvzp+j!S*O#Y(
z7dQCr66>PK2<)98bR^?)%lM~QTJ(9ZdPmu(0I``D?Qu>D&U)tWO*{+guI~z|o384_
zDzWQXh{IV+iYhr?QSNBrIT%bFf>N5#IBJ!_ihtWM>4L)BdhSHcX0^LgQCBj{wEJzG
z6-k%uU}Yz)64W2d2)a>XDuEH#UCzG#LJg$u%-Ag)=Qj{<t!%b2zUH=e=wtE7m1P11
zr9=^#0}-r{R@&fnt^A(+kV|L4@$s{lx{?aHkHKAvw!3)tsC(L#{y+O!eF8Gc8>2y3
z5PWDUJfS6F?n@@0aU?iVKLI@E%s{XUWEy*Dfv@#bD%gYWVnw7oyZ)C=+&<%tPl|6y
zON9B(-sF%Q+)|Tdr$y5x#@(WXqhhJFF!H0x%;iYg>x2(o(iV%W*dvc^hIg>p_AolE
z{O#bL`Ir2Eq}%LD^t&Rvil6(UowT=YrJoN2>(k>s0B=BbRZYHyylhF|f#EdW?<^dt
zfs*aR|FVvJ>p8CDKX3<F2nSY=fh;nUnxnCg-Z{f{zU2t6h?6Nn-Kzyt^I#>k!QB!E
zP>M+brRLE}TA)b6fcvL{^hXt(y8_W#3Aq|Up6W30C_OlW22(aEX(bUII!H00yX@Oj
zQ=;U&UWeo;W!3r&bAGluqC4YGkXDen#4FA?=)SFy#Lg+C>XD^^X3TLQ*T1ZMA-5ep
z7vWdAec42^5np41;0KUdJPxoM|E%_QiDJ9f-{^Jwem!2jjf9*Do$?$sHKdcP^qf}I
zQtT6vbt(&t0S_5_+z-V6orpcG&&Bk9(IVc*w#Z^e5N^D+ECg(9;VY#s8`OX}t^AHn
z+7D&f9qIs=RkHLFE56Vu`uXJdwEVj3ha#ol`}h-`+&p`(zZK?YC)QgFdzI#}<@B34
z;*}wj#w)(%v?dwjkn&&69&g~ly=;EPL=*ur_x8@lXDN&Ca_8OM%K!AcG4tX7x!-+Q
zQ>&|Qh(~7n-l98=Abj1?<4_5brxx^D*h3h|x=rDt?QYjze$g`2(<vKMw|q<$b@=IC
zR&6HSG=5xQ-4|u>3SsMd58br-RBu|iuVASAx_Ca`tVy~HrhJrosV9a`L_ce*etDs@
z>^69(JJ+?G|4fooJ2ZZ?^Jv3jK4u7|Q(tx|cYewCJZyfX`4&^n&3onlYn4;;d(<X*
zk|tVoxm4qe(aIf!fBoTC_&<nB>u#ow6Ey3XYzY8hg9`?L_zO{O4K3|dOl=)(eu3)$
zg43%WYj<qUB(hK6xs9KImFKt;z9JH(HWTm36*X-)O=i>d(WL6xx~m~M(=w7cO0sCl
z&C<H(k1c(jhbU<RdJ`p}GWpmM5F$Vm5dwq=^4rs&Pkad5Pts@mL2dg(%*~F>x$?W_
z9^U7v>st1^x}hxxroE@{&WzA5KbNWe5%1uy@1@=E;$1&~dWiDFv$*9h2>Wtld%Wv!
zcO2R8mr*$1Kz!Mg*Nysp8az?t`@HXKzBm5wPqrNIKz4H8*W}Lt|9iBDYzwifUfj24
zinzLyitvLG7p$2Rdb<((65$vK-x=C-AsMY)@xu|EKA0KL@Of1hVaVF#TdEw8{YzIC
zZ&t{%1q-G<0+rroIN6@eaPH8L?DIvA`yS2<{vXI6j=t=$Bi}n8wk)0Kx&+2pGXC)7
zi#J%mO?iK~L27%(yq|xu=q)>Ani%5InfTu<(P&GxSGsp;bDCPEZ~HAq{%l$Ie74=u
zCl-j|18{$IrWZ(Hf*AxJAY^+u#C9*+*z^4dmJsI_`29}k&vW-gq8;alWWD|2z3sa-
z|B82P@Vg<t(~1;J^1$~5D2P5}BYYidvwR@Q^YULt+I<82c45A;Tc8m0<QCVzrm8oe
zrK$bAVUWVIiS+d~`}?5d*UBKV^^HWf<kiJzP~Snfv+aeir6>{&uVah^xevETD#AbL
zNpu7;AYta8(R_R2ydUXjb5pL_*hZaZZ*Aqz7|+3KGBdHZ2ZnuSd*EmNjZ=zz<@_Ty
zhHUS{j{nB^owiRSQwox6?1&{h$oSUn$e}MIEj$4+qi)Z3Pd8?$W;U#n2X^$O5<Z+m
zwnV{uXD+XDMLLM<KnNQe66J|~GT|q)+ufSUx3MiJVgY<ny^tZ7qZSC0?4_CXI7ZWY
z^mKDebE1+WQ=6h?y8IVVE$FLc)aa2ZODDEYKDamKpX2RH_N$?TBQtc*+XhV*^Q^SK
zVnG6~=!v2mO^D@fFk~6Zj2;uO?$;NV)kZHx73Bx1M2P?2ER*Y9=K&trHnVen_GG-9
zZzfoCmGAC5N;^ki=J*#R%V>6Y1vRx~a19N2g|JD_GkUY)H(ep3HEJO;W{Q=+m0$^T
z36@qa&O~UN50+=he3#~~Sw=40+1^<Lw$~Y2FF<|moy{3Be)=IYptb{K2HLDpbkHpi
zU&}-kGbrr@40E8+{Dzdfdz~+&)2<}dAZ~a!$$9qIHelamU*JZ-9Ol4(SyE;!my&Jt
zF;M6GH$GJI)nR%W1U=pl9nyT34l(@mB{6dHaKQmjo;h-hgk&Gq=3Kd#yqZ7#7{^qP
ztm&T{2p#aem~E)6N@&?xtFB=lz9?HMARs>+Nf#M&&r5<`Whl`u8@2GFW=d-oxQkn(
zoXb~-kL6OydLb9GXQ`s`uoX2=CVA;0wf&@0mDmV?xgh)EJ`*zBiYsOM!5F}lAl3z_
z41!f5*9GVdfKvltr-8t7@=2lA1;`D6ivv<S21&G|Hm07(D6~5@FJo+AWtvoT{waS_
zO=I`8lh=FM^ZtNsz3>{H%-wi(xUa1d?yLh_kuHH&XlM93N8>2R_jFBByerN3m7aRa
zTKS2e1WQvMy_Tv7uL^(tiD`Ex&Zmm1c6_WgD4f(I@Eo#Qoo!TWG3A|m<|RzKhLLJ^
zsaCC<*wtv~e%1NTi=~M_{6{q1MTlrLk&`;o(f<-^*@NSqOwX7vsj~*(&PLA&`kXJ@
zISws(JGyUEhv4Cfo7q8KNg1N6rBD3Nh*Tl^y}$0}{#i>9e;icT9Dg119f0I)N^|H6
zq^F~W;<#>cu@j{;nJyocOohH6XiE&)AH~26ERafdX(A=2Ot2<OmL<v6Af*QQLU3Ht
zBJ@IlP6s>|at%<T1CEPA2V7yF>#W8BHzTx~WAeqt?vr!B<M8}(1>d8n^02dI7{Hor
z3A{%CuZ9M7YymG5)MhbNaia3V<R)=v4X>5VDqf(;l_I$56{5;2o~zm_UZ!a+hZO1D
zL>iulY4dPq8k>V~>^3jk<j!H#P!jTD)UI*o8LyqpBVMq`jU%||4Wr5<p1ay3UbbjG
z$0W^Gu1NdtctgMBg#@Uqs4S^|(>qop7faMiq3+)CRqLV)MS9uLXvsMOiEKD-N||s4
z3$B}57TnCD3QlRr)?m`lf{rA)yy>s|P=(ji#Kj`Gnr`}X0@O<4PKjJrG9_^WM6Sz%
ziCjTZ%Zlcr|Hf&QMiiyiXG~D5s?LWeN0C%m79v)Wi!FE?@j`M!)H?FULoXza2cJMl
zbmV_GOTJ+6sib-EX_!W5M9~cM`pE*P_wE3@=c~Me6qS}$G}UB6+XCdGQn4X#GfqHG
zkXl{-*y*W-vC|7Gsk$6DrMg_9(`!?+)5|KY`hcSJv#cFNb>%S$v>gmp)@5w#Lu}tj
z6`+100=>A9|6o@=$MJ@p%<u>m0P)bCMRLN)H0BwX#N_STU21ZiK*mT7t0Lt==A`gX
zk>09}jEE_5Za3h8<U1-@aY0c!hpLKXupw!GN0J;^8j3K%GSb?<1iVCrxMP9lt~9Vz
zD_L<>mdYjzi)vGuMNu+~GY5DzkVmZC>@*{;uc(4}UuQ)eA5Bg1-bhCrA4dc6-k043
zCP7Ovivs8AxvYdKZ*a*#tb{6dZcQdIj|S?vx67be+}#;<5YPLJsOO`hA>J3=sORHA
zAl}!tnAam<Azo?Vq~@H7xRn(a$n0p6O8X*YF6Vl&e$;b7jJTi}y<3z=yq_~5zOTlx
zcwaOjzOTcycwd(wzOTTtxMhLn$p-`WMeVo~Xk~)rd4)-}iYB?z2}hhCWrFaMrKoie
z3FRRB`^<>_qah&97oC{H;{YMf*Y&8wBcLEoX&{=XoISae6@@9J9d?@aMacwC?*jdZ
z{n>l1MIAc1=%-j;C%~_}LBH-I{JI-fythLT$43xV%rZ~3lu09KiCZeMq2b^3&eg~?
z=I|&ji1WTn4RHo4jX1JkPZv`RAANY{&X`aPA9r--&Yn^XA8||p`}k!f#Bq&5eOF(+
zA#}pAye1JkDM3lDw7JO@$RuvpKsE12opmuHiP-*Y!{OJ)_OA_>UmH8WHavc9>{7tC
z47)6bPHITfs*ILSE(?%r@wgS&Bi5Fu0V^oXOQ#cg74PZ1is7U6E!-FZh~wi7EZo>Z
zh~py+DPo<4Pf)NCz2pO4kT!!?>HgJ}z>Y0}oespQfjZ*FGQ`dx<^+q9h!b>9!~xbI
z87qkXl@7nM>sJbp{O&pDs&dgAVCzv3*d)AxT_G})^CMWbkzcgj@N^+Iu;|%nLFard
zAdQRh{K&85_?0`qlECFRM<@>`Xm~V4dkQjX#1)8hJ78m0iK~IU66Fr21#y5?&Eigi
zIKUbR;snuyIl%rB#QD5*kvawt#4QT&<}tl|8R0-tC)Xokj?S#!BS)vMdL!w8eH+Yo
z@%VVHcrWkyZ+c_l@m%4;!UdJb!{O`mdikWzR%OYhc^|j3q4w~toFq~)&M|6^N^lQk
zfcC2O=-fT09%bCOoFAqTk27|ZsMRjZ>pflCN^Y7hrZW{+k18LyV$!3B`8M}+hfX~C
z(++OvChmYQYI(9f!NYgoo}E>o^T53@cD=xR$$ysX&Edbw2L~JcoTuWKIM<XVo4R|}
z%8J%MUD8QIsL3>D<Z7>Uq0;L^w(ot`9l9MuIBnBaszz_w`_)fh*)!=<GIv>Vkea1C
zHf3&zs#uD(OYccs@ZQ5c$HVdTxx3sR6}+59hP!_BzLcQr;o&{Of5^jikHy1G>ov(7
zwJuNBHOpfeJ_BZKq#Jdp7(6Fk6&XKMolH4p>Y9y=b98c8-Q6EVP{VN4+12Mh=uZaI
zu8203`?&ZxnAm(O0TBX`MDB~To!lQId2L8=(C%i>7S(%rGe*C>x{$6WWGEP&%7}M!
zhddkjJM`O0p39o=uPMILD!U#uLW49F)y>`KA$q2CC7B!+t8jUpi=u3V339-a3w}<K
z<f6TQ{8PS!=6n34-*uHlH|;d!?$J1O=3@GcbQn7+zGOx58Sm_3NTQRtwh=hOCeZf*
zd9-EelcZ02o8+UL)ZG=(7j)P;h(6wn+w3zX_e9JefPtslpw<QCM~^7MkB2$({x%en
zyO$wyDEiF&VV?RS1FhG`Yr+BQ2qjz!OsaYI{s33fl+9XJz<RqNCTXdjbQbzMWg*1+
z@`j^+&z~bzRRKa$nQ;3B?q?d&jaSD>rQ4U(6DYDNylKam760HI5rVQPZ5icWj*=yh
zo_?t4Go&LA2`PFUv)=b)rXO^+1#)ZVv>zL8G;0+Bf$irL&A^)Fn7>;cq6xyh2KSw)
z6VencmR!I7j-hKjur0VtLhu4ETMSuydDo>ppQD$DbW;?a%}{!gj4%8t*ECc1ax0_I
z9Z^o~k3xIULi`we#8!^*6Lt|p_9{w|rR$x%z)z`vS+usl-G`V`Hw0-Y_i3cF!eX&K
z*COTgB9F5#=k4r*PMZ+Fho+~yzaQ5dcE~OA688fWjk_)Sldf(CEX>^99y2kbQtTMe
zYVG5U>Df$B);wJIE;M+Iw8R%{XFp^hlD#MyBh16_`C-dK{Gya7Sv<5u_#j}P{Z4W2
zh42PlM8Bab%kQ^~l=Z^3*&}<DUa?hef4Fcowd-<YfAkX{bQ%n}+8s>(^K9GeeF1+5
ze^5kJWr&11U>^~#a|rh};c+&mcNyR2j(X|A`%uO{On^PXQbM8RNF1v3$bzk?9N=&#
z%JMR5)0!3PCsDVT)R*3d8=irk;q^B^+RJr*bu0NWy4hBCN}3+75>?aglitsA8FS64
z#QN;b`Oz|1>8quYu>4*3`N90H<Zc7ccf{T|Qa{#wuA0SL$Q>H&O}>VX)Qh9?Cv|V2
z)B~|rnTaH2jifTdr;cAZ1eEUfFV#$xMyPG4(dCG<6Z5S1td}b1(GrRDv%bdN&h7yz
zXmx5dVr7(F4}aS@zdzEXP1kxzk0FXYkx|*qjm48K^(ys`MwR;OzPF*(<g+ZS_P*No
z85o0B3U*A1q;MFTeQqCo<mChewav)V9Yx;)^`4pNwZz1g0CO&j7FoyIa#k_1=9^sU
zwW&d8A?e3!lBj7f4XwC@MnI=LN$p$fELh-@!BQ;?0<v?8{T51e(O<cpJedU*pPR)N
zQ}?KR(x?K8?i4MjiwYl(Qa>s#(jGB~jBR3wOPIcDgk9|4OUpi5o>`e8Iw2aCVI)ZA
z=CIS|xSjn5_kCKL%_A9a_7`(;d2@4^E3hlZXL;D62=2&i$ED0WjWw+ey`}QK!ouu$
z@dld?ZjLg!Kv^I726c23D>XHo;9q`OFJoeikzp}^btCS>UD<Bp8y%JBR*kM@(}~`t
zxPaP!$g<Gr9c%}ZH1v;X&_3npZmsEx@>2iSs{dgra)aFDvnuLiV$_0LFHE$hYD0rj
z7Y4Z+*rOh$A$6h}XnpNh`(2wxsqUJ&wrj1(R(C#8<<-ne9j_<E0W~_yJ?`)Ba6#!D
zuhiBxE$ivDvOUP^ZAIy+C$z74YUZZ50_&*-ySHBESN@f4eJNr)=bf<+g<`6B2CS0b
zEil$#*Uz^r^2y-Vyqab1h<CL+#JWD1yG6``KUw^D^3*lDdDf0b#+bVIaCJb86%|jh
zLmL<ITFlIK^+H8tq}4&@Gg64KF~=!ecbVpGFeSut_VjW$Em5T<?MO$a&_<$yQWp}i
zu!pbbF&wk=YTe05^;RqeLv0)KfvhL)bAHb-Hy##tp-W4q0*xQPu?ax()1`sNFFU%A
zlZs_{_`tbov=+s0oEXLJavXiy!8~`1gg3jvMe*Iqsu?r3<$?H_oS1WH?iX@3yAI!;
zl*Vm=<h!-G`|Yka0o_gchUUUsda;E;->7XvYHII~K0D#gH6n&*)EAw~N*G1wh->p>
zx6kT{p=&#%2>%3Z<DxIF4gN9k%(l5B`f%lAE%wDiP|f$j&XzO6-O1YjjdXRgfWo`G
zC!X$pUOgfZv2n*o@*yvTsE#Y1d{OI(^0B*~ZA*GMjfJ#(=|xck!N(ai%vKlCdEIvh
zmHjQYn@Ttwme~8~S%;iYMj1K{{c3~9%rp$OC0M?6DV{GrfSY!gDDO2#M9i!s*uu9b
z90o{^mh8UccNOX{6A744Sbio_RW)%jEWK#fB^hd~l=-Nnn*0;3vXK@qx43oVLDV|v
zlD1NUy;xQ0T}kiF^HP^8z8wX8Ez)d;&H-twrLJLz<e1)?kVBF_o7m-L!9&ot$^;*q
zd0ya1)x0w6Ayd;ZlXRMd+G6t9qy$&SP%p_@?}$28k78Y)rKZxP*g<IE8#1j$-O~#R
zy6<kJKS_|!#)e{V!$I5T{zxVp2tKpwXQ;Ss**H<3!{SsvvaxFItYtHgIAVOz6xGl)
zHbXvG!#`q`P;6iz-9UzHoAnS+;ieX_le5Ftc#kG~MVeqYLBrqU2W{5*<fKj4e(a=O
zmvmdvt`$X_=3=eNKuVxZd4@*SEJGgc;*7OQ*DcnGT2&{|)#@H3dLZ#4g|Oy$`YghF
ziSvX9VaI5K-I<YoKZPeSEe#vnddb`@D9l#O&1@{Tx<c~@R~CQNaigH%T0uN+YVxb7
zb{e~;q^cF5e#22SO}+GqIzI)I65Y+F=G$85=g~&s*$REGA$PXjYRmR=rKt<rsI$G5
z7uYW0mQKcIe=>VQX)o)1lOw8^rYs_Z@RgLfyD<Z`43wJUZcJ{Ge}QL*xHP-wa#v~@
zS(|Jj&nCzTyMTE^4RUS})b4W+5waUuIq)NRi;Tp3m;DCrXR%NJRE~2$QPoXc&ekRy
zj24Fz_IfIDso*;?*@ssw7MGLqyo;DzllQhw7RCLj<YNGrlhyG^CB^WAm^}4Z^QonB
znfTUHxsp^PGLmh^6K#{*)@ssO;ig6MYsD5mD<x$+Zsba1bGs41jY^ukP4QY_J8}l8
z9nX!Ntuqz)pyP5ottc#0;bFK;WG;6-MgK(3M$N^jxC5@Jk^|q}%o(ftdgPA*dqe^A
zH|+HqrQCNAH1Q?n2LwNg^Puf*lQ<(pefNmRcXb0*%#sd^1QXH(4LxqZviqdUndhJr
z(C|dDm6(ma%&BAsKz8Y54-mikso)9e)+?+wlkyI=1*mnCpHL(F_|j0;Et8>xQ9{8b
zy!KYt27jbySEiy#CC@jS-Zf;ZV5Nyid5wx!F{IkKOXuFUu@4T8y!hQNqoGOQdD`n4
zTi9`;$!>}-g>|l{-~6#<0saQdC-BZKyh&{;@A~+9V|JwP%My*2%-y`FDNokSggNhy
ziL4TZqwJQ;zQN&S9bWt9%3=HEKf>JG$OPzEqy{cIwvWG%&Iq!Rtca3Rg679Q`yYlF
z<H>bKts~VvSqXsS)P}sASuw9hB<{spbr?)+X6j0&t4Tw<--Mdd<0(nnRf~4xt4Sr)
z$E=|`QHr;(rvENh6G|5KmDtu)rfR_Zbds)G9$jR-_{iM#k%Mf`7hLHwhYB@-!fZBx
zo=~9ut3Dd(ItRFP`BYmrESPksTb%=_b;Saok6V&%V#m_gU9jlPmXG}IPCZcO^zZfg
zr$@E7_E3=}qI`NaHaa4WO6T}1Q~Z>bRa3Nj>6^63rqHst@Rf5DX~^^W%~(j<Kup2W
zEfbl*{7bN}m$Ua0X0IA=dS4Fa91g?<U-!Sxr_S84WN&Y@v+Zw7Y^+XH?%c5Lo@9uc
z9H*^dyoK%TVC^$2P3LN)_mz13MLZMJli!HX171`80EyrzH1l#qV^|%MM!`(4Cbctl
zD<y_=9|IBliF^Mp-Fh+N)n{7x6rYSZ4FkUHlNCw7r@)|*aC#tjkMYaVq~q5`{={{f
zS%28$vu}`Zf5!Y|(#<@|(?f_&>k$CDJ(jndybkJjy?K6o;GGg#TdKr>G5;f(r(0}E
zQxveQJtXK?!#Dlh=fR4CrViKc!?Q7-fIZ^~6M~bWF{18iffWg|6pcVxiZVhOYt}Zq
z>7npjSdxiNmOVH04Lq^M7+dcqT=vWOmOvGO?|E&Ocuh@Gl|cRz{QimCK0HZE_N?U-
z3i?T>$ntX$-g6$WCAk0%LP^kBj%sU?&jv8zzf+os63bT*FRKi&2HoOSgbkuU>}|wa
zQPr9<Sf@8>7Cmvd!lMGFa%=U+^{Ke7D-$>9j~1nmG>Yul5P#Xx_Qbe2HlC}NHMgY_
zP%^~m*8UB&eN9XfwMtz*K15=qU#*!aXJ3s4rv5|2q&f2B`{Sh5i_*6uR=n}9E#QmR
zgkgbKEp;UhFuqyqg4hIpf_sNatM)9Q!R=1v;4(?B#Fqox(bKZ0gM_%QLf!y!I<^#-
zqB+=@L>VGy0?}h~F+{SFq@0ch``i#F^ZqMXSCNjICU^y44-8ydNAQJHZORdsbJe6~
z7WUxR(R^04&|NvxSb2C1{>mwAQf7Ki99msxddozvlwSyA@Z%26u;_gwo1GZo_wTGl
z!$@ETLJCy5oK=x$J$Z@g!8jV0FdKMfz7Cof^;-z>fZsi(WKzoR$iuB#Km%b&wE4<c
z@$Ppb4z4LoM12uX>_xo}xr%qD6f*ib`gAvyMwAdg$&zN4=XHL%O78e7z~S`7a24ep
zN+4t3<R5Du4N4H_RXnuG^?}Dn&DW>6vDfrSaV0Bh?S1<KEyN^HX6&E@zlA)MbHb&u
zi+*VZZzI@OaIO^9+v$OO4=|juWm_8bcEx4F)B}b748i$vmCjp<73`y!qv}Hp&%^Xv
z9-r>emL#gS1(fxnZ0rC<0hi?0(Ft@GF<vs++G2cB$9@XsN0Y@0?f#1GE_NhS<*d@j
zG9<e`Vw*l<yS@it0W+ZD&g~d_us7Z9n1jdZ+bs(ov~T}ITU_neovn!6Nr^pOE`t)d
z+hh_6dtoEOLs$?lIG~NU6K}U{$m>xWtni~I1g9&oJ$z!r4{148cCap<x6F(xT}IzA
z^KuC4?k&V8jIrO%&dQGlCboJRN&(P>h#=O4cn{t+aA@rNiTS?yNj(t;%_|G<Epwk8
zbUYi`@3Np<Th-*H*hwqhPDwqVYGi*ynu1M&^iQ`jc9tqK>28epX0bzW@;Cb)2UVBH
zWtw-Zq%j00r8Zq)X>kGrAPD|U9f>MHNu6&)i|)1<>9m;v-p&p}`vdR-vlUJHNGQ^R
z&5V4E>RKD&##i6eS{{qwhNS`vsXv$drZJYWgq`hj)VBhwdvkj3dVw+MVvrWSb3#1P
zP5Gg)%5}l_@1DgcIHYb%{JLx2HTG6Jw61<oykbGX`k1<f3wWxIVCo)8s=gNBvI~0W
z3~WsT4P}hBRE@R6H1ZVTWJy1IX;`wA(k@1x1$^2iXKcyxb5S}uGQwM<bPwK-WM*cR
zut#JyY_*3!((c$pv&(`~q+>C<#7mB;SX3WfgmOn%A(PR@FL;-h`x4e4>Qu73`wv$T
zXh(2RTP;wV;lSpbZ>VlT8(oD2S7(h$P;<R7ff;e^)U3U@z-_F^PR?l?6-ss@^SSML
z&m3FX5z{vnw^BFvC78X2cHOuH^r{vtgW_x>Py=Co9Y{$xkr%o(Bpu3dV%?Zr5J}Jw
z@8rP7f$Mw6WjLiGS%)y7K!myDO_|SiVj9?AC?{7+O$p}MO(80l!RucRj$wE;DQzV7
z0;2W_3Fx?pRq)YbMyg|~gjIwkc~U_Htu|*sJ@3RJbwZJX^Ir;%5Y+JxOd+~|lDg4_
z<e*CSmg#(|$FrTIH|8wH<765bZ{v`xt5GUu8EuF%N^U?j(4wWJDfSK-l+2iFphr~E
zf}<qrxJtjP-r_J25Z9nIHC_jT>m>T~xSZlNaMPkpQO3B{LM}p{g(7weV-{E?4k!Z-
z8kG^N{wL)}h9<`eJ3a6do~%Ux_{@w4GEvir=5UKt5r+y?8j=|-gC;;qGRl%TNh!6H
z{#YAgDfGQP_yftvHfaHGib_4qp$vsU42fdOXc9#Lpqi56pRsp$yO2W+gXVr(;$R^h
zI06!y)S^-?8+ArCg;+t9Q46G*h1i!=vEI9<n~*cfBK#3En8XyiuCqO|^t;DB`BN3c
zBsZb@>n3u6Qi}sv#Tpc2(UlIFV+f_+7xPB-#HSRJ8spT*2uC9;N-P4uTs1I*bxA-5
zbd)K%i_O0qk{cd?42Fg@fd%VsN-@x}chXqY7W#&-%VN{ql#?&kJkTCDlfFPghEv@}
zk$x*&^#NrelQ(TzYm?S|i1$&8m8r_EZ#xox>~1*a7Zk%dfS80YjPlyKqMcRjY?^{^
znj@uTPsy5jC7K^L9gUyGm$d-rfRk_p`r_Bs7#!>$1LHm_Tp+a$n^fllSU!NHwdLDa
z)8J(ZL)!|Al7Hke5tbJ_TX1lz4!zgM5}asQ?kR;Ew{ohYpk`qA{hTajLJMA%fg3dp
zFvfZYUa;z{S;Q7H?s_JnL47$aCVYO+Ngw-_Xn5RS_9f!*n=6Fg_V9{5R7V9p&fyuL
z?JiL#UpwapYGQe~?8gLs$O8AUkGl^elz5c>`B=R7zJ;J3@1XW~5JPX?2eJnw6m*~=
z(Hr#XC2!Q&u?2P@PO|b+3$z2p_ak{tW|Re6=5OzGw-c-3xus>)30TvTFb$f8<Mp8%
z&3Q^r_|tW`p1AYv1TB_bcwG7NuCt}1C6KQ}{GSZ5y#}m5karE|^8TLQ?@LA^*XCQF
z`>3ly%r4=r0-fM%B}kpH*JCp!gm#b095;%G->)I`hvv)&9{FCz%f@<vO9Y;f_8#|8
z?&m4J50m^}O+RP1j`3pH{G0H2Pu;#hjyDEB5cC%DaqsE!;0K}R6X67_7?!%PD%t1I
zQn`#SPfroU9>ucpZZw~`wq!foC?<FMH<0}wosY0xpN=u#p?<{3BjNGipHmL$VadgK
zW!gBR@i~PDSYsjfgMV!$j2I+TL}I*5_V2|quGko_7~AXF`kJr1q5JOkA%LUY14OTo
z^j*H8FUkBLljP9zKY^bX6O7&%l&MO<{7<hf6C5-IDShdp%7Bu3{g*HJ7X=oDug8+1
zm_gF&hFkjJe~GYRmYzT{z)ig((q^4|3wP1mcDX(&Yzu^&@fc6`J%K#$JkK;;U0j&m
z-J%-E;PeI&*KO{zCLIfH=tK3E0~=BeD#Sc4Y%>4zj+akfez=!e@4SC<;ofUgB5y?$
z;oj}Q72MlhLp|Kv-V2`B4mYTBd04^~d@Ll*zdE}K9_Nl1ovyN1lhzJ*Y$~`ry<?It
zAsDe%bk1S#p@<jtdk$eyR}=Ikwb7R*WWWtvtLB8!r08!B00w%r#9dgR0NaBORTG>H
zwn`Yt1sN)K;IdHZJRAvV`x}84I1%aKJ?u_KRg?#e+LROuvZjmB>J<n|94<3h9On$J
z0;~#Sx`;(kR|9x-W_L)45XmZTnOex7BZgL3su3uwg?-BfCRAbx)*$jRJ>FI2goZfP
zMZ(d@%2E?Nn7mb+nZXVa&WKu%f@gM)h}z)wDE#A{YOqFIx=8Y28b^vPpUQvtGOMb0
zZ(e+9P*;oK2(;mCvivxi@lxOnsB&H;xDxR`g(XiZU9pBNpj^jcNpg$6gG^PWONF-F
z!<BHh&~KV;2q^wm1VA7-Jbw1`ZQ!-Vwo`&r-IefTVicAv5pAlyLxr}cPdJ-x$rf7*
z+qPT9<{~{uA)AJFxF@UsEo}5wBL%$SovF1-aL(Af^3%2pCl^R3ZOiP?)3%khp^!9M
zj%`RZsSxtHw#j`i(^tjYG91&iH=b3$uL#;ay>B*0bKW-RzE9xS5T4Hj3GMMvK%rS;
zyH#fG-Q66YwwX5n@SR_^pSSnznRyFRhE+H|Ylrqu&UjcvN{9Bi{)_MH*8j#g^Hn?b
z?#wQq4$)0R2UVR<f~Ky^H!Ho$(by89y~~$tCFJ_~T!@sEOSgMAaL%(aK$Hc74}8?V
zYpa|!`JqX*zq{csY}bVg2Kl8R5kx^Kc`~8kqQnWf!*lDS_;}uv8w=8Bmq#MEA_{0x
z?)OZhC54jF=9Pi)!Mx!+EV@Txm&ZLX%gYEiFLe}QOw^@+^fpc}*AnK1G;*dB%Bavn
z%*Qm0jX;X+NFEuEH%aj5By%12=<oVdKzbRNe?kX%m0$8FGE;_4Q3%2aJF=)HQ3Noi
zISFiuceQT`@F;sVyVh!UY9z->zNisu-HSfDZV$9d9N9a<sFaABYQnTiGNA}WKCY*!
zrku_Yx4J|s23c8pjRzyA8+e3Ufv4Z0;!wr0z+=RrD)3;ZXQ^tkmVQ$8tKoXrGCZUY
z{MAT#+|Z8VoMeYQr%{Uw7pYe`=U>8YLcS@q;9WVGQDc8XoOf`D|1uX+FAULNSzit#
zNy%bClJ5K8;Z*wS(}dexp+V?)9#Bg>`Em+TDptp@mTh;cggt7pk?6*9VYk=U*~3F=
z{29VyTqQor(w91LCB53v(kmPTKVE<b(WM3`1HDkSgoW1dnRG7;z-;=~)`oOZ>RFwj
zMkL9q=CS*9xNQHNY)J6zQ(k%0%HSDcl0!$qf`s51?)B~-^ZBD8w}!Vxh@&C*22b#8
zd#Jzf^8xd4Y&RXG57PrD&R1Cn$#nfEwicZIKB<SdP=PordPe{cu)rt!6TzscD~Y-~
z*<IaS%2lJa14AR&!|+=m!PVm&G<J<lB-_lD+Yo5zbpB2_blp8ef77A}4f50iWk7X+
zNn~-r+<h53urPxU$F)QfIX`U=+X5(b=MkO*n4HrC6f*ydDO&&lHA0LS3TciQN<Rm+
zCH;=^7dP&An`G`r)vC+-mYE8PgyerMKyg($^|u8m5&zc$%yFL8^l_fk_!T}7aGqBU
z?MLG8uT_V3+0xgLjlwuyZF^N*jsHMbYO;b4;abj?GpBUH+OdQ({J$~>;`}Z10f+y}
zJna9<ybTzK$j{!OBVIdvKP@=PQyD)lSYgouA*|XbJa~WdA1B83d%r`d@id_$F4Ee6
z3%iSiPWZ6w&s9RlGn&OqLPsf{7J;L*Ev<~%LKJhlL5)b#Kbz*yQesDVXXgEcj_%V+
zqS}yQ-bje7XF&r8c<7>#&EdaIp0xBdlmLdX3+<K77lK13xN<5(We2`UOOOYr*7$ek
z-c5@bMHhvHKWP!juH$`R3H~+{T6@(_>Ok|<z2zPCqO?Rvv0R6OKo8rpZQUxc9FoGk
zJF;z+MOug1HeGP!I^@%e#xLrDL}wdGGU(WN!Z-V&DS1r@<R_Hh80!TQW{g|y&7A(D
zNnKvae{a@zUxRw%x{vxHuvp-sdc)3!OPXTsP)dDqDWe$UFgQq`4ewopj%IX$!hXnB
z_H=Y|CT7SbO(kCIDK-VHl>m$z6~lgUW)vbe`Iy|)y4WkpOc0`;)?iI(s5@QP;P8vE
zQ&GnU><!5sTR4_B0^ZcLZYTtinhdgJRIbxg2%7=f7UP<FKcMG%=Z=^geMWz0pbJ#5
z;udy_^w~`wZ79eO?1la7n9HyZ`$5djNWO<6$KCZo5~PsTCyHD|HTiIs132%_URbX=
z$tv1DrNkPMHdJIVO2asy<=Fn3!|1chYQ9WMXdf-7kk1`CXWQCXZ8Q*4hD#5}$MGl7
zVlHeA1kEyVU?Vv`5u4lA_PI!M_W&*frT%YPR;z)PGy#iC7AR_5-ogaV^cxs`QzaZL
z>kDq}-jb$8ICDLiIdXi)Kj`n;+Et&zTP)j@EX(90n@m!iA~g6j6J)Azw{JsOc`>|d
zV&+~Q2;Er$N#Uh*1U_o>Qz4aUjbHXrsr*1cv14DDn(1ckx9I>#-K<0N4ewvNg!0~g
zSropQm|AVg(%RmqYkGjz+VBf0Wo?>7s*7`R=xR-~L_!DAur=&&!QtM2-?@gM-)3*6
zJ_Xot-ch|XbC2jK;zQKY!bGgR8(!D9VQ=^9nexktF;DMaCYX!zW(@Ph8JhA+u;W($
z8?1JGO}!I-B-PoG>Bfs4V%PHlUOAgr%~)&GXQ)Ys`LHwuZLkqAOGtsmnvpBI41Dgv
zAStnXJCj$lQKw&@N2=PjImz7NG)tnnMt`)WzKtV2RoTY|Sj#XU_;${;w2NrrXt>*o
z!<`RY(!Sv$c?Vese(_y0D(iHdM4$PI5KEqS8*;!DJ)CFuY#sP|Wy2KLYuMDw5qzsj
zZU3D?tbK`vb^B{hpLbY`y{l8RnM1<+2K)QRjH-J`aEw|<x}2B8fW+3L5ld$H+I~%>
zU3Zs8qifHi>RHS|@|;;B{GMl5Dg~`s7PgO*I)&xw>Yw%r_aA1S+|MsNxZ^Z7lkT7}
zOFJ;WoE~m{9o^V(4PAJ%FcBWfnUlS*YDz<evbw9SCsdi-=FKprzIM-+l!eDu8Eh47
z*b;mq4{ojFbqJ65;t1fCS@(-mfk%N;ej`_y{7Z9A-SnlnqZZ?Ze}CeF;Km37sp$%J
zdsSlT<$!iQYHmxl>;Xw8Nt>(*a5Er}3qErE>bNd|Qd;ty+LwYe1;RQDOOlTkLn!^N
z03g6d>-Vx*48v>7A*m0`emhlOiJ)Zh0E^+Idk2eQlNX(=hWk>;T@4Ix*il6S4ovCB
zz{zepLT)#=I3fJK5DEPvD?GH=azGisu2ReRXIKb-0gG7*Ss&4WHHASB6FE|`KhKVM
zpgX#{G}ZH3pHZa{zo`BKee&Io{?DWmL8?+Ltwj@YR#x=zoihN;`|Y=RqULnG8A(*o
zH;Tx2&|fNtt$32y<x|=LkXOl^(}13%`rU#3LtaF~F7(^GXCc1To{O`Kz44}7o<US^
zjji}#dym++JrB$cvz@dfi3f^lWj9F7lVD2`a~CltBTA$aO33CTYxLrsmqK&}_r9t2
z)g2$}jhiE-8s23T>j4rn@3zKEs}3dbRfe@JDs(s}$<<ZT39W^;x@?o$X{42<>eP3$
zM7`SORikRc|HE8Ym3@zoR^oI$TGr<)UejRvW}m?lZEh+EG|PTXt)DdM>DXU{`gZ%{
z_O7j!Ye-?iCHmB=b;&`t3FSMqH)oBqP;7iio=|Op(gUkzP;AY?2@H^kmNd+#M1=}o
za#YR#t_^n!o9?{>!fRy);M(PObFG=1&)`o>c#CGX6=@$U+}8D<4QW4~@0Z21GYHvS
zA>;lr*D&TH(6A<E!quvhlP2c8t?0;a32@}Ag*fonTJ*lZuqYpb1gX=P(7f+EJs*}&
z+<_b~x)U61jkIC@xifOX3_}+2P~*T0#Yat40c}RW&Cey9<vY>y3)B15yga9#^k(rC
zCQKKmb04N7!h@BWGG>P;uVk9{alvL<JEV~Fiuj?-S+=1;XCFS4{H%A3s54ujB^7>u
zor#tlD;ml1DX*11u*G{0>r6x@G<|97`(+xsx^^%q!4%nAied)~Vbcm+Br36~%+nPs
zt=LMX#`gY&!eA7U9Tvr^hE@n7+X*DuX0%}3wi#8M;J{LFfb`^Q{Kutw>isX5S{=*8
z9bQ!%^)ao6JM*cu6xAGUYstr`_N0MX+X<qXS54Ymm3=Gar7|7o;~VxRuYRfRM8e)T
zkbQE2{Rbo~hqmjiN1Q%~XspJj)$F4DD1f>1KFX^vZm&<YoV-c2kD$lH^)y5oxqncN
zp~P#kY(;DO%YC7})>h)XCU(-Zc`+^1N3(xn!*ro(%DnX0-Q&B;?Osjuie{4Eje5~}
zot<K)=DbzWi5Ae97Zz^n&t0C_{RPg0<-OI(?+qd)`c36qC9Qw*?PY4r_QV=6Eundj
z3%KtbM_9I*I`dU@KGsNVIJ{}j!`?Akn7SPhBQ@K^4@%58wc_NNUX&3|X7o`OQho@%
zco|1+6-Z-Ml@eHV*jAF{-vbf{$o{U#IDRW0p+4W`iL9?jNNkc=Fyj4h%|m!<@}d*=
zfg#>+QySnC=|?1x+rjm2k?qe;2T+Dg%Ev6+hYrDDQOA2*qr(3H4DP`y{xk7&MZCv@
zL^~x$QNt<2q%E8HWXIdj+w;f+Ye{}fuQx{U`JT-s0^~AzMnKh$(glpIrDUV=Np+3r
zB2WB#(3x_<K{qsVUe6<!|0J~rJITtcbVw3;Q^=g?ce2|V56iFOz<>%u)EV$EOIJYk
z?>h*q!s5ANOf5d5S|?%j+RaVTAwdNkAQdf1#tFcZi5GLZ_5>sw2&l;*ti%93c+Z!h
zy@LkorvTG1hTay?QDL|8<RP{R9iCyhNv&W_2f4n{Tbo+2EdvpDlw9y-KHR7R=BUCp
z04uPu0{3NAFqRZ=D*$WCrq(5#X!Qr6mB)bqY;7PG9!Si-q+p7|2Lsr~;$Z-EF6V)B
zKPb44Lx1R{B?^g&%}77!JnuYQOM;)OvZ@NH-#U|52b+nY&r{x<y^AGTjKpk)m;vA_
zr49D9vr=9+cf0vm*lPn0^^{L?Q$JI;Gg<q6#4dIngtveXSiB5<fyFJ&^|=#YiRegr
zl>30)JDq-)`iYDiqj_8WCcOQLpH?+m4H%lTe6^50BiP7da#8HdsxXGlaYkF<I8!Zz
zrn-eFGY&;Dph0_v`wN&eaRo?Gsf8%EtSEL%U9H5z0W`o+xHX+t52#G6oTiZ75ttF8
zg=z!C#;9Hqnge8tRcwY_{~Gv3j1&jxY7?GX;39?YG%UNONxIXJ_S^uv6MGm|!7vpu
z_<e15k8PL35}OZNt=&eOFiC>ZkrM|~pqf2su7Ff2fpu#kXmik!H*760NK@!PfMpnU
zf+@di9;2aK)TSw}%%D}HIM=Dl{OZ|1hQfOCJNvAcHep=W-lVEZ%G*)=JO15ZSHpKM
zSbdKt`>b7l?!q;oO5qKxgF|6aLoOw%xMf3zTvV{s*2Ek#W4!$?JeIgiihOUUziHl)
z_?zY#aL3#@Wx{H6hFq%vONk{B4dSjH(eQs_KONBVBgm_Vd|Xfh_5o0-fmMFh8i|=v
zo(2J3uYU~*!J<xFnIix(MZIGLD(%rQ0+qC*cfu@O`5A!Zam5NiV*vCr|3f$r1PVa%
z(1RhHB9IZ8wDi=K$Ze820VhD}T(lDl^4BIcaC`;%<y*DHq)V;!oIU{fkvRDC?ymuC
zcYxInom+Zt+p6weD}s7zTeMT1yZU*~J3bVajzOwVH7%5Unk${<8ZBYV7iPk>)TjBi
zIlNidy7a%`y-<`kZwjk*lov!Ab7)<Yge1NSs4$9Pp}fGuq*~+X`7ohc?4``nbBz#z
zB{2;5lveOumt+KDL<IW?+1ti%_q#W}xya`K6WQ2W{}I_L>_A&io@BHd)~sP7oMTWH
zLEV3%WEhtfEWCU#QDkUREJ*L<z{L(mh)VQ<#QqHKU543EQr{vl5U3WimtN16C~gr}
zw!Y$pv@+3Aw5ZYQpok<{h&pWhV^R+r7&X~T7*ApkLodLF1VgbFNlR!VS0tp-DU8im
zoo29C$XKyLS3}Lym9W5nE3+^Bdo{5M1D%PU37qQKmDZWlfvp-&+C+F&Q^Kt37HN!Y
zmy_n!pjG@g>{>oT5?2)9+DWm}s8hrec#c#WbHzl%0N|633(7GnjY7LxZIPdZ#eXM2
zTvJ+zz@Rv(z+j}BzvqFJo>Ub8XlOLjN{~AivN6+*N+*Nj?UO-a5ZN>o9l3~SCxfyM
zaPOhv3>~Zq;7O}%K2ANihx2lwrD;No1xJ8YJ7@($EK}X}M4>LTCyUaK$2<LGar@c;
zh1yO87^R&Eg&I>oQzsF^3~QZq-Ds$t-bL+t7#b59KemRL_mHifY)!&jWVprcx<lpR
zXxx;)tS{a5mDL6G)T{b8PUiw!ulAxI3QJdNg>;=5@_D_{P8rTW*?*{XVk)JI94xXr
z4!=q_Om+Kbvm}yjTjN{tSuNlZz_dKN5>I9y;LqIoX;m|wfaC?GJNHO1B_2I{ic6AC
z6!@_`?66GWP|po4!JFkpz>!k|qy4|31sEwTSfHfT8;1ZBO<r(`YdQi>K*q;)N@q|W
zC&0KI1sHNx#t9NL;KW?5QtlI}?0RqjUN;ECa0EAq{U;#^as%?At~CUlno&nWaCkj*
z4~K>IT4?w*Mp4%Qhe~%efPE!x=nMUpgBa2bD#QXVZZZFJfc@`YVTkq!gxS5k7lPYC
z(6}OyO>mg%ddee_5S2gHqnqy9Sxig6A6!7hY~I(~tj0=TF97m_nL)UAkg?UE_8lLi
zn|u<uaB03NlNbVVf45L{8Y_V>R?KyceU89R+61aKENF>wwWPsynZ|VMW{xGwGqK3a
zBJiY`;oZ3M3UqS*r>=JZjwIlsg=5>cxv_2Awr$(m*fuxV*tTuk*l3f@n|$A^hx-3F
zQ`J4wJ=0ZFbGy&I=bqD-lw?QKwip?ap#yFZnnae?_vgT4lw{vZ?DnqwhyT*4%(d~s
zt6%uUi&Iw-993t62-xy9$-!RVultiHJu58YtOR?JlTf^2s4oT2<bbxE&sQsFClTK~
zG6@sBqG~Nyne5~`zenSRbW0{mLUWtsk*&rv9tRY-^S}r)?_5bLt-l!eGIaQDEHCf{
zX0=X$lOi%roP(x0(;FQW;%EP!Zmn3%@xh1d=Tk+e#HLhoOP1&l_L1m8TwKsI&*S&#
zSfot45ff5e+S7D&`t(b$EmoH&v=vU=k<8{Co%O4#WkyasR$_!ewV%cr?u%PVjo~aN
z2)E?Jyd3W^8_!uSYN~Pdq4K{}H!;O@fauUbpobX=dPvl1cSaEM1qhX&Su!2CpnmRH
zgJvfGE?e;Z(K<a<{AMhujc+ZxFwv4|DAkk}$nQont;s|S`GHY^FGsry^2`c;LH(XP
zJCaAZBWmKDl;<@xwRSkn+d<xkW%``e2<p)gS#<c~Fn=C3g~V9Xw0rJEXsnG?+8=?z
z&Wn_@aF!dIVkq~c3hfybuZaz-0*4Ng44k77(~?g(?ENFQp3;<caKmRPc}2DN%1HQH
zI8=5Md;72oA>&~~3=S-2c@oOh#_$uwHLAsfHbbX>3#KI&eTwRj8H_!=i;d<VHrYQ=
z7s1xP2JoQy6A6S90@5Oj)0BRFF8n$}Y3Hwn*i&i5J%tSRlal%h-J5IlDoCOL3Qv^l
zD(#`X5lmg4OD}$&#bQ8TIO_sNs$4Ee!MaLMil1Ki54uYdmD45JEJo#|j#QwXszcHn
zwWmf*F^$}uv^~fVK#KM(7o{-R3jCd-L1?ag0^K}pV>Hx}`8J!?SCa{+wf@=ff3qfm
zAJAK7bn?{D;*0RmgYBYyd0c|%O2Q)Uu^?9*=l%DmF3>+03%DNoqk-T9U^W>?ySzCd
z_a|WzHd-~xnm5k!4IW8se49SA66DDYc;gPXdc;&fgPtRHv9NC_U89`4`!F6H(9nYX
zU=T`)K2@$e<PhZPx}CW1snO`LSFAfv#G!;14V)2u&-6LvZvj*4KUYPHJi<t`afg)&
zx<q|)k}8*AY6%15gr)tHkRPK~5_uG|^RIw|Q&&XP*^477f^ZU#+BkPsTSpUJzGvv6
zwiv?GHWVL|<78ccCBPJ(JA$dMKF$ipwB|WREdno{$0mr2fum(TB+5Kz87!MzS;gY^
zhLO-Mr<Y)<Fy3ocg<K2P?c;~z$T6*XdLT<0y~u#jHd*7Eo~&&u)V!YT7P9C)O+2aX
zVu1S}s(}kAmg?&?x4S(Cin<ZX>Yj|XaCr^+FdeQ$wqqg&0CHLZkW(G^&oG~CjbSX$
zh)FKvCy4rqMQT{?v@i)t&{;}nVJaqUhW#MN?+K>ohYK2J#ETXc_@>TmdHUl-c1t}9
zDW>78tZ>A11?_H{SbZ5xsF-p!qd8A?bf5%Eu_zt#;W-yvdXZ>#jV$8Y-#9=k(wFVo
z@^Qcq6#fb_xk&53GlrDV>IpDQ349|`%7}PNQXJAkbd(!)j`wO$uXm`*{TmcW*arfC
zzW#W@?XpFP<RCZm(wOc)9oA!k9Nqm1g4-AUE0e|S?1z#IX8yn{<V2dim-FOebQ<N4
zj1;t1!G5tRdc`-Gk<|_#MVaC4kSxY=(@q~n^ubJx2_QNQF*^g|7L2j_wij$)`t3k9
zy~ij<1>YWmW)xQhx<E^*NAArZ=5G?~I>5nTXrwxU-9aHugz-}nw4;d~vlsshRdCfE
zqQNHM$#cmdt2O>D3I2xQTzdM~C;In#P}Ho@`gg4ZvOz7`0-3Dp8ww<9>axp^`R2eV
z3a=q+P_f6cxx`NFW*$u?4;Jgw#8d?8cIJ|jPHZ*nuH(X}8*|lECpQPB7_pF6>ZPJs
zbMPGFN*{L4VP%tSxj;*I1;^;OzmWLyi7&irMX8R_<%@?zL>9D&pcR@uLycku#>}n9
z;3LH7JbU@Bl4236U_QsVA_ZI}B=q76%7wT{bxxAQ5I>{KEqs@8lnpZAxga&CQVwn~
zxcUx~fMc%g(J){Zb^C@uqctQ+59&mSl75I$AIk}ys|^ol^aBzo77sf>0+nZa`yOR>
z+gSX<znPIVd1ZYqd4Hq04P`rdocY_Z7B}WuG0cl<4DE1Ges*K%COVzVl7SIpP5_$K
zqa^-fsUH4^qhcXV>CAWD#1zu3`AG~MrBzUQg}Z>Y2+=>Z#p>#KApQhJ9nNWcc(>0T
zrf$HMlM$i?(4DJ?T4E}v;Dn=z^xCn)Q)^!%1f35o2icwBRt0-7H^`Vr(}*r*mhFn4
ztA(?$0h`baro-W20vR<H14S@d?aMIzVTT1xbqB8gp?ph803>pyLZw;>r?lYNwHyaO
zR^mDij5KYMbak=@lWv+I!8{Q>T<Yb<IK}cji~ze#00C3c3!hQ09?0wYDB2$R5fJAE
zu8VuD)3m&?i_lbzCC@g6;8M=syvu%-j&De*Q)Rz~YLm&+#4t$X;|RHA<kmzO3kW8A
z&+XGEmt`%?0zfMbUvbpFRoOykKad-GnGN&;ZUgcn1=QD5XP2ZzQL03$ApU_Ip@Ovf
zG?056{31s_F_Pqp$-}`fXXaeXFBG9{zkn-F&}ECwUPk0!o6Q#Bg$<<q#SWXj7rs8+
zh&4EkoA#4X+D=C}QKhS0I=l0aO12;=^j2IqBjttSJRHtS<u6-D<<b#$pC9vAd3z-Y
zc=A>7IZImqFa{%l)48d}(5=xK)G`hpyptu3x5%t%_F18vt5n+&ysf_}o$~tzc<<;0
z(fGV1uMRwKYmvda13#jtlyy7ljL<Qbv`iOZFiFG&GxKe}A=nhQT~OW-a~StFH}A4I
z-DN^8X&%w+c2L_h;OF|@D^lC%^W(^{>BS~Fe7ZvZP8`x&DM^(AHHzP9i2!Pc)>wxC
ztt!)m=x{L_>7*QedQ~jf+&V`!@{S*n&(M*R$UE95B<84}F~d<t{;0mYfQeus0oMC3
zpYv~Skp%@>o;~E4ckdU~=J-RPh4HutvXh0O_D&9ptO?dUfX#Wpj5{cadCecl{Te*J
z8dX5Ou(KfO=M<e!^|hRxixDUWa5>era^5aN4r2qLPSeD-++;;}PRVqEF|XtpXj{F1
zG0N;~eI>P$1>NGZRI51t1Vg~>s5CB&R2jcIV=ubty;S`D&Sm7YMSskUFrUT68O3!u
z`?*O(%3>TgBsMiefq)*`5U9V|8eemDD`!SVw`gOqZhEl>wv_2vV1h1jY8QG-Ca(Ag
z)2%JfLAxbFi+P~yhn+`xViipCl(^|PfXaUOyRyaDCvq5BTzed~@p2i+INRIf_Xfns
zE3}MXSpA&1?WBssNnX~-01c1yp|3Dvdf64*Z4s;woA?P%tqaV_35yhhUnAH%8PpGb
zAqf5ZHbMkyBM4E`PWzkBX><qhIlDDXtx6ACz$P~Ed2=22&EI^EiH&pmfBBpSwg2!r
zTwYZrFxtWdgw-{?WrN6U-E}3$$U+Ly>lJzbMo6kvXe)zaqve<d!nTD{p&p)-ORym+
zOkT^t%J)UB*dkK(KGRdV?TAq6GRtaaW%eS&|AvTjS`x-7@(Y~W`NfRklP6NlLrtV}
zvIf`WiICPn;{@4_+w>#T6d=A9N?xcoj1X~-1%=@K&qe>cAc8bEUvxt*=>T(s@)uMH
zG2YWNWOx6*c0baDPb}|=;0YFTwZ}^MfVATSd71+hn<gmfLP6X1%)fI(@MR<LVLuT&
z&7hH4HBddpi!%6*f~7Tc1@f$IRM&pe2nI_~y}NpQBQI4XswJA5zU_g=g%Bo{2W$^m
z83{+QYEHv?x%Q>yLGbFsv6>E@6{X<Luu`1-nhy*NTwy(~GrQxT%PFt5uXzXY=*^x$
zcB)t}ND5}6#(NDj=^mS4kJS^#x8}r&ae_}HdJ_FHVxs;gt4d=HY!4R`il-5-%^~5_
z+sz07Hj!=tqIQy$+9o({egVA5z*5bl7E~5}4Z^ADBnTzNGHy+A@oAH)OS%slz-@R2
z1GtS#APyQ+4emaj+0CvQp-=7nA(~KN;wPh<-STXLJ(XK~FUe?d(GUQuQ6>bVnA@pC
zpqhFi2)|8_7`?ALS)bU>_baou&WO@`_R&-`Ye%hhAnKEj-yoqbmAeU<Nc(0W;%PAP
z&2sp*{BO<wCg}Su%UD{!bv@38tboESCnj)^`v!67K<O`1j58gu!=;WW6Ll0Tbc15g
zkPw~eAG{%BIU)?Hyhv^$SdY^XP(w~22*Q;Atll;d0{g*0VEV=`?~H*WJ0A;m$A5Rp
z;I{J+u7KqzZ8<GLSg`t@ic|)$SHuE<)Gh-6q>9)H_%y}fsv{BWuSR=J1el`G%~7L$
zP1^cucqql7`bH5$j*@V9T9PKn&j?XMG4lZ$XAq$_fPKJZ5c<Eum%c1T#)z4iOWShA
z5TY7P$si_SW{l&rU=_Ut?}@ESw%njZrArdmyhs(jfn}KdndTw9B-Tz&uWx<0Kqu1l
zXI#X`&7SMsOFTU)?7>=&A7r)bSK`E0D+a95OrwK533tA>C^)6Mri~Ij8~QjT>m|rm
zYC#TxOjyw;lrOGjahmZ<wPMx@Q4FKS?k9SP;|}eRSi|5&ATz8*qkbL$sYFL3O$$eZ
z%9hIE8A>lS!uO>JZGs4@xT9Hvl-Cul*K!E#Q}*e2<DpkRpe6{yfN5Go+U@Kw`220b
z1jBUL;qC19!x;T?Xu^q>zJS%>VA(5Q3kD;~7?of51CGd-jviFVyjL+b8O})l5Haxv
zUX>pnv1=Y_4^gBJSAiEE?y8l$9)a()ipZZxtJ-`U$~oz&o2;LJ*xoPG+`fV&eVmU@
z*MH&q)OA|{r?TQRi^y)=oLO4;;M`IbcAIuoN!T2fOEvNT#=*XC9NbC);2;Ni^{J!E
z_OM)H<N$#S*s6pKvhn^<e<?Re`a!M(-ox*B&$9U77(7i&Gs8mkei!}}`DmG6dLq8@
z19n$|T$dnI)LFmXg1ErLD}cwT|4cz7saV^Z?8lhDfF-${5pi7$IzPOC^1%hp7zx!Y
zP6FZo!I$mo{yE$x)h0h+gES^z>5RWNL!{8DBR_6}yM_QDv|3mk>vP$Sc+6Yzj8I7C
zG|gwk@Vvb_saei%jM}`l{_yp&$d?&L=m7rDnz-zx{3t0O0OX-6pFy7kAdf})`T7|7
zku35Q-LI!ICjQrK%ZQ@^3LmOvDom|eiHOZI3~rhPrF9w3*w=3oQ3y-1$8EUpN*;Y6
zHi41~b15Qn5*^q4Y$Rsh3`-tqUu)kI?M6=2IKrHmo1cd~A#{|3>}JuTA_phiC7q0o
zJ%(^oY$z^>+S5gvBCc5Eao%pME4CPG{|nmV9x=U%P(Y4BlYnY!?7uw>JNb@3fF6dz
zcMl^4(8GAae-5WRf=h6hjF2(*igZmPcR=nPN(%CE*(E8iZHA||LBXw^kC7HD)9(+w
zH?-E@&{WgJO2hi-2h{0yo=cm>*CkSZawJ$bCUOUHaf!|V?3)$`V4n$_tOT0fQb*7u
z8)CIDd&5+Yer1iYm<}IemK+aGy4GS!Qw(h-5=pOxrX%fWrKKIk*o7`VMUOpi*HcOw
zeb3MwaXH6$qo2&o{t1WYsjr_1rdVyK8D{qjMI>QV<8l^#`7uLTJ4fZq<?E-8t2c?x
z6D&w9rk6Y?8!(+MxX4lK^Gwq4Rsg2oCWs!NGO?jP4jm#M#*fe)h6=sOojafh_u$dm
zXXInTPIOhSD_mF8m5U9k_T)gLR0vA5?Kx@EH#dY|tX|A6B2ttSVHz|6G%|+Ay!2`d
zqjbcrF?wYfi~V6)h8oN*krg<@uBx-K#)%i@sWnXE(-fKc!Po}m-ff>#S|dT@oITXz
zR-8WS(?(|LUuMUPI8;U2G9*g*>3#PQFO(>s^`DYY5Bu!jm&YZlC|2yKI^U=m(e!1P
z#54SO(SR?O3usEgYem<C#l37>l({Lo3}M;#A*{5#A&TS~wJ2#1p|hKr_|oCFP9C1E
zTznhM@ZD}6p8o*jHmNZchiTB;r=Bxkm~Ow5x(LevG>v5Z&`*5BELn#WS6Z&_@IYT#
zAYkg2{eo73GkAn*W87dV*^`XylyHRKfzDL784o`pGV>+YNVH;*s_(|rHG8_3iEv^)
z!;2n?{+5F>szNfNc?iJ=VlLTt;wXkI3)mIF0dh|rQ9$k~h#ilYQixAAI0(duhYq+L
z!|DI5<r%QqA=B;OW-w0W8Qx}CK+YJTnUS<*fpGidJ9Ht*R(+P{hI3$#Svf*U+od-Y
zE~+74sl!FgZbtX5^AG|Qym`24!+c=Y*oF9>HIL*wMSWd;jrHAHlA)wX+fJ)=cgDzX
zyIX9q&Ta8s9n2-~#Clo<`z{`OL8(LlB!vYaDabegNri0zNU8@c3%>?YP(-5%huUdc
zRw1lgZS`)KqDO8CVWWkZCuEgUM;oYv)>sV#C}(SRRe%C|6+mbQ0)PMe@xmdnyIKvq
z$8u0d4}jB)Pyn2I3BxE(cG|$Q7XJcubzQ}v3Rj^ol{l$uGk5O`hri&Poiwsa(by)Y
zOlyAi<?HagfRhfiY{!LLK$JKsMh_^sX?kzJsDV{n@SfNXU(1x=cLqe?xX@LK0Gp#S
z2*OR9KwDz*vlHoY8_3Q|E0no1iWLe+k#E#s+}H)zmSltz=@Uc<*|n(MQDo;(fyyhg
zN0iX%JO%<^1M^cTV2k1wIRqjWq~dRD+&<v3F}27K#y?XO54}rkBV(A;H&RDmsF-iN
zsz+bO!k!;kmu~>^Hi<u0;g<qTV<-;dC!?&5ml%_-nxZaPn8J?;buf?ehSk%Cl<O{@
zzZN~DdVzdhd|W-8i-}+1aW$1}>smA6vXu)a`XPrck@Q&LNtk%~={@)q0v#Iz%51%p
zZ+l0C*;RBR3WBOfAqq;}MGn>y?kh(A`X#-jFD8U4gmY*4S8d#1Bc8LJz9`Rx;1S&t
zJM*L;`TdJKi!!%TxA(>62@s%+P<Q4E(fElTe2e|Y;Ml24yPpMxteK~|J+GnCZC0;0
z1E>*XI9z1&+N4n%r#Mk;`)#F5RS>OoOtATbxoX3?=<G5g-b2PBm9%$FD~9^C{mtWL
z4FIjZ_P5r4l~I(OPtq5+b3Q1{mK}5FC9vpnLGkbs2}(c)nc;0Z@~NZ77|6589;S17
zc60Z|8KRrMJ4YZgY4X+bKSlI0tnDN^wpG8jMwA?wIL#w!+PuJEp(4GrS%%f3dkHhx
zSuu$UT(^Hn=`XpID$iWd!Uy9Zx8y*@b6zz=e4<ub)(@N}pOCTj^q;suR&q#u+K==%
zI469>arc(ad<YS(R~jxp1)dbC#Kvi=Eyx^7hQ_11TJ8rF(c)K0G&q?k;5`_W^e9$j
z1qA=1&}h@(mc&@;n}yt9)2L2}HKQT`l2qK&3}}|iocrp{hI~VWu4`^+tu+?QlU@o(
zE(nDMY53eL<j`E%Cg7E9DYs-!8+0pS@FGPqB^q@lpb%O1$o&tE`)hdL5}%rYLvhY{
z;2QAN!ZIsD1R_>Ct###e^`)}OxpJa7>-UPHHJjyk??3d|U5b=M$1u2Z<lwNxxhjoz
zP8MQnHr2KfpluytQ*q4`;8FsT*V;7tffwKiYx<u!W-V#{5Id{Vw4gV(<luM2wKt~2
z%LYKMz&{U-JeolG+xDw1H*tHS4N;EWYDz3$a>t*CYn=CDZbz7^0ldbiG4m6Oh4+;Y
z(7%Qy8zL%4Wv!A>Vww*P*La>#K#rdtL9qsl!ecN~mMF+Q##SH;KhZLhaw=QNtca+E
z8e}n5KuT_cTCV-es0(gEmYqVL9JJi;5yEgQungp;St?6&jjdfJ#<YKDi^5;K3(vUh
zBUKXpZDvF%J3?i=ktwk@RWlaFQUNt3ITm{eIn6S5A)E|XruE<MJVw;Bg+a!yJlv0_
zBzeDGaSr`JUe~Z;Jfmjur<yifD%13FBq}7Xd~JY4TC2#1H7jeu!tRa-2zpwQ$q9^F
zPl?zKue-=qD0PjTmlR+_kcrv+eKa`5fvd7<>ybICDRq2KkX>_j(v8OrZqstkiHu8b
zQ)#}b_8VQbmXLk~I7`&URjMEhwgwmbhdbmj@;|=$d{H@L;y_bp)8Q${5>4vf=nIET
z7^D)A{$!J15SP@#nxiz-Fo#1+3uLq#2`24Ky+2o*H#-j@7*#PCV-b;j7ZEi1WAkS<
z3uk5sdfrduiQ-t`^^GrG2~N@!`4;g0;kYc!_l1cbw<e~_hl*QT;IK}*$@jurouh%F
zInhqchg=2YAxZPlQi#{><*p32K8TUly77x~mqQ5DK7Br5wwVTzX%WG8*G}gn*({sE
zOr=*D$wrZn9HKBTM_>TWJ7a?^B8s0BEBCpCjaf@UDrbNL1VoLKNNe|SLDuIb@h@hM
zbu_Ak&rBtFu)~~YRPNa-YOk|fNH>%bE4on80_gr!FoIT3C`)SCtGNSb#8`AmVCRX@
zA!>atr$O(|Kx%43^1x!|6QqhIAMIPHq@g2`MvR49sdqiB!>MzE8vC)jB!y#n#%$Vj
z5!B}Kd%5HDlN93~eQSOkkKWL_)%?GLR1UUwvVAKRHfGbc<wpiK-!Y`}Q$(`>KgBm{
zGM%RS^r6(9*5D%em_*Kn@6Vc<c5`ECk{|&hxkZ9y4Arrnd)A<f`9rab_ffJhS^p;M
zjfA5|^HxQ)Y0(E>K>CpN6<I)HS1Q@<Ap&3F>_6!ytt1JCM@tWu1apC^N#2f$sp6~z
zQq!qvQ&g7BGjfjHg7cbe6c0sG@|$dCn%_@5Y~xWnzcEUd^^~{vy~&2@?e%ELhnLBk
zYZB30m)Npv+P)#4Yd)4G&9F+;^P&yt<Je-@FDn~19X%aDWacr@)~QqEVVFX@G0@sS
z&vrHK5tN6^DWK@OD?V?TK~6sfDx;|EH->av6>xDQ((e{eB3yjyZ~?oTZK4&_Gx3+g
z#Tn96m=llFGHpFCq@2Bkvb_=~VK*H0=QNT_%g{_MRM9960;gw%N&JJ(5+=FEV!&6d
z-?$)e^}^-Soqy<Hlb8V{*jA|E6mHuS#K5xgX34?>rFbdo7*j?;tVP!~jfVX$hMDG|
zHSEb36izEN3!yNgh0#T-HAO%WR{4+8w4v`DEx;ojl=v(Q^`>SrdfH0a3?li#tX1d5
z(Z;{jE-%&6ofXx)i>jK{S{RNCS^^<#fBDBT>&OWFq8bj;+W-OVR{p&?lg@B#n3@uD
zHk|L6FG0O)I9t^|$-0)J23l_=r~>@5OeRM+m6=1hWQN14)~p6}45o>r6iV6KDDQXN
z2v<ehTF!sb<}P*~jMJb{XLgfRnrNqeY=n^==Vr&=JY`Z-a^spH7w+;HAJ;s^ycU^M
zTVSpi-fx~tDES!#Pz-~ws04p2hEcv1!(!^cKi#n*_R%kFkM?PQP5uB-YZ%cF8JlKU
zDe2t#17=uL|EO;Do8dwR%xh+gkW7}zu>nEpBooC%!EZ1-+97Sj2wXBnjw|~g4}nq&
z`T!d_zGQLBe>?=a1Jj{u-z<8`-;@bC`do%}!wAl0a@^1lI-UQ0Ub)TfzEA>hEk2|6
zr8<pv)jA~Z2}+fWgE>y5w}CkVbbG+Mr>K3<yH%6Gr_O!tc#aH^IeJy}>7e#fEa%RB
z>v9&`c#aZ)jZ=m{)jhcOR>&ZAon96S@f=I*){g>d*;>}80o|7dFctCvl~LF|Mn1?b
zLjev<21q=Br+~MgYmZ-6JOe9FXW*8v2kRw6Z;C?(k%V41sFW(md~pESyrb*xcQQ4@
zK96Keo3h#El6^1oY26Ka@A5R(>ba`bC_DDyl}ede9-*rjj(>=0EYBSLm*C2VS?nSe
zaCNMcIVFb?LJ?g91vh4t#eyYq=CUv1<6=sBDkRp<KpMTGLg_r>LeHEz1BEy$YVuhu
zfQhfaWr*;euOF71&e6tqn`mE-q#N7gL<xaSvK2=r?}p=_4&)q%D^iNZD7pk5be7)B
zh7B&2R-k%VIj)`R*wSM${{<3XGqHC!=ZAY|f=n^M9|4DP2~G#Mft&B?lJHMe`n^8g
zF|0Y1dIWUx#T0{ETL$*%93GTA$!KDog1sSCasz@S6;O^cTZyr}o_?$AK>ktp`B%(M
zDlYv>xk?%a`x7}38HJ9K3_9K!`|xT2^qRnrM?m!n;HMx8;03h{ZjvOT#cAh8%cuiw
zAho+mO3Ia=etHLi2!lOc9!uy&=!n1w0t+KK{**!n5)x7mEP!wY3qA-+d7O++`}3a~
zk<=9eZ;4`)JnKcNPY;c#qrJox&NpLO0=G1mpH*J<Hnkd`#hRpd=DwJMQ0Kdgxn0hw
z+^ow$zo2z+Ry*0OoOC%=NyA}j5A~8PV#5G4oIinQz-8k5_OzHY<`1oP0?&0wn@d$W
ze!`daGtDMVeCOaINS%2GSHn<j&8;-O($y)^zkjYe7*lfqowzJB8CqQhWaG|_m@OiV
zIqi<GOR&UGKUf>hrcYq5uqN07A#IdpPqNe}M1y3WhW;>>44A2_77=ko1=R}aSBZbr
zAno`CSC?}6opcnsLdef{^x1@$3}QNFVhl)#K012kgK>|a2Z@#tqjp2`RwWMUL}^7>
zlfjY0n?J$5Up(fWkj7>h?^_IU=Iy5>LwjL-$&~CtWs|i(q07!w67FBG&_XSlhjVBT
zj{gEYv~%WNzQiltUC+m$o8&IZj%w;HjH5e8GISjBtVY)(1<wa7#D6VL5Hb7XFX*$>
zNY?26K$k-{CcB%VtQk34v>wD*W^67AmhyTL*T9<}^H$-lF=;PCB8?e$skhD1c=EN^
zxtGM(Iy(1!e}{s?s4Nh9^m|!>J?wYF&gj5v7=+!<v8!lm_(iIho2;{$YVC-4^tT_T
zO*P%*C}hlr(aU2~E|;}2@oSxcpE3_Roy9RxZYXxXSS;1z@oJ3aYF&%nRJqVnWir(h
z(8}>r^7?qVP=^r{Z>#Tb)hphpnLf#hw8FQ#O%$~};-Vl8kt%VVwok(hI~>J&>v-Qb
z#ZkA%?oPy`-6E*<^tI?FCSru+N&?^a|BRtZ`I)M*HLfpdWuQXBiC2QxMz3F<u<oCM
zVg@3DW*Fj$@nSzwPGn^TG)1J5o)pHqSV4~_LVCqe2eQ!E=7e9^tS{WB|C=I`pjHdn
zF7tN;l!Y>O^m<V$OU1;?{#p!pO41(`kB$NQ%#R5!=;V1D9vGt91-VSLBQpsThPp}C
z1TD(nMS)MM%Io3=Q6P&tY6ZDPmQU)+;LPZbd}*u=f&L(MH{itFVoZqR(z}tyB%S&m
z1~{g${%qNQhHamE*xbDh7Fe#r+1JU_fIKOv%MwJTHOM;S#Ym(v$+i$Wq@vqp1ZgQM
z^+B^T=K`@fim2l7lz>EPN<v)|{@l89D6`kT(@^yi!I*ecAAeg-8}8X|LM!--9)>7j
z62a*H534C;k~_?F`y>rWb4iq%Xv0DZy4x{xGr6R}xAVkeWijg;M`*us#3K;NO&c3X
zg%Z3^SFw$|)&^9I((Dkt&pNCDEO=m5im8rggwd*|z%OiH1=r}hglhMf6H*&4@!J%R
zeQ3%jUHL^)Q{s{Bm8#sTQluM5qtuN_QZsjqvs$@zWAFoMgp6D~WfQNI%FVi?$$z@H
z3!o|Zg3<^c`$VN%*GCX#YyJOqkV+wZJ4jjaZU%%{$~#~oi3KJxf)5nn!PJ73uwNki
zHXR82XkmNH?EGNql9D8of%K1M@B%f|XMsIef%-N@mauhhM}$r=#q^yU3XUwL5-#nI
z^Mrz0!wl`VuY+j2`F;k_cmx%6meYSbl1BOLl=*1w4sNV<P)mH~@2cZm(;da&EqwqT
z-MMFF6I>Hb*25`sEL!9u?rf@nx4CCtv<0Ef@3#L%!L@ih)u0vr?`@2bn}TbE4ZuRI
zwIifOgEQG0F7$n_ZvwFGI|&ln{Erz)O=Q#V?5HS}ELqF`T<|*efTgN?ENBB4qPaI|
zl!&H^w9~PfIW#>NX{=5uJ52NgWS%hM{&<)Krb{UHmt1UXbnM`yIgJPiXYz#Ip4om9
z)#${)CQpuSB^Jqn)qfn)LJK7n@-2mviegL&3(|l76MJ)7aTWayCM#o1klA*IiI}CZ
zAP$H?-_}GsfHiTAj=6iW-#lB@2OTXxWGZd)ft6fR<2yVIRu(h9!-M)eJX{FiOjm6C
zzP*WP0B@o@E+<;8$ozl2iQz?d4BHe#(oTXK0B>UZ|LskLtoW}t@stW3!4}|6oVEW?
zUIDMdDn|ET(^4=kz_bKx{cT!O{9mS}6i_@^{{W!okZ0iL#tMmzmDWIB0F?$^q1H15
zYz^=x7P!*`H4mtr{Afl{x%{7tB(*UkYeLSl7R$eGa4I?%dGKW|03L(@W17<idPF+3
zVupXh0bV6WW8@xx=cC6Uc95iQWgBZ7t>*dlCG6$p{w)9N$-MvmmxK7Dr{@&q4sLQ~
zLgFir_|dHoc=PlF)-U5ON$y_oi4YywS!?56X;~rEOVeYaa5biJ<s#+d@$!-z#P&4`
zxuk8Df3p3;IMW7N;;10v65>Hkndkmu!ct>t7B{<*NT^J|c$MaJWKm!*$$O++L&AXW
zp}ZPUiH(CpbBJd152stFG^yw)-^@pQnK$^JxVuD6%}ZH@<0C!8>$;rqCaOMqps>9y
z@D8@6L&YAsNN8-rds)^^?Q{2L2qA^Acug#?a~ID_Unv{B-+Ei;M=|qJpmV%--G4Q>
zGBRK~aUS{#A1C1SUG+kvSs=oa`5*4IM|d%P2!!}KAN9WA+}{5ves7zwbn<zhoYWKe
z_ilB_qJpdAnRZ|9`OhlkUq?tiIR5m&YOxk?KmwNw25)Z${lIm=7b`KT2@G_CT}=GF
z!5J>oD>62a_rI?~1>DizJVS;e|78W-FX0TaGj$-uw4X@3nf@mVsPiAOjQX}7A}t(8
zO%6#gs@ITb2jO_RiKikT4_-qQF`j=893_8Gt<Y*S!6`f3Jlk(r^Z03{EyZCXc8}w4
z7$0uTblsb>!a}QTSMH3~K3pgK&G$&2@Py|IaN+gzt*|sJ32imm$3=8dIlR732${A0
z3aw1qeLI<z3_<XOOswq(TR1}MeeRXtv7<B*c>c6x%Cy<BAdBSK^Thm|JOVw@VMg1k
zg;V3659Sy%KPz_>#<>2mW<(RHx-srwm5Y~rr+rGSfAxdsx*%C~@v2~|<;0gj{t#c)
zJU*AKhCX)_|M}c~!69G%K;B)M*_L@UH{n!s?@kmQLO82Ocj)o#8U2xrS3y8ZxK5Gy
zF$q5uj0KG*%07Bj_PzeD0WzPRU&_x@R-&6?r_k|0#mvp!=~Y}0-C<3FE=yL6@x&ld
z)jK3z)T?w@HB={;&U`$}#eH4_N$#?j*+!p0xxa@0B53<Hs$Pz>v+e!}wLcr_IohF!
ziMW^X8VdfYY;r`yft5lpaiJKYRSOHrZxV5#DAPHjiktF9Or|A*+Us{h$giCtL{JL!
zjMVnLRJSM;vP%TFiVAOGn`2kzjiM?K9Vce;IOrriGW2c865A;$s9(Q!+VYWcAsG!l
zV;ki<Q%uix0ol3MvMS^IX9y`3--UI%&!t@XP`2e?;07}m1lc&L`COEQ&_q$Lw?D?b
zWo0o3xQi70J3d<!7M&==Me!U;zUJr>4R2EQCs%UH7Y|Jj_OrT5My;%NDCzjLwE0bk
z09Tk=f7}6UMC-VMwmWha(kj?3o=m*yZUecm(ml<a2K|?%vmpPL%kxl^(DU%c;Pcf@
zrhT?eZYyR>Wk>N*(WO`(iI7{M!9~k8c2C$UP^o<2R*AF?jc+=U1svsm{G-{QEhqn&
z(YJHL8`H9$4Jv{es%CNg^sKkv;tQ)K%w*72YCbaEl-hNx4b#)XZIHjdVr<X18{~9G
z*&P)0;RTTPj_>5ScZZgzzeHXC-7ag%r8RVTsFNO+ul<z{cI?K^LzYx$vITm1`J*-L
znig#sMx0wz7%Qt5B?E<3yLmUzNwM@r!?p?2fmb~t<NfN4*G0jkbp&M?%ur+*OXV_o
zy)66CNY|QR>JkfMLB4a9l|u>U;VCTfZ)H>gm+nXg32<k}M=R3ENM0l~l)sC;arLkB
z0Y3ef&gk<2GZvoJm|ODagc<kcu*|80=dFe)(-!-;z<!RxR{Ov^@f4w8G(GoRd9xXK
z29gBORSOXT$GIk-A9ORaYxY31bmqsLba3wP^gZkFUr<(ytfKU9<Gt`}z0_Rc8%HJj
ze#54R3d!BwPH28c4GwKp3g|en<WESYX$1cDdsq))oQX%ezzXB)h2@)}>_ts(V#Pzs
z+~-bUd{2c_1Mg9ej6=v!_fmfqApO7YllR61I6Gjv0YvfNPYI2k{o?Y^>brZjuXz(j
zEM30)mwY^YeEsKq&;9wuy$7jYLVjpOgl^D-=@Howo&l{SpuhL8`U%}OIBAh$>lR#r
zXFsFFqcC2f|0Fer2)Q~rVW=>dc=-B)9bU-==SyvwIU|U+G5NrdU7X<GO=xWiVONET
zAFn2<z}+}fFUje>@q~*69$>?7(wxR4vm5M*IppK@@0C6bu6I5TFE5`VN*43mkTrs*
zWdHC#qIYNc#g#dvJJV=)!a_$Y;=ulR({dINagWuSjykCN&Qr0vYaX!wD>xcbb?}q;
z7LzA6QEd!?^Ub4$1{=RF9lPYUyhPnycf1#Ul)lo5>nESO*l}Xf!&{UXrHzlIhapwi
zwpqgVct4kr;eskVK{n|JX&P!7=YXK(`Y}FoG_E!>YyjszxA5M0<q?w<nHt6tY(iaz
zB1*7kY618-Oc3=p%K8M1sjTFF>1e_o+4eR29y~e=DFSwElQYTA&e7!JA=Ket#`nLU
zlru(}t40}2Ew@Ym03O&5-2kJV_f{9oG;h00hAEW5PS_?DYen1VO<?%}FIclbIjwVE
zurk-NyjgaOp{+<IY|%TysS6cN{j5B&<a*7{7~0LPsy;=>pH3JZ)yY||7!RL@w@>Nm
z_aV>NI1Vb_WBejgg3f0BfU|*Kmo|U@Ey5$<>+atN$Z(7&_e13iIAih76-UjU$<c1?
z2r%@ssXTc*w9aS<*1!D(OyED!$2m5P{C2+YDegy$<p$=S;{1Nx{5~>YgTVfbOuaKC
z`%WTN>c9RGv5$+nx<9-h+tvS-*7kWhrYq^RbHJ<i-z^1`s*5>1AA4GfvBZfhzU;(f
z5*Os%@H>zD9L^Zx&#Fj#9Rl1`)yIJ^7(Z?G<jCoCrs$qC=la1bcxgP5jIG$gl;GxI
z*Z=MM4*4H+6L<UB)X@TKCvD|!BG91uu4M!RCe!#8o=Fd!#n5oSeqvIV=wt2bJQnO`
zX2i19!TqH3toz8H(XFtHJN;)}f?=MHjt!h)urg1c++Dj=@qQh@4Ea0n60a(M$rHou
zmqOedt{v>K)`#nH6W->n^s+x%=D6B_8OY-@5tCi%4_DM)5%+IIe!d_b@rqs^@=cw+
z1S?C-qtjSHc2&c9e9as`SdgT5_Iplsg|zPAcfcu0UadzFCOxA;lBJ;}Su#Z4rD?Bp
zN6&CoSlp#@imcB|knt$!UFLOkWV%-QTpS7h$SAK9b|yH_+sw!>7gETTSrj4UQOJE<
zs%<ZyNpS_fsI2a(tv+oHF*U2VcBljso5c8ZALvbSUmUU1aQpk~S>A8D$zZ3tWbqC|
zS9g!$Ot_v&Pd8qIX=fmp3W^Mq|C*>cZwd#@;iOen;opzXd&sWzNQzZ~q$~DW|Fy$_
zLc)PfLdLU`#O!JT&ogrjeLe-?jU7yf7xo=gE2XfuQ3Hzk)^VzMOfu<niFZunfPeL;
zpOVZri67!aTLq5K$msOuu0_<7FyRJhGn^Zr7`?e<m=eX%J8|(1I6XU`Mu;8>TXlC<
z!4ZLfsn7KTIhwtWyV5_Fc{qK$C~va1U|%iH!ahh%Y0~mO;~bA3p-|6^@^B${e|Q`k
zl`S$(tBFf6m`l1@VTNpsl3`+E^AJ$&1dz_l9U=cTo+9xZ3m1APNiw&Scf96l`{eD)
zn}=u3miQ1ELh(zzfsUEKjd4W2p>UyDI{@_>e2t%z^zjv%d5;1OzlxPC5Sif2Ob8aR
zWj<(s2{Y$6ym0{ON9USe*s^+rTgJ!HLY8PX_6f}-v69)riN8x=>Cf?`rQTP#n45M1
zGWh*6vfs?HbNF5=;g7GvSkG}|<QLqI6R^PYoZ`prEJOxf&_Rxa@MzJ6HQU5Qyps{Y
z$gHi)D7{SbaF4<1KVm^K&?#6W>LkGTf$%Zt`9vD&b?%5_wORc3dyqhilY^qp)qu$I
zi~WV+@N~*(`!Dx{H(-bgCGXjn#a)s{Nx~i8Gu1XhCb~nc&r=fWkaZ}ks6|fc^N!b%
z{dS5^Bq&@$*3=xLk0+idtIs^=tl-dX+Cnr7O<8Y<Xemo@$t)jU38L5!eldJ%C^Wos
zXJHFoe5IRvA~Ubl@JX|P5tS#GvuTR6v@^0>X6-5RM%m001MAXE(o9SFk7cu?Fz?uP
z(d3(pSiEiHQg#_p%4l?84CuDXS&T74@zzzUytmm)iobyQDe=b7bnQP3IsSQnT7eoh
z^Y->La(eTAf_{0SqO{BX`-g04S|z8sY_GW}+LO(CMM8T;aP1M-UK{S4Zn=R!;1SlI
zPVFAV-YHP6mv7Z-(LFgCN6{&q8jfa`#ERF;L*0d`W1dkgaTL4Y=}yT>k?u^akg%fi
z==Rg@O_>nCbVKCGatz^1i;3qmDR$BoxgG~{x=+~+sK$xIo54dU$eW=(Yp3XRf^Idd
z=W(c-jM^x{g8VA%X{&IwDP}E>BA>i|C%uA;fC<mqhJz_9)gPZJ>j)(c0>ZWa3Ah_^
z+zGQqQ_FtmD6*(M;i-bh#QH&nPyf7r4cWkj@Vp+j*h+pH-_3|q&UrIA6+tqmn`6{L
zp_3`^gtM-9Hx8L?-1YNV2X>t)_j|mF)anY}=AU#2rZI^nqQlx1bIFJ$s?*vP%hw;c
z9Ahrk&1hqqI7cnZI54I^;vUvv;KGJOH%ecVeetI;<Y-#av7m?hS>K(~9LSDtz$}ga
z@@e*@5_O&waOL6B?TY?HsF3QJ+%4&Y@s$nFvAhTha;A17i4MwGfNcOFjNylqeT);7
zWRw?U!a#kGN>z&+o+-7AhB5+2t9BK8D9>-03qyq%l?rA+e7HxKavc-zzs|j%Ef)xw
zVLz^i&MeP0lT8eTqI~mLN;qAm$fOpfF<M?55?B;sM<=ir*PKspa&i!jX>U8m`TF<_
z_?PfSs3-#rf(G>e9y1CU;{*f@MD)D^JpLa;NB_@*{QnJt`u^&F4^j-6VEX?V3#BLn
T4)OgF5Wq7Our_o3e)m5BfCQv#

literal 26486
zcmY&-Q*>rc+jMN(wr$%J+qP{_Y;$5exntY5GqG*_^StXj`A_;<-3Pm_)m>|Mb(Nwl
zC>R<L5D*lQt)`KN=1{_fHVhEZIRy|9=D$@FXEP&LGc_wQGjl6@D_1KAdj@M42m5Vp
zI|tl$<nKHK;c|L9?2Xi`gAI~$M#alRls;))9ce{P385=x?Uk*g@WTlu<)4?Cge^|1
zqqUPmhHgecI-c`RK6cXgeMG`ezFSIt$}>T-zOh^_VZ4MrnVgjbCY@O(^x26>15;8(
z{$f$LqaYuY^Ke>@UVI!{QFynX*VHlJ-|$H~Up1(~-ID!)=Be)`T#~9#^9Dm0t?q-w
zB<&e_E`SavhhwvBDVuFbGrhV!M_E+q6c9X;ZxAw8v?<3)^f|6XoByn!3i{w$4$O4;
z(NK&v!5IW~%&?qf)X50z7v(QZv8q!??M(6c3&(zW<tdnHw0c%c9JZ+C{x7&0qXY}N
zm_8Yzy;CuUVs{t9iFQRs%teCs;|A%#{@s8H!G4Q@R}$vsm)S+ztgGvuv~d2NZE`{i
zXqA{^S8?+gU0t(#9#Y+l;Im18YLae{*0aQC-)1y$nqvAEQi6mWYSDiA^<XS%xdC?W
zmr&6pSP6F0sOe1SMLO_s7w9gpQh0O_jBr9lu7n6()jYC2-n8L*xQOv4x*76WIeHyB
zQvA}?-Ff?Ejoa1UFEC}vumf}Us4ofNhio<|&f`2oRXmwBqP8@dAwyLTqLO3vH0_}U
z;7~JHiVO-`tv_jhP!_{eP>^7Ztl2VYGYi2x)IfEVKta!tR&W7|OPbk*!-hf!$Cc)9
zEYU*EaDXq(`rt6r$}zSFK@X4JgKy(7-lcm5%@kARF>pvN;&bDe(Blqh?>gm`Iodx(
zWaiva+2XXpMSuEqVTkK$JY(s9gR!8bmBoy4F9e-bwTvYRw}q?-oO((yDCpsEh|C;2
zY}R#*xl~L^)q|sx=C=dK!9-K4f+gS}mG4o3dj0CFq=pb2%7xexQecatPf*<N4uJv5
z4ZSV#CrR2k9aRbIm$H;%h%=q)tI5I}r!z?eepk6Ep109#F>Mi4D1krH0bQceC|RUx
zq(T?VgZ<oZ=VNv)MeKJKsSPGC16HFh&oB<H@5RIO65$2MfWPbk-iU|_ntU*^wxkD0
zNZue4GbmJmG&k%*zVbs1YlKT4Rs&(vG-8UI7u^_utK=*n{`t11I7-Fk7ShM0jH!$%
z&RB4zfL%-^!c8zHXMkrW`XSHmOd)EFl&l#>rwZzZ>^6$+>&RdyZW}Sr2suiSL*`X;
zhSoB5`Y99^$|66K$0m7KQyY*#--MX7yD0a}w2G1B2a#)E;Ev4*=X&mv#2~2tYIRuI
z==V0{rC)*~&>G-2t+-}CWvJ?Pz$ryxDbzC$&XO{LDsFMA?&b?G9+`L!9>t<M!Vq<y
z9t#$p$;7z<A^^hC{bQxP{)c)^UL|`c$p#@%TYW>JK$h^k&@{15RslIb&+h=I2#X??
z2B(wH`uo{uMXd`iRDyl>55JI^a6|Ilhs<|4n|W%JJEiil1DE<4*GWQ*g!H^NSxJT?
zT8~Ad#|$_Ju_>T3wzxld2`RjTD4~FVw(ET89KlUOD6Ofjon0stlyB?P*eFrr349WR
z;;dC}l`yn?$FPmF?Xu+(HcUJ_E<=j!S*Y6}PhOiD$}UBkj@J-je$K(1$Z`M9u?+di
zLq3I)?Ih@C7Xk4Z;W@ZF0L<rum*}cg^7p2nhaYDv{y1Bh|AXfECss!eMZ+Ifii8eU
z5TG2=G%4iHw8t$T@Jb8LUG~}0K86vD%Pd%7uy<|qLS%?os<{_fP&>3{3ki=>sOViK
zV0(bQtksSO@tVi@+^!Ym=M0f9$y<VF2Qc?%rr`w)p6l)y>YCCU_w9?J)I`Hf0xpnn
zzNk^t$DwA{yMViUk6dndS@-DT4#K0Dkhuo@_)Ifr&T}={b`vLW{gW9l7jsU#@f`#f
zTeaGtLdekYN{J-2<-kK-AQ*|c+Ju`0P>tFN#kAa9hJ0It@s`Ax?n9G)$4X#_PPyMH
zg+S&LOd~rsh0rG&(zmr=*pwc;ZXIG9HVf5Y=g>go$ts7x5`{AK@^#H5##_6pSqNTI
zfT$1t{M1VNCY7|RC1?xeMVuK3v`Obl+)DREeL~C$5+K$j5?xut0^5Uxu3k8ZW3}b;
zx~r)as?TGah!KWhk*@Ko_JZ&n0{3IBezkE+{%@5U>doP5-*Lh_efK0!j;tO7Eu?m!
zVCG2Py4QBgE*%3uC}lQ6tEtd0@E<tWwv^zP#MKc;x5q5zke%paWjV#womuIr6UX~d
zdFaZzE2PGj8fkv3Q9L0lzP@1?A0McyJ}EvN6icaspx@HdmQm9@hOAu8Jo`cT++0Ae
zxJg4#GoCRnl5DRgk(6;^sIWzldrXjvB6MPZ0uL5~-%Ig(>|BKu4e)(e+k_DC|H@x(
zT0V9MX3)tCRy(z12R3AL%6f1aza^vC<E7x%UHLR^4=wMS?fUA3D7m%eCJ0_<g&~{`
zp*CBy<~S8FfI6n&Zz+ZGXNc(KIHKnmY);0Rt(-PG0MarQ_OCSzX)^u)E)??0%EtDV
z=!&63t$rib^u|2{%<M({Y$(5SZ@V~(<Vy%CG<u~uvOt)VqKM2Pnij|`P4U~DzYf31
z<cbja1o&Dwv4u;HAU$^1yOz6s5OxPoKRf_0+#qRFD`ywBKbng7XfWvdSjl(1NsgzR
zp!Ye`P&q~%LY}g<b`x9l9vU;-wS9oVhAIGL?B>$Rt}LCs@5~iB@zMbm^)HGOGd;Y&
z%Mi>Q0k#1ie0e!MCTlG4Zd=<h$$()hjA}Q^x=ydJk9(!nDZM|N>6h`>fGX79Rr?`8
z>t!p_4x-Yg$d_ULc^IjFN8LaL4NCxN7XaleUX+86kH~gd{hrBDuj!N!$*4Pg7lQ!T
zT*r?$f=|ua+{p+}@I=vU7K_csl%#~nfxYc}Q^-{Ic^998nG)r6!B$7ONXmHcBO5<Z
zE>zS3o=cQMl`_q723*uH>jo=>BQbS82@M+(eOz}gte2^Hj`jc*@j7L}_Q++DxN5pS
z<3fs|pP|6##fsv1LU7B{_pYLvr9mg~Z_LBhdw*-dRNB@~rD%3dKK<20ijPxYYZ`Qi
z&n=N^uSN6DSN%haC4a!j``KpG1N3~@jMtEvkpp|V_w2lk(tx;}bJ^=L|M#HD%brL4
zcKCtK#z92~K>Sr=KjaHpNc**U4oFrze-2&6h%Pi*{s(C6mIA9zV#|iO!j`XSUX6~~
z_}k#%UVmFcU!c&91E)-{srUZR+VGh$<nTYrtgfiCd?De>S19_iG{Zxqa_?6J7%&*@
z`2G5j5T6^vI@;|VaV(d<$j)uLH!lnLHuvQyC(P*GA#ML2>j9d&oNP~^4PT4<p;3h9
zsQ`PLb{7S@sHW$X_6z_tu9nq%xus+46m0(-4?RWeX}pAe5VQxV5Hm)tgCcggVSNH`
z)}Q~mxPCi0FV?aC%AM)RW-<*(kH>6e@|yRCt~3}99wBwSF`h}~_%e7S0z+O7=qs8_
z=vPuabq@1erd~H#%~{otzl2q+5Pf(mTUD<9JmsW5r{p0!+dIm~na|>kw<q{QRQ&(s
z==X#SD}gQ$5GxP_5b{4cYG-6+uWDxJX!}o;{!fTr`T2NkN+jL<e53ibxM(ckDWOz&
zaLi<wtT(uuNZO2#w{t%43xSat$%DWN$;_Mj3VvKc?wnErB@wA@@nc6{GPrV9R#sJA
zXgr<3hH`wPAl&3OwA|ruwB;*M?tA$7TxM@K9BFyXtlgD%t_WHLHSs=<&O7YuJM{Xj
ztP5UVdc4?Lu-xZMb=p|)VQZ;ayab5sezeBoiv*ndsC+ImDj;?AND?e=Z&Ut^`V;V~
zOae*|-vSPL?>JX%y>B3k_kBFDUJC+v#qrT*C{P76dT>T}6Xz9C9<fdCUlUwA?j@V3
z{ZX<cLWEoW15uPuW@`SfE8MOi?sz^Ad32vaP~68Nm>Yv*5Fim)^W-E7HkaBSUgCak
zKUy6mScEP1JzW<nC5*T2{EGA7>>d?#Pj;|7S;>km?bR&8zIxKx3;m|U;t_=Swry<b
z#uYq}4Oe#3B9Yl=a-^Jh<PdmOVS~l@f!v-d9dp6kY?xn?M5TpGM33QJJk#ic+eiEQ
zTXu?^TjdkL(a76ob8@3_l8e43O6c)1${^CqGxju4VX_`dleNQpN*M2d%buetT84^v
zPk4H_gTF({Ddvg24f#2?*+;l|Ecm3fU_^@Z%=zBCTga(aTGmuMjLxQ8w#$Tg@Y~ML
z-}Rcx;x*!q4#vbh(m*<bCu0?F04mgFZ0I29piXio;nT*2(k!KB`t@b{>WVQ++Tw&J
zFFB#p_4wW9lkRXIS$XGYyjRq37KdMc+bCi;50$He?++~<SM5p67%Y75nXPh$C<z{-
z`kpo?DJ3cH-M!x0;k>GJC^B~`3(sACZkrV)vLSDh7$wG_WebE?WiR>c_J&-*`c_<+
z8E6%$huErYDG7vh6P@t8S-ATBC8Fn@GfhMpXH+f=&oz)uoBfvIanEzN&dc?{wX@ap
z733r?&-0Vtp623YUp|X~EP*0XLay*}*%TjC_TCM@+$f?xE4=R88H(|GB2-qS1iFgj
zcOU$CqhE~J?Z6JqLV!KR-|a8212ENv>Ur>MCl5jR7nFGzP7g(Onq<Oy&FepKsk9bc
zuv=#;A|#wNA{4BY^IH|wE~}C)OiAdG9<x=EtYn|7)8`ERTkae$WGb6mN>A5ogEPl7
zQ!WAd+;Y3NXYv6$Op#I$9pe(S2Bl*(eOu<U;n1AoMY-Arxm!$)&b=<pzec*-o2(Ey
z&jgWhztM61#YER~-T7zZ!j$H-IDGO>w?|xN84>kA=Ae@>HxTb8@9;hj8XYz><_ArK
zVBnV>1UOISZl)I&|AN<&X!;a{alX-x!qlHpA~$VyKuNHUA(kx>GvZ%%mP8DbB}9Vb
zW=IjN)rkmGxgWELpCkcjs<SoU(j--NA1KJ|QB>2oIPx3IQz7+}8a}<FLaQW?U9S1s
zM1N=4U5AotbZa{={~cFz(E3*<)P9j^@R#UXG0cD*RZ=Ea<;m2_eEvbA?w>G&EJCT!
zrxmX(L#Y^GG1#Lt0-SaU1}u6xz~3~y?GUSfK30T4dU%}7HML7rc{V&knWyV-lTJ>P
zUYw1*^kSgd-<@<_vtbG33&p9(&~ptYJM_QC93xaXx8c9VgVUx+_I?H)T_%%O@I64}
zVS9_vwtUIju%%Tl8n|8lFqU|%kC}5-GPKV#aWzhAH8ehAa0&F5bCOPe;7D9VWFzF(
zOykN0epw{bo;E;fl2T^C4CU;GlOBo~gCL&(FkwA^k?-*r1wC}i4tI{CJ7kg@Qta^K
z-|0`e+fnR<<%&_+r*ce$Mc{fg(cR`dcE(^&KZV!Ej#GnGEXk3`@+HAI(YPbaE(OUH
zBFI_vl@Xy=g4QbHvr(u*@`$+2i4^e6p;d;gz$^!8m%}7~N@<vLkx#AU%k6vyrDuA_
z%lbr_PkP=xLR)02)un6pA*g}4YZ}q`k|<;I9!{(onXtH*lbZadPiYX9$L6)IiNUWl
zyHr#e@$`xHHz_Hu0I*!e8GG?6k8diqaNnItiC;(1I!nezZY9Qz;kPIr#<7WCm$#63
z6l1iLHjL$dm`tkKT5fUh0iz<Lj-%IgYv#nM9k|-EIr@84py9ieoVGDj^Q<Hm{>6})
zZzx5>Z&i<qTUK_hPAP2URoa#!k#xQ(ZVb^(Qcz8DHRf>l52&EZbre4<W>(^vM=nXm
zh+2p&rOItqPf=JZbS*?9Pko}ara-1djs7(!PN!T(lgPuK3!ERUTCUJ8;<k~Yn0pSj
zYy}&3uBuY5phK%#W?jI84!f-5aoE)~;M1N<X*rBa%`BWKcIOiTelAC@Xc0bmf|@X~
zh^>(~gOgmwitoi^Q^1#NHL<8=b95$0|H}gBo~-p%Y`Pew#Ni3LLyDo~CAD?oqtpc{
zA;CcI=E0%#CA%|gXSE}H$DzP>zQAT1<EB-;V+=3lW%vW<zJvvI7`}wX+!zLiSNc#6
z|7)H-KQb^vcL9u<2p%HnR6MAe1+KV?)`}isYA$l>G>V)a{wXCZywIGFIynJtJmXKa
z*g(oYW_8#&9vIo-{V?LdDF<fQ{4&hoDS#QFs0ue?-p+wcLW2~oi0hZY;<&uH5pR3w
z8E$l;01CDWglRp7#3IsM0xY&5Rnexds)PnDUD4)9TTHFJp+swUBDP-aT+9LAn{HVn
zCOQ34u(>gFl#g_%Ja*1Jy|{&?oP>}#gZ<}gjJ*pmj$RE^tUazMTSo^o&h|5el`DH8
zThznU{dSolSu4gQyyw6$IcZXbvPmQr^<RdLl0MkG2=Lq^lp(~{e?2?=>$&Y;&j*E7
zxX%B2o)Xs}JuT##CFvZ$5>|jsgge^|JX%4aRu0#3mA%7A5{C7j9F8D#n73otE386y
znzu6<6W8E8F5KMt6J0B@B<_?a?ysWdyTw7G#L{r@c}0Fu9MgW97R*pAiusrhizawp
zxT(7)u0eZUxH-}nU2A_R-r8M&sTaEzeZVI;!-wM?_4FKqJLMTC<P|NJkrL`$NM=Wm
zOlDRLZd1T*DeTaWb@!L9V;WrBwS|Pf!w#<H^n66ybraWiemMd_HPbZYuoWx4E=46b
zQ6s%9Oroq*Ev`YQY++u6iIgCVF1YazzU?3U&Oi9TfAB;9;EDgiXZ#26Rf}P3P^H)9
z-XYd>S-B_)f}swf|9@v?68@Hm*?mmH=&k*)a!BYux{@+_U&VHvT8ZhSon-#yA-2^o
zLf7bPc6>c2K-pK8(5c6OKt)nah{h0HDqPhq7ym{3uZ}22=h>Hw*L4?Q@W(3tLv809
zWj%VtkpY)8Ber%+iqQIHM&5{F&WenbD4Rv}ARbb|_~>lV%zRo{mitxMEsV*Z`-vIm
zrLAPW9^aIxBImt&#EwJZPHpFIy}LH3U+3cD>%Pf-d7bYzlM~W3BYo2+z{@Al!Ozzr
zpQb8DG1>a5p8ZKY`M{F;TKWq>zrc7r4k8(yHy!Y*?98FHfM+`ZZK{>MSgy`MUgeF^
zOxDDVEt@$kzDVuF9UuG9)RUj6JL2)f?-E=_QuN{(dymJ%Cs3c0oSYozcX(+caYNv$
z@Y_P&VhuNM9rF2m{c27DL-QZ(>HlD}Pk`ttsHSSGPUk-@7{g|70@Cl=9YM4NPS`4k
zPhNU8jvqWS3sTl~*|JfxA2Kw@kGqouP6XmPc$*QPe<4&GogD5x{&DfNHuCFn$aT-j
z{+oR5^zzup!;{kFHIA^~iqhC_C8J=%adX!ACNh-*W2@h+YHF)Ltf@tp{a}khfQm_h
zFWAYo5Ay(Dg=^u|9(AuPYlnQZYUw<`r9U+Op6m_b$<aFxogPJJc~X%J_6;f^3bz06
zBavsQHRR0J6!sJ!eh$4JeNiE<6hRMrJn>etj1$$2QwjPTw93Mg?ap|(y-s0;$rz?%
zk4?Fef7kbC^&5#EFOJIc<JV_#{9CSN-YF-+Hl@8H8ONJ%JNpN-Ix;Ka=3QOXh)vDl
zkhJ{RV$uouI~G5hJtshYs;G440tJE$%l~Sm`fz0V$Y&mM&u^G<{Tfp{(|;lVMQZSH
zq;uUGs`*yd7&x3S=n`PY-LoT+U<T`^6+HDI+qiypNqB3@dZr{Qepp4FBCV0KTl}N3
zT7>g%9kmH3sF$JxB}OvIX6u??xPZN7-d3PfDaf*?zDdQ9$BTcYfjF!zIoW_V@f%H2
zuoJs|zdM;RaL6GW`Tj-ycKMl*KlUU^gb@RV6hc(2?RM5Av|=9bu{jv&7;Z|L_f=LI
z-W0NZ2Nb}t#Y-2#J9clY%w%!k)7*fLjwGz2Eljp0zWSmd;~~}KddoUKp1G2Lr^p3M
zc|G@JVZ?*<E~eZ%*1x;YQTv-P^mA|Kek(vZd`;XT_v}`n)b+$Ol=?2jNoBeCj*FY!
zL4*)-Bdd@yAUyolYUYZb+W&qpCJ%`p>3fkH!4dN-znnQ63+6V6nT$MRD>2s1$}`}v
zP7wZrnsH0D;-xV3S;p4gT7%w3DueOqUgZAGsJ{>mQ=)j$;x_Sx&;`xc2zJL6qJ@}X
z<A#`^?|KybRc>!~RbZ3H2bXhqolkOiZ{m;JReCqUN^|#OKtRrQ+;7lNaov*N=c!@>
zx2OZc#m11L4s2NA>Rhg^9&cNon3~Bx#*XcHC0GHT!4f_u>_}~cZI?4Gf-MrZCNMb#
zqLp$^gfg9RcvH}F)M9l}JXUin9}nM8M}W4!vFJQYB6Kfb8mg3MEXuZ~hNnlek6s}t
zUtJCT<nOT$SD4q<;#HRddy+jPv%{0-YMKB|l~LO}15N(47W;)y;!2L;02sSM141dG
zzp~S*#13CLzp4hThj?p<31g}qWoQO`V>D}Me)&E(n*M~fY<b3TB36sm>Mfwf)(8T|
z1OsB&SKS+6eS&el1seKFe>J}WfSXc#XaN&HU-Z3H<eMeo<OwOXD!62YgCYw>#Hcjq
zxr{%e3hJStfPwL`X~NZs)NCoYgiB@?R*BT@pi#LRHlFwrLSAe2?ultS?#T2@ax?jQ
zyxcXwWH*8S;BOp=0I^{Dma#|K>Z#M$;oUpq+9fKKQ9mAw{(JQ6iGit1X=TP_-sA<W
zH_!w1QCza4yJiTK<=sUBXzwe?wh(fC!<q&EFab><H(Lv1n4_7pOK7jfNLGh-j_J=-
z>w_t6BXXhmw;%H3y0*wYMIHA~-+kBbKBvY*Yux)zYHXH8a+G&kZ+Avjfvpp^>Pq~B
z@1GJy1Y7_v3U8-syOP&?RDQw>5DcVt2P9QYx{EE_xkKfazNr`EK?_BWU&&WzRC1l)
zN6Q>473I)fx0;)Hl&`yu1<?|QU#hU;AkrQ#(0%N#?;z*SX_F7Qhlz&m=?1RXv+!r^
zrr{vRdO137^V!I!eC2oAq4%;!`%M3`wiY9_UX@5}iF1kiL)iJNQ2z^b&+O5Mz>&ag
z66^5RsMY1B?Oa(V@6@5$uhRn59Y3o$|6x9-1M&rz8<=f7XOG&USe<RZ4{;asa~<aC
z?)ESzsNmp5q(DVppaRuB9Asw6>d>qAP&_nQHAco2BFy7l`jJ{xqPYv#m%Ai3B&>w!
z8XEx|p(7WMT6*JT`_I%95C*Oo8M+BKHxoeHLlOV@fbBpgy1hH^LwV9we8$Eq>9<eU
zrr)!~3|i{Dq3AvNhB13huStVHud66*nJ3lmzTJ9e;}!k)Ng5|^EZ}bEnUa)yxEJ2f
zRy17Hg7&OEgzv}6#^*y&lXMb5aY#RBmvpU5+T~*30H4JF6~apHa0-HJ8{tRjkO8ga
z8nS7q;|}Z40{Y`_6U9?*V*>g<v&*yA+S)pQ&5&h(;=_85$+14Q-rInTC&;>SxNhLo
zTOlYc`SEdjOzr2&hiokG>pFIps5m4q+2hg5{xn#?-WXhCny2;A2XhV4;Dki4AZLur
zIRy72==mepOFBD&WV|Rv_|C!^F{>{_{19l#{t*M$Q0+c9O!l!**7FrAzKNeS-*h?v
zr-1}dh!2L(OM;PP5lhH3Lx^e|V=)E|k!Wpx-}Xvu)w*5W&tWAeL2Zrw70tGOJR8Tl
z;owPZR_L0!oQr#}Q^0VtTH!|7p>(`UN!h{HnR<7VfEp4*dXj^16uo)SVu#CU<ueqc
zy+=;p1W&f352&fAHG6Z{xM#H}qRVQSr>*qZ*BLIR6)%leM@yAUux#S&t~1MRVYFVS
zWoau&-IP=^cw4r8lGW&z)oaTNtI}%AN~H}x$hDP5%vf7FztG^wfO)C)#&2;`Yr2N}
zo|p2&V&(bE?k_#gtCZPocLqIic?d>H!NuGkSwY1!kc{#ZI>d{8R09^9oNx?HwH?;W
zRwWlZpe{z4IWf_wMoCx$gt;Rvd9`G>8Clu^Ov=}<%H1wRCv8r>!jWcbc3tJ|XrT7d
z6O}2~8YJjWIlEU`x!O}zxsdRBe@|Ce*|@cSNS_*Izuz{T)jK@R$l!DM$L$NBqp`?k
z<(Usbd%Xylx%0#gu)w#yN2==kO_L8MYhq(=NxJ*PlTBo-yZ5{8RTT*>4g8|$H9ptW
z_n)8$OwLPage+>)^WBO3NJf>resmt^J=s%h8_E3{r3ALUQ{KDV>wzARd$Q!;cj&lq
zK1oi-QP63-wtAdfwE65PYsFaQ@7`GD-=c4AxFA4wYr7t254j*{yViPk`&D=B7T*_F
z?Y*di7xygxtDy*xWxayTRF|D+j_~eg?;XmxahoJ528n>@xR>!asEAyHq7W2pD{bm$
z&(Kw8L8oFf=^*IO`?tXjpjZmtUUorvz-}DGK~~JIY_F&I*>60o-g|+)iZ|$h2F%7a
zM7jJ=Nt@`n!}p!DSeonjxCL+PiY?n0IRH5YmaYfb2qFcmovM9nJf7RA5i1W1yhMyr
zt3%+fv`5Q&i`voA9h|GSD%PMuk0p^mh=ZwwM-Ix}+sj#Vcbkk)9u6+$%h<+;^MkVC
z7bhzZZECMUZg#h(up$k19CcMf+=Wq#?91&m|45g6z(Kf=-#|ArNBbrBCRPe%l9%GM
zq{7M6ETo-2*n2p7vS5Pzci^Jd>u0rmM<$l-e+FDIB?0@0%lc!F)HsDtypTb3XQ>WY
zwyJwRmh4NULDL7AM?<$JQD~Bbqes<a7-}Ao3^FZ2l0tA$mc?Mf-?c5(JWXlwnjKHm
z(=857%8oo-J8s?C(*2P>6Fv1hswOi$kLURDG~{$98Oi>2mZZd#Rs>~1;+up?h78Xt
zDav#fK%1Jx&5y6BLhpM!DR-W!NUR-Wk`uWNXN1~U;FTOt$dGg1xo0)Ub;C8rRvYqc
zK4+%9S@Nizy|2!*>4v#wtOVy85zZ8dHDB+$%VGH9>U?W{@cha%r;@))zleCs&6nb#
z$FKZ6In8+%ld+x&nq)dkTl=51^KjF_*Lxiac;n4D7pH{GUnQ9e)o1+J>jXaQK6T%&
zT?G!j`2zY~&!ecjgS!rPJ%bkw)cSJYMNjRE$`OMS`RrJ(5Q*UISgaT08Qdqcsh;Z*
z!6d&ZCMA-V#n88H#kxeh=op%is@BNHVJ5O7P4Y6we(mJI1wD;6b;qUcUD>i}6H9v*
zV+?|{5hCvGlx;qSPN_&L+@85HdQ%b`Xp`uDcudjiYzBPTC3m+^Grs1Z#mW9O+isds
z06{Ah8FW*s#CMlv8vuH*#HUQCe1aVz>7W3%Hzl#E2U56CcDT5XDa(*50Z1BDc(z~8
z^|41wr7BoMId#UwtXd^{Y=^0U#f0?;f^1<yEY`^@wL5WrQ|%mwdsxUrskmIGp=TK4
z=dVM^N_d{r<$UoDhfp|?jycx3bcZ&|6*A(6o&g=YnO~9WZw9+J^8N|q;i?d)LhQvk
z0M-Q84S(bhf?R`|bsHPt4W4;0X5LVrhKah;{C^^2t0FjawKtci5G$-a)pi!mB2H2Z
z)?h6vA77ut{3IT_{anduCS3e$wDGQj1Ir*fId|7$MJgvpU=;u$A!6e@!<Z5%G&3W_
zPL2*>4Nz-f=xJl;a!cv?E8a{sE9qTUbT}ig`@67Q`A{xhjpK;bXNNdRO}|~VW1x;A
z;^H8N_$e_{F&!n|m|pvwsPRyrrJqG_q8l?);E*Ij@mDPv8Vy<dlc7nMGl+Sd_{l!F
zm6tUbW1s^!!A4fsL`mDgC$*y?Oq!|uYh&Cwqp!-r-J|ghXTxefDu!-P9NiMR29SXN
zqR&qkWs@RuT=L^i%N^|LkTrKtL=^bo=ZK^n>rMF5X~t`^$x~l;z<KSlSZSI;u8r(g
zu+{lwnd5nk30gyz^_@bS&%(OkK1r}@!G82+N48ok_<fjI-iTrF0M?RX(3&Vi5Y$q$
zWLDBJ*T^B}jHa3fPT1J!JB7OS;)3kX+WrdRz5`!0nenmPKr~}x;C5sAu|4$L{$Fum
z8}1iNZ791FEIUz)d0ppvBnB<mK4nvv2vS6oI^UwyL9s{q0zoB%FI@*ENYvMO5+RCn
z_>wl~X&|5_E+8t*<Am}QWnUHL8WNUnWR7knQ*TL3yQyGtm0ECpxTww^kHJUl>v{ZG
z<Jrze(?JaXM-F2R;w?$co4az*cfLsLzZq?7_mX~_$9g3Grr`9qL?8i&3Es%X_ad$d
z;tkvSJv>{dR}$Q<2WA_w>9qk~LG{YGol7pbQC7!N7>eo51bt=D!j4FfB88`&-3oOc
z-Mv5fUq3%Ox-h_(>H3uu`Iua!qcFLM-zinmO;K?kaWdRgw4MJmGM%Sk8NHECxSWNJ
z<*JqNh$`}H1;04^wrTAB$@_G?ZfLbVD9YU6@pK>iXt)vCJ8>@885?6-27-1Hu*&9z
zZagh?KgR6U+;ct&lt~+TwdcV@ofmJ7bD6HU;G?bT*=t5fi@r5kLpwLkPkIlWX)uSk
z=<z3-1Sdq>bnr*N%aI4{@Olx5w?HB}q4xE=E))t~)JMWBoX?s)Pw?yP`_J1wxjP|l
zCH=j0{J{ToX)X6QR(WpnzEtV(41b%V^vsZTL`0k6Y)v{V#3#aY{RtD;kHVZjJ5cYy
zX7{w3R5O<^#?|5MOTifz1~Z<+{yddS&TulaDgHg72_r!qz@SN`zCSY`LQ@Pp@irKW
zVNI+=r_mk)5k__>=d9vQ*py4%9-}iJqsoS-F0WPRP~0MgxS|tLr8qKr+yJw+LV^Vm
z`#LH^i~@GBkQNLKUoU-RdGu<uAarCwDYg+vNU7b^{jo3{GQ#Q>^7Llybm#OA&-9`r
zh{d(`oygpbF(d_9T`V8VQ5{Sw$72H$XQ?AUhisP(45xn>7(8A=+OB%2`#Svo#T%;s
zC7l-mPl7;bXP+J<e&;}F{uh_h@Rmdc=P?V;V>wWe$VATgQ_0YS%1Ztb#m*+eu+Z-~
zOiS)~ZHxx1Aj1+7RIVtRQ=ackvzeL~OBB7u!lW>aEmGz#YBJ@U<x-J2thOeMOGNy2
zze>=HkvW>lx0yxJY_%u|mF;M^J7i4Q3}b;JG7pJbMJB_o&vf}z>|P6-yUwVQ%ta5-
zg-eXtGE!u5Ojc86jEV|^1Nils7;=7G5^I`Pbs2;^L#3)ix`7cdatH72eKRTamRZr;
zPSXcNGxwZ}<n@iVt%JzsOt-N+6DdIE%_Ja4oMdf^`PJ!xs_^~SSO%T+4D(`E?>Rc}
zei6l!6<kvuoIw%#yj*zOjafacC8Z$GyY>%T3fJ?wj5wm7{AMNc+F=ps_o|3-)7@E7
zgVl!y&U1Nf)SQTUa=bOEl1uZa2e#kag&HxyY!;&v<hFv9XJnKn^8_HHT0YfVd<Kr(
zHk@_>?uAPay!+GtmX^PJ>Q#np;$b-L$(gSrP#?xCnM}{z!O(_GiO=#tID)<Z*k1Rz
zt-L6GxD%T53peO6+rY*-Z&th-TjItPsui~ok($i2NK+LCdj84NO<*~OU;@dOGXMsJ
z3S734!dFXjyEowrUQrEQRZU;NPC!*n6=DXcrl?v)1GiGUMjc;B4Y+axqTCu%36Ux)
z!J=f12{h*%LmI0cUziiy&AFRYvM#Nm0+?X<hLzLx&2cmq;a%`MhJSrf(m5ET8<x&N
zJ2>_HU+6lD{m{1aUX=JFRo`@|jslL5_c!5l{36`fduBM`W}$zpWBx0(jhLEETze>+
zr~_N;m7BGLNMi;qJH>-o4|^eMWW3<pv@u%1C!hZ@KH$^jK+xFF<z~-nvF`i+`(QLv
zcEZ-q{|AD$6Nuj^kuiQRj*UdT+kZ`t=RiS_XAyyY@#AFv*%uq>=Vb_|0D*VJU~OEq
zFz&?RHi6-k)!{c~*~jluNqn3npEd_V_v){Gr4z#+up6!4l-t=&`k#H1hvG=E(T@yW
zmD7*FCH++4?<?fMbC!#Rpf3KB+2c%{CXKIk@nBV-Ngtuxrzc2XuwOD5G+6@g4~!vt
zI5x378TL*X_|6uQI*-u1T+cqgL%9;lLy+9YzD?URt~i*lluSA7{7nYm_V^?gBjJlI
zf#}9kU&9|93_0J5lHodDCj}KL;d_sMv6hHvi_LCz*P|j-fz|B@p1C3p-=1?-M^cVi
zN3=lYe9dF?0&G(Kwqau26Ol%#yr?{9J$XCj3hp<e6E~$Ix7E=DXTD)9uYCt$o{jj~
zJTf6G2V31>GOgX&>rD(yxvj$XH`|RFfObo>NHQ_{TEj#XX+Xek?E)P@eR20Tb83Nh
zC7|{;q5b|_=;Z$dzP(BfasYM2g`U+Op9R|T$LPBX6H(7}$<silb+q(kH`HEKq9<5{
zAyP6raSsuDI*LI=TE0Qtn>&F=uq$jXc?Qep)K?`*2}IYcTmw~4k;Sbq^eSYDM*3Ga
z9u)o2mk9U7fGJ_Pl;GjFL~_bE*uYQASDJu%CWv9?<{=7-<jo?$9#28$i|%AE;2OZj
z+*ySZVFUt6?9A#D3?o;-Y9Of=Rvsw-NSW<|L^WHXo%QD^6_;e}l$Qa^2#FPPqg9+j
z2a-&)gQ8j4C>AT|1~iM-nemL{GZ{()%fe_X_a(u&!hz6PxoZZJ>*3O!0sml6jwWG1
zng^28|JyY4|7}`B@$W$LnppDT<ZOs*#|<Og^K8LesxgO)cq)E6f=e9nl&BSS$C5x=
za9!#>8DI^Vw*Jpwfwa@E5Z_c^U~S49c1MmSB(g|Rpk-e`CNNkkR0whcig;L2prTHD
z79hpp2Yp=}vZH>Z7@K`rau5m!?K*a^FUqoDv?pyW88au4M+|=fAyNYRf3GV{beNHZ
zoK8*wmFG8Xaj=EfWd7YyRe~wyy}5LN%_HH?H)~X+ov3yO9olB7eflj=;M1?IpdDE{
znCd!W2XmE5@<@9c!=V~F8DGrXodd+Z?#a-T5{*329o)WcpzC9Qpe=Z}AmH_yJn|)Q
z3^^F2Z9B;+kiu+E7$MizFhSsX`VS1GZF$lT#FLm)hT$bie)xJG5|nA;4)I?=Vji{F
zL>=jIr*U8VXg+KCa*8msR)6@IcB8RPGSZ{2<0$iHFdcVlM!nMYafo_=@1}jsH<5RZ
zTVVTcmO=ap@AHj-K3Dpj)PDzH{<Z-6VQ^<>@-r}f`^Vc|NuVEySC40IiQAi^18Stb
z-T&sCeZ9cn@V7V5{XYNdKfd0u2M2)O;zIv2_{Z1Je|)_O6VWedbG%DeH!=n`r78I{
z`X#*?79y9fXspTIni`Z0+=kXy@(G~TCcz3UIT8S(tKlO6O1qDom=XX=JGN>q4rU6J
z!7PUXR-GW_W6TBlqs&YXlzLwQQjR86B5tk7?Ah%Xt;mdZTS6PR3+hYlfELJT2O9v=
zqxww0C!0NzPB4vapbfJT>y0A>B1V=qm>!h}^tzzS+LsQ%HP{eaHVn)F8A2l}1!4w|
zuwtVN%;>OzVCFv%ETTtRJh+7;DjlwcSh<O&6Rcqxdc-0sjTMob^$SMT3vfJhx`X24
zbfnf%Vy=F)ZZRwY0um1lLTjWnB+6$Wv17)P>T65o#WLJl3vbREmQN3opyex#!N^9u
zMPRZFgHZHs7Lb68im&y)o97TcQHQW^n$xzo?VS!!)$z<P#v~YO^$aoq<v{-=GW~4_
z*xGHlEJ(BX!Ph}Cm=Ccb=j6<CIs_^iZ_#w2n(n-~kPQOuSOPpbVuRN*X4w?M3^N&0
zoSAicUN|;BqYC(4j+DO75o3CF#=k;E{GwS3T~MK0{_C_R`FmU5wHzH*fOYUaQGX#j
zCUqy}i1EXuN+({f-%hJj-@eSbMYm?3CqPd3*fi2%S^q1N{ipp2EzK5o;XrbfQ~?{Z
zstey0&|C9{#knJRu;|yZi-jV!m5%d~L2x$b<p|==!s4&zWN`JHT*IU8n@r<yVeR_W
z1VF3%?dw+4L~A(DsR#v@p4$~t&rS5i`}x}5kCF~d%rXG(q$sR8b-Qqy<qjzG#l+bx
zdVF~{@nxtXa)tQudV2UhebwQamy&jX&VV{h%H?)6qCfc;X<OOuHlfDb%MK+z_Hjv~
z-GDv^hEb*9$)Nm4LsZp_TV;~4Md3o{xoi%aA?@jPe=c9TTRw9{LRQA-libn%X;#%d
znKa*ALGsSU5887oki-cyf!|cx!PWKT@7Jq;SI%g%D9H|HfU!pSBo+{`GdD*Aub}*I
zSv*lw0!BNe6Z^pS%<X!*zjyjr;81iYcV}8g)UyGs&IDM9uLil~HU0k=R?GX<v^Pn_
z#&Uu#Uj11JpEK<M$2pQWo^82%clF1Sm*uq6wKm^OT35FK4=Qm5lyhI^)~2J|Lh?u9
zIu)iJS;j;+xSb%i05i6Xr+XvYh5ej$=9yTY?Y@4GHQ-2zN<!S7#`;d`A0RQnV|VsT
z{usx~A$rB~e^Jur928*)pwTUpkqy406C&i4#F2<B(OryX^9eZ9;==VmmCod%E)fp?
zzA)PuncOsBpq_eWx&6IyVzOq^Ol2<?-9cB;p`8YLHStyEvj6pERp~QfrJFJRB&Fi=
z<NCI5?e25&-B3IVdB4Qu;&aOw^~k<VNdKkh=HuXKSd3u7Ka<3voI?iR9JA9BbFgLU
z&syX$ND`5tyQ2r&&G9y?i1l~m4a2!K)upsS(M~EO&1!Q-Xp;<&E-I@V`J7xTh2mAH
zuvz`!2uv0Xx`K#Utvgh8)I~u`4dh*dA07oNLW(UtLFN%mN-EU`0=i-&HGxJ3W6nqu
z{DDoCYFd=NrHAMAa}YhMX@V#z<b(kxQhW)d)L>hYYv?g=2;mQ#Z4!kxiId)#d5CgZ
zbzwlx73rooOjU8+`-MRRSOMV|<YN=3_rHl&W3IAt6}Eh}XtGdZ+Y{7okbvJO^^6hw
zBPdFUP;cYceoP;v<L<81Kp~^fUFT?T=o@Bl`sXq?m%v7}sNBn?B><l?>ue|Y=a#eZ
z&EUPw2-4;;@hie3F<_8)m;;xC5;tAEAgaq*IRlzPKyNniP#>lE00qU|s;72)J3h`#
zMUvO_+1kOp?$RgNRDYH^GyN*;5Q^gf?Opq<T0eM-4r;-xg*$iEspzarhEI_{QNzg)
zBC;z=4_*PDu`#E4AhJt=C~*}J#mg<j3|Z^=B7fz=wBM@x{(@HFez;SkD&>&Yh&flx
zpk#zS$?s|7vg;C;?BhIDw_}}<czsnj$&dQWGn6v|$b`B*3U#wsBl%zMo>kK8wZoYs
z7mEOx5!4-54jW?}4b`xA<ge@@z<0&;7M{@O61<zCI1ZMV_Rh_MtCV9aNye6B994*o
z;R^1;Ubsb__QmXoBxJL0_|K=YA*zCfcIoMb_J6&6;!lyK35qyD&(=QOftio}>lwjh
zb%`0Xof9E+1`7Ga$cSQq_waRJxus%xg<2=$$57MHK#~V3H)%|+w}^*ec^-#<jO{vT
z8v2^w0GT;`^q$8>7U{$0I%l^R|1X>wk)$O9eXvluPXcg6vU<*8ADSx^C!tSK3@^7t
znO7Cou(5t-n7?QRh8Hwdv3nHx3ZT2Zv1z6K%Wb1axnv{n7vw++5`jcovaOcm*vAo-
z43debwHxl?kQd<a;CpD)dZ3hcK!NM1uUNBuiqrVb(HIvz2}&pSDOvtXjt*5PSyY(&
zlV3m4b(-U|WO#QV$B&DzJrWQ)-CUo|lsZRV7RF=HQ;IQgu2W0_h7VboD~!ebl)vI{
z=7+f*AQ_>kb}C7o&;0G{?<QSfq+K|tO9v6Z|E>Tel1eAWGuxyyX*SqkBsj;iiqlP0
z6UnU@))TG89a|`voaa(6hRm&<C-@`WE?g?h>l`DB2PUaBDWDSR!bl_kB2F*VYe>Nh
zzD!+>M6RK0Kp7|1NR0{PZ=JkDf1V^F=}U@Y5Tv$_O&9r}=)D&PYulT>MR)K{7s47p
zVkjg1Z6A)wpW-&}a*f7&VvA5lPPAk&*L?(wz@B9f$+$}!iIFUO!D)%Mn&NU25rZ^A
z0l^brI1U-*H~aM5hX|60|J$D>79kiC;V8bxp{1`i*Cu{YR)jrbj$L{-OEG@WN${8}
z$gIESn(+3!&REy8r%@&mD3|2}8QtgDx*UxcV`qXUv@m(^v>2)dtP-f;LKacaq9_SI
z#997#GuN+R^HZ7Px^@@#p<{d+&u|!!#1!lf6SHs_-F&bGOtlU|V_8ZBnZq2aJK=wJ
zV<!(qX<M{m62Dv$^>mIgxyA@jc?OJOV91Pr-6C%-1O(B#TyeZD4u~Sp58v1qLB)1r
z%WHk*b5HmdXeHO00s8rmxFxBuVL*>j7^w<r(3i-G_7l_30TcYdXS5zXf;VHMZ_9wu
zcNx+#;!}qUN;&3QK*wI6Kh%-K2{~@)y(pDn=zS}9ia{A0W9Z#1ZA?Ic@aJ9CHC&Ml
zfh_EL0BWvg(c$kC!rGYiI^-VO(NvZjVn!+0d>3ixG|$uf!e6r?P0gSHSRs@yU!Np8
z@JgfQiWc44O!Z@Nbpd8xf%VNi!Dg|}#%g;tt?j7BC)k}99Qfo!w;Gg%8hXNRo<B(z
z5Y&m5VzGr|-urLOCAGI$>GFB9<A>TuNosYv8iK0yiCaQmht5`}eypJy7+Srp?$U>)
zBIndKJnZo&syA(l7n%X!^5=NCt6VD@7C0@jC+e%7cUU~vUPfMC3rFl$UZcee9#_K5
zV;TfZaCYu>Flo?CaI-LjLXva&as#U?OYJ5tN}R^>4uOhuGHs<KAWV?^VHWqSeRx2}
z2>~R1c<O}5jyx6_qGt;H=T=Bfq$KlrQ^Jp6f!v2#z*7Y!OuxyxflWsZXz9TIjRG)*
zB?(}GSVHc;*Mr2o0>PKBR_R_~^Z7Hx5j~0ZZwGyF1IPcJ48s3@nnn*6NF2MCYkWHn
zxgP4Cz289(7O=26@vEwre|xNHT=kVhSp(jZIx{MfS$6Fna^nhJEf`FDbngF}1%xKN
zwTDhI?jYN1mH<)}9FuLDhdaAEVV%5aZ$O^v5@>dQ)jpb;bdigrFKJvZI1!}#R}QR&
zjrvl<TMKX&&>Yp<BN3DT2?|G&n3v{>z`>6ha2Z6};`T-gX5->?SaFJ0K?D6j>7TXu
zv-a8eWyffNmboxlQvK(Ug;I%CdET)cW$6+Zn(3_H8x|RTVh`XuCeYdf6{rNY7`@!i
z23J9#3pvMiR(}4+$^NdYgYvhq31A*}5AAgHD9mwX&lx{sev4W7L2{DG742qt-tpoX
ziS-c($S~6aBrS13^D)t0BZIgc3V?p0E*(bMqzqIjYG%r4|BS=AXk?17m&&#hNKbCZ
z?xxCvq~fStYVkl+66%Rxul%VLp?^;&@0QzK2V*P)y#&EZUM%y6Vi=(i*p{W}54^oh
zI2|ZAy1e|t!6;QIWR<b}rOJId3PhCVsK$%>`cn}_fsn{BZl%BxAJ&BJvOJK|IH-J(
z(w(G6Tuh*{be$J)X^cd^q#q6MSgUWW#llr6PteX&=aU>|<6k&$mvxusv4xfT3o^nr
zH^bHa8=meWlQj>+-SJrC$PWY~$+sDmH`lZ(@AkW>(bli|-1yaZ|LR-I;#Km?3<`k*
z?9P%DD=TFK8vOgsF$2mcUv*H8lP*A2Xv6W&7T?XG{Ut#Q_6hHyrH)t};8f;f#Of4;
za%Q1y*01CyPpuMUIjr*#pJo9KYvlExvBWDLM3N(4FP2aUv<G<F16a6(Z>Etr73D$9
zfBk#u_1pb>>9yI_V)xl?g15>ayzyQ#w7P3Ggc{ln(MN_7fiK-up`rVP_i6X_f_$Uj
z)>VZB$QueSoYbN{szsQJ0QuXozCKke-O~PstsFFn7G(|W#puMrx@T<cY96><y%yLr
zI0+7zUX|1dV6)9jB-v&+;Hs_%(-Vd(s6|^!MM?65Akr$QEdhz;zp0Wem4MV~&`%}C
z`O~+w#lQ&J9j0&4*g7*>Z8uU~PaRaYY^p}Ch}x7+zeuR9YDtRiEs0&zh6C=*z(PMW
zy)WR0cys`Ye3xpR9NnhzzYE>b>XIY|KRF_l54^gN!)a3KHyyiUq{cI^D#MBpsAit$
zFwQ|lvz{0p@+<R7iU4hFpQwt*B@<x*F3IOlL)FVi_TKN=ohN=L=_IhAf)IPq0J+ZO
z0)A~`>}bL4q}Ik3=@3<|%dDeyP@a9@$Que0X#ha$6-O3~V2VdLMQ#~3SFfg>vAr-}
z%3(RCe<7H4nsSc@lZX<#P`sPvzo>@MAlj-Su3n;Yt*PA3E>_&qvuR#xxQWG8Gxk($
zIBMSK*D{OcSWAD>J%(Dffg33$>V|a;@Y|S%4k^HOc|{ESM@C>mE%BRSn3JPi!Fcfa
zU<FRCCRD(>kKj%e(jj6$ayBO<oe?r+ldUfWm-$`XI^fJ$og=g~Fz$V^_Dw<uH&Cw<
zSnn9ZxdPsC9?F^%7_bD=!UkqZ-4VzrxiZ)OB6(QJ^MJ}K_R&-!NKuYdyiZ-qxgl-;
z@ICr+dXQrwgZVt`@MsUuZ1#I0gCCSu7cpnvw4Ga~j$kVZ){9xt-4aFwTrLXXVV5_J
z{$T?xOLEmYSCfI2u3NH8cN%U2i-=XjG3J13p)J3-OE59lAmF!hKj8dE>HKc)x?Z-Q
z0laf*%bi-!lj2gP{+HTL*|}F#mH>)P5UmD$eQ_IP;CW>Y0t*rys!)2Kn%gqWTQoYe
zm~mmvm<iml${A!-naG_gRbB@b8)f8U4sA{oo(zr~JCr8of+fNnwJ#VEkIOXB{JOT7
z#o_M?*fX*qj(OzdKHvwa*)ouxMHLY~)CdFmKuRE<ahS=d3KRnczQHxcLAI}TGB42B
z5aEZiG1zPbmY-X-q3B~-G&JZrYRTFa<5^wiVB^sN9WC$(8esX6-btBPkYcy91a%IY
zbtbA+SE=X+vbeljvG*)q4N=>hg5cJ2A|&bVI9~O-qP{2SK0x`x7t$s_vub1xbBj<b
zWbT)KnMaq*pUnm4zrxr0QmxO`N?}j=FYJeTpu>CG=*`d3b8x^!c0ER^F4Ce>+6A~(
zJhcEeWl%%Ain{U0bMdrJb!_cTa7+4>H2SduiVT1%BbxQ3h@DnBJ#34ai`a&zBv6Z4
z0ie2{z0%wp3q4bPYeYnC{qV(27U>TdZLgLmzx*-8(Xb;p0x~o&0Seldu6n<Gxgm97
zS#Xm@25zN>$dgRDe&p0rWH6R$T_}&SjjE*FF5AH}(&7#O?z_>!34*k5s0k`ce(7Kf
zgJnf8m7=PxUsRMZv+P<Z+r}V8b9lBQ?S;+&$0J@Vak(9I3q5I};$~w%SkqnjY69cu
zx_N}2rT^M%iQDN2;~krDrffgtgf4)kQKDWf5FOIcRNm0kW2a9_p&awd8YPgfaGr=s
z`4I|8;y4SKsj;PRjI0S=wNqEckxaGImOlmQPmtmjN~NCjuN}oJmTMNw1bq(%qHc3T
zui=KwzWXRY`O7y<Eq`q@O?^Z|uh@Zm1`5ATigesrpmYryB`!`~{l-e5DVy{Uq(CpA
zDNsWKpoctSrkewnjbw-=2k=+EzLOdlf%xTF!vb>oFjBtwz(BUN%b9u6nG&wtF1=BD
zcAc1JSunwTVe5y<=hp5VHB%YJbmyp~Nj%AEDe=Jq8O0_Cvc6)-i*7VFBjS<s184tR
zRiXUSqRJ2fw=m%ZH`q)V)q{KED<BG;VvW%8#tgZg=%W3MX<;)`Uc|mepfq;iNr^wx
zEx{AkKuRs-yI2n@z!yd8KyE|=H1^BOc4`HD@IsywbNFG}%Yio;N^{}2QU$!kZa*Vw
z6!^d^YQ@{}N}kZnZ0trnW}b0t!1UKuLPy1&QCa2$@g{&CiVQpxx;W?mSJzht)e(f*
zUfco~C&4YaySuvummtC29fDrm-JRf0aJS$d+}+*b-R#!Bx3#Z!rmCm9YifSXOr5X4
z)8~9$GE)_&UN4aTK9~mqnU41;si-*GBj5z6+bjU?;a_*ji)#F>MP#Dg<Dd=FG9*+0
zRG2I`-PmVow#U^U4MOB1+5m*G0A&Cr7=Idkd}+INp(K?|xw(0Actx=S;oR^;G=SO&
zJ5;Vrn?DT>24?80OX^A^hr-@=oq!0;EWjLb?o9jZF4EjtK&u`t+=PX}T2&@uj-cA1
z5vkv{%+H{ias2Nhw6GY*?1&iKdcWto5wPIQ0x)Rq*|`-uhFRulc7jj<lyh_nhb#s~
z=U=*mQLy1~S}~IWbRhk|n3hyq^aQ&~zZ{Tnm8!=D);b|POEs>Y&HSKmr*x-8WiBYT
zkV!i<WvaHBo^Csn50<s-zds-NT#e2hem~h(!M>#KV!_mB>n*B%o^hYjJ8We3+IXdU
zACDN7moD{{zgG)TXEI)5$;uNC<|xBh7>g-N47sE0{5~aKJka8S>AWG@!X+lAJNLJp
z6d`5mUxsRLcIq7U)&mlgfI&Gn&?i6t6CsOEFCXo&M>oT!a2S>%&Vyms5dm6(n5`>L
z{EiC=Dn9=kMz|X?f_f!rZ1D2H*#pesKmKHf(l#ahPVZ;Ak*DGJTu<$xtdqeu?_<^t
zd1^ljVZ%dw`msW>v|+ksMThV1eS-PNrp)5-)N<U1q-WL0hf2kSeP<(RwLX#Qw{Dru
zNGbhsQCyT_W8;&ycjUl0?k`fvf~Lkh+`O%E2{J6aQIQiYj|n{QZ&wSB4py)aam<-B
zMg_ISjdW}Uztf9FA893zhAT)2GU{c9eaG$J@_7;Ls&28DYp2IC;(1d3Hj?=AwIaVV
z*YRQMLAL69mM0Z@tRDM$$1qGZj}(`p_Sm&iMRjjC;+$SzD>+*fepvIoZVK8S^<Qg5
z?HmkVYSbEFwp*cEGx8Ui!z?Yr*DMA)(LkOYpsN|s+E=k(l?GPn4sf8ym0c<=M9O?q
zG1wYb3&v5ckwZ<>4hLX_`lRng{fZqmJ^y7I$udM$McKcr9miuTprw6Vk33H15*6)A
z$46tgl>w(c$*ZUVleGFrSI@;QP2B9__^Qu80#Yf#D_bx1y{EnJR`y|5StEh?Gg=gE
z->rCzKhv8oEBvgTL#hBT?_$_&HEJ@Eo>XBraCXxhelYa=e>DbK-(T}(9z?BY`)i|i
zUrVua{ic>KTs()$(Q*xV`1ppiV2?tw*pq7ZZ@{VHY!=ri1FRr$YN#tT>;sMpvl45u
zUbQ-961zSQkrZ(c1DzC<g*aNB+Izz<qM-IrL;`W)xlb*Ey1K*sYKP`#>zJiewWpuG
zN~e?uPJmcExgw!G1EmcjLuGn3A~w<BxDbdzZHQurt&!y4!ta4*{ZrJWCwd6-2NJeH
z6W|yCI{Y=o_@yZX7oY?MumljZy5tkXvI87*8Y>`j?WixWKTaO9&CdO<R71&mx@!^g
z6lb@V6Je$dT&WQJQ4^v4;{mJZnRa>PLfouksxD+XUIC%O#cm)2?NHmF=t!t#Q1Aju
z1i4Agx&dDyKVf&HSoWfz93b;jtxZen$wU4WW5W$101-me1nRQ-6Eu8wjWyx&hlKE#
z2FO8vM+YPTQlY6(0WgsH9?~}GRH#ZAmG*z>wDXoAAqINVx-r4<ub{?Q_o?v@Q!tr7
zH5;PpBW7eagwU3`ApoX58z66<GK-yy0FVcmLkeMJldwTtNI)IaLjUWj!=!h!$kl(&
zF76e~mIO%PTDl$_8p6$(@3o5$RgNh~zJg)@B4_zOGb$iBqvCF$Y8l&_{ih%(gJyq`
zfRyvBS(g?5h8eH~<^U~x;Ryhng#~3$-6RgigYEe^D^yD1qY<{y-AZx#XiWW(`W}qY
zA?+M+xV`FxfDix^v_A>pQ&CPM^e1YyGFbEBND=<csY;^A$|Dcwq1LZMXmJ#R5?B1L
zpRkvOGZY_ZJw7^(R~9eUeK-mIa6&%Z>e0hN2kF=kDx0ByvyH<ESaf{4fh5q6B-Fkj
z{D{wj@qTPk#NjA<01}#JEfRP%Cx1v^s@bM2$%}sSXm4dsl+6%xsBUBkTX=g>f4uE(
z&*=RqJeuGMF+F*aYw(xpM-C%|_?-t{H9>Af;uPz>;29&)!J`*5htMtkYM*C*871ng
zjy5@~Vvp?qBN;YX3zBb7^~%<@=!)9gfB~So{7H`65;Haaz#lg@al1y2m>T>$4?aiG
z(N?mM?|mkwmKRmI#xeqbuRZrT0G7Dcq1a<@@g_~UXRF7MJ{ZjZ%7DRKRJ`K>-?~WS
zx)7Td0?N9`;cxhimxOyDh%q_7oJ)qc1Gw9wut1mm;$c9?!p`&e`SyxZ>v!I(f{c3t
zOmqCP&WNyE-b4Ip@J+$6wAd$PBKPG)vB*Ue)vvCQH{c9~0Gy!|@YFWG<_cIqk8IyO
z7=Zc5jL_|S{zN2@Xg^8#8J)9T@Zq2XpI9o}J=Ea3q*#DG<UiVRSh1FOfn<IBLW#S@
zv0piJ_YWPw3J1*%s`$G+bsF0zWcjt)zD$2x(B;Qa=jw%B0Fi*#BAq;%>H3r~ScqD@
zHc~@a85`N3BR_(-v`lWhBy83l&~#}H=iExp5dtDxn*Imt$nI<>nEcjd+W!gbSA9k>
zR4Q8RqGkQ3^@+nYbj0Ktq2Uf3bjOMRkUi~5J2EmUgk1$DP29$+oJpiFBPxhE>5&ZS
zAla$qvH4io9;ey#5}kU8I*JXqS96q#HGIAlm9vv_L%KY~cbJZtfVW;I*L|GW;e4EG
zMK$b5<XkR(&0Ws6tN7tD)5}fqf#;X1364(#7~{q2<WtY$rOzA5N67A^?*uy~aSqxE
z+KCI?hoXmzURrtv8G%8`$<?Xyp+v7k^jS2R`?Wi(za3PKC3+TNA=W(sg5rF4x<<dO
zU}PI9U>&BC%DW}<QL*&<(&Iof$F%rSrI&PI8Ymx4R#|XcNwA)r6bn6LjQ;|pg^M<j
z^)pqUb|!3$(kayUJk6t!by_(lSaQ$C{^oGm!_1~EH$f+@<<~h!{h_WxNARwrr)%xf
z&`tC>!x}Cad-7Gle|Y3LHb10Mz0)``N869urN_gKFvSy>!1}Nu5*}az@dlMT2T{=(
zHB@7QyB<puqQf$33i1#9+(@WI2mj&QdFmY{wIg4UO(qv)oKtrHkhMyifAu=4geb%o
z6q-blb@@G$bTOM#c#<y8iN8Kg|1**Ey;s({L!+kO3ew27gloa=mb~O!%7ie`@k7$m
z%cN4EqM@Uj<RO;^<w^tQ(GP7|8g(MaPIGTlO)%5o(5M`3)d0Ux+TO3Wdc@*FJh@h#
z`}YTQz)RjbGz;>9pq2?&*JCThvAj@682XYK>Tlp3McJyhPzOROr=fjqIc!lGRl~OB
zXBv6(u4+6U>9Az?`fmJ}G0{;ZUnG3ePp*8QrFy%9$X{dU^~Drn3Pvv3O&UTY@ApBN
z7E_ES4R$iyBn3V!)f_(>7CAB8mrn1zCch?hyzhjPNB7i9Ux0(deoEt*ZFLuZ>=Gf#
zur)C4jHKR2q*4Ylyts@^;DHStNuCs~s{v&V<7*QMc?*s=@rV!YMF)6Ir-lWfG6$`a
zIff^t+*%#en%)l;X3hp*h{_M?kJ(}hC^Y{P8$i*bh)yAt{lea>3T_t)fM8_zIIriy
zy<U}l;2(A}U}btQJnDWl71@gDV?hXJyl1anG%(S!ND|#rB*E<TrFtDBlUo}?eC<It
z-C_j=3uf8Tc^e83^jxl5-v?LHyDsnLy0?m2>`!~dZsKQWtgSC&eSEyP`}t58yn~R7
z!l>to&7h0Lj`YfUv$P}Y+|F3u-oG6s86KaXVJGJvsZJ;k`VFbEQp4tp2lL)x7JBA6
zGno1O)eyht_1<vI@w8s`tCQV&#pvTd*`GTiTpr32J=sP5C~;fhZmU(`l?*it?a2PI
z@>nq_s&pxt{l%abA{4$`dg>UnFE<}qoCzQcrJ3&1Gc(4oqr0RFcpql86Mxr~6X5FB
zPU0=CQ4gM-@LzYYz}>YJI4u4FXyH21piiMxOgaJ#0A{|Kch|kw6Au;l?qo~)YvV?F
z9UKZ*sbosNQ}tBFsC|l7z?9v}eERXSqCY{*S(I|KrsVkL;n$a6=3HtcmiJK&*kB4V
zL-OGW=2oH^|6DLjxIzjVhg3SH1@?A9XadV9VZ+cNg9ruVdoq|!?4~<H91m-Tk@5bT
z*2b(^s$jusW7)9f#YZ=0S-Tos<;Lj<YkXf>*OpC8VZ*MR*icClAAdg`&$R!8MM60~
z247lQr!<xiHp6;`1dR{UJWN08JMA_^8i=82q0oeKhOmpeK{@bn5X-cE?0ueU^sBJv
zf!zcFHf}}zE)anu62hs_NJL|4UU-{ELj&(bMyEVT116|QjIF0;m#iAWw3q)e=>xsX
zf%{^ZgOA#B^h>a%?TmV2**xLxt$rHBMLPAEC5;n=jH;xKCG`YiS$*fVw;~0h6$$}z
zSu>p4R6fsk(tP2~*0AOCoLT{j=Q7VXyN;;avgC@BLv_}(vW05X_M%GTBx=&KlkXie
z84Z=K%M?%MObx=^@~h8DA#*1Vzty$mqvX||z1}i0^HtIj5s#Kce`($-68S8k$}SD1
zan_)xxN<c#%&4Yn2BiNYF<;>_LztfG%BAJQ4Pu8ce^1Rtlj7s1>~TFsBf}y{E88LX
zL7nldjyD&Dg(5#|_oqUl9DS#ZXZb)U4=((K$8djr{4G<>H%A<}5%u;KdA<_&>b~|z
zq&V_xUmcJA^0>|L`<#^BlmtEMenr|Xtgn>`w>13aexf?$k69f{rBxLpTDL14t<BaZ
zc{+3p@K((Esyo-LDCLYI<ukL}XKdr@U~!Cg+Kib`LwHBR<e$>W^suHw-IPk6NOU`k
zsG%w9yuY(6Ckaf`wr5u|!<a|j(f+W<&Q*ww0Wt*7^>I;re&M$8G!7vy#G?M^xl=<M
zl%DaWqGR{CX;4d&lRne9ZVFK0wgR>U@-7;(TjR5$^$G{(bQG;LJ%_{c(SJy9zG+;t
zPcCaSBz?^qx|`KDwR>AmSW!8aM155u!@-S$m%{YCS(@4g1vV9nV(8M}hzeN-%bPF@
z)y+?Ra+`X<lx3EEiqWJhul8$AbZn+JDc)(=G$}TA_!XPX0G>OM2!&B&1z)bgUmy_^
zWNktn9cqVVV9-sc7ZzY3lDYUW`WuLooXkI|VN52F{Iz|@6vF*)!a$p7MjEmN)z80S
zmqCSF+;frzNrwBn6-wfXG7z*y0o^$889Ne*k0<CNIzhU!PP7AM`wIwCS`fmnz=AZR
zI9WqO=xSL8J`My0K^f6x5AQFjY6)H0dbks_9wl3JMTlXo=_W+z)8<Ub;1VLSA*_p^
zX6zXRkq;vGe#_k;yJ%Jx@<?+@vqc8SkMcK&C!TY(@rK1SOW@4h27L8kXQrIpOiN8E
zFI>gkEsZ=Mbdz4~Q@F;F4wafgIG@tFIBjN=CVfIc*KXp>`*B|+A~O1eq9L(8Q*-e9
z*9^@OF~%N82I5)EYRBSvx3AE<e~Pr})8S&RTm~E~v#*Ja;;p`A3e`%~&2Rsfi?76f
zNzeQPwzyd&B~)e$*L{;}N{<sBHz_w0UlhxTuQW~av5mA!_rOF~B9#(CK%nwK2O?1A
zxC97;d#@xrKq;XXQUt2<;%qub!xpl_?4Y@X@<dO^Jd4x*#yzM|sSIR~^BLtv_Q^He
zJ^LUww+b8DnlXAAKY+zKm9&&o3LnnQDwg!0dtPof%$Ze-y8t$~*nJf6*s^Fk@3?^u
z{A4JbTRX6@MaMmz_x4!PXHtxMNN=c=*QD8M;|is2B}uAE!Id}cP}sEXP8lb5DOwhf
zWhDvJG=x^`nRb@0RE#x8ZPFN6;p$lsP~jRouW;ZtY&ld!{0LLG>;Mu`Z~Kj8(x_8X
z;VO@n7~JoQBxjA&)i8ldOO`eQg>Vi{BxS!SqZ<v@+mXkmDt#vD(bIXvKwll{%<>Cp
zGfVM5wO&UUmbqLiEk__X5G&|`Hp!P1f~?bJl@eO`18q|4h2a=0jKVT349h)C45#&?
zj_w#s&jPoEuuB|>Z$g_9cpCW;TXaB78$C)6rv;u*^qh((r>JwmY1t7u#?DU&-;X#k
ze{C-d>fxQnUNKy-b$-|SXfW|m2v5{-vKV1oaED0ygRU?;qONXfovw4LvF(+_zqOeD
zWmG$>qTDXFc8tqHWB(wKgR!?7_sb}XNrIq%<PWD2&0=RUu+PR5jW)ZSOI8LK)ORCN
zrNxkRKp;UXEv)vLoO4siofR>Ua&;;}jFax`Yfy)^z+4#YyG=OG>}FluXx5)Zaq2RX
z+B`P&0(jD}gNc+c!=zeVyCLS-z!lSBaTHAliCnRxJK=Rr{F}&uH7uiZM9uEtJtY<6
zxA0tqdtCQT#Zgm;zJ<fpbnV-6mGyv*AiPg7GN@r?3E@(Vzv3__X1@G&Mh{F(`(|xI
z;olHJfh&OnSMbxnWw?QBQK%cUhEc8G1AdEBgkl8Jm`991sJ|3(WNlMb;@c}DJFEoE
z^;~~PDycqpUEcK5JXpQbT0~k^G!o0)aq017`umZ}Qyvrv%O}w|ZQf%fN6dVe1TiDl
zKRnH(;;j-`EfY+v_0xVcUPVg`RJ8g-opV)1+$UI+5etQ>how>)et$+Zkb7eBzuX#^
z^8d}PF~O|I+~*!#ap0sVQ#H)2zsDmf$9`d~Ti&qqd~|dWm)pL)zgE#pA3KR>OHcRN
z&^E52&RtB8%!+?hdMv|>%_gYHDYEHTy*UH7CVUDX=M+lVTPm%23BE463p>aV1I)!Y
zka<J<yMpZ!4fW1b3P%33-K)cZnDc4U%)vyfP%D6&DYXqZRVW4Gs>G>f(90!@^$?JG
zXK30AUlk_@ptRBC(H!(QH|NnA6#~Hths6F5VnwL5N(6t;ovs+hse!(Eo+r&fq?=ck
zzMVevPH^nSOw~QHplVTOV$xPd+@23|OK}KSyAIasoA~e@>Ypq-%^!FbsDEr+-Kz=L
z^l;0Bo!!7pI?6lgsD3&AS{CgB;`EwY#vE7%$@%9Fc)&3Klx4u>)=-KB+6a-Em7O$)
zN-EBqVN*-jXI|8AqeT!cve=B-Ge8z9I&y?d(AgYD#MdMn^R$18*mo{MVlT0XxZf<C
z1E7$iDt8_f*UbvVyw<e3V0&zhKJ5fy*Zqg*pa3?QemC;}dJeq)!*ft(0%i=fBW`0C
zqcg3pEQGgjC>+^R$kKK~g$?iSvDI-(2L^^NtKELwSzh)OzCg<0`8rFee-4CNLJb2h
zwEr<w6OHWCXb1=_n<0T=Nt>4XLqJo~&XP2|&}N^fZu5g(LfK1TvdukDBz0e-I~IG!
z2xs?eN3V?CRT-*?e9w$-3jH*F8MQegmz<Q4v@pM_c;51|mP!pZmWJ@iQYXetS-`^r
z6f#uAeT`H8HpntUQ5aMRyCnW`z7~}5@jF#TPx2XoZI{6cUL1aah)P70f{&4)-c}r*
zT~0|asuuPRKCfy+<@nj5GuX&+kM8>^0}{>1kL9M>ku>YDxRnoyO#R_8AUxJ?ZUDYo
ztj-1-nvyUI&G3;g5Nj73QsQg^FY*t9T(O?K5*H~ha)7dU41me9>Wja!4x+>v@iBJg
zH<4%$s<<Sz@EzTKx^{crPlUma_LYoqI2|;l@NmJ+?vvJDTl7^%dw2fZI`k6OZco5p
z;eQ$Gg^@w74%QT?XGR7XZTI5IIqF~Xv!I?K#4>0iO|${i$p|6{WQeFX{^n3(c*M)A
zRe)&;c;aQS9veLHPmhgyh81A00b`buQoD-Qy#$!h|7w3PV)$!JYqC5Xi>u)nYg7H7
zBD)z;NJ;wP8)U%oC;<_4*#;3Hw}qRd4iO2?pF_1-#VdRg4}&I-zB@4A1Ce7>xTOIC
zs7+48x(5KJm+%Ac)P;K>up6e3YI6Ny=9Px&`vb}<mHk64`SCXM@bdvc8&tw&H4aH3
z5CbX+?!QPO>u=2oRam+SB{i)c@&=!5E|2Qrk7>j22dM&<!4iw(NrvC=M`7*-!Ov7t
zOn-piDyca5trnVt^}^yh5tvaO8USpV8Y+Kr2s*^?%F9sQ`S>Sh9X<K{@1oie*!0ok
z&~)0TRz}O6!`HKj{^D0voSwZ0^Z$y5Ku3y58#Ht1H+;N|J--aU9SBx-pMP9WWQ7F!
zHta5d=sZE&U7}*|`b3{Bk{k0W%4E9G4^0C<SEEx-?J{a1Y;Llv^(Ig$*fNk;H3!fZ
zNyqGtMQlX#@4)=lz#4JB`Zk=+$H<EDnjB;r8#wChP84e0Pm5bLofdy*xK-V62Rdh7
zDWJ0D6HrF&5vnyIw&J>j%7#$-%XHoG+{H9QaJ$eVY@+Nzo(WHMNzmFTk=JK&^)hC7
zm=qTngD;TWp8_f^0dyHS%B=DXkzK4b8T$=&5Aou>pFHODJ4d~DMEQE%aig_#d#-l$
z_42i)1uLLl!C`S(4%B^6m?!en{d^4b(!e$qKJa_EA4z&%*YQ^Bd*$wzUtN0KK3Ht)
zyWF}N#3}yTbcw$6aCv<L`{oK~$odzU*=&odAZQf*=`>}rXKd*`W|A=N%dDWgt&Vf_
zhe%AnrKAbu;ogU64!B@jrZH?j!{j91he#@aDSr&5tW-Z^TIbHB{^}dca=~A;;7sLV
z-VJi(((vZ#JN}kV(k|d-Ux|PY-L@}M7KAdbj-9#akOD#FN}EOX*{z|L%7Z#rO*>`7
zz<y(v$94-IS5QH=*knY-$=Swz*C|ERm9N8H)dnvQ_N|IauNlojR`6u{*8RO*2jeMf
z(69K50*uUf*sMzwQjX4&*}cz#_g#~M)|5^cz|i-x44Lc_a**QmBh_pD1Huh`8X}>3
z2#wxhD(7(8K3FY`*I<0X^h6ouT32mJIYh2pP78NolbYo^<xytps<aPsWOt$1LZM+D
zQa~q5t~x{Ua^XE{Q^awgY@_<Zk+$6vs!C_?o`;A*qGvGK`%BQbZxw=ZRwF)^mTj2N
z1THW23u4r^;h-SvQD5(n?_>K_+JUz*%`v^hCD(fFaoOm}j$3c?<Jei<Bb{<RleX{7
zKEXO{i;ZalSNM@PHo4CDo=b`%i_N>lFQ)=3Sko0{zoWsJAj8bf=k;v{;km%eZ|)Z{
z@K-+TROV`IYjlKkZeoKy1rk0#ei~!2<LOyH{X8tC{#{Bq`1W_CaM$g81(?j~Y)yff
z>PNOm^V?;a*bDhCNNU@L!_o4yjj~PKco+5dz-r=!tIQPdvCwDq2sP*HPV(YU>s6P#
zTqU-I{ATVKEvf9m<kf9!ff)QoW5N&X>2jcp$<rjmlOHCut>JB|=(g6d%Edmscu}P;
zq#e@u<AWmuG?E_hJ3Noo-?{~?_0R$AUY}yv9zt3>kksb}ZZs?F6zTI@#)^((&b{f5
zA70CoN@aa3>sG=Y8e;FeHTMa3gvVdL4o+@$N{L=<-n7puc%$t~(RTiwAoM;8YaU#4
z-HN4dYo~9O`Ay|Ft><Ae7P7ea9Qro4#owF_ySUHOnE--Z%{)l&8TZ)XJh11Cx6)MR
z#H^MSE6WQRmGv>`{bD|&N!C>??It?jWQjxhz`EVs_G0I_91@YR&#17T)Ahxhw7a*b
z&ABM-g!>s|I>{hsC7w>O@wh2yNG$J8DBxQqpgLH>mezXE^`WSx(j-K33;@;20fmy}
zu@T6%xImEirV)jQSOK&<yp!DUmCerp5v_|Zb_$9lX0=F|QT$X-?$Ddq#;&HV*o^*t
zdq&xwcy52vJc&o=OjG>iVSI2Ca)tpxOoe}cV1H`tQ1H=Yz1VhlBv=9=kh8Rd@CH@?
zY$BoVz~s@u?}y9PwQ?KkB!i@Acj_4gO(SsiRev;gmDt`l{FkHOs}&m;#{}b5BMj@|
zRjUy!N>;B4Wz5!F)lH~qTXCNLh(=%S_`CcF^LHb$<8i2-T;Kcqdx_4Eq=DG2;y$hP
zKLa9(+MXZXA_~Ju;UMxVpLTMc;5b{1Wl+@ueN>aoQ6VSf?Rsz>A|7RL0mzO7q~q?s
zfae;caF(#uGg4`sl}X^z7TUaUwWam2z}<RANT}s{aqs-w&(qP-dzQa3GlBJGzhT8i
zAuG`M#GfmXd3N)s*e7YBV|QOW$pr%Bi#}35lNQUv#4y||vqzlcdJ`O{!{=v~LX+Xc
z{3o>2s=Xz_xWj>6nh<;Adr}J9jEA2{8V+zjO0jv8h-4YiN#UgPY>wqOlpnVu7RgUb
zGj4Y6I(vCn1zKQwUbag{fg1HIIuF1s1-%7oiLR73Cf`WUQ&U2x^WeD5A1`uHbhJ>k
z@D(NW&l|#Ay>CzbOiAY`$Ii`529K4w+XU0!{ZOMK^dc{DO(-*8c~=t0P?|^OSl%g1
zzPaj;bUkqr{(Aen!&55H-*u&)(8vm{U-a2Ox#Nn$Z2{U>s=iv&+T$`sQ!I7D{#3Ku
zHXFpZIvb*SPQa)FWY$hcB)|}vF_C!NK1?1VBLQ2$(&M1vQfE>@-_)^1MG!BzMTr=v
zW^MIyezeon_8Byi9$Y2hdD(li=6c?{xOI6Uc6O9?c0>}qk-MJ#IGYl0y}vf?h%>8Z
zGZCHCZ|Z6?V{A)@jpip{70d@jcj&U(pZ+wq+X4^FD><Jcu!%+m<}X(deJKeum@I6|
zGt!~#BE+1s7_7!2*yF(w>_W+@_EP+&df?Ie@Q0+m((yvi=lSwMk*K;#`CsXy*jAZK
zYzvq!BLc$wtq$HgX?yY;0Q=dg)BERWQx2E!d#~TC1?;@vGf{SK4sxK-`(9f7p0eL5
zdmGRW6*h+^n8}at_JKxVD{#tzok7gm8t3XlTQyW@c66mO)w6F3IypDqGls_9oR!~p
z%xhZ-KC=YzyTwBzJMM%8xxSKkRM6d;W*)e%BU%kzmx~x7@O*|SD)T$1Hf0tEcYI;d
zht$Fr_3Pb%K@9LpBXvYNjyCB*`An;jK?E`Zk?_dh)|5mV7vHGL8FD-RdyJH{$Gh`M
zrC_g-tA*iR8rMPHYJJw#4D)0**XQK7i5L$TJG<u9*zViGgriw?3vA_TMGT;wK)k_#
zV4c4?M~JKYOnwhMe#FIO%;k)PE#ogQ=9THc<HJW|t5GKAUw{?e^CcHYvyQhGPft@a
zT+b}w9l7Iiei1U^5ILw>Yh9A0PZ($;dR}Zs(e1T&LALn2s0s6UJcWYdqy1j+(xIj=
zk0$NkDc3U|lZ_>DhmoQipSTx}_X2;NYwnO1-r`&Be=+@CV)iXQZ6Dt%)(RHiYEx5(
zWGJ09&%fBX@*1r&J42pq#~+M{?3`wtI;R+A+ds;WDKWSc39mn;I6+G%HVZ6bKT4|(
z*vXl4l5zG^);I}&6hcp-s8IKwqI}r$6o+5Fi~u)w68taL-h{5}ydU25Z*iX2zkJxs
z$N0t#Jaq)0Lmk}zK$K|e)Nb3cXH*#Z65;wde?!F2`N@nN{}ApO$H>pO%j``^MK~^q
zk1YqI$EHm!G4%{YK^KPQ8;c=UbI$C`Bdrys3(WZ{sX4oT=Gzq-DmioQcYld_$;I7Q
ze-+18?e`Gh#RE4a>E)o;!_Vu9KtSmUlNM66@h-u2RTP8Z%v2wBDmgaio*q7@?Yw`5
z7*@u`tmYvVFB#Xe6Sh6e8Xg)(7chaOC52r3)B+^c>M4fq>j->N%xd!|^jqTDX7o-@
zD^ug55$l@FOsmhRuo%P68OD%M43gm4wsP!ISf$*x7wtt<860WHd^Jk=qF7mtxjl(L
z4{e7_xh0d}BhRYlW{xj<7_)<cVj5n^=ux(_%@~-<eI*>*moo>Eao}%mu#U&=wqVXU
zLrZXd2J*D2REDEPADe$n(yudEDkn>VkS?4_rQ#UN*|KIEm-wz(aOe}awC(C!hCCg+
z%lpBg{e_5Vx8}Tmr{R+I5{K*oj()#rR=Ut8X5Y@0hg@_S#MOzhdAL!$ApaQ8oyrTW
zny(FTpuBhcxL7|aC3!=rHVmCPi~UwB;VxE97C<Fj6R&-nSadHiwfu|v0rdeZn_VmK
z;^C6-()#{YIr}GQk*)~KR87teZXk*Q!IJO6nDLD{+Oh;d0P!<mF+q`Pf-v!=C8e%i
zs&9`4xbyXSq!tnw6{b*U`?{1!HkxSh{#8AlJ3ef`-!4m1Ks|;;$DBnsOqy(|q+eZ%
zFUUx=5h8!ZY1nn}V(p3mF>q_NRhr)S`r<YAExE981DWVtz>c^gzU1K%f>JU;@G|EC
zC2nc=g6OtFI<JU^XDQsv9vFHpn)hTl^@y6vFKG|-3Gd6kCt-Xce$SiOWHNIEsp7B8
z0c|!Mo77ryuqb!Tu7S6LnK)Iqm+H~q5{o)DBA&=n<a19K(VS|s&K|XKgUESscctvB
zHf52>vJhskDO7Wp#Au?k?)2VsTNubHg;Peut$^Bz-?UgxBiL;8DgR_F8fqRYBvSO5
zlRnA0vM+S4t8J$#?X>(1qdUv$$B;&JpUWBT5jnV?CUH~vduhULn1B>Gs6TGVTRgjo
z#G}0&`S(oQxO(4x3By7zE{o2K0=aJSXl5UM!-;e7yV+=tjFZ>i`!(e(af%C0+k;t&
zlfzQ8O}sz_v%m?1>&Jm&F}H$FHcae9v9!8QHo_(KXZ9hJ(Upf0wshm_J)0L3LV1>j
zfabR}$#I!iQo_~m3%SqQm&pd1k_pu&wK~2GmEJc8JL^Ud-um&c`_aP@YnLrf7O~Tw
z^UdBKWeiuDpW^*BWW$U(kS!k7$cTr-;d8$#^bMDnfNDU+aZeFMXHK&5_6Bva{!Xy6
z(nc6SM`k4H8u6a-%&Q>E4byAlK_SR!)r_JSs?c$Y7Gq^fnaM~NX^SUSPvul?)t&?y
zYcvm*tn(1TjKScru8zn1?GGp=SqMl>sQ-O;8*oMO|91Q@d)@rchy2f)<p1vpG2o4J
Z{=W+4O0qDp|89W<pF!a3s_DPp{{ffRDUSdE

diff --git a/Solutions/MicrosoftDefenderForEndpoint/Package/mainTemplate.json b/Solutions/MicrosoftDefenderForEndpoint/Package/mainTemplate.json
index f9cd73aaab6..32924bd6258 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/Package/mainTemplate.json
+++ b/Solutions/MicrosoftDefenderForEndpoint/Package/mainTemplate.json
@@ -2660,7 +2660,7 @@
                         "body": {
                           "action": "AlertAndBlock",
                           "application": "Microsoft Sentinel",
-                          "description": "This block command has been made through the Restrict-MDEDomain-entityTrigger. Ran on URL Entity from Sentinel Incident with ARM ID: @{triggerBody()?['IncidentArmID']}. Entity properties: @{triggerBody()?['Entity']?['properties']}",
+                          "description": "This block command has been made through the Restrict-MDEDomain-entityTrigger. Ran on URL Entity from Microsoft Sentinel Incident with ARM ID: @{triggerBody()?['IncidentArmID']}. Entity properties: @{triggerBody()?['Entity']?['properties']}",
                           "expirationTime": "@{addDays(utcNow(), 90)}",
                           "indicatorType": "DomainName",
                           "indicatorValue": "@{triggerBody()?['Entity']?['properties']?['DomainName']}",
@@ -4950,7 +4950,7 @@
                         "body": {
                           "action": "AlertAndBlock",
                           "application": "Microsoft Sentinel",
-                          "description": "This block command has been made through the Restrict-MDEUrl-entityTrigger. Ran on URL Entity from Sentinel Incident with ARM ID: @{triggerBody()?['IncidentArmID']}. Entity properties: @{triggerBody()?['Entity']?['properties']}",
+                          "description": "This block command has been made through the Restrict-MDEUrl-entityTrigger. Ran on URL Entity from Microsoft Sentinel Incident with ARM ID: @{triggerBody()?['IncidentArmID']}. Entity properties: @{triggerBody()?['Entity']?['properties']}",
                           "expirationTime": "@{addDays(utcNow(), 90)}",
                           "indicatorType": "Url",
                           "indicatorValue": "@{triggerBody()?['Entity']?['properties']?['Url']}",
diff --git a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEDomain/Restrict-MDEDomain-entity-trigger/azuredeploy.json b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEDomain/Restrict-MDEDomain-entity-trigger/azuredeploy.json
index c0062e9c76f..757f3b3ef7c 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEDomain/Restrict-MDEDomain-entity-trigger/azuredeploy.json
+++ b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEDomain/Restrict-MDEDomain-entity-trigger/azuredeploy.json
@@ -115,7 +115,7 @@
                                 "body": {
                                     "action": "AlertAndBlock",
                                     "application": "Microsoft Sentinel",
-                                    "description": "This block command has been made through the Restrict-MDEDomain-entityTrigger. Ran on URL Entity from Sentinel Incident with ARM ID: @{triggerBody()?['IncidentArmID']}. Entity properties: @{triggerBody()?['Entity']?['properties']}",
+                                    "description": "This block command has been made through the Restrict-MDEDomain-entityTrigger. Ran on URL Entity from Microsoft Sentinel Incident with ARM ID: @{triggerBody()?['IncidentArmID']}. Entity properties: @{triggerBody()?['Entity']?['properties']}",
                                     "expirationTime": "@{addDays(utcNow(), 90)}",
                                     "indicatorType": "DomainName",
                                     "indicatorValue": "@{triggerBody()?['Entity']?['properties']?['DomainName']}",
diff --git a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEUrl/Restrict-MDEUrl-entity-trigger/azuredeploy.json b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEUrl/Restrict-MDEUrl-entity-trigger/azuredeploy.json
index f7b7b192842..c8c5cd23286 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEUrl/Restrict-MDEUrl-entity-trigger/azuredeploy.json
+++ b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEUrl/Restrict-MDEUrl-entity-trigger/azuredeploy.json
@@ -115,7 +115,7 @@
                                 "body": {
                                     "action": "AlertAndBlock",
                                     "application": "Microsoft Sentinel",
-                                    "description": "This block command has been made through the Restrict-MDEUrl-entityTrigger. Ran on URL Entity from Sentinel Incident with ARM ID: @{triggerBody()?['IncidentArmID']}. Entity properties: @{triggerBody()?['Entity']?['properties']}",
+                                    "description": "This block command has been made through the Restrict-MDEUrl-entityTrigger. Ran on URL Entity from Microsoft Sentinel Incident with ARM ID: @{triggerBody()?['IncidentArmID']}. Entity properties: @{triggerBody()?['Entity']?['properties']}",
                                     "expirationTime": "@{addDays(utcNow(), 90)}",
                                     "indicatorType": "Url",
                                     "indicatorValue": "@{triggerBody()?['Entity']?['properties']?['Url']}",

From aa491f0c967598c4912465ec6ae3cb6845413275 Mon Sep 17 00:00:00 2001
From: v-atulyadav <104008048+v-atulyadav@users.noreply.github.com>
Date: Tue, 7 Nov 2023 10:55:40 +0530
Subject: [PATCH 07/15] Update package

---
 .../Package/3.0.1.zip                         | Bin 29951 -> 30007 bytes
 .../Package/createUiDefinition.json           |   2 +-
 .../Package/mainTemplate.json                 |   2 +-
 3 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Solutions/MicrosoftDefenderForEndpoint/Package/3.0.1.zip b/Solutions/MicrosoftDefenderForEndpoint/Package/3.0.1.zip
index 5d0bf51c1248a5fe18e850a6d5f05382b934a8cb..f71068043897f768239dba0d7c6b1a34e0209b36 100644
GIT binary patch
delta 27476
zcmYIvQ+Q@guyt%tY}@9<wrx+0nK*B3zp-r_6Wg|J+h@-A{J815T;08Uty)#P`}-8M
z<qQ;0NfsOe9Rvgf2Bbs7QnPBRD!B*_1f+}_1Oy8h=ZXv1)cLf>YeW6+7TWe#($!*Z
zq+1_s3RX7ET^XhD1GY9N<km*{tra!$yQJVH&`C;zKWM*M`6NumZ7^A1YGED68K7Vr
zI7>|(J6K2o-afBkPCu0;VP&na;~vmVoqf1*+v1svaP(^v%_$3s;0ODpihUJgpZY#;
zh(|DVo&NyXcr~JMpWa?!Gw!4C7#nWHNe}?Q5J8)?&pfV1OA7W#NLBYGctV=8!;K)*
z4mVS1#lL1U{Ss0eyc3GYYO{$r#9$GM+z^5B6Gz_4$UP{_4zH5sCfJ#(d8@VQY08si
zo8%$Asi#u68!y1`sd>m*THbVxHRT6NJx3sVg9v~Pk_vYL<!nf1&ld`dd4!EpBA4FC
z*_9ScrK8R5P_Hy4(mHnIW`*3b#}F_g*kjrELdvrE96N8DetFfE7(#G$mB7|pY9Us~
zqdFjEf+lgK0^`x&0GU?TrWSQ0herz$v-3AOU&tS6R4v|G;_LnTJI<wIe2Kk{-_qWV
zUk+gSC>x&D*b>S8!&zg@W0z~bV64wbC3#RzAn8mR^EkoM;y|$;I@p@O6eoimfn4eo
zE{G&$IqmN#%yPRGt5{7h-=mZllniKN(VqeE1U7SOcQRVg#{mwSG`s|F)#%gWCy@mK
zW-&%OV<{R$EB$zt?DQrr31X$gjnalQx);E`p)W{rfrwKB?x1ghUy@82EY}fXUQ-OY
zEy{)zg~<&LXDLJI-v#>Q5EA+VwqADaQLtc$@Knyi13#rO@q$sk(FI<S602O=Uq-|P
zeV+Z85xCcyG)Ph#fA4ROwISpz9DCjaFz6qqj(xALx`u!QaL?sfidu<gDkG54)g*ww
zCa$kX?Xc-}XzMdJxdr4FJgnK`bO8lbam>*Sp%5T2$t6)EJahi=YBsl0P}xX#Uf265
zXqHH>xLuaJ<#xvU2W@H=<SPLY@xx^xlEH(Dv|wR~H(JbTps8fJ+vo-O_)6dkd(!MN
z42~+hmqB1)SrCH7zN86jC;eq2E#v@p@|0oL5TUtr{Be5Ic+fXChw52bttPW3fvLjB
zQ$GDgIL*OD>iS%Ku`l$O!JNC1nY5o^i?D5Q$(c}UMZ_i%U437!ju)_(=vM5t?@*;=
zv`|Ph3Z;1*>$r%Wf)L%@1#m`-zC=6E*bs&|gz@)a?xiEy7-^6F0CYJg4Im)!r6MhH
z+5P}zx}D!#&76F2rI<}S70F?<2Xox1EDZD&YjvY2puGc2^916J@F65xuOL#JZIyiv
zMXnDDMGKWr)fv{wY<|NW7{CrZshE>}h@`cNEeB?lY&FM49H&X-ERYGM+GNd#S>Kog
z-bMm~n|cX4nwo1ZS_83FNCC0*hxjJy&*?#$kHg2sV?j|?CGENBxh$;<Zx9*;{2?zx
zwqH@hCv1n5qR#yz0m3h7xDcQ;AQYL?)+%NBgPX_6N}UwT_>Rq$%=X5e>?evcn6FUZ
z=(lI1(ABdQ#!IF7ZOX3|-$fg()yA~TR+wx!YEsl(BksJuy5VyNV}MHMrRrhY7NlWX
zf@6G>1!|hLibC`sF)9!Aq|<FZGEoy6O+)OZK-@khN(gSXtF~p(IvGDXa^g4bjWxX5
zeiD)^-?mzm!nXi(c;JJs%muPYq9gMLp5EhHc}QY`d<u{pjjne~QIXPaI>>X5{7H<P
zXro{oL4iALxIasR9k9XWM>v}a-IXA~yTZ2u|MZ1<ad{2WufJ5KbymMODS+rsKaUP~
z^Mm64M`@_eLcmn2(4D;l$VZG8srW_21H289RBa1>=Mf}JCbntkpZ;KCuuDd^S;z1Y
z$rA>B5j@Dj%vn6nCjb6DE;YZ=Dp1w*=Pc1DefI~qHPBi%7(j~DPx5Sgp%`Cst<iqe
zc83F+i_#B#EnjBxL#>i;M8Di=lFwBiXE`IEYjM7uVuj=Rt=+~Ja1QjiRdvyNwoAkk
zfpO{Qi(`V7w_lTrvn_2Vx0Dj>92%l3z!APR^>9L^x?@8KWU)os+jDyd9oZv>{Ipz_
z3`f(pHef>AFMu`Kd=<DSm*u;XpEon!>(SCnD#)X$6y!3Vtl3rlkpyk;<xSMwu52m2
zE|i@B?kXvU;pN)j0xY;u!94z0D+|?G{X}xwMt}BTnlVB!5?9?v{XspcAs5H}b<aK$
zCjl3Kb42vvYIDcSxpZQXtKZt4)b4T(BbcMr2c_fAl>py<1Kr;_89A399)kB!oYf08
zwq{Glre`90JnZ0lW9*n4Q!mwjES;>0t>SnqfuI5yA7nGTDsT#ZmUal51RGH}>?Y(%
zCIRhRMhYfBL%%RMDM~@?LT|KmCl-KzCU%pDellyUVEeg2N|=O7=cWgr5m9m!&}h7Y
ztQjqrD+3_poohiyILX85{?_5SeiD4t5BxFTT@j%IOPmmH*+D~v$!%@4>Mjcnbwj(k
zJ`Z%bBy^Wr7W;w9)ebpLKBO>Dcn-a;FLd5H<g+1w%dzdSJ0;w9|2CAf4sK_@Or(D5
z<Hn(~II@XjyupJgzF1abW$AR1MiK~Km>9h66bz8TR?iCEWwi=hKUXkYs$A5SuFDE<
z=h@(dR?qw#>sj~<Wo@2=n=iW*MvF4*<5u0BiDEmtIRRCb^}rSMp_9Qm)K$mX61g85
zuBJ*Hr-C{#VKk5q(NqPVvPRUI6=eMoGc0NOR83w=?sHrnld*iDJNT?|w%y%*#Dp?$
z)(oi2g$j6vq=+Rc+oj;g=_Y{<-4i5MT#XVEZG>HF5hwmSXI+H4&x*H_Zh0o^xIiLu
zUVkg~jya8+ZtDaFT@X;116`CY=2*7!QA`WQFhi*JN7Gcp<uBr1KZ|^I9nk03Lk78Q
zyI33-KQ;&teCh$$jH~VOzL%6&F>Bw9V*op+mdVv;=&o$RJ)95HlXB8~tT`LHSt7@g
z_DIP{UDQ->0f-u!r<RC*g9!(ad_>4<LNuxA#7ylC>|sTogCiFxb)qyWnh_hs>Kh}W
zHMAWs5Y?ze2wDN%gc<4tY@{z*SU(Km`Ev-Jg`l$mw5c{DYL$B@$UvHUJ)H#7ePm*a
zH2C(LmLzmI1#h>$EZ{o~k;NZ)<{T$VgX@ZSD%;UZaY41qw^1}Zi48WGpCIxxCxJCX
zUsXPCk(_6dU0%0uhx^ONSU>XNv+l#j`wX&`9+L~2^MfK&4-`NNkP(n~N1?X^skjCV
zfjC~zI%K<aR_Sa;qIEY;KtEVYfYUS_1=IF>dnB-7>eO&8<PV`lS2g10k>k2^>E4A`
zS&&TKS=T%!tK30Q$(QzqzJW&5Eggn1s97Q)15dOhamh{Q_%KW5dvEc@Td6w|(AMny
zJIN<8brl*wqKPm|^u3g4;;O=O7Wo7PzGT+2VZ1xJIkvUkceH5!%Qo!~03d>~Tob9U
zj(6pC@f8)uPiKKVBeA@7qsy>e&bg+~F{DnUAMtg`d&(H*+^u#^ThHt<>swK7cpWf=
z_vhMqDv9&c@Wl+0ap^n4vVtU#Q1!$)*vE}Fw!2Kxz-znSL9Ga(>bcB7w*IbQo3zXj
zExvfa@y>YR4BfZq`x{gV^Z&V1kALozw1^EW(HaEg53n5$7x1o$C!N6b^)7Jyh3wJh
zf|VKw0*hzs&@miUw|>#QS=qaJY_Kk=s)mu<q*SJ!uqhYY4S46ud7O|m6DUM8yUa8w
z7>n{&6Eib2^CtcN$oU4(i|!uyl6OD1;}^x_x_@Q&ZEhL%UG03N-1_Z~r*PD<C5YAF
zxEyQ$+Trd{3)lv%tpgU;udg9@UGX>Low0T=T`wm4H@{;FM!&aK@(^EU&0@Acai{i_
z*-0)R+@43jZ=YLsH{k#Boc87%Kz{&RQn$s}R30uza>SinIV1(pnTqGFH~~&{zGMU@
zVpeP|h43t8zX_wUTsE-N?~(E<tU}OqsCL!4Vf$9k0aj1H(Bukc&ANn3y)6mSJ=u`m
z;GVhWi<}O;T$TV|KfauNxe%qjZoN6v^&+d|SfVKfLxJb7h`#HJ0Hi)T2bS#bvuLcw
ztzm6!$;dRKFZM{x`Kn9(*|B5#s<{tGojO50d5;{<EpeB|uzn+Gea0gzv=CwJT#uk)
z1AH<Ez@PPu>F%A=u;UXV!FvhMW3E{f{0GOyt?m9TJO|7d)as{L{UBfXSu3<@Q6^%w
z*$+yw?-$I;t^w6)WUu^;Z=r2_i7!OlK^Vp36FU35UznS7dxAs-g?%9>&u&k#*Lwv?
z(tSrQ-0@5EkEkvb_Kr69KJM~36e3a4%JlA%0PhU!N9OC`AUYVb_}lQQy`14Z#jmC|
zp!4KXv3qx0=jST_(?%QznW_t()kt^v(+q@LqRhbbEC+A4`+mpkNbGG3f~7Gn#R-1o
zycJr^=y7!atBDS-jD%H}XG6Rj4^jgwS@9h^@ueyOnoGJ|!NWj~fO2CBj9X7IJ31OI
z*O6T+)jNx|hYg!gLt9qZ4Ahcl0ZSHl6&McXVLkb2toASI`|BI}Beg`is>EOB3p=11
z0iT5fz%WEYKnAtaNDS#cEgxnd`^zANYJ>$-T6XnTSBOqCQ-sNwFD%+FQ7d^`$Fm-@
zVqlf_+w^4Na7VXXKTeXMgLj0D-uA?Pr`X!wBtc@*;sGS)5<y~~GvQn0s+Dg_+{j}@
z+$e$!hkH5b0h?Jm?q+6K@RK+0TM+WQc2+U==G0L(z``+uuXwGq=i2Uyp0Z#Yi$qme
zw-$CqBRXIl?9yAX2}Xu(kO5}GrMFK}E8^Mh$_LhkV3gKBYxuqJID;?4zgzm-e+6V}
z6@(kn{I|{{`8t*aB)j8M_St<zFBT<?A^?9X!NC)M|C$XpaK2%mxMzc~L{*L2`s=OD
z-tw0NAbB0jMNhoz$pje>>^P6Bzc^oF%~`eJY>Ih1M<qHSu9irXlwdwhfmdrd(WKX)
z;xJE3e+;*iO{bjO?U%gXm74Wl21@5?W&KGVYLa>N#(hHVVTl@zIXG)B@aB93Ioz5n
zeGI}D#FRML53vx8Q!B|2@c@id33jE2-l*plpq=lB=nBTk45t-NCs$vT+Gz`js!z%o
zoEll`A=e!&`#C6Yymitk;IZg+{>rt|b&bjf@Llfj?C3%|9U@esO=A>V?YqdZIY{-q
z*wmMpO$qp7=$y7ualuPNW-N-^Pf>x@Mt(eJ-I|K_E~l;@nr#UPrnM28>-)7dRj1Ji
zEI{U<UqWu-WMYAQ%8_pyftS7++O@4lareMUYo#lr3DVawAUiXmP>Ou(slL8@145v%
zz+udfCPoztS4OA<1yKaxWGUyN=?!<Zv>1RPD9kX%4FhS(oQ~qaE);f*aVbc7ad`^E
z`a9e@UiOH^JpJv%M<6sR1*jB|0hJRb;&fna2u)25XoJcHM@@mjz#*PwHfjT`L}dmH
zJ|sZ4Kw+r64zIsU?3##!Oj->@&dv}yUDHjqKH~wI=OBaz+#@Mzw5y|Ly8?sgw?7r6
zad3j9CuG2roU=#y)vy-E)1$*nD+_^KLj2O*eMabN4`?M3wARd(5ZIb?qdf^GFhM$d
zy!fY}u#eP8?Bib6LS;*4Y8XJ7j1WMv%o4h~Yk~#RvC%*5lY<HT`B_bf-wzp)XD9uA
zyl?tZ=O=;Se0Q7I$(f)ceE&dQvbTcNlG&tiH^S5wXGha{dIB;08w-ALx<pADq8`jT
zFpd=<!{48{u}l>pBR!nBam^JV!#q+Ws!e%P@~NoK5j%1w7q%xWoJ{l*0zOq5q0RW=
zSUu}h2fQ9K;9pMqNq@fSBfOpjn*My-M0`5|&;Ka{KFPWrx~k<Mo(wM)EGHvLp<C3)
z8_zoI^dRexpRPdn>zqOwwd)_W??33Bf6xK{pm+a4hx~)yqeg5Taq;9+RuQ3*bzHC2
z)1i_-x{3Cs@fBSLIEer5<fhr<dYgoFd@x4E|6~kteCTDt|Ga{7dH_|%FY?Dsn=*ry
z8K)K>8+rpKEr%!ZgcKOU?ae$J2n#W3MNr51x)|g8XyHqCNBZOYIFd_tcjV#w2+>Pg
z=U!v|=yMv@3I`BOVzLhBb&1icNyzZT&m}LxCh|D{+qNfwuChLpLPTq{uZusPkJf=i
zcVr%(kK=_zcSkRtkI;jJbuL9QkWp<&<X0Xmqk1tM@9bV3o=>!uKoh=SK!8Cz`Yhh(
zQ6JY^?Mt*T7C86Y4or-%n<)32A9l=~kf5AI9ctS*f)-<%fYK@0w8)tixt$Txfsr`z
zrB#rfQOp4Vo0^mdYEs-8!6+U-kWs=Jq32(``WHds|E>K<OELTiIxztrms-%TEkt2t
zVivD5tPLY8EKQUPDq<#D*d-4ST<c^g_usU^9sk9Se^Kb<-?UYRfZFc00iMEa+A+B@
zyiR!7RgxMI3vmj26T<l5>J~9a0o+ivz-4qYsN}mJkx9u37_@*QPK?f<i%0RaEYmF7
zLsA00sgPY79Mx7n6g<WJc5mE=FwO{!H0pGZKurNJ-Gt_}hoXs-^4mmr{h{$-<8AsI
z1!Lz=!$`+Jnr6@bjcVEQpZ(xW{Jgwpkg@$f6IY*sTR*<bmhYjz=68r!0G@}?r}!18
zW~=%Jzf@;!1UdlYXaN|i^cKe&i_Q7BNsjN6*Sz+cF~q}{2`WvkpGVJQ8()<3NvsVO
zA*v>SaHulU^u>}aTss=Yb*|#wY5}f0ubl;fRM4H0iu{%9&z)4AH+MIsfE9rAj)1S3
z(NlssDN~WfpDdp_m<HsYi7xd1BCv)OTP%VGO%}uC@e2Seoy5@SpmO9;Bw01{PHTJT
zpD6$ha<dxd=+@orZEt+ttt@O1OdNR#(Q4{=itLFw*>0n|18-#4-sK?u*8Y5wmZ*tH
zcorMM?G?&e;Abyr2SpKAR<NPuZj0P(_%I{NNJRV3aW9Dj<tv$l=vbB0lOil-GdieU
z_DqOdCLq97=j6IVv5x6w=Dyo~nL<DDFy!*VBzpRE<c6w`AS1SZS?Px4_^MB;ow%(5
zG~U6_`xbSk<)7K;lsck&Z>4tg0JjU+X&=NIZ;4s!Hm9-<n>Gr8PP#~{_RE16n~Rl%
zx)b<jC86@5Lgl{wNc(0R|E7ejF(j<V2Wt%`nFshMR6cpVL#t@ZmoF&czMhkjH&%?f
zi0q78iEuo>;$z(jX39jALXgwM-F!m(nuq<xXXK&P?@s9S7h4n6arl`Yd+!n!ggz&0
z9pP4jUap9hvajsjucrtLE4~}G(*0;*7;v%<F~iz+GbGAl$srbm*xe<biaXh=c&*+?
z9{@<Rf&P|a6j>E67}d1(iK?zMx*~Q!i+c|&o(;l$dfBA0QeaXHcbgrQPn~-ljU}-M
z+BTdD@c%$(+B+Q~5|8A*gt3d?I6~jsc1)Xv;0nrLZQ{cD1l|oYdJ;^1;t8MfW}+Mo
zAnxZE3-9|Dizjpd_F&xBG737Z{Jl4H+yTFXL;2otW3Ev)`M%ib|2SfO8XBY`B23<F
zu~K5GMh}55Ro_mUA4~?MPN8+2!NaD=%DuC<cOnL&R>@GYAl>%dT(`_dZODpKMkBd}
zPJnmXofQ<G3m-6rb(v{$e7<<dT5X+MJ#)qz=G)hFMN0yiyyiQ*<G%&rvXP;*?g2>I
zAL}izS5<-of?<&nr6JO05G^RkZ9@caz}uPF&J`lNYuc4t&m(z<Fk#LFYpGkQ!D#-2
z{F2qMbg-aEru;T8i;6}12T|wG<iGklZulnlMrZy2#<N9XT?fS&rm1EQ4yI1-LJhOF
zyY81FWlO#B`0Bjl>DdxQnaBB|5J2Xc+v;@AA#ljj>j9(X4UH?>a=L=uOT-Nx>Q%9l
zk;0Rk<~wP-x5z3inFa@K%qBri?B{Y0Ngo)NyJM1tcx7L+9?R1nPaDp$fMsVn{+)FK
z#XD2wi@n2bLcrqKU>Lf1%NCLDL5?7-d9!|HpAPmQFf7&jo=?YnJ>qdp5Rg2E;rn8c
znqKdt+ON@y!PO2Lg?R`?RyG%xH)wNwElTRe+6Sk5>&ido@G#b*9nYuY%r_%P6`c%w
z#nE(hBBjx#TIPkLWp6e5v&&35jY)PK6%Etq>W8$fZ&icv4*QBL9pb<M{^2_3U_N!L
zY75oBf@!;h-EK8&&oZ2p8UV*sl)S-9OQcYi6QLkogNjf23<Jj3e@z?o4AmKB(Hc^c
zX1yXF7A&JhDqPH2m&sYbuDc|$HJ1>*RcP4&uy}C&vs7!Jixl|1;Fw8Wu!574C7om5
z6nsfhC1XH)hU3Am8(I<Qat1N-@J#GwuH0;9K1c%dQ6lYN3sI1|0yw#rv9;Xj2<N<;
z5;r%DERxkvzTmrrSt<Xi+~nwQLzX>oC*n}o<K}6s>4o!HSm@hXUX9u$dh@0I<1xv9
z*0UBf%T~Xw$*2~MRtx$`L)e}sUKg}@k*MqJ7+1COj<cd;vD{u~vP$#T?6(H(aEL2<
zSe8pZ^7GY_@(yi{J>Yjz(bHaeQ<}rwn#MzWz~8E=@w2~`1UL1#e=E$t<sco(JF%Li
zudRLQ)Z&Djkd=Jypa}ZgU*BAR9QJRF{&LIi^{I5hTXw_(gv8ExGpAs3)ogPtNpv?c
zhnIb1J75vbDtU{Y+B=C25M|9;cWa`e&i8Tb(jf(p_)b|nn*&-lz;!Y6g=@NFEhSVI
zbRt|>{Oc+5@*OE4qQ1Uv`p7IUh78A(lt+owO|+~jHgaxw_heH-JtR2U^{#%g<mtS)
zPb@(ZzitoKzgV*(9ha)X;^j=wVs>bJ;6$oz<k1=O4`+FVq}(`8EeYRFSB;wRZw*E6
z<U}3dci)rQx&elKTay+xgn=jPOHWVT4I&0R@}n)e=QR4;L+;_5CUi75pZeTX+o$Mw
z9$}x18cRXc?E~hupB=%=2ga^V|BBiL<l0#u0y}~W==F6gH>}B)`zD;ndB4iHi|rLh
zOgm>AzfX#@$pRYBzumEn*K@^#LSd`7Kgr(}MNqK_B!SuZxB$kmwyW-2xQs7}wJ{Wv
zeknYk?DK&VX&I7vkeo?Vi4ZMgz7yB<&y#!V)_&HXchc9|W@aIDVN1teBg{JkCUZ-d
z%LXsQiP$$d&JhZQ<>~BHxY8Aul#tER#&fdj(qBv}X1YIlr5(EW!x!M@wKahDQjx`1
zMO_z<8yy;iP5?Tj)*qAU`a9%}*4oBx(gXS$qRt6=ypmUEdAEKmI^+E87R7->WfK~F
z`z&>RoU&W88Z!yA<Jr#4!5;Es9?=zAzC~JIi;ejS(S3-Z=VWFYx~Grw)G*yY-c_Jp
z8|(7i&HJtEIt#eU;P|bYpWq{hvoJG0#-u6SbTX?tIRPbuPz1{Sl#CTHbY2_Yq!Vwd
z^iVu-P)iUttjZ-k-(e<}kSmj`c0cGGW)}>=PLn6@=FeM<l69F{4xM!wTMlVqV?8U1
zR!pQ@G$2*M>XQQO^H|4S>!r9#j4%6a5_R*=;2L$ksI<sqTx%el2;A%y)%vHDul;v0
zMVk{MJpeRZPaq}+zpN_FbJ7rT>v1;IaM<drEoLvR-k4*?p&);U@;d8jTwzt2Zy8aD
zS3$Z@#*EkhrDZUDEu4^Qt2H$}G~B-{u>`Nz>~IgcbnQ}Kw>Pax-qc4K@2tASaSRM{
zGd6+O+>%RvTasHIQhqRJ5g$P4jgGn*GSNuItOVo^5b;TWi#@u=Cfe86d(kN?*rtj3
z)WeS1`AwPWQt-oLwcY_F$!`?oAg_?CGvY2hw*T^d$bS1~@f`+9YOE0OG}YPRHaZ@#
zw=zj81incs+&yA*{5dErypG8<JM3BKylo|;+C;t@DGMhn$wycx;wht_E-#TUBJ@|x
zkO6S?%E&EPPc_VJS*xmM2YQyspVioV%@h_M{GqoWo;!+xtX0)stBZDq-cztmZhfrf
zs~fGtM;SIhZbs*r2ui2or0~2NDBeirtJ9thkKW@AE8g?oNSm~-Y{xne*dz{^df{p{
zEa85IXN;;XxuE+{nSgES9VZ+l{(FbH{|cz-D`!@4nI#^TB5(NX3Zl44qndXNI}VFN
z6<dx|*U6GaWejGU4EGH8k(mXZmSVflWjiYOTYd&?$?P-8#38OElw;StZ)bp5c$KKR
z*{uP9cK?U1U_`~^gW>PS586PL(HjNrvImJDm2s!e-EG4!+}znQd!43zBVh9kx3he9
z2;*d<jfp-q6<HpDnM3PbqE+?}@XZ@!v!*10m64UYjBuald3qhW+ZhjI{`ARFOMy)@
zc@=6W`Awi5F&lJbXL=my2t2Tam>GWTd?~JQ#!!WG86CJs%mi4oV%48$a`A)Lm+)_P
z(iwRk+LyKEMZ{wJ<=p+^!XI(W^jbq?v0rt09RW)o>)o}|;PhiqCI_HG{aIX`Pu=8g
zXx1c`%)r?qSj<bNt?&~tVI^e?JBGwKCpm`wk!0Vh>fkHN+cMnsz7;9hA5H|h8~R+r
zRIqN%-rMb9*G1V2tS?Jb6+h?PI7<^V+fPlxehS&xz};e19naQI=__*o3cDkX1~!uf
zLMAE;S(gESk`e=u!~(2^!_emgOwflLbS<tsseNbX<-&pTr^Y`1M|Rl5D}PBAd{e)q
zFvO5MUmB!dk`mOVFxms(J_wcv#waMCbi9KhKNywSzt2NEPh)kYXW=0{gq#)O*G7I;
zfh2sl%aVDpzxj1>%7f}L&FqESqj;lUhcD)qFR8$Fc+vne7$}D|@0D<rdLvJl7GvA5
zEdIcpnH1eH+*<Jxez8y-D@goYyD6R5S(gT)rHV0cAps2CP0bVa@*I6Wg~H?>Y&g6U
z@5c!l_H7I_UTsCRa}2aE4aNjz_MIj=7<LTkco5WTep4iw?(|o3u2H{&-yx+`{u$>1
zLFnRBPfZ6D{wO1w3i+GOi;Q$y3O~l?zUM3|O?5W0gFUK73at|4>x^!!LO&V~e}3e_
zZAyv1ZKRnvPJ0f*k(<)ni{|F2U!9boXQ`mhBkLmCnuD+7qD=jzcJ%TPcU$oGSD5ua
zVScuc<2ix1O?5Pu*&?oaQbdoO$Y$RHeJ6JI2b?YdKMYp5%<-&{GX2?8<QHX(Z61r6
zOWfP2d0tC`A~)IvRZarA^r=2SvI8Uxo=B^^#-`xeCDG`t@{r#P?bvMV*Vu27rXjWT
zR;g~IBlTVt^f!{UsksT4@4tm7V$D$4mI{;_^5G>gQLpMt`un{yB&iKgwMs)s#U;~y
zHE#TXp>8?;1QlH!cmVifL>ztUDoW5p<Wr#(a@tP=XoG;YA2vOLGkKK(mPpCNY&+b=
z_NHyE(fLSa=%HXk2munsW5JT;I&o|XH8G|KNrrv*H@CQRBIPR*sz%5)_8=0Vv+{d*
zRE9IykEv=+F}~=r;1X&1R6v<cFp0ypEvZB{dF$l444Kx?nA*>n*3T(qkTlq+BWJcQ
z>;pF^wupJQeusivt(WiUmfyC!%`K>WN%74<1PU7fr{ym9!`_WPdy36@C1IldxQhMQ
z*u&vUhIjZO)M!u(#rjHS0yT~UeZFAydhkU~nxJ#<qG~8Yqdu+diqNQxHalWfCMd`V
zu|vHUN@6~m&az27Rugwhm4}~~>Wm21PPVaEUC_^<us^02`G51PF=nTZ)tjFhQTr4E
z%Sm<t=WT36=h!ZurofnwmiD~!PySAO0?|~Y3Fo?XZ}PO{dM5LxhN}Wb#eOcSlXjnj
zE_nTAm~QoxH(Ku?T*O9=E|Chh+6%aPdZxUGHMpLxj+tnC$7nNQrwx^I^+4TZcO>JV
zpH1BInQ9q(LoZ@3J#xby{8>Xxo$P60t)c4w?w{;P&TZJ@&&itES#7=pPc&junj(`$
zg6KHN7hMu?7~a~6WljkL#-fbx@gD3~jU8T8xfS;g7Y9-4dkD}Q?J#N);g_ba=`O&U
zehZ7wjhZV`a=-IJm~hUuUVQw4fY_E=nDnr(5UIoA0d6I4z1y10Fz(mXlMQzC+uwu$
z77rt$7L1w}L4F+K(}CdK?a2s@(dE0<CGUs`<DYt7kV}zrZxrBXGNjKBn+wW?v-T3e
zfr#)&dT|}P#6DPqR1<5aBm}domN68HkX?N7rXz~lGFWSGw8qS+Fp(%R>Y$0mCRYY^
z$o&!(W1~S3H=FIl@jkRh(oDk-PAE_SjFJ>8eNCfy-cnhk=_;ZXuWc{}Ru6QzMXrxK
z4&`b#v!8?$RG0s#m|(Ue$=sWTZFLvoWuUPwSRVkNcTy+L-kUvXErc<n-Qi^_GXVu9
z*e$|9)(hi3g!eKlai0LMpOf2TiC@g;BjKOT=cG1eM^xc~GvcOK8~D}rqWZ)FXmFfx
zFn~G}NS^^gPS3cd6f=u#2(ykCb1Frrr<kBMst2K_@{l8n=hu&a=WUL5Zzul#!>o9h
z+5yoRny{B-oCymV7EexCR7XzO1436uy=mi<fw#*IwL<SWK9Y+P3JwD+TVz#+xvn0C
zp=OE_%#tqV;=1os6z|~u$w%S|NH~$K!x1Gf8fScK88zqse4gh~Pc6)zspz;sRH8|D
z7v<N8sLTJQSL_T?CV6wPQZeEwgSJ#B<2k_1(u9tP(yagw&U|qI%8Z3Rt}wo~vpU*v
z3ue^Urv)ZlcX`0V$UekmO`mJmcT*Of>UKxHzU+>9vz7D?5!9FLF^KjlR{q-nR30{I
z+peiPY1y0f0J2DxuH@{lBmTqwf?Hu(IgAI4RpiPvyO}rAS>3_5KH#n)LRS8as)1j+
z;c3;;^i@*30?0;F1!xlJ)%6Le?acN7dca1&`|svI!ylb?Mhxwr;Q8YN=T+F@Z>fFm
zN-A+9PMUGPJ7xJ?IQEXM&jJoYSXD&mlTVy4cK=|y%1rh1G>g`l@^TfTM?Z@W&z~~B
zvA?nlf4>Y17SD23hS-bn+rG^kZe@QpV#mL)asu3gn|2U30mckUSG^oGV)lXWPHbgi
zbf4%`UJI>)KX=DpR-?GLO1Az<m*x(;6z(pDqQNd>)*NTeM*-D)EE3VPRpV{J=Z^C9
z`ZLip(o^hBz|%=7;MJ8FmtXcLMBR|oWnamf93J)Wp_#>HGPM0@PJy+$8@I+ZR~OZ|
zK|m)J$o26Y0Q1l5Irb;~rvzmLGSTO2$}S@!m85`N3wHz|kLVyp4D5DL?|R&TQCw*l
z_Txz3VKno)oynT1y`i12<)#Og?|wfj6#6wt<QhfS$p_Yo{MQLZ7Gu{d^jQ(f;GJ=?
zniTBT(Uo<aqn0p@4`W0zSV9+I;aqS|XioHM7zoD(G@v7*rn5r19*Oec+7`<8%JE3i
z*C#;O+RCql4NR#O`@O+;Qm<#F55KRu04$;t2K;qteb(zNelcrmb;F}Yx-~c??+`(d
zXbQpK>ogvCr}N0n%jd3#m!{kIS`GKRKx)#KG948M;De+JV#aSFg8A9)wW^!pr*hID
zz|P9Sae)^H%Vy(C!Pi_1H6n@025#fEv8eMOvFOmy+@_9HV^wRA6*``zayU*H|MLHp
z3y5hW&SoqH_i9aTlNBPCQ`s>7CI3PdT4tw2qoEXuq!^i8hAmu<%Fpw3R+k+R^t&<v
ziA6z<f#TlirqRL%bBJO@*me-Usk>L$mS8~RgZkQlBh1c4nxDiXTy*s)r<`%xOdlhs
z=Ge4shS3LP*4b+Pp+Ek$)D=W^w@`A<AMh}OC8ML*wvH{KnyYG0eM-JbMPH!9OR&}~
znt3+U9G7DbFML}9MJm+OyZ;Pj=QYE-){NgcQSs(z8<ZdsXr*h8hh#@bcRbUaCAJ>2
zXTMG;Kz2q!wSeSu&fN0f;Gs+hb;&bPWt-%jx_;wpVjszAn8Msr)TM1?FAMn1AZMf;
z*^p#ZCgy%-oAFU(YEN`%(PwP$F|E1@JG8NPJ84M<*fN#9t`KyT9O;1e|LdcMLcPF#
zr@_&2csRK0Fm9&$o!Y-$|BM94I0Y>tFYeoQAo${xJkBGbCHPu$l0C}m-#$9y7^E5>
z*e;KfbbEIVukGI}Z@m*XaRO{!&VQ8QawS7Kb*z`D%AeThFrusE&x^Ytc~23+Yl#K!
zxEOsjclhYA@i6H^PQc?ioXD5-Gdm&UN`p|a|NH3e3UFM087-ZHI!IY91@S${lYtB2
z<?cdjH2?Iu=$}4oApZa}9O{^EE&V&Ns4CfBMs>8SZH@omX?O#4){U!H<z++E@nDh2
zsa1tdN7YJ*g-dLVn(RrkO8wOX@|yAIRxw(^dhL|_J0b5>H1;NxK>0+JfE9^7<u$22
z(5Qw4sQJ#NmQ#>B`SVE)j^jfUg(j+5ElAtW6!GP2u*HIKfdSJZQaajE^K$99d<eyu
z&icv{Mq`4CLK)yTBN1pH@SBkzpzgzMA}w7YO#ZhXF*GP8$wlf#fn+yWGCP1hwnR0N
zG%3B+SLcckW8@m6U~h0`o`lca`}p>@DE27s4v8j*zv$00I8Dt`-<&5Bb2p*iYreG>
zBy)`j-N?yW|B<Xfqu*r8na;|1KBgsOuU0tu;;QMZZ0Mxm)MQZL<b8GtAY!5Sh$P{*
zl~`${_lUrDYm3e5&X{k-+Zy6-mv7~7;3OBMqmPx46?BH%MuNw&(S4hz{H-*W(LHA)
zzERhhlY6jG%r8Wq9`Am?SIs*kad9UztmPxdnkjzu{iU7VJ;c3GyMW$*T*YkB!bZDF
zL$`;BgijIVLBcZFHg=Q+#F7|gWBSWM>VcE1<3qXmFt_631n!UMh{f}K*zGs_xwq$%
zT!5M%F@ol?N;~~vvjYLuAjXb%Pjtk+1sT$o_Bu5<Uw3_3r~GYEp)+snkf9t;OaYsX
z?<KCSsNTn`AsvlPRh*pdw4(dDU)%B#ycW7s+k)gp=bPwOgZtDBX#1Ou!Zy(BaIdJ&
zRooGmj^V<*5r5>(E84ccBcTfOf5;j4zvM({`A1Hp*8fXR6TTjjy=SP9_txLo_B_;S
znvc8OFci^H#;s$V_z0RBQ@xJM&>?jArbyxEajpLid7^u~<o0h4p#x1VLLH$443B^r
zuyEaS8)Mc;oy;}}Q;GyN%Zx)Nf^e_Y4A{_tLjgq$YYOr!X|b6`WUxRlEfk6cN~n}c
z8xLb?P#BxAF8M5dWL(N~$9!B)j7w=bs<50IpMjjqQ5n;)>d=r6T~dVwl5bq0uR01F
zpPDg!SfQE~1t-Hu9Wip;-$Q{AM{R%%+gDYN9dg7+SFY9Kh+okT^_RSvj#<o-(VK>l
z5xJJKtopX@2%Vu=DxPB^nW-f&rbdCJ>4Uc0Q%4^-vR7yF0o|rv`|xkPcM0HRRx|w6
zFSz+XfPI|p%KVq-Qn%RqVg9NnM3jb9Qd=7oMlTL3ACrTFX&c@N=pjMh5t0BrD|x~m
zE!)IAcR91cuxOxZiMcJAcfzk;7$yeerMW)76n*2pcM=}ujn5Fb1osTlXa<;A^P_4J
z2vje*AJT+;hi9;MJ#x*a)ir+LcXKWs(H92H{x0CB=-vg*T+}Hu+XA|9uwQsf+c&YN
zVQuyUINOnexA~5Hn}ZZTf)e>&XfjbW6~j1okv!YG5$!C=moRr}q?So_;lcyaYezt>
zhj*79ho01ya^x0*Taxifx?X_z>*xDRgW$j`R&s!ik18Fw%Bp_>`3yDvANP<R3nOM0
z0LI8&8B=bR!wZ`108f@j12_KH@GH|bXUpO}H2W`3m0!ivu&m~ZE-)+IIB|02S-SQR
z90J%Ml~GfFobuc`Kq-)AHiX`)h%jJPY0RDsF(ST$-!h^PSsNH99d&&{WUg1>e-7+k
zxCS!`+<aQ)J)4=!tjjZ0-KA)|Lo(P3irld`jiSj*@^b6HrCOt5L1^0=^|ui47JdSI
z*wg_j&4$dCDG2Y@#>hsieiOtVoL207;q}mK&n9tk^@jz5tEL^Ey&=g;j}~mx7gH=i
zGpFuc2VH+RdY%%vZIIR>e)y-HaXA;!!a@J&?LQZONSRxn%OtZ@J%p{-89y!3@k+dB
zKVq%eVePmOQk2<|1b~`&8?g>Rrvu1}%RvB6;<S$Sr>28#r-N-RxS-c9zQg9tk;&o_
z`RS;GI}o+HoebZsv9Hs0E)ZT~tr)9dl>aZ1rM&C@=3qqCc~Z5AC3=oGXQcPb)OwZJ
zscCUrFO^$x!XNu8uMFGwoZZudYd06_mPV3&40bsewwv9H&DXuNUk}4)p3H3Id(r?I
z&h4j~;vnI)`sS*0_*7oYCd49NhkGlUf>YTv&QeZXDM7KDKaFE`s5cLisL<tE*Gtp>
zC;n4_fivu%tJBWyj3or4*2DRWzX>1-VuZmo^+Y;8R5`l1VcqxZ`ci&%LdH?2j8yx(
z8c`+&Ub(!r?N!1n&3TS(Dj-{c;T!=%5)=|-e-wX|ff8e5cl$cb1rao7Q&vW09I5-b
zCqVtvkoh2*bw}$yvqQb~+N)yNeQg|1gi&P@9&DM0z{yS~5?&9t7!ksQU@3z_8$!&e
zQc!t7d!beQD<UjF$a;cW-d8+eS*gd<T!CET+r2#&?3%GUS?!_*FsKsj8v*FbH>BL}
z=>AG75~3}_)txbuWaq#N-#-Sye%Sq-CT&P1nv_C^{G<u{fb3P@X(y7#Et}R2fW67!
zo(A<AHS7%RANC^c`@^)ee;Mpu>9st&+#PSe>k$P1RNG7hy?ujw-+jwkKiSSO8h@mm
zT5^HLIsrW&HgytZHlRW-r3yf^7+q$R=(rYT%DwVUaj5EeU8>(6{nryNrCAD)mV2@_
zU0rl6LaH>b=1^zEKS-#ol1*sJx6|hu)k&i$FVUoXoFwhkDXSjT5M9`_rO={9&E{QK
z1)QEP#^`xAEzMOtrXu!DzCg#@UX~JTm42GpylOKtalMIlZS=)&p8<ZU)=(foOLuF~
z>QO<i6DxM;Zq1rzpxb(r-=W)rrvy|@qT5<PlNh6s&S_apiHqbtWU5&#Zub8bH9vd?
zLDo$RAh6H+%eQP{F-tTh?Il*xR-kjDd|BIl(XaD#c~}<9$s%fdhK9drsb$JbqV<cE
zjX<YdL57s)zM?IA$sgeOlL2PeS7*li@!Gn002ZRgKuY_e|L|g15x5UKR&*^i&=P6K
z=DI(4!iqo@c2nud4<|@VS_Wr9!uyj?KGSES^8?{uA8ln`Gx6E#E<}VeRPQQGUyL6&
zHF?+`MM2d(_w|I+ta?~E^8w{smAh<Ji_t!882DnikD@=BuM3a~dAQBM0>+3(^1LeO
zW(=(JUm&`WQHhLQ*#W{KA^x~^u&5y9+gb_Z1&h+r3!lc7*q3JNOB9u_CejiBDzI3M
z!qTH6IW;iyq2yaZrJIfCOnTNMsuG;ob9Yc4{+Jwo)Ju-vr>Cg@%+Rt+T;);wt-fK|
zd}ei&lCF`dZwrvU53eg99<!RH7`fA9xK-Z_(wr+W`Ezj2b^&NN*-jv9dqv!0H{70~
zm^rXr6~7kn+(qZHFt6ay6{LX998J<(c>n$J#lR~N&+rC$I#|I+m6;BL*&IN!2;{6<
zGP&xG?6R{Hy|c7ao61O9nm8B-i<x4KOxFKN$I#t>uL)=Zwv7F<RQ{^djnD4y61KLG
zuZd2ufyF+zcGOymer8WFJWf>vYO--9y5{Rml-!lnLugEO8~(IsGlZ`V%KTiyd67TH
z{*|sjI=~cQkIqK=Gtp<rD^eF<rwy^Ebc6g}mHDhfjH3lW6X9gUTI?X>j@yM@bW~f9
z*;8LFg9D%@wU;GT&PnMZfqAAB`6_*cdA&2{syXW?vrS~jjf&H3-X%RSKhz8Qz!e*D
zDe?0O^Cl6=ZsmEg&j{jU120CQ6=abZ$3kMWs^q__Qs@5whXHVjl>uKD#YeozwK8Ls
zw472c8dE9nx7~xheD^(YXB3X`42OwdKC<}4!2qr!7ZkKh=pA6Vx~i30FSO?<Zi=M6
zgI+YtPI@7c^M)RoKmVyLUZRa>;ea&Swx}iP=R~Iq5uR`9ju9=4m^0`iM~7c|&m-)w
z+`{<+Y+XUpN@r2bn(b}zVPPc#Ff|=1=1I`v(FY5KmV_U+FmNM5cyR$lNS^P3TRXM1
zFOdFbVJz&xXkK2ZGo1@0@hadXFBhmX5R&ho9gJYYu<NydV>Im0Jd*pvV%Z$KhU{?U
zt5c3y35BVu7%Aew0yQ`Xl*GHP3T0jyW2pj<H`hU_ubv68;8v0V@3CjOzCt{bP=Xbc
zoekhjkI=Bv*NvBqWCB4Ts&2Eo#boB-HHU4B#|snB74Pjc!}AK)>7h_6=P=;~H6*G8
zu+i?KYfXA;LCO@kvT$vf#p{nD)(Aiwj%;H8@<XeL!XH_-e`>z$lV88lZfrMSM~W9B
zBunX!hi!DHJAt@UgR9rT(_yBQ>RO&z6D8IyMG~5Hgsi_fo+9H!FeK@y1kzYB9BH*=
z{%=me<2-m=ATa2kvM6n6)>NV37_0)k%zqBs%qZY1mfXrZ5E?X`yKxQZ5dVhJCF8d(
z<(8AwSup0sFD{s?t>+BrcijM&8wM`15F7#l28*Ggcr@1RVW&#XyUYaj&PelhP^mHG
z;z0uC{rcWBb_byyFG7E{362U1KoFoywQzF#^u2os)5=nzp;{x62{BD_tqcHMf!J}%
zjl(dBZx;Tj)Qe3kc40ct;AA%o#t=F^Fgr;+-ur`G$Y2yVjl^=L@`-+_t9SJYyv7*=
zuvUzYMe_;xp9cy<XFK3;9_^dFDy;hN>HW|*@gujOKB34~KZt7KQaUcphxLEA=n@>5
zH*MBuo_`+lEKi0eU{YzRPs;!@_JHbHUJ>FpQl0jk3+>Kdt7EGLr(2IEe1nJ#zi#!G
zN;$4bw8pT9rbtOV)G%PwA;Nz`4wC5(lC}_q>T$GlMUQtN`R9hSUvN9X%3PDuNKjL*
z5$CL!-rqkxcV=Rk%U=65vr?q2&aB1nZRWM3YNd>`mG%CrU?Csl(GUXsI2cqni^vNR
znLjrzF*3;$qYLLGzz!G0B>6;Rp2PUE;4+id_7C*~EraW%`3;~<T0@eq8hj?MOmY&=
zEBdvYPn;kIAF%&5u0;a%1Lz})tGY#O5N1z|uU3kxFOtpS4`+P}_8Wo0GsYuutWcw&
zHXr0tB>Sira7L>`kP`)%tj+bP<8j1E@d_VLixf`MQo#k=mVpyZN^!5;ubM9*s7!W0
z8~9xkD~&%0zI3=(7ITQE_#>6^HnC1W1QN>cy1oEp*gae_@{x9}q;Noye+I_Jni@im
z-<%q|u6){oKU`M&(GS$vWUz@iYdC0i@-GIX9RJe`^Q|An7!nhJGW*HVbk84=I5w1H
znK>0Q&f=6;G@T#dvQcAW9^Yie?Pt{pSAiPE%y6|-uwnXUzvpy5+piZ36^mS<<V1(I
z<3y*D=U2CS5h2DsUrTvvfY<!HtwV*&U?la$-J4*Sr@M`#O=6A=x4Ba_r78f6i}GFi
zv#D{trj1VNS{D*<HPY0zyV(9!o;zElrXL`XU=&Mm&Utvl^~$A}{&zz4ae&xq@m92H
zyf)(9FoS(I1aDk$Ob1d5S?N!E>RB&3Qto@EZ#DNhSYl(gbBii}>fY`D{)-tca##9V
z5Sl>e-gw^vNyuqNl469$xi9~TKbc!NOH8c28Uju}KE?wOa&`k9g$>IaR!F1UiHCPQ
z2r}U=3zw#3!3(=spxtEAT=NzHIjIwc;R~u2g{i?3;RfZySu+rIti>G;#^-m}-{}=M
zZDHis8bV(L?JL^S1__e=%}@zYj$}(VDi`xRyTJY|0uOqBM<UrE72yVWZ3XtgV{u2I
zSrIW;b`=BSexRzHR^!-g+gXpvomb<W!$hrIw7D!tNk49b^Fx}${b{9Oug3hldxdB7
zPW+o&>q(i`6oe<hLDg}v7^zY-=XdmNJYMQLSd~d$QIx9{4T0+@zFQk-3R#wgOlB&n
zC-o%%%Bg#Rvr|l%yJ=mt1b^#)CWE=^Mi_3IikcKum+cRL@Ah3ehp8zteE%7Tc6<0X
zf;IQzClab!OJrCeIM@E9wJz{nh#a&6h$74Y7-^tHVTiU@`^EN13xz-&*xRNPi8(&_
zdir*%>=xS$q_pD*H?obw2<760nz`+J#K0k8)s7mL;MAC6@@mwpK6aX)m{rx<x5c(x
za<(^bsL<%%ahwU_2GI~E>~G9CO6IrWW;?nuxJx~jFci`?RBeeUM@^nNP5SkoUkdLB
z2o@pEYu(+YGilnhySRD1CovZUz9t8PoK|th@kq<kPC~nEPVlEQK@|?>4Use0;=v}X
z*}$HtQq4sPSRDH4`mfD4Ix-k3s^(_rZ@=1Jyza`gQ&OF#X--557)%uCf<*~i)X?xb
zVntH(`hH_(Wse}-_VK=F5k8X?Ln`9}yseD;!Fy?<x1^<Dmmmscj0JmGbOZg%d!2<;
z9DjKFFOjKHPfx>miAb<jc1rSF%Ri12QZ6uxjWlM>c2=MH(bVV<2-RwJMhP`TEinnD
zSoyRBv|&tC8I5c8MyVJU?<_I5gs2<#tJUN(mJU5HGT)SayySfpu(NM^&q4D8jvK^n
z(_)Cydu?&{@Xq#{qyA-;j_6HRNa2Hjg+^k(Jq>_X*61*C{t#Qhh4O-;u&g@Hbq)Qc
zuy`%$V4hUXkcBE7twrI^HopCD62ywcBV}4nfLjxH`5Z*m0VT+OkD2Xu;tRVsp3tPR
zxt*W+Ch`vBwjJuZOrNGMREG?J)XYPlh%mE;a*lXIeKV}TV{DA)@43#7ep^ln=T6c9
z%&h>Ozs%8XjT_{{`2dWc{7&rSP7TtfOtF?57SrvIa8$Ssr1>b!`GX(qF^Q875{lq!
zqu%@HFvXLG{L17)p%YncgXtzYLjCuV81RPX1UDTJ%CuXuZ86&*mp5Giy5aYFgVT25
zwqi+{OmY-Z-XEuyS6S~XXkw5hs=~wxx?0t%4D^uIiZjC$S%iZtm}oonl?#HtjF|DH
z3CRDM5=TVT(ZfwCLSK59!m!^zZS0KIxnI%#U6I7ysYCsvw~=c3J@FCGae_b8+Q(T;
z6IZv!q(R`UcU1{_)C$mBwLqpUchdM_n=B=t)!EVQz2NlasT9h4B%qjN#;|bP--DA<
zld2CkrPYi83;i27V&cY9r%o#7#^NN2GFZVKQ!D?yx>x{HK{ip@th>}3*pb?bn^XB_
zVuHu3&x2uqD7KUs*!r(=GasSDU-j=9l~<}(FSc9MFt6boWF=r?niiffBUnrfY?j7N
zlny{|)Q-44Lp!`O9$7KMU%IZqF>z(j+mtA&llMD~JeI~{ncch9du~tN_(7*#NQ<8V
zE^w$JAH<#CBe7Ne4%^edz<i`&G08%TjseQAY0mkoSk=_;Z}|3ni9(p|Tk3!^zmWiA
zw&xAO9XsSMi6Y?Df~S>&qC*|Yz-#L&+W9QR2dxejDrg|IZF|SuMd&Y$N3z=@zPG^!
zhl}F}qK6T<)-8uiF#-YQud6*(>~EpfIR-_051rXN2q<8}FoTjKstdeYmtUQ>8}hGH
zr{~<G9JBgOfzpWG2|9BS%*g!a8Wdf4Gp&txgsx=!o^n9->p%+CPs3OpSYBvMp~gaw
zEIaImkAg~dKVs0q5lkb8ot=wNvisRFr^2g-|6hxTEM}1U|Cbwj&yoZ=P^v(YI64KH
zXMNw9m9<N8tIl-?H0i?GVSlJ|?iuC(^HY@Vn9Q@}v08SyR)jdb&Rhk5py|%+B><QF
z^>ZW?njwj<Tm>@GE&S}Wn^EPg)mIF^>a1=!gLM*TEB#dIe@{b|XqDSGz@jW(!78u-
zzH|F&?y^f{8qpMPT|Mz34r~vNK`_Qsw3=bm{->_53aTq;m&GBtLxKbi?k>UI-5oX-
z+<oEh8+Qoq?jg7acXxsZw<K_O{&UW)x>fh?huLe*>(rW_?yvhBg`?K)UfyCeNG1xs
z;y5wdq|VPAi8Df@IAIp7af}f9g;=ctx_Iy8y>UzU0zhCXJ_U`>q3rA#Lu}$a7AWb#
zgNzbp!)&q#J;YFq<-AOeDVtH0a#LDxSGi~Q!=wo9CbNrM*bz`}^!z*6=(#%Un_r_a
z2J&d}DE9I!cYs?uyiu^NUyGCUE$<h^wTQkpEwi#W^OQ74&zks%a-0vBC7>qlZo7g&
z$Xl+G3aI_GQmeSg=+moyO$;1loY8ndvx&6{F)?%az|ZSU=@Tj#&TF@SwaXudZ_JmI
z5u)3Y6^0*bO>jfYh3bv^w{@2DVAj?XNr9ji-A;U41+N<%Wyr3sL0&Y)`IlR+jy<R1
z9ijUB9*dcFC?qfmJa4Qlig9#Bn=WB_Gm1`F65t|y4Mk{{FIFfAicB8fuc@^Y`BWm0
z9%xMpw%{4jYNzrQOjgBbWS*?@HO*^a@z5!MU{w+MYu_u_0&~!pO*1Ze@b={g!_FG*
zc2>>Ot49XOkW;0pM}|O4#ot!b@8?hgt7WI*pBvITIL_Fs8xcK4NVK?r_l^2B?}ab>
zD*?jVIquMqYR)RO`?&{$dn+D#IatMzqhPAQzd(tvH)8poNenqvA`9-6mdIIzM3)b7
z;e=V`r(3iHu4zJt@7cba()1~%8!H;(qzzoweyy|qhno?@{UgYOfRox|t@Fg$l^LrR
zgG$AG5k}*}>4)IrxfVmcvA*IZxKElJfWtzVtZagh?M|`W-=;p<RQmPvK8Y6JU@*TE
zZw0rLn$@#D>PG~F(*iQ>a?N%P)98saMT#hAaCt@OJlSZ4+AjZbg=n5fTh8zZ_c5Ii
zHlL5&(TU4(1sYmc^n=JTUDJ9B>$@Z?Mvk8_NQtDR6F)kABME4~^dNd6OyZt90cUp#
zL>-mFjVT_HTCRvIGqC5Tz^e4h`TPVHN_Lr5HouOTzXz9;9yqa7q)Ne>juIk<XbrXs
z(rR#whzys(lmAdg$*POtpG@Jcz})p06z$NFlgQawA*JN2nE??hVVY{~F5;nENx*de
zw*c~|u*`}IJI4-T!n@a4^?fV&5PEtr`4`3BRBv-PA9cnsYY{~MI6wmr$TC4{{7n2*
zMUeO?V_?h^H9qdf_uu%X4mEy|Q%lh42d)YY$5VJT!tOGQk~qzwt3&qEv(8J^$A8C`
zT<$27oH)=75z)X0@7<Tvc+5=3VRK5WFIaF0!^_>(H>-ndu0AE~Sa|L&jMlBU)=>6}
zT~o{m<<8Aw_lXoWf8liNtKJvloKoOKU($CY&*NOPillqWoOPQaX0-c*Bju=}Q^B=z
zbil;`Iow4rVl_9@;m0mKU4e6=6vw5Eb=v3Zz=jqCW$Vo+J<4bI_y(>Hh(Sn}W_)Oc
z{y&hOBdDnc&qSV(ps7VVzZ;olq&;^NSwJ&nr=bj(CoNW_E{I4CLD0PavOo^b`?u^|
zEG(GKPd#|vsi-+?V7&HqLN1p(@g0z+puY5z+DT&IuP7yPbAl9Ye*SG|kK{povJBW7
z4n&C_M+PZ1B7F&#GSR=$a|%U1h7F)i=GUxdLqd1iAw&G1p<XC4Bv~oJ%<gAoy#fSb
z`%RD#zx@?;bZXaP4ZR_yOyEo8lNvnDZ7HnB&Vg8Lh{VvAdLub$0f)9GfL}+{T}RY;
zTZKrg;M#RjgdnBUCWM(*vvpNH%Jvb?@M^RWWle-Yuv%Y-6b}x$1)0IAt-kus<VT9%
z@MixU7I7avI-#99v-`bM-zhJ9)n%G{%8r9+#V`%S_pqUG6>W4MeLf2=>HvmT^^Jxi
ze2juP<bBe;idY#`Kyc~##v$7zKvVa8laZ<sD{`y-jP}VKD`|Vh9oNM!uDhLm;hEg<
zqQKPEvj&#Qnlh$Y?CeG+k4tpI`UGZ{rMbLo3Az;7E`(S0R^**rvy@%A&5J#*5%msS
zl`e*$s7*?(dms^BBLm4!%TIfwp9Ky}G!4k6B1rxjzaLLZ2@#(by7WntM_`IXW7=Tm
z$uLxMA@3St;4=k&XkPFq#ZN%pnZ5)Y9R!XVRJixZ@F8$y*6;~4hDuq2Br&Y(whx+>
z7%Bu~{6Bww_K3YEFwpQO2ku^MP=lM#D$EvoTP3L*xfowyrf4sDZ9_Od^xPIM2oq^Y
zRWwd=D`<4ll*f*sr_RFA?+@7hVZ9<uKq(4c8#Le1WvZh`kDA4XuB#U}<E27)Vk~Yz
z@{JfQNC0mt5(3K30x`tc=3_FbX?Qt9#9RagH-UTNb21%gn2{+mlnu911$QuMW`E2e
zpc7v|IlaF9=z@^K^eyLSZ1Tjp>4nVorOGB!^~7N&#0NwaQ>z-bNIQxPdo9%c)}iQ>
zY&~h3@MIq3m}rt9Q>_m_3_Wa3pHi~0o~dCgAlHQ71PD|0;>PTyLU{JbI+-;xQ8+s5
zVk9<s0;~cZvKS|dH?awQ%^s9`a+W<*De4+NR953x6&zl7yh(>|&+mkxx90ZCWs>r}
z;MB-^)dZ|>(S^UYIr@q^T^~(0t*=`-|9RuCDl9MVadPK^4TxrvfeQ9MPuV1Jda5{Z
zexl<D0HW=x30;!`YXz2_wThMYnk8OOOnL}>h?ZxxwNz}joAO*-sYBqyLx`=cqwXJk
zh<diu{V#l!K;Yy5pvP|Mc`Jwe0|`1$Dg-??7WN;U)ekd18ZEaWv1(x3VDpsN4epj&
z91=TJcD2)CtFD;G?*K2>bYhG-yzLs&J8IpxapHMPSknutPD!vRHK>fu6kbyibF$7A
zt6YOWX*Y(^Gn$xtbBbj32{P18B0nVNs7>3E@s*5o<M)(%D3kF;peN6xQ_%pzGXqe^
z#Q1P1EvPf9+kJy)D7vxPp=VUx2tns5$jd<&s5i}Bhbe-sLBIt>+c6b@MO?SRX*Ktl
z!1_cE69+mn7%VJ{0JDQHNyDqsH6grp-vYv0?;*8?wRYLRnHkN}%~=BEVR?z@zbAw!
zLEA>8Y|6o2MzfFEoySivc3)5*sb@KYv?^xQr1+aPYU)kB-HI$LgZ?O^h*<>Ub8b&M
zWzjjSk^guCAVgNwKeFAR!8F{Vo6s<P7Y-{AFJ5YQOM=S78oy}2N&QC7%TIhy$Ul6%
zqJhs-R?WQWsliZUgD@kQr_5rGm!I?FX84Z@-e|1Xd?$i8C%)g;^9R9)LH)7B5y$^B
z*r&z%+ua#=RC+(gq*vFd0=7*ZN5!VDtRvjosnUQ585-Ri{A+o}_w787OzdlV>xov1
zW?#8{R4Yao7zkNO6(;40s*q6zutS8s>@2>bCHVL@=W<rm$-<f2SIc%cu&Kop)Yh#c
zC5@R?ho3}B6SX+(_)SjG=PNRDlxfpfsi<mChgi<X4}+FC56}1H=tD<;y~p1ecc$0N
ze%A=_YsW;@5n-@=E&;``u(^$%C^p({C%d*o^m9IlelDqc<^a*pzrEX&F0yN}oUrML
zvAI+{{rf*W7XNQB)V^dMj*=o2ihdvFbIrFV3%18?$?aAV?F0>^jC6zv*a&#k!ZsA!
z<whRC!0y}~=PG}R=Me{ZP4wRgB$+@<C%4=sm5EMCpR6uV^PEgT?f`>g-j5BHxhR+2
z)badrY#lyj`P4f$`Oyor^ok)jr@~Jwsj*BHl~QaZiyU8dieGG~zr?CG$sU!N3~NV`
zItaU_K{WGtM>&@dQ+b-MI;)3(?sGFjboo-U%mM_Yy8He{NeJ5sV}J8&p9Icc@Ugh$
zC={iN7>JycjvHN=vA+!@9sdHPKJUVnlSC`|eeeS-!enK_t4GS_6AsLQS1jf_=v7ac
zkv2D18=46{J*^_Tn#?cyuev;~q-D#b*;;)iP!GcyS-*dmuPsYt;GMFymf{tKA4?)^
zgjE2aOy)RHmn~x^CcGmf8v?kA?;a4p^_gngiL*wH5xautW`gil&<{z}N$1FJZ;|w=
zzF?W*3H{@eZ672;u%=bqNG;yncEV0~!uFWUp|671?6qOXRZh#$QVKOzEn{daH*shO
zl0w*<VL@JmJ7HggX$#Z(P#WE(y(Y6m8QRw+t6j<<BR`C~&d_@x%6_<@HZMVkq{0$!
zvr$QW<AP%G$s(*RW+m}>oX(wrX0S9CG~^LYq_MDf(xIxkAzqM%wH5?nj(beVKTsG^
z)*-}^7iN~ka}ow%q<G8jvJ^#MP9o3_*AOmdK;iVetYxUjmVhuvQ>y7K5tnASAWR~?
z1w(Bpb=X$ua-bX;e_)U~ldckT*)}VH2&DZktIu{R#7gBu$r<tve%N^>jMs%X!!mB~
z`lGCgBw^y($D`MypTB+Fq5Y&bTHwdbgZK-F^hNU$5z7xZTi~;1m!bJPzo6g_RHV&O
zx@sG62$&2Y+~@r~tmhoBx=h5G(DUmdH57D5pcZM~Km!m?{xQ2~VU<VSzXr}r@U%9c
z4;{qM70R4C3X8!9WFF)BA9(4Y5j{6PZj7q_ZclPCfQCRR90vqSqli?w_naspP|7oB
zx`Fhqk4#oTm56VTne7-iV9?NP#=AL8T)7(c^DZ+Rt>7hg2x2TOtzHY-4wS_Ky~Jy}
zk0lQ9Y+Pw)eh_2(NOkiT74yfD{sv$p7YvBK|Fb-6hb0_4^F{-&D;5{=N>JL;T|`(*
zPs<$KPm>|e5ZpDdbL-6r60nCz3!cR&^$~3}BLr6bH{10|TrHmjCRP*aG<|-2aoWId
zfd48o*L&@KvTl0wwTg*R^R_DoL+Q1lVw@eggOiXHdcs{~cq#R;up&A7DfuGcBK*L1
z4;}Y97GHJCH0--|2(Evl<vss=6HmJPhMM<~XXK;olkoAgKPRD=XdsWT+IeL6StdF@
z%4m7<>m?#u$yoQVyCE8le#HS#f;?WT*-`SSr4O<TLd!DM??#wP^tjqVQMymWm(}#Z
zWp%yohdD}oB00mL{1${;y?3>W+;OQNl5P3MV(|^XW2WAbUE7~aA>uc#8hCBPM%T)V
z$JL3G{b7`BKj5L9J8O)F-ihj@JJ*8n(d~)%cdd6WuVfID@YfcINmx9UrJh;aq8Opd
zkeVBdu;PcZj?^1!gjmaHs%fdxdeS(6S&$H|z;^e7me#|qT3N)0D0Y|tzoZBwR&uKm
z<Q}+DJ9G8r$0Zttm9dxuR57*ao%L8-`<INzP|o46WB0toTaCt(_d$D^xZ#nyYAaG3
zgRnRPN8^n+JlEEP%ydObbl1Jhd&N=|ac~O*!bxUB$w8fwr6t_u4t>}O-bh-&9yuw_
zYMkqj&`kHKr^SmEWmd#3kK9nk^Y@&$#yIW7Av886;Ytrk{Ys^)P-m0H?Xo#7(VT@a
zs^xpC^jg<Y2$^=61J8AP>qJj7k9ymCQoQld)$q%Or8XbY$v7ExSJl$B7D^{(%E;nu
zU&{9ymMib?PxaZo3YA30@wl@9Ib?h>{xXa8y{YKRC9PF-L??HYOrkHTD9HhdYb_ex
zP>U$U_1|8&#_gE?qITD%;v;OV%8~X)G<SmW2mt6Ac#-&s%}L~^o$$IMh+Bm|ST<$3
zAz8ZXmqIIxWh$((A5XllETiu)0&rnE@4Wdo>{UXE5v*tsxSxU=RdpBmUgWw#9_o(L
zCCJ%ll(_Qj!W{=UCt3>)vQ=s2DiySnOAYcF%|a41M<AhlpUu1IgSHP!v}|N^rhm_S
zk<A0OkHCrNRHvvm)L%Q6t4D?MaKwE*zjuhqaabo&IqJzBzb2R?mlhXgS2JjqBI27>
zkYn+KEWTdCJcXNTRi_iUe~WLGX%_z7|Hs2DFf-Nd^f!0sHOxUF1LF}=6<3kf5J;T7
zOCek&X!Lo3qV!}Ed-Ln;LW)pT$T}1iCuKqu<>)*fp4!MP1H=uA-4$wez~(tNx5v%&
z%z8UHyuiI~c*Lfq=H0pciJ{Y*B|@n$%bs6pP-;xCa@7OR9$u6BOghFn@Y5`@A$Iu@
z%$XEI?53!5D4={tqYBnRBFiLRHMiuw0mJB00z9J=YZsf&VFdIs1jC3(JvNApABU%{
z7*(vSFpT|OX%dGs5m*}B`7vDO%Z+T%fjGVs>m9M8oApsS8ZpXd4z#R8{<7`xW;bM*
z=ytrrV^I%Lbfl78JRC~xE2Xnt{by;)8h0T{{xSsNnr44*SY}-^S^QBk$1k@ugL>|n
z0L-oOB5Ua&_P%pe`l&cdpmhgo&<P^ttt#D4hnPi6F)ZB=n13P$2<hA_T%^TKZR9sQ
zuQpyK#&1Hk_%O2^cHFMX3i>}*4oHt+@h{A9L;1+UxbOv>KJQK|W6zXK?=VsEWrOcV
zL;L7=I&MY$`2s8H&B_8PI1aIB)m{yN%P1@{^TGObl}kA<<E%Y7>w+pLDdr><3+09n
zOlbqS9MV@)2ge}rfq=<*PqvK_%yQ-Qmz@;ew#QG#r{IU%k~DC`6@-+|(NHISx-Fq6
za(-5Wl*oG)91i6T>kW!+YRgEw6sojZHLyqb3lGk*?6FF^CzV{irW69)lo9~H<OC|O
z?BTyim$hj`nn?;N`TM_;b>ealSd!b45BxU@Y3^2yZMfxc#zCYP4o9=+((akk+L_)O
zx6Yxl9hr7!pK!h%l;Uvax~uP@+ZGS{t4oEYtr>!I+9kh;>TOUDk<?17ZR{<TsHqt!
zs!e>*b(S}58jIG4NPej}i@bpOyHdH(vUrqU;{dIVvW^ZXU1x~b_VA=}&la?2Bbui2
zvvJSz?S}x$rL*nI9aSF)5%kN@V@3gkmYNNZS)hCZJ?rc3%+2S{^MZJN_Fo1bGym~V
zr>=_HTOXM5QRC>=W{!oI<x!;*G-rkz7|n#=2KQt!a+Qz?d@bUA24L(0@UgE^Bmjdc
z(N`UlnzVe^t1Zxq8y#X(7`a*+Zfg?vb#HO4J|9)!Sc9FKOnXYmTz@bhW1>`Zo+dt{
z7dqp-UErdn+6L8>o@ACv5Us{FEnbxuR7mr*cL|=De~f+L^`z`b?Eh!e0xISCXc>%D
z7uV?Z(_K`42O`+j1;nxI%L~`h4h0#m!9XT&tlM%~49ENE=@4gQgm;A!)Oz~zG~Lr}
z>glQwOy&biVJ@p=D|IqB_=L+RIIZbztDwf;)pHghDF=XZU&cZ2H3%G({TG}sqRUWh
z2ZcJ)I^@%&T5VDzbnUo-rIytN_JoGy&iQZL@24gOxR=-`Oep1AgR|V<BV=m^kliCf
zOrv-@%J2S}MrHq*M)7rLAJ##Hp#<ekNfCA3%mW1ztU6vPBO8#XKNYuh2H}0@2{)IT
z6Rfm$!!L};Y+8oNeGng*10CD&;Lo#X9c`Nn>cEr^i;$BD;NO=P-6+;xS`2Hm!2RFV
z$@a{8xqs&rw|upZijsM1qI1l$PK%KLF_`vaNJ7)b^`O7}ex(ZZT?>F|XTQvVh>6(5
zv{9UyP)e(j@=!DkKe2n=g`jh;YC4IXm=SX(pntmbu9mF1@a?2=f*})|ZcCHUo(F(S
z?-(kAjdMDzgQ80>o+k^*IJEX@mLht)8Yp`+r+oOmJgX*!pnEse>zr#Z+Jmd>u1oKA
zUfDQK4(#QCMQGG+2lbz={TSzj)giy8JF>ZcJRL~UlADRxq;vvBSs-%{yC=jVh5@ft
z>EeON`SLXDsm5WrU8zh?pmmJUDj#5Hx_vE}n7<;TGT#VtctUJkV>Zu`dZz=5<q+t2
z=ZXo6;+pM{5d=%2j8z}`X5^Q4R}1!D;kVia`OwD&BtC>`xw5fkWn@TLRns$v`+M>&
z#Dp_B*d8sMma9+INLh#?j3f~nBwBDp)1H8?Y!C)zEivQFnlTMA2-DPIwgCf7Mok~F
zq&8+p(9+>$7Mm}glZ7TiM8xHK;KvwNtOq`edL0%M)0wTO!EE2VGPSvgZ=np;)Cz2*
zIz2Q^GqY-XWXg_&GfAlGQ``+vH4=0Dm=(qF<jJxqS$)D~nb<U#SIW>2;$cSNMFAxi
z>5QMsrE#Scs_Qd|Wwt;mBfuL>FL1YeC2~>*Z_f!;12qTZo-TM}-3;Szp9RzIQ82_H
z=0h)uQ9(dUCL!|OC}6?8ovRoMmkbUXF%uUW6W0PB$yP*~jFwb}@B8^|W6u#Nb=op?
zDllZtqD$gd2)R85MuI0jB|ZqF>BahM^L)f`)af^u7IP`ZgJr&e1>nGZ0*yMi{5P(2
zW!glEB)>fIH}?)LIhR~M%|nDqwA}y~>q*JNC-uyI2CG<>{D3T+RTlDzZgMNX5*%u-
z)oy7VHP^|xQGJ8YGjhY;`^eQuU9}4tas&h?1gPKWy@IF>u*|afGEKOs3($-S)LeCF
z&EIVgph&F!q%N0iKmh*0l8n=P9hrCw!p3WK@_12W*UYgS$zo#;oV{F`2y!JMT+5wG
z5gW;BP3@-ghiS`IdwmG~QR5ZRJ%VbQ^sa%I70S{k30t`*1UEr~gV%x5LypqkFjyzr
zj1h$b-%%X@c=MnAh)m%7;Cir)L>C(+)+_y0l0*j@tD@~a4Ukc)E;J0$12Buma9wL7
z(|=+3gotKe--PKr-mIl#*roqa?AO#??IHFBvovh*&W5%Sg{;NsNBm3u8NdltwpnXM
znY7)ZX<*p0JT6g`e}k0$#t0U9>uP*ed|!o32o|P%jd;optIIJcqQCi-xn--K``Lod
zRESK^E`x7@S!{G#1=)}d_@5<MqY=NDc^$b7{PB9k*A+|+@5%LY<3Y=bAa9IK_@Do_
z_fA(KQz3#@UeJF>_bf6Aawbqm3VDWeti><3@>Sbht_;XMEnC7jG=FNTu$!BF*2?ly
z@_M*DQbQIO>#XVTFfH7u8a>VqcOY^&OOdn(e)3R}MM@VrOu1&`MQ@M3zi++UvSLto
zdH+3?gl>zZ(l5xpgMyL^l_wEqFNB;xm6n{Lt{wa>ajvIS!iiUg&q<%NEMYYu0~-V*
zj%yO)h5zU<UPg8@50xQW%S?@8Q>vy<8!okCXaHXfa^B|`lm8YP_{~}t^Rr$f#Tt7B
zfPpnt%!=D2iDIRa`fH$p0EL$NjQY|oOrQNZ)fM~G*JTe}5xtUZcDm7t_+bNsbQ{tp
zCF>#BIdxf6B7bVqjIBzT3)}=LM`}qjb?9YtSv-_unw?W4%p!HcBXZpnqJP1T<;`@2
z)nMaEOMf<^Z;o-fTj_VGU4@DsQPfaCo-FCSG=;J@Rad+uMIN(EJBb@u5RxjW$td<h
zv$hn2HQR`kwmFDIWF3@~`*#*E?MiC2S=1JNhF2w=m#1^=uH%f3t8=E2xW`JR;Z}{L
zGFg>;<L-zpdkf$%<4;^rx1KW8!Yrp&tfnAkP}Eh`W>(h^zN7YXId`}GTm!s2)1huL
z%gNC5K}1q53xj5Lzk$j?LDnt<*^`|eta?G$>zOhJ6<oRB5H6GKr*q=ZaGO3YNa+Z8
zr(Ap?hP#xK5o!u2f_NJyDmoABsQ8EkH0RxM&2j_nl7DAd)Jzo_ELLPy7yKFBRRiyj
zF)Gic_;PRPys9qIi}(aK!U8g5yUfJJDP6f6y|@AyL~{JHk91=}di?2W;RA-e)<+ti
zyJQDet70mDDuN2=S?Tv*p}c-yz<Pmpmz!%HgCx};5@c_c-5|6V=#V(j6Ah~SvqWyg
zy#ujDfa(D?0g7CF+FkpW*5!L#FMXt?rA^ZIxpmm*G8Y1*PT#fUGGO7-XJh`;V$&S`
zWo;{$XeR;M_ca;MciIbqt?8Xsu=XsPt!&|vTvG<Y4cO$BO;I=L81~cR<Rs0xkAj*-
z=xYusG3+@@qU-i-$LMR91sCXRMs8IC*1lmJ6~iLs7--e!1sDIm9OCBB+I4h7x?Ihh
z;Y!SUvh10MS?CK!0G-fRJ#qAfE!OhCse%Zqs>G{dRjK6N=b<7VachiJdjyfMys<0*
zV^J^B;M3ZmSJfzQw_PbKRUil527(bjbCgRpV|UNMSQ@Fggdh`4CUQHoOy$Dh7`NN|
zO0OSZo7Fx;vYv)4$JJ5`J1cCEPIw`c-1Va|WhgL?7*HIZ1n-dSWupaF7};A+Oqvuc
zzad9Yi&{=hgDF5%K%oZ_FK&(aZ1l&&&8qMsd*;nggL2LyYk$-iT{Ekz_HOU}81dFh
zFv#@KRk8zk**~UEsnQd#$nYoTZHmdB(RmV;T1V@QL-zOL-*DO*@@23K9+B!K1^72j
zcI31W-xDn&FaDobC|kq}SX+>40%Sp<y;UF!s`76^ZDBx%;1LiVg2w7FDgGk(0VIve
zV%9Cg{~dljL?7iBSk{sVS`!Sil!3Md*IE)lM}vngl>i6lUmFA6gs=I1LVP#dzHyIU
z8LIvU7R~LS{~jLJegytDUuRatF$qpQsSCa}ivpXXE5Y%WyJxeEdEZBJ_)zkUf8g&v
zd<U`;li0#SM_MIEo>=bU2>(Q)LVbRFn<<OiH&$jPQ2l;d76*|3pm1XdM3k3_{G}j#
zTNYIwFboi|w04oN6Wy%x$U;{>z`8k$$4`y^CU@{7Z5X34`o>F)&D3-sjgK0#klpny
zdudIHXd=1udasbDLtNj^U_BFGS*j_KbuqW{vqP#Qu<_QNjXV5h^f`OKZ(m%JiITdT
z1ZCUHEBk|^BS7qD`I|-|_0JR!AoanmS0K_3?GunlAJM-0#_!#h8~b<V@#~O9t<AIy
zrep6l^Go^|;*T~9+IIc-m2O4wj){{q%DbVAYo_%B8c=l2;J+FIe4lnpro_8fOg+{_
zX(~!rMKkRup9OP<1<HRA3&`r|^S23{&tDX83*`>xo)=rJSi}o_oNnmdjiN^l)$s3#
z{5eZ{!Ehw&l^2j4YEURrnnV%`$AOC+<q*BB@KS%(Kme|{#uvbKT#;tXQqW~SG7iM`
z2}zgmE*#Pb)z4+L9LsX`nAOHqocPZE#fVg`uUhCdX!9wmUXiz}{rUi>uL=xpLl3P8
zX0#y%<PY80*NQ4V^_|(N<K86`Q{inQ9;{}7F^!DBISW&AqZ{>J5rVQk=*DKgXU4KN
zRaO|?{YI2l@mW}Od0fg?isG4lfHj-2B+j4*OMA)*VoPBk9xTUPXJj!)J1SH?dHr(E
z&bg4ojp5&txX#oh9y+4w%W6t1UO2Qm+|26$iuxUF)~J{T9;*GO;zyRTwBUK7=ZTGI
zgl$$O%f$?Ex?LIhlKn^0t|TSZZ|d}3XAc7X+JBx$S%sX(EJj?cZgOmLFY`OH*r~fq
zk4Y}a2ucQ@LVaJbU+3^cse_iwh3b$^P1AT{7M&tg>L>X*G2XHN2S4F<UU*|n!M{Zn
z5X@1vjpJwLy0wWbu9G#D!PcmHN%K)&FsL)n&W3l!FnS|co$E5sZjHC!%Ip3RK-N34
zo9)&URh9h~b^K?$sws=n-2GRz)Ua~HV=COP4~HOSVzt={)a9?Ursxw!ygp=ceo687
znU&b-n5=qjyJ4P+<!_p{t$1#HTB+%Gz||qIm!etYC{{0=p~Nhq>QUNyRptRm*Wu&X
z5h31`T=yy$pEA<rRcQR5nuL6AozZl%7aQ}R^HP{t-ej~?4`l$6>GjvQhv3-*`l7d-
z=_@Uk_S`vP)_r9H3;Kw8$3Cj8>Hcllm%Y%re%NjjMWlBccGrA)(;39ZGDhzzVdm1o
zGGB<H7r~$}AEC>^VPC+|XyEsDWWe|l$<?^-hUojsFu6m^F**d#cHHsO+CL-%<RaIx
z;r6MnBS_gSS4C~g@g`Sl&;J|4K`d6w*Ti0h8P_BfzWLCVX{q#yExpMu_Zf9!d?tIc
zyNl^%+f;D){&0{r^%ec}zHQa`sj6TPdeI3O{XL`vvVd=dReH^30_3D3CO`;uuXJ>&
zB-%HQL(cNH2Iv-bnyTIhs?UE0i@+_Piv?Iy`Y#(tE)RBc$XIRYi4rEUUa=<LsS}%$
z6`$Y4BSBonkzv9)P9)@42O2jSRLK-5r(x3C3bgM;tL0{bEy8+J9HQ(%@a&(8ujclp
zy^=3Ih_1q;GqEC2fni-ftQwwGFCSu4ySJk6+rS=ixI0Psd-LB)7c4*YDkts<j%ok_
zPt%I!*2{iI==LsFff9rv%kLyRR5@)bT2tOAxo!0t)1zNk`4zoTMD@NNGilJp@e?UD
zHL1*LGFTOA`pdV_*lvBaD(vE~khLP;#&}Qyyx$93=NDdc10@mX94T;A+W6g}fwTQB
zH}CTRug6D>U(+lq-H~OK`98*1?5C3f1IR*Buanlqi6+WN8p+x9?t+oKA78z&RO)o5
zIv)1shs%_0q=o!nK;c#g^JV)@ZFj=NJCE46XN=gSJjIpwrx<2n0|_gdI^!*buDaq9
zPva@E&h>|3pyBk<P%iPH6Ve?=p~gsJ-kKQFRyC3hW^eIQ-tnAenCf9xB5shz$j5ob
z_YCX2zMGRKLBJC~Ze-UkeHy1&A)bovy+7qGr0n)E;TVx{rJS)iCTaC4y>!)3_HR5K
zA@^@70k@7wS<9b<w;*0hX7nWqIa}<>HX~_sMmsA~K&vcjgk|FM`upXNt^}0>zN^08
zxWA51ZNK2+Wb9qI1+-~?fUmnZ<?lO7I;wf0&J3~Nig0NE>1BnxHQq*(aJ}GSoV8??
zSz~?Cm7-xOq%hYKtFOH)9NL8;x+R`?i&>NK$oh2~MUF&LyS$j>s+N7@uR!`lew4u_
z!amzAI<V#AdCV?B-e5%&AakltoTwuwQ`AA$uWzgSNYDSXAg@n*4;3W+G3i{;y~g+S
z)N-!kvH}d-XOh>6Jmy{O>tG&`hw#~*SrNnkLePCmz3nKEUwsa~ysY-6wKi`XJvp_n
zvZn+amrMU{{oR||nj%q~;o`;jHGzAs=>YG#WI$;^-^n?ss{o~M*v*-bbjS<EvxqFw
z;Hfzz)`$HIW_RYc+UMtiyOEDqMif~FZ!(SRg1=1@-ogTq9D(kFY-xwu*PX&_U9WpV
zcxzwd?#*>C<zh*^JyIZ3V*ArqUZX_Xl8-0Gk$;~D@*XM2swHoTuv|m>SEV(YGiIYo
z8Ic(X9cXi$n}0JofCZhnVUg3e!0t{wz#67(6E{u!1Bn4ZYBYU}kTps9N^Ta_Lls9u
zKvu9#uuHL_XsOLQia59Q6t5y*Wt^xE>_wCNQeodDHmV%m?kMNP`d|7N@?mCB<^(!R
zdNgsytO<&{M-1x>&ep8Znm)*!CTk5~y*htd!F8mk&XF_h@;2I;c--Rcei-%z4Ce1f
z>&#Cv9)>?x>#_p-3BJQyjR`Wf(Nu*RZ4%3-N^u1H-rW3yM7J!`QZW;f6~PihTc{(`
zPd_BQgd-Q}F3Td;dxc}Ag@acz&}ovoK4(E3IY|qy=6f2C@M#Z@uD{p=rVN(9)lt^{
zoOJN*Pk#jvSiD7Fkf%)(<}Q)|-Rt3YX%;@wY875lx8ck$zjCD=RuwxU+WW7{$58*)
zM~nnXHxb0$qDlxl(be#NwR;he!R4pSc-fc`eNhWNRR5C{EYcT7PvbU>gL7zvp_Zn7
z(rG|yEhs4*v1J$R5an^h{B_8HLMO%MwL~kQFF6W*$k<TIh;}?fk@KV$nA(_S(zk_`
zbSu)qG|3LEda<kcW9sG`x0m_W?XZ@R|MiU4@>g;dtjB)cay~bv*32!@M(^zY$;YSZ
z?8H&~o5utZS9SXzl@CK%^f&$`roy_WA8oz^KkWGreoM{^Vf6_A;3{3gSUZQUc>qfN
z^X~&#c(TrsH9x4O$Synm0WOPYm|JIAr4vSNO0IF0ofMd##qvm*%8t&+^lwXql;m2n
zM`shmpzBA@U*%m`<|TV=i8%@67oqFNH;+3u-ou}E93=b1<T2bDetDTvuTQ=U{hXIy
zPcVlQNjlA8#*^jO)9YhgbmTSYRKB=5Xsz|)K4_hMrt^Vtrf&}M4iKV3G+r?S>H2^N
zqK|~;zFx*wj49uHl?<3g_)q#54=~4;@^N`Cgza*U*(+=DlQ|=A6Mz4FG3=GK-~JlF
zBeg&^f1mEiWHI9A<3S8Z<*e^&w`|-qMD|fNB(_a2o18@LYfhWq*WCfT4YKK)B{ed0
zo5XdkFSLn$oa0sutN<=Pj&1s$@{K#EK4-;-mI)Ou;{5T5ZckET7fC_b#iPlyR`7X$
z$dQ*ry&sM!f5E3`W}pnlcgLLFLRuXIHAOQDM-_E2#X9oyRl_lCKj$`5=<}Wit~uLo
z!AetQ!%7FPVgn=+FUe$>q;P7*7`Yn??V5Zw5#m=YiA~d}s_*1$_2>3vI=@MiFHr2r
z#;QY|s;^)6$arBtvsE@8IY~o@i~D-oEm09ZIt$W#+nM_^&YF$j(QrTi``h%}^&6~;
vJTwe0)c@-iEJ*)Zo{#_6)dM65P*{-bvi|*`p~xWP8hFu-3L)3+-^_mjjd>OL

delta 27481
zcmX_mQ*>or6K!mFY}>YN+qSI}+b6cuvDL9{yW^yjj?LTOy?6XCYwochYK+>e=Bl~p
zs`fvi-{+v%%5vZk=pY~<Fd(a*mRcI0D?N^IARzrz$=E~yKPS9S)bBpwKJcQp26Jnz
zwpcs(l3w9Ppd1L5ivxv-2@YthoQ;lK23`uCl+67OpO~xB;#*Oyn=}&)0uv8D(&=pu
z&Z5!R3$&;&U{z&Mb(4?0XE;-zC_&PZT;4_!i{2s&_WV?|kvXNZV5y|XS%@FTbtFA^
zCoTb_B%%ip;4^r_e;6@E@2>$fv{$wdXqo<6#@p;c%N_}#*}lL?OkH+$9Be$^`TaXO
zL*B+XY`Avj!(9<WAq$kW@Fhfy8GFKh7V8lN!R0d_P)-{$z=M&ESe=El!oR3siXE4g
zfIb($_gcVjfKpprVpB#S;WP-zCBs6;uGUZ@f>;D_yp-9V`wa%=Gdc{D3MrbPcr0qm
z^<0z-|LDr{HyMvG2ZHnEUFntTMIPITy!`FUCtIO;XJ>7(VQ9zT&Lo9-L|RtMe02QS
zgVKq0u$3{h_fH1tqFqBip-o?6dT~FvjojZTXmYDb<p#|*Vo5ZhvjQXke$r8h%1o50
zTlqGCUCv~vGpxs_91#NyGlEE&J1I(E^NHM8Bz>d-A!?$TewJcRo<WbEjG#R2QN?LR
z>t?O*6GBxg{J@eUMxZ3fhZ1oxzLV+<R|*Xqf=e|TJ9QGOl)p2r46~6P!~`b~wtPYs
z(_5AsZ7CuZ4Fzu2mOYCus~GB6BGj*9D5ymMNe!2M(a%O+iTHsa@sq0EI}6NUYn+Bp
z?S_zW^Qv+7dm%5cJyJlUC{k<p4@`<Ibk_k9&6{7?0!5vUA*<C$c4r*(Drn94BQwPq
z11jA8`fwypHQtEnVqh+?Q)-e&_~-q1E4te$!Cga@JxjN7`uUyO_8qzL2W<u($)~D-
ztYl+&T1i2FaC{6*&7UyD?ENYO%234xL7Hmrfj4}JH^F=h+-=^X;q6F-C}-pyOpia3
zmnDf5F?h*}NILn`S-_iZUFn<SB%sdbx|1dAO;%D?p16UlY1i(`ejT*AlF1`g#CKi&
zOo16x5wj1dKNZI{8jjctX~W6N&qyu-OweQb^NPWe;8R?}1S%}fE`g$mwIi$6XP+c5
zBRCpCoKNo{ePhlyY5S-=Ou`W{mlDZ3*Y8>b=vEv&_y7*z-DW)gZ^Mj=xT?5P>_vA<
z_$5?gyd+Z!Mhq6>Z;Bj!S(J_8lGOvaRN=kQ-3HKsUzr>%9l^8Aun5Gtq@Lw~Bea9@
z;%^IJ2)o-<&Z68yHEmXWRbEclZd+1JMwVp3GFg9`UEWfZ&5cFh`?zRW>j1&FE`1Ho
z6>)_80GS+5r1nY=<-W$}ZEGbf3E5^P<9HG~REBOrzxlLTl#{$GlXsk;8Y@l;o+Kv1
z;N0>&v@|I7zP}<+7K7ouw+#ufqUSmTYA`kI7kgGF0#Ioh=Q^s0(wY-=i8n-Smc&qy
zJg)!BNO8&Aq+7E-c|m}K=I6@2b^qw)l~to{p491*uiWOvuXfLMi&7~mwXRQ5mFLbc
zwnFupg~X&bZ>!=c7s*>jiLeq45<AZKBS5K!7#9L7E*N3h4I)5-O@0R)4~i!Jflp_U
zUv#2r6oR=83*F!SUA3mkQHt;IE0;W3oA@!%httN7GF6ANk#F$pH{qwH^PnU@;T3!F
zei7(H*a`m)<nF@2?to##bE2^m02<<|$&o@e1H*~Xy5B6TTsb43I;%h!XSo>DeH0?a
z%Mbjw*DxB5saBVv_Pa13q{rfdgDJ{n411~tj}ZdZ+AAwMLXMqZ)ae{;lltd=+-^f9
zB0gqc37EViV&-D^HGb3eU`gK+Qc#{qhxi@Itvk5u1KR)?R@;04nNo1cotyFNKvJq%
z-WL~0h+yP{)$37a|J!b?XRmzTY(>wIjT1C26>)QQgt^rwo}wQ>Gv#Wdp0EGSc1CHT
zz0>rTQj(oRQ%n^&&bO%%O{m;(`WymXY@7Dt(au#%agVtmKcA`4(YUxRGojzwl6<}j
z+N0MLKrJko74Pq6=Pw`hMpGJc5l_MDrQ=4HM$ETe;{Jk0JEbV1mnhjNO`+9A$^?IL
zs+wluA^n9Y;Uf-U%Za%vCRZs!ETxfG@%#ZpqUYv?{-H4)Zq5(Q<;c#aDQ(~(T$e`Q
zP!oKx&H+~^r^^Qu<Y%DC1V^|;-z3pQ$MdHNzk07>O><}M#EK6fINco_Pxpw2m*ugZ
z`3pr0X$B;NH6F5^t+#qdM;{kvvl!{ZTv!S68^OIJHRK22w;|q;#vZ2`R6Mp!S!Q7!
zS0*rXuE+th90H^8FN&jGY?kk00?+p1`sWB79{5dNzw{*?ta`KZ=TNC7`-m)&Fy5tZ
zYh<Ae5@%2|qRauD(<P_@0J@L9(Ljg0aXuP^!fl?RLmUEHSzothZ+YmD5BBBxap2h#
zdAroEI64Y|w-bVeW>#U7_!!TCHSb&RqVO0bIrFSH&O^;p&-S%RXieAk^;7n`t2((#
z@@f|5aMp&pN>M<9FIH?00SBMBjQ%5mPJQs_pKXK;5wUGUFVbeq+FjY0zw*lr`)xcw
zQ!crn%1=0?>E4%73}PhJgQKpx+yVfi4HRB%crDz3^J|#bR!)bw04oPatg*x&mF2?3
zWu#GA15q5XwtCQvtwKIRuuEs)iHWn91~STd520Nu4!eX-7<+n^fbae6K4E#_#%KsG
zj38zze|Twx*OK{10y%!ncM!i78yMmOrS=|X@Js!aI^Lj{WHH6gF5t3>&wsq}QRNkF
ziKGDF=0^p)!6!ROd0ISOYSt}5GAfzIfS@!AWUD~SStq&glCxf1#T$8OGr2{~aYE4N
z5Ne0^DYz8+CD-OyYSb0oRr1sq>#DcyAop|_T%VEX4SEe}pke+c>gz!929BiTb!+WH
z2L^PC{LL})W$3a_bk7%LEf!oo2C>LSVTB3c8ohNx>U_-=S&^btg}c)XrQ^p<YD2mq
z3!;&f1xw3kkg-OWL4XFNLG;HIo_l~X*ou0X!k+3g^Q+#wK!(yZsp_VX9y-giV!7`-
z(b1sizFdXns%F>v5A%Gqx?s5xOi=u!bWc>7aW;5eBafd`PBWxThs>Pg{!#zD^7%ur
z?dYkPsLJ!xKAMy43I~EHh|>CDfXnQAwYN(G&!hg@ush)M;qU86*qP`l|3Onj29<ix
z>Cal~eNxI!HQ_PvAv5p0fyCbv@rU(!IDXH%Wczs5*=#6cjW;&Hc34WlZ9g0Z)86~9
zSYY$)xzSdHr=w(VE#lvF=PlQNwINj*HfgpJP{ClHIS#Az+3fua4c^NcSVBr26nE$3
zW_Fgk_@;Q?-L3Y=s2isM`H$D_yB(dD)`nDcR=^FG>j=u{EfYSi2vu5PueB45v4ZCm
z0p{*@?d2x}b3LP)8C?tDeX6)4(BQIaGwHhV{Q~!{I8#6r&%kf!y4AmW)7onVTPwib
z=iz!y#!Dpiz06lDIea4aNl)X`7mIzj!7szDuI2oDl8Vl`@r#RJ4-w}fQ#6C_vP-S=
zQ=#X6^F2MFgm!M;x8P5!qGsTO9{Hmj>7x6kreK_I-XQYJw~#XC|D-2_m!%ed$gB&{
z1_Z<&cngOMu=B#>Num4*nA`XcT6sz+6)YxKZ8P_qT+!6?)M2y87)`03t@}HqXi-j{
zKtmZTvsqU6^uA@Je;*@9%w(<#R<0C30znFDE>4URMRjxf{Xqod@Imq9G^povh_l&|
zHCJ)l+#~QbbydrCTQ{`j%)0mZ)tMRI73e-yFya>q`21Sh{VLfF1Teu=9G)dCcfmMS
zm^l$%eR<(4d_9jM1q2f*oV;w*@6!`X{J6{ix)OX9`ugC^^$X^r5_kcA1Oe_a?{lmr
zt9l7uo2e7(PJTunjJV^@oG>|#IF*XU!34}OoQulq=1Con;P)ZS_(aZYu#3Ug0&i$@
zA@(l;9_)S`u;mNZtb4@jz0F7pJz0@_;qN);i`;iTJQqUWu;1K$IT1$zxBi^j`muFM
zEb){=k-&>r#K27@0Ma0x6HEU0pLnd6oiQD3sn{%{FZNi>rP{v+x9M{_x@E8XEv5j@
z>^nh+?${G+)W`v(U;5Jv<Ore6!uK!=J=~Ij-ODzv0>Ho$>fC}*;0e=t-kx}@%lwdn
z9{}0Usaxl_RL6#pC+Zu6c!>-@a!-)5#C;CR=b;|^JDQS!&}Fpa7kEGy&MTKSIvIan
zN&QQjR`Xf9=JzW$1tO<-Utcr8AB(6~9*whaB)TQPE-{nt7QUTxFLEtag>-lwdn5$l
zHQXMpf_!f%-4Vi!hEs4x|K)@Kc4U;pN3&+{5ObQdwN)@<HixLg#>&wi9PyFkO_cpR
zK{fh?=a=Nz4<~;vqF0u$^nH5yGKf4g7hHuwme+0<ZX<a)u?d(NEho-9#xWC3%VG6=
zsH0Ey$l+YdC2E0ND<$>66oUlLB#7ZWVKF{<Cli74yWOo>f*ae4;@037)eD)5xthTU
zKwq7dhcWurqsQwT`V;k3`Px)ni{;;-njxR1qre_SLV%G<VG@DFiHawEn9WTnY&rUj
zA*+DF=O?c1MlW?0%{zs37~prd`PHu506$`z<+%_SknsA8712ultNWJ5(ItQ_@fpn~
zmdi_7QxgcSt?i{8G3j&0WLffRAWFJMCrZgiz4E&fDrqjs#@5}96m#?5=In>yrIkmv
zsXJeeA0T_c;VM)28LY3pvpF*^&?rnE(qVwoSdRma5x(XAbD5NS2ECn_c@7d@$b@Eh
zuk)E=+Jn3r!jteCnD2CD5A{X)32h3_Z3X_DJ$1%r321MGjWOT9@vdH=h0x0^;{A5$
zobJDLhz%%^!OqPmfCfEz;?64;Rk&Z9^Wa<Z1vGyIvW#gQ*)csekT?_ivf0zxmNIa0
zR9zw5f6}y4!@$0~P%N_KotK7s$kSk6HtG__%#_tE@RhX2xK*qUA1kI&_QEdY%+kgZ
z;;HDIObRf;>IKTCsd5s7^TPHed?aOhmQ>33Loq|C!mJC^8i#7Yt_w37gQo={PJ=<^
z0tzVL)`h8z!ApYDItI!0Vm79p#;El=buQ!V5#^gSa{s7(&`#s^v{TjlIthG3Z9NN^
zp3GhQc6hC=k?gF4+fpn+{?yA1aErxPOYG^IqJC4I?<+g?QLqh^Iti7dIeIBm7h4tk
z{1w;kMpi%@Q|<ClYg{yGNbECYyE@yb30y_yq+dgB=VW4md@4}r9EX>=8Qr(9L-F<@
z$m*c0qzN<7H6r_CN}(M4)?ash_XOldVS&?Fnn;Z+7paL+0J@<Fz}ZnQLDv}l*4Cy2
z{z74fv1lI7O6PPI1Ky#qV_Zl>Do7|$7&X1&HuAE^tP~mS9sdRLp;Ca#08LOiVXDrD
zCr8oL*?|S9TyQ@rFc>%_(#$9HfWJ|h0V@wFknK<y3hrZD?~?nb8X)xxQCKBKLI=BA
zxh~gSlqN?QAgG5<>@pLs7I9Am<mRteUb2(p#PX(^xIa_x<xh%!6&tSF%Zpo(<#mG|
z$h=`dl@u0daBHZ`gql$FccdsnrK5`xFQcvPOCwAFlyWK5*_8vAZKW)!%2wZG2e4~2
zm0K4B+1<FItHHeE6=$be2m&OOrTRL5CJ55kl<bXkBnWahknMdsPT&x?l&~xFoSrL4
zTL^@f4#Z1q;N{h1f%9u)jQhC{S|;3{(S`88%}Dq>n3xcLGLHH@3<MK?UP<~sfEE#!
z1yAbCnM>K);zG=hrl_|s!shX;14@iyo`T|}L?oF!W4sds-9U)~w1=hoVo8VsoTsJw
zx<rTqgqNjk3UyB2nei@a$6X;SlVr|+npdmqP^q49Cj`<Yi7nYk*!7Up4065Aj5s}*
zfZ~5LN;*Fbkl=q_jXFPoir|+8WBMpMQOVj;TfjQvrQ2PUPT==0FpW5!0p4n@>#(RK
zJ|z1(LH;Ei@-JbOe+fsF?ClUI2olGXu+Nh&Wzmb+5R^%8XakzwcpF*AoFC*w@ZWan
zV9p@rP)8P=7~@KiV-L@~SdvPR6OPWjxKc}yqmHQ&A3jY*xv#M4ZtF`nL{GSv*QCQI
zrD>>CH#d2MS*08sXy*ZeblDdpGN|qUf;j&Rvi&cJ`@bMN|AKh`3$ja%*fQ+C7(S^j
z!=OG|Hn}WJrOWSGQjc0&kq)k`JTI3)>RYm>{~}3**|%_Q3L-^>Kd^A^2qQ&=GNgig
z7CAx9N%~v>dO^_)U1jiFM;b4_6mdEjzXt9|0M`UBlMKKE6(gM>;+BjLu1!8x82b;M
z|6$iZ6ej=o*?CsgieEunk3yg(k&PXTez3YdKvkOt#wrd^7vX_RoQ)QC&c}n&yPM6A
z{6p@4xbqK*-T&1I&EW(+zqUkAVHUlVGFe^+V%#cOHJER*;=!~CKDdTu!bu1>6c84J
z9BTFMM{L?EkPU+t(8`I?Be-&sOv^IIqBAPZH;@V0tJ$M}`;>N+dDn7&m`XOz(ow2e
zyR2mRc<CUsX}OreT2ei#cHn`-gcT9c+|L(2@d#iT+%QPqfnL=0;e13!?!GxY`-#Pm
z^vu%rjO?rQQDHbo^r93RYW#hkMpWunQx3H7@~KsjsDHc!Fv`Jb$~R`_>8*5OFd4zN
z?|sxAdLF~LZZlSD#BMnS)=&R+Vl|*)>$2shu*`62%G!`nw~=g@+mpT!xI=nMMB?xB
za=$q$d_Ieg^my-mF2yn=Bz#1ES3>F@OGKD9Y?41}U7oIMR>C!T0?pjWFzrw`eoFaU
zZ1zNZGUb{DFt8jM=kDaTy}dh#qC?=WbF9z1H<}D(SdnO|@OSrjHn;y!1tS3?kKUK!
zJh?kY^WBi<X4uV{Ew1<WV~Kr!ai>^K%2YNzm6z(~3wtsKIQKisoGV!Euc^E+sCgVT
z!b3C_*UjDKqxz(FrI;U<sPp=sOQ3H=h;SoPiF`}}$n!AY-v6jw!V5lpFztHCU|DpU
z@bzdPy797pL_3e2lw5M4`;T{aF{dy}U)c*E;Sn48Lp(UJ_sKA&yiN)-P8#eA8;LmY
z9K;^)C2aOtQ2C%13?LxWZqONk3SmW+5+x!W`F)v)D&EPHIv0OreX~t{Q$p4o5jNq2
zb%c`umV#4ip8VdSRdp1ymz8l}FUZJSswdq<e@|J9ay-A{YuyRu%2xe^Ag@fi`GgL%
zi0US+<DoU^OX&#~-xS+)6wFS%cZ&)`UzD?n@v1=2R>I0SRPi6uSAvC=IF4KId$cqP
zIopD`v2@*!k2IaNje@}o^p9oc$aX2%tq#)xK(MVLeI@IMHHAt7>(}3~4a^3%MRv)F
zpP>~>U~4aLyVT}$4fD~ii(_+`%PxRKVjqf4Gv&`W^2*&&6=VQ(hJzNehxjAT3Y71N
zi#W;`3F>SEKj4B8jnQTC+WvMQYHHmOtcl`>ss0MP_4Ztgtn0H9{=TB0n>!XmQsN!}
z)6iglKcP3`kWc(M;Ts{AU|ZrlL(39ejIFypZem2e#3iWJ&fg8kr<u6CdAROPbnqB$
zNig2gX~<YSXHh0jjGy`A-GQC#Sv6UvWN3%vUf3z;jr!ad<rTh|X+uLnC~y}o`<ZvM
zN8u>r=T^1T;lk0>uKTsq(RX6VX(%XQwL6sR`^ll#?*jQ2`JkAz$^;E(z$q$H{}AbO
z!uxE@@G`N@3**vT;J%z|m>6$@y_8zjg)ChEfgMjpEy(#+g8g~azBM~MP`Yj}r7xq6
zATkp#)Ax5ltgpxX>K5=Yw%I{pN{$Js5<|!FgDKEv8E4J4)b8xn?ZGBg^|J-gNK)};
z@N{qWT6()d7%<`#5N#B1HCN5<C+Y<c^{Q0ENa4#}`JJ{mQ09$VtHw&6x<+0Z<zFWx
z76!?9^P6@iMmyZ0)AVx0&6RD|Z`N0X=V*ys?#W2|c4zm10<t<S7PT_Qu}7$FTnK<R
zY2URT)?<RML~2?-b8Y?TK(`8@`_`_~dfE3gv7LNUK-AmU+&+V1)=kBWE0qz8z;w#%
zLyo?jfT6P=S-Pd}TcF#sl(>?f_$$no$F57+v9_FDLZ<VoSaxM$+*w5N{*oeL(M!)D
zC9NIQsYG7;+Byprykxvo%Z~EHE!AlYJ+}C_;!eK&g1Z0pVvB`WOaTQTrjWWjRoC_6
zr$2XDAT2LNkEC<vHW|z%LSHq?F5Uxc_C995Ww{9!2_~*dG(^_su<Pcyqtgc8U3$9x
z1EoODCtFEHb900TxCiz}MZ}>v!N_dKrTiPc9fLiSjoO{^!t8j-2B$tjt{Rnac^~u!
zU2GEv9UYR$Zy^O=Gcs(z$gm_p%areMSD~BiT3`LCRl951Vxo5`A*lAx4+VIv4$cD^
zdZq_Vc>fA4&(;hTCD}h~)qikR_#mzeI8=;quxp|17AD%#^x&cBib6b$oiL8l(K<1V
zbwBs31FtM%G<GdL+I3eHsyiQP^J`{hkJpnDz#82YANF^5c;WN`$1AmUP0NP*t(^A?
zhFdX)T1o9IK00|Bt>A{5p<b<*1(m-QTAzzK&jn_j!r@qdK7m##?G~D8a~Tyl7W-%N
z>HM8#>qzu)JjA^^n7cvEMm|~mbMn|Vx_Q=)Ny(D7cmMZ*3^yi`dWRt)>ZOE@_wO?;
zsi|%UrT<6~%ElZIK%wq3-OqSRl>O}S`F2{mN>|Q>ky5#hTphhGENEem$k2N@Zs*0W
zlZE!RL>7V0A?*E!p_Kpm9rN6HM8t&w1Eo4VQR2oX2>ExHHl~om=stcLuF2s&&!*{G
zjF4G!44?aP>}dzv+zlGx>;^COS0{%~+}M^k>IX16_s}X35cYR=9l1RvozEIAU~6;t
z%S&?tzMJM1(_NtKVhfw8QO};j!U=#iJK@DUB1vf47n{aG62s_1VE^s7&*6h@;4q_t
z{0MIEZX~4#{XX!-xw#{8|JUD6@{^soTJW8VGk1iqlcWC&?eEC~y1?$9REF1i^@woP
z#;qXvyOJm>s1|S<A0JQ`)p^x-3zzdHxtm5Z9Fg4n;8XXbfRZMB8vezekd1X1ZcC(M
z=~AjdYJed9Hd)Dcj+Bf|U!+BFPb>nI3KQtH6ZkhAARi4{KvHogUR5=5F)X)e*(DS1
zpqlldssa3tRo_TYR9xJ;_9kr|bWdL?#apbZ^s8j@<A1J8lLBnVfM1C>TVip;I_PR?
zJEFN{v?k?}XUryd`C9W6x2>`w$7h`vy3jVS%zDe$G|Z%&reL&~KQyT#l{44N@YK6t
zOx2^?)n{v}H>q@x7zcz+>(ce~!b0wQnHo(J7jSZ-JK1wHw0S*HDg;B%tOlB>Y}+(W
z)aSChR*Y<{+5y~j?dMTP%nq7j8k)vts0M3<Mr@NxjE&_QD1SI)-zQRgY6k7(?r=8V
zVJiHkNOGK@7wQRwx9og$)njZwcGas(x%t_y8^e(9Zl}RaL99n}hDqBjPZjI#hP%qx
zE!l}tRVUol>J=h!ApI<hvgUI7B+hY(|40bq$YPGynF+|an<5mRmP3qhy<}?^5#uc3
zV>6RnU7`O)pg=V0vQb!gr7V>&HThXwJB?RUTGa|tzu}^ju2uF(SCEQBgXL*o^JS<1
z{a`QrWQ#S|kT=_IyXA1X($ocS+S%SJ0PdJ{!zgdRKbbS3x|e;v$sN;6Umlf7@<Kt@
z-I$3{4hf*6z8zCs6k6clAuG$Nx!jdq{-H;?kZ&L2idV?Cp$R)T2<iB-hYH*MLoN6{
zbc>SQZ<p&D>3gxy=v0wsKUu?5O3}eS2Z{lo2k~kud8zO#8R#z{8Bf4NbKXTpr6X|D
zrhx8sRQf(Zz{BBkq@HT>PDYh>tn=7XxlDFrqXwv?(2kDgobkcj<a4l{bW^@=k@;M4
zK+aB0-A)+!tG&712;xaA$JeHECA=LygVs*yNyXWj27b_Sxt(4dk)?b;TrNJBx1MTr
zqG+$_Zd%fTR9wkT<YnoGTYWY1%a|*wknIccYK=zmD+HeGlI9&o2;FVa;igH71*X1x
z#2fHc-9Q_+q|YwRiZ(&dM9{D1HK~5)Gw2F7JW*mRY40R|Dw7G4Q#RQHCS-Lgaze57
zf~d!;wnJwPY1b4e+Q>D&G?abAYT|5~RCtN3x7D>F6z$WMrD9&m|AlFI1)C;PY3^N7
zqwZS*t2yr8xwmcRkB_e;b-T-AVjg^+{=$F88F8F!zMC3AZI|a0IDc$YNVLKJ0lssC
zY+jotus*)tm=hiFyhN`ne>?AE!Jj=dVI{C*uAoZoqOb+bC1!)J?#WI99j61X5;Md9
zxmZmqT{KeVTvG?4k}v@_tXU1FTit@_3?ze}j$2Z$<Hs`A-EkQ$myZH(PrcFSjP8tt
zrbqR*_Aq`($N2YZZ*)YPmdy!OrUt61X{74*GBxQ^PGRP35vk=R(^C})S+bM2L0CXz
z*(9?<0ZQ?%mUH%!X8$%`_dXxYIUh)gyzGCTPn~(<D%@P_<v3B^l-k>#sNZ_xIX=ph
zHn~jOBKV0pIwCq{Ra(r|$nC501H^rjGl0h=p^)h+!Zx))2U21HqIignL=^f`j4Aq9
zv!3O34|U+el6*W+;oKx3_{0HwY`vRgIWY4}8bchp=cQTtB`rlm`p2)(w-18$;YkY0
zCtd$=$PY#p_V0_xp7TUqnFV+V8sg3h3<vW9PLK(}PFXT~ykKFXf*Qyge2Z@}9)!`b
zpDD-Bs@BxOI>SkTW$eW53cos(`i<=`kH?a_t}KF(U%E8@a_9<ULqg?8+Y{qbc!VCh
zc6>IfU_hABt^I3wr<%AFI`z7GBADdpz*<WQp1vAu9HaY&Nvj`|Zx55U&#GT4xQS-F
z4xrDv6DEbewRDyE;6#?K3z8E=NnRc1t$MSd#y2~agUjTAJn2to&ZEa=A7^PP1LgdI
z9~pSEyed{uW76fQJV~Svz!Dgssf?n&HrLz`4%_|<R9CUSrVjK^&>jS&^p4OA*V@!0
zUbm`Aoou|p&!hS5Skc=G*0GAnIHHwP#FVUz+yu<J&Wx6cJlVi7me7YC`eBK?Movdb
z(64{j#|<NZ;7pWMxC%wvVxM}dQj3FeOk6Qe=*j|pOkcX!FtUNbI~tjk)ZLN$8_l2w
zlCW5-mCushuVj1z3xufpV*L1vdVMN&zbx4wSm#*N-L%><qC(_LI@vx~1sUpj<EtQt
z(-Xs0G`Hx%EPa!|?D(~5Alz07F(=mt9v*aF9uvj@FB#ENs<v`^`%Z<rs40+acp*uF
z3;F2hBuir#{c_5Frid@lyr~*D(*t+jQ21lZ4)j><D$68k2g?1KBJ<<woj1}ect>$Z
z)rZ(VhZ#5g{@vj%DYR`1=<7o{ctI+{?!cGP2`qL=0ZN715+VtgermM`^TnTf{Xe(6
zxX>)v)UwMS%F!JA$n5*b9Q*FUg)PBKI=ADPpk58O;|?CCZ?>%YF~0zZ4g`8HJ6lnC
zlhS)YJ_<X4*X*Fn*~osEHRIZ<jsW#edf9er+WAx?*DKl-VhSuE!`{qIw%EM8G3txm
z5vvJc`85uyr9{9w?^#K20!~3^vB2Kq3I#$O`jIvgQ;426--a36Z9URyKLfs<6N32*
z<QZWrmg0d#yakW#$1#RSZIq{AeN$^iJc=i-IwCB<XfE$ndn|JaFUS3;Zw1ld`t;o6
z0(;QiI6ZdfglwXl=3RM}_d@W`9lL*MSlyP?RoA>n{Ec3CUHzcc&jn$-W4abz@TofD
zsXH{;`dX07F8G}@s5NO!^f87qO^yzW=u?!FC8OA-VVPDM$2cW+=xO)du_c?2MLA$}
zl%F=BY!5k*d}d~pq(^);Vzoyo+VR+1r^}i~ykjx8)K`(UM8XJ5oMuN%Ig7<UFm#uJ
z?-CIJcPi7}{fjpQvLiI4tro1!WMK0(Al#s^jq#^6Z)c5pNOQdyu_amj)U1<~@J+n<
zPVQ+NEqYEe+quJe&m3p@5$hK%pK3SXC6p6DTd!_h8h%w5ky&N75v+lvz7C?ao75M}
z4weypIJs_2F@!v1NMLec<G|ys<1&&)g|b5oR5;4Y<+|MeDmfkMH=L^njgB;1{H7=^
z`{30-ABTB(H6?u{{sN}<5e@9Pm_y{jdPcTms+2>V9XP2hj#-;Kpp}2(oHn6C&GQG4
ziZ2Rx{EbkA1xV2{y^tAH&)Kq=PxF3qbn(NP#eSGfhZ1NUQt&WM!zpJ7Q$x=SiUnJ=
zk+Hzrp@fqk(+KvCDPC}q!5CNX_b^->1_R?Al%pf;K=GKwdKy<$nFeoKlrPR4w_V6X
z$+uR)OJ&K1s>Fw6#>b>J<uLl7dCvssaG!87fj<%|SO-DR%y|DGZ5q)TZjmkKR)<SR
zvqWUp0Z9d-FG-P?(YYFpwV{^5-#J0wlaFju6bhuO*CQOtQwztDtE7&mPzQl(s;c}N
zd-HM(JH$3_?q?ti6~#v)CZ|s;F4MKwV$oEN7eODjMw?lPe@>I^y?wk6JCgwv6OC9R
zB&RZVo$XO(+&=6novNFpc#76vHBkwdSsx&()S#P5taQj9!>IndnQPQaeoQ5=F-v=h
zaxt}~!6gpN(}Xf!mjPwQLZ4E+*!;aAv*8WOY+^zmT)6J38V4VLD~C&GZDjJYEIG|b
zGx==C5AS_F82~0~GSzJw9k?RKTOU*&HhJBqyEbVjh<X>ZSed5g@wy`&$mNM&aX~$d
z4~j$b%%Y^1C(&8O#i=9msxwkX`3Tg>FV%Us?`ZrexvT}6(bNKZ{6gB_AWZxO?kVrl
z(6PXVB(AZhm;5l|#}>H2cql8%tT7K%-j0-X*w7ao*uMNSJWp(g=a!Z+CJ-%3Bedxk
zj@O5-b>?Y!kWbf<dJ@jJlXTg4kqMM4y3Ur4mLNV4iM}%>_Zo12!QM8UD*=4`-j+<o
zudKE{_AypN*xUh;t-_tqYo%zNh*x7Xr6i6IYTVZ<hhHyYOovu%2i^s~X3J)V!ArzG
zuuk50a9-!Bz4wzszD?g}H!g{ictV@Vgpb_;-!9k2-!M$pi3x8RO3(-4RuhrLtJpRM
zFX}nx@UnR<?vIaA!`>wdiJtTy1P+ut+vw)EM%S?Y@11}L#I6sQxUcX)vL7RniC-U6
z&KVKF62fvle2K)|q66HqFsH%a4$`K~((2-IzUKRPl9_)wS^l!L*K_tYUv<Ox-R{GH
z$9M%v{6#Zz|AN1y1U#fDVikOVKQ1PjzA~%PmO=qeuWXW>wMA$G7-P!8QhEW)7eb4|
zi(*$}KsaC=9WgbYHOlpPoDbKYaK2x@Pr88t0mANXaSd!}MuWJ=Hs4v3zO^3wp;ilU
znN9@2@7D3G-&Ou%-rC`XM~if8cud|UiXhpF#WU<T6!oli$1Nt|VUCreIr`l619XGH
zwmE4uCH9LOgqaC5c^45Z$l;(v!yG@8vl0PzL7tWiygXbkA72{Y=~}o2Nn9>;53iF&
z1N|PmHZ_%+vgsncdIg3CpVtx*-z`(O5cem*j4^5v(!&@Ti_HrbCQPP^PrerR`-r&}
zk#+>mc46OUffa*Hnj?g2%urxeEvX?vW07Puy0Xli5FvlnerB)(f+wohyYPvNJE}Hx
zJ%;Fbry8o!fiaqDnBIkY%fIr^o&2iC?W?a~I^5qyXcUIXHU%O4tVCI8W(-ANasp{U
zqJL58V`^8t2|Fb3aYTyZV!$A4RoPOJ1K)5Zk^}s!P8$k3z?K*c0-rz7X}%4*w!~pd
zWU9Loc}$YphCQlHqj#vt!Qv5rvkhpyrM&I1RbnOHa}>5|;z)3^`rpFIWIIwQ5ZRel
ztBT}?x2rVmuyAsLcG9-Y1wZXj38)Q+rPp<7L!(cFQOa`w_PJ00E!mdmo@TiAsru*Y
z>hbr!+8@pN*`EhILSMo7JP{|gC&Gb+XG`u@S+;j~bALEw+5aJOd(nH^-gjaXC`=tz
z=l-Z2+B-SpXBRIU+T(Sc;CFl3`oCM8^`e({d*)cci0Y}WkD(<fO<xD-3dqi=axt?(
zY3~Z)T?xB-Iv1s&;5F!;4W9F943c1n5riIf>e{N{0Nyug^mjMhM(n!tBK&wROomVv
z1x_XvUX;3mcld0*mmJUg@ZrMx@A6CM{fq%yRQz{3Gf=?E>j}ui_~Tp)9v0uBaVZg;
zm*;0jT9vtovm_fZJ@^64GAeY%1Yk|w7)3LG>Y^6ln8Zh+#diQlh7-+`ygMm9#=ZNy
zeic$&1{a(#g8nTi{S}=h&#58`V~Q7D+>$H~8rPfxwIs0Gw*-2Wvzk+DJ3BR!YpYb;
z2)FLb6kE3kSta$uFUquxl#X`7qDm&I7(ywbr>Ulb(S)G7R5lKX!bAu<31nj82Pgz^
zo65+Ph>&;R{hQ-rsy<D+$rBxfPvnQRAylfMmZ0Tu`E1$tqD|VPlN^a{tPt~jd6_*t
zlp~rUIVMmQq$zu@gH|=H4KMqPZyYE9axbye0B39%u9>vZ8ab2UYYm#i)Y{sRAwf5*
zAJT{>Q`J0nmw}W6$jyO;&N&rO0$@~z&WMp8x`-4eh0gG;clTJ$9}Rgnye`5V4S6;A
zK<7BY{eGJdnn&Wi?x47z9yoFPn|%Oe>_2g^=IQrOJG_Al#$Pc!0=Y*7KQWpJ#lToe
zHqg)M>gH9e8m%1|8o?Vz-hv3N9_OZaY-A<hW~<zW!Ng(&xZ*Q*_YD0`2gHyV=W7Pb
zL+XQ*E8s(U1u%Eu;)EWK>xw7yd^jAo1yLK!qdWz%x@80@XZ^PeoIxOTC~=bL6uFY<
z{oHgmOgm<ud<0)@GI<+StM2Ptmg?lvGXD`*WmPThA8}R5{v)mx{*$H={!_Y;@;eIt
z)2fNnNaEd<#?US&AY<)^X$1F+L$A7r*)RA?9S-Or0-M<iw$v^}NA_^$|3^+Ro`2*V
zaQ=^+5&t7+8#q2`pp$V&qF&^FdT5G|8c{;1@}f0LM74ip=>Fs%9_*{Pe&=wrX%ZI#
zw6*^hE_Z4D$YF)=zeycWnAXop9c6?7U1AqG2L^e|g&4LB;~MdlKlaTZWn?bMZfyHW
z9o?suq_ttg0?{zpPa?+7$neEso5R1Gd>EMMX+TU67uqYEFGPmS2^7_b$`1n2mS7J~
z?TBuz{F)ZAi!X{uzSE<Ac#QW!B?0UwboZ)VwZP`-dMi5WB^XH2;&~56!0xvJ3T@r$
zh}<$_0y_$AmBqS;Ird#hRQgoYDrV1G!K7y!De_o&gksnG;i>seC{!mjU)bw~QI;%Q
z?ae%Z(UdM<;P318-ItKwgzlq$7+iK_xZa4f;nJpfNA$7)0-6|>1Z-}KCzCsmkfRv`
zu!wKUl|6m^+=&?~84Kx`dg@Jpu$?N1S))qCKcN(Zibpl3IJGYMLOv6MYN$I{Qx@*U
z*flu(EaqC=@s4;+e#;q&tA|23HEj?ML#iqNLnbEA^)Zaom~x9{O{*W&=e%=A(vvB(
zzcbh!u2*FXFIDdBI-emN;v4b8>1E7)SfA@4?s}xaTZQ}f>L3MH)b@iHT`{VfYB<{&
zT3}}{qSuOi6?30PdW}>ME;<ywVI0(EY=6yp^htfSK)xlskAX+j|CWlUZEdVJ77R$l
zMh-Chtk#4oZ335)DOAzEyg>+_={Gk0qD?whGZNX_y`e~ta^t<Xbm9I;yf@l)aI8K>
zwqCX`U6wESVLnNHiqZgJBhFIiYu|>k^<{q1!O8o3AbM*HCQF#w5&WPhM2l9gJAT<m
ztNsoD$c1-dVQG-P-=+^Dd%X@XIJ|%99?m3i^J!i5Y;Iw@rNH2Dm!abgS!*vOs+zrN
z9<3$C%Wa@L%^nROLeJT-zlB6__XWIV(*Ufs88O#nAiUd{KsMM5TPCF<;?5`*Uj{$*
zV3U_RzMd&*+G{bb&!biC+Mi_Y@K~nMUtv8s(A^|ZoT~5Rfvja(4Scy}**HeEa5vm;
zB@oO9FX>(LlD|Q$gFgo>nU;6DOk&M^M@a(bJ%^leBo61<d|C%SUpR533>!8La{(f+
zHEHet25xGf;}Jc7TQTJy*5d8z*KFpJ3%nx!8~)bt3JZ<X?8s2`bsmu3dN5_rid@^T
ziFWMn(r)zVS=2a-I{?mECL{0pbfr-<SZ3q-yJ}I}oUZ<ApYZx-<Inr}bVNE%=QQsQ
ziLh~m63p%4GtxJR|I#)<wu}(xmjTS2?0r_#m?)Rm{oQ)Rkk4!0j8N@s_i0I8cxaW!
zQ^!LrB_j3a(>-2?@qR0b0$-W+x;Pbn5Iz+$^*|`NwBj+ySV}l*F<bcaD<K4Fj5wH%
zvB;oTJ)TJsY}dQyrcBoflzft+$&Q#H6ZW|9JvXq9_W~@nCEvAuDKtwsq7zV53Org2
zqXF20z(9@G@8z(YMAlZo(jAunJ3{hHMPy0_*i9zAI@nE`d>IwAy_UjmYY+q?j(#TL
zBb03noa|<x<aP5&ks#lRk~1xGAj3;82bBvMsJ4uMM1%<yvRkH7_K^<QQ5*NLQlXUq
z_;;j&y|A?8XrI>lOe;l&BmhPWOu*Y6qwh&o;xyHG2J0rW?CjX#TQ?Adx0^4kWS!|m
zOY)eIFLd#*kl(b<TZ!cH%cl$j5HB*hr$IeO^}7T6hXSZ3U064_PojdWJr`#ed*e+v
z{DT;N+FOaCPTujad)_!3mOJT3()ZNUYM!t-C!sdtR_>ClrZi}!GyvG<BRi~;o#!Gf
zWv{-e_SGGKyN&B3)f$0ibh`m^O24+oOWO`r=vC&mY+5WNSDDpSiV59?wz?ei+G(_v
zrRuad%Vfja<yF&alK*L#zm<It54KW_J-T-1E56fE`<5S}(rupVDD=yLO|2jF85ww=
zBu0+=<4zuc*2*=sh|p3aI*mGDh(l7v4#V|XqXHbKAes+cTd>@~swEs}b7&GXEUFDX
z+bL<0vacd-^Pek|-J+&Dzo5uk`2nPM#oatRw&pYB(^7%rnQaw@ho7G7Mo%UT?@xEj
zQaPC<oF1?Vf7ohR@=)kGlCzL%HK-_(b6;2Vm9~Td+y$Cp&O)`;y>HL#YKIUZT1=(%
zZ~LxKhZPgI5XXyN#0Og=Z8*PfP2F)Keu#T(aubFVVI-?VHlq*}<WbHFo)`v37=Gwn
zp3_bGvHOUTWQZ|(4KtDwBFayhaluqnvd;Uv<FT$CQY-pKebeMF+tXul4Ij#U)VoC0
zSuQXDD8$}gW@2T=ibrz&D{2)E90;ExI+K5pSUk7&{rijU>e|7kfl}dYDUKg3LQF4o
zm#)O4waQSbwB;<59ozd8j(}ZEc~~5;5&l!;hof+cLuL#1O`B=8IX)saH$+dK_J2;A
zkKzAy(yHTG`68=oW8SAV31&W2mtvY@9RN0hESitnIJKP+I{DQUy;V6kvcBrm3H|{Q
zpGsPndamSLeFHfs7kIxQvU3@_&U&Pna!JQ(>{~4_DvpBKI`3k9`x5s0Br2$yB>ISZ
zygg3C)PD32YBHDlE|#z8PJenWwAVUFf7QfK`ZO=5XZh>&FKk#WG)-BR9ea6yRRKKj
zG<E*cPYQX`ExN69QP0$zx2m`@fSL&)B2E3e&6m8pz`wV-vpxBz%Tr@t)xXr!`zK$Y
zr^Xyk>_F3#n)i6Y`_A#j6q@O>UL@w@O(lmTo94WoTw=xO+Cj0?a?AtaBm>fZo;)#0
zupr5gJ}AH{4Plim<7=*hX|HO~fCD6k9c0M=+@o<r?C*+?6SWeO7ztjUC<J(i#ivMy
zqTc=EK8%l!02WCf6zbhJjWH3aQB)F@BU0}c<^Jq+5KY*mQryB__z(gvU80{I2J$z^
z;2xsNAM-#D)H_00%u_OSP5g2khVqFIF2eo%J@0&|7T{|}y%~!C*K8gsD1g`e2?awh
z#sD<FmWGqwKg}bmiz@l|L1*d(H{;OAc|E^k!K3UN;v|QF>LGdbbrD-~;K^=hBBGGG
zGcyJRX=l)%Yy)A9-)|5c%8TbJakWIKnw=!EYuDGshr~aTKxrAsGfzO4%zfD^^d?|A
zAt22M5v2!^p?f|>oSd~WJ|Klzhp`QTy}Z0oo4S`s64k&jUM^4#ASa(3Kw=~##%sXw
zjnSw}>qOp@#i}iF6WQq`P`4Vh1`1P6san*D1!`mwSRDVnDu!);oY@vU&RPqjqh&3@
zhEH7rYTTab^$g`k_7kGG%vu6ZK?1L(u2y>C03Kv0(vDHL2U0#>QAgDA2+9=ITBCt^
zW7M!1(-}6^Ha=6ae+~Kq5GTtGx!Odi8N5hsFpbEiW1itUq&GK!<;oR-TR2Qh27OnX
z)8o+Pyu|5`S?jpbCPtoQdgRK@8m#FAnI|k;Mr_ww1lb&N<cC-*0MQiw2V@yRi+C#V
zir;kT2BT?;H!Eb-G{Ix4vY>kQmx-96(#}4|rF{giogamUs@ir8KxhZh4fS{U)*ZL+
z;bfnqE6_`<22wS$fn#teB4)_FRD+;=$b^>`k<N~cTYgNS-<{uvU`a*r_4Hr$bR_?)
zo=l`;KKybq%{dd^Rgk6R(x?V0kB(U6U-2K#SVU1&)kFU7=t27+7<Az3|6Xe+XT|s!
z2X(#tHX(tEIq?9nMS<c-_{9lVI$>f5tLnw>L|A(WF@q@)NESlIff!~DaT)sG6Dxx$
z!4HOQio-@_F)-0p{%DiQ4LSkS;$@gvP`Wa&K@u!1sMx9{qgZOK=kW(2ipD3J_j(E9
zyalax?%Xo;+}7~wS`jhS++vvO+%?K~+wrHiaS73QtZ4zz2<ohKR%o|GEMHiP)zY07
z)aD9gUl}m{Q>{f34Ea;It)l`EayUclI^^VuRbWLi#0wRL-saWXM^A@I)soNUE<S4{
zDD24*1g8ul=LX~>FeBo4M?d`R19!iAGn$L-|Gx!^r~97;sm=wq<?2Jppl!zyA<i=f
zXAKDH{uLw7vaD?F8*qs(PoHW{ajOU|c`!m+Y6K?vYjE!}!k&ii28Eeeqll~QYOYje
zi=?vkg)pp@m65tdlR+O{JjGhVc^iO3H*9R$<Roo2i8l<tfEX4E$5AXNt@Gn&QaYpZ
z*nHJ#Cf84STMqbYxOv7>cH}QLu7y7@=JtRH$eGxg;Hi#XIsG|(#H!(xO_Uc+Rh+7B
z@y3L9ML9lg29-a<9u*_x3B^GkozyFh`o-+Q=V)bde_837LHsiaAh}27&>2>%tqW3c
zg>Hq(YRZaGm{lf~nN2kc_Po(DQmTSLO-x5xiSx$7HfFjp80FFZ{4=SIqnn0eqZa{$
zj`Ha1Aa~x{Zt$TxAU+HRR^xPYd-%^6x;o|zxJbmfwS%@0Wb)NrkJMW7dkX07gaXr#
z);BK=a2V~RpfP&Ma2Rp*Gj-BoY>0L#SB)lm8C`T9hv9M2iDPT1`S&?`Ks$1QVv{XC
zj~!ZX7qg~<Wh1$+&+IO+$6k%!3HpEwJj2?HdN^DI*%gX)GT5i}Mn^Ry01z-#HZhf2
zMFkaIoj_D&5TUXCy;&N~xvl-B@}wE`0Af)QTS+Lt5Atj7{Isf>QCQ}J#*1$xl!lOr
zE7d(kKL+|(32|6Hc&O(Zk@(f-BIw99iN)#9&;o)iE+SY;+O>0#xsCv|^c8@Sm<N>Q
zVV%YelHV0HAy*lJii2f>+!8!FPq&QkL^h`$8brVo#v~HO6K4NW6o$%}YN%@s1;1w0
zg#;Se5X;+nVZ9a}Ih{qqBgnbZ3ln5tRS*8csO2DzB9j)ike5#qa1OHn)hh<m9)&Wy
zm;X$BGYFYb46zA~P+d=RBn}8u|7AD2>7|#=y7cdX7mSS4?`oUFO!e~_L`ftoguoFt
zz8cc0<9&2fP?`WKJs@=wTR7qO7P@|8CHTdPm4TW65!6YWaJ9BI0~vv?9JB%Jm_gml
zv2;ZiE>(FHp)4D+CvSeCel8j5uC{#%Dl+3Qgdtc`c{=~3!TV_Ge#+Ijojt{mz~xi9
zzorK-0TGkWF5Sfl)Ln^U5G#L44}SO8-<~`e00~9NL34m&A`F0kH64{M$wk|m<%<Ch
zl{D~Mzg8ml_~66+^WkTg)RqjeEnA$Kb2MfM4-fpz`}i#;4ke3z)Qk*|?lc2~A>+bl
zo89dJeU%$;G^;gNZ{xCRg^3%VodhXJBgr(=b7?!JDT2)m>6&7MpX&{7^C`PcLp{DB
zOtD^l3rj)|gdTtn20Ow;*h{KOw>yedAVj44#Fpj61Cz9C3!VjRDPQzwZl9Shc{LT*
zC9suWoNP-rmT68867(RQ(Pp88{=oc6pg^|<_QVePhvqGBZZw~0SKQ1sCEsUwdi`*O
z{})9+w)s<b6S!AnRPo`n)53Z5GzwEq^WM1&k*O|9*#ICClan7MckwJQEY(<nxeEOW
z9KV?Z`zJ0vG&v+!5tg-pX!zSlTmzLk`_QJ}FmP49@6tr{uV|S37S7IL6;kHirUU{+
z?8+33xt;MRn0s`a7hR^_z&2c49L6;DqXnEJqMM!eBZvGW%%2cje<MWjg2_apNg-LW
zr5UP#em8)i-f;T)OA*d=I!SL4qvMpcp;FJ*I)fUDxFhwsIL~GJT}2awrXr6)!UCJs
zprL5?A2^u`g<vJyDgzlo2GK_hw-joZ3-US4$|*gWAP04)lvf&Wt=JM;g?U*=Fy?>y
z<w+r0X{a6aKm7uwz4{4qb+?1rSV!*PYSB<l4iHUmf7~B<wIxLyG+1GB@z&B2i1adm
z@1}dcUxw;V!6xaoqEMdT|9Y$o3e3X>ZGin~B>ea{f<1wLadkiuNXjB=vSyOKV4Ce8
zGMe1<I&)?t%$Egt<qfg9$5KLvohNa#a%?PHr<%X{FdZ7y(t-Y96iJOaRjoVZ66Wi^
z229@e)@c25RIWQu#-)N451JK!%kn!FY=cl4I9ErBI>Jo1^MscRzWDLrB2yv7(iRTE
z4Nv!&SP-jG8g&%9`&G!rtuH3->cf>1Ni>B|W12UotEY{j*gJezTLR^6A4Y)1b+RGE
z1~5nDjby27h_`_=uX&2qh{Vs}vkT^71aP%&ghpHDu0Z5asH$0AUojDR<n|FR7bW=2
zsZr>_dweiEj~>%mW(2XNGl&g}?2tFD8_3(I!7LcaZ=;Ie(k77EF9AFssR#eSuvPy}
z_qh4ZNLe>ZRo$Dp9-*kE7_P^Y%yCT2_^<!j{Of<3c#k6j@-@bBe4}Q0OrKzyfD@~<
z@VpsOQqthF)UKj5Eci^vA+DB5mZ!Tvw5-T~+SCx6yK)p6j*~g94Jc(;MlQ1>kTaBY
zduZbf<*;C4D>O{zy)`jF5~(Dj^(aQ>-S8O1Vl=g~NoregK~`liI&&1`LGLI7mE`hJ
zHd-==RnQv<vC0VjBU8(X`Abus0O_H6s!e*wziUtb?ow9-HY$;F4hAK?FhApU+apDB
zQCRqB%?zB57_dQ)?InTX^~cm_v00oktGHnm48A~5raSt$PA$cxQ!!_zqPGhVNK7**
zzru~K{qj?m8`%lXW|}bX@>9kb%F>zyp~sYPFd}Kg9B=4&#_?y^3DPjQ2ShU|`S%jG
zqPZi{2U*M9^KLO)zDjNAfrdb!lj#NZ1cx>gB}_}vjV1q@`}4onfT!sc12Kt6kw*?)
zt@X7m+yceD{P5K;{{DAJ+@i>~rPc}6sFr+@TweVZ4f;pgiW~DnYfv<$&#*1H#Qpeu
zau-f3pSFq@o9!teISq-XleM(83rEAY`?x6j%2GYe#luM@RwA^WX1O@d5;E7c(vOpS
zMAa-uA;{WO$vNir9hyKf`I%p%IL$exV(E~W*oqDr{HJ#BaFax#DQo*N<R}RS-|qr<
zX^BX62)|=Iu|l3wQU*yS)gnBUIv42?sHB(*EB_T-RijJ*A`i6obn3wsCeQzA>n)?&
z`rhbIf);lV?q1y8-CNw<-66P3(I7>Nd!ZC}ch}<X4#iqv((iB9%>37yyg13a=T%lt
z?tY%n+56m{-4sCFxf2c^(!4>>08H#>IjY@SN%EAB(hLX6;wRdJgPFaMT8Puz5mF1~
zSzNuuSYG`odK6j9Oc_77yO6uNRNMIAFn*Br)1-zt?m;cWmwp6iuU}<)b>K1<%x}ZW
zhBqUM$mLy}c)C!B`q4%08)L~7=wAuM9@ePyN&$$`EvPsro+Frt?;Tj@@^IOex&Ocr
z$>*?ly(19u$(a9ZW|%I-d-^Hd245qMC=y4q+mQ>ELGJ=B<fLyg#POK8GSr)+UePL+
zQEDNpbW7$$JCc(dV9wYNMj^t7GW}5m6~%75qsac72N@>a3sCh@<BASM3MF~2Nv~Cb
zqCV%-v6z55QtUAbz?d{oIX_%M0$U`>a*TxzmiT(IO>jO8q9HGm!XuS;qh^+U3KsIY
zlWL9r3rg^XGax?DZ&+O2LTe}@P~o0Hb1&m*+~PS0lbF!yS30d=+h++ju=X?hyC5u>
zdNz>7Ll%^i&&JWc`yxmezW}n4L!vh9)U08xzY{EgxX2B2in5Aung$c#qrXL2tR`P9
zUyyi9gH}#ebrdYH0eAXUB{`b%oZZ_w@axoxZeTcC=}rNEf|&a{x09meTZ{cV<byqe
z%IPMzlP`%8%8(r#qo>}zc*bU1Bzc90BbdkSV+D7JJZ>|wC&*M|t|*U)uR`P9!9}BF
zh{ylq?0MdHF&a>%67}nX?i*fz6aXwhKZ0wA%c`BZd+V1fXSPml$GF4w!L3rO70u7?
zAO9%3sYmsTO_EB?OYv<3`q@eL*X{<A->3a@RLBe;;mpW#2f)gqCs|r;2oE5qac{v0
zg;^nawRrl0N)rqg$#fM2rE*$f9F74Gb=~Jw4i6^>(GipL4ay|U-$dGpsA}ZpGz+w8
ze`X{@KnRnWJ}FLRmO1&}d@ROc8Sdn=bgq@%SFPx45lCgiOhc*S;*ga5_0us23SIQa
zs_RpvC{9X%;s4;r+sr&C7NQDI*n!aYclxza{M%q_vr%tMS8Ef!&97KW<^;14_Hm1!
z`XtW+nxv=^pf0?2O=S*_d!oU^S?~UXSL##~Ag7xu=9!SKRmuB16dq+$^T*s!rP-4k
z;k>8eWBH$dMT<&~)W@kIj^l&`(}WJUKu_6dCA_`*<c7u%&@g-Uq@SK0%r5vlHL{{(
zoAmIw)_l2wn@SC>@nIJD^uGDYB`*bqGOsKW&LDawBT9SY8bzGM_z)C~3l@7C)x#+L
z4NC1)paCqV?kO;UuA(GAtcIZLIO_f55kI^jJYuVwy;=QM7hrCWnm5yS)A)}^nA^L7
z|HmWhwg2N0{JxdNNO}^aWL4EdrTv)PowdaWnBuCjzsmF8hA68vnJPl!W0g5XBR0g-
zKR_~5#e@j7=1--tWjj)~+)?R<ui$h6M{;Zsb5?2fwBmMj<exAZJ{z(GH4)Jx$H2G|
z5}IV%*$-o2KCaN}JV~l*M4}MKQTtv@#sc)GZ*r$v^+V)*BOzhH|9j|t5kpfD5RR?S
zrRw9T*LeRBMghEkK<Mn<(d)$+^N$xg6gwoqtnyxp>{D>LrO9yqz^wyAHCF&?*_e7e
zF@ak&g&Pc%bkqqMn%0IfR68w2Z7Wz<u~MbU-oW<grHW#;fib+Ub29bS!k}MZtnS(9
z`!N^Bu6ax7jjSl^0$asrQm5Ryu-Fe*wKr1TroW^f+8$9tlwbW9506;FkpI~6;LBp#
zQ_WM}ZX#}@50s-8!6SyMrIZ<HyM7Any#{+%HD-2YMUk8!c0Xh&+Z!h>6=c4wK2pzp
zdpf3e6y?zv7CE`mhz3Do%yaNH<5Udxp&7GtaD~P;+TJxVO1LZVu7!soSZOv1D{Axi
zYxEroJ%|vF;1der2xm~dj252-di1B)I;O;5_3{T8!vPfcrk7h~IRvEJnpaM~a<Ony
zVGx8+DvqR<+pbTlm7YqjEC3Kl)mNqkIiKlEu`|SQA=ayP4Tv*a{00t~DU;*L=S2&U
zBYPi(!I<zt!IP!^_x8Ms7TgO9jnp%8c5Ma~-G2AYVDx8)B5|uA*%Itm^>x<;cx$eJ
zBgqO7PkB5<k{mN3lB7nMM8a4Er!^Gy>&bMRofKaRu`y=2r$Nt18wdf&Fh-_P11@qX
z*Sd1%m=9<%;&HQ}&&TlL_K-;cHN4UH$c1+s$q@>6j*^yKX|$Mn3u^drq$#t+Y-BZG
zu^S58;&smtQVPY%E51}}egH-GAof{!U)hzzql+tleweWgqbYZpQOk!quVNqXawpiP
zgIguNx}^l^<?=o|91Bovh!5H3`#LS3e8;3|l23gPuUwrh^->M=9+Wv3?wH2ug%VLC
zNr`UUFET8XSm~RwE{cRbM+~kAR7r$PJE@p2yHJ|3u^5vQu`o&{%0Lr^xgV%KY2s_p
zVwzq!cF<+Dg}-WeMR(|W^!<Ri6}Q+)Vo0z$b_kA}J9GYjn(#re_|BU`?VW*m!|%=w
zM6n8|$e(#Rx64*SVaYRxRel8mqVg4D`&F}UG%d^rGgJRcn)?BkRR)I~8;4rM)EFW)
zQ6&aDYLqXAP}^;z^2ahN*PaKy9(L7^*Nwq%?3C(koFh=(&BlU_9{FDlJeT0;ZG|nP
za(=8$E&TH4Th{_fcuu-#Can!Cr<(`;Q<R>6in5*tQ50U9sv{T8jX~w)=sr?+*kxHo
zOtYPV-Vy<5@NTX%@b+h-PibOk98kx`(&QU%ue(T^O042{L&<=|KF9N5{xj$ahU}l7
zA^dQW<$zI!-xKgDnsyH6J8@Qzuqp1x<op+6Znuvh7-5v)DO2$}wQ(qt-y}*MonHo9
z<Xcqw>@h}ED%?m`rpQ&>^;JgAiC54dsHch3r7oApRM4s!Xo^KSqhmEC4fONlW8gfw
zG;Q(I{Vm+XsZweZr4RW@s}ph-@?+%vA=-hhag2BZ(GE_Hhl>NuJL>2o+`z7ixWw<%
zO`stcV=Q58n{=ca%VJ6UMI_=3SvtE?qLKHXlv40E(svsu|GHb;zW5|Mdi;f`=y6<P
ztK*@#SxW*Hj2+z_8=OmJDYGam3IP#8nxybyUh2zv>+-KeIqqO;Zk{-@HR*wb5C$K2
z1=@rn$-7y{k&gHxf}M9n?;CV*1DU8Yh*gJ_eq!W*?A%eM?KcFStNughX%KY&Nb(TL
zypNLPB^RY=<{RyiLgS3tJ&+RO@4iJ@RMUvcV2?#yGaIKMU24=Dd}Cr~w5p@6Ly$r6
zw-?d^JNhiF6<rj|2P#t%*qbZwCL|=gLDXha2BJ3R+)A=IjtgxecOY)`ssNt)iLXW#
z)e_SB!syw`f<$25`Lu>OrV0$oZfhMErr`=3N7|870~XpYC!vn}v<#N6ff<T2-q9a{
zic>p>ygo+(fs**rHSL!8osYE9WHCP$vsuaxSW8=ZD<03DUiCfvDE04=q2uv=Rrt68
z%nopp`^^tiDTC`Ed{E#Tw4tyDg^3XnGdd9OWB4X(x#9TcHPo$F=y1&g<^fqdt``3}
zv4_Rd=_-9|YOrZKJe}pni~`lOC)#%|Uk-OkdAhNP&x{~OMUw*|7VWuVW{T!G!&1EY
z-iU0I&m2wB<wS!XTGR1n$){!M)$B5pv|0I~gvK;}Ew2;0L!gjRzAlDQTR#6!lctv7
zcgur$BKkr-MN0L2aL*0=BOTUj-K*UF?GDes8|4Ch3>RTcZ9q(%6nN1+`Isb83iQr-
zibyARq2{qWzn$ZNH8a7SDWUW-K#-9)K$|+H9i!kaetbEVSTfksE-1L3OJa{7xz#Bs
z_@AC_P=U<oc`ZVoUk%-aBMf?7KS^@-Au`G(4tyao$yRbc^kCxej0_G?f&wr!?G!YN
z9;2dFnGuJ|D;;L$q(!3r40fZx%DnvopOr7WLa7^vQFT2E*6He8BqxgZi7dP$|5FCT
zriH+U<1LOFjKAR2PNWv8A?jFw0;%Qnr69GO7>F<tnD&i?zP}%e4TuZ5HKQ1PsS)h6
z-=sF^-C#9K7aZJRox{xRW1Nz6;Dq=59WZbz$6a-t;YqaXgkLd4$JAjs5GnOpr9z*d
zg2$5ip8-G|(n{tLYYz&;+7W&u@u|L}*(~ho==o9CsVf&wg|Xqf%zSNz`MkBxjqKI}
zO6+LkD1M<Z)GgR?_cjbkCx<8?GDHEPM<EI*;Q&!ULx2+M3VcB!qYesoyG3cagh7?<
zi({H0jSalLE_$B0ZCWi;us+U@DkMmsSYx0G1?pCXX6g(6`S$UVS9EK+3VEAzx0VH>
zf~VmS74(%rQX6l#N9HQ}4&&hgTE?S~)MP1<J*;i9^6H61Jr$lFH?>Xsyg@;i(fAY~
z+~#wNq7ZD;N{ljxE_+yn3o5v5cxgSYMpm2i8{3Fn$x_*IgDk;O@$)oMZWj$`w96LJ
zmgJ%bSE_>+=*^|(4^|pjwphG{0WtjvBd7f9a#5~S_wZrV7gCP<(d`4E0?j8(?-=o;
zSv)l1dXD?>_JIPmbsBhd0tB_6cEmk^krD0azihuJXm7h0R)$9KCokpq-?8zZx3u=(
z%_MyO5}Z9ljH#4C1mE6Ok$!{|p}(>z+51Yf8)&N;z(%NkjQRxYT~@z*RG)UyA^69-
zi^?!qxI>t~i*G*pJu;yhRKfjAcPdh;V$R$sY_BPrg#a!EAD9pBBB2#+TkX@}?jC>M
z-Y3hcWR_GF)7lSHRqrfxwv+W*G7T~+?xuP)C(|UGInF<C5qKZ+nQjljdLV;~>XhA_
zrTUxSJHI)vcqM;zQ&g4&55xB1+DbK+B-vYdzSj(nFnwX`wcr~UDC;P<>nU8J#rEm4
z4?BvQh@W~^k1A&Mh$x18r=?_}626(49XY>0S9>rQmq$_3Z@^5lg6X<p$;61Mw{f(z
z9%3cd`)4IyW|N{3mJ1+mpACs{;KAQ~3@$vIQ`<Yk_#mo?$@)AQecx7X2IW)egw(z`
zy|(q}2H(lj`BfAYoihGp^Iv~@fb1}iOK97x_c=xxR)+BoJ7ZR~|C<_%n`Nf$yjL*?
z>~RsLCQ4^eSjl(gv`U{`m~XdcA)cwhY9~V4CM4v|Ok9778vMgXeu2LbL)j{02<zRk
zToN4$QzYEjxCx_0HJ^WW_b>3FO{Xx+&}zcuRW~skHUQ~*?b61|oTo4nWnsZ};nA^R
z*-{sfzQy1$WuPobbFnmvdm?AhA5!SVL_xfU#7CKkoM&Hes@CfBP0%_n1Q2ysIBgEQ
zX<hi?Rp%5?bI&oubCntZOF8nMseJahwi0lKYSQYApVXnklz5_d{(io>Kn*DNuLkYO
z@FfDO;ZmJG6Mza=>=$4BezOpEsL_!hAQ3Cmz#&uQYW{F^wU*YluX2cjX=#g?NN5~`
zlNXh{&|@?TK7~VDF?uDkY|03N-&|H;g1K~{fxD)txwIHuG=}m3eAzSgZh#hP*{QNw
zBkqbd!8-7)F1C5h9eo(AcH54-8e*@40D@ODj(aR?KhU{9)LZ?6JvqILhHh~<1>@h(
z9*KhCkb)c>MZ1EGC1^ZVnk*(T!d;+*I@UClcBE9np@y!D9b!FEKt*GYU8eWlv;$>M
ziHBB&2Bs|V4&G!vxD@)bQ9fH|g}YTV&Z2j7oi<3X187$IH(d_*d1^>KCrWel2YYf&
zx=uWn4M-I`Ej6BS05iiTelC)lSh4wSYZfo&!P+=;O9ka)LyAh^mJF{^u#iW@Akef?
z=Dxbcf!+c<ib0RTpRYH-)u~(P&y}4$XYF_`2!%K)$L<QtV5m;v3G6KN5KmvB5u$>4
zsuknbe(v{A@DgjTIe2Fc>&PFRkmgh$A9ex-xZ&)ZPWUj1Y3wVk*0g`(YSoaj3<0vG
z+&$zAvXQHa2|s!v3}U_s&*n=hn^6Q?xLFKNxD==I>r#QbzbrSdweP{RY2mTOqhkcj
zqv?pm=TGZ=o0=l+dO1`fPvAr~GCT7iJ<L!Oo&&xSxzEk^L`WSpC#S1~%h*^GagBSb
zbfemy;K1UzGL6lKoreN36a<-QWoox`m-?G;rKxH>MWhAF;6-chUvKeSEJCPt$&ov2
zCi5}u7cD_Z6W~fyr5Ku_JuJ4xC_JcHH$v!nbeY2<jUM-i5j%MVjZ8R*IpxPV#>x#!
zh}}tX;-jTYEu$9M1A8$Ld63VN-YZ8_`)PU|<B~3F$>2k*C~govl9=s1)`B+Sa&F%-
z1p#vk>`5|Wn0Al*QOJuMl(zPO3P9Rwj7qKeZ!2gWn<{)L+LZ0vdir%2*I@dL*yo*i
z1IlkBd1l;t%ux(hiQBoOv*Wa*-aRXUymx+x22~>8Lo|2SH**3iR9C0LdMZPGYcF{6
z`Ds$wkna)@GY)2~I=U_KVlqArJ)l%}7yi9ssn__UBt?uAoyI!JCXW8V(JQ;(-Ric;
z-4C>%8bIB<#&s#{;@!Aj9&1tf7YG6m*qu{@k~`9=ulCS{zfHd>H0Y+tvfkNvb0%4d
zR*nm`jZG9~CsA2UOj=-bW*yV;<`$e(=U{oOQPEuHa4`P7-{c;R(f^58ylAMgzT-zd
z$l_$kNHe%d-B_KB+q}S?Q{D1Uzxik5L7W*Tl~O*ZEl__CtOo<LbCAKfU<mumV`ZxS
zM4N|af#}J~<n%Dz(XdTg7OAX?W#Fauux^Pkc^|BSrMdGXtnIvjUjUtDt7shU^q&C}
zGSz4wtNJO6WFb<9HA9ml`5+_9!RJ)o%~w3fH+dX+)x~J$b81N`j)k=r4jsricyd~T
zGAQIYX`Fu~4sOZrnIGZGFj5)p_EDdZ(h_2qwZ(>`_1qYv04OC|rb_gc0MkC<O_+vo
z6<$>TFzIzS$+Ci}=1D!JbzNed3rCXr7F(!QT?hqln}4Uk6#l~71Q_C_BjKE@v#?Y&
z)Kkx4mCO(2syr!*HT$l8b_UW0yQzKZEUawQZel$sXbOgR_#TwNp|2?VoqjOHa1|Od
zt?_eh3e0+7lAacJJecp2FUzoHGF{m^&b5-J4O3?;rU`glq*i90$ofjQU`fQK-KY(9
z0INf!9!}T&LnZLw2TCPVbD79#i<k6CC{ev?t>tA(NwTBffhk^20?5;mr*Xo(y7<x~
zNjcK}E-|5Tf@38*rKZ5jFtXPwolNdE1Y#D2Tha{uXBNf!XBL(I^z+q=5Pk>u)M0;z
z>HGLc2#Ugsz0F*+BuE1b<o8(;OuW%w88xDW^;uO<7h;$%(hx#crmJEMJFSTE^l+Pk
zJsY5Sf`(X06bOR2zSYxk`?zUH<cga9GkxdwO@?d#qtC^E(#Dioa#??wMDZ=s5QqO|
z*8hM1UY;{sk92_b`3LNtbl2gI8t3F~G5O+ASeG$y3#<#o83r&o!tO!bsvHL#x%IRH
zU04ym8dkD^VVvYSPuzNbDO+y<U1V872wx{mzI^iL-(I3dFmQdG`v!C=sr|Jd%*5UF
zYZ9_^Q4gz0)2BI%yv-(zux=vCi_eMxgqXmEdil3Slw>jq^7Q+zgu4hHGYuzr711eK
z3_?oiL#*ce09I`s*FRGkSa$^Fnp!k0&la4zF^_65al02M36@W^Y=?OW_s%szrIvYQ
z9==3DVHWX%GpO%kORJXg^YnnKcvmYrUQ@I}=6YHI{21#w8;Y#O0Q9^0G;lfs!De3u
zi<)Z5Ec#s6j1?=b3^sP^aXf@z*Iltj`OVf1Do=jZBk>$-U5sWP+2+FvLr!s!!KCR#
z5t$6;8$~HpkH;%K1N6HoZ0CTGLrWA?>2H?~Y9`v&4LPm8Lnl^`ZC}p>5?`BR()Ni&
zq2QgtF{7*!=li%Py=f`D)PY?h8p9ceV8$OU@C5V}k@rtfVFXf4$9~cB)Thg>!c(S0
z8cz;eY0jskfA%ftH-?^|@|kh9h3{$SDTA=Tqx+&`aPd-MM%&|WpFqY?Pe~#`Qu<d2
zJAyAj71JxYOp%S1VVW5(WeB!M(CefuF4MUG;uiuf0egRTAZr+<FNq`ukic;HB993r
zF8(RF0Nw*ObT=gJZag;Q_kYbGl?Oa<fp(21`%%5e5Qn_2wb%nCAahZcxFlDEOGWD{
zy^4g>j<S2|rid0qrvGmvaHEV*qtSqsWlneZxMsXjBjs$Of|1w8>BD2Hq&+LrVE!1;
znBP3$`F{TEND!j#Au9hKQ!ahQ=%H}-mkj$1na$nPkWU;_#Gg&1S3FC=6&|k1LA^6o
zq4+v|xD=&XsfeF6p;xaxDY&B|I5Mt<JH(0ujY9Qs?0Z0>GvBI1t<f@uIk)9X{KGy|
z&N8y>rBeggJ8IC;hcvNmF}@cE#q=|cp7M8SlwB*t;HrjwX~msRdd#F?=AghsfbU^u
z(bygJ{<52F13&CIpkiC>3?|PgBp45k9$fnZ=lAG6>xwZl#dgzVLNx0%As60_6hN)+
z1f!Iy_lgKAJxNQtc{;}lx8WH4%Cvj%Cv4MX#;PNLVyUy^;Q(fh#y!<V`%@F!@aDcE
zGp`Dl>BUgN!|oErAL~PO{NBV<mTYax6_!Al#jw@!&c+XRY`jgnx6+(b_GhFEdEMwM
zaE*6)%cyqvOs8SdW^7vw8&)`i`Fg(u7Gzf1+P4EhKf_^=H0Q{@dwp$TZ+F^}r}R-j
z8%JEt@M!9M4vhX(X8w!YLU&WrySH^OW1`{mt7_(S1d9qG-C}7AyNK=~+!05=>u~}*
z-KtvqqxC`!Q0VhWuI`2OWu-e4eHMEiDU-4goshq`J3|Bo#m1+d^*XgnZHs$l$!64M
z&#}TL&>b-r#sHN%?@{X{(xCHxyq~_`RYL+pYy8$&BF+_>c2`f6L2@!)B(WUeruR!6
zecG4w&+DT`a<;~rlzhNqU<->;S<<hdOe{-iNgR_fAG}AWu`+U7Tc`>0&)}2@uK98n
z97(Ek)>`PfA1$sV-x`f1dW?S3Mw8a)VmfC11Vw$Y)*y`iRhZ6MKK8h?5(k%-@*B&$
zt&b(^?-)N~>a4vW5_!#>au&|MrK~w??KoGGF5S<<;Cn5NUoyrq(DVA*1-XSb_n$Q2
zIB;ErGq~!5gP?0K;V1;8+0jQ8wxZ1_+l{=9i7b$VxO09FI^1`0d-)m9ah^x={G!Q#
z@&VB@lqN|je5P(sl%`a`r(Q>ElaFmx6l0>TFoMa>nh7T0Eu>EXszXUu7l(T!{l4<x
z)!?alVWjUSM>6+gIQW;AtH0sC3@;Zcyd9uLN`__r|AgfbQoN8RTgMrp8;fJKrRwL>
za6Jz=8foN={{;}Nm*%tUKoC)3`X?&h!5E%;gixAva6JZUEdn+6FuHV>dvHB=5%sX4
zearIfwSq%zw$%lJ5j&d1rWeKZTi;zVT8Js0Cy1QF(_Wd&PE#6^_Z`l)l$X_`J)wWd
zUz(>h3dFf-m)ZRYy`_p$R8FL85R%ut{N-Z)-wx;;Od5%p0tn4}hrDF{VjsSArFUIz
zPQFc59&KT+^(PnbvQM0|tPL4~LUbH2bXOG>Ry#zU@DZVB&6%u+3Aww}F%X$KB}Fb3
z%IH8582tIuG{9#Ws%K4dfl&WyNc<3A+Q_ZGVBbbQ>CEvUPdubK!o+doB7~_^_zQ^9
zJEWk!j0F--0o4u*J8B3sIqqKC>0=lB&t6w0cz|7`QEmJo+oCfM8s^02I$V1bGz3hT
zg#tPBpy!zfA)Gn!wSW8Prv(=>t@Qo2BtJLs!Y&Ig&{iRXbaPu+(`UX^JCyL3nVvDo
zwSQ%i_}YKD6m7{h$K(CNbm~-HrxUS@^j#2VW#>r9DlvRxcgiq1V<lC)OCv`(I2U82
zRy`*|>M!&xS=7zJASF_Vc>H(e_~zL7{&6ctNoc;*F~@DoofP`vvA#9IuMQOil)JY7
zB|XLGifL7vzKyF%vnS0d{QhqN&gdqT_tu*)jj$u+IGQBmmmotsqeK16mf<==!euMW
z9G&yMRykV!xH$P?6B*;F`j*syg4AG3d|OCZto8p4iy@T%FD!OMkBjC235!iT{Z}@i
zYH~?4|1XXb$^?m{0POz7QPlpQI7%7}5IG10)fn~wX#7zwySmgIEChjJh~?T{0{}bA
z-zioM@DM&hiZ_|cW+hAi-K;}Spc`&1OdomL&TLCTNgVsk;y^r7n|)NHP~%{<toRbW
zb%j<rHP1?p&}z7wV^#QGphL>Ss)S1-G1@1xw!;-TR+;*4r2-1t+iZ>UW&bN07U;I$
z{YZ3m^ReiqWz5Fa|7CpKQ1tD^c8^n&Sl=h(rp)KfHtek}tPYN3vTwOaR|u5E?~W(b
zoypR70ea`6pfX27Omd7%yfHo|W`DvYgz|fP|E5Yj+?{8_S{SsbO8hR7DSiA23O(Zs
z##UC)p(^(5-*^z4k%PBn6YqY5a|)8y1;X)eBrrGmNb>Kk?*MI_&+lCqxt|kDOnU4n
z8qSvwPOEl;fw~zB3Ha!pqa>?ld#h6&Hx^vTh?*M}o5MA?7fFBey;H}0Q29abLOucI
zHkQTV&E`AA=+2sZ7Z*uk(+=<96)9WKhtqOlXg&zZHN7C%xqXc8hi;WkM>=!ShgTc+
zEc;Ds>S*3=AN<$xeV9Xi4xIHG6m5aoP~H)%<1!Zsyo--3ri{T_tD`}cxxmzGy(0>v
z^N)fT1*ux|=LHi@hXJH2dn8&`iMiC(EV*kW4<}x8&iN|4Dqb2K4jjX|Nk=-{*HXCf
z64_k_19v*d54d;KLaL(j618d+cPS*{u$(xIF;20=N-uTS^$7VqBJzPgO0u1_o8Me^
zH7z~8T%TkNah+FWnX{F2*$$0^wfw@sQobdFTH*S+%vPh>?q0K>F_h0zDQxi}HZOi#
zMv!7t6oc>2q_FRs1L!ccxS8p#dFh@pSkz}|p5^6!67~lk9IJ(u-ukW_Gzo|)Kx*6#
zgkpyY`48W}Z?@!P5+ksg_{9HEZcno~-hvdBx{F$DFRx)#^uniht^Q}qWdk`je*pEC
zoM=i3^0T>EN#V&-{LjD5gi1@}c8TX{ML?VW>$KMGSc8R$yy^i~xU%)n@^y#j${MG)
z4Yy9y2I{8GT#i^^5+<hnhP@llaP8iNU9PC+QB^%J%u0-9*ejr7qQzD{O@R6h<MU^h
zcN;e`k#+Znfd=u1!PEYS^UEx!9Q)j6{HBVwqW!`%={!nt&tT)zrVGNZh-Ih}6;SYc
zv4TBg0GQkwg>EPD&hq!VYf#+q^9k9dMQPV6J?RvEqYMc+`}wEL+;TAoHDaZ<zhWny
zUhQ)I<YZ_I!uR($hm(zZW&L3uXH_FqQH<?_Yh{70fyK#pDUY|SMP22L`Zn)RRC{GB
ze-uJpItlYI<vy`HKs`SG)*bZ7hy|HMP~;YVi&xT)QT#wqvv%FrPP_2V$i0Tt2CN!W
z^m}pxcF?lx?td@|Wi7Ocr*|K}SX8?G!Q7l=;U14<O|yBP{gn>Z+ebq7ZE0AQn0a3j
z<Mn6#oh?;#v=9ak)}Q(Agu16$kbkd@8}2M<%G#$2e_iE-Ec2!enIpabq?y75Ytnk>
z3J~ZbVY>s^Or#BmW$e1)&zsH!8q1L)R?bDG2HOJx^QpP^WPr-lPWw~<Vye0WIq39|
z<a$hZU7WBoLgrvOMHA)Hg<(P2@L4cYGI*B|b&c^T5tGMwTiQ7v*t=bF+yATmZg6q&
z7+tPN#Gd*GTw2b@pnVoE&hPwL0|rw+91l5}nIxTg?k<~-K~XmZ&0y?)trx-a<t;1F
z&iBw*1g-v8iYt7<^knT3G`?r=CJ-YbNiCSL_^GV;lb6A0H|{V?g)9FT;ZM>B$%VJi
zG17GQ{&L<X^bs4DNgJcR{Ng5aT0EpVRDY>5uuJ*+#N>V*kYL6V>tP~;_;v&&wnr=W
z+2yIV@fMJiYBSZaLUqy$;6{-`7&fqejUibm$?cR3CtXu-T<~n8;&M`<5rX0y+$c9U
z_s8e=KJ5Krd-?N9H)X1`Y?{g5bhYpX$+xu`fJ`@En%(g;{2b3%C$NIsksCDa)Epkx
z04jaH$d<pqHqZDXD_+D4WjoG?H)9lY$8Jib&y_dyatR{S7&f}$=`}WM`4=9%y5hA}
zrDl8J-M*S!-Gjk5VGo2v&LB;{5fMpwF*nOz$hu)MV9MWlj`9Y*U%&l@9*px5xUG1E
zV=LM`=dIp0-`|QK0w6wEsL-?`>JNtzyzM061AfOIe6?p2aSV7#^V**;Gq&=P5eXC!
z@mGBB2L!RPcTZ97xJp)j`u;}FGb-)jb^CJQSocRk&;Rj&xwzfY83e2f+A4vSuZ`O~
z8M$AIvmr_-I%@~A%ZLfB2A(9m4rUIBWS1vD4M5JE^LG{wCCOMm+;=^iD!k$QdU5L;
zx-gnd&0XYdL3+8n74&>@jroSyAkca|u|LPv&Q!6L4ApP7WfR4U&pvt%H19&O9vJL3
zN>0g^x~o~9B|u)w0!1y_?%s^MO?wUf9$t?)y*7F<ARQEJYg;86ge~<E%-wQKm+93H
z%v8DdEB37nk~=iXdHhCv$-hY$(R_O`YA)2c4lezzYelU0hm|HF3q93?Wp7FQ34P~M
z^2;N}zL3<}p76x+W2lDgEH0xhLPr&f_xsertu-aMz1L@=0~FT0Nz#U*E_ePbhAia)
z2Z1^RE5(L2`Z_~zsWWzpzufvdolo-DtSq&ls^M8)TU(Y#rT^)^*vHJWS_wDOlf1Re
z{4#OXT*Y}wGC|ecyM>z8vZ*u=z-dKQS54JXbC`u?ot<+9tn@hEt5;uln%Df0<7dx5
z-yc*0CmW16t3bu`*LVg7+pNbDb?k-)iL&gQeYx}>sPRQE$cyqOh+v%$o3&KmKEB={
zbbzC2mqk;~d8UI__CVjr`qs$Ujt`S_sziN`t?-P5RROD;_|A_!o7lGM5iP^Uw6o2l
z^ojV?3MaBJ_-3HDx}#S)4*TT4G6U-cE)STvELI+c49Me1k;XVve5<c`-Kp*_JTQzI
zd8ySdyr37#6e~v+mkYs`SD}u)SyZkZ*}swlSb^!6h;g%5aW0sbwC;>6yD+}}Pl+>f
z{sH1sFEKEY=kam{l4E>XNui<+9J{TL5mq85m(I|=xcrlI>$Z0&izGz4n6k}g{^41a
zwu+lXiPuS-y<dHp7<N=oXC~dDjDJ23?KJXk?txxPWP?aF+3I*NO#?$)i9mCl4{3n{
zZsOF41#L7$Xm{2f1k(-d6q}hKHV!=lHibpX+Z#N-pdoA8zIL%{DOXY9zi5B^eeS8E
zeNSAlY}bmOfA*8g^YPNwdKi=2yz@M=?j22-Zu}9r^@AJ^PA7EyZhf8dxj5+>_&~ow
zngzmjj`zP$!5**+$Ck4GTJo^zyYIA-<{u4%l9W9$gYNGG^x^WK<(n28xXPG|<zy`F
z4wEY33@x4(1{R}Be-x1>VfcUpEOV2v79vr<ydk&rO^+P61Py84yB|-|9%md=UvcP7
z(EL!!IyAN`$)d`#QTe-QxgX&d|4S<M@)Q&g+%PNQQIw*K#RcFYwp2{xjgZMSFVp8e
zPoL5LfgB8;X!gL|`q6~<&F|F~#<WqWyO)j6Pv{lq-4`3HRr&1=)5fAwS!dBnXI`o+
zhwGe@>74Y!JE65EG5~C|O48>Y(F$hp3gKxNtuoBFZMN<lA5Wldmq?Gqu}t9tc7p^N
zI`H+aGK*yQ<L7+5==f;CZWO9XOPY6{UmTw`$Vf_7CHHMc(B5^~1z%I*$2~CXh!7@w
zG(4fIU3vXjy~RWPSX;9<3y;Q_m$SR>2CAqTOp~l>&Li&EzYRCUtt8Oq)6{K(%lS#!
zfp+%1?Ahr-B<$JySQ+r}9(DJCP7wO2D}IxXuG8jzbYW}KeYv2y-L0mu(MjD3rm;KO
zNgZ;Lt;!^crzxMZ+gfTmn%vh;-eG6ecJ{nOzS{1s1WfKxkJkfz<X`N${|@w)UtR*P
z{RTU;kH{{N@6{|>$we*DAJr_`JbfhQ9dWN}#2L{c+HYDULbCXnaQh1h1r#wDzFP8>
z8bC6Mr_9)lOMp1o%k|=#;Y_`M32S5eM_8vToxJ_9fIp9zc}waGTDg4J_*QWbQh-wA
zSDVw25H|)_%Gi+1Iplh1vN#bGrMm<%IW`q(c0BBtm~`!g!Ko6P*bk;~I8`3fw`KYD
zGZEPE!}6i5=(jhx@*X2Hy?Ph9H`8UJpede%I>fB9TuY_o@DFs)LF!3I%d}YxQjDgH
zD+8kQ;yk#db}~A%;09M`skqjb1ETl8ub{W2cQQ3a05lHN|KFpqQky+^$^MT=6p+9}
aVM3mn_3s6MB8QAcsi>aR@RlC`uKZuYn#BMB

diff --git a/Solutions/MicrosoftDefenderForEndpoint/Package/createUiDefinition.json b/Solutions/MicrosoftDefenderForEndpoint/Package/createUiDefinition.json
index a701d735a73..02b1132d5b5 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/Package/createUiDefinition.json
+++ b/Solutions/MicrosoftDefenderForEndpoint/Package/createUiDefinition.json
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [Microsoft Defender for Endpoint](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide) solution for Microsoft Sentinel enables you to ingest security alerts from the Defender for Endpoint platform, integrating them into your Sentinel Incidents queue. \r \n \r \n **Underlying Microsoft Technologies used:** \r \n \r \n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n\n a. [Codeless Connector Platform/Native Sentinel Polling](https://docs.microsoft.com/azure/sentinel/create-codeless-connector?tabs=deploy-via-arm-template%2Cconnect-via-the-azure-portal)\n\n**Data Connectors:** 1, **Parsers:** 2, **Analytic Rules:** 1, **Hunting Queries:** 2, **Playbooks:** 22\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/MicrosoftDefenderForEndpoint/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Microsoft Defender for Endpoint](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide) solution for Microsoft Sentinel enables you to ingest security alerts from the Defender for Endpoint platform, integrating them into your Microsoft Sentinel Incidents queue. \r \n \r \n **Underlying Microsoft Technologies used:** \r \n \r \n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n\n a. [Codeless Connector Platform/Native Sentinel Polling](https://docs.microsoft.com/azure/sentinel/create-codeless-connector?tabs=deploy-via-arm-template%2Cconnect-via-the-azure-portal)\n\n**Data Connectors:** 1, **Parsers:** 2, **Analytic Rules:** 1, **Hunting Queries:** 2, **Playbooks:** 22\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
diff --git a/Solutions/MicrosoftDefenderForEndpoint/Package/mainTemplate.json b/Solutions/MicrosoftDefenderForEndpoint/Package/mainTemplate.json
index 32924bd6258..0e8c841b287 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/Package/mainTemplate.json
+++ b/Solutions/MicrosoftDefenderForEndpoint/Package/mainTemplate.json
@@ -7277,7 +7277,7 @@
         "contentSchemaVersion": "3.0.0",
         "displayName": "MicrosoftDefenderForEndpoint",
         "publisherDisplayName": "Microsoft Sentinel, Microsoft Corporation",
-        "descriptionHtml": "<p><strong>Note:</strong> <em>There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</em></p>\n<p>The <a href=\"https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide\">Microsoft Defender for Endpoint</a> solution for Microsoft Sentinel enables you to ingest security alerts from the Defender for Endpoint platform, integrating them into your Sentinel Incidents queue.</p>\n<p><strong>Underlying Microsoft Technologies used:</strong></p>\n<p>This solution takes a dependency on the following technologies, and some of these dependencies either may be in <a href=\"https://azure.microsoft.com/support/legal/preview-supplemental-terms/\">Preview</a> state or might result in additional ingestion or operational costs:</p>\n<ol type=\"a\">\n<li><a href=\"https://docs.microsoft.com/azure/sentinel/create-codeless-connector?tabs=deploy-via-arm-template%2Cconnect-via-the-azure-portal\">Codeless Connector Platform/Native Sentinel Polling</a></li>\n</ol>\n<p><strong>Data Connectors:</strong> 1, <strong>Parsers:</strong> 2, <strong>Analytic Rules:</strong> 1, <strong>Hunting Queries:</strong> 2, <strong>Playbooks:</strong> 22</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "descriptionHtml": "<p><strong>Note:</strong> <em>There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</em></p>\n<p>The <a href=\"https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide\">Microsoft Defender for Endpoint</a> solution for Microsoft Sentinel enables you to ingest security alerts from the Defender for Endpoint platform, integrating them into your Microsoft Sentinel Incidents queue.</p>\n<p><strong>Underlying Microsoft Technologies used:</strong></p>\n<p>This solution takes a dependency on the following technologies, and some of these dependencies either may be in <a href=\"https://azure.microsoft.com/support/legal/preview-supplemental-terms/\">Preview</a> state or might result in additional ingestion or operational costs:</p>\n<ol type=\"a\">\n<li><a href=\"https://docs.microsoft.com/azure/sentinel/create-codeless-connector?tabs=deploy-via-arm-template%2Cconnect-via-the-azure-portal\">Codeless Connector Platform/Native Sentinel Polling</a></li>\n</ol>\n<p><strong>Data Connectors:</strong> 1, <strong>Parsers:</strong> 2, <strong>Analytic Rules:</strong> 1, <strong>Hunting Queries:</strong> 2, <strong>Playbooks:</strong> 22</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
         "contentKind": "Solution",
         "contentProductId": "[variables('_solutioncontentProductId')]",
         "id": "[variables('_solutioncontentProductId')]",

From e0bb0f7e89f1477bb203fa9131fffee483cf86f2 Mon Sep 17 00:00:00 2001
From: v-atulyadav <104008048+v-atulyadav@users.noreply.github.com>
Date: Tue, 7 Nov 2023 11:31:28 +0530
Subject: [PATCH 08/15] update zip

---
 .../Package/3.0.1.zip                         | Bin 30007 -> 30007 bytes
 .../Package/createUiDefinition.json           |   2 +-
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/Solutions/MicrosoftDefenderForEndpoint/Package/3.0.1.zip b/Solutions/MicrosoftDefenderForEndpoint/Package/3.0.1.zip
index f71068043897f768239dba0d7c6b1a34e0209b36..ed49c90bb034bf8f59a19f674d7b8d89be1b3fbd 100644
GIT binary patch
delta 2031
zcmV<L2N3wT>H)Xv0T)n90|XQR000O8(_3d(>C;4|r3wH5v#}R21AkqXIg{4A?{r!#
zW))$h$ij0F`Saixf8HZQXZi?~DC8<wavD&Tg0Lxi4g1r<u_v@spxeOi8=$tR7&vG<
zp@!B1Xf*l$5Ip3JDgapfeSqI%P{GRZh@2O|Lq+zi$gD^HqhN}&nj93dnn`)>Mh@_-
z%Tq>GMpBG&I+KOz(0|Sb%2<v|MGVNl$mT8;=-s`z!YR=Apf_w}9bL?tX{V8pU=lWf
z5R2HEl1qpvoA5516r`C>UzPr%UsU;fRGr*B^|pmnJkK<Gryc>;T<e@hOoLbZ(?=FI
ztPSqit+j<U!yUws9C>6Z=Mc5J*Cf2EKR!2ACS*iA)dfWXjeo(V)+ez3;4wrx=JjVh
zMxQA+8Il`D77PN>)Nlxx0eInjPLoO%E$%+Igz7E1=76|mt#J$Mr9ppEvdB01r-)on
zK5&g*4YNiS&5g=m{V(Olbv0ADMzgHRpjJY;LB`YZ+e(xsS7w#7c4bz%bvRb(IOh<f
zMoH0LC8d~flz*aUv3bq~)?{S1sx_uTozxJ9G9lEVa?iaEh*bjQBmvRS;?~}P9S#$5
z_sfNaAk`NvTbQKZQeuA)qJ)Ft-r%a&Ry8CaZMvK!kysP<etI%#dnQztCb1{N`QRS?
zW^lqmJRa^eqT#*)^oZs>@HOqx!QR1Mu=lrMZ+{0E?tijw#Zs3QZ|-TpW0|H<ik~Q%
zpFm~Qq84<<1d?}q1K@YW5-DO=u3uRDK&rjv=ru2h;lvm#w;L`55omXriH1uwJVI~j
z651#z>x|y8sSO+!zo7z5ZVi~yyzd;c@4}<M(++^0LAXTnA@Otra`Yp?njVhOeIrj{
zN9E_h@_&ONDaShfZvX^+4(ZSClVbwwdoSAgG<7<k_711L9jK;&%&r=eooR14?O9H`
zXFu=2)>mtOioVSii#IW%sj(W8nnd2wu1fTP+CBdwcp$1)iC=en(^@ib5zPdR*@PR*
z&7G9Y)lD0jZXM9OIopQ<<b&DBH@C*e1gIZFDu1}%SR!+mH8)ZTZii=-4qrlL**s|L
z(a095_-a?_9bHjK{t1P8L^GR;?xG}7p$()dOi}g_2%+2R@G9m)GM<AQ-_{)tiR+#V
zENh@lcFlupoYn*ZaIXvOMZsg5MYddaB}ZMLV;vm!+N%59{A}mX`<XYeaixA`BeM=0
zQ-2rY%ApzHQl_!=cE)#AJc~;ML95hZoeb!y;2(hwmr`&7JZodP>g8t4pb;af6cf~S
z33C$jIdrnHDM1BjJA}vDVy2$7V-B}8c7(CQ76H5~FcN!B0@W;3|1hZ;O|jAk&<49!
zEhA`>gAG8oAxT`}jeVi(^x&5zHZBXt7JoVspkxlZ1(%3G0L7(6`%OJOypw=`UmtvH
z_rOECCYp%2(Jgo;F?O2vSU=eA0$T4iZszXMsQG>icMi&(*Ejy$9%w7O{-{dtyQ`6^
zM()lC<IZU)s!lycJBvg23>h3Cr7Zl8D^$X$>O2gWL2KMzcOtW9t=>wC?M&3o;eWO{
zsN(Eb2BzkPNGto)5M8oHRDp=@yL0{JgkVeVW;ST;q`x8L*V?o(_Kmf<T^v75q?!VO
zl!_o`1|!xasBIm%)c)x0But}sJU%+JcO^k3={t9c+`KT~D!#W;|Ni|oe}R}LvyBBc
z5WFuac??Mnuj9%14M{i@{{eZ*W`6`4qD`>AEdudhm#H?G?~FuCy1oC{Wq0_H+tx?r
zb4-VP&h70aWbY^`o1BX>laBEgg%}%EwlF*yPtKf5Y+{GZ@2~gUdZU=$HY~nj^NoS4
z=I8bx@00y|cgfa`^lLY9chvrOQErR7ZO*<w@b&x=&)^q9R~4DRnqFIp{(pc&)?GYW
z+={^D>mhhevA<Ou_F{em5N#-M^^ib%rsT}x#yEb;Avd2hsQSo6N<m(0aD@j0(v|?<
z1DIl@Bv9$ul7vQ)#BlIeNdT+}nqDW+q9#-)mT=AmLy?-#EEr6Y<<gQA83!rJT+oHT
zt)x(J;tLe+l+tYFBhKNkjeonC>qss^HKBW!YKH5|zbk2ckgD`Dv0H%oj5G0iU)?`p
zOKvavp=#GpmS{8Lo<Z;_Xo5x`d^PrO?YmpFQD5}ki`Oq7zdpa15MAh;M_d;6@`S3l
z9JLiCT*M@I3g~!XcnD8E_#QmDA^w`o*t^#n3130eoB<n(g^vpjh<~N^DP1uY#zHtx
z^{<r-FQoAv#yxG4O4BnMUB?pr=l{t|>yLX@D0%tb*Ik^Pbx!}%Hnj6F@^x)!H;3Dn
zLltM=OC?l_Rrj5?kYOSxJoOLc?((v#jbEt<3LvBW+uRsBrL?|NIxp{(`WLUp=Y#r%
z{L8hKtE=pz#LPbZ3xBy{i2nFj4;7=6icw#*HyE%cyX6iGZ|+w1{uVZ`E>mO6wEJVK
zxPD#is@ibhWA_I|<XJI$fHu1JhTm%WR<+UYsxhwm=u-4=*GYFll>4Q6SCNIui}qVp
z{dyNP-mrU@bFQ@M|H3CLaIyYZJX;MJ^q4}IE9|>ddHhX%@-Eu@mVKitWoW%m^;(jZ
zAN>|d{gQ|@9jBEKqgJQz1OERHP)h>@6aWAK2mpgyv*rrJX${j`XIJUdM5Uz)006U-
NwsbfGgIkmEbVsm;^8)|?

delta 2031
zcmV<L2N3wT>H)Xv0T)n90|XQR000O8yH;mct<J5Mr3wH5sj(L@1AnzW&ZPC}J6+WZ
zSH;yRvY;G9{uKDdpYq7inLYy53AqZEoCZ{-AYzKX!v1t{><R4@Xf&|<2B;${1`g0p
zsG&968V$Wa1iv_=3SiZKAK>>G1Ya2*k@Et0sK}lbnf1ee6ijhelY{uHnUvRV<N(jQ
zJY`g6B*oaKGg+7pZ-3pu7Rzy|hynQ*+1#aqy1N%w=mh#6^oEUGql;NH*)-A+Ou_~b
zSP?r@atU!{)7)i~f;5xptI|vKiz;i6s*{_i-nNj6=b1*I)FVKcYn{`GY4Bx#`pANX
zwZR>`wYIQkxPur{B9AQP9AZ`XnuJ&N$LFTXgp6pXx}X%GF@Lz!`UF-TJcjtjZ2pYL
z=riReLvq8&f<gG18Uz6;041EyX;P`8#ogzYP`xGB9B{U*Fm7SJH0V!C7WoGM6!GfG
z2d>epVb-Xkxl#G6|E1ixu3;+IXcjXWR7fZ{$ap$_TZz)-%B*tMuE#334#z4T=Nw|x
zC@I>jq!bg5Qh)R;BG0+NN{q}_wZ=54lN!QMCImQC?zz_iu}XkUBp~`(+}azk!yzH=
zez~v^r22wo3zPI)O6(6plyETI8(j6;s)m%KO_!4-5-Y*pPfsRo&xCr?B=$r&AKatg
z3{E(R$HSdQG~73U9?_f!zLGsU*gMz@_Wl;^?e74?U4PcCSn9Ik%{>ixEYlPU@DnBT
z6R3w;)Pl~KK=N*H0Q`<vB1P<q^b2brNU*mYz2*fmoET%hcEg1r0_`p{(Qt`|N9ZkG
zLK_9eoY5OLwSmLpH&lShtpQV-_nkxbU3m0&+5xaL2$x7cB%W?Sj(#Lq$-@!4Z{#WL
zsQesQet$3|<yfcx4S=A}A^q8Xa!g=-??pSGrcUS6-r=;j12q(o*;PZbGwlthJ<Cb=
z?B^ZW`fANj(YLu`@g_zzHC97XlgK;TRf!%@vFBd|4@A`}@#}7HT1)0FqM4vEn{Z>f
zxs#H)YH1_Wtpj>DXZuiqd@vjN=GOR_0QF-?1%KBYOJwe{=0+;P?eL7!;Y+A2TLx`C
z8rdQhU+vnwqZbOvKcPI2Xl7H<U6dp$w1G5*DasxKA#_{yUBz5T#&dAv+j_zwaXoW^
zWepU^u4QoT(wZOu?sZwcD0ob>$QH@2<fzMXtbW5@TXmnCpY8m4Kl27QuGFt=WY%G0
z>VHC9IWz-Y$}|?-&iJl&XK`sDXplOrlL0*y{3FoeQVLFhXKf5u9o&o=G-4!`VuHHf
zU`}E_hyE2dC8z*xhwxZi%+!;1%;A>CJ}_3;7=U*LMq-Capqhp1A0{=UDOUOb+F;kJ
zQ3OqLumQ+6B#A4$u^V*#9sIJyc4gt%LVqU$l*~c5;1UrCpt!VXzp00ZcM|aL>w|CY
z9(YLCL=zD=x&_Z9#!k~7>j&FiK<mB6ecU}7HQ#UH&Oy2J`o^Ez18rs3A64mncQsPg
z$lV!X+&K+J)v2dwXL0D6A%g>?l!f1Mg-RGzormEvXo%bEPGr`s)murior$_R+<!I)
zRh<3Gz|_13X=R@pqD$6@DiG0qcdoyj5Nyfa%m%HU^f!e3TAMb;zOgp9i{pohR8t_3
zQW3<=V8ogPwXFk}+8@20glY7S$46)Ot|X`=edn%@o7d!9#rIa~-@m`+FA&pYwy~fF
zg7*a_k0GhyB|I6wAqj`#KOj%pjDJ8wv<cR?MIip`GSvq2osnosxAz~r><%At+xn<{
zj_HukxxJHw>>VX#lXFpK(lOqm5M!gt7KSI|$(d7$P3(~Q{iS|eZxqwphQ&8*zA<ps
z{M;VoeX@V=F4?+~e(fgij@th&%58DC&Dr+{zMeng8T=yXsv`3j(rYWxAAfMjx{F7P
zTM?LiJp`{Q_P2_|Ud(R*q74PE9ui2;l$=@I7{^aJ<mPh*RUes1DadOLuJB+$+7jS<
z08@;V1S&mSlF%rU7!Lj_34j$r)9VCU)P(B963)3`C{pur1%oNFTw0PM;~*uO3%c;P
zl@tn2e0Rc~Qkt!N#5w%6aeo(c9myrACUlQc&2U}$*CdV4P?cULb_+0{aVB2xtNSNx
z$?ZiyRPFl75^YA@GYCEaP0;9rug3nZeRqpC>WjX6@%rWC*XI`#q6?k#h|9uWo>29c
zqqd@ii<sn20UZwv58=rN--9PN#9xycd-qx+;VWpGGhjop@NuC5v46Bar7NbwSP18-
z{*991g*4v7xCc#AX?jMZ>sX@y{6BeV{c+C<B`@Fmx{H&u&goy;hISrCzOD`J=5X6`
zsN(E<sf0?g>b}z!GEC%zr~X;oU0znT@hcTU0c4ban;S!?l-74j=jEMJ|Kip7d{DoO
zf4R1Db(MXTnArz^A%9m4(I5ZTp<;AWG3tx<1_Rb)x7=aj&E3l0-@@kAWom4hc7H+@
z*RP9RRU7Vm?EZ|1JS%1o&_>tZ@LMh4sy5nPHO5sRU5ftgI_WNma=%pXDzY$n(SEC{
zU+;p(8+Pw<&XqR(U-)DNF4q5wXR9HD9#iOYg?)D_kH4u;UM_pzvTszS46XO6UQ4p_
zqu(N_UlNg~<FxW&)an#|!2kaNP)h>@6aWAK2mpCjv*rrJX$`wpXIHJxt(K(<0060z
NwsbfGc~+C~bVnw>|1bam

diff --git a/Solutions/MicrosoftDefenderForEndpoint/Package/createUiDefinition.json b/Solutions/MicrosoftDefenderForEndpoint/Package/createUiDefinition.json
index 02b1132d5b5..e72c47935b6 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/Package/createUiDefinition.json
+++ b/Solutions/MicrosoftDefenderForEndpoint/Package/createUiDefinition.json
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/MicrosoftDefenderForEndpoint/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Microsoft Defender for Endpoint](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide) solution for Microsoft Sentinel enables you to ingest security alerts from the Defender for Endpoint platform, integrating them into your Microsoft Sentinel Incidents queue. \r \n \r \n **Underlying Microsoft Technologies used:** \r \n \r \n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n\n a. [Codeless Connector Platform/Native Sentinel Polling](https://docs.microsoft.com/azure/sentinel/create-codeless-connector?tabs=deploy-via-arm-template%2Cconnect-via-the-azure-portal)\n\n**Data Connectors:** 1, **Parsers:** 2, **Analytic Rules:** 1, **Hunting Queries:** 2, **Playbooks:** 22\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/MicrosoftDefenderForEndpoint/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Microsoft Defender for Endpoint](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide) solution for Microsoft Sentinel enables you to ingest security alerts from the Defender for Endpoint platform, integrating them into your Microsoft Sentinel Incidents queue. \r \n \r \n **Underlying Microsoft Technologies used:** \r \n \r \n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n\n a. [Codeless Connector Platform/Native Microsoft Sentinel Polling](https://docs.microsoft.com/azure/sentinel/create-codeless-connector?tabs=deploy-via-arm-template%2Cconnect-via-the-azure-portal)\n\n**Data Connectors:** 1, **Parsers:** 2, **Analytic Rules:** 1, **Hunting Queries:** 2, **Playbooks:** 22\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",

From 9b502968d3a4e6f0d56507c135897185a1115c48 Mon Sep 17 00:00:00 2001
From: v-atulyadav <104008048+v-atulyadav@users.noreply.github.com>
Date: Wed, 8 Nov 2023 10:41:19 +0530
Subject: [PATCH 09/15] update zip

---
 .../Package/3.0.1.zip                         | Bin 30007 -> 30007 bytes
 .../Package/mainTemplate.json                 |   2 +-
 .../azuredeploy.json                          |   2 +-
 3 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Solutions/MicrosoftDefenderForEndpoint/Package/3.0.1.zip b/Solutions/MicrosoftDefenderForEndpoint/Package/3.0.1.zip
index ed49c90bb034bf8f59a19f674d7b8d89be1b3fbd..cbadf28694e1401911ed458ea593b60655541b4d 100644
GIT binary patch
delta 10875
zcmZ{qRZN~?v$b(|cXu!D?(W6iDe~e{cyOn<ySux)OM&9<6pCAMcE2xw{$wBQlev>Q
zU70o4y)tcQ;B9B%$f^pEP*`AKU~piAnl=r{D+tKQS~g#sr(jf)ZNb0-nr;x5MS%PE
z?(Yk!7CW2#{+~EGx!;o97s>K=Jk<z9Xc+6*kdPYw>Uj;BUG_!yIs}3tr3@gd??N~`
z<2b_z1O)o`K|<mzf@9lkga^Z~gJbA87*C3LFphex@|5pY>$a)g8i5ymLl&OzOlXz9
z{X^tn?~;8SmZ+Q@-KzDWnc6?O<_%O*A?t}tlUBV6mYQR5_0&@RM&DD3S}V_m8>8sc
zV3Z4riBe)03H1|C(Yby6Re}#oWBybMRkoLG%N3qt_@0&`=|G0blu=s!Q(<>C>@`?{
z*M>ArRaoxC-7gxCggSu+1V1TF#3H6WyN9t1mDb;S*b)Gb?F{$kMRj1*AO%qJUI#*w
z{=YKt5`ZetFBH{~LkYpzp#BL5Nkw%32-`ETrw5KP=^G>XB6^I6UgfzQHYo3WOP%Tj
z$5jqVd7R(AHT!W22D1bXGvX)V5D+-}Qw!2s^{f<mHeYkiN`<;|3p0CwGMvK(()zmo
z(%f4Ujc$>lzkh425m*TRqCr65Nva@&23^H#Qm@pzxHJS^bueDtslTii)D>4kkXQXC
zj6*1H$oJdfD1Ip!qIOjoG!~^N7{JXC;~P=UZpMDCb28QC8T71W+2Gj}KQ2w?bHGx%
z8z=S6-yBzCT#fs7e=`3h+-)K_Y-S4@wK+eQX#t^Tiqd--3g9U!K^z{KE4&PXO=qY_
z-j|$_prM;5XecN>ZBz3~A;YS+62gNnQS00Vchnqb@eEkWZS!sj?$pg2W(WZ%zc;<y
zDH9;w)wsI!l_f!pfMMQ7Pz)9nb-%pyRmHA^<ahfkL>H#Pydr%}(qq-y8J6=~=x4gA
zt<Tpj1lq@@C*ZqKr}o*jbbw7q73l)1%yAKRU*2WYOUHgSqUwUr<Q7a(#_XnxgdFWe
z;C!+Omop0l%Aa--v}l<N38u*gsP0-P^pRq!1*&23wTNJy@kzdjkxWshL_u_SQJl+1
zSlE7NFeG8R|30@Z#9+bjP*?#8D|;hgXr8YU9r1vzcbc|Kn@BZ0Z&CX}Ir6N{(_^^$
z=QmaSl1c6jHnoe~e0CB6O=-mP7}Tblp?-5gmIw?x%(y`7mhMVkDrwm6L6pe7c)Z=F
z_)&^;VvJy6=}*G~LbO_tYz$01o>vcn`ezX`dHC?S;K&7&i);)v<rf`)XB^i>gMdlM
zC{#d>@~BpVOr0Wjc$P45p-Ly}COVRPTwst}#0l7$!dGp*cgf|DXK4y=p&aRwaHp(i
zNwZcDUUFpWl*ZOBBGW(`e!c!U;U17H<O&zskAv<N3lgGeaKy%g#Ve{%O;vZYR<F3A
zo6(#8hzHYPiu(G9Y)j-6oKOD^kH24&QXU8qL}4qTgPUhM1O-$yM?ose*|mbFv)kx{
z*-ZWrSK3|F;_P}jrhS9*Qiv;}kn-P0mkk6{xX7Ooc)Q>3y?`DV$>RCx=#)2d^SMzS
zR+#uQxU_`yMBhpV4tLz3;bGjrSC%-oS2q1b-`HR_E%#CIr6<6?%<Q05?_g7`919q#
zfGIHBUM}@G2-|8NQnAdd+;|?&KJKlZs-J|}+AGyrJBOvbn~zE}`pfrj09uBovlX%o
z&uZM5U0n0z-P9C!pK;cR+Za<yG57Z}+@a`Kl`EFpOm0LE&q_>jZLhf8FO`)vjpGaY
zQ&a-i;Jm-9P8_IkGs}bGttTU>Ap;CZp)fVG*Uv@m@{!8Zj+9ufpyd@g6AGBjc7nM^
z(Kr~IC<l_;iMq%OH3c3fGi>NQ6|M^f9uo1(DhtGCzrBm1Lgu^bpfN47i^}-HV%D)*
zd~w96O}Zw4YSdsbfNkX%|8<$Fak~oBIwV68et|^vtxRe4#~QOtdI%h6Y6jqn9-d30
zJgL~}i&tx;?T30DlSIF|w;cXg#QuQh!P;zrWZv#F1j|R9|D5$TCfU!|dsq;D-&<<O
z>8$YJPgBj8%{0lMP<kce3izjU>Mes|NAr=H6)?9V%y0?ddUM}-hHOiR<wDsG4&W!D
zAISGzM#AtrZ_M2A!!RYiw0Qx7P+!c1)dJm!A3v2R824_FBVX_F8OlbFH>u@fXZFWD
z&_U)V2;13-atFWXzPk~!vmVe%KLLY=Z$n4tV=76AsjvtfE<}Y@x^4<pNsfMZW(!F+
zUua1!?USDT!h6UO`G$&!7xof$NGNhFCiI6{8!UFWH`~T->>VU>xgvqs<=;{z6dH9V
z{a$QbtPa%-Oh^hyAG-|+vD|`Z7xNwq#l1A>F)a-=H>0Dnd`9iPR+N%7(G3Kplq3#|
zoq=~;tX1E+8>X|3Dyqe$424iLl>`XVbblo`MKe~QQS@2sI5Un_*f`LPpBXUI^g0T5
z-zTRs_YTjIm+?$A`Y8ajd&fLpC*S=faHVRxEOC4O(nOF(HZEl{mmRT`cJNgE{qyv$
z@8(0He~$<egX^u#%LUH#4O-%`?Qu47WD~&k+kh|>QYSYtB49!#!eI;9W+^wE+P((6
z^#~fPc|<=V?ZVdNJ12CrSUy{)>qrVPO@X1c+?tc8e0E2v<MamDUH^I8Waw80fI-3J
zNRU};VT_5qE!waY=hr}JrpZ_K)`)U~5jV}BF=h#8WhvEPq-SU{@`CV<seRhtr*%gI
zCwP15Cv16rwP#E%(>^Vaei6_W>M2mD<)!uC!2G4fc&~q#y}#Y#uKS}exkwkui62?}
zZCI*sYO+K29z_Ny?EA!j2*J$vpyR)>y;kCex3R)eB&YE+LsC#NOOiXOlq~5YbMv$w
zTQJ+)$|1g-{n3IrbhVvBOr1kAvU-XBC7H0X|LudNBUik3m$#|_e-8?qO2%v)g-xlH
z$F(yh+ekuGm?j_qYr}bNgY+IIT&n?jfQrU-T1j34R!<b*OZHUsmJOc%N%<|IS}H>8
z=}>`bXWI@9Sz1tH-aG#NS0HX>Fm6;=K1@HNU7H~?okT?*w`!QWWfpT`xra(Vk_^h^
z97^(@X#nmIgu)O#7}oJ+;yo@WjM`mC+=j`VeMj6=I7L%zYpPcK;7%W5Gxy?5Ew?Ft
zWKdhQ=0OsGz0G1KQOH=fSd)#G#h!}2LGP%l7F~8Ctp!32)RVS>CHeC`vW<?7wVvsl
z6As26oTTR_7vft(#GBJ)CN!UcjFADp`g?pW)7*7OS8cyMnr-NEXo8?U#KimpwD>n0
zHBUouMdVeO{6YpDB+M?0(sFTwD%%%_WJ78jm?~WWHCN0wxt1|NAFHtnVYlU^#y|ti
zX@@ot+f>vJNPo@ByZW;PeT@%V!J&$SJ`2Hdg7y|C$xroM!LgAxhW-7!mRS|4Oiw;;
z+7L8z9)L`^=$o51v_MzaDWS|{fAj3)cC(0|3^wn=gI7%YV_JssLv+jf!F5CzH^2BH
zxeFO+;K&&~`p0C6!K?Iu-EJ`y(IyCRrj)rjke&oV|7X2U|7X2AO0Go=#r|8bo3h~`
z%6ph#stZYn!-%foe2ph`&q%S8c^nj>2KM`qf1T@g1tbzSlzf{d?f}U6getUW<FgE<
zL!hEDHi5NrD{1_bmgTmuV*GO?<QjPTvV3PO(<JrACjOa+WdYAc@?xC6d>dufUYXwx
zhmdE2QUiCXY(8_+kbKdc^Ukr8z|v2$ol9h#eL4;dNiQ#Eo-<iXlxm)SsT%<4597o@
z$U%;slsJV?#MQReYtCG`2=hLVl`>4tVWMF_?`mk){mxoX$Z=24!#%wke+O2_7GXJG
zXa#C#+wiWu(^LjOigxS&jtlsNd~$fL`}&*;oeKHi-_M)uLW6Ig%QaBm)>`xHFp(7{
zzI2gtCez&Y{=&^uh37%uG4$Gxm!u4*(zB;hdo`eJpdo5Ywp-dwrMB90ZEvb<ZyL0+
zm5tN+M&}Ogzf3S~Pu<SF#tCTK$yOdwap<|di)$_f54SZC66=gxx$gO)(si;RbM>MG
zUN>RwCGNz?)=e?M1kj$9*6Y7_zx%OT&uuJBJqOcu#KbNCz`8=w>h13|NJt>4_DETk
zG%02mF~xu9AVOH8_!^eM?;yh<5g^RKJ~H=*N9Sc-vLfo32rfkgM+e}6hfA5&fL;c7
z=@K8R`_jb|k?jZH0Un<UHD5%%vtMhvjk$mqN3(L^>^0@jwE`Put&T@wC1*+q!bDX(
zPiLG`-W)DM?<$UvE**w6j!q(o<it=#{gjNtR)9I9$V^?&?}SzmJSNwP4EIvB;F<k`
zX|>FE@U_icWPr$P!yUkAthb(<29$PPkaCMt2>911;RG_QAgg(j_Gv)N3=1I$k_AyR
z6*?o3covOfNGE+!PENa&TlRj@gnPU&^*9FMnWcWb0dw^hmI{V?YFR82c|n|&r$td?
zMperzRZbJTq5R<VUsr7y=yl*uvlAVn1sE&!^eqL5`j?n39D!;r7TFguyA|~t2u)V!
z{>QTwx~7(Uj_Y1+Jv?V?MsG0Eg)?PsgEweVTrfTo4<5$dV8Y(0*517;I2tvhF?o`U
zUXHcibS;$cH(R_`)D7o7#)@G^`-*XXsQn_TKFCne$_UZPY?7g$QL~_Mv}NY=+c_v-
zF|(7YHBJm!SfB$Yxk7AhIsG=9UJK@o+@9h(2H&mN;@iIFAFh}*vCN6l;R=i0W~Xhi
z7{WQt{vK{QY{V`aPrC%B)vS$SmFP5y>Eu3)3W}XIUb{PI23>BN#ukidHHZt_AeY21
z!MuYQv1;q_7UrkRp91R?^B?DkcN>x5R@w^{R~x@a5rO#d+WK_L>g9-B>@?)ib9Q_P
zXo?e!==4$^1-Ce94ULy-6i3MTxfns3A7m<DHD!rq>byGh<<Bv46UH{F6{0tq4~M3C
z2sJjod1j31$Q_*;WmW$^?jhobwr@S<MJJ@Tudv$CYR1;AA!Qx~&y;j^lgrOUtR}=~
z^MD;e{{V#M^CXqb$O9}~EaEcu#?4FK7%KZL8ARg|pj3YJ5LB1JnG#nO)5TzFC?r+e
zi2OJj-6UhRZ}S|(HY#T_!XqVnDkZM}jwh1WAexgS^!;HbN0h*tpnG`vRB)QPz^8=o
zjqA9$C=fAn(utBW2QGGQmeVHnPqshd!U8=U-9Dh5Tm-uY%}18(p{*EWFd$G9?sP;N
z+r0dYb(&4^*1Yg|gxqcsNTo}L*i$o;hi1QIi7+jqHI$B_5Hm(?REf$AR(Qk?RZ1E&
zEmIP3f{?J3h*Hdk_#a43Bd<Tehge#WBfgs2HP9*-J~x-;!-)b-s-AO~RbJ<HkZ-D>
z05u(GSOCMDDptV4Z|d?Y_F93^c?mWhD)<FTOqi;GlUc}zBe2TKh#ZKh>13IF*=N@d
zT4}gg^dTeh4#qt{+bG6@z}i9l4oUF@p%J@g9Tbgeq5*-VqBNz%tAK`A$5L;2gDT;=
zK#l#)?X2$=D(gSf^pr;j|GePH<t0mI0@G=g--eGAQc_%>)w@zy-3MF}N;`6W&e?19
z*3{+5;=&V~WSXUtZ@C3#_V_rS=lO(g<%AP=9SHtXws+|{YD%%I`TyusFyrz_?33M=
zPy7oC&z-XdO4gVr7}LC)yE0^&NS7>03@wk<X2#IjkF6RbGZgO=vy|uDmX#s}fbs;4
zze@PndUl>lF8eq&(6*p7EYEflIZ(8In!Fr{OODyzVuaa!hKA9xqH#uBS@R%<I-LPM
zm!Aa;c-95w9Ul)`jvNW8q?AoXRi#9hLF<a=OhskAb6hdCk5!odN`guwPVVts6XOud
zPaf86KhI|ou=z17G4=O%V=%uXFwyP0Cg%E(xu2wE1=~`P5Pg)aXwhLsLzwH6XkavF
zMd0EsMmUT3V%NBs9CRKNwSS0M|Ew!J%!>97;)8uQ4{Xu%pB?Z`GyPRUG>sD`tE;{$
zy*><?)aiH>4@NWAC`Z1hjv|kUcw8?^Fz=(STffU!uh;~xoh1iK;<d*HY{j7qRY!_6
ztM|c?7KBeywBa6@Tfs+pXo)!%{tr)MIm)m0lG3uT`eryOb^%FH-}AyX`HlI#yATW3
z!xqtCQf#7V%cIwg9=58ONRss<<W*4q8OB$8$*^>ww3;A52{IF*y^f~B%yjk;c*|$`
zm0wX_13^dIzYswo_?+T?#+YWQYS=FHpf=XRn9EX*{(7i)%%V%MR;oo})v%_sVx=)9
zI4Xap{CC}gm*;9#XNoB}mTnEfZrKv=oAz_yBB__lxt56#HQXN^YHHK$bUi%_sST$z
zQ#7OeS!t5q+fJllmLZcpH4@h@04eykY_`l9AErrUvg<4JP<}oBpC-Ct9d|jHJC&vO
zl3_f|yt)%}!;+RXF!kd^<kJ68ObOj2!d~XTNmJYSZ%ClLXEn(1ABtJ<lRqj=RZja>
zFOhwgh%D}($_zD<haiFlozMBg|NH7S3GCAL6@GWJ-P~xUP1ZRdpjxni;I*V=0ne_^
zRsdUhhH@TkJ9FvpAaZ7b&7K0cPP3aj3eaCr>?Csb_@&DOyO}TrPRoH;JYtB_&NTu4
zb+gBf4%VQ;o||u1KE=VqwUEG?X+SgbdhrJ0N#Q3r&+5;a&?)dS-&_V2XOwo-By^gv
zlhkY9IMz`iE8M%8fBBCr;#U)T`TVtJ=YR|rR>2F4D1|4KMCMw}RsNO@r{Rt&`~9{~
z`~&_RhKp4i^K8G#=IPg97L_5V_!tmu=N{>}T~`c<fZ8PG%k23f&9qoD^|Is%#f>5X
zGgVXOm8pN`ZR0K2kp5~T^jQVxi`Y7@-pt6bjhPunPD5oofcLm{q{>Rr+Fp^NQB|bO
z*G7;4jZY+F<}8*tLswXwHc*C-Mw=nV88t8NCS;<c4FBC#tX}gJUTV9uJ4H9G%YO7+
zt3N>tpNOQ>3DTcwP;&Joe!#3JAXLov0MqGmK2Khb^bw=BK9z06%j7wCT3klKHc+s~
zR8)ptk#A!dplQXB`y*PMh!Y}9!)ycdnQbMXE!r;vy^4zMgCF&hl4#hNo=>8N_oZRb
z%!SN5O^xIe5$tn5d<e2652tw^tQkTUanbO0yl5WbzQq<{cRdiN4(_x9OQ_f=KL8E<
z-RD_tWp6niLNx#lipWA8N>nu-o2(q1I56Lf?C7l#kePbPOw$t1Lg$A>u}iwZn0ck!
zWkEpOGEnD-5uQFPid|49C7`YRJGt}&pDV%m<Vh_lj+rOft?*KVs6vk=4d;{zbiaJ0
zM?c|yteHZ{$rJKAQNV>8y02pSqb~bP@Ans5WsANLrn|80n-t~bMT<KUCD|D+1xhE-
zgD4|Da1zT{PjTL<Zq8t6P;AV0U%3mN>MRvudu$Q3lpMhQ-B5PMv>=B1J1Q%hZC+YF
z&IrLZsvBL^ZbtCY4HB>V>Gp1lY_t577qy%yQr(}S;G0EBf?>uALXa1=E?@Z9Gb|(e
zhJ9N!_O|`!8xoEXDVpK^ez5csDS5$X6m>xiU}m>Hc9lN1*&W`DKB|E!LZ=&9H{TP$
zC58<=f5UJ>EJeQ<jgfq+>X*Sd;_m0HSjscWRDQ;b`>8AzL8CF<L1EM@@*5e(VRQ=D
zY-`HiSh(Jhod^D_rRA&3xl-@2%Yh{3vLlimt0QqEVD;gQeqO#^s7oERwZNk)RNk`*
z=tt*2x>#mW8*3hPw_b`}Jii7QstR0rZ{>S56beVsJ>KRlI7m0#RixBNIE2)6A<oJu
z@aD5oBfH>cr%98M_IB-dFF8MGJ)t;ogt{+<+qm<m8cL)d3Ay2B3ph@6|CxObc{W(x
zPX?(wL=he&SsFRBa1e!W<GB_hxA+2p^w#8nYv^Xi5`oLt9DT8gn7{`e+kL*hwXQ4$
zdL;PMR)mwVP?tK2A}4}QhxQr`oR*xO_y97J$WFeW4%&47l-7$I3%+?ZiW8P^+8)JT
zp5?dD%STZ$i)@>s2ob1Z29gCK)!qBbkK*#LnHU3mWJmoD^Vz~yucq?J@JMPv0P?=>
zW*2>4P_YW62~0<4GE;Geyh8yVfvG15J3e(J_75EM0|vxnA+^}O%|w*VRI#umZ_=RZ
zG!ApNm{u?9m=RNca&=n!FKow&!>_Y)=`ltdYGAf0j+4b?tO5kCAj4AcY5oFiR9O}3
zP>1^zFB6|Cgk}vvf}RwtKt*W4AdXs#DL*fu%2zBx`6fNwqQq&~oTAIf)0n^l(Vr{p
zVdUF=FPDdp@dC$r821`=Dwr3Iw<2kzpkcx}KTf1qC)u9IoYHN27gV!Z;yzb?20U^E
zh?1lvfs&*jjgg-GAE{?uN>7$*8ABi8N}4LNmUQ3rF3@rJj^>~($!G$(tCHl20hYM$
z8;9(<AFrp`XQJvV1$>^mV)?0@4N+dzoR(6C9f}U{3u(I(4J#QB%{0~KDT`4cGrLn_
zGRYhqnEu5HND~%1gPhcs!0IIH1L%Ic&<3cW!IcSf1J4-a1s&0ikUb4T(~Cp3);bVc
zJ0bb=G=XDC@;g)6St8JsaQN+9Q)xvl!X2Vf?$SK5g+JOwtIV!3=$0~ELFor=lc1c&
z<(jkkvy5&P*eUoV3K?~Hmvg-OrH2co#<__j-6_>p85OMEsev8=isxQ_hQ?NCaD1L6
zqS#FtOi*QidCV*1?nN8wZc3=}ug+d*9Jzl1C0Jb}I_&O0=mNmDxxlU;(cDLuyFl^J
zQVD4WOmuvD3kN>>9oDM54&*xep1!;CPN;`@lZIr!FKrca)w}+HRI)UG%2%~_tuI5J
z8gahaQEpKis6nn9o#i4o_h_z-;^8duy26jjhm_CKOd1O}3!#R(&3SC!X-4wfbg8jS
zI_tqYw2kBo*Z^I@tpYZ_^EH?G7ud7K1ds*7ob`?WdjCepb?(uir}W8UY0iU?zr%)l
z!Xnk4U)8tdDaH<&Pt|uQ|MBZBo}?7W0=HH>?79&XVvWnLDL%rO?B#&1_g_K+;e>Wz
zk9kl-ad6$3F&GavTkK5erQ1$5+0c0Xf<mkBgM@wqG{adi>~@k>sAJM@%vqN2e~DX=
ze~1{9^ytZNB2Wu9AFEC<N8#S+r(n%xf$J6mo8F`*Yo?~ZG-(=NEDfIFu6Sgi6Nb%T
z7Mc2$OlAn5OXTaPt71OLuPs-CM_ZaY>&+Ig+XRkyfN`kWydS#mu&dgPBE{&R>{&+;
z)!N|(WT7#RfZN`wX#KQotd07)a@U|~lO`Ns!zb$SvN!%+lV7I7*@W^`)W-vnx~6Q?
zA-#~^jQ*ehCthM2s4?fDsBVxey9elv|7;A+f6{;~AllWreuXS2ZbmInkrG<?C-|Y*
zKfy(7{s~_GPw;^C7O+KxuNgy&{E9V0i@<-Yyf%4wh2L)adf~;&7e$8(U+(mEbxT5D
z9nFJjYCJ~tLjG5}J}yOOBm6N>ue(?OFDTLNdY<NP8ujZ3JGk3BV@1HnuPo@XzFz#9
zgS{_#UQUXo!qWR!cnN)1*o)j#=G_rD6sK=Ebf}KZ-Bpo(j9;LYs*_S+@wI^wDuqb-
z6xzJRPLV^iEKNC&pHCdnh_;-7CB70I9x*=jtX1hNHas=Cer^XqDXuu&eJd&D$}Y!L
zo%TdCkBkE`OnEq>91;PK;SwYW{NUMPH!rBqKCB}CoV58n_vacTAtPl0j*ns=zw>q!
zM8|mhN@4Lk2NdDSh>kOJ5&@J~<A2OrBz3q42>?V;rq?kAEuP9nY5RG@XGfpg(xk@U
z<*A&H{Wf|=7kb(ahWBFb;8R5Gz?wd3RI`Pc;@d}hTv6}Lo&cEF!*Sq>Yx}@d`T>+M
zzyEljme%F}_V8=ex|F;1n(090=Is~EyF08YB7bIRolKM02Z`%36X50lML%TY^TSqL
zdK3$TWCMrzpl^=H?3$7t?EdXjB9HqAAT(eg`CggF{SnF*Jy!!p!bDEq%ke&)M^pHM
zZ`{3l8TQR-+<J!!x_ljVZUmW+pYkfa{l<HkCfe&^-&wYKdYMs=4N2YU^3hSxUciA#
z;cPTIeESf^p#kJz4d@Bt&xj9ddR9KRYxTZ^KJOgW@#@G=oPNN@p<=hhBwu?leLvW9
zu<P!52VG}e<gsbp3hcb$+s=Vsku`Fqi&hftTYdgH-11<5G~bECN$MySq7>@}AM5&U
zOhd}HlUT6pXj#4xiPJ5{Eg=$$*=Q3!fT96jJg5AqadDU)0;KVy-k622*}~=&XIjBp
zwsM`^ITKvvv%8*CnL3<qUe>F$CHcR)VR$wsC7LGjU49oFg9xXsWJ6PbIHJgvX{$@8
z-Sd8t!*B_O$dL9x!<bg3qw1tL;y4`|95ed9{zUb#_l5W&(<^*1QYB?+ZDfzoU9H=c
zw84hmvLhV;2h@Kf8(|!U;%J~dx;Lg%+t02^8H;f;e@<3=d&@#My_Cax9MBGO@15_D
zCaFNxiLWyDMvjKO^)^#-&SkL>8u!enyGhB%@o!q0irzDe$VOXD5?7vOZ{l*Tk(3_J
z3#0V<V2U86Yno^u`)Dsy%g0v>EEW`=!851)ny`tk1hySUCXzX6WL@Gl-ALoD&6UNy
z{2oT%V^(>+z=zC}9o9>zBtEU!2d67bede!7iNsFTzD{lFJMmL*OKzY>FlT{GDiuk#
z=x=24<dTz&Sx3$7I_Y}9)a)Phj5)ZpGO971d0~!NYlE<|@}TTz^%B+7@=`o~kE0N}
zN^Fzbf%Da-TRs62V;LRnO*&;)ubj7HOWXnkkka*R!=daWvHl<~w$enO-Lp&*<n3N=
z6KyVXBda!PtF`A(w+(|o-97b6OT^T;hOD<(@Rg8n>TM1`ubI1H=-eR=X|(jz_qw3?
z%z5EGvsoEWe%$E`&Z>Mm({em4N#8h2S8$!R1B=sTT#3Cjq2zL^HD~%~LTau(KO7u!
zhK0P|jV%<eemJc2w|e{D+C2q=v4%S>Jk!)Ve$W=)0d=!>jWJ6-O$7KNBimmwLjKHL
z$A~sYnL@Vr)%|2BZPJ8dL^{PnwzQ~}HxTc)*$Ttm<|_F3TCt`*cci0bv@n!*u*(%W
z0Z_<*VY;D9nM-EqJJwkxrdf9QQDvEH@-p67tsDxHw+~_R-?j<+ubYq?2mLOK%~2r~
zlRON}k6+FEa0nTR``AE~PO6Ida1|cX@7eW`|Ll(uF^sPuQtpFJvJplEP=7~b$|Is)
zdvKCdsWyz9cnO=kd?)v&E|)j{Nb&sf0Nge4a+r333pS;v9MrR|p0+(%@w`zMYyCoN
zIi&sMHu)?)#Is9E@_E2ciWO0Md>mD~4;|^<D-_nUVM?BpNY?Xt8VE8U$K97qbcGhA
z)(_2f#9WV<UB-^ZP&h3fL%*L3XGi=)JJ^FJLpDr%AwvB0KBf{x`MLX>;r>UiFmU;o
z)X+OTF88r+aO~^5Ok9tN^TY5C;Ns@ywFc~m%BTcS(Z2gXQ3>+iqeSo!av)#AS<6A3
zj~)05J=WUlP~ceR9f1`}&=64T?eZ)tOrpTdkBsOlPQ-8D+@Qxa@xc4jfYK)T(Dp{p
z>Er3LJo_1~L9mwPI1DLS)Ma>^z@9o?R_CoJQaIQM2SKaWEHUM`-u~!qVZNXNg`@B$
z&y(n?s(I3Qc|UDA3q-oFrf=i+=T@0~8N&v%jqb-BOpFpv+;^9)zk%=@yp=S}A<Y+o
z@|7JcV6QGH3RZLIo%{+{ASD5N9EJDUvy~2?m?aIr_^GT|)5Bn*4||Lmr~vWB_h?HU
zCCD7zVMZ%2KgM77t0Htwk#r>my9V_aS9}xXmU)t4qE!Ti1jaW`2~c41G?U?cI1jpq
z^e1Udm?z3cF_q(z7=9_Bf@)w8Lrlbm(CDOYOu-&cj~`TsBi)nh+;He8WU!JZV#l*S
zl5F0#I5-7`G`vTD_<u$Mu6WDtcvdkN0xf-P_7yBE#_4Sz7n`9aMjM@oO;Ed+gXhTv
zSXu8L0ZGo=;<|h%%x>F*>Oz!pR)0A6n4xTA3)@snIM2SZ&CH6+eXYq3)qY@J$}RT>
zvO_P=ifM8}zl*F2ydPP<<@<$=ZX}a5{#3<?H_*MtfRIL9nY8u-KK8bDM7l-#L~kf^
ze|$gl8<;BRc|~S?!h7Z^0*M9*WoXDb4ldu2g#k|oQldR(d?)MCDuj8$CB)D7r)l`P
z2`YI%er_*(ItT11OxHEZdTqv6E?0>}D7m2L<aGOc6Q1`brf&Q3A)Y#J5RO&uc+!g{
z{@M59XK(RAS1JMlZhmQ$qi_*lyI6Y~`tXugWiYug^1Mz*Os{HW>W6L@vIQ?Ubva4G
zn+%0j;@SBUi!JVBr-uyRHdy<Jg$G4UwP|s4G7K`UJgFZ9Ficj@2`}c3C}=Wr%%{`#
zV%m9iFzGAgICp%AV;kyoymfMDNcx!mezP_JrVYzct}L&BBem|Ls;U|_MU$wuU(Z|G
zwpiWE;iph_GMQ~>X%;B0-lUy-xd%CFUW_}rf}<K!eztmfmaT;?SL*5+&unrl?2d+^
zpJ<oDP~NCwvl7k1+e0z_taR>Jh6RZp{ausJf3FN!02-GL!kDpX0k1z>1yg9D!?`(6
z<P|C)Q8RjgJn}dQ&Z)w3tLk@lun&xJBu6r_pJe0RV#{SkRhC>?XPGhzRIv9M1Jy~w
zWk>9@H^Kd42dB_|%iSWM%2uZDnW7wSes1U4MyHRzfUGu5)k~_p>f*O~C)zg!TONl^
z53ROOyQ{?&!Plc6d46Q4ff4A-AQmXXUn56eSO?6&W@M14%ib>(_Opp<v1==Tg@;4b
zU!*|4Z={XOJLQDq-Fdjs2kr}b_xnwdBS}ZcOK`ZO)!xz_R{n+Gjfc~LPy&utgzuXr
zhF@09zL!{GvVSo^{&<4wyB$Z>gfrnJIgN~9O{z9;CQX~!SZ&f?;5<5i+1Bo!Xh0N8
z<HZB;kJ>%?{0$e{6msbrEQ2S3xGXF71>asgPPsF>{d%=~eUsa6@4~v9SAcsP7f-L_
z^Ot8Z;U}eHez><I(f6Uv*zgSHKF+WB#2xA6OC^R#cBDxL1{UXD`Cgx~k~|4AqETO>
z@5u>aY$d2>*0XolJ)PgZy@ZMgZMfr}!Xv1GmqgB7gMa{k<B(`)o(#hQGE!On0|9a7
z8h<h6_ejRD^90#(iAnK{pTQy^_Q#IDp~s>oKb#>(vDao6nC$M5mWT<=(Pi4qibB>X
zD-`sQWuC?|Of<SHlARgcFOIzfS$BL7uGa~#KuW(T`+ii2tP=jMw;Fhh6}iOsof4)1
zIv5f|)VDAU!}++3Vouh6qd86Y5#ckl;Fcg@JbQ5vi5zfX?!A*~m$m1SI6{81k-Wp1
zne%5$UOw7bUDV5{|BQ{)*uvFW@0;nFdg606{M-AZJC~>H0^a!L6TkZq`jk;HTu8o6
z#%hG{fTZUTszH1YY98OZw#SpC!;<F+AlXM4Dx%@IA0i=vC7CheoaI2f=`U&Ck7+!;
zB2)VvV{+!o3VW)6o~m*qg8%`ITbVtFucDajD<rFHRPx8gJO2jjoyeyNzLR==qALc+
zHPS?_^f^t>?^u?G9}95D_b#9_=bkU_;&+v4`&NOBH6Ljv7T^F;d)8EP8$N#la79^v
z+;!TD`2VOaO7BsqMOlsQGXmB{b;N!;IYY|Cl>xgVPT~}86FVXhGfFLAs@8GsE64w)
zguPpY`W3%_d}%w4zrs~|m3;bOTS+$)v1vkWUjNK^^jm)I*|ce7)U=gVqcI%1=}Hps
zT9qCm5~3(e8PyOR_|kER=<U-CWM|d|f162r;iX@4q>z#L_njwcdS#vHQN#tW0?ipP
zX~Fh0cov<wSYwr+Br2RS`_xW*)|?8c49G8FK6?2N8p*1V`3U}u*s{5OhWO(bnR$Rd
zRG{sNS)_Zqf?gz7Yi?^I3adam_Zm<1-84GI@>B_hG4oY6u9KsbMr7##NI{7ve&qU_
zfYQa5dAzu(h8y;as!d4uG+>ziyX)IyGvR^lkAs)jEj+a(#TDb;mU!Y{r)waz_+f{c
z21DQ(C-}Q0GW)ijLztUvtjo4tY#3@2C|IyfPa!a-M9fjYra%<t7hPUWzp9R6xnY#Z
z#LE1)`C=FSzywty#UfH`;8|My(jx$;btm{pAHES0HS?fj;8qFhG$8Y^>n#W2JTPt|
zo>)nUO;wv(S@H{-Mj`oQ|5za^+^_GHXvfhSYB3`r!Dc@zN6k*uIY+|kVX<1=q}VI+
z8py&hVW#B<Sy68jaOASbr3Wr@Zhn@D0JGXhU<esyIY-I~P>8e{e1KY<^*Rk7gQU9Y
z((16tFEMUxI=fN5`O&p@p287>P0v{1<3r?g>=RX00UQDg?EfE>CRMwM|L=p+q*ph=
F{{g&?@{s@l

delta 10875
zcmZ{KV{qSH)NO3L4H`DKZQHifnE&t>+qP}nb{gAg8Z~y4+vlBk?#%sgzpOK7e_eC-
zT6>+{b_U*d29B&G3kih<1_lNPwy0~_fV_%;9HeWhNm{~+n`{jR=H7IJup$T?wexWs
z$~xQI6ZQd73W}{0XV&qPf4Zn*z9yw;rbC8?d()R2Ge7N$@3sonhfKypQ|p0qaUr4w
z5mpQJO$7|Vp9#S?Uk;H#UG~FPbI>1u>%!LNy}(a)SV`Zcda3qrXn|3*+J4p{dvS|x
zVDFH15tXK#99g3QXk?9!v-tpZ6=-^rxHxqUqQ(92Oask@+wgqK5nDAyz%*gGB4tTP
zV&r>9-r!Zf43y`a^g=Xb60?tL;G$z;bLP-w?Z=c%4o5tEs+{V|FA7Jop})dp1kG_0
zRC#%KoxS2mv58ViR#4_-C^5vezkb5~2$V3=z149HMmUA^qe|pauVx0|P@MOOVgDEE
z1>%De72-^6e}&h}RWAt+8o|N#{1tX^Y}a54z9k}y<BsQ+7(UBsDX7QD_K7&g7eQX>
z4`-vYZ)*a0w1nNXgq?Pk@HO&pT$Y7!lRK@07^u`+*Ht5Io}l!v#|scQgmC$)b+w4F
zp%7XSXdT<?tATr?>13bL?ZE|ff&m&7JX=);w+F|8GcJ~@t5mn-J$vJdQA*mrkdaU&
zO%yL(ZZmcYKiXE+t%gDz)chEPL!yI<XelJVm6u!lEF(X4?Tc+X@<#OVo%VC8XH)cq
z-8DBXXWN+Wc9x|V68+13V;7GaNO~)>sAiG#Td7=jVPMMYH^e++b9vVacqxKy5SQ|u
z5WGyYgl)O?s~wgB#U50ZHY%U6b#kqnKR$LNE#Y3vFFS)@`SvT64G6|UaK7npPrplH
zpO?CHi4w;k3WcNEAQp*Hm2&>w)k4mMkhkekBlp#&>JvKn>oRI;jVZn6?##3@chuVk
zBmU9}0ETh3DLhT+#5z}lVfRA`FIFRe%HFE|YPrrKlACj#+Xk#kS=+Xh7Nnhx*p3yE
zv!ncnc&<=~50u}~qMYf#>&|t>n5iS!;2V@U4v29Yol#60zN1BvD~b`uhjiTyfHM(*
z1))y<&*5VS+iwH`4sCSg24V&q-hNSHFavaUN>a9RP=7$oQeAP`1hIbYy(?G}#8;E3
zXq@4YQ|qEEj~+uwnTMb`9I}09y2gt`EDYWlHr>;vucJYUm<O+`7d7D`hk2$eZh-R+
z8_tiL2Q*J%f`1TT6oHe&7}SL>eOif*lQ6R=I`KvkV3<xwA*Etxj}Wlq=HL1shyn{z
z9p`A_$x>tucM|#c5UD2bCWXkivGp@^o4ZfWFv;{i*}tL_r!I^yrEad2w&AL$jx&~w
zTJWQ4l|z=P#<3u81iC*v<Q)^OW{l&WO#>X_jpC%Lb)iSWN3Cd*OO`e>)NFWVnsAx~
z$@{UQ4pMwYzm9DZTOr_wqA)FoV*n&^kaE-rB5a7B1V%J92Vkm+nRZ~MNE<j{nT<tC
zm|SkyGxj|%@Pgnw3y0-W33(tW72<vsUaLD4!Jak;Z(+xqlbNQ?O-rZuPmZdB^5R}c
zH+D$BNO~!-K+lWhZCuCaiX*3IYF58U+iE<QM8Hapac`qyt-WT2%L9#O1aPbrE>CZ3
zsn~8e=DfUCT`xOx7ho>ys5@t=ZWQ)tr`F(j8yNR#J}6oBRS?w7b_18uQC#0Iy=Y~1
zdn82ROi|Kj-C8<)bW%M||7Nh-2FIj^VU59AVmrKFYIaOuU)j}8jiJ0|8oT#uMJ+;?
z&DE|Zxu?>77bBXxf<CvT3^*o0BGw?$HIss7!xp5SD%RPDe^G6XqNF!5^k)}J>*A)X
z8ijw2&sLeUCFU-f<iP1IcUL6l4ns*?L?NdH1b+^Jof6<cA+{j>RNfsJK1bA!&I&#!
z?}iDuNJdx<xJ0^b?mAB9YYn)(P8c`lg@oO-#%wippF;mm0uf_=0_Y7Fl!Ya+BwZ1O
zR;8)$Lh>D&A-K0c?EjtHXqWz*k=`uXoXJZPk{gfmHYGr2zH30ltQZI~n19OZJbiw(
z{ekpEG0z&HQSnnnf~Q%nrry}owa}t6;9U_>#LORuZFj~oliEpzWcnEt=q&6T-mceR
z9BSW<rysfxg`SHY3rOtmh>^Qn;S?S=sou(fd_)ffd_yNI8n`{ARZN?n8}!At@X`Z0
z%gh$Ic-X#ehfYs%MWTP?IpTgga=+ay9t9o;3`P@#o!a1RFPs(Y?sli&lj}@RNUm>?
z`|TP#jEl@(TZOr{lc$DBQEK1f+{n^>Y3F>RXW7u%jJK3G0gBkYlq<%UXz`ec<Yr{?
zs}K-}FoFa@wq`}habDidIcybm(om*$)zaM!%qp?CwRP)o2@@vOp})f=@muWod}gL-
z^5p4Q%QR`Kl$15+f-DweN6lB*jxP>mXoAQ8e8Jh8bfVG8f^X!}jEbnkM`h$MF^^(o
zb{+pM-)Os=2)MMrAn$M+?*0^4KDS>N|I-71AX#YJVlidi5oLWPfA*Kh?-M5{cO2($
zAlRXJE~bJ!7^3a~+DlDOliB~uqGp^LTzVSJ6l54QQb8M{&1xejpMQ7Go>P^t*vptb
zv^vTg3}Hq~Cx^@xxsg`MfV4Je^MaIL&JeA9E-?MCw?#Pbr%dKeVrX$I%BI{i%Z^`~
zq*aW#Iu?9iONpi@t(0IUTxKoODt@)5_z|t#Bz;n5G^!avWH0EF>SV+c>mcL&bv9Ss
zMQi;S(0*x#i7a19lv?_yhus5zBg6!41u=Sj+GoyRanRXiNaZC8Y4M#BP8*#WFnWd(
zfYU#K1phu%Ibo!N&sU!$d5FvmXw`7(JiMWWq&2gJ4jSd(3~<}q>kZ9#9v+rqT}`H!
zgV$XimXgwClFY5%Vo1lKbWDAHvbAOLv|O_`RuWvo&=U!GjgWFlzh|=TDauyS;^W|n
ziAOjH?jK=$28`8hMVTTd2wajDeg@zu0Vv0WszeLKcXx2Q<Ui0&umxT)rrO%RiUpz1
zDY+7veY)<2ob81iFqDH|2X5GDLQX23l_4h=sI6N>QB`hZQVk^pu{1-PgYfo3iUO$$
zQU?$l-6TOXS;4gJo8r~ZW&e-|LRD+zON8BMer;}?7GZ@2_I9I!=+-6a^0OHb(iXKA
ze>zF+MoT$d8f`w}9*M8Ebnv@FS$#`1KNWo=V2sD`fF5BQkq&V)D@2S7VxG`r1_GcX
z{mkmJ5Jp)|z|{;@6D+1hWb?VIrLD&h(<yK>CZEd`a&C4FK*QHr($@r2g=_^cFGs)`
z8fM6#u0&h4$@IfF*M!d;uvr0uES0{NoFnYvgj`fYfG$00SF!pxpQMe%@!~hWoqU}9
zdh>Dv_mS9Yfu1l8;3*i<70!)^EkE9FfzF&?1?TDffrvF!k-9+UqN&HqYcvG&ko)Vn
zo^7(~Djsu6$ETM_pU(}3La2EQ8RmBw+1-4kpwg4}Up=Q4Xew*|V|!8HLaxlQqo6qH
zh}eBH?<*HIIIPFkx2<vIxAp{Qz5nDDiuIqoM&K)R95|BwlUL3K<1M(J0b*%hWqj@f
z2If;NzhQlopPtPjqKef>{QC^dRD4$$L9o$~R5~rldthcqG-4lVUKW@yhLyIaM^QFU
z<hP#@QSS~kw*WH<AK(}L@V+{4i!K=b^OF)<TO=mz1GluLyAZFIhKeC@kTPAAHn3|^
z>&}zToY&6sbK0XAu|BMgatzm!=XSR~fxYEB@6>ucwYt~z563N>2IwN8h5j4Q-<!s_
zMOE~4>UUk)s0tqq6_YIYP-5Z&&sfW}uchv0mV_t2#9w)x1%XHA2k@AWiP)+;`cdzl
z<D~jeDy|Fu+gPIgPo&((TmvsfuefjgzHE3PVSi3<m5cE1^9&Rm#PRatk1JT@l8Np=
z_al^QgYrWjxVc>9^W!8DD_^CT1XiW0;m7DpblBU?Beb6huBvISs_V7CE|B5i%jgH>
zwZPozz}L!i!~iK@6K%LBqH*;5&{FP+Z|p84U~wAP^+3Cjk+rg-F?FKE?{wnrN1S8}
z=Z%rzdl8+~7aD>N!0yzS`__Bs4`LaH!=e_lkuK2`#(D-#vtpPkeF_eAyozZ>Es0O0
zFp-w=6ys8b&4fv`{J2Ot=KELV)Lstd%0g~fk>fb%6+j+Bq~uO5z|DWF_UHAF=__PX
zOG6QRuwn|~d#j1I_8;j_!EB>N6AxSjJB@}j4*>@mSfSzCDr*v3!;qM~CzFksoHtg(
z4Ag}Q)HnUB2gMSkF;GiGf(a%gi2<GAr6nBY_5&Dko^TomBt)3&F)q`=8E&)B%a?14
zOt3rdIY2Po#TT|aL(F!9AWG|!P=!ahL50$Fu=APXcIoVvNVWn9<?;h%8jTw;m<(IA
zp_jUYP5fu6C!O5`39eZ1YUtI1QtNLh#B6lh>ndp)OQlmk%ZOuaUds;}Rx2MK&U9Ho
z1qwow*c_QM2sk1<WoDZPvyqi68tW*qj&6t<_`r`8#6-XNjTW_Tuw_Jo`kq(zNn85A
zNZoZQI51o5GDQ7h&7DcuxB&Q1Xrb7!?HPpUz0kVC8i!|^K<VVwhD6D(KXR>%7AcU1
zKAf@I(sbT`aFYtsxE4)!A+O^~3?PLAk_JgBkd*iP3SG8Hg540i_}B&v;@4iBIbxs|
zgn?Rca~q{r_EJ7enUnyp@k}^AQy4<(FIim6UdV^$@fMBDPBdS*F0(kn4q@1^9qZ&(
zMh0sqa&*WMA5S=L77vcmSdZ((D#txIVmJ7*Wm01zY-@&1l7+l8^RvySiDT=<Op`gt
z*R?tyK4V*@ng!nm-`!38Gg4g7-Z(mMAb_I+TDlXsD)vIl5pz+JF1b*lfbo|l($e2E
z7~4hjOUVLNL7QOYY-Di}WaEq2*eYZ5w7CrB7+t}ZN6a1*3kMwZFHCncqe~o{`X|g9
zDxRII-)TEN8N(C?GVOR2h9xF+D%ahy?V#1qC8M1Dzt0osW0apjoJ+t&ZwosG1AyW^
zrE-!M9B~H0x~T=%trm4(<e5VT0$MS|K$2-4%sI7))));n!r}1J0y*tQoM{I$=lImd
z<+f7@E=?5fC@fsBH7wn?(K$;xB}+?GLthul_|Xg)#s)VYR2SKD18Wo@hWoeGo=D;C
z=C}-{2w5{La^^8l*=}gFD*{AhJAi$BD(o(d0#}lQjY+0?t#H1t`yxqJ<0c@^QwAeg
z)9mXB$)HUvjWaId@Z*khSjQ~`;!bgysdO0Q&?zGAOcc@IsskzDH!RtmGWA}Eh*?W9
zB=t1Je<sx&?gA7l)Z(f#_Qt}ciCu~MhNlu6Vv@~*)iqN=^KNMm_mm_G{9u3@$wLst
zg3f32f<LQ_K36clM?=Dq4!j=^9-!IlxD)c__OGNdDf1^~Jw~Te`Ov$HKo>C`u1{0C
zk^vcJ9>`ebS2;>BBq*6FHhiT|9l~Ojyq-NeHBUO?HM;1{vNnKNt(^O@m(11n^xg0*
z>G7^4HL2nH-*mh{Ns;g!xGSN-cY0AVKi2DAvOkv9uh%QKt}P?#lB?2aRl^uREI7JA
zw?i-Ko>6cC&C2<?D#ZCD#*u@vM*qTH)u!UBC&(q|9sWtwipe=*Ol(U$^4%(+yk9r8
z=8(OeG$*>WKbgOfbjy&`%<xpZa|({`$gnl}j@ffmipiGarh0$^*c1=@s!D{UZs;dv
zw~PM}*4d&MA*_{D**aJ$QBl#8SDE^%?If$;G!dy=Y1@>7xy)q>Un&z^7K_+#=%=w&
z*3sdp?c_P9di=Zbz{dQ*S~ykdSL1=j=QJ<km6OfdJ^6q+toa{(_n&g8R20nE47}x2
zD49ifKX3UvFY;q`0hT{{?mzW<N}tVA)`jh?j!d{IFtuwlCPK?{$<uI~GeY$Yeumx!
z_GZ$tmk{$76>_~m*!tmM+#repdb7eGT1GXgc`nyG=4-ChuuUN(Dydkl2^=^5#kIQJ
z<o**4wklHX$w3Q)f!uWQ63w~lICLNsx<y<6Web%p@>v~mAX6!TO6`UUy9xvr)I8@|
zf-T}3W#@l0BRv-V|LJL!vfNa(2FlADG`eZdN^kx!wsn3nEV{CSbyOn(`Wq1cinms6
zIgI*~12ojI^HGBP0&yz61G(yMY1Z}BRWL@2{-qFCRnnDO>8#v<VEGiA6^%_5*d%;C
zTOpjHpLx#fr1=*$Tzf^|C8x{CGDMqUfsWJ;*;I*E>y$8UTaJ~M^(B_LhQ!Xr9*!@w
zGrSxtEK^2gGOdA`ZeL)s)cuGbU~>t)v9%Q82YEE4rST|BQ*pHCA2-eMf^o~662j`b
z8HVzwn6yC2V_OWsQ2u+x9kpKQz(w5cmHHGDmF?&&9Rjn4e&WEpD!V;3^XTxe^A{~m
z>q`p%<PNi-|6GhRb!4MRducJG^%BSbgaoSX8TB&%xfs_xm5z#%MGE{2w6adKp!hs<
zMB$sVK~!;Ys+eAs*S8OHfA0-Hh<28%^wkG?3<4@3f-M6~VLe<HjFR>jM!%Z?c=mNo
zCxIgaZ1xoRFX#UCk_~6>y;QcOe}!$=l^Jl4Bj^4JBp7R_G)Q}S=YDJtM#4#O&9h8-
zly(*KtnKXb(J!)0>ZE*b-C!RJF8#=lE-w4d{WrN~lbG3%S3_pO5&In!?>mQ4PI2oa
zK25+q@xmasRwRZM2R(sN=@g<OZ^i*eZ;)9OEq1HI<s-h+)mi3qjs0l5LYWM2>ja)<
z9t-{5NB-2}H9ooNR)GC8Y~u!lX|@EsmU%QQZwI^!nt25Ke1{ZYk_6&J^@(?SUTJqV
zU;i~ut8IW6O^jdsV~B<eGjnEox|n4(4FeGB>%qMg6-sY!bFy?+t~y&IVI~YSmVl=h
zZ^jx)_1pZ~8fIA90xia*8BHG*FI5#{R}YO&-Ag2)jlscu<@hR-*&Ex@OdTdH>}u2h
zTND%eBez+-7Ne2z&z<MtEbsd=m4&dLVA^U5Ic6fQUdpDQ^C~*TiVk=`6OdGAIU0b7
z8nFc)w2ESAl0<35%mKl&3=B%NYen!!(GY{sLcbETG`jEQl2{UQ)%EEFQak3!W1kTH
z!2SNU(C;#6J2tQyumuRWG`?G_W(Z%qOo(>({1I9aFB);w3S25;F`+&Kza_VJ_F^zB
zVkmIf3@mUoEHh|08zD(zDk3TFz6)T!vG>G0WzHga)<0;&tV`@p0HHk!LX0ylIW_>b
z>D8*Jc`<A>;;hHH#Z*H6XqDS<>Bw{nnIfnB4NI~zb*e<1N0y++twTe`Ifq;Q7-j}}
z-_O}<M!euzHRF)hGMX{ZFB5Z}kz}fy#L}k(lY)J{TM|>nWoBVqSC9Xv%qZY_h)@mJ
zRlAffgNyqc7paE^6hNVeZj#BJVZ=_6k8Fsm;-W=m3covqD7Nv7qFlTI<{gr7k_L2Q
z<jDsatJcX0qQIzGU@?%!KpQ%Ly*A=wPk_0RIg=nTkk**pPvHsCl&J=N4W6z6`E`#W
z87IIua4~^dSSMg8_6A|ai2<x!_GIodWOn+2T9GDnh@?0UqBy79yW(TQ#JqjOn}OD1
zUCd<YA2inqVjaj#@-`2Y>7}XyqyN$Zw89B2m)h{OKd4?o!dW-BAzDwj8)>MvY18t9
z>e}nQ1l~!E4O?9E!7cbf8&SGp7kL?idQiNTZB`l)Ms4@VYN$4hPrwRkd5_+@#RTp$
zS6z*_lJ|#z5$@8gw*hCleswu2X=IO2nQNBvg^!K-xe~td`BmWEJO&DtoOI9@^sf^1
z@vuJ(Tn_AdzSzB@n{vkb4<tG{vF5As=ANkA(7$4JS^jjo2p9|CwsM(gt7RRGKAUCW
zW=|oF6>yGbTZvxo<N?ZU&ewV*9u_U3Tk5|wlvqrS_%$*?3ZTcU6BPtek<OaI4&#EY
zs`1mTP<wp)^JH<mU!3H`;gW^+vo2ZKk-Otx9$N2rENNApzx1ULQtuE}`UJRjkdm<@
zamGU&1d-q>Q<2ctwI}t&FZ7m*IdVyHJL<BP#jX3LW0*sTVgW`$Ae<-r$ui>Ki(u)(
zwG0%9)}<=CRG|`U`g+jC=1zw^BC<Wf{ykRGX#6^jq#G<1sOYoBOju3gh?Ytze})=x
z5veH7DXv^YbXi_fTrj>Dt-50g>6B!#P>)Z=j_T>9SrauWSdBm~s7f2-`%)04?^Hru
zV#P@~P>2(&f&;6j(%6WnlzV3eXoaeLCnVax@o&<{Ygf0^VAcZ-XDob~@p~L%a(2@0
zk-7@x-6JT#a;1qDB}o-E$-833Npl&b+6i5g_)ZwWYtoBB$W|62kS1H<lGaDzuuQ`;
zGXFXC(yoL?>t#*h7ieX?MOkWx?mD)}m^vp)u?O@NfRaNwoZM(#{F9?2y6n@Br;I0l
zN!4mrUjwb2LcW@mh*n-(S(8CkH}IYU<b2^~!CwP^u0_#elAW&O1q-KK76Q)Xb_<q{
zh@e?!Zby86v<?EV*D<CG$iH^G#aksjOk>0O$zlAwB%#IYnSA+!0P0FYN}wqepTt~n
zs-p7<uqEfl=T%>H!!pV7w@rLYH>;T~)LX8|tj>QQ-&aXGoS;)&NcQH~()v(dp%L=(
zZ-kVZ*k>RpPVUOt>c`?u$Cu%eexjZT(BVl-4IR?wvN}=o*e5=+To+M#uL#JeVWK(w
z00X^ULW0cqSDR}c0>oAR1(f|&w!`2c^J4<Q-vb$}n_n!a;lZB3%uo4<0vAyxHub)J
zN8{=X7DyLvWo4VFePI*wrOX)@uG4!Xv25weYisfQa?=9MRc$M~a3?Nu--eV2yylXB
zYg(rzq#dJrD|4tg`>bAI0|rTDQ^ai=s@<F@31M^26Q6n^%7%S%6ifDs@TMK}Dar<L
zm4At{Vc=TDYvmonS}`hAj*47;k$?H$(;;Z)*Q}!!&}MJm4pm^#k!Hy_&O})<pcW|7
z5k*<rVJiQd!Uv<QOt2nOl|s^e5iH~$vq49GfE)h770n3H753u~KW_|!s>ZpxZA+QR
z{aLBEU<_~=BAlz~x_gHvQi(*x_yBr{41{(Dsmi6{2@cmUm7wXOW)=Pe<^+Al(`t#O
zy*1_^N9jQ`9QET-Wrz?Cs9>xf@Njn0k-TekEG@r{n&c~c5F+P<EvDvf*(jtm11ZN0
z3|AJ@>toebs7E6zN?eGL%vNms2iu{zv1&jC?)Y3-HKOy8-;TGdLJRE}wt?@%GEPDp
z@2bl#8P!z>cMm>v*c&CN#5yQSS$<qB-%@6kX$aP&c;a)nMWoNEJ@8AdBDE&}_5b2G
zC`~olGRP(Oa8<&5oZBW_5~`0SAu3odoc9kf8`w)o8*}Bje}sd3D*Yo|=|944{t=$<
zP7l^HsD8rKf}(oP)B^kuCaRAc+kE3HZMAxHLsHc}%SA42Ra+k=!dd2WfghC#E}s>c
zbU;>((j2`Z+<EUcj2<GbUD?Ll#;SgNehPVdx;f4Jytf#*sdJFH1A(R~ckq)c;u4;D
zC64}hL$}P_;xU?ZOY!tUPX_5C{;@IHm5~$1JU2TQ4pj%3CsYbmjwi~BuTVSIzN;s0
zvwp}8h<u$f)Rw@6kdTxJXv+BQCoUpAo@#lu8;*v_T*s$8pDl-hcuvtP?HUvUb_3_x
zfJtH!7@SQ!mv=bRHmyZPNBLqi*2l8Jf6vn`W@b^sCK4MC3a#ySBAASP?}hu~Wl3<b
zEfXw$$4v^*{0Qx1T{pAO*_-_aD~!iyYIT{jcv|vI+2Hlk*ET<fn}-3P?YZk-*Wk*?
zfa}C{=<_eP_}YKb2ajcmib!tn^k-|R8}B1;K!E#p*E{A3l&<WnXV%=#|M&Q~_8aiG
z`6i<xhMsTgS(WdzSs2(BUJH!1*gv1A%k3M>=0*f^4X1JTANzpJ_yp#V;IUTmv1i8n
z7`*pzBryKZ&!1&6hlYwwxXOKJWibHBG^s1CKdh`&_#ZjJyRwLKzfoMq)-IAw{M&U-
zY4FNNNLMG(*xB(n5_=z_h6z%G9xeh5`lg3S9HgM7tgfD{l??^_sl?8kg96SDQC(ZT
z%?toXQKBiHX*s8o-#*0w*!t|w!W#WC{*rY#a40HHPe##Ah`0*^WqoyU00?|6-YDf#
z-e)-hiLb8xyy3RU-{Wb*+SfmMJlk@j|E@h1jhNM1&q<*<^xrVNrcJ<3x0zA3>wc+p
zErfQ6pZTe{A56DlTtB1+M%|qBSB;nZ`#w-IE84wg?7ksPSy8$!oMAWf!k0bDTRu&|
zE3Ku=)5d$Tcv-wFkTaZfQEawm7R&o>uAzTFf(9vA&9@``*Zd{zi8LtJFELoJK&Ui<
zFc^vz3n9Wja#ilN{<;A-k3&G(7bGXy^L?kl@j%tw&E4r)LLbXvO_DBCPMhJx&>z6^
z3Q806EErJ>*3F@_n8<W-pVvf_pXy`zVL+rZP%Us4u>BlSFVEH0eshF5P=)pw=}^c_
z(#LoShkRc;HLB^r_FX?=p$Mf-8xPHQ3U#3{!#S*yhw@2WzBP>6vpFuPZf6)3@;i2V
zN=I&rTLcFAIf`3(xtECSu`A0)VI|<9>%>A41D{Ahj=c?gw4R=XW?<OkBuK`AV$gq$
zXP)IwJ@K<IBbuqHvclm04OUXgYiZf}X(dY`f^+^6(qzhlAe|;j(nE$1LjvRYXf^64
zJ(D5QL9Xf<^v5YH`%(rgif2dcCPSTI<b-k{vnjQB>DcmkJGY~7(B683oB`l{toE6W
z9a}}$faZ)`Bru>9v|bl47tzD)cA?`=^c_pR78h5&t<(9KKl1l!|8)^z8FUe~9Co?B
z&AQF8%HzOjtLi2>A-)>LCmwhP*0*H0$?Ahx2QHHX)*+pes`ktvJd39=Ncd}Nvg7a_
zC+==haBD)&w?&yRTiGUthXG)}vyLgQlQx#ZP^)@P^-^5Yt252Yf_6eR_{3db=rYY}
zjkVj!?f&XV+&{IS<=PujmGv2M`o3G$lu2jm_NQ86RI%YH1!~`mm5(gG+GGvv>d$#o
z<Zn9c0R&MVanUasl^AJgOge4*As+JOpXxTP*sk0fDQWlD$6O$JlSW`1y&p<nY#vYf
zBz3bY<H%gw{@cU}9`>wE_c}YbBHYz=aO`_cTpowkcpCAmwdt=#2{d$1Vk+{-G63KB
zrs(rAaQ=v<@H2bvT7$7YXF-tZP!ZRRCT!7RfIM?<a2N9RAb4RAvYSvI4qnanhC6pI
zoxo7a0KRe|4LHs*{R_O)&C0FWgU!)d9COhjxxdo)t|NcKSueAR(Z5XeA+PmObBAsm
z6&v`Dm>nu6_4GJl`5HGkw3jPle?_FYM=MDs@~hv&yA9z=IMM@GoX{vJ+YII?Y;qGX
z8dl-??F7YtUobuR8sW$|j1G4r{iX=(_j!}FH!jH4iO^G276-ijmDJqXFDm<6b$z4$
zId95{r^kQult(~FXz-W^+Mi$CyOr+yCIF9$(gS%gGb$IvJE)xq_IC4Z5ZCkLYihXo
zx+S;&X?%o41kN+^Lt<l)u&a|3jw(yBhmQ}`;e~u)p7fTvGm2O{vo`|y<O$*Rr1qBZ
zm&y>CV~YuD7!RNwYqGTVop6Xm=q5VUF2!XGE{pNHuuU=6=vw7v|6=>);LPS8wpb-k
z9b+A0QXNn5_G?#$g~E5{v?kk}7o@4lpII~AUG%TJ#(bj>$HPo1A1G%JZR>{5Rrv?t
z%Z|YK+lYd>8FVA0!bc9hj6~R!ISlm&HFXN1=B>kslPqAPhhkQzuIzcF{PI3rnAE~w
z%*&KKc-1&|b+ngF%w$c2A2);kfj$MVN?=S}d~q8KH-bzb9wM0SNJw&hq;{K5o=A##
z79y!BM+GljE%P(bETli#KEl=<n&o@(^}?YfDDlc2|2i}>13e6BRGS;UhI1X{MPO|E
zS=hG=8~_BNZiJy<Oy3kP8K-qBryg)mY5-mj<BHYRt3f*O_AVyg5||N-KEgfn>^3Eh
zSx>~AwtBU>@uGDec@UzoPSGj78g&d0zFbq2(t<jzWr4b{Yzw8$&Ns_~E}jZ$OOjpG
zM+Lz1i=b6r!3{@A*ad4c6uBl&cd-BbV9V{7TmS$)J)!=YV^r!6FC)wIGQ4IvoADb$
z5Rmwou_A~!Qan*h%&K?e3*Z0t0YX=*)0*vgJXjnpQ?!;8@O?E8wLDrZJ8WvZ7bMtw
z!nix9!yw`;u6#H{HA&JFv!tvu+=1z;D=zUcoE7QZd>m~!d(xMQKkDSljg_l05L>h&
z0Q7f{!<iutmak+TE*MA2ALqqlhA9oaoYuV0(J$(|*(l?9J#b>i_HEPVFpK44$*I5i
zlHL9L{e7Hr2#dQ`OkbW5xBQ+~x~?z%Hx>$y<4uCswIf{G;uqeXITslN%8Hnb4aQ8H
zfut#&ttF90S;QFQ6#wRz)o(7il|$a^-he08pVKp&A6S^_2bZpXZR%g4>mH1G2F?>s
zYF;Tag6wv}?Aw2VEU|Vb+bH91mYfYUS1dDXtS-Bf)hq<$7FwcpHTMOByHJI9MC0$!
zYT}-ligpoY2*owaiwUo5S+@T2rcLEV=v~1aGT))>czK+%h><i{Qu;}qsS?C%$pBJ?
z9mIpWHrh`#JiqdD2Q&|m%q71iT=2Qoc%PkFEL2=oBtZ@s<#r-WcouuxoBHL#@Vha{
zqxxR*xy`D!o#gVUE<l%;)xNgY=I){-rVLc}mSAA9>)vm|f2wTA<G1NAU-oVAKCsXE
zdDbN=4Cy*L1$5;j4ve}waTASz5CM-u;&{F1=AdXVmLF){8M`X{FGKfZ->wZvGxa{D
z8aMggjN?8-{NNmb?))rC``VAaf-G&&10S@Nw_*48CP=YZ9Q%L>$PnB8Uc_Y(PgU~m
zw_*6-m!aGzvWaT(TYPkvpuu%XwdVBsh*COQJbS8ar{*_$`y6sy$s+ij7$COcYwylq
zV^oj0t=enrz%c(e>fZ+boGqTm-D&U3yj(urlvkNsh|iX%A@5{n2&p@NV;qm};4n{(
zbMaw!nLG}SOBWeu)FmVtETr75af3F-$Z>JM@Dfq&0A%y>N9ge;)1<!Rp~4$z(oGzc
z?T>_d0FlAmDNN=J*$0V91kg(!Ly1eAzl*z1x+QO+$uthTu<{(MBwJ+|uL>MQl6aG2
z+{QO5o!spyW=H#8`4(`arITg*JBhnDu|;k0iMoZ2Y7NiVtWg<1N}VNY455EGeP6?J
zprOc?(eLs!*qeIV;p%=I_10UwAFne#Lwy|OuhwP)4&%H>cN*iQfZ9m%0<|`=Rbz!1
z+(S<eo?-kuMoEdNDe;OxF@YVVvAO4IF_2*RGWAti*k-?Aw4`9*S~?14LKlDLzdg5v
zB^T2JwI}G*M+cWbEPk_kt37pOb-!lpy$91i02oG3;a7w?<G6*(1nryAc1cEV;c6u=
zVb{@&AAfQr?bqcyfUx$#>+%Vtzx82b0g_F)F?UE}e2&yLTt&98yi!;^Wa+P4Q^Kz*
z!N;oa34uZbAvBb(qnMb-2B<2jn!h{sh^+X;1;ci11MMT+ZyAb4^hmXmtv^aM^0*Tt
zP(}>(B@C!0)8*NI*UoOu)9czmin|tSp&4cQSH0R+yc@fE12G2~pWXHwad}1OR2F{{
zt03JE>sIqP&@_JD;cxZNAO8OKJeL(eZg=|>C*-1PH(mKSl1X#xTVgDzZT!u;516*&
zIeHUc6hQA4oMtawL*2N5ta$`Vee)jt7&$X95Y)e_BulS4zF!spWN4jdl8hU-F1f){
zbd+Ow5y>T@2g**)iFNNv1QcXivc~7*L%{3DE<R+P85hO-Z3x(KWtYM0C$~>Kw!T20
zbsQynMdi}o>Hm10Rjp6F59ZI!tH)iy3@4gnHQ~(k>FxJ2EIa`XJC-kR4_j%xx(!<;
zo@;%@`#G=xdoMr^Yq(}&uI-gH6nP@BP;?btF`@VX0!oHV!hC0Zi-#DZOS#!SmO}Q~
zChQb7c!-@4b_x3UFGoR{hwUGJoDxgqiw|iI^k!qOUhV`?<W9OSwyTD{BgEg7gQDAX
zvPcM3in7~uiuQ+Ww}|IzR#b>ht>ZT}eo(~^uuWRhGGXCh+N2#Q-ny~rvQ=zp7?ESa
zE}o8Q1HB3HU4;1|mrq778i5ysK_?*ldLK+-p8W4G3_ux#_ns+>nWQQzQnGpkrZUoS
zvQ;?$b;Bv-Aloin@XLW3mMQao{#sLI!&(QHd;`e^xH!Fjg4~%UUHE=5xJ%;oRFF@x
zI0j{-vZJ@<``z!kye4&Se~}Yw%MMlYfkEjLZo{R+j8^GbgakD$c8;4l*LZp8$jk<f
tW+#rT7%OJnC;h{`zR$VOn@>n3S#Ss}u>ZSInpEv7^8YTBCcU}x{U1~p>f`_b

diff --git a/Solutions/MicrosoftDefenderForEndpoint/Package/mainTemplate.json b/Solutions/MicrosoftDefenderForEndpoint/Package/mainTemplate.json
index 0e8c841b287..997be49bd49 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/Package/mainTemplate.json
+++ b/Solutions/MicrosoftDefenderForEndpoint/Package/mainTemplate.json
@@ -4227,7 +4227,7 @@
                         "body": {
                           "action": "AlertAndBlock",
                           "application": "Microsoft Sentinel",
-                          "description": "IP blocked by Restrict-MDEIP-entityTrigger Logic app from an entity in Sentinel Incident (ARM ID): @{triggerBody()?['IncidentArmID']}. Properties: @{triggerBody()?['Entity']?['properties']}",
+                          "description": "IP blocked by Restrict-MDEIP-entityTrigger Logic app from an entity in Microsoft Sentinel Incident (ARM ID): @{triggerBody()?['IncidentArmID']}. Properties: @{triggerBody()?['Entity']?['properties']}",
                           "expirationTime": "@{addDays(utcNow(), 90)}",
                           "indicatorType": "IpAddress",
                           "indicatorValue": "@{triggerBody()?['Entity']?['properties']?['Address']}",
diff --git a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEIPAddress/Restrict-MDEIPAddress-entity-trigger/azuredeploy.json b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEIPAddress/Restrict-MDEIPAddress-entity-trigger/azuredeploy.json
index 9b29a07d65b..e19022a9908 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEIPAddress/Restrict-MDEIPAddress-entity-trigger/azuredeploy.json
+++ b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEIPAddress/Restrict-MDEIPAddress-entity-trigger/azuredeploy.json
@@ -112,7 +112,7 @@
                                 "body": {
                                     "action": "AlertAndBlock",
                                     "application": "Microsoft Sentinel",
-                                    "description": "IP blocked by Restrict-MDEIP-entityTrigger Logic app from an entity in Sentinel Incident (ARM ID): @{triggerBody()?['IncidentArmID']}. Properties: @{triggerBody()?['Entity']?['properties']}",
+                                    "description": "IP blocked by Restrict-MDEIP-entityTrigger Logic app from an entity in Microsoft Sentinel Incident (ARM ID): @{triggerBody()?['IncidentArmID']}. Properties: @{triggerBody()?['Entity']?['properties']}",
                                     "expirationTime": "@{addDays(utcNow(), 90)}",
                                     "indicatorType": "IpAddress",
                                     "indicatorValue": "@{triggerBody()?['Entity']?['properties']?['Address']}",

From f76e4c45c263135a32a877f1461507fac5313ffa Mon Sep 17 00:00:00 2001
From: v-atulyadav <104008048+v-atulyadav@users.noreply.github.com>
Date: Wed, 8 Nov 2023 10:58:38 +0530
Subject: [PATCH 10/15] update zip

---
 .../Package/3.0.1.zip                         | Bin 30007 -> 30010 bytes
 .../Package/mainTemplate.json                 |   2 +-
 .../azuredeploy.json                          |   2 +-
 3 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Solutions/MicrosoftDefenderForEndpoint/Package/3.0.1.zip b/Solutions/MicrosoftDefenderForEndpoint/Package/3.0.1.zip
index cbadf28694e1401911ed458ea593b60655541b4d..c88060cd26c9bc51f55a15baeb89389d690eadd2 100644
GIT binary patch
delta 6797
zcmV;88gk{g>H)gy0kGr>3AI*eS4eIrWS6t;3XD&GSz?gK_<Iq&GdX(MB>4^)yYFV2
zm%z2^^BOoM&h5R)m-?jre5vJREWEC7k@QJPq{)1#%0^tiR9QKfFST3wQWq>2X`1V)
z$1c;Vl`WM7@^~mYdqi7ADQ~mW9G)|iADz=9pX4J6-llOsg1f8bMpYye<>&ajBvxZ5
z`HSR#tt5FLcjyUy_E(zClDu-6N4uMOH2YCq=FwGV9@TstA!BYPo0!Q&FS+RiO=sPd
zxPuxgao?0tp`~`$BqwgsT96iZNpXkkkrcPMb*YpTSCiDTMpoQX*KD%lmMYt9<wP~k
zSc0h%;i=;S@Ry$z_i1h}TvlA(^Hh1dthic#nRr@|CDggBxY<AR&VqZK8a6#iaM?lG
zdzT$F(*sILOohu1>av68=sdK1k1ji?<Ce@jmmM@$uPHuRWp+>-8o5|b$wZcGX0qX_
zC&}dnZKffY7qsELpsyxNO)1FEs3=ap0GpqMMEnBLAD45GKNeW4<>wr{cNsQa%E4@Z
zVThC^g>9rwJTR&2Rt^bZax9w^5-#PSw6I_f3#1XPXO#sDo&(D?8(_7W6gP>pR*@!D
zAPQAHO2sN3z##2&UTK9;-(nkJd~?z<BMnPdw$!B+wdpeSDM+K5KB{=^wQ7C6>QWBM
zidR&%w#wF}9MnFb0o$uzqs-RQ&nrrQabTCWz@;3NJlbvNOP6x6O3Fd>;!n8Gqm*y3
zXI0&08f?m{0oXL4set=xk}4MFOwJGLG7XxF+A4r@0xXRv!joTFr@nGo2GxbzQy+C)
zyW;7B8nI8VW$u!tk!@P#VHTT>b!|4a%ww#i?sTtBhI8|djkU}&*ocy?pk`fvhQVf)
zA4vUyC&yj|)>DG8j#W|;#)+w=MOL)^b{PiY1?p_%;VZApFz7N279Qm>x63dnf9iY+
zmtipbqr7|7G7Jivu|A7Jj8&IpF#lAITS|;E@%ef_)>T@22_R)I*<kwN$b3|aqO1_E
zDd|8OwGAb$r`+unZYHc!ZYb%0B;BV}Zffat$p$;bsV><d<Y(DJQ2eRzLs0-qqpySh
zzCQ`zp0=L=u8ce8b$yEj2TCGMCV*2m;u65g%DDt^olgKKe5)=8oXY{{a=^J9aCWJ-
zTn@M;&7{i#XE&X7bHE+B9B?v&L0a79fLoIsaK+tAhjPG`x@MCDu2k87W;Z9QamEr%
zl?YEAFMz-F9B_mE++4UEaJ=WK@&xCA`!E?{Vt8%|zxViJ++%hz-z+_dv~UHMq6C^v
z3kR6#^1{<jrnrRfAlc$dg{@P&{YIR-x+Z?Bn=!7_snU*ZGRE1bOv}7K=<+oD2FVzA
zpd0>ythUP-r%?h{8RN`<PHw^+L|I}@bS@Ilq|rh$tN9-0rztNh4=}uiEnA?TN~0g7
zeWBG{OpGQbCeazIii=_2T@Ll4VT+rZIkh_Klyj>QS&+eTBnB5G*^DAedKrA00dbNU
zM57ojMArj`<&?lT7X(X{o>1hi%UhXsxw~e}UIiRkmBHbm`!?Wz$0AIGeGVBc)(cn|
zv^PHS<{tg2l=NXQ;R<UBQ;Y|e@5wB5w3HUe(;EhKB*T=mO>AN-k+cp(DrrH8WYU6W
z@Xu+c#0doaQ-J+Yp_iekUn$uoiwWuxg%J}gEG7q%cNyjJzX0$beK<T&`e{KM4L~b^
zv_Rb@k31T!Kwq1GrU0%TXz_}Wo=VX}>IDi25zw!fA9WpW4JiNx2tmL>CPe@Q1z7=t
z8qg64iU(58FMG7CuX$PJvl*c?;Gj0yF44S?0`8&!(aj~LW8lNAKH4bl^r3O0daqpV
zm{Ak?b&el3`PgzpNhj()#gVGza%qvy5=U=cu9cEpXHHdrxj}P7xSt$ab5SV%ROa}~
z8RN^RpXNmNOUN>B$QfVhL`h9H@6m+RT(dOt7FQ3nl5yU+0xQC<D>bIl#YOrBL$3;6
zU<p@*m}X8USWO9N!`Fq>92Ux0!uRk3k@k5BYEi5K|3HVb3Z6Mw9?yUymF^8*iA1Zk
zj8~Eb#PGU*K0FvtO{77*lDZLxSCW-;c%@F^l@cqS1|f4Ro*(ZqLs(=&EDj8SSz4sT
zlkXtKBhd_w+lZagNL!a6mZBKTf{4Z2kOg}8chPYW$j&eEwqP33Zp=u8zY2ULQEmfF
zlUn@=rs<TA@%Zc%glICwoGaqx`-9$K&}O`RA=bTry!Pb-+a+_8a8*{eFUQ{GODs1|
zG-2(=p!VX{A^T_M4;R6X>Mfd8BG@f`1J#4t%e}P-YA;u|S@K0S&TH!))SkZ&*afxo
zp4Sa(7c1(6h+;3_DcxoiJD*zFI@Ctky1U?fw1fi+Q_>)J!Fg!}^5MG+&RY#vUxn|`
zHd9!CSAB?9r(@YQWLe%rcfq;imdv~EoKKj~g)L4QC)K97F+N%51?Muuap;XPC)!ZE
z_h;0t96VRZoms6Rch$KSl*|}dkCi5#6P~@hxs<|?kZ!ARZdfSyDl+<}q1%SrI%QGY
z`3(sO;*qGE^W0{I;x}?ey)C`>*~*k$#&2bRM~ZicDqmn-uE<CY!wsZ>_+ZFI6iUd-
zEAC`3q_nRo5gZOu4%`;a>0`DZrbL;*5CzyEp2fYJ@+nCAGyrCht4qm3nyJ(lilGs9
z7gqskS=_je&{8iUU@uw{M30uNh_+1XLxeLa48?5G!WmTM`*7^V0!qnxi9224mP~$s
z<(!1c=(QaMkXGrYObYU{qcIoPWtzvV6I$_r^i)#VMqh~srnjm<JH?~XTS*bfRKWFE
zQpE!L3Anl!gy<BHc}Q0JMm#36>vi{~LAKymvsquvM(<l=r}rg2!)|DkU1AA<XOhSC
zk;u~($*yCOh^Gq@ZU@~YkGV@gD<&y_UIUt$(0~{>;!zqo;sFe?k`mIr*0<?yq-<LC
zRZxCG6vp&Y${X)1jbh_#+zC;AMCFN16e0;&cG160F5~IHpU$ZcB=r=UbC(qaYDp8T
zh{sA(R@9Zt)RrK937#B#omo$7!a7z-tr#b!mfitE)M;S=Or1Oc=7Pf2X;~Y8$U1p8
zUI46C7)u~1e4RYTb;tN6jRmw#7(TTT)=nN}`x*y<yAhJltl>sT+0SySE;$=X&c;sF
zbRC6QCm@^TJ|<bKvnW?}swOKaKXSO#<ajd6lQiX?4L6p5l(h<w9-!<1QgXNp2Px%l
zCpR#~4(5iEPSSl!a-f#ZrKRD2a2F1mIn`Y_2>DsI5EOrEAgBtA%D6uO-hTT4URn4x
zt?OH0k(5N51n?>waR6RfIS1ff0|0LiQD<zu8wZ(R6nV+Tf|8>pJ+8Nvdj<vG7J{{P
zw+F8D_CWrr+y#Q}p0?yEwYwhov`O`>w2Hf{ZB3BwMZ>Q)(p|z8HK6T(rS924+e?*g
zjA2oYGnZhjM2PBaqWtAU+w)LJ2W{s)PnD>Hwj1T545xL_c3TX(gSI<pyMwkD-Rch7
zUg1otF%arQ11mddyW^J3I|psg)oY4RRt;^pp_7YNl1yf~rUSKCiqELlkOQ?h3~GNR
zk3m!vM|R<AWe6`jA&^~vqc#hP_ywXr4&%!oizx60F}^l2-YPN<FPkY03E)f$w}F?1
zOQIYr3$O2RvZcom5l@RirUI@Dk}5TEvJG8^DjxGFtyGVAOk~#!I;#;iICjh$Ip$!q
z4J`8F>4L!91HjB(0zzAo;tn>8Ol>;YY?ErQg5q<K+48eIO$pL}mEg&-*O&D)CahzX
zRElw8YU!K@1DQ1&urMw`4n-?osNDt*Me9(s;zxP+s-b9`OScKJQXG&r|5Wu{ChMyB
zd_5mag?8x!h?WD?rXP;XN2PO=3I{fl4y0$dP||wJ-G(WeB9?MPNhj$(!4=ig=>WAI
z;#3Eyh5RgA2#P;{H4w@Hjs?FzfZ9R(fLdA9BdzOOKpvDtngrA;8*zYISvd!&T?;_1
zaFsbst;5thOs&JzI!vu(6>^x`2ac&N+I}6w)RwwugQ+c5wy}prHO^duu@WJwvybvy
z!_?xHaeRk2zwa00u!yU5H%2!Ft3CdG;r)F)`sY8rS#bP+>zmO$9v<_F_r_%EV<i5L
z5&8RGL2a`<#)}v)lFn~|^5E9OyPDXy5>wE`I$3#;VO31Bl&DmB@+qnNLoT*Sm1Osf
zKU1)fM)Oye(S(4}kx}4mX1ZUIP!h7`nfo^)#6-+1PgFD~lf=S$iEk3!U?D&}LSF1d
zh?pQDC&=@E=XmoiGZqTVNxs_guZ(sNy$&xCnOP}~kRu|Vp(}43hq5BSFG7ai8Haec
z5@FGNj)=;d;qOc~nOi5g^T$CD2G1B;d*?KIDgH^UUjFZG^zp@~L;`2tx7}+j-HXdb
z9L_kOQ2C<<F#B%;#o5CGiCf$|_b@Mp|7WmIj{Nt3UgJF;W>g;+87*#4e|fp<$6r5f
zd}eB63(qqC6wg0x&|h~DwxFX~_<A&p=kGCR&VuI`vqiZ5@1G`QWK1F9v2D>Y{tJC0
z20tPLK+pd_^l9Vx*AvV|)UWz!<6j7~2;B<c!4eYUJJZknX(Fnh@x_bnZpikAeD+OJ
zfU5m}0A1XWqcie;h#Q|rY_f<~FAj%9%WS=(1;Zfq=5Ft%wYJm7vZQXjc<4>;&=wol
zcBaLX(JUlPb*E~NTjkpy_do9@h4C74{^oe__)t;HNC|Jp!Z#k?rpDXb9|xb={s~hh
zzw^zXkp>;`4kBBF38cy)ZuY-U-fbsiKlc59Xfc^<+A|Ww8*sdf{$=t3^DP+)?pB5>
zooK-uWHa<rI3bI680;_=Knm?-Kh;i-NqDLA5HEI^op#Vks%dsmW?OSU52x`CDl^AU
z64sW^?GF2NJL$JiCvhh`DH%4I<Icx(EO2<D3IickUoPT#bo+{V5}v1@Bq3KQkZELp
z2O+@>g+ij6;x&^#EPU+6r;SfiA0E?DuZedkocL5(on0KhQ5VG<_7RIFQ<jVQ7a)b+
z;3ZLBXfYMxRws*DvgVv!^c6(Y@~_OAmxoj^tB-nMH+~{)6V5JfJo!ZMDulh_n`lhP
z?@K#E1HI|8@zooRNmr!wsKad*21MU~@`JQ!rre>b&dGgIlkH(j9_{1ct2gn(fJp^r
zWv*vsU7`fZx<ef*s-DnNIh~BQsOsHToJ>h$f+Pn?MfU-DHs&OR*H>@c&xnnK7ce|V
z*`{4eGW2gIBh0L7su%tK!4Z@mb+z2R^`=weO|<=h*s>W1rpn~eof40PkwiIv`SoHv
zrlyPH8`CO2-h138XS))`qK-FFd}b9#vH3}`=By<tb@^F&w`Z=Xuv?loiOY^XE1$FD
z@pXh%!HwcHhu6tZT6Pht5Z46n97~R5-?1fpQPGtAtCoK>IUpbIIeX&SAp2tVVS9G>
zOt;Oo&f5#yRNYZ>(e)xvk)S$%z%O;%_6*;`Yk*QGKyFf{B^AC)kTZspaL4(wa_%_4
z#pC?+4|g(CUu_f*XOvo_j!VsaS|jOeQW%m1)vCUw-V-&~>)7UILEMAa|3$X+?%1ZS
zW1F`puZAB8@N)Pjop0jm=6@nO|M%*wCd*jeJFAiLQ|x^uLAc%w&j=)cs~9$b`}_K=
zVmeDju)>f|(NIRFs>CG(jMi;<;awBzf0deT1znC+<t06QISyWvm@IMxFhLhlG)9!U
z<@RbOd0Cd*N3uCag|iZGc1_L`f;&8+BY*4TrwtbJC5V37*!i>(L_{743W@#c-$q#c
z=)b*SG`WiCKj$;N)eCNar}PiZ_|pZM%Hi}|Fp1`~@b`eeIH9!g0B=VVLIM?Ae2(Wc
zCdU_&SAwea<zIQ{SU*3DGZVHOz%z?kISvbhoqmgNcEdkHS~U$(OMdci1NLu9j-fU=
zsaIby+4$3BZ*Lq$Us&uLF6vW-#zF}_M5(2RA1pYAd?8LGIak1cQ?ga)={BK_=xkll
zD6y1IdK^IyeJHcAej?lpaRfqq(*Dzd-+%lhIPwpUu0rqV>EnL?(Uo`j=xP5de0<e^
z^w<jqS5N%?Cr3wzm;EPRc=R;5eA4fSPr`#k?|^u-G1K6VaF!&%emuU{WAB=VC1O$b
zSq>mNWTH``1%5++y`=155M5lH#gq)`9UmXTID3=eXA*aroC6VV%$@>?vUvx*au#<`
zhH9Zwxmj|G!5uDzvZ*V7$8ZQxJfmS-<=ipC<_o;&?UN%Iyi|TTdw0ILx*Gifsnlnc
zM7Dr(6~>Re#%`vWlS$0wEL&$j!?H5;W;5?@i~e^Qk8yo}IWbJ7zk_=HZT1)bDyVos
zHQXQaez8*-S%K_;lYeK6lF{LEnL&zwN=jwNmHb<A+>#oX1KDd;R33R$K0mSOWNi=W
z4h*HRyX>($IXEW>Oq$BZV{?Rm#B#zEM;HhxySyVpaYGAY;SVQVM+iJQl{_Yiq{xDL
z;n5WnN<t8Ss}i&zSs^f`TOwOofs6?$y!7}Ho}|0o2E3tSX2c<baaK-5>rFPE9!D74
zzv%DxpE!qMU58=D*uGQy3$vE$a{YyQ>)*~@Sn9Q{yD&=t?k>zusX?*XZwELD=Pi_#
zbKXMdEiBbD@@TeB6W&6Q)+l-lRZ64I2Gi^;lyud9%2{Yt-%{;~n)k<9=&nv`(pkv&
zgT2#VUd9jFXK1`l=^^_JB>~Bm1ur3Bv~aC_hUXvN{r$uH^9vL&;_1kz-WR-#db8iK
zf{&4ZGa3gZ*poSx<R)w#4`TR-KVAgXE0%Mvz4)~8=~LQ~PoI97;Tie#>G<p|{SOED
zy~O-~I*WwI4XJ9q`h(ac7tz_t>zB8|?kj2O-IueF?zX*gtonVI5+u1Uj;AA2s~6EU
z8b{Z6Ibw`}c(wb|8~ckfiG4ItBk_rsUL5w`dIUQxFU`s0&YeZ$aX8!M^8_iABS}g|
z-^e`N#lQXX+u<Yp6J~XC(V5AmX?9mqzas&EhRwdw4qYx{lG!=Nd>PJ&i-R?hlA1*G
zt=G{Q3)`88)oJ4K%W}_l#`VYCh3fEL_Ff*vJG#2s8pQ;rcsrfnZIwpBYkinb@Oq?q
ztA0u5V4L@$8}2#Y8HKm<?a5<2wcMAc^;u>sTKg^~m6;EdbS>l7Rrn9#?n99G5ac|6
zMC;={%;@)mQb*AhDrpD2s|<Jl&gJrFBA2_tc+9+mx85DP3{gnz*@+*L`V<EwmJ*U^
zE{O1!TGqXa&N--O@Rc}2+0jQNJ5OEfp1Qi3bgFym<UlZ(r>;VB9_gOjn4hOXPn}EC
zLti^jo%7VKxu?#QbOGwAtG=zP=eL7@WM#0bZ>a=D%@+N3!oQSu)5dLAb^EXOPJPX@
zU*4;v)9@BtT;ML~La;GiT#iRE-ol+I2qYIi?I5F`%o+r5=C@Q&{xJRV2fUYvCf7fb
z>^9GS*yDepAHv%oFX-lxo2x%~=w=pPJx>AJ-WPB8Hr^9yQH8k2UnbGF$taG07bHsQ
zNBS3HfBvxN{YWxvk^Dx)+@Nsw5fv?FbfPKC3WggBXB_Q*i(4nj#nEVjccWvhhOc*j
z*u&i;w<~;_;343CO1c-|O>JH|?<Ifr4h|phiMuBE0{$6#A^!-Of~9wVBOLiW!UTGl
z=f=S|%-wjH>GVr;mC=!l8B$$;+Qp#uG0DY6#*PPy_uoi#6L|!r7_&$pvSE-mMAEFy
z39fwy*Pn;iGrECh^N4?lSfVdU<H-dG==Vjq2zQg&6%6u$v^BmX)Y9q~<kX+IV#pqe
zggm4yl=(dP6DMPzdtYb{1m*}QU|f;iEX|@e&rsc=F&1%jD>h1)J(9YAq}6bQf1C+6
z#hXeAr&8B$o)`G?y*Cc8z40E`G(Ga`nEHdgaSv-2%-{Iqp0T&=Ba*8kNhsAV(RG+p
z<HdNMjSlg~{L7Ki;&M@{Ad!zZ!|^jdGZEeoVs(o9>ESl;5985~AU3AMN#t&iX4VdS
zB=y{wIMscDrTyF7yNsWIGuL(R>&WYQv)i8VrT?G7OJ0z^!gJW8bbDl0yfN<4OHL3g
z6iyJGapu~4=aE}>Q|=+IFg$89LqF`{ap2MHMdLgJ5f5BSE6ymJ{tgm_&IqPH_i~WF
z6k+)kf21H#aG}Zxo$<s(xz~e~<yE>amj@b8(a)hbo1j~woxIC`Xfc-v7G;`$snutW
zWTHdySC^3&iZW&sO}eWycXZ2^+CUMVC>8|RCg7?*TPlAT-Cm=3=0C5S_T%U1I*Qr5
z<m!Ok`0Mqj4TKf+{0290^mzIQ{_`dza-019BhcJb8?&l?v8IZAUuoD+R@g_{?;mrU
z4*7o3v`>WZ4|9!wDfWXl`#`JxpK0G`z2D1?Cc8qFh7@JeH5|V?DYT1iG|bT>a$0FT
z#S<KpOTLh&N6V@CI>^?1sgILV?Iv<GWMKg8F}weg+{<(kuo?%=#Zq+uta3McE_X(O
zdM>%7-lFHqeAk-3^AxNkJz<aMC+vmv1fs|DjM$APpD(a~-j}F39x)thbvH4Zm3|#D
zn&di`1_pGn^Z~sO$-x)4SXq|d<glW-kMyWJV`}nKJznXs*kNCDAL+0QqiIgf9d%(i
zO>*0ll@3Up!Z*inPrEUm<~Xju-;EJ9$#nhYTMOASot_;B0ZH7}9NYDmZ!yS6)F9)n
z)@DeD)F|hFt=4GxFdH|>bE~x!$XFWWw$&O6WH62L*$NDW#e~|W_>+7c%@$26w-p!(
z#lbZCah7i+<ZcIOVf#H;zLg-m@Sr)K8!X>MkPfIxzRTaKz#jOR4B64t0|RAM;zSe!
zF(n#e4}2{8fH2KB0%5*56~$OgI4Jh4YAkjxMN@2B2zx+LOIIY5`WXviIAOq?B>eIq
zA8C=qiEI?y-WmUV`t#>(RSuw#dD>a-6iKjflKB_)c&2TVqe3JVR*g;kGaY18fud%t
v6>Xf2dm~!R#eLWK=kNdXfBgTGopezNwN_|XNNy)&my`E&ItHM000000XRIn?

delta 6794
zcmV;58g=Em>H)Xv0kGr>2@O?fSG3CpPn5Im3XD&GQ_LK}JCmcAO_J|`vHNbOc?n#r
zKCgjO;@sYwe5p^`&zD+G#=`6R7D=C!M4HT(s%*sNOO=&#`BJ-;FLl9kk*2wxdh9Z-
zTG>)bAdiQVvq!W=l=3z^&EYvS`O!H&@<~3D;B6ZBBe=U-Zd64wQGSlUOJX&4lD|ma
zN|N_~afhDJXMd&HEXgaEd9=HkN3$Q*WgcB+=26YZ5i;gxvWb~Y^pcxS&~(;Ki94u~
z68B9R6<TU{O>*KEtp#aumlSun9!YVFTbD{naWzRTYh=YOb<HL#ZmF`(R!&soj3t;V
z5uQ3O0Dt*eai8Yq!ezzfJx`UV%ZjU&iKhjBSwfx5iktm2?<}~-sbSNT1eYC@y?5C`
zGd-Y`#8kNKpe{RTj?P2N_vo^NI&R6lbJ;<2^_t?7Rb~gZp^=N_luTr~W+oe+dXijT
z&}JHPc|jY_3;JrZ)RcnkjEdsq3$XcFNW?D?{c$-5`D1~#T7J&KdzWF;r5wx_hDcd|
zQrJe?!~>JMZsm{wCdaZ#A>mREN(&3-us|BodRAGm;5o2NvjJ9{NpX`nYZYli1)@;J
zqg1To0SwYU=ap6n^)0pm#y2M&Gt#hRWlLRJQJXG9pMo^1>7$CrUaQvEt1jiBtawFL
zYpZNs%0cY|8nC_kHOg!){k)<S2X<+H3tY-U$)nwNzH})EtE3!6FaCu4JWBZndsfw5
zropDH8h}j$nhLnDCaGd!&gA@{F4Lf?sI3AhC&1E(B0Tw(b?PgZWl&wXJ@rw?wJV-3
zs1f_*TIMcU8rh~*9%ixGSl4D#%RI(P>Q49CWH>kP*jURfgN-QJ3ToD67;IL5`GM3Q
zcyjDjU_B)W>sTcvVVsy+T4Y7rZ<k>ZUZBoK9=`Ir41+GiVBt|7bGr<K@~6(Ha2W=(
zKgzpTEyJL&8SAqs#8`Dn2J=tVxTVAx6Q8f=V_l`SmjF`ck`1OGj?71;D9Q@qnvxEr
zQQJ_`ddl5S;by`r<%W_@(tS#Q<))TSmu#>@oa&MdLVlJl1jU~UKNJO^H2ON|@B5Pg
z?rHl8;L5mTUe~usaG)g8WCA#4BQ61)tei^#*ZBl+!nf*jz_}c7E(e^;0cV$L%jJMu
z(oDJ>aCXyKHwWC2%K;}d7^KBr4!AYR0ax6;bSMX0scSYl;7XNkc5|YC8fPrQREhA^
z@dEfu&jB~s&&`F)0mpluDo=0@xDS&NCWhyh@OzIh#yw^i^UczONDEhBDN3N(v~Yl#
zE-yUoWQt4p4w5adRM<MT+i%3Vt83!7x*6j-oht3vCS#m^%CyY;gDy|QZ;*^}2fE=O
z$ZETcaT+CHl`+oj<R;92L6jxdMCT&$Od2gDvzqT=ewy;K@&LnI*s=xcsWkdQ+80{Q
z#l&c0ViKLPs<;^T-Q`d(8n(EpnNzEyPC2(4kp&qXM`Cb6lFcZhq?f^`84xF#K{Sfd
zLUcV~SWXFib3w3F=?O*Ny1bQHm%D4m>{Y;#RT&%}x^Dx1EW$*8*yoVJV!eQcL3`s9
zZ|>2bN=YB~60We8FvWOa`JT)|M@wmeJiTE+M>0$~+r%ce5=rYoq>>hdNG2_42LGI9
zN}NEzKLywi6?z$p`jwJhvY4PAQ5Z3?!eVkDd6!Wh{|f;B(TBqWrJokG(EzjpNDI_m
z^2npn3iP#U3gFs*ffla_>8TVwq+Xza5CQ#q`BB&5){p{FfDi;6WKsk`P>>ZMr~w^;
zpm-qV{IW;O`kI$jKARCb0}g7F?GnxVDBvy%5Zzo-ItD(>>Z6U)P9GX4s`tv(ju|zP
zU+4HylaDPolysu*Qyi&UE|(VREOGSK<ytApb>>u+8#Fh6g!{>%H5Y~APi2m;oH4$9
z`e{yNzl1FFhMe)0PL$MS^Bzq|%{5CSZ*lcND;ejFE3hK$x>92*U0kGJF!ZY61(t9{
zh-v0zg4L9OHhf)3&0(R8C43Jr5NV&6pccg%@DFq-tKgY~<?#$SQt95{l}NNo%XlS8
zKn$<z!-MgE)I=J@E2$fCcqLgmhga$pUMaESX%I5E;`#9&GlWGZ#NxmJn59KZJoye%
zJQB^|xQ*B;jkI+MVkwHTEQnaV4OyUfe-|AGf$aPeZwsao?Z%8m_^ZH266H3)G^y2}
zV46<(7?00RL5L<(%()_7zCY*<25rX67h>JZYhONpuw61Y30Gxh`*Q3}zQl6lL=)C-
z3~DcK9kPFB{%{fOsNSMkC4$}3H&8vOz1&-ip!RZQn<ZaV<Gi-+LGAhbfL%~K?|I#z
zcCn&9h$!~*oziVavGb{wtwU{ut-A}(M@u-MFeMFg7o3+yARoTF;Jnpv^;P%|Z8L>+
z)rV+*bvl+^Lzd+|bQhdEZppms&iRD-T-f52aZ+uH8{?B@UT`im9EaW*bD|Bkdw)jV
z%E5Dm+?mxHa#x*OLCK7P^;l`*IpNv6n@cGS3F)>9=Z1xHuOg#w8oF(`ty31Yo!^jv
zARdXjInQlYD1IYn)Z5Z~pRG*EW&Bolq<D9KsPYBY<%*2dFx)^2h!2KbM4^PNyy8yw
zLQ4CZ62ajh<-l#xoIYmzVM>$<3{ij$;#u6gDW8I*PXk~Exw@1rq?t->p%@xrcX1Vv
zmc@<h2rcyz0`{UMLG)<JifGHEK14W^!cfc>Eu2ABz7NM<ETELEm$=gvZpq|V&PkYm
zj9%MO0BMzO%A_DKI~sFwU8Z@=I-wO0NKYk&ZS<9RV0x<xv{O79y_FP!Oa)wzB~>h-
zpMa}-L5NQAn1^JgZ^UCFyIyx+8e|K8HJkOtZ1lc0c6wjZGwg;o*(H_$cqVyFABj9&
zk?cAaiFmpo;danX@|e2>v|^ItHK3V)2@QyGBOaxZBObsID=8t}YkiyUM#`pDUj^kC
zL}5%XrM&UJ(kM2*#+?w=M^v8JL?M!ZWf%S1<T9TA`{|tOKvGYkId@q>pq4bTig>Iv
zWkp@NOl=9$m*B~<*O~RSCahzX)QWLpYUv#yM4c7}z|_eDU@j<JotCwMtdnPd;|0KK
zg|P&J!q>@TTz8CL(pW&-gyB;gVeRBmwy$vzxEmq)%o=Wll>IEH>XNgO<ZSFzP1jL~
zbpo<U?qia*I*W2ur)si-@*{^!O^zqCJV{gT*>Gd|M_H=?=>f_PASH*paF9~&c5(w#
z>|kyv=_K8!BnN8gTv{3qcj2IanN!_`gOHzP3qkRx27;=<sEqpq;O(~$;FX16)4IL|
z7D-8@NdT|15eMLvm2&{zH30DT5Ov1ZyK#{DMUj_WEGRiz(&Kttxo1$|Z6R1&cYEMU
zZx7_3%3UDn?rBS&QoHMMPn%TFN~^fL+SUZ=UNrn_Bi$ujQ3Kju>YfdMw7pc>#uygW
zICBZcN`$D+Cdywvv^@`nbkKI*^HhmCXuDA^%5Yi-ZMVgsJ7~LuwmWEh(XH;F?G?_X
z8Uvv|G_bORwmWXgymQd@T)n3FWYy4i8#=jYCCOx#YdTPSrTC0$4LMMI!=Uz8@)$%#
zaby>+R)+Ah69U;aYO|1kh+iQ3<1oJbv4{e15aVkT<E<j&@Uof0kO0o4a2t48xFpK4
zvhey2CtG?95%IJLWGdjgAgNLlC)?0vsNyk?(n|G+$3%9$ptBlLgJZ|6kz)=v+rT0(
zo-PQyJpjzyB_OmVDehpi$ke8T%{Hm_Dkwe&nJqud)07}x37#B(dwp3?W5POCNu?Mk
zrk2imFpycZ0Sn_2<WRKYh1zZ4P_zz3D}I!BuNsQBxpbQlE5!k6^G{XJWwNe{&)4&@
zRA`qzfM_{DZTjKJd{jC|sc>K;=|FmR3ni_m+-;bmDPk!%lys8r6I@X(oeogjAx?FG
zTFB3`g`oIT1ECy$;8^hc1E?Le52%$zJ<__q1>`|Vq)9-nvJnTUm6daV+O+`G3RjuK
z)H+P9!_+!Vt;5txRw0L}ec+hdqV3l)Ol_%qHkjH{WgB}~RO8Gg7%LH?I{PTUHB2pD
z8OL{c^ZR}=4vV;2cVl!@u-fC_7vA5;qksO>n+3<ez8TGb<KZ!%cyCOmK1Sm27?Hp4
z71TD%W4ws*BI*1VC=YHeysL?QD=`I4tdo@o8CJz4ONmOAC!dnKKjdPYR7rNv_%j6y
zX*7Rj8BGWn9T^4AW~TcU2_+$0p1FS`LQKTG@<c^*GD$3~m-r^p4Hg2#Bjm+Sgop_e
za)La6jyK<bGGn2zoaCz=|H^3h(ChFLk(rg!2st9+8M^YuaVRVD`yyoMopFeFD-jmW
z=ZL7R8UD^>leu+*JAWJmVepKhwRcXVm*Stq>gE65Mju~%N+fXRecQdp(!ID`#Nmwd
z36(!;0JHxlP@Fw1khsOYa}V=k_<sib<j8;THQwWYVMg_Fk<sGz^p}^re*E>*#%HEB
zw(u<DPx1WI2K{vhVGBB%g|A1mc>W%9<}7%AF<XS&|Nd!0M#dBp9@`cj<G;{1V(=p}
z0QCI-L!UN|e?7rmME$CtHvWY$i_onA9xNdtzBB#IpC+RE8DG5E?uKk{$Y<Xq1*qB&
z(8UdZIXWZnhq&>1#3qY)_2O_yw9M8kS}+V!Z|?SPT5CIPEKBOfi-+Fi4sEe<ZD(3M
z8O=h%RClWOxK+OWasTsfQW&ox=WmV&j}H~KjFj+pEPUhPZEC!|{c-S_?Vm7J@;l%B
z8EMb~?;x@@m_Vu=;%5Kr<lS~M_G90V7L&PuradD;yaC6%=wBuuFyE4);BIB8(uo$l
zK{i7_g%h%9hrte00i@7Q_EYWTn1q))5AkA$*=Yxzq?%?2Wwtfv^KcsPpfYppBw=mo
z-0rYXx08PRbP{*6lagVRIqrNs#{!2ZsxS~z_2nX-N4Kw-C*gVeNfL5}0+~j35E9IP
zP$(q2DPA+_!@|d2eA@UV_2Drc^_qBx!ii6n)!D`28+B2<VIQ$*GG)1#e*seH4PFxE
zg%(p0ZgsMlC2P*vMPETQE&s}_d3i_$v-+q9cH<|)HsS2z#*<G3uR_=>zKO<!{Jyj!
zG|-za8(+QAm~=%-k2>6DVL<dPKS+yzX38C^>YUscHQ64f<k3D3zIqcs44714R_1zE
z)+I`itUJ`9qUs4PmD9;+i>lsj#mSU3CP;FSRCFJZXJbx6czyN8{fyW+cmcy>lx^Cj
zBt!pZGQ!NNrh3uu9~?pHQCG{|TW>lg-bC9Eh%K9OV5&?W-6`=%7)g|qUoXagV`{o6
zzA>%h<Gsgia<(f`Eb4d@#b;J=6q}y}YtCAdQkS2VcYEfF3cICglep~Iv+_AR9$!aT
z72GIJb9kNnq-7VO3UN*F&avc3_8nWo7Zpv(ziRnMlLPYMp0g*O4YDs*AGT+A&ve^d
z>%6_NP1PMG7hNy%6bY&W{8G1nZO`y6yap(B0^}xDT2kS=1UX|k33r??E9Z{$TRhHB
z|8OTW_0>l4a7L*$>bTU*r!|tkCWRqMP_61)>OE0&y^d{e7Q{Vx{a<8D?~ZNSI<|Rx
z@@n{j056Ac()lK?ZvH2t^M9|-YO;*gy|Wq_KgHfx5`^o`@QgsRieUqPxWBK@DyFkk
z1S<^b6b)r$s!Ci!z-Zlu7v43Y{#U8lR?y{GRbJA=m*e0yiOC{I026c(MPo#nTW+sr
zl9y$<eI%P>R5&Z~X4m9AA-Ka6I`X$Ze%fFmUxMhTjh#;$K}6(%ppe*~{%wTCkN(>W
zMw6?E{&POVTfN|RO8>xrj6YqFsT@wf1(Rq#3x5yjixWx<5Ab$0AtX?-#pifFV{&{U
zc_pYyU;dSMj`j1iI5T0p0X(yqmE*85*y*?UW;gsJq*c=pwd5!NHemmz<QQs`lX~?P
zlZ`)3_V&h6^o7N~;i5iOXe^Y_LzG&2_`!l>$QR;7l5+(-C0m7mo^BJ`h|bm(jS@@g
zq{k8T(1$V$>nFm!5Jw=yC+$BS`2ELEf+PRn=qmJ%o<8pPA6<EekDm6g!pB$rM~}T=
zaP`FBe{ytmc-epAg-1_=%P0MQ_#`|y^bUwO8#4{=2xmzG?8oDKJ@&3?SRxi>pXC6e
zLnay}THrU-OUe#^2GPaESxm{0-tqAfjI%chekO63$vF_=#_TDOD4Tb{D`#;BWvCV^
zm767}7~J7fD4V+ScMOLB#WNbVRn8qFY`(yY-aa{k!As?bvv=o<tE<r;kV<`4Nn{Hs
zS7H3fYwTv4Ihn*<&a!ppGb}4ZZ#MJpw&;I{@fg>a6T?)0`a7uC-)4W|uY!sPRKxut
z?-x6jkrl`eIQe(BC>b3tml>q^r=(PNT*<!`$1SOGIgq_pMdgu4<?|DZPS*C2?!ZtA
zyUQNClY?`Dz@({cJT^!8M=U2yafE@8vdcRn6gRXW7XEO;b%el^Q^{kJNQx||7am<P
zp(F&cDnSc>k`)3|x+Sue708&7!b^`I;YqsNZNM8UW=0$`7-!`~wBBUn>2ZXy{fqv7
z|A})L)^!+WjO{zMzc6d5F4td}xBl(ig{5BGx(l-e;O@fglo}M9{dRzpaNa^$Ip-~O
z-ojEnBade5G~q1-X^o<{P^C2LY%tBvLP=MxoP}0@^)1z&sCj>!h3@L4CY^<RKiE6{
z<z@V!eTK%{lpeCrP!f<_S@049Mhn-<XL$bM-QPdFKfgfnBA$+X>V3h>s5ko!EBF}s
zH=}Vtf<2j2Np8Z{@gRnO_~S)Dy<$1%+KW#cpFX7>`Sj_R8J>|(pN`Mo(*JOP-%HG|
zvq*S<+>ol)t3QZMauJ=KyncBb?7otg-hDX>>2BK_$Ex3VDM6C!;&?hTwR#avqj7Y7
zmm|gqh*!HWy|KR-lh{WSH4>kA>BV91tw*rK^3t3<?%Y{49*47CK2MM`Ig+Gg^o`8J
zUHscGza2ipKVeoU7oC}0nr3$;^*a(^*z6mB?a<{SCYhaM%$MPexHwo7DXB>`-+CR5
zv9O(aSe+&wzbyA`XIy{GU8oN4W$)!tyrZkDtx-&1inr7G-BxK7yw->51g}S$x9XQ<
z4z_t8y5XMVol$rz-<~|iQ_Fp6TAyXMqP6c*QknTMN!K!NU4{P;?mh&04?)gDv_9T{
z!;F3}D0LKFp^|pMyUK9)?_4f_CUUtOjK|D7c<bGv%MgXco}Kt1sZVi0Vkses=7I=s
zsb$@(=$wOk249IYlpTFUvh&on?y0MrNvFD}P7VZvdFm=8=aKHYjrn;R^whaDJ@mEn
z)HzSxntSR@Nf)4=y6W4ydVV`dRtBqo`j$#i)NIjjC;UrkH*MT@Rk#0Y@6^{k`{lh#
zIt_2Z#RcwyE(9CX#pQSu<1O5Yf<SWN(+)D~$*e)}W`0Zc<PXyyf53Z*Xmb4{$!_!P
zhdurm`XRji@q%t1xw-m-hi+!!)$<gf?S1ifZ{t0Y7FCFQ{ACh-n~dUkL86p@ex!dP
z_U8|K-j5`+7Rhf!%nb@>A5qa_MkkuGtYEmIaK_Q@x43nZTpW!icsDx6YWRBhhdtaq
za=XH(2_6FOr=)uU-qhxm^Iq~-@8Iz9p15mrFW{e{7xIsgDOh^<H^Pz6BTS%&d2Sqh
z!`zLBnNGhnR~a3-m?71rT?}e}ACp{MWbAmLc>j$=H<3p`iZP4yAsYs1LnO`GoZ#Ab
zaQ%6BJ);|FHjns+h$Z@xG@e|5fPP<ui*PrYUBMt9NL%AOLM^R+K~DXND~9ZmNXSFV
zLYdElKXEelx%Y+UKwyq=0>%~D&C)Dt^9<D;8e<Vhw_>A&*(0e-S`9~k_{W)GQ@p8^
za4L1}=6QiH-+SZm+8gh2P17U4j;TM`8~3ng!TgOs?iqW_J|ej)l7v#-5?zNmHC~M8
z+2{~&%)cBNEiM<O3KIEvGaNtTGZW$cAXcZipB`=l|1ci?2x4P8oJ8*SXlCuOM^ev?
ziBsJdSlYkMz03GHb6xj;zK*<}H@oc#U;6(UyyOMxD?EoiO1DR5#T(-uz2pS3Lg56_
z8E3A&cOJQAH{~AU3d5r&GxWnA9tR%HUNp`#5b?mJwBn4i>F*#>=!{_Mb1w(!OA(e&
z@ka^*1sAHE&>2rmlzTl$Sze{<a(STf6#X1}vkAH-+R3|&7ITSzU{R*|ms)-1NG3WI
ze{~sop(tZE(WJXNb4RyqsSOm-iDE&3Z33?9v!(Kf(d{*gXa4iLX+M6BuA`W}ORf&s
zjlW)h+CW%A&u?%8M~|m};6HCdBDcxkKLX87wK1#O7i+4>_mzhIWQBdC{r)kx>5%Ui
zP5VUn{xH{=Vn1kqvk$b||C#oE*89EOXtFC*X-H8fUBmIalR~@LM#CIEBBzzcQ#`>j
zx#SCZdbFIHuY+vOm-;v<)ovn3Lly?W9<%!|$-PV$0jqJ)Tr5=wz$$m6=W=HhsOOSP
z>MeS%%y+HnJ5Rw%(i8T0e!^ZzPat|c&xqY<^7#VmeTkZX;}OH5R(BJlS?Sjiqe-q~
zX<$GHOCQktkQ{tri<M>RO%5xX`$&(vGo~g#)#H^8iyihg_mK{}Fq-Dn+))>X(<HY&
zS?PepDSUJM_Ou)0X^!Li``s8(lT6oNzO|4Y)9Kl95Rk-e&9Pm7`4)qGL=7_DYHfye
zNR4vdYK?|}53_NDJhxg)fsCa=Zd<LPKnBw&pRK@9SWKv0ia*KM(QMJAa$A9sP#jF7
zA7}YSLhg2e7PjAm<y#4|3lEy(xxw;H1nGd9<h%Tx3haT8$&ejQJupyKB~C;!5L2Qd
z_Q1!Y4+ztIBM|0`Q&Eh?go9$ws>WjHQZ&Veum==awRA-?sh_bRh7$(NNy0A=@{txv
zoXAGO?Va(@r$2wrR^<Q+nWvrQPLTu)Cz*dyk7wE@IVwa_Vb$2gKhr@r6)0-PTG7VY
sxHqE3T-<k!fBybI|HuCilc01_2@O?fSG3CpPn47TbUFr|bN~PV0C=BB)Bpeg

diff --git a/Solutions/MicrosoftDefenderForEndpoint/Package/mainTemplate.json b/Solutions/MicrosoftDefenderForEndpoint/Package/mainTemplate.json
index 997be49bd49..9dddf97f83f 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/Package/mainTemplate.json
+++ b/Solutions/MicrosoftDefenderForEndpoint/Package/mainTemplate.json
@@ -5670,7 +5670,7 @@
               ],
               "properties": {
                 "roleDefinitionId": "[[variables('_roleDefinitionId')]",
-                "principalId": "[[reference(resourceId('Microsoft.Logic/workflows', parameters('PlaybookName')), '2017-07-01', 'full').identity.principalId]"
+                "principalId": "[[reference(resourceId('Microsoft.Logic/workflows', parameters('PlaybookName')), '2019-05-01', 'full').identity.principalId]"
               }
             },
             {
diff --git a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Run-MDEAntivirus/Run-MDEAntivirus-alert-trigger/azuredeploy.json b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Run-MDEAntivirus/Run-MDEAntivirus-alert-trigger/azuredeploy.json
index e06d6e5e26a..13f148fbfab 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Run-MDEAntivirus/Run-MDEAntivirus-alert-trigger/azuredeploy.json
+++ b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Run-MDEAntivirus/Run-MDEAntivirus-alert-trigger/azuredeploy.json
@@ -371,7 +371,7 @@
             ],
             "properties": {
                 "roleDefinitionId": "[variables('_roleDefinitionId')]",
-                "principalId": "[reference(resourceId('Microsoft.Logic/workflows', parameters('PlaybookName')), '2017-07-01', 'full').identity.principalId]"
+                "principalId": "[reference(resourceId('Microsoft.Logic/workflows', parameters('PlaybookName')), '2019-05-01', 'full').identity.principalId]"
             }
         }
     ]

From 157154a8fff9717714ac7da25af048749b6943d6 Mon Sep 17 00:00:00 2001
From: v-rbajaj <v-rbajaj@microsoft.com>
Date: Thu, 16 Nov 2023 17:12:11 +0530
Subject: [PATCH 11/15] zip update

---
 .../Package/3.0.1.zip                         | Bin 30010 -> 29988 bytes
 .../Package/mainTemplate.json                 |   2 --
 2 files changed, 2 deletions(-)

diff --git a/Solutions/MicrosoftDefenderForEndpoint/Package/3.0.1.zip b/Solutions/MicrosoftDefenderForEndpoint/Package/3.0.1.zip
index c88060cd26c9bc51f55a15baeb89389d690eadd2..6260b2f9c49d108af865e9e1ed26af70de6ec828 100644
GIT binary patch
delta 2582
zcmV+x3hDK_>H(zc0kGr>4RDEYS2-enmw{;j06Mer3MDyzMV&5%8z1!c2fe}J8p4gs
zTa7%nSmq@Wi+I+Q!g_A<C6@0CHK<}ErntE4&i<MCBWtZW0C9yqN>d18wbQFQp19mu
z3qWzXvdsodRO75B*esEnIvaC;`H<rL-JcFp%zK_H$y$)&hXEok-ygdK5V33-65i(~
zVZ-j$VXG{Ehwj$lj=+Uian@j)+q0|Z3|8lpS#7thQw4YHa5X+z^{vA;bh>in+sbjP
zDZy~Do#LhywRjY5)ED<KYl1PT7>{+n^xIXL6IB*dHVcV}1fo;!`c?i|U~n70epL>j
zmlsze$R5&FrW$5<*O*$$BdyT7Op?bGkZT$~Ts~=k@v0bkEnOhyofd`R-dRxq_MJRR
zP%3#0J-5*^<k9L%GhUSz17KEZId_ezG5X!a@99$~{xy9};wT=l9v4qNYz}#v!sn2u
zd~F=ul9F8+2d_PE_qsTB!#)Ye2m?am!`yH1COIIOlswD3M-DzO?hZLPxQ0Bi0j&5A
zIaB(74HGqYt0|0spls=uC$~JUXn6u7Makn9D7c8Z1u9>_*sQzcwDh=3PV-MP+3u24
z#c<}8())@<QQKFDtpzeH?tOY*OE+Lu*L>p36Q8d~tpuF|3m{t3q|G*rS^iPhDnO8c
zVq}Y+H*j$F!;$%D<v3FJS^Zpb)&(eOJ>_nHW9ChfK)Io$ljJb-%AXpD)&Pf^-X9ET
zzkLj-EL4rw^)2G7l|-7vfGQht7*JU`hXGv+3}})htTqZX5BnUsYfrla1a;S*b{;nA
zV2~?=LAq;CrN&zxn&_@QRT)?J7PVM3c$-2k%4k-=DVDltgHtS3w%G)TYWD=En7>?q
z(BTw$&r>B@38#2EJq`kLw(>B5isc(BTLda5b6Z|u98$3Z{z->abVx<8SH3X>nnNnm
z$LL8abOXXQ4yo7xQt|YRuUbRu3$r2T0E?NYxVuFTu()KvBD?s6g~Bu!F!6xm71D^f
z>kx<}Oi@aCQ&4&jaWQ5v(FXanT$`VNx4$Q;xqf1)x$Nk@&sL`7GP_zkQoK7<Hv;Q&
zc_uYj?Z%=#RAC+pGR63?)3Y|QyP`1%&E<~;^iKlK9jT)_HEaV698{=Esq-_b)OO5Z
zEmnU>Kw=hXD*J{s#<W2&F*gkzoVXD^LLNgLwsH7yokEMR98S!^tXj=N3qrJi3we|p
zhCGIT+h`i{Xtg^8rVCdGwxMsR3f{@YE}1E+5K(8EejBA%8P3!MjHwJ?GH6@?gvpKq
z9LA)DFU8c`EDTiI1+2nIxu19d46#q4P^B_NN#pTWS2iG%(j^B#G>=KLn`0|nl06>D
zC<_)h;?=zk&)63`EL3|KD4_m-HejAw0rKF@6XhcE|25_naBY-t%~orFJIsz^IMpya
z%$?fQe%r8Lc7UDiQ+30hSj*g*bs1LKgFB!OE1UgbWIkGP!|Oh$pDWI~041%b?0`CU
zyOlcI3J26lsID1MXV5-SryStJ>-rWUg-Rk#0(F#)IG~QKoCE4~7pQZ8Iz=Liu*clJ
z^>I3<XY~;}n1+MqGy=_WceE`H`Qz?rb9c0@9XP3bceLeocrh5O6{yr{(Fa*-bqzsM
z>Dn%><X}>30+T9kH|oNqq(?n9a8jlI+2Eu~m2LK5qS`&dNgX(xR2w*{v-~ZF4+AcB
zP>?IsDqN~C#pU%Tk;J%vNz_!rX%OU8sc;?i)F4m0TTbI+8}t+(i5xv8^K?1%)P{y#
zMSCFhl-X@cn1skPmYH(_1V|5$WoF$y#0!))-vc~@W(sz=b$X_aT-6_0N;^cWxdUwI
z0rs%J>?3UU>E(!p&C|0@9W0?fyBZ^{Nk~(mRVK8Qkq#|YD`H!J9u%sXV<6+xf)M7X
z1<lt*on}g$REY3Co}gSTB_d96Y>$zgR_HPeCx|es@ahVOGa><9vk)DhohJU!(=!qY
zPBw$(Jm9Y=+sX2PXJW~B5pic=THc%zOk)_)d~_S~hDLGHMf^|U&i~<Z_T#4s^|mvQ
zU>u_8N<Oq_=*6FZ(PB=%)z&7xxu7>>;eoj1kQN;hQTVt?7QjXP5(^6M-+c>Hw^lyn
zS(89@jha-dH}!%B4Bk_+(#EP{_;MN3bzS$U`$yYJlTMpNFwVv@=#7nGjl6Jubw`Ly
z7UQvzv$Y5U1LJF6R{3mV?K!<tnTU$IS{5|hc{G5wrd?-$7X#EdTA_MKk=A~KEZEi1
z33ZVPMRyfmh3ScS7@*5Lq;+1g15DgLx|&6|$eXaU_B(o9UOs6{vTtr3zkiEPPqxWA
zYLL(GyC{txla*H(28P&sExchd_uoa|wm<-e%HRblZ~-_t3pj%vz(Bv>fdLEZfC{wj
z!@&gY012#rwlC!$yA@+Q>>Jc@)~wqod9Q#`wg#VQ-AG#_`E`!AH91amLrEvfMcXQW
zDobGH>^xPH1}!0@k5zsi(=myfURM(Ii0~)HY*bH#W0Bvfl_Wt%#U`1b!aku&EP4Cs
z(u@O>F?>^k({RePn#0Pj{>w_DHjoLHOjFk9C2(wi!~MY}9JG&1D4(SBy1qpWkCI4}
zxCCV*4woP+=Wq#Yf=ggq@>;-z3OEFQJd$y**rE{}_`rb=9QeS24;=VleZU7roi0Ti
z9Q5`Fy}{vHp$*C#h&;4F=JgOubJjq@8gB9>mhbj7kOCv1ptzUL{^`&I)zJgRO+jt+
zfX0b`RRcs&>ZT2dpj6pr!z8NR6A-~82O?+#MDVaKTX|FvDAX!?z+JYo(o-)}jv05^
zN=M)Vt2jNd&8*bblLM=>#;m$q);WQ@Y^55Xto*VS8$w+<#ckyT)s)|@*iLcBidsBf
zHY$vJ2%9njF7R0A%ez#9IZb7Ob+eGjMj(2B<8Gbck44~pW4BJoAvE&h%82HNbc2J2
z&E4${w4jYF(h9B1BYD;Y6r-gJ1i8?n?)C<lDzJ^vM9t$NDA5{$pQh=zQFxW`5v*oC
zj0B}oy1fBzRLE{_fY+Y4d255ZS)T+VgaIM+Vea3j3mxE7?=Evl9t->hE#3+SgFHZg
zb?z>6P!+0!D0G)OD27ulkw)f{yk@q#hMnj=PlsV?dRN^FC-$@Wd_B5W>dZ!fXt{eG
z(ho=GqZPlO?z8&2;;ai$(t66>Mw*$<+;T%nC&?krls`3aE&>kgxIg%bNA2S$%CQ8z
zu5S^=q$JWLenQ!Z!%xV{IsC+$;3twhBoK8F6z*yVhpuqw3O*=@u5joI^0ghhf(Zl^
zU6I$}#Q+d@wL`g(X?d4ca#uU72{@y;<ERbJX!vTA)J<U<@^2P%)Lekd1BwqxBjv6`
sAW|ZY#LgRm(tB33P)?yH4RDEYS2-enmw{;j06LTYbT$TxbN~PV0H0LKTL1t6

delta 2586
zcmV+#3gz{r>H)gy0kGr>4YgKiS4eIrWS40G0D!ac3MDyzC7m9{*cKAtEUeT&el8Y~
zB9ae!`-9%#a19a3<=sdgek^mOh;=?|ZDCb7`4Y>wjvC;x5q4bMm}mdY{E;>29LBi9
zHl`_%vDz<I9dcamtOe${T-jz1CaQ5(6Ks}9O`W~FzkJkj{(4Y{I_5o3m1Hf{@x#Cw
zm#>&z0?t@}whRdeb(6?qcQLV5B1CsFaYqovt2mCZP5;@|qX?@b%&fLs*1?0jn7A6B
ztomYN8#-M%6>jB3)|7*|*iLcNidsCaHtLIem{`FWcZ|n6U-|{C%+D$dJDY_>L;}$%
zcS9?GEMU3~-_R<@*vpHn$ULaqPBqN#ZaTG;M_QqOb(tiODQ4F+e7Jnl;#FbvTDm}3
zJS_@?#<QXTcszNOxK;8PdTyg-$fMPjW=Jb727tBFa_**6V}QJg-_xf~h-~_p#8Et8
zJuaSl@E!6r1>qr2`DQt|B_+F64qkiS?u~NlhJ6yT5e9_Bhq>S2WphBhDS4K6)f{|Y
z+%<E5aQqE<U;|k3HFKs69VTk-;!_y^K-tnQPi}cy(eeZalaj|RP;e1*3sk;<u~~Ny
zYUy$Jpyr=svfVwXis8&FWdIh7qPDLPTMJ}Z-1`i^mTthRuKC25Cq7?~S_wJ_7C^M5
zd7W(-v;3p1Re&G?#mE+5Z{XnUha>aR%5kKB?z8&2;;ai$(t66>hSi%QfpSAhC&|I;
zl|MBQtpN@-y+1I~e)}*{S*RMV>s!QED~U7-6IC|iV4|{e4ko%5FwrEBSZ$za9vM1v
zH=}k3E9!1W?L4y5AthIalyo<vN{zQXG|}CRsxq$bEo!l7@HT~7l+mn!Q!I7Q2B%nm
zs%*0f5Y_GpPBDM~pu;Kho~KH*5>D}SdK?7gY~^7970Z`cwg^;A=C-`RIHY0+{F4r;
z=#YwFuY6+&G>25AkI|D<=mvyq98$3Xq~hrrU$utR7iL4w0Twe)ad(RxU~$QSMRqp|
z3x#PeVB!JAE2I%|*C7x|n4*;Orl9nHs^VhIV4@B3nY%VWZ+}m+cm2e&ciGW<pRG*E
zWp=f8q<D9zZUoll@=R*5+KokfsKPuHWQy@&r)O<qcSU0kn#&&x=${0dJ5on=YS;!C
zIH*vSQs-w<sqL7-TCDz%fW$1&RQ3&NjA?^lVs08bIB_F-ggk~gY~%3ZI)xU0UpbtZ
zgITqjg%*Tp7xE}I40#Oww$U`?(Q0=HOc$;WY(w8r6}*#)T{2TtA)?MS{WeOkGMuRi
z7*iR(WYD+(2$LNJIE+aPUy7->Ss19a3s{AbazF6^7-FA7p-N?llE&k$u53UirArQg
zXdaVfH^)}EBzruPQ5GyN&8vHVVV<!sc37zPFi=4KZNNOW0_4G)C(1?S|7*-E;MyqP
znyuFUc9<Q-aH?T;m^-zp{kCDh>;OC2r|O11v6i_r>oTme2X{anRyO;=$b7WohSz;g
zKUbV}0ZLj=*#ULzb}MzZ6%MGAP+c>i&Y*puPC3Ab*Yzzz3YA2f1nMY%8*xA#Svd#P
z=`K*`bc#e2VUM|c>*I7z&*~#|FbxOIX#|?%u5nu$^2c4{=B{yDJ8)9>u5ruj@M17l
zD^RJ^q7Smv>KcNi(zRV$$-$)71SVD7Zq$WINsoGJ;G|0Zv%yJ~D%<SAM74W@lR9uX
zsWxy@XZc$U9|m0NpdeR&s8zUBVT#M^O(KbLlc=eL(;&#HQsFx2sX?B0x17euHs~on
z5;=NG=IL_isSORgiuOS0DYM&@FbR=oEHmc<2#_8g%gnlah!-epz6W>)%@pi#>-0<;
zxvD?1ly-<#a|hVa1MFdc*+<yy)5{SHo2O@+I#@z|b~Q#?laQu=K&wn>DI*<Ps#e6d
zJSbE%$3VuX1tH8&3!1NsI?a?gsSx3PJVCiwN<^IC*d8M}t<Yr{P7q;M;nfumXG8+J
zW+6I0J5Btdr)MM*oNNZmdB9&$wv*)n&%~1NBI3@#w7fYbn8q-o`RF#}4UOWYi};_y
zo&Uq-?8i?N>TPF#9>F+7(Up8?&(MoMqs5$jtF29Xb3t#&!UJ*1AuT#2qVRE(EP#vn
zB^DIizxx)ZZmoRCvnGM+8a1g@Z|VgN7`&%srHxg^@Z~b5>$>hy_m8%dCY?5kV4RI*
z&>I`W8hPRR>W&bZEXHFaXKN7z2FBOCtn%5!+H-oPG7%Mjb+s&Lw)1EJZB4t*E(WM^
zv_kceBCY)dS+J|26Y3%pitZ}B3eywuFhG}gNb9^}2bj2hbTx}^kvCyy?RWIJynND@
zWZ&F6e*YGoo@|qK)F7YVcTpNYCM&Nn3=FaNT6n`^?!Sw^ZGiv`mB9;A-~w=P7H|eT
zfPsF$0|OR+)BzP}+lPY*+5r++ZC}bib}Pnq*f*%*tXa2F@?HU>Yz;oqx{<a<^6MOJ
zYjT|ChLTQ{i?&t%RF=TX*?FoY4O&7*AFKR4rehK{y{;ta5#djY*{Gff$0EN|D@lTk
zicK;<g?&PmSn~GMr5Oh%WB8^7r{R=oHHVd5{g;)0L~S4wESaXP&r9IghWmp{IA|Z2
zP(DfLb$yE%9wm_`aS6&s94<jt&fyZ)1ed_J<h6ha6>tdrcqHRqu|*>|@PPv#IPif3
zA2{&A`hX8gIz5W9og)G?u~PpC10)>u_6NPe;aUL_%6p7F`atFw5vzCBhQdm4@+FpU
z2sNmG10&|3xZTeF=>P`R0S3i=Lv4V8#?Ms)XHe><4bGrc*=A2As@)Tu!6Sz=Xai^P
zu<m1dR1hfCD!{<q$FkCcF;f~EcOOef5Cy9^V6aWT)YZcUtK-P5x?9#!g1e8U8lSBE
zJ{B87T{-A&<&f2s0<PFjamR{UJb*STjC+WGtTJLU@L1=|yLW>5Rb{bvvyjL}AbR62
zrr?i7Y<^=GQ^-*^^5V*%=ZAF3gNDuB1rM~KjV#g%t;-{M)&w`Br3=Kt(4y{w2be0b
z4dO)2LnbKE8nL0K>9<jMl^_(XW<3}MrBS-z0d7>tE_Z;}p0|0igSuIt#43aVA@pH?
z?%$_7AK+8(?t4fc3y20S-U>{EJV15s?t4%bsslQ7_dO_vQ!Up<<{rIfwz`I$=snMv
zVQG3--3ll6v-o^Hx>oAUMu2F!s~^%2N9Lmyzn|{2`nlq)3sBN}%H0N|na<pDLrEve
zfzgydHE=Eh4(qr-5Q|6cLoCX%1iY?MZxO|$B+?|rLfMFeSjfsbh{c*fERsACbwC#G
z_6G;RZ~zQGC<nlB01WcA9RPy~1QdXg*Wtwg5O@1SxsYjjmsWDOKdcEjqqyU!4bEuz
w_LII%VFG?|lOawQ0;^cFI!>V`4YgKiS4eIrWS40G0DzO|bT$T{bN~PV0Hi6{`2YX_

diff --git a/Solutions/MicrosoftDefenderForEndpoint/Package/mainTemplate.json b/Solutions/MicrosoftDefenderForEndpoint/Package/mainTemplate.json
index 9dddf97f83f..61a75a9f249 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/Package/mainTemplate.json
+++ b/Solutions/MicrosoftDefenderForEndpoint/Package/mainTemplate.json
@@ -3563,7 +3563,6 @@
             "title": "Restrict MDE FileHash - Entity Triggered",
             "description": "This playbook will take the triggering FileHash entity and generate an alert and block threat indicator for the file hash in MDE for 90 days.",
             "prerequisites": "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions and assign Microsoft Sentinel Reader to the resource group for the managed identity. Run the following code replacing the managed identity object id, subscriptionId and resource group. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $SubscriptionId = '<Enter your subsciption id here>' \n\n $ResourceGroup = '<Enter your resource group here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $RoleName = 'Microsoft Sentinel Responder' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n New-AzRoleAssignment -ObjectId $MIGuid -RoleDefinitionName $RoleName -Scope /subscriptions/$SubscriptionId/resourcegroups/$ResourceGroup \n\n ```",
-            "postDeployment": [],
             "lastUpdateTime": "2023-02-26T00:00:00Z",
             "entities": [
               "FileHash"
@@ -4320,7 +4319,6 @@
             "title": "Restrict MDE Ip Address - Entity Triggered",
             "description": "This playbook will and generate alert and block threat indicators for the IP entity in MDE for 90 days.",
             "prerequisites": "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions and assign Microsoft Sentinel Reader to the resource group for the managed identity. Run the following code replacing the managed identity object id, subscriptionId and resource group. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $SubscriptionId = '<Enter your subsciption id here>' \n\n $ResourceGroup = '<Enter your resource group here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $RoleName = 'Microsoft Sentinel Responder' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n New-AzRoleAssignment -ObjectId $MIGuid -RoleDefinitionName $RoleName -Scope /subscriptions/$SubscriptionId/resourcegroups/$ResourceGroup \n\n ```",
-            "postDeployment": [],
             "lastUpdateTime": "2023-02-26T00:00:00Z",
             "entities": [
               "Ip"

From fd9d1ba75194188d6f4eec81c05199b31074b1b4 Mon Sep 17 00:00:00 2001
From: v-atulyadav <104008048+v-atulyadav@users.noreply.github.com>
Date: Fri, 24 Nov 2023 17:35:10 +0530
Subject: [PATCH 12/15] updated post deployment steps

---
 .../Solution_MicrosoftDefenderEndpoint.json   |    6 +-
 .../Package/3.0.1.zip                         |  Bin 29988 -> 30646 bytes
 .../Package/createUiDefinition.json           |    2 +-
 .../Package/mainTemplate.json                 | 5186 +++++++++--------
 .../azuredeploy.json                          |   12 +-
 .../azuredeploy.json                          |   13 +-
 .../azuredeploy.json                          |   11 +
 .../azuredeploy.json                          |   11 +
 .../azuredeploy.json                          |   11 +
 .../azuredeploy.json                          |   11 +
 .../azuredeploy.json                          |   15 +-
 .../azuredeploy.json                          |   11 +
 .../azuredeploy.json                          |   11 +
 .../azuredeploy.json                          |   12 +-
 .../azuredeploy.json                          |   11 +
 .../azuredeploy.json                          |   11 +
 .../azuredeploy.json                          |   12 +-
 .../azuredeploy.json                          |   11 +
 .../azuredeploy.json                          |   11 +
 .../azuredeploy.json                          |   15 +-
 .../azuredeploy.json                          |   11 +
 .../azuredeploy.json                          |   11 +
 .../azuredeploy.json                          |   11 +
 .../azuredeploy.json                          |   12 +-
 .../azuredeploy.json                          |   11 +
 .../azuredeploy.json                          |   11 +
 .../ReleaseNotes.md                           |    1 +
 27 files changed, 2976 insertions(+), 2475 deletions(-)

diff --git a/Solutions/MicrosoftDefenderForEndpoint/Data/Solution_MicrosoftDefenderEndpoint.json b/Solutions/MicrosoftDefenderForEndpoint/Data/Solution_MicrosoftDefenderEndpoint.json
index caa724e740f..389a25fa1fc 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/Data/Solution_MicrosoftDefenderEndpoint.json
+++ b/Solutions/MicrosoftDefenderForEndpoint/Data/Solution_MicrosoftDefenderEndpoint.json
@@ -10,8 +10,8 @@
     "Analytic Rules/AquaBlizzardAVHits.yaml"
   ],
   "Parsers": [
-    "Parsers/AssignedIPAddress.txt",
-    "Parsers/Devicefromip.txt"
+    "Parsers/AssignedIPAddress.yaml",
+    "Parsers/Devicefromip.yaml"
   ],
   "Hunting Queries": [
     "Hunting Queries/MDE_Usage.yaml",
@@ -42,7 +42,7 @@
     "Playbooks/Unisolate-MDEMachine/Unisolate-MDE-Machine-entity-trigger/azuredeploy.json"
   ],
   "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\MicrosoftDefenderForEndpoint",
-  "Version": "3.0.0",
+  "Version": "3.0.1",
   "Metadata": "SolutionMetadata.json",
   "TemplateSpec": true,
   "Is1PConnector": true
diff --git a/Solutions/MicrosoftDefenderForEndpoint/Package/3.0.1.zip b/Solutions/MicrosoftDefenderForEndpoint/Package/3.0.1.zip
index 6260b2f9c49d108af865e9e1ed26af70de6ec828..5a903f03050f1c803708c174a408332fa8dcf3ee 100644
GIT binary patch
literal 30646
zcmZUaV{j)x^XFsRwr$(o*tTtNY}-yYwr$(CHa36B?epBf>h9`Z460vr)qH!Z`ZGN<
zin5?!Xh1+fP(Wy5o*HU^l^!z~AfSFqARx?tRugA4BUdvuD={;3D|;(fD+hZ9YZnLm
z9c?=Y+z#Y#{equBMIB9+lGLNa&A~s6idV-d{nENR(u$fALf6XLt6fv@6D`HZ4|})R
zH(kyCvN@vOzm24}Hx3;2^D+<4AM<~PHE-)i5yhu{e5x_Ev$J~cxeV@&^X^I`#EtpC
zsh0*H)pYq-kMM63+jwPK+EWg#eG9<b4rii88xkU$mC1Lf=o%mFt^jj?jv0Fjw`h;0
zk)Y*$dQy7TCFrX;ow{-HU=C#q;jxgNY?=<8CfVad!I7y1mQXPKQt6Hx_4||9ZjUKz
zLFpJgO^55fS<WOrV%v6%iDK%^tfO;(=#R)*H}~?@HW$7ob!2eOAE%*W@#(E1T#tSw
z{Sf9FD^ZZ(h-x7@`<A3l9?$Kj&+)l*<UFsZ!r4Z^f4{4IARCAhrx(`r{_x3~PrSU)
znvLwfaQFzqhhos3(sE#4U6CkhKqrry4(7bdBEN%ITa1>ikNu%42E~@lMMc!4X+Eh}
zZ!}eB#+4cR1v^MAOF9s1s7)6#OBjuX%YgQh7TLfTbyxJ77ZNOXRozG#3@(nc&yLho
zE}cM=xvt$R^gbF*dzrjj=}_GFb3`e1ZK1un!bOD@D>hIf+<t$>+%eh<61<SQs036R
z1x%}OV_G3j2j4F?c$UayTgt*i9!C~qRtgp~q*Y@CTVuQ^^tw<$Yu|u`c;AaIJ5#en
zZ3PD#m2v4kg&B#sfKm@gh?MiRE!&`@{&sNaBmQ29;#z+A6-r1!qbv)pb>If<CGyxq
ztyRZUeS%qVM2AEjnf*p9QN`6SBA(dke8{eefPIKkHx^U@zA*5x($!r0yX$B<bZH_a
z7yqnb-H{t}#I7rgPCm8uNQ%yjjbYG3tST`Wogfwo$59n)lH>!s87KL1=oW52*!@s=
z|1Lx_)b0Ftfr_JnKHptxgSkW51UB~T`bHoO*tGR}pbW}^&O9Ne1Ww<ePI^)67_%zK
zEGN$&US0HGCVNIJ<BaYD;l}A>X>&6Is+bik=gJSrYs_(2$>9-w*92%GH^^)}&c2c*
zqy+E}T!P1GYsR=NPsPMvhZ!~nv7f!Ndz4&nlQQ|arU`{4K6!~TvM>2^mYTIBWA_>^
zr3??LdYhM5QjWRx86sJ8YUaEkrl86>!=)q;R~oGorC`V|k5lMW!h6AZOR!KJ8{Lru
z@UEkxOhR1mhniKg!-=9lO%&iZr)g`Y=^5#2EVvrHoE|+l;siZXaPKA9pc)KvlYU0~
zQzJJfkjS$ToQ^gPj^^!wSeYUpan6C7>^&3*UVsx>6|=+#uky|WVlSX{?Es+(O^65w
z8Rt1OApsQ@>_*ywG>`)en{!ZQAadt?)@o&O+0HVll>X90p*5C!eNu0$d4uN3Mfmqb
zi{+K2coe66Mg2A&8x|Tt3__VvH|sjx;>;sdGz3@soO{cMS{@k{nl2f9X}h$^nx4ow
z$_lX<?V6$&9T{;I>GE@KG5zrf7&H!p6&zMY$~L+AOsIXS4$4r33>A<Eg^+Vh;b_i!
zQc00R|5jI|lFvk`G>)sblyyQ+*TDft3&&mKLU84{2EAV>G&Bj`eSEpC{HSJW@H=tq
zgf|Ng5R@EA1CCY5@E-65V|=N_Mg3cQI~zOL*IzcxkCw0?9$Frr$>?=Ami?gUV}E23
zTVxQGAX@&A3Sc59dia3eZDAHhIZBZ5xV;Dm^_X9>GeXsy2$^lB#*knn?x>-#>lPg#
zpXM<bRZGBI$b0NZ?9;~^I$QK-lmoVjKfOGk+BSjf+3y%4eaB%sfwz9JC(t8t$PM-?
zNgbC*ST+5bOi#4Sf8d4Y)1?C95dXT7euQG$`Q@GP<UhZd_t2~UB64wn-&n2Y%z4fs
z+fnGV4Ro7og568Qf!XYjC>ynwvPMCVbJs6|gn4;VzavtuLFv1ADQhv^CCQTHLsGHI
zW#d#Hd`fBKVA<g*@Q{6h0w0&`N_41=ji>&TPlT>(+g+qP@6fJ28}~wm-y1U7s6sR@
zDlRQqeQd39Y-R+IyJ)O_Sr1T3`Q&q|IH!;~wHPIlSBi4ZCJND=*-^UFU_NV@0I}b;
zG|x#evtu&#qKyn1K_BxfPVkVnfdp<}Gka!923A07O(16E{@a*SX;7ESgp1X7Q|ZBe
zJ3f;7of}KXV>|tbw8otUoQ@(2?qUDc?T#sIMbs>gzbY*>NBR!!`a~0sI<JpArMAa`
znHF<STLW%wyM{}rNrY*sGmw%95~EXOr^l=!=xW1lFDwO~Q#J~;%ib9EAroeeu_8!-
zGhkBr1iV>qvqB(}jKa~s5k@x+>+l!&@f(4Vp+ZmV)Ho3pm|W!?gW=!^NSh}7CEMH6
zlQJ;C;L6|OwLrd;fDPHHScfX4WZi1h#Lr|5T-!lkWv5Vy_JjVAkA}OB_1ihQ@sjb(
zqe`L@r-PSNj)$=L4-XC1rWPJQD+?D<Dcu(WjcU=KzuPhTqN3aWw~FL5+JLF&%s)DV
zpQi;fjeCNh8M9X^qOR09OXr)K8@btAs6n(H*&78T6TXt;buAahSK(1d;gPD@$O(rc
zRQ;(8B&%U1cDgm~%inK1%h7;WmUTgQ5Ax!_CAW{bE2r1@J%^wAe*;`SX7W+Wh@Vys
z{siuej&7imv3F*hC%4h1P<=~YWoEFliDeu5>4CXJ?b7>NkolMXY@dqO{P7jOP-HkK
zNjySW_%PZy&PmI36=|btZ!7uZ9C~nI>YY<HOzv*_{e_a%@;pl2W2fmmbczdmwg>Sb
z-uRPX(C9`A*p%OfZ~2i=c^%nlH5DXy!+2;A>DLj~u$Wa*WUc9u{uYv*)q`nn#|YeL
z6TQna{`teDi}%R;+fp>JDjZB%7i<pSUM|Q2rQ=<!;IE0w_CP%+MD3lS&?ZlRJWv@L
zH8BmpMv~*61{%VM8p`ifp{99g?d62*dE~<nh!a=|{@4Q;@Z{SPS28UUCz;lWx5oCG
zV=6AI8?hWF41ILu^rO1yE+HI)0|^IldfeXy*tJ#0Ss}lw7jES6VKd@U1fUyMHC_>!
z8J#f!e>P{9WI0)<#)#N}vXT}c_hJCAFFQMsPdiJTb$Q*~+_@~tnW`VkW;YKZmmc+5
zM*dXAze_tncp%^q4<@<<gD5%U`rOU`?%2e7)-AA6B7qi<Qf2}hW4jD%w8z3ZHvQ#m
z$xs?}v-H$LVACqS;C^KU5&wStIWB#zRa|u5UDL}^J?e+F66NLm9OY>Kw`bBsQ%wbB
z$W;ldZg};GNsCgX>Drf41+l2CkJfMmI|_ZiyGgPNRH80<OOqddRRnx^JG1;bJ8WB1
z_tHBFLy5@nwT6$F+h)Y05iU<H5MS6u>d(B&;-%~C(CPTpVX9+L0i|^Po+>KHV{liq
z8%__iElE7v_yXQM-^BgCvvc)d!BX{e^?JHpllBl^-qZzu^|M;dQ(IZ;QZfnK;nk6{
zv;Co!ROf@XoPTODsUnt;#?nl8Xzx(z@FQoKDbRkT=Pag~o6k~UFMsT5dXViCS5`oY
zEHi0yX8P+I74Y^6ulWCvX#rP=w2CbdP_z~V5b{4VwKKA^S2eS9wEf4Y|7Fta9vhFX
z_9TWczg3<e;JUK8@!hE;`uE+X3w)0pSH2}_ALDYL88UqY`b7*%whD|=uH6l<fKO^&
zFHotwqN;<7iB@tTu>MMs!pgi#ho3V8Bx?W?LfCB2$_H{wSn>qbmy=Jn|6)&@@8xWV
z$Cvcl$C&GtE93zGC&Tv5?Nb~tuTO67ZtHbS_dar4m+OsW9=lWL4=%)aUu)|)C`6!O
z;O)2LXd&*~8+XqQ!nfcHpog`=)+Wf}4n6>gP-|&|3G1lLVS9iJDtHU}Z-FBZ4*1c;
zqt7>X9uj^C-zk9t@o*0Vhyzbxcp-E)QYZYVRE*o-ZJyri7z6O5^j>}#-GIfxV&8I9
z94!-A3h>8R`3YDE3<8!9D1jWlIJ~cJM;3PguK;>C#oEuz{Vj#)TPvoYEpOZEa`u;z
zm&)Sp&^mPRh3Ebk4?<aS><mM|q?&K_^ml#3;J`Y519!_V1S%Umz7On<9ObwN-d4i`
znGh*0Tq1k#tsF(Z5$_=M#}lrP)R{4s9Df(69&aC4?%L`)0oeSt3TB}o{_)4baDy!$
zO%@#f(*-eB0D|Od|HYk^zX+nJ2a}k6gdy(^<K6g{lcPe`k9&|9WMkLc880Bzo{f%#
zw`BLbjI;5{-4CcT1k%2FkJ}?e5kzbPD>TRbtqWQS(sFJ<H4qxQE?xmc;3Wt6yQT+S
zX+|PDU~hN3n?~Qqc!HZ&MJ0PR>F0P(R6s7paoAx1pXZ+b*69#I#4~+%J+d844~Vy;
z_vl~^mnZpxswo9)$+uy&*6oPfDGylqz}s}RBgcn+(+{cGws|7lZe4I8rZ2ON2@qnN
zaPLy4A@_Y1^mGx4(LInE+eezjU`ku=TsQP{bytSpfRxR@sU(n&fNP-jB=75`@+!W+
z*Xd#5uF%<z`WbzKi1+Et<z7AU&Xu7!8J(AbL;O9yu5oW+TolOYi$#sqSK!?F@#rEE
zJtw{($IU1Z@`$c|sPPuZe45!a;DzRI7me)^K*-%+HNW^UTQIich++?G54)v9HCuHE
zYq&~}hI=xIEjM;^tOS>sflfftO0{wr36^lHxUhPB4J~NNC@~AvB+AIJgjTg>?Qlj{
z+oQJJWrE0aT~l%U&F=OGYIA<;_ZtS8Hgnn)bgoc?id-;IR#Q2su(EA0>Sa@MhEz^Z
z>x;+T^p=jD&pbsRQRi>iP9To3M&1i=oP1b(ahroDugbM4%=}HF=*S}vl{x8K1%=J1
zYlN+|-9$eV#1Fvi%)q^!MO~ZAHn+QbJa0Ha@6+?v@W<WZhhx+Hnaim$r7a58q8pr0
zXf_*rkoP|49_;mqE%%UaWe8ot0Lnu1h;LT0mWUXati~F-o4r=<PK3PQWdfz!njhOc
zeZkp!qrSY56@&3FS%~~A{^!-#aBJZ2LCXMT`e*|y<Hd$u=*7bPvt-+Er$&73f>(X6
zRV;f6?r>RS3)Ll~s+7BeH<DTRr=ie<FRJw8i{X@VAb>Xg_tH*j$pSZJ&7x1aI$vY*
zq^&P%3}@x6r>nSD+|(@Jkj(_WnzI%m<N5OYAp)LnvXdkW#O0cCeQ(OZNA$lTXW)Yd
z;u4cpGvETNI)BU%AObO^D30tv?anBWFS7fWk=)@q+LN|tWr(^LZx^t(j4fD3u5GYM
zQ(*~@;7)&bcUNz6%gb9(|Lo2y8EjI;dX5-(t><(0=58pdQ$axa&2e0FcuTfh^mUPb
zI{xNgnOEcaCW26RVBpnVsw*s#Af>&+!x0vsMsdB?P+<zK+mZv9IYrfxvHrQS75Nld
zvXj@+<<f2g&lBDy*_GQv3TscvyQ(zS!OeAr{}kt51Ly%Uo{J#xqGfM*wUEE^vopSB
zq;7bfLh=c?h}5H4GE2$Pe#Yj*(^o&6xtQWyHH5<Gj|*k2!q2$g!Ow}SzZv8(hINyO
zPIgoJ49Pmwisux*<97Qt?N#_Y`r(rPs*v-OiP89elFw!s>kcV)-}M|6j#f26K;$)O
zd?TV?TS<}a<$GgXKVF}?QTnNi{9GRA#9EusK+W#Fb6;6yYKwzXD%WVC)j}u!JaTpU
z0lF4;55vW^L>C`vW`c3&)G3QV`wFYoVc?DYK<wPn!FYD+Z?e6;c6j=Y;_Px-t;(zs
zV3jHBeI~tNWSvS>X~+-^UDlqwaDJk(Zh443m1C7fKk{-Bk5{hQqt6}FsxxlcrKV0w
zNS?mte$w5#g;jTLeZP5w@~~OUP<PEhUw4i1sO_C9la-9m{}CI_U3+f1bdxdU;S=iH
zrs1UZ5a_JspfKz06Wg$xhjDpLPkecO(YU+2*to0Dd|9f2P1&^sM4}9Xz-5I?U0fld
za-Ux9hoEzf*|_50(J}RT=DgIKll_8wROUx-ziA+1zqxi&1}Od4jO}IWltt{sB{M3u
z2ozGeTha8Kxh@M5nh<0dMFhkcT=2&;FAJDYdFG94gUL;6LG?~~G__B8sLX4hXpX>M
zC!cfH)VZbwtI=vos!Iu!MzkIXxMSQj$2G&vG>8a^)9VmUeBIWu4DhY*R}N4fRtgym
z@EPb0@G&0Myi=9EX?a?g;U7DyrWZ=DQie<<L;2iQji?`loj0zeX3ZsI8#WR#vhnGO
zv+*w)Hx?EfH<XyO|Fhl>s$tsKFJ<=RM$Op_8VD8F38T6rkry6@9;kPuj%hbKi`t{n
zj7!bvj=1!MjySi>OHZrJ%l3?p#i|rk-38*brN-YQlXxb7^}Psga*Z)xf2BTCg-v+4
z-BS7P@Xl~|c|3LR@XC%mo8EZeoaL69@pMOsK)QMtIvx55zC0*2*@99hOOGkttCu+u
z$XbcTKFP>wFYx9kt16Mghs9cs#?qPXODSY0r*S2TQl^mh%(Km)<LfPQ$oSK^=uT{&
zIjK1TLE04w`iua*$CN_t8|vX2(e)r9ybP0@&|MS79Y3W<H?R$IvB3IqK1a%;2NCzR
zA5~n9rtXm#R}Lnk(4}ti#1}?^vRk6=c+qyAH6@cs1iRUV<USR#t)r&L<Tf9%B`p~+
zxGzR5kJGV<x-JG+)+c6Fz{FP;A$V1f7&8|MeP5MbrRx4R4)MKF4l$~)jde`dCxY-f
zOma$hr;>2~m>SW;8NkX6?S0jYCGw6{H$Hokh*7a|iswV1MVKm(pR5*U788i3HfGga
zlhBl7<O$|?n$VQv6(HpXoES65Ld8ytl!j39x<28YvT83Fm90?6?;u1WHV4B*E5#(u
zIYs@3Uu{8-TY}v%RM2IKTSC~B`W4W@^^4S&v`JCA00|DFOAiSp)j9<eDHXqt2#;oi
zIDRN9n8Pv|1y(U8VNNfq{yz?G7Gbyl<KSiyVdp;%+GR;SNt@<z=N<&ZW1tG|`!_82
z`jMXUxfY~M2p+hVR_FvrMe}jd^&Z|DxcY-Rs9WGhu-@@1BJTc0;XtYf3-MnRj-;-s
z;{Ou`QuaeW7T8oD(?@LijoN<1nmOxA0k3X#yldg?6rD)p1YdI%G2egcF=gvdL;h2b
zIoo|%@;~a?;y4jzhL-inyxUS(6+UHNG^w|`5$tww)dzDd<hB+02yAL0&kuBR1bM8&
zp8s0`gFA`KS}-4@gAk;?81XrG&pg(2@6ZgGmc+azx%)2%F>wK4@p!%$8ia@cqdp1$
z|5ktTf7D<6AN8f;r$tc9+VRrnttmMLty!{u<@2d8N$o5!_Mwary-%0P>@666Bg}vi
zOkn|pPix0)r*Hv*m`dZenV}DoWtiGVnMTiM56<`-X6Bm|jdi8UpG_kpQ79282=#f0
zt}`2lD4SkVl1KZno?xQ~99s;D4OtFUG1jrV9Qb_h0p)$NRVA(xCTG!?e8X9XEO1u4
zGjk6FCMM^Ew3!PZL?;kRYNQ(r?h<hh;eDSAtqF6O`NsK6h3s#(J7$g7BNc%?mR~OD
zHE{aKa<+$~Q;Or(M#rgfLT~s5zyZ+b1G#X;A}j{yQ{s_0D96a_e`fYHA1++}G?Eew
zyE91y%RC&WkAgYP+sUc+zvq1^!%@Ef8g%@kY#@~WsPn)}sUAei77Ek&N9B6dbx{oL
zArg(gA*NTAUvv;}S07@|266=p`+&@n$SC2%CsB*Hyi~Zvw%|1TvU=%mkVw}sSJ<7%
z^lj1Mjs&z)>2ycwIz#WHj)R21HpWomM_5~Z4Ws$j`vYs9EDW9|g$ao`gVPWOd!$&g
zB}9~NslUa3x3}(#>Oz^pc6?*bb8Pb(PScydbJP;D!T2t&8@H&;hoC7ycbz+*iya}{
zg(L8xLV70f@Cm?_AB^L-53t2hh~!07adY2cH#_-xBEgJ$q}_f8&x>RBI8y`@6JE^T
zGdm3i7g{Y88RaEy3K{_=w^E!lXA}YR&2;pPxEb_v?UItb1AY!lDA&b*W^k553-8g!
zK{3mm`Eg5ZxVoXM8{lCBcM3~;k=9g2SSVk=cN_E;Q*DjU`v><QKY`M2K0KGko!jmN
z60B7S$yC~c2hgTuwJR^qs^A&CZiDQLP!?XUgU>$l+a$LF#(pk0=RW)rx&g%jJ{hjJ
zkZX6qjKE@KG5g4#BAzp3H_!dAwUCAA2-`EYL3p>LtCkTeah)vC69FYx5+A`rK-rje
z0j}6`bn$uWCKmhq4>}KLNxgZX%R(cdK6)h&5SyMZ-p*dVnM;qOF!)K7>|5{o)t1ZL
z$<ChE=Nqg~4dN1jb(C<|hj8=+nQyT(&%=A$HsWQ+hc^%c_$~{zO@4+h?!Yg~2-!$H
zjO)I79Nj3$M2-)$B-LQul|5oPko5X?nXW;FgGSW@tphNPQLiznI+{@5r=y{7RIoh&
zKOQxaI)mOe+K!F^=UrW&vr%j2jY$4}n1JmI!16&V%OQ=V=PEqYy#g^QD_*XzqL4Ns
z${t51`XOkcxoE_j@{;&~7n>q9*73MwB3i#S3!MQcu{|(tLC$bhESr>8>)qHevNTd|
z1v|E~T{BA+RIZ!EYKqZ~0m>Gxb4LbT=}+<1W*HY60OjPX1U11{r*Swhq{D0qSxvI<
zVn&6T+KOFN`>1}{RC7WMuu*_HfaN`pD>g9ge92tK11xD>v8m}Iqw8?Nnv|tp6_gYE
zgPpu|uLrsz1PAexDeBZ6duX1+PN6s9?Xn}gi5^gKt|3)?FCd4fi$p49+q-^RPimv3
z<#-4D-6Un-Y>Nrj{hU$Jqvh*iBOMz(*<r5xa6v75lY0U|Mf-sUu8Z41W{&tFgE36b
zx4xo2`c+us-ZNSDt5nz#&>Z<OSfJ?hr<k3pITVDxFvwj|pH>Qw+?l@M{Ao?_85L0_
z=fUjPt8%&bf|dRU+K)aJ9;Vp|z0po?s9Ia+xU!DZ%3}4rwa&udN;5llb#)UnJrG)(
zKsR=q{0c*PdIxd4MenR`m{LzgJ5W`hUDvgG>(<`x*hMzVsu?fv(<8nnCwQ0p)Nhz*
zd>6CX+fumX@tQZgA~Kw)B(8TGYrtX0&l{xY<*#qg>tBO5`Z(JUcdOx2DKL_6w=Ger
z2^x$Ba(~3qpjl~HkO!Rn6DG<?^iedVI%YVhS^*+w!HO0K>>GDbJ{XCJp|ingX8A^j
zZ9cHq0}F_~rjD7x;ds1B@4Y16CGvL^$l#fHMwU==Kp()n28SDCdQ90wvy|h?S=%ZU
z&8BV1g6He_cl&!p-A#+kc!Ua24(Bx|p>fp{249XZcoC*RJJ7Rgw)<E^KBL-$5IM)Q
zk#@W<@&7I*F6lf60!C=SKK)SrJinD3_t(A8cY!?=9LkjFEd~Q9Gf*%3@clXLK}82q
z+ZgEz#Ls?SJnCQS0h3O)M5<i-z8>BIFQ3sjL|+dLZsH@O5N?-(pX(&~B4Q)Ch~M8D
zH(WWt4}rb+o2KrUH@;ru1@y7erRrPZ8zpM7_rVJ+egx0)C<Ahm=HWa~2z7o!e#h<y
z958}KkBE}7rN{TmxLGBy?T*4nB#uiwm5lBg3=L5NM>CPL7u7YSY<NoJ@Vs;oP0rXa
z!?NKpudOSJ(ss9gNj3|wwP5=kR=~ngBdrww_2N>+5<D52RnuUDh+Z1GO#c23EYdiT
z!oz?Gu=hVVaQo@^hL4F7EZ<V$!)@HBf5O>(=g~vhZ}@Tha961Ym@+|?32YS0T>b_o
zPI#Yf2zcEC-8n4nZ#FJYial*kROD~_1JxhfdRS*oD@<0s0v^(9=)4)E(~`iZbDk>-
zs<j^<9myI*ltJgzZ(-ZHuxr1d0a<*%hHXc}$DHLKBS*pX?g#=0iJPhob@O42^DD^b
zfl5y5Fg4;p8QvIiLnH!Kv=TX=;wQ_QkckigV)I2`8sp9Gz8?SpMpi#dhpbzXpEGg+
z<!#d&-vzRN!if{}B4x5LdLr+RU!ra*OBD90i{9*`OY5f7%>O$!9Jc<EDkc=m7@p=!
zs);G5f53EicgMRJ*$?oRalE25=-&=6C&5Q_piYR%Wjdfa5<ycU<^d*`a`Q>yOqZ-3
zrq@{3*I~?)K-nVpafFS5)wEEnsRcjA=yd!&5UkTF$`ed1jz=ZgbM@?w=r&gT7SFkA
z3D#Ki1Y6Q`PfJE7s-=ZKy#&HP-V{xc`pCr+F{MT$@>*AxCy9n{288VOy8D#pDR0sg
zBa3A=pTZU)i7ZR*Qg?ZSmzE^kYiG65d&hrdF~IkFJ=_H=ga(f;47V5?ov-y*eydWD
zyNF9IL-Wx=jl@Ttd=j1^tEWSv19}Rg7qcq&;C{;mfYrvrl$vruZe*C))$v%S$H7z+
zvO;7ICS_}#+0I690*5;oQaaI$h?-_TxQIcRRz}XTsAMHmp)^*aj+aJ}X;bm1Ss5TZ
z*|Xxhg@hU#*fI;Z>W!lOJ8PUJv>qQQH`&gB_6)AHM7+z)l+9nhJndQR^rE!~e?608
zzpN1a<{fqnXQ+1$%tZUoAWu3*oPaezehhMu3iVTirI}VkDo}U7QnK0?Wt<RSVe`@b
zFY3@jq$B{KWp0J;t-_**cletNe1mh}9<?6bMf57(vBRle3j^ogfYZ1A&>?8$9oNl7
zZof;|5cmQv2Y$f?_I+Szl;YK`pWZ6O05vj!2pQIKlpB|gBS-*H!#YrRH{A!11km-w
z4$*sq*yM`q16IOV8@L_?`!!0S8D7(6XyP%pyDhfEkY!8Zv$Qa0dj(h6N9w6{l{qaf
z@^c8F7=XIIy(-8aJ74f6enWVk9Y7BC6tnybZrA~dD!`Reb04N@!N)d?v#0mij?~KS
z8zGOjaWi7^rqvL5&QcUEAS*{=2e3di?D7%`AHWErcjbucdy+O31o`X=9tTD)hQYg?
zny!nRfq=bly6JPxsUwB+jfF4I5F;Bg$&1%)tF;7D;N`Vw^{|qC!L@IsHpn$?-7_L}
z(YoMcFx3HH>*(D^(%EgD2(|yZQpwEnq>IA~x4t4Kzamy`J}m$_@6fOWRq6*Beobm(
zLv1N(%uWYGR)@Y<$gBVR`^S_ZuU$rQb6LdaGWf?CVSq8UnVP>#1|Bb;LV3O)0Jk0Q
z)DZZYnuKf>Eu$``x-uO-L*;6%21k{}-x8|*D1kcSCVLd6adX233Y7Ddr=ANlxjQAZ
zJ2uTfy*)I|FZcOf+U_BJt3z$~>&(BjU1Q`%MI#zQo)$2&B7Whl_vh(uWf3+d&dlqA
zL1u+fiW{?729qS%)VvxnoG?v$tQ<}0TTA*NSEgC%u@e{U<MG7SZ6&>_Mc|<AuJ8QK
zyvue_P-x0)BdLARgd)JU`GMXnz<X<QyKxe~&wY?ltmQd(_)Tyno0&Q!w`2zH&+MN$
z)%nWeVq<QtkK~&dhol~|Pt4HnJz8N0yfN~#j`Dc4Lt3YH{1WBU<;i<9d<baJp*cw6
zN$0LJ#AGOZ{0R!=+JwnKd_os>uZFxt7P!D}Lwjd7>NImu0${h7eq0`=$*A5+<)L=A
z)qcn9C{NzU>d2hZvL5tOY<t`v^n$Y#rRm6&x~o4+J=6M>u<*B>Y|wa>d`z7tDx(Vd
zS)@4Ix}-CEWNz%3#n_x#b+~`Px4VB-oo-I(a#&L#vFq_>-peIvSH@$l%^vFU4pFOX
z-bgiyCm-9JmjWpm==UKWIJ*LPHXU-XVgQlj-*u^7l)p5i!xS&{9HR{7$#aBwj3#r?
zY9}!CUe$r5*b(fdDmzg>(K#NDLaYQj;Xn|P4;h|-M=J2=D(2%s1rV<4_iuh966y@V
zuiC#C5bEd<>bU=YA8;9h2Dms90(~a#(c@w|llJ`@U2-(uiytQxdMl>hoxEHKzJ^S0
zcube?<svs30J+s8L=0S1@P+t<?j{06#nS*D9BiFk^E9>{#Gc94H-I4l!x+5YP~m!K
zRid47L6DwL^Y?uB3;VleeaQ#sZb|UZNvac{=MD}&MThuo_(*|ace$t<gu}(+6^FCF
z9zl;0?;f^DiJ|bVrljmDcVo5=q>Valwc#4{qmfB%iD+ISn&*7X)zOqOL)hIAV*p`?
zpK$@aD}r5~)q{Kgx;76R{44xd`&_`*?ryKyt3x~luVi>QBxeul6gOY1L!3AN+4u&3
zy}MScK?W45v?us$eXj<=aKXWHWdCIFoaw#kgl5scb$GKFiF|Pc1LK@gG1L73p{*aI
zA)cc+0K(&)%7&n9)N__^mm{-Qt|J=jhfG4=ZBhW^%-7`IT-mO8*g^-KdT9~+`W&A)
z(X|GEhtPwcQ;)!Q@p|UKSk~5dqmlcIe-pYKB1w>P@K!k9{))NWfBcPZ*MbE?zoT{3
z<PzB(=eq}i|D2H!PU6C@@RvjKcW7?#g{%J>@0zVXTX=4@u<yX(tEWmgk0quK*^k;H
zO)tZ}PdC2L)O-p+0w@ZFCCMWS^@J6jd8Etv@9*BA498V|Y$NKA#BPy!NeN4s<K4#o
zd*gQvCx{i|ZZd87lwN;r=afmYu~QH*ytDpW(M6==EYU?w6y9ifTlgYySacdwM^x=_
zyd7n)V94Q6mGVMSiJ;fVj0ARK0+?Sb!a&(i>#3j+ZIxGWa~vA&wB=tH@&bI5vKnt+
zQ@g)z$BD=<wF8V_BP3hkscJ*!IGt1<j8zyMRLxh-dPeVopB^Pf+L~h^wJyts!kDaz
zV+gg7f-B71Raf9zN+dS3t5I;=Ze~Yj%_dZ30|{iG8L3}Z=MbzxcCwp;8$adFu3j+@
zk~zW|=pg*jrwaimoZ<T20iRQ!9+>G!$@p>Gz|3@dV0rA{sF-#jOUaiT>-Y-SW;3{w
zxpklp)~LY-gZ6KD)y9Oyk-lGVyjVS7@q`MqdkFyyIn1r4h5=_>`=eqdf1e*{5!QR*
zW)%#2fLxAbtuAk(8$|85(jfUy@;xSg?+E5*CnxGWEl(Muc@FHD7&Gwz{ZxJqK0v4#
zjv4B*;e;*kqgdr~5>Zn`t=f8KY<ul{&9+ayNSDhSOKr1w_J7`CeZPO^L;BnyCv>tu
zQ;4r_8q3l#R|FB5#uAQ)*q0Gw{T@U*U&J;+h4d3+L(^>I)CVVE+Ufv5RK;RFS`NOp
z*nShGFZ|1c_~hfo4f*=wPO8pM-vqOI2^b%nC|TaC>?>&zILAvHdKl*vv#R!U=|n6k
zWLiFC1O%`&>C|>`>^3xSs4r$_IovOsVAzFTsO~vensKc(W{;Mu&Bkf1#zd-*#bNVW
zDUZRz*egl=>VXofdJmP3*sBjY-^`P|PI*Nla6cj<vd1Ez-0mtZt#~VR2W?~Gg&K{n
zSL!{EtE~AV!KUcioVE)Cgl@onvfGBq;7Lww1q8%#3{|e9&UBlzvy^A1SW=MVm<S}J
z)C4X6v1YCIAE>qvUIwm6`D>sIRa*v*+}D8{(ZZ~hqQe?h#5eT13%z})V9?v}`-2$n
zFvspgdjp1>{31-A0`VGS50yfq@kMZ}V`LOcn?<Ix4n;ox5wA!8bVX#2Ri~^>2By<_
z8f^*zp7s>v4m4b*d7>=5ns`<3=(O)G$PCLw8(YBP4RR|hMh0=JsvFY3JRQ%0H)j`W
zafF5|Dxkh$Blag!1*_SFgeJ+_kap`7L!Lz@Myiox4gn$P37V{^M;>|=LRPIkcbzXX
zZKHFxmh7eEExmEK;r4T?8~&IalfEy%%{Mb@S9z8w?%4_!Zo2NskSD0LX|z78H6T^6
zmdg%}nUvda5BeBhPXjN~CEv&UoBEf+O4yMVxmah&yUhprU3UD7!5HiU@A(zpu@5nd
z1E(a&gdY?%<uD|_OiJufon62ajb2r9)?qlJ^#FOFYShay8j?7l6Hy&v@(&5(Y1oeX
zu4rab#yrYW5$V?bCtOn8be=UCWK>}qMMbHgp!GX_y9?xTqvK`ZmPEKV0xxg4__A^o
zF>W%=G!;E6wrMV9vC<pKsViJ&i{j+9=o-Y9W4Nqj?SgY*vKnq3y>4m8v}S|fH94r8
zD*s5wa6H?Fx%gOKOkCrtjk;XwzbAj!_~kfv=L7h`l!>d@?Mx@}Ab8nHMiZ=Duk*@K
zUowbElO17;$OqO(%bRmid9r#pvo+CrfgxhYNhQan@@0m~$VgqY4M##!p_Vv}mpK_x
zBM5jSs`sIgtmAHH9~u_U*B_uF?tf1+m;ei|NvtGRA%Na@c@%4JrKJo!9|BAh!Ql(j
zN6`o6)!q*zmDIp{(}%A55~g>V140ti;0`#@!FP|iMr#f$ZV(Sn`!>JP7j8K{$-Ds2
zHf2NJ+r8W#s2j;ZL_3ascOQ?lm;mUjvDlfu083aWm&EqU<~oi(2TIkC#-pBS4~n6Y
zE47m_<0axjjV4A^({{*fy+W>*geb?ZDAN#Qq7|lo0Fj5V3{zP@!$G}(<aWOZG@uM~
zmJsqdQ<6_1saS$L^gNmFq+V~E;!`!ybyVf&7~`d2pPgp7v@wJC!j%~x4iAcVGH(vN
zbm~m_X5X&MT}Wq={C?0Sq&Y}hQBIk-&^lI9J8wR%{zR^;tJeZ!V6Zo<I@4S!w#>BV
z^$jn+B9}wl)mevnz*FXd$?4#SRAjF2Kr-lsjJT2`4L)&lu{TKY-NT{$m2<Y;?-}1s
zCLY-Kkb9mzzQ%Z}#3q=tpYizLAt`<8c?3>hrc5o#?!*+2eJC~A&Nvs|F0^-gYEqyb
z-k!Bg5wDd2ucqE{_HPKo?!MY%O3QJ(J2gILZI`ETDOvJOeGTeX7%sO_*QGSkpD*vD
z_?;PWSx|xW<a_=eZ~?}B8BEj+0$7o4(gBnHKZ3FT{@?O1EM8Q&Y0!x35$jdW%$=zA
zLtxlZ!4-GtkiM<$kw|znz_Ji!_=fBGt&)Ou*n4XWc4?76#g|}$DLDIv{C-lG8MA6}
zGSt$clZ(~js<oZjpVMhap*TFzz2>S!NOhlC4z)3gbkrCYv{<we61>0LRU;t63mzE}
zFk-I0ct@O3rX>BbMY*VDFag;CsBzx_TM;mdo3Rt?bpK*%v}aQx=>bh8wpkS}>qyD#
z8EQt7OK55N2|e*RG<!LE;Yakr;C`ZNGcceLAxV)-D3pCfJL<zP_7*;~`p%Le7kG4a
z9b3M!XSQal_Pc@wqWd5S4R(F@@}8!xoE6_XL#^Lkv`x^Cf%HvL(C=9`-HYrsR9E)V
z>^0rSxP?rW;{s{%G?DcnKgu|8wb)AJI3uO*wZP$ZXC6tQ)qy8WtmeDNA@@gFxPlqH
zwbUlofy~Pfd@<M^d2!NSEoXaoh2KGbAO2T%$5@%Law!VqIJCbMPpjIMaG@r%Xa<%z
z!DO|lt*8B|d@3PcEg$0gflja_j~q&WJ0CI9;R3PqI#ij0IAli%B!MYbn~xV7C(pv>
zj5@Jo48ntqVmhIU(=n0=p0i;)zsB%>SFyN&-;iO<dnwjV`WXZpyOHLrhbgNm6)OA|
zu^|Avh?nbN%FE1uFImQty=ke;PnHi2m*XpRU7=sq(z@o##>s!C3J#<T;jX`d_@P=V
zm%FaPUfq>}Xo&VE)&hdPza8yf90m*xNaKrL)t)Em?=}+KTm4=-nTIEhe+j<y+6If_
zuy;~YHfA>~^FOpjL2!sWCHHrXJG(X~fNHH|)(qZ8g5z7f^sfs3=FM2N_;g$ud;fJi
znkINq_4gq)NVn4?@*vt&yNs0-67z5&MeoU8hQ6mQ5YosMYdf~5)bgsI2J%foi&IR+
zVrWl~1v{dr2^Qz@fwLW4kZvK?V!)-$RF)wJdK7z+Y`q;l@>LWGc1xVlDQH(AUqF1L
z<w8=hoBPuZ=14&FI=^2Pq?j-0B{g>d-#!Gj=4%@RzYsM;l}D^YklSqR?HvnuS28V}
zXPL&)JUYBSuAI?GhK$_t)7{atxyhq`k9c9!hxbK)Y!my+!`%bH;{(t$v^(RJFL<Zh
z4V7k9oa?P-Y+laDnoOPXmo{k=w}qaC`HXQHW6Ac>=%CIcFr1LiM<m@3zbK$c@Lr<f
zq}V}F*TYIX4k0F6UmWsNv2X;s40p``Xdep>4;{G(L7<%ubG#Pb#7C~rI-q>X>yoej
z#1TA7{<p-nv5xBlyz2-dKJ&#BXTBmO40ReKD-L*@;oQ~WZO)*w2sJ*7?DSPRhyc}z
zd}j#M6IG-~pp^(3NSXJSZ=}S+rHBb)AJ8<k@gMjB)a?G;tMQqa8;=Fp_4~P!ZM3sM
z1ExA@oLdo-dae+JqJyw;<G>|L;~lBZ+Yt!LI;2=;y#;+w71M$D&--7kHA^Q#wgV$T
z%d`ngUnfC-f-U8w(}(`ZUO9vCTP2Y<#ERbO?r_D$LvUR*(f#RgBMXxeXjwEITQKz8
z$<<9tP#Qwm>xI24-U2$?8vcNjYu(zAe61A>H35-*b;ROB3Tm*e|4x#>vBywiTlL$E
zchs`W5uu@}c3Z!=*1Ng-lKTG4pT-^uhApN0eZ4F`r)G9))e~&!h+CdI*&f4U5@V!M
zGw+2<H9O((?#;l=A=|RS7c0C8T)w2NeX7Hzls1Muhca_kDfB4q`=h6nH(}~e<tI70
zjGwBTxX9J(OV%o}p!5<$!)?^^nbtmAqd@_g47qCR{3msykm<<gFA_^8p4>m%#DJ+Y
zQzjmYAVspMFYA9TMv;&H8FC0!850A?juF>+69<OQTyzKxzx;H;<g-B1gJMy#L*YyO
zsEMv22)-F<5fInT__*10`}zVyaW%ODUG5qi)52|*kv5s6?jgWMF_1EcN+8JX6%U;b
znW>zDQ37zN?j=Hsgd=c6Jc&cGLf&vlhof7xKylK)vF1JDgQJ0CIbm=d80c#TVi|!r
zXAKO(!QjuxC7Iuxf(Z@ORci<0alhKRY~cL2_s5>Cy(}T)VWljbS`cG2FQkLV#4(Y@
zW<xIU?vDVOM`N_hi!+9#A1?jz*&iLy+Gr_dQl4gaN3xNG9-hos2*6=(A>o?^<M2`2
z|6kXzm_JIvn$szzM@cKj5GZ-)pVTGS?c0I2=O;WlI#L_cWpx#ho4v?VIR445c%0cw
z&fs<#O0p+^CD!;*zU)X;T{;m5qbhP4{D`g|QjT9*y^%l}KfPC~%Kel<44Q4@LWlje
zqmn0cQX<EsdUYb<K~cIulFI<Q3dvAA0EYT8VfpkxD;H8?hK#LBuswk!zYe?4&4Oe;
zFLuAW+H>;p#b4@RWd<uZIw?h<6134Ou1)xz@S*uYhCKr$Tf3=;tsZ$#c(cFP;%q-!
z@vv{~l>~iuJSu;RD*pykKO?8-t)Wb#mo(4D%_ohd?Y-`Ka;fIt+>FBB%_`OB8hD#y
zcV1_Vu|E9p={1#}NvJc4JzO(lm$;d}3=;Z(F{~F_5l^{;E1xMU+}>Fpa?yjOOe<x1
zY6V)3vHv%p^!kFcsuyE+ZdU`%?l#T0WL=cBU@3eWowz;H344VEr)X;-MljWy(Riv@
zN>z%adQ!=7!~_fj55I|9!-@_DzW+UL8P6NYO(z|EmoMb|`!I}6lUO<rD6VUVa5`ps
zcP)0*dkD?B*q<6+Nz_k#wJKSCnUWR1B~5H%`@>8lt=PQ~V*~eYkNa8E_6+c<ZADui
zu{Y}%vmm(Ff*#DU$b6Sx@Z?`c)Qi-XX$>k7QzK~&RpK{zO3AW^+7ZJTazP-@Fyeh2
zgUssQ8JC`GtCp_UP>=hQ7C}g*ooeDPElI*DxT0hsnsr%w%hj!&ExiL6K;|NcA}V;<
zIHAfF1VWl8;I8p-7tu6TdQ7$qAzlMl{6ipXrBgabG%Ipm{UQ*<Faa}AWF#mkPSIqu
zh?J|QI3%1grlNsl<cK9Z`%YOSbsEw<Y)Vhw*d=1`#%nk^HRV4k+-WTZJrpNHsM7EA
z8QVD($K9EWJnWjr#Js=X6a+I0h-=l14}h%PC-dCdM~d^<sHjP3VJ5tyr0In#dbm$Q
z&G?-vsE4YkL_={Odn5)t&uBwn60_7V^WFzaybPN?+_N=~yMyF`OGuj_95d;g!l992
zD~+pKmBfvlbgGp`O1v!DW<cGBGw~2<k2jDgsUDTLxhUF1ox@Qa%m~m|T|`6vs%bOg
z`ZcpecqMNQ9J_16%czNm(yYIA6R|Kd{3&y+0$;^Q<QH!PMgEa0ADf(eK&eiR$1N2o
zbJU&?_|^xe&)rl^-V#ppGV(a>z;7f9dWb09;XZa(6bMGAQ5Q#fpw?xYjwHbpp|Aj{
zD?{)=(3jO)U`H0I8I6_J6w|hV92P0)&duCLc&DZpiU`mj-A33ZQDET_Vk3)6kii$D
zt8Yo-9k(lQC*Ww!VR<EY24t*dFL5^XIK$kU=fSU5F|UVjBgqLoL`~v9?G2>-8Va8h
zWI*@hZ1vTop%tE6BcS&pgXu}0Ty%{)RuttMZH(TPzqoP$)&1FdzD0WJ9#l5E0R1Yj
z#x1gnKDcGbT%~sm5Eku~ElPWbuQiJ+Gj;g~0aSY)#2e(>GRso8QI$8v`@mw$^MUY0
zgn+x#t2OGFPq>x<5LTF&2PhO0-eBHssPxb84tgFDN~X5@zt80tFpm?J&&R~oq|gog
zq;uW)cm&s1_*Wi8_JI1PHj`Vo>f8Z;3y(9$^1VIYs~x=8chI?!=zb5FZJqbUVZ5f$
z+h_{F<Veei;ueXD>$iv<^8p7T#y82yRK9fnyqQ7vHX=CtR0H$3st|nXmkek!>2Fj0
z4o_ueeRWp-<(x4-;;>Dm?S@Ek6#k5+p3m-mKF7TMP6MX3|77ALBc%Ui;s}aY(A`wh
zdl1hEDk!}O<j|#K;OLa|T)2S+_aiO=k_n;GV0_77BaEx#q>vaK_cz#{e*KPERwCF-
zR;EjP3&NeQZ?rfBy0ampJ0Ymi#sP_#(YyK^b7b+OD~nr6$6lUv2DJrCf!3j44!6!0
zXOa(lKc=(v1in;ez_v3C-VDJqro4SFH~3qrCu%b>%wc*hB4>65T)cfJHbXtG7=bL_
zq0RYqS<vq<)8X`>fivX^cCKm#6y&|}ey@5-mIs0^XfC@Ffx#GA&z)tz*X@YFLl8W>
zyh$Q<a3YCV{A9O*)@YH3^Q6IyP=uEiz!J$wDJJDeppu~m$%2?7iT+JDfbCI)GsKXZ
z6bOw`gcA(qY`-6c!GA~?X%M??QH1$=#E>Y!#cUDfVW5&hjGcaaxMeys85vhK2oE!Y
zlk65ut%2&*&ILG|cK8Pb)66|+h-#7s(-_#OdXa)Rz!&NE(nBcKu44sLX@Cry=b{!P
zOfJEuBL7i<R@#l2X0vn-rdTUf52j#D;DC_Vzsy-^r$%FIuXHNGV(So2maMJdTOuq+
z!@=FvM$78%kZa+wma;MQ+Jzs!)KeJ4I^FXAo^ctPfPK06Y-meNu4@J|1B57_M2V*K
z^&&)~&Z?wOZBh=*zyNRO%OaOiXwooFMzTjbI3oxL7_mDzKiJ_IzCR4P!PjpCO=$!x
z!`FBJ6;=dWVe5A$l7Y+KfRfDP-AEYheKkj*n}Z-v9}~Ws0oJVb4FgV_dZIqtb?%wY
zCe2S1>R{Dv6`02Fff}6;wk`u_H3=3}2<k=mz)vp`(NQqu_Ta{~?HEY=Z@07zjGrU$
z8~AV69q*ipVf_h&PTU+uFg@qGb1=Puj_v#IqRG^&wc!-2pR6v(8mvyQL;VSBe_B3-
z<5Y~<oR=e|D4UVa9IFM<bOCgNChY5>1C?LC4FCxRL1CM5f>O_#d01FT&v<jRP3}dn
zeP{0iUq$&}2A<77RXmXf$zra|xv7Gy7_O=mQTeG&b@BPNf`JK}EXPjSV83Xti>N?Q
z1;3|bRwsSQ)0MQId}wf*Ua2q>5;NQ;cC1e^!e9ieX`-pN)i+6~F+TEk$vke+C=2l}
z2dzHS;rv)<sc^h<a@9~B;&FO(ON6CR^k>_9AQ<D}9jSbqMo2)Ao{pBkQN1naU4*Fo
z;;h7_Y^HJAyHEvIW0TaR@9Ex|tmEMi#?hge)!+8~#*dsU({enVr6<i(;DP1^Hq)#;
z|M89r4t>s$NmX2fChMaqeSfc1Mc2og8JYNF&sgCsYgZJcpL6VPI7O-;C#l<O*SUZa
z=yv+OZ}6wsx$|fnXr?-QC1DkpXRB3RKR+)o2910gh-OASaE*`yGg^Di$rSo9lFkhV
zJo;a{OF`MP=~Zu_SWDO*g#FF%Yj{PrRx;T*BkD2<0n`UFrRY5&LESt?4>B&ot587$
zMX(wi!hxq;)LWJtG_RSy5V?({5it<nk8Ztjy4FQ!@5T86!J-Gt-f*lmQ1<s#M<&U=
zppZ)#Ji8mqesNQC81~c=vqg=hP@ol~#O2)X=fAD8b}MB1SavmjtVnn+-Z^!Ti3lT=
z?z_2u0Efz#-9W;MB7FU8TZiHy@;OwxN!?-4&8v0uwjGBJNsA5r?)9RZ)&=l9&ZuK&
z+C;CjHBRTcKVu`e4qMsJHoX$X^t>DjZZ5Lb1r#u`?~^6%?lZ2MgK#MU&!lvP11;h&
zRjQAK5j|Sr;qSHKEQC7bg&xKmx1tult^L?=5Cd$4v6@~s(&>bwvo-cd545%{O2`3h
zGo$n4r<)uCwivI@{7k1q@ZbJMto<6lxWogB^{2sS0@Ymyv@bs=3>%gVKb}d>oc_iI
zc2^`@2(#XaVvN<-V~eH7iOV09p7|C&A^Eyvw4v7N&Ux8|it0ty`oL%iFv$>NuOPtJ
zn26r)_h*sT0>W)jtpC3HCi2)d)%H>Rs!OscVkgjvm!HS2pf*d1#iqjbw7{fUn7tVQ
zi#Un&>TB}sv$&f7iU&%mXvBnYT=a}P;bf18+=Hd_X=vi|z<76M5=iUi<lqY2t9As@
z;B42W)6N}ceMe=$o-LvrlxbwRW1u(hx7{)`KL|nxm!p)IJGwpzYPk%}6EWN>5`vt@
zJ0;5+ksjvo2+VPB5X#;O{X{&Q{y9lZgVIBa*GOQRx$ggbY{OjI(s{i+G#5(Bq(9x*
zzUGQ9UxVYJa)BpzcaRsEa!_*>rY8+#^OF!?TcEKgmA{Rj#_x6%L~=U+f*fw+NLXcp
z^(O&OJ0V`zo;Yb<nxa=olfbF5S7xg<j*<w2?oyhfPtHO<%z)YHJPbY1%Y~jKzI8(&
za}?bv)ZjkIm7e*71VnMa69&@Su@aYf01mr}!u9!rLHWcIdHZ6K_r?&N&5&PW6o3$U
zn=;1~d29NSChgnS9eJy%9)=+9tSaRZuE_#9C;IQ>Lh!FWeIorDMByCBP7|Yn2&(zx
zV%#8%OgN`E&?sXGX#gi)cbF{??HglMtALw5J|TkU;@?t-`2GuK;sCr`BHW;)u1s!G
zUCNH1FvI9H2<=v$bBBQ72<|7FJ8-~_Pkg{9uKeHUf1Fc0;Xwsu&J$$kW;ly5==22#
z6ujH_2_FzGNC0MnCoU||`0rue5lz8uIPvs>bui?@Ag56hNb86}?oKekj=-qPuIbqw
zuXXjhYkz9bNjupBnC<F!^XnC)BKJ2si38_FGw(*E4%jI*Z55;|6U=yA+yL}I`T!c@
za6`#t;O!{JZ2Y<V9(S7jGyv-Or$?5=N_55XUybE&vV%S794yiAHw5=t_xW{TYn*+-
z(x!qikhd;bb7xppm3gFr%K>_>2cSO)Un-U|>b?hZhNw4G69?*G>`_ZX?&9igN_Rkq
z{^$K!UL^en#1y#v|0*m*F~|~LVAq_ypm^=EcRD}+#jAP**N7-@=Se2yGecmUcG4+P
zeDAiAi<5OxP01v(^BBIz|5jKa8S{iDU)`^I;#yeOZ?FDWU2g%@R@k+R;uHw(?ogz-
zySq~)xJz-D;%=o7EV#S7y9IYEQYbDhT3jyuzVpvL_uM(j%*yOHJ9{#dWU}7J)*q5T
zH&0(9yEAu10=L_}F?FAYyLZp!l}>Lgt=<hzaK<b~-s@D2uKyaXQ6BPCS_r2+tnz$c
zQQhY60{lUW52R9<m2|cgTewMFbt>~>>*)2kA#_!Y<AY;Yh8D6uhZ}+|cE@q-o_(g|
z0#2~u3YVYWw8a6X^PQ480d&8&D@(+Bga;YW#4N6@t%(hBkJ6*h&42o*(H!nFT(I0{
zCN!z<P3t{11wWydqE3RO{)PoVabqD^J*Kt^)#?oN!6vcI(g3QG*x2O7VpRwTc+%O_
z*xuhrpVF>CH0;xa{emb%5?@_z8eg3g7UBrcR$B3dLL!rwzI<}26Yk^>upApU?2N$$
zmu{k0;Hj;}1P3KdM>vTa(@XiTfYQq-ciEe+sAn-B6RE6jV-QW<Xd3-!#1UI-l@Fs1
z!bT-KjV3nvYuHKL3B7NO94J$%<$97jT(dIm;8Ug>rD8f4lcHaIJF5|=he0-%6YadN
zZE4-Sit&=vAAqt5ONxzx;5vxrn_)cMtfFaa*YPQGsFO$0XIpu0a$D(T9k+*ljYTbG
zRUNIGlOl7)5{fTT>EqV+naV9KzUe=ZfA+LYmStsEM^D<XRoOo>#xhf91~|Rg+qb8$
zmL&DBZ=0HH^6u+(yW2G?G^Z*wmh{FJYgDDE)@n<P92aS28Y(mkG4KiQh2GTEFFw>3
z>3o`+uN<yJP*#H_P(p!{tZqlN!e6yLMX<(4>m7&wAw6O+ER$_#Ex}ODxyZlH6b;Ha
zD^U;4`%)jr$St&7*f+wMx(o&)#bQ|ktu(eIWqV3;J+yj_l)tD5{QUw(q-Zr#Rvz0T
z2))dE6}4FS<i1%H!c4?hcVPS!)%NC2^Tl6pKE4k_{b+b``F!^R1qdgTdUAm7!w=@)
zqdk3KB{y+rLxjX$5h7esnd`y&0HGl$t(-)QvEtnX|1Bso6drIJkpqbxFqt<<9tBTX
zI3hUBzqj!KNQ>b=`F(K1SIkxC%0G@Vqb`@W_LL>KvoxWK8W*(x?U-F16k`XxVo5rD
zAXugQ<s~G49)RBsH9BYwV8^~_FlOsgnqSQ`qPcWH_-m%d8qTOUk!Pfh|JSu{s4Oj%
zs4PwCC)VBJUx{uKqQwb-8mrJ#Kv8l+R58-JU;LpYm>*ka2JZm<HGV#Ary>7Web9xu
z0`q#y?D)Op$*vKIhRb{d<>%U2JyttzhE&hqUZH{jCw9-4KvdcmqjkLkg^{mMR9cRB
z*Cf_u!v}hewGD@f6EVj945P5lGG0+H_4>^2Fx8fdyTB#khv!+dV_BWqLQ!ldUv;9f
zIC}s1M1*h+bJU%{;W`>=&|XF{T`mpU(ezvxv~=)|yz<2Z?*}?``@@&cM*MzZU4?w*
zlA^{01bn1V_5RHd{+VuP|7bu)!L3ejYYu}m34O<pJfu{_+)o?<Bf>W4BN{MipV~8!
zbC#GowXp-Ow>`cMoI37gqh6+5MboC$O5f=n_48A_90Uh2mEr%SfQdJt0NnpB5B}Mb
z0n=y{l%9C8$1w<Gs!%a=fcGuHJ;AxK?GEzPyAo53N`awC#WUhoi)@r8=LwZy)=6#-
zW3K(KVvki^Cc}hB!bTJ|>`Hx9h}S$DYx{!JdY?iYhrm#c^5t_ValN)bdy}u$$j2bQ
zE9};xS@~r1_H5R0_o{er<|*}kjD$v6iBx?ttR2IR-LJ6w0~h>~N{Y3rz8;sQ_skuC
zW{$Y#iNRdFhw9~bbhlGkvZ_}?C+Fl~?6E94MQ<w8ab~`xF9xSUciY<2FB&tJUzVZ~
zMYulrw6k)2lVTzA?Ve~S(Ps0&Evbz;Yqt1N3ua&w^#BeJAtS9{ob2l)JjE%E%V}!4
z;*z?QRP4>uva)N@Dr=1)mj<SDGC$=9uku3Ii)Qf;i4a>DkWD%BAx3q-fA!5+HOWzj
z0(>ZMVTRPYYb+|NiU{gG9pp(GgD;f7C8vdrWnh8eX=#*;Wi^lIKKpWky+VEPWpSg%
z5Dk8DOC0w{hd7dq$`&Dq^>?XmCB=+w3~Thx7Y3bI8z;(gb6~FbE2WR7Ky{Jx0KC&M
zr9B`|rl^pwB~H;#XTIWF-vN7@Vq2%;TS+uSQsCe&Vn}Cj7blQ)){uez`+p7>vFs_%
z?T~zUO}t<|jn(U(sPei?nhs7(0#V~V87k$70Kb!%DQwxAhKWttnh+#AYrw_(mG?lT
z%Ax=^H~C+bTdD}BXqDOOmui<>u;rhAP{5X_{D}=-%)mh({xwXZdK%xrjkuUJ{a}L8
z;;sl7&{j!7Fs+0FaJHvgd*kB|+6A!Nv#nK4cjFUmUOQ6I{q_~OEo-~maK8EvU$kGk
zJ=WYWlyBcUkUIJf)EbywgZfgMTi=d104_pC$~Y#DdS0~h&A&3UBxj8Qt30jSu5=$v
zxMPiJQnA!We4roeWdeEyeD1EmKY|?6+H(HRP4>5}U5s2MF3P$=tuyAD_O&3`Getp%
zJsfJmtS^_@I9#-ZGI-(&@;nA58tM=~7q9nIDD_-AT<TcgnFMC8v$aqLK>D?;1uxD&
zI=_tF8eZ(5-xGM_i4CI3dCdd_@mgH8P=rUuAF5AYqB~6oWOwlRM*I*JKT0;gXhCqY
z`(MQ-?zGeiZ%3<s%jw?=Q)q7k%FGX3u!!E5uHWjYT@LRbBGYf*9f$9zTb>Bs>y2~K
z4!c}kss$rAmqO63W_HSn$Hh&JnN$lLwoVwWB@lNF$Q-rdaTizAdb7kvPIjZ_#OHJ#
ztr8s~Z@UVmMsiKdAD`1x#ph<Gm3@v=g2A09M;4m80-eDnbvMk&ikwTc$*DYb_c6uA
zK+|1rX69<m24L^B-vibZt^%i>T(}-?I!cnjQNd_s;Yg-fY^_G|zCkiy&;FAa3A0K`
zU3$4)dpSz`gv4)G=B*S=&$+}x_M?q2jA@7g_*Vn7^%q*eSW@tA<6t|d%-;I_ynz?X
z{t4eqO+aJGGfUr}siHk<gPaezJ8up>5bExX^pkl015)8xr8tEE`gU@>2w`eVTfl`q
zZLsyElg}<eAJ8>Y$wRgQ6~WmG%DO(+K1=SK98)m#*y9JzMC}(#ge=k-66aLZa|Ut+
zZz06K^!Fd*zcVZ0`2>k6$;4K5{YM+GA5%z80h;smm{EjVjwk`W*XqmO5zge+agord
zP?xToY*uWfiLJq+R_Z=ct47-t#|2)RxqfcM-rHA*g*ZfTJb%#l*!lv;J18@{(O*?y
z?q}>d#`Xp~E%GrGOz`8vDcW#bw|SKFKIvj*m|c)nxxt)v6^4cDCtkqA_468b<mQU_
z6TvG}uCjn)6;Q=eCl#iPztRb99LJZpf{yMF0D7Ur`I6%$xmg^r=llf7JHU4;?&b$z
zVdvD0RMmKZWfr)FhW6d_7VTCLW7=hPZN2_ZV0qf4x3SahgTUC9>G?t147oRp9EvRY
z&X&tK_9>E3WFTvChcnJLK2562BM0Yoh)1`paF?V*Y}G)}Sw+a%mH>L)*nJ^36|FNM
zA?%Al+i-c*Z%S5P->K|aXq&)~DP`2d80%RHNTh=+@)d{Ax^M{t(|4Mf1}vP7%|{9a
z3HL%+Qr?(Y{w*uvBV?)Ux{gu#JYjHaIB^Weo4g64un+n)d*}8|5yRZn4ok@^2BvL4
zT?U;+%YQZqY@N3uY_Tr1hDn=tUj%fM!rpTR^=1V1;$X6~TVVv2jFgnu+hPPFOP89`
z;Cqog&sF~VD_8!BT%@dWcibPjKp3g%SH2$o>iy2(Uay>EF2dy<4Q5~oq=ccNy+F6O
zohnnwV@fMXB)ua;5va2u7L^faPa||O#ArwKAu$-ES|rTo0a;l)2<<p6-GKb_TpXh(
zp_IBGC!hdA5pzYs2c(B`fuG3khv#`qk;X~?qRoWL$gxxfL8`Xmgk_;xH|di`Fu-|Y
z-=-qGK@@znj$;80VI`v*YM{?k^vJznz_M{b72+ZgaO*6Lo5ZD-$EEZW5XL3;6Ug`T
z0vxgbk)Z6Zv6ObRt>iVGLy%~JX=6fNEkrk*Ccgd)fp;3zWPzQhECgrxN6bFVO0z1}
zpy$(9lBrNiO`#S1%pl|qY)Qmu`O@BpFaeSZb2gdhJPv}ws?;8GN#Xu-)ooUQUkrn)
zw*0PGU)9I3s?bCrds|`Agz4h2NgQAVViLzf;3pe#>r+8H%;9xJ3rlEur~_k}{M%rp
zuFi_DFsJ{W__4kTI1`QrnK4|Yvk!dmT>6a7xin-m68fHx0E^eus<z$>TH=dk`ylb2
zaTTzC^Nqy`XSeSfFKdnXHzdZQB3fP4HCbW9Bo@%}u{c49-5xVbrz9R+PTexUN~I|q
z_W~9$dp`y^+`Vo(l_ac=<6vbD;5NWysWiq1OX#w+fPz*0$(PtlK&wiO(ZOam6;XsA
zOtS0&a2V-~X2o#NF_KU^RWYj$Y(1@XrOXq1GT{YgCdGbXxzm}vr0YF?FOQ>7PvnCa
zfj^d<gEjQMEu|=g6O_KO*SnOAtPa@4?Zo2Jsyr)RYmKZ9PbCxTQ>*1MaJF<riD_CX
z)k`8E$+h%TK%-)@-I^x^X@HHKZsq#yCso6t2DgL~g2p2WX!68iYVfcyWN~=3%>n3E
zF>#+zp%RwR?Yh)f8MUGH=RpP~L(2o(P9<fy1onhzfLQEPnSzzy!}aE1H}_d{1ZSCG
zXYhuY{oxXSQVQSt&es4_f0x;jwJ?$z${)Ya3cs%8s*q6q_y<<+9TY%YuUggxXjS9H
zC#2T;iagu`5J&rM2gtMjLCl-~g_vQEew8u6axb(YEr(|me<(nJROujEq#hd_Om|pO
zH1<HJ6D9yX5`Z8-un9K>CqukMh{brSe~2mtqe)?Q1>d@gcIwvZ86AqUBwQ#L(TnP#
zRVFMu<fE?|st`#hrbL`sTlS5JJf3T|q5PTrCF^y+NqKrg;(h7|?=<N26t*UF<fzV=
z#viVaHak(_25o9*zd?$qD-)=YNt`+j&8Z~V^z?bH68EK;fr$f@687dwZ5Rjh1SUmb
z*La?`(oO}=8o^?Wcy%)NAEtOcVB&xla#PIf^#X3yGH$=w32=!i!~6AV*wS=vs8n}m
zJWofVUsy?=Npt?o5;Sv3Q3``?aTDk0hY=_sAc6MQJcwB%Sw8SqEY;pX9G*fkkW373
zUlNco3<cE2gv=X!VhXhcR+wocOqkU%mn0|kHw?i&IO2B`Ac!C3#ma_S?sU4+oUqX<
z@&r%%_eHgp1q{t1&wbmyk0RWs{c+*K1@3Qf{yS&_44by9W4>m{Tr}2WR_sMfrCn&B
zZ1$L{W9~$ln8!)AJTWH{g|>Ua_Yy+Ql^HIgd6|Tn1pQdf0?BiIwH&8P@bql*?vkQ{
z?z(j+`s&wZK%3~t>Fo)#knSh{D@9>T9gU9?sZIXARN(igqIj(|3f--&9D|%g)HkS9
zu==s-Xf#agTp1t#pbRv{$8V`F4r8z?EF9-(5nfKbL6vmhi7&^-jd_$hF*1s{WBe{l
zsWQ@Mlu;96BsDZ9s1WRce1DPnghJ|{&|Qlh=yM4i^?7AgoMuFh&VZ3$FI3;!-2BW*
zJ#O#f?;ia>Y}VV`23OcUESh60@g{sT>oYxeIAZ0LiFfwK<f+Mx{Fc;?1>mVkp?+wO
zOR~UbTjitjcs<g(oGtz%OdG84(j855e;WQRQ@B8*KzS06@@}z=*5xVtQ?ptho~*U4
z`UIs4ou=3)RVexN4(4jdZjl^K<$AX)t1_gViYE|A5){0H2Ot}~@G{O(qSwM~&X)+%
zR~D9I+@}%r)e@%($Nu7F(|vQfKojBPOK*vM?@Pg>EG~9yjto;1ATBmFj>)VKeh2t6
zV)3-B>X$yArou3Fp$&{NyR1CBJg6-$V^GJTh?&-BJ|=~0CHZHNHfJ(M@MppbSs&&c
zJj#~aJd6+lf^YeFBTT@zS*Kqg%kdO6B83&}fwZ1Xqn?Y&TJf7)t14U!VK8*77t>?=
z1I)Z;V4|<mG1!U-nnR$}qdXtP)K@HpY=n-%kWou4(L*9SQ56#B-vaQe%<TxrXV3W1
zQ19V?1~t))o;-D9j~~50c}_18D;%ST`%1wpgrvP82HwHDe}>IC_RdGJJ)W2?aOnMG
z*VDyOWT26%om_IAP^yQerCOq$Sn+rNgt*I_MWrdM@&HL)y6?-Sz5!%9Mt~{iN5jBv
zM=h%(cWZYRWa(GHr+R&ji!V`IAomj102H5=RKHhbQw^FTV_604&VZfQ6O6X&mBlOM
z367Y98E%VUx?$0~(i{POt@K8o-hM4uB-Clg>v=-^V*}$DX_aV{NhAlPF2vg#J4J$p
z!Qg$~TCtOZc*<`(t9=KWR0D5f_-vGL4e;+SkEajHVN98F4R3A<^WV!n+s&d*ScIbj
z&<Gkdx_JI9`4-Dg=z+!z@R@WSDvr33YQy>J`t>jUiOD0yk^@a@2F`tKYvbu#P+8Ol
zTvw9B67K$vkauRHq{6K=`M{r*r3t7C`Ww0beT(N|!vgh~x_c6h;dcxEzEkFEvbV_B
zH*teAL!AH)#nqts^&^XzzTt!|iRhZre08PaCd|DJwtj9Be)O4=k|UKo=ZMA%U<qG;
zcF*ihEZl||I}*z>B(@r8#|uFVR@zw*vJ2{q>x(a<g_K)Uzw_qA269fw4Re3lu}ER~
zVebtfs?2o3NF5m=s_R4zQgj7$aNAW%(j8`XITTsdOV%%ccKdjLm=$bnk{Y*b5!JS^
z&2~4PuG!*wH?k(m@%{;B-mv{m?Rjez4YUB#1fxjo9gg51`S#-GW5%N1dJppySb!si
z9E+`zWl27ybTW1H6Vg^KJY0NoaIC&&ED-)ww~%p@=3^Q*u;Dp1<-mN?QvR_h<RjI@
zwPRKPp`AfNkOj=`|7^w__Bs+=9ja76#>v~50pL6eJ@t}NZ9~hpC}qaeOl!^}8%hs;
zIRKOH4-VAWy^_l1c`mh)Kk~i~*jU{AQB~4nd#_8O)~rJ44);NaU7y|PqnW^n`xO#@
z?bNDRMr<uVYK6ajwjcL_4x?Ni)AK~G_Q9Bh@<<u>kY)2F1>mt9b?d;?r@^00K!4W4
z6lA~ws*?rNQE-J5+ycf8k<LR=`uj+MMl`{W{lve}v%Vo{qxi{Thn@{Sg_Jm)`P%OK
zAtrBh){iP~>;1J=7Nm`rgOtk#3fn4VF_Ut*5d5UN^akBiWSqbc?ne8xw7x5eJ7e5F
zZ)4pN??BwJb7pjXw>H<Tp{D7~%M)&Fy~qfIQqb86gDf9A-JIHu4mJ~2amx&jx8~tG
z#`Qz$Orlm3|6@9)ZZfg5zc?H_>$*}A+ut1u)&2y_7PeuM=9PR}9vUTBru}M60x=J6
z&HUaT9DYUj_W(}BC75%C-{m1H&3&9>2h^6E#!T$U%L$zjV_s+5N!bQ28mUR;5N5gF
z^>V2iNxet0p8TETy@hu<J1R=+<9?|_m&PKZjHx0V=8QL)yUvCAZzDR(35T$T)*hCV
z#o=+CMc!F<EjZJK><~Eo0vugPqc6ntdj_EW?%$c4-s%sC-2VB$qs{}SZC<OL{C}<y
zb7G4|bm9BDcUiUm2X*$_|CJ0|=8y>F56o`?n`fe<1SU%5%qX!K0$Db*(guAd&n)7O
zI<&krAheCydh7CScMGMe<<va>oK(|)G!qTgd|PH?jgqm|v2q`$ktp3U$Sv+4uyEVy
z=V5jm)d0=nH6kAlx*4$A<bCftkHQbpM0OjKjZf!Tb1Wx_GHGTSx+dwy+<F(*J2%!I
z5})rx2}xtkGv1YN{<U_Xeg5h<g-pr1@E?`qq~C=|E2Lt1ZF3Hj4}4mqxn}rn_3ZY1
zwyKj3`4`&bT+F7fgwE52X6R<zz6s69KLSUDW>h)W>c_k?w-A!fc@A8@Jqi3EpI@s^
z|BCk%_+0rc)bXoI-CN1^QKtN@q2}gkqfv8jLBVG^X<?l2T&YJtsef^=6F1K0YBR&H
zRh9Oq!@g3haCQ#eLiLz?XGgl@VHOQ1g$g|AfimR-%vn;~pWLy6b_F2U3X3(f?CL>e
z=c!n_GM4f;@+7GRnmJ}Vv?M9cv`8f^WyADIo=KWHE_p6xtSLGv2LP!J$Oi8jOp`$u
zZFMzDGiT6ClX3LG>z^r07iv}d*(*uV%}4PQcq82|L69>NS9wb*iPw!`IBF~t=&-K5
zH3`2zWiJK6Dq-j6q+K_2waUm!&%#rho;>?LmY&XPtURqWB1C6hGM3IDXreql892Ap
zs=wrF<(fTLG-WW>l>YqJ1HoJtL2HR{rfA0E$z<M|<s*YBC_Kl)RU%0w$)QU=x4j5Q
zPe!slfnu_VYf;{|jrS=z0=VH44u|;lTF$o2FG}9_V<!bTIYKdaK0y$yq%E1W<QxZ%
ziSv#(Nm`n<;I2xHohjN;ES~2Aq5@kMR%N25<O8qYq2n&BtEvLJ%KWh}_k^g`82_Y|
zQS$Q^+*w`Z!Hh=+9gC?-jR)izRS|TRrW{&iU<J|84*ILl!>p^OVs7Q~uJZ5VJG+Oj
zMxsBToU{kK1%RlW*%Pbu%gmKKJ!4;1)wBoidQbq!Ut^E6kB`-3_7S}}q_A6_ge;i`
zp3~*B<~v#qa(j!Kn)B^j;@HNcU6jf#*YWsE9wdn%_TZv?LJOW`hw3p$n+9U!m^gZu
z<l=eGHPrnY{iIC{`lpgs6Zry%YypFE<Om|I7Vi+MO-3inO8X2y58Ue|%sF;)ox`(o
znb!H@e7vMhXNN}OaU5A~?XE95l0K%0Nr!dO9Sc*bNR9<0wtV?_Y*99&s!4Q@HquB4
zE7UWT3`3(J5*~b2rTJ6b;lI+XJ}HAf)JiAWh3VmJAq8|3ilT1^_o02BTfKr`F*m;3
zpfzy;)QYsa<)nOC{$oDSNKGR>H|*jhWU*>x<i*KE!|ciMXC;%Y17mzC>ei1{@ZdX~
z%%!V8WTd_Q9Hp4FhV6uQk(K?GD|JR;MIir^=|p&d*VIV|i>gtU7aClkL>>BAw4`<P
zr=ESyy=|l*9$LzV+Y*@!k|+r#!3apof?5nhc2X}0K}`i)_pOMRg(R)cIR~89wa)9k
zB&15pA5xlSs~0;CSFauIgzRk>G3G=@!4aCmI0+$4Ln!>!G2gaG-!m#E#rWrP;TE!2
z2vk8cuJPk)806L|2YRP&YDj#%`<3<|b-wc9+7!0W$_uTs>;m|xlH&QS4=Isci9+Oe
zY^Wuv;I2yj(IC}#<AQ|4h$NOr-Zwgum#4Kbh}ecIC4XmAeo68oHZrY8UW{IXyh$Mw
zH@CD8ZoP(g!Xik}nDR&DQ0S=~IaZO@$2yNa<hs}vHJ8^6y_^P{`hR--YAyX3q4##F
z6|LP~sw8e*yYa%j&9$L`)F5CYPG4dp!Y8wL`q)Il;she2n25aXs-rIMoNR;B+kKEh
z^x$jL^g4j`U9DD6lV=WwHF)2L7lZDrFzMH@gx(#_SNNx!m(_JhJud$0pWK8@i48&U
z#Ey&uCfk|}No|m;atmgXL)b#d7!T<1Agyk4U4T-l9`iq|Qk-zA#3_`0Z^Pog1jx%t
z1so0izEx#y1tj;{f_RTE{StXYLhJfnG(P3_)K85wJfLBi&roE)XQ<bst|;l&qt3KV
z8on`WwP2cN(L0i%@t#na#Z{*{hW(IE3<s|nALwC;oN68}Uy3VX>D(&*B!g#>YOo|j
zxpD@iQu4x?f4@2Td6M^rR^pBzV(|1Hspw@sk$chXF|+C`OT{1&MQp0+Bv3Ddzhl9C
zpSj)_3gKJnm0SfP+l4lxUF0@6MwMtr_I6ruV5nH*b4k^ax529}ggXkM<Z#mJyY47$
z3wYs!y8El;K9Gk%t*|^E1>Ve+s^-e{!$J!4VJGPRKf1U^q`0d#-*U;-N-WNa1H6wJ
zCrm4Yc24>hX4A%HpGwva1~bkm>EuH{4MP9%oQpNZ2m%yhhCyH$yRYlj>K$o*ze_;h
z|E<ie=y0M(f)DGAR`V$at<OdU*IHE4LRq5V&{5*wF*QAkY9Bw^D1i@k$?p7d9YYd=
z`G>FvFCUD)fVhTuP*3~m<RxQ3SKNr@Q~*cv2UF5o>*@MQEYhP2F+>GF@~1zYG^8*y
z{LcNZ6c7!%kK5x^PB2daFIe1Xya{FbAIuG@frA0r7O3gdmNi~>sZ~3DG<IxbL|^Fa
z<mNH3E$D!uL?{gM^c3t$n!DVs<B4j!^MfP#kg-dRJPHEu^o7n=th|#r;7=O6?XL@I
z4mnrSU<=fLuhO1U-VMB|(7n|h-~Nw1j5j0pmd195_IuW#HVJvuee81tbPPy-*#yKr
znWGm~l&$&&J!at`&%Sz*ERrwSLj243()6l)*Nli9l^Fs)V7Iz@ssSOYC2V034sZ<Z
zp~of0^vKF8W07#xQ)b%^De!KeC;iJBwo*ofmhu9dwVH3$vNJL(GMQu+!D`-e8cg$+
z+yE?DT&|+3-aTC?RP8sYl|w21NB!Pj@qk*)tMvxk1NaHSa1*Sn08|3M5t9oNZBDU^
zwNmf0&;nh$2wt%Zg-*wyZ4{UgUaDKb2cc$S1UM1JXj`%E2{ag1Z4*=$1C>?WNdyFZ
zN9Uc!zHr_&v1PGAd??hz+FHqq-u-=1b_^F-Oyi}fVz}S3XC6ivJea2z%Jh;#J<gqY
zmf>vwo=sC@RMvQ;VfegL0P=tK7s)44#h?mc`x@oV1Je$(w_`$v;qs11NEvvFvteAO
z1Vy=Nri(`tC%1`5f0sFj!FWB&JyHdfTT=Mk{Ej?jL9&z~J*)*RcZXhok&MO8GVH7W
z$;Y<=6ImZo7OKiV@mF#&qF%VfvAI`s_EG;ZIC!gFWSCBD7pi_oAbR0EMpOWXEcf*Q
z`$S4SMx)K&9%my&xDloIS_qEeA-N_+$`4#x;9bQP3Tr44CZ8JC+{Z;}0(~gcH<NaR
zFC6SO@_;p@Moi^4K=+G19<=pBK&NkEaSv~8!S+v#ud3c89z79~gsR}@p#BSS;v1G|
zSt!<wJB!<(K4<cMzIZfm7#5-je3nrt65Z{>Hd#{#niivOK((Cse?@XmA*DlNU}J2t
zWIVFa-nyI3YUW3ZI5vdQWY-pl{QS#Et{?){`2_&RuJk(dAT4|R5a~;&_Vh5n?VVk;
zhXNhTs=iS(7t+`?R}JjlAJ)d}y&}LyXD;F$kN4sI$Wwzvvq#JVKCv}>qDc-yPWyI>
zL!r=<zG@*<jr<C_DdFcnBd4sMZpf!{I`ne*F^<ox%RpZ2xqRZ1fXz%VB}D%_R|<LJ
z4+Ysewykk#HH;1Fl{RH`&s8d)#HEFN0`~DXSM7e6y=NSsHtNP|X4gSJw^!#nj)(@{
zsQP7y+zzz{LRW8df`7bbggD|^;tz36B-OZ<@e=h#nj>as<wi@D^344TNH&@IAa|o4
zAzYY2&UC&c?F6e<L@ybu2a{b(oo3WFI|L8QEZ=z&VHR<5dWqIhJzA%@;);|VG#XSP
znc9bk9(s6h67Fr*?;i4VLFVc2{{Dl<p+LRsWKomFdnhUf_`3{$-9SZZ2W_9isQ--Q
zQ3CGrMv!Y1xT1bD#SHyR8Xrh~Za{(Lco}J-98+6&Q-+nf>$99UER0Gg-l|r%tHV@J
z%Rq*)LR(A7V@z|$N?z>B(ywuNJaM;m_~F55WB5Lt<^4k>5tS^LJLoD<zoeWaEIhsA
zzF4t=hdk2;_=JMXN7?WEn%-VIzCR48&Nq(yI00(=nSf1fC$P%PpmO##E8dTT1aYC0
zk{>2E?vvro^ws6V<2y#&6mdW;Eb69qviR(A^#@fzFopDy;ZOKNHY!Ou6s>#sIeaJf
zF>)G<Abu~f#UFXRf5e@`n^?#`=-aM0V$%kd^7M!k14WLZkV;X((Jc;7&3J|y=5M#i
zscR=bTEA}t)^o>x|G-7ZXUYp(q(8$)9`%%_oV+OSeYc}FM=@Zbsu9ss@{!7|hFbpR
z3)#{DG9b12loc1Xcf1)KQ<V|(jRU&%<f8dtK22+^f+sTB8XjqK{E2<hoGv!H#+0KG
zOa8(Nbf+Zi`A>c!S|r3xpM4fIIhmbFT351Yw9H)8j9%D0&Gi7cgA~~qNpG>aiEHM7
zb_lJiCNk8AZ4qa;jid;#y8Q!7oL<cX$)n9QPX)R&`Y&Oo(DvIgMcW2(Ec{4GqTuML
z*+Q@=27{i8NbvzSTQc9a3r6cwvSes-Pw3h&)%MQ(x<$ixL)vYt&g|~WHp=7X9ogG0
zFOf%fxfd^Kf6iRFc_>-I2(4L^sYseQ8`<u*&2u6tpk$Q*&0lmI^0yK-fIQM^VDEGj
zFVMpi{kHYNlJr-&&0mpOP22sR|7f-9Hv<2$q)~3~EUDz4@lMui(SkPKNvC_~ImyH;
zwv3AQ@!*ppllhqWK))3C0TT&5qgnKeQ`dm;)s>G`k~|%GPmDCwuGYXb2W$duBbM25
z&a>48)7stV(M5e=OGoH`2`<@1+DUOLFjY88WUiW;(iYc;C3ojoP0U?MBgdNz!KM<U
zaY(XRl!FQ+EPm&dW(kEYPQ15>+fI|Z-o1a=JlJwT3i;3~hX7=n@5z^SJn;A{?^`31
zx`Ra1e@$5MFEHepJ8a$*^eBA%BzjQ|oj{})80e!HmACExk%tomTbHK7^lg3bE*Rz5
z)oVEyjDl)11V*G!5>$z?qhTZ(UH@94FaOOvFTUH##MksPgTX-AsdMmIg1IUb%tJK%
z#wCqjIS51}4r)xUUtJDrAz2P?u@FeBN2?-i+J}hgTR}Pa?E6mJF_DN!J1c?;tN@OQ
zPEEnB%+1uRefk#kAs0L)8($E%%(g%2p3SX)wVS)ZV{t(pp%sm<SAzJYIA6bNm>TeD
z2@&Q^a7S1Ym7zp*aKXB^!y^~?vbz(f!ggRR)xnJvv$TXW-w{0%uUPc2;7eAvzCxun
zU`1Bd9UxS3_U*%zWiN(uCZsk;H0`Mr%5i=e5$MbxyxeD$v+&aS6rkGG2_^M-Vbtm;
zb^7bCylP>VTz|{yA~CQ(`}mxktAY33sGtoKL2FT@mqr|PSRj`q*x4Nr-K_nAxGmuJ
zEF-}<@iAhQHn^?L1^Q7=Hk;;C%1P)lLv18`<>$r<caBq_=}d-Ps$oHiLHS8oN}a8;
z>EdTk>$+UDEYt0sS@5dP=WoL4Dt$<y)EQip3p61z6tg$|)*rr)?oLiyLy6guM3o>E
z?G$4KFt7DuF@O81@6KNU;HbvI2gnbB1AGJzIM1BPz9ruB+){9Hv--nr+9$f3&3oMR
z#UOys*1~bauuAbAMNY33%@vAz`THl4tW@fJvP{Aaa!LEMOb-B+0TD}674!Gq0wEgn
ziWY=-gY$(uC>!Vqs7|vNb~*v$c{>w`B7{O+{ez{jCjhdo?HyDyqu@x<3}G@6VoH5V
z-8UODZ}0bRfXt}mlvwEb>eo*D0GFUtm$!tWjSy1!fVvt2snhJ`e+u9)It;=gx=m>7
z?@5_|Eh@&F16qf*ob!zm8ZqxMA*z6gz@d@@WH~q}dBGl$l;k7k#3W@q42g`PSy_cb
z&~4#|*_=s44a++Ecl`o#S}=q->N$&1gp3=I$jY<33^hi+1U+Ugkj73}MJV^W8nkB(
z1rikujJdd{`7}j9mb+yJ8^_z{o%kc&;^@cf8HZ5dSCr-#CPD+zXfb-Y8i?Av|3$$@
zCh27aTS+!T;{9X~@@5#TRCIzsPe+Q&*zh4%owavfo*p)WSM6RV|AOZFH$PA9_7Q|5
z2!#Cu-rO~&?&3z=2cBGhWY3EPmwaP9t)%MN+n)*w28_E*O6oK&I$iT@9+C_&3D|_b
zp3sHmP!6%v_%Od1tn|lZ+yK6mEqV!xcXWz+oZD!Q=4LyixKBUo&cu|WZ9rTle-t&Q
zadWZq%DYEzpL9k>i8|fZV^r=mUEfw#xzC<7uZrPQ`lgDe-h6T@S269b#6XZO(Z^4~
zGdgxQBG|(B(vMP7Rdmm8Nn1>iw!1cH(~xt63@to*9W?im+{}avL54c2-|b~a5xtO~
zn9_685kW2qZVZRQq5u?V0*+4CQG%A&6r0CM;DV<?l^Vf$&n6RTy0yg7&WMbp03#88
zln7$HsHcAS#Bf{lN;BxlpNq(T4q7o>Y<PiRX-MJP3LhDyfHHm>HvceJTQ$J?9+voS
zP|bt^Ay8?;CGry!I>$keP9l-GZLsmt%`of3;<*_h;w2p$jKI|y)q!8*gNG-f@UGt(
zUU37Z7_e1b?ATd7^az1T9P~&LF2o7<?Dk%40Py?K3m@Y`5xY(W5q7lRvdqIC?r_TJ
zQI`io49(lw#@r@=TvKI|geykd+R+AikCx~Q6n5R)^6i)8LQRKEVEPMJ0ml?d?G6$R
zO-&}Bym|>O;>1U!AOw8=K(<_HNRjTX#a>TTAF{M~lJCBMlifyNlzJCKJND9d0z`C8
z0v@D<;Mz7fh&YAbxK<3@e5QFe#Quy=X;sYBLbOE9!uBIz7Sum5)G}sbdhk6wpR0||
z1ROH%zI1(f7;$x)HNC_*vsBGTkNPt&l2ry~mk-s&{%5Ev%BUUOzXk)xZR)=b20O~l
zV4)nuB_lGKa+&p|!rf5h!ls#xvku59J)wqc<0wb?g5}uAuzBlWJ>G+}h{SDathAN}
zPzE=!rf16$KDT+O!f4vppUEu-VtScK0TaEG;!h<3r6+6J*mAh2qv6371Z6S76(5Y)
z)Nn7&^B6fukZy%$2r8&t9MjNi)!$_UpQYbr16u5ADN7+0ChG%}G2M&Rmm&1lc}#qE
zJ;5~uM=}4a4587&8jdmkdSYjridIJX&KCC$=Yj~GlswXws{fchQOan~Vc3P5v42c`
z$kXNE-R}69YLMjML7?cFLu<mkHf=cxYlmQdOh}+8$(G8Au~OFvJ`r@P>c{9JRK*+z
z(UcL20g>-~ly{f|Ln7G6zrxw7`L05=ejd}0!VWGYKcwoftfdU);Jj%p3*Nr`;c$ZW
z8Izv)Ii>&V7?6^=2!P1>F#+TtL16&7GTVd%ZGbHdF?54PnX^YqG{X{d4~cG$m$`V;
zDUQUooKn_1;DUdqIeUIe12R(DA=xRz93A6Gnf5`=Y;d-pMRI@^pHbTE=qatx_A$#w
zNf~%G6;74XAAB{vh*6|>WHPrarM$I7a?&xVwTM+7{*4#*Z64ZLjd?vn=V6#CHIbVv
z%9owoGb+Sf*1KLWD|FXrZ31ckIVm3AGr7LcWS81RdqNO?hVkJD)#$Zcl6rkzC-Y}3
zA#TdSNHx4pG0b%Hm_Q9bIgZAHX7COs^c+KY)}SE-_2fkG25tw-OwG$11@QV2ZtATS
z!7}@V?3=|m?p85l78*;~(pcxrTm-G+<uhc#{p`witvEAVxQuFyJwJF9s{6#4qcV6G
zQt2dSp%571A3P>42z~Y%{?173WQ2+4YGjk?^+j}La35tc*%`JRrD)av(xKk`0u>4^
z`pM%Q`KZ+mkuW!&Gm?=2zsE)xSSn}{D&|6kFAL$!lUp)~xN-)lJrOS>Mt<%;wWyO*
z{3Z?Ru9cy6@qJGAG=k3qWkgyCF1Wx5Me8tq51u&NSOTmine)FhwZR1hbqk<5P>o1E
z%uQh}k+c^*R(+pCKRub>uR*LHxrW?@Zf&FHHV`hlqk^Ej$MnVHm8>90ep@T1yyEAm
zsZxVn39|<~H)oA=)F?KEKGzaTs*w0(WA|{%=bFN8T_lpOcIflXY<tL@UH2O7UIQg3
zF4djyH57z_+ziT<V<bF?X=S2I@Txq-y7;T&rKQ4UUpuv{%YV#TF^eJT_5Hc@{dO@*
zV3v9(8FW4NAd-b0B$4>zi%BF1l*1&Y8Z_;w9~3+9Zn+zZZ?&Yj6RZDMoVK=YZlSN(
z>N9aSYlQUF>>;@^a>BMvZO}^gmbXJtbT<2V20!5aw0-uCQ(@TV&Tk&G14I$o`dQ9_
zSEF0)1=jJVyj8RP<*dc@9?x)RV;Z=!W;865PC^rJfE>>BFHl=({2j2P$lF5WsiWqB
zs6D1C_Yp?0_YoQ;c|-(}Mx=3)C2oYMPE%}XV?jUn95j7XFj}W9WW&oV{`Nm0D-K)-
z-~+$!MHD?dC=5G}*6^%0WxKWR)RI$O^>t)5s2cJ{x_F;+N*|UNk~}ub@Y|d<_45;C
zh5jqBkT=m?*{H>UlZh@YhB|D~1{#G*h6uBme2n3lZ4zyI@cK51!Zu0RK(nu0WVtck
zX~H54u1(|;m1n4d93?)SRu!8kWr2OD5g5~#@`qWdF~l;K>ek!r9)8Wo76agy3kb<i
z`1M}2pS^}LWH)s$7+r#xu<?zO759*aA}b%}DF{-dG*CmtBMaUOY`@xAp#>WNVG!eu
zod6-!^ka<d`3x)BrU`+D{`-13*EJkF;APF6z(O8ZQTFifVX*1@4#$K55Mg@E4v>h=
zg^v-xhXKSxQ{lE>!oU0iw!k$b=0lE#-?c`FhC&e-N01ZtAY#w|Ml#s(nP4ZY;39^a
z>++IFI_@BbT2idD6(mjyF~5cA47?i^q|Rc>tZ)4V$a4PTjW_{yqKh-{l8!j9M>uYX
z`#6%hke9?bZ%*?FIkG2?eBH!2FZ!Oom_&>R!C9^b*ne%fyv@A^E98FGOs3)a4ohwf
zZ;tj=iDUL=#BDI2Q$!0uLGy&i7}hkBlChHX^*g-$GmgqgaNr$h#MhVm1)e9Am%WWQ
zKO|Mp+3vqljwClp;SuJCw`;QbhrrzGKmKh~*^*hMgEIjaP+eFm*%#)g)>rrifv-&t
zFL4)kbq3^irp_5kbzg>Cy-<>w0m70O6xK?;2!=Z&?WiVHHRLMH=uK0de^l4mgtH{C
z3egpVd=yHo5kuL^Lmgv#1v(L**j#)qH(J*0psY$*DVN!<H-EBAi=dbUq0MGli$Zw}
za-hssS?v2oLU=(7YnMn)1*0Z0D`+Sl6hYytNy~8n+YKU-!2LR)JtPACPix-WQ2U^J
zkQdQ8wI9ZI|L7dGGzI*l-HB3m&8nsf-uWeVm#mNs*RG;9+YKyh8>}Zx_>X$(f#_}=
z65&A|C2k}Xb%TUmbh3J@NF5hqZ=(yb0|H`?*u@b*=vPGe);3a%@T1t=leUW;Fm~zb
z#8Hx%Aqc1M58Zl>o3+onQjhyZDOvxht`XuMk{Wl{yxZd^e-G@clR=T6=17P)get-Y
zHQ3VWE^AK%mEoS^G<b7RX8Hr<YtwLK0}?m~w*8#jurn{fSnn}cxK;;r=YF-)(4<G0
zsW4J2Ex<@1;x_?5nS7ya)|#dIk-NH&Cp-7OFZflI56HK5k|V#j4eN!#b0|C%QJ6dw
z5e%519|4LWSE)rev~x7=Z(c{G4!Vd{R)QBGxG-!4S@Upq%!PG{uDNz@wCtg@m!k>n
z)j`<{^g=I9FxW3>MN_C)@Wxov8n8!69+i6)UHgPNR!L((6-#bE=M>L<J13kfzpTub
zE$5w%F(sO~l_25zKCTgUW|%rL*S*7MTxrX+cv<G2W*(K>9rJh1Y*3cKpBGZ((a_bF
zxa!D1q;)qp2t#9FR4GW##_Lh<fH7i#ahp_pYaq%W7`y@sMtJu@RxfgWXZcooN$<X$
z*CVE9es{K?F};Dyi!@8V730%s3(}5U6HDwC3{1$$2$y*S?b80gUg5C5V_Jl)H(bjJ
ze-;du{bd>xMrw)Wk*qMQo(wK*VrQz)xJOC>VhLkHrdw3Da!S}!oQFb>8r(0Wvdrpi
za6wwGg*pq(q~{DZ@>j{+6(~|>fRa}_in%q^abvW!Ys%DX%T)9F__m*UKg@nfa@FJc
z=B4=3Q_mOwn#jveGe3Aa;XGeS=U;%XL%z`c@;azH8gqk9UJ%_nd#3m3v7&L>T_&u~
ze;Q>Ozg>do`gY8g<j+r}_(Q;VqK*h{*TzizI#Bp>pqRdJZlcy%o)#1JTX)gsK2S5M
z_KQ>ggaE2DLiB;r{3}OQ$=Hfp-7NgOZ1%7j7cKLvc;rNV4xRDboJ5+tXMovy8?v0+
z`H{Cg-r}C($!}(N^|n+`w-X7c9Xs2bC1x>w@Z+8ueD_tXU=9yNuzPcuwPY@hGw_9C
z=RKlvWy?4op8FAmmMZ=`Kj%<pxsgUsB9uuFk2b%bmX!4w=Zhoz%R?pN$>-#6%r>tA
z5=KG_)QX^Eq)X9S9PJBzFA|k$+anloS)mPU)X}Q)h)&c|LerX{Rql6@c-fR@3dmqP
zN?jwXxovB7P%_-NX76M^sZqla^XUu<XYJsh>E5`X?RI-*V(l3vy7~Un`0yEep%?@U
zaiaMF-d;r26ro{op#JaEao@*~{cpGb%dFi0^CJJ}AhZAX3K{Q%cmIE5&D0d(5&oS5
P^L`I|e<bnxcl7@N0*nKU

literal 29988
zcmX_nQ+Q^<5^ZcxY<ptcwryK8vF+rKZQHgvv2EMDIp^McUb?=oUsiY5s;afCdn-tT
zf}sKd0YL%vt5~R?&WjWk!2kg@PyzvA{LC6VnHsv7s#=PenpxUex>(xV(OEg$+ihxn
z+TpYzfA<J%`zvT`Fg4Pw4>biV>gTSEk@+RGHUn~Nqx{y28hM;kZ~!#olAsToZx-Hw
z>9`Gg%S#Q6<2XGeOg$%w>0^5{3E#KRYpBytMR90p%j>uY6k{iE4(zsgh9WH8+C)?G
zLIT*Keu-iqx!9-v&l|!~G;OE9%v@?w*iUb-&>8npICKp+qC{}M2_gK}X`gxQjpk%5
zk>JX1OR)G<WrrI<#vQK4kn)`-QUhWV8(fp}$11alScD)E@*H4+@smehiio{P%l5D0
z<wls9%6Y4`>1m2nB%7omeW|Asw;L}B-_!Hpv(#MaYHNxQ<T?%ss0~8Q;1t*kNN2-R
zdp-~t45Q5CV!5;iPA=3KN*!&khdQMxk(RL=H!GwLz52eR{JrM=FT{+C&$071>6cgC
zi6MAbR{-X|QZtb{PUS%fBNVYCB`EiS2Jp1HHkGIw860Y`n4Qk#d;x!iF_m~rv9I^*
z?>Og*i6xdc9&<Za9vS^d>F}(^mPn3YPHN-syX^A?<NXFo$wM-{NoSJi#{hG)1NnN$
zU`w7-tPD~(Qi)TTAflAzw9YZ8<#r1uk(xg4M+r{|Dd5JUzk{FvW>ZQx5^CVbK~}0X
z9DtW{^l9;v&;l=m2px@~1Qoo6ZoE=<dXt72p~B%tX~P-K%e}r2P;r5fV*~b(Pk~>O
zR2ek;5q@4%45<y$h6I_>4HjGJ@6gT#+T;)-+5+Z27R@n`V6gC1w!#BHg)q^AF`cmm
zE};^OTxu%=LcD&D0rUv$Yjr9FiH*+tn`2Ed88e68_W(57hv{RVtE=wegh80+atwKm
zL=&Y^aL8(+P9vAsqju=@I+XPp>)ZlTGft*#QJR2)syK$|-=SbYP{}1xqnva8uqxKK
z5)j!4cb?b#NGRqAF4*1XyXCfqx(974W~3_t5%D8sK;pqe^3)(<@HZL^X~3x@x!b4(
zxVQ?Sa(j|2F~1#@b}xfKK(fI2i+zXzYbOI`LM@~$q$wjzAp&#hxD&L-@xX7)_SLh}
z8cim;$(#vG9oH^eG-haq1*84WNU!%h7`|I1!sc&KiIfM_8cx^>NddJ~9`Nt;eRUL#
z%DL;kS2(%NrI;KR+<75OAQmjIUr0O$QPe;h@7{jf#tMDoH({9=y~3hTm7|s7Uj+sc
z4e7Y3b?K7smtqJvl@rQhs$xn}PFxAWr!&(K;~Fv2qHv=<qepaTC!1ZZ{Zup0x$HJ3
zc)FA6mL>6V1}JQPNRcaP0O>Hwj2pTP)WS45{iLsaeU(>Fm8=b($L3%ao_{PJCHTNg
zI_H^UGJ)#v^Wx}imGD<9RZYRH19*dRxb7xY$4E`>%cPy<{Cw=H<R&8Ai{PTb(S1cr
z6t!PFj3Qh|kLEmLIaKUe030!NIFQ)|2dGqFw_Pu}1Sz!NS9~o&XTRHy{8~+`9AVFk
z1bvn2N7-LW!gS>M9HRB$8^qA2qQ~_==?{nhuqwBSHB^q}stL6T4$t4NOC^%4n<X{;
zHC1c-!=ZM{ag0<TCONA|R+Q?Hm~UR^J`KKPV$xjBS}d5gfE2<+w2<fYuL~he736>v
zc=q4k(v}|{!Y{|?iQr(uMGRW))WU5gBVVNapupX&o$_ThR#F1n_Ds@vjbBeb9!!>=
z<SNPJbrk)tJNTbw4*h~W_*X3XyWPMKVMjbSte3NWTYY-9&n*V_zL1z#^>#x_DQNar
zmc7Pl#R?HQlxaBvrVIJ#F2i5|S5MF#*Fh92BlT*1jdy|auEP^n`mo(WOqv!PIxu7l
z*R=2uX%-$K`%{!PO3L%7t=ckpT=bqi5E(o8)Va=U-1_VOf}VK<zbwI4kvpPW7f`1M
zlD>5Om>F*pc|-BT<KDYKBB~LtPkSIRZ-mo-R|&=-=brRyuPlGKa-I-My6{Si{U)oi
z0a=#z9G9AM?dJT~y-VuWJ`vqhXp!uU`DJz3fOL_q*=nf=zct=(VmHEawQzk`&v`8-
zd*msw=+z*ciK(o_$wgV5G&{VR4$k#Zkb}V0QTCSM5wKDMVd~Z`4PxgMR(2(5yHN8)
z1brdXRUV7;*-`Ye7c2EsJY7YJFX&(o5$24Dt9(+$JorK?8O0|gsJ!*F8|ot=rtCnR
z?Ik>f@bhd~TI*byzf*zMnM+{64mGeBqJ75cqRl#g$;5SYjqz}w*2>>EK5UNvy{EC)
zIu`kuk~ARTC}Zr6=V9$A71urd9d=daiIfHvtXMG2f;%bOA@D~?QE~v`u{Lf!J2acj
zMJ6dj{k8B1+8O1Z)1|(aN)X(FJ7{Fhs5raP7@>vbZ%|!7I&dcq1B$0C$Re%EH$xeg
zY~38>3`B?8ZxRbYAiO{`k)+OUw0GY5!%hkr8y)NjIu~-T2|_z~N|*r9P?6}nEH6)I
zf}gKGftU4juW&ngdRXi1Z#Qzrzv)jJ{3}-=TGy<0M_03@uRgG@2;*7H>|Y!B7Bn4S
zrBc@&74hX_SJP1Y)0ULwa=fD4k;2b#Sh$2mv>!1vD*dHrJa8$3)*E`R#0_RuTT&61
zG7D3?&77rs7wQnjN5K*_?+Zw}^<paiVOJf_pNByP(pP3|7MF!RL<h@jjf_vxO>Mfk
z{4#~<ApVIFgk}&VOQfZ?c&!UxCzqr$1+F}NTn(;df@G)MuHhS<4BOP*ElS^CpRB(A
zspJjO;H*fU^px&!lJGVAV=wTM9H`&G?&D@)*!i-x-M>L@^;62&Qm>;#q}#i`S4>@B
z;?|eM51nN~y{0cONlmUPsWLJnnG#}d(StE@RGS%iu;iyRrEH8sC$DRs*F6eSx7cXA
z4ez7<D~^tz2(J@9Jzd9^q93f;9bFf`TovsiJ8Y-B`EMRSkpJyq2&$u{^`z@*hkyAA
zFX{4VZAA1QoD;dp*7d03J{kFdBH2<pJjMxl6dz3P4RiR66S3zom%fdPND1m$I|M_5
z&LsnFgQgl4k}9080)oWi2OVzIC4nlT()B22^2t>wk{zbOh2zuz(PGNPAI<?#u^_3&
zbY_BkstOex_Fz%366b6VNv3yeqB~O0CFlfM^E{KSLe9r~Xe_<r${(2OwEbSAm~TDw
zH~9^v?dad~td`}IEtvPR1#hS<0>lWsSfA`KJG2`W^&d7Pm+1+5_<B;2bWbwHb<m&g
zg34QPo6yK~21#9EPTUOKpyc^p@Oj#ZzS1XGI+n4a^#$iMfpH>&V`1ULiXN$S8PSG?
zIOHE|lHlkIZ}EqDZ2?mA%-FgkD4)mQW76lbo@$ituUpHynVEm&zUSB)?-}m?*jliM
zt|tqlnQu#zsYIwgXEnze5>xOzA|71b)t5)>mqEc07JRI4U~&~Tb}MtyUnjm{)C?a7
zz6F0wG$mD3ToepW@_oX#8HIhls3W2kBt$6cH?m{al6M>;z}jD_J$<3G)zB#$Pc*(8
zm$&-pUX-snY#TpAiXLb(dit@oKZR^ty{a|MUX?Reznv&O*e^@E3MRf6d8o$+k3~Ld
ztA2W5ux!<OrZ`tOo__aJ&^Xk6sq<*VV?Cq_rO;e-D7$~idf%<RCwmuAn_6_qKWYJz
z2tLszKLKGZcqK`Q1!^TXpkLpJ3jb5K4&e^!oWwpU{+2*MTzC*b$Un-~*3i;U#njfp
z=11TDSJPg0y{qF$0_eZqd5^yk-P@coQUigYact~6MxyH0FPb+i`!<jD*2R@o&~lp;
z%2WZHGO<0r@9a5`lj0`4g(xPMnR*4|QC=z{CMG6c#NQt|-=KNXJ%eAeZs)c<!Z_^r
zuPi>zEh9dwU615jf8227jyksZF&Z3}W9?o$-0W+&eb?4~7uK(@!FOG7H{+c!b}wBn
zrUo{@V+zK;w^s7tUuI2Wwm-3__Y_%(E+1T<$G&f$TXr{KJ2_ALat<Ir5?WHXMVOTy
zE=O}j9bH((c~R+$=PlTL9cg?>@Qg$(m|F^A8O#3QM`Ji|V5Z+A<W*RNplDI-s&YX0
zubx{xS)s@j%$jrymU@}vrF$?Vy23oO&lfo!cseine*OA#^kIjW^t|<AOV^34j$@1_
z=MPOde}(s1m-j{Jr?F?u{yvMwXxtjn#1xNABlu#8M4zv^)SVqarmdR$aL}sb$B}i<
zVcQaQZVVeRfYhZsvOozD#LRUMD%Qg#vH!cC@vmp+H0=0<fd5|1<CuNc2=~EZacg^E
z3&$S)1-beuRyW88cGd#rpD;b4%IpWZ$oC8SRQI6rKSa;`jBkN$JFzc#>>()m;}aUY
zJ1g|fxjlY@g2MiglV{hb*z3K5B+34x7LNF(`A1}DGCK$Bdv7;cEHa^}Xhm8#ajy)_
zM~3U*AQ~u=_}lR5y_}Ie`LCw71gEK`Vz-{QuFqATr;RvP5@lx`i_xC&rx`HUM5)1l
zv#ea%Zu=dtqp`OwaOQ^8WGA?h^A;#EW5>}0uSQzfQeqa}9u4uXoCpm}B*k|ugqO;A
zD9-6J1rLKcyo!w}P_DhfET|~dN4BXH?~Io2*38}wZCPP65KHO>j9DC2AXwyw^`xh<
znpTqc*Eh6BDv2^xiB_fyJHToIpM`@)4@~Jg(be*S-HB(8H;WlBh7OL*uwAdKwCT*#
z(ixNrqcOzy)ZFO(EH6V~$`NMtY1!3V-62}d^btnmKF}z;1g)fL9nU%p@_|*FZ~vwW
zM>=|B2C$O&?Y$zbb+#w>yF}LZrtlJz77xJDm+%tvobcZwS1o)};zl1M;>O^lSl!Bj
z5138Tu{Sfrf}gyw-+~a|HM5E_H>Z!X%^Whgi`Tk(uWher$qTkIh?E7jYoS-vq5~#C
zF1`4hprn|GenU+<_w~zbL_E7*c|$wnjZyn&jl35gXK-iu_eg&GuK-Q20&&2b{?U3Q
zUB?guXK`4{KD&?T!yt!}_r;wC*n8maUo%4o&Nu86_HN*pD63Ffe!aEXnOoT>uVXmt
zh;~02A>x1>=dlkI=Zmd5DHohgGi>K5MF+&y5~vg7&8Nw6X^bQq_32d{=4t4TV|OuY
zm2<dS$?9CGSng#Yb)8n$pVT2InO1My18NUTRH#frnQ{|u&PNf$E!oq@!EAtx34{IM
z3qja4lKkKgK-d(ZS9)m;dS5m3{oq|d*cf0m!f9mci&DF6e52}<GKQu{mwHLHhsyYd
zWDU1Yx_I3eJ<ng+SGuo}nSFhh2f8}C5l)Bk6{yqb1XlYmGOQ0$JuWtN#b#3izJ7Q8
zvsQA(NkgP7irY_7g4RTQJZIXPj`k|2tR9|i2?(aP7MSa|TAHp?Yc%Ek_ryz-d<7@f
z;8LMlJ+`IM!u_K2l^snRyMIPJ*+GPCG?tk()Y|(TY}tkDnLy8&BdN25*uqB72>z5K
z+cpX-c{99gQ;p>2j+NF*Q$`h}tEESBW<;hC`PN%~efOp%NH7YnYfi8N{RTvOGNCze
z3D(uxNO@R2H`j*RmOz&SPOd_q8?Y|+%NNza1HzvgZGJ2<s#vfxLX`#Z#~`s1^jvUM
z(jxd=fKCT88hRO6q7{LQQU_9Dm+Pd`0WUSUf@A#I#qNW1w{`#YVUfTszihv)aS%wF
zd>)cke@8>(cXTc<6U<rxbwRxH?D!f<TP3fR%o4u8$)zHs=_Rtt68;~xCHyqgDh?^K
ze`Cq`ZiWqmX~}F3qR|_?Y~!2z5d(l<a}is{Z6~~TG7tEHBG-<PqSuTn5BRQX5BM3P
zH5}u#>scZ#TcfqTk`of(vZAtN`t^6%bzCeFi+Q@+hmTEjE|e+71H*-<NTjl%c!|Zr
zr7U=V)zT5B=2UQtg4X*1-?KUr6!NA&+lR@!nj|R@!PES!FDF2wB<>W?WhGM>BS8FT
zK`@>xAYwt$T=Z;|R%u94YGuj<tvup%aC{g=MP)W@=~saTZykP6W{_HI_Gs|Aq;dZv
z7^#l@&tb{u_CFRj^gj;L>I^BGVO>31;CA2c;dFhLP?DkjW))2`8MC$kJ1<kL&0dQU
zkQ1a)mp^oRY-DWnfB{sL;3Za+D71O3X|{P-C0FcG7JU@AfT<2W0Ki)y&{SPU*5Ac;
zjYNT_ECwTIX9ygxX{KABaS|Bjzyt=}BFU*VtD|PS1A}O{KjkE`u!1Bfr9hLMvd4H-
zFcv1#qr*!p3lrD{cqDuJ4Nz4cP)Z`GEg34oFxBVAdI3gIL0WrUxTnC-kCX^36P}g=
zWlJV1XbDmoA;nTlsH!diGlXM<ALx^VN!<Bab+A7V8Iflv1N~fYx>4sRfuP)Xo7c&i
zz(U+Vn9kW-K`P1264)DIDvPsY>72cRX#R}_zu26k#PyL6X6@<53lL%NPh1(N3lI?=
zPF&gN3J{?lDdAP7J;=G0l;;Q?*pds|ljTk(`|v-N8X--1V3<7Wlm|T@GGJd$28j9I
zbm3l40*(3JHsRk+K=b*eK&P0tLsvEIMU!DAf@P${$+V05x#F2d93Q0pant2!tj@_K
zk-LA8eSVO4evkuxkavHOLw=C=DB&ANojte}m4v9I9oB1gv?yecZlZmte1w<nMgMeh
zQ0=k5O@TW+7$W0-(uFuY^fBUoUO_lM04w4a`J<;zn?OrVP>PNZza=CshbM7{6zIe3
z%{=P~3eamrP{#N;8{&Fv;EMM|`r~>#kc#(o<l%Y?(285;USs^~cO20O_r;q+XBx@t
z7NJ%Vlj4k@OJ0Ib<aGKuv?pyvU3$5Q)@UDRe;jX(1F@dSJREO_3$dP#J{)g>2QkZB
zvf>0fm0=;PJSIBTVi>O3y*eE4XbavZT)%(-y>`@DoX?|v_P5%XXdetvj<+4C7#~+*
zjyFHdm^lG{8L>L#wr@BMx-?#eQ;>f`XBMQk1_%cRqJ)<gLAC}l2bh$^oDfr@PH+bC
zxPf$HPH??H_Ugw1#sBR5NJBpS2r>}>i%rSz*A^l-Iys9|8P<lD6_zH<4iPaEE$Ezw
z1FCT{ocptCP=_De@nZ!}epanCoS^Ae8{i?xtQnIl#pQ^DStYIpwh$+`Hz|k<s%jQ<
z6u<#dOBf@F5y%0tLm1=r+(G8(NBFa7-fX7lPa|9ynuHn@tl_ETyI+w>$(|@W5MKr}
z9Xwthi=GQVvdt44pXU+}9wDG47J)#Y*TXAmx;$Mj+4Hc74XulB@hF~}@gJk+umo>k
zDtNaVYqf<p8D}w%?Hk7-loK2sl`73+f;z9KHlR7}p=k1?{5H`|cX%S$aGUl<&d}*o
zKhoi^y2-PDqe`~y=Kv@@4;R-Nc<g}p<ke^3*01lf<$K7l`5nR)Uynn`Q{0MElT}?k
zE9F^h-i`^B05oM<vtzZz=KR|vhxe&#E<5!Y!jVgWQd8^a(ewDm7x{b=Q$t0Fve92G
zii|W}kt8#hjz&?ft9aL1UzeTNu7W@c$S!etp33#-E{d+3yPHzq6<?<vULO;KCx9t2
zeUaJUEblp}2E^XUZq$JykcJc+47>()M*ZZ83nm(|;jtmb$l*wmYKEQG_O8FvzEp_K
zD(GWdceA&B@pZS-&_Pgfq#*>WsS_#EC#EF3jc)c_k==WjL$q7_^GO=QMnd6P%y_p~
zNNa(geZU=LMeJF@`r^ASGPB_$bV#ES?R*oSVh4&>Qh?}KrPGrl3`G+fh+URUuv_{B
z7p;@)3i&$vmznz>w`DTj#KVxw2czhJr=vF%{dgI%^~(x3M8{YC677U-4Z!jCeqOi8
zGc7;DvP<HK=Dn5D)g9C}V5fZuW1=Nyt;dwYGVGs02xQVlQng<WtjJufIK&<AHxm(s
zI|VYw?MK=-^Tanfc#S@OJuXOVFwwj}pz_J{9a2eCwtPVW`}LfJw6S8`S!id%LWuSG
z6&K@<KT|5A6pWNA?&cHH$26=HmyVNKw+GPWFR~`AWzUx$d+!_;ggPf}8R1%jS}u=~
zvajehpd$|rExH@E((`DhA8@h`HpA3*Gc3$#&MFcF-_tFciapgTf34b28<1uV`7J>w
zv?^FIrf%aMRb6LrMQD!__a0b08-)J!vPoqjM=u}lIy)qrI`=phOJtW|({Rem^9z-J
z?{t(vG?L>I$~J!E2z77UA#E0nJt%**i5=@R;cke|18@2hNAQ#@6X|FWem}ohaNnm`
z6wu+j2j#k!QP5%G@3o=j_9r-$`wcth8flaJi<$PX1IDMmUMf7?)Xf$XIfiodFz{0K
z?Ud=kR6y!9O2-*2bc(dhJ4<^Pd?0d_6a^!~ZST!>%WTw!v?zHrf@|m`XqW9-LE*XJ
z0ex7vi8|}&i@UVN*15$qTfBb0T}^kicmloWd{<BWH$O}^B80|0LiWdc%j;DY{~&)@
zWJGC*qzPCH5@Oph-dn=$Ol;Q*f$cT*%B{zdtbLdu8^BWHR$?fc=ODjiH7p$@D3U(E
zjoqwbk@i8@=`*=gSIZUG$j;!*-<R%eQBd1nK8Aj}nU$5ki=$A@r0uTfrAX0SXCl5j
z@A%(r3B1(f{BTI-nd|DmoWq1+bI%8~mNyjkX!Cy+ES^HHun@2Em2_kt98}*)+kHhA
zVaZfjDC5=u6%oGW9HM>@3^#`)GttWaW*x?-J<c|)V_x&Fa@;#h0NFcz<%^yDEg)cV
zd?*Z6v}KDx`yhuO+O%1>vR?~xC?PD>@}67EYdzv|oIiOS&F4igHND<jc|ffdjlCT>
z3jGj*q--uOZ^-)iTA0|AsUJrB)`e%>{$adDGoD+?iF-zdB03rRinZzJL_)1wxy%zw
z!_H!iuiHd1jb3^J83o<o>X)RnPgR594$F!Q4gBCB?%_JyP(Ed=atp=JH}Q4{i|uOG
zo_RPiB@BI0@&*?*fm~Tmgq&mzGA{Wu6bSdgHFeN4L|2qqYe-3&<%(!nu#^U|U@===
zCR_cw_LA7v93XnD(7eId?7`*lQmtJsLg4p;LndXx3RX&%WR7W5@FiK5lpggNmOG1f
zXhop&8QAE<Goh!cVzY_q5E0ZziKM*^SV8K_$+eV?`9?=L+ugLNseWXUv~KbR_a)Ry
zIiF&agTFON_TZh6eO<4shoQPB)?;CzPgi+0a+C1Qm*%g>B>!2DTJ$U%-L@u!S`=yx
z$R{;HJF0kX;NnGs?z3ZT<;pv@ijKu{JFTfI^;?raYSbekE~sHy&iRPXS4)aJ)HQa0
zl8T=8%A3;c@7B~F+5<YPrYFuiEAejXu{$eFzh%Jf%eyd|B(E)fXjI|^n-CSe?;!97
z+F##XejN^Mj9Iy6_jy-3<19O1_=d#Jcrm1)v)631E{XLtF@%?WWZPp9%qn<^oZ2~x
z3=(9`TK1?TBhUA<?$RIxkNQkoI+?a?fNG=X3)b|+nu{qdXhk?P`qz`?<vWmpMSXqU
z^pluf4C_xMDUK1S8fjRPZRFf=?MbJEx{I-~=v-Mb=4rjSO)fzYzHSfIzgRLM9G9v<
z<K+CCMek7iz=~Aa$fMEc8Od@FNx5;DUJ|_hS2bqDvo##KlM{7-+jCE1<2vlqnzXPX
zm~gVb^z_uzAf&e=JJynWPNlm&>=wRhL_=l$smnpJeTs_X9`;G6wiHC!K4@C|*%7>a
zVCd5H)3aDWtey47v&FlBTwk|v#h7ZjZ^C+<_p5xn*j{l!w{^1i`y@M?DxmV{?1`nj
zo+};_2wT17BYl?_LdL)oPdKk~M}6N~$*?8cpTtJly6~W^gyQ227-XXhYrE>Xg~|95
zTN_6*8j!&8&ORS3k(45u2g;c;77NiZ<UVmp|2(;;Y#m_YyOX@uG%*RG30pe$9A(%U
zG@4twT-JLTNyNOta*B{EEKg^lz?Q7IBnNMnG@O%GmHeVtGSTMalC<yH4_|<p*HlZe
zlZY(7D(b#?+~`olccejR{WX=YyF=P&scG0IIjE~9>;%x^62CgjyY*Yqn&4qED-Ikk
zn^fc8XRPaIlire6n*q#DWIHhgyUUKdM^|Y06lr)aHs%AO`{9AlNletVPakC|p?ZG3
zD?z+A*5$dG4p`Q86|k4V@K`iI!A6c`p=W%IOOm;2Wma{ul?*}PDe{ohRY1{rZg>$-
zzA4i}aKb<=fmt&tmT-QD8JUBxOs(4fqOqS{&;vP5p1hksZ!t*Lrf)fP(xz)Uq=t_5
zs3=-7l59}}R|ct13b4y#nsBL?U@tMe?6*$T&O3u?)b^y%AdPXU0dvH2wUbvFm{z>@
z-$55{21L43u|EMB=~-D+n&zazW7lJCreQJHSDVdVTD&pDOhADD3FUIqQM<yZGTkyD
z6RiSwn~IsJ@1*{%|5`XH(N=40e5k*FS7HuYuioJna_Q2ox^8D&lf0>mG|^RciRBO&
z<Z5UHtG*?Z{I(>sJgoR&$|yPr*B2diGi;=mie8yJNWd-mE%N9Rn`l>G?@6O5XOkx4
zT@O8O>o;wpO~wO@(R$}API@CJ1Ac{Aoe_88zTL_FA^q)>#eEnguC{{5*;HqX-RN+@
z(n>Eb7x*SFclU_N`uCu)@H!^b<gj<0?Y5PKViWOdv@D#YBp+^_fU}JDUwMga5x&2C
zh7@a`l+1$Vbi>S+rLuB%pht=9S&g0NOkv@{Us}77xuY2HT4l|(x@afJJvp1?*2h}z
zy0I!;q!H8OW>nV6pmYj0GLNgl;*C`9I?dVe=sm8m;ytg8v?<HVc8v3YO~Qcb7xq^D
z5{_3`x~STc3z`q5N$8fo3H%|#&O7w|*P8xv207<h!Z8WbhE5kC`AsV2ykqDIXe5f*
za;&;8#w-d$5SwI}XPA%7EXcGJn|*ehF_}NIGaySQpFu|UaV4RwyQcj+gM@;s1kKH^
z4ZbM%f0+wLmE1pmcW(Tm4pbVuk<%=D5c^dbck0yBHuA#3ksY(wW!ygsGXMK_))sDp
zWUMjKo2nwq-FN2DGM8YL<pXr{2GOJ`iFajmr7k1f`+1&LOXhaQ-H<1JYRsH>(?nK@
z(ouHPW!GSTyc)k{ZE?Tl;*2QkCOi%{8l{#?j_rL1+8IeUoE2GeLeTusYxms{b2Opa
zsA(v&D?JW)6xNWJGd=3Xh}5+}s~VGu%}ia%bO|u9^+lv9J(>v6E}yd-T>=!+9I^)M
zL@3_8n2w(>#TCxzE3qx3PE<nn=m0JoA6#TS_{d%Le+Af_&i<iG8_3fD39(rPc|?Wv
zEq|}0YwP3E<x_23vtZJlY;yL4)fMw^cGMbu9^RL>;ey9twsPuuaps9Qrhly=Fx#)X
zypDh-jrHnYX>j~CB$eZ<MEO}<oKM;0rEk(Cll+^lg}<1KL{pB>chW+_26`NUZccn0
z^CQWwRoUK0n5$)^`+X~te;}Lyd^hyDguY<ilBKW5-nP3hp}s6lS@fK3<19_YWIr_t
z^C@Iw1AB`}c_LdgrN7ASE9{OqI^mV%)bAz92bdUvQZqYKG>X*$FbrXOIj)_iTP87>
z_27@(OVYhFf8)W3Uz29xRd6)qGzk2>OP(+NmI#MV%IWs2bA(@xHie)%{5z)2%=+D)
zfPIx><0I-jjc)2eo*qhUQjZY$??Xw8$xFX}$E*AMJN_}TwWUfF1oIi`4BcE~qN0Fh
z*-w*BjllF{mj^onmL^oY2j9kc4E}^8L<m8K)`+I75kVxtQZNj4KEMcdq(R&4x{K0h
zc3vhtLH5+p+yBTGb7ZBHXu&7-O9D*<vFoKl;w1^7DuLD>`1XOfJUC89{-os<4E{l<
z$nt$2+I1SMB{>TV<}TnQ54$$XR|N$4ZkHx;XL<AMW|IZhp`Y0cw?pzmz7Ai^EniZC
z>F}V+_)R{dey@O~&=+~Sv>4ldW%d{9%&6$*_pJpN{ud+Jv78v++D+-a*1BW@N~#FM
z7J{$7o3Ux4PM(AJr$Cs@gEgyX;{62v?|o}MwO1P<%^W?=OTBS^seQ-Ej^8_aG@NiM
zHGjyGjCTeq+14muLGKV!D*sM!0>O22tEQ$G{wgDw4(ZJ1LPR(%g&k*h+jA0@q&S=0
z!5mW|hExjjaY8jzq8$r|JwI~iFeb;{Hc(HTpgsp;%}wd+LveM`txf{yn9HehN;?a;
z=HO~MD^h-`9KAfm-4?uc3NqaT=4bm^p8;HL%44w%W^v6^LOP@b*866tJF&CBV6<_=
zpashu&I-xXpFM=E$YX5s7)_kx-o{MxS^)AKC>Int08+_QT^>Yxa3~z1RyVax{<BMh
zv024ozZdH9+19V|KSE8zD(S5fJqAareM+crL}}A=lg{6rg(o7-5SZq2<Z80vB~VeX
zs!O{2eNsfJ4NtWS!wAJC|N3iOd4_vrcmPV;TCl#LixF|OsjEmq50OuW5{PMhdXRbn
zYrm{}`DgMf1I!VUN0@gwitUWsTBGw3%1}c=hT#IlipPV+%eCT|0W~qk2TA(<_cyoL
zb3)}SV#)@HHFiK^z_YS@I28Ibn2)I{O));Gv7lmU`4kCKn;>F`Yg-bDvX;qn8B(pE
zF}0sDt)J6~KxxoXM^4P$m<O(o%n|d<1NH^C8ZY0`Eq`own_G~%lj56oxeN*sZW2f(
z?1hbp_Tj;}5I|O6k39coKwk~hVuv2oBRO3{Y!i?ezDvuovO{$6yr!j=>oR(en3q7&
zbgm;mVvbnlyQk+wf|6K04<rI<LWPlNLcIlU893DSd`Ep<e<vLYgJ&0qb{Dgm?{Yls
z-RQEUSf5woC)!OY*^Q4s9Ij+|g&#tU1+|c^uVex!vFvH{`J>l^FLKiOo%$A)L*W{A
zsijv0#-ub^;Hxr$fkp}K>ot%P^HH>xjp8wyI8v(I{XCUtgfMop4L$3E_=3Xz8k^;J
z=2xT5P9Li_KQ$uv%LSGb?Vh(W6P#l@dl)Cge6+OZoqzIl+2IMNB1}5ft$UHCCD+rN
zHZ@!o(8&+5OPsWOA9Ta&E<^RGp1e_e1!2QCs&xxhFxOtd)YH=EJ*>g>c6ZD~+c`v=
z2s&;km8%A7C%YjS@_jaO$Y!c!><zz&IQPnoxbtKU(|56?g|&vNzJ2b9&u!S?&Pkit
zT5P^2oT$a5G({#01<|mQE;<9Se!sO7N}b{dj7J&X<2=}{8rr`obI9)<E)F5n_Tr&7
z+M?CM!!Au<(_DZw{Sg$M8#9$B=XmD=Gh&--z4-VG2DUA+Fy(GnAykLOnXr|-^=@M-
zMYms5PcqaoV0RO;co-42V9>M(^y?6p1_<YFPfB2%Cf~I#c}GYP_tfKpRDzgeqX0Ma
zcl!K@DZflOQy(4-kPuI#C;Opu?1LpxHKBS6AecqD?02CM$;B5}I=ryWZ%fUM)|eS3
zdLjinEfkU1<jSB987pBCW-2&Qli7YOuR}`&^)%dIK!MyCQK7=uKO~P^3QH7id6eR{
z4Z6VU!4B8R^$CaJT=iy_lW@H1@?RB`47Nm>d$Z83ZUS7tscZ_?2SMi@RSC2AW=~oR
zp-iZExaiA_fPwLLi_j2t!nh7$Jxxm7CPC}xWcC>27xTG^cxLn2D2-X*l{jGxIA~P{
zt-4>7pBNh)Chheg&Un*jfDqF&ZplSVA{)Xi<3$`xQEAC0sSWCZC@I`!2;zBk<KMZO
zqutsGzyC7G-=%hdHHHHAk_<DU!NcN7@r&w6@q2-2$|yIjy)$rjIUrVO9VSL|kwQVC
zprwl}%Fx$UqtH~0k%Af1MVwvsy^G@Qy*{~#JOC%+by&irMH6&yEn}uUpU?B0s;Pz9
zGZh^d@CsDvZo)ij5q0@iI>k<4W#TsnD;1+2QYcGxQXYdGj7_NUNIi0}pbQrWzzi6u
z6LJ%4JF8<2w;%@n{Td*Gb(aT>bS%U4mbAIH{WoRNsjhdF>&tHFH(N>XU_t%K?n5Y_
z<$v^mWucR{ZJVl-mc57%z>Ab=O3v;&;y>&zIOLWU!#F{hgszOUo4F#LRPAl*1MV6k
zq-D=28h9ido>m=<U&S>mfKGwO5eW6guPQJ(*x&m`y;QissvOp+PX(~OfXS*#HZCV2
zi{l116y_w`<*|?!=Gq!@@yho-S4QHTXj$&4gzMHb%OhZ>;CFqTET)2UUz9=XGz>6D
zy8526tF2kYW>asw#$my|IV{G!ehQ_R{bD2{UN`$ZN$B+@Qg=&e={B09f*$AK6v#%0
zsFSyyb1e;tJVM4poIZ4}YsmZUyAf(EYVS-m{#(y%Kof7Dws$~nSGIeCJ9GrB|8D*>
z?9pjg#PI$Jjz4a~yb=rSEv5HeNhNl~Ni)`Wmo&FC>)x^DS-?REladf^@`=;M?q75l
zsp$dEX5kuRF7`sy=x5=P`BS<#mRA<R@0St&;#u~}5IZ3ro40xWt?aKx%=q_JHea{k
zrX9FV!`}*5eXLX>c7gAX%w=ITpQzKG3$6ToyAv;~Q5;((TR-_*eTPK?dlyY!Z<j7>
zj;-dSfa3k9@A_=fcw6wfqxf(Ancx}WDfTAd>7>;6)rAn7N16|;Zdl^7zhq4Yhw{(x
z%;GW$%6>E(?^@lBYh#*=vvS;!Zx;p7_3<3~-`8`@PuNc}@(4tN&)1Y)I(Q0kUYQn-
z2z*ZAA+i|g?V!H(xIu%s(lE@&(f-3|hILz`HDfz{TOadHcMPBX0b~f&YoN$AvhI@)
zj1}3h6S6G2?pMgOBBG%?!(tT)=&hqG%Qy!OK`L*$h++^xx9`F^|D3>_@YP5H3^Q1A
z^<ZNUqWyruAWN6O81R~2K3Rj#orSCDO^aNQ6paPa^=Onk`?f%~XO4S{t}Y(j)>eKc
zbYM!Y$e#`FlX@KsUD$o~g*_WG4Qk|UE*x^-)7Iw?UVen<Y0vC4xlqsL36a-)%23Z1
z&{FP=j)5-j4bNHkD~D?|xom9VQa%>ahMzgRu}<gKXPvI%7n7z|R~%}DTfIZl4k0+P
zrV!k{F2lih8u!e+e2#ipNt%7n)o{NHgeFZ1<1tZRT%c5b^!P1!5I@_!R#g++R5mI&
z=vf&UcF^Kr>1<pH*qUpBAB`s+xQ)}ssLFH1s6|C}n>t#JQLRQ&=x~zC>M&_&<!_Z6
z(?*z0R|@Lcn%X8UKq#ZMVQ3}$LJ?YKt3aiu5Q!iknOue`SdPrY`E*v79T4=V5`e%c
zC-a-^-r%Ou%o=@|Y*f%@2)3!GPtXQ$Q0;^AT8}l%)>)E=$ShoV^(d#D?w^S+T29Te
zaoG%=H_)t;#rnfQ{A;NTkn(P!_?-X4D29}leA_yvm~yVN9px$MCIxMQ78l-HvvB6w
zOmke0DXida2?Vh~Z{PkigstZc*IF}f<7CB~gG~@XEYL#R6bHeUhUR#tIZI?cWY2CL
zpO@r}jA8-7`JAEUzk|CX4a6nqWR*>lQ|kJSkC9y@n|=yIOHsF`ft~c9-!cY@kqt=(
zWg>28HW?p9#&!gUX8neC?*EiGp@%p2Zl}yie7B6HuPgW+#78?I{X4x?kSG^e?$lU2
z4iATR?I%o>zf%Xc>z@&PGfshvNQ?V-?eV_Y#E<icsPVp*9Ho!42DXpRScfPk2Di(j
z#9iNA!fOZi%3JRQjT|>G=ReA@*^?n0JJw5-Wl!vK=unmN=S7_nyrv0YHADh;oDDvj
zJG`}+Iq9{*Ct-2yPh?957#tC?C4tCTejMH|2gB}{(bC1Qg^<-!5Z`+|6}S*y?k2EC
z^;49Jeu|PB;x7>W;f{Z;rJaL|%Hr*16i2(7mbm|A!dq9}gmP70Hdq}e29b<PRoK6%
zS}~Duv5hgKJ#i+9PMriU6Q0~EItyseosu7Ryi-uw8IdQ*CL#r_i0vt^N$defH2@&y
zyOvr`f$n6_r_@-F4~^uSC}uUlZMsrKm#;w<3&ME^jf;qBsK-ppCFAnJ<YT((D@*7M
z@hS?XqJAk$FY{n#c7hIZEAaF>l<uoI=DH0zl>6^(cFmXfSJ98Fe%4-XS%wDnK)x6$
zj~f18f@IeH5Co<Bhahn`|DPa6b-i&ho`FHW3tTAOaKt;R-W*1fk_CdKo%QgcK`BYj
z5-)N@yTRhw0W7g4%8A5D>8(CmSKMf$*JuTMLo4${++JSCx3@*HM{#!uR5?6Ff0se2
zYL@!vJP;Uq@cmx%Ej7RyYJ_M;Pu2#Gq<I_trc%zdRwnY%&FT6y!bulbjbEihr}(F*
zf&!=Rvr8ft`i_VIx2=Q<qkTtsHd|ZF7I%i+D_)jhce~sxoq<#A;11pv0v3=Nt{VXN
zV}tuP57}Eu41;^NMqGpLaYwgcffy@z&R(wpzgP7;15r^&6O82}x|(So)%~TN-97ld
zP}_jMpRh-7(ZEExN<*~+i-b+#=S0BJ+ctENjwLe4M)#Ki*8wF}#f5P7W@yF63fv#n
z5{c*hu-$L=b8F8fx&Sskq65xjl63sVYzqXeMu-{hmgs<e3pA`L>3OPmzV7m}PX5QN
zLTld8K0`5{kPJE-*HcteUbUY~O)?sjqBuF*aYg%czqaKgcrA3NwgthH#wXFW2K%YG
ztuq^md9cs^US5^GxFaqd&6!~%{>Y0<xNUt$Od0C`#d+L+;vBB!$BhQ9|8paEFVWsJ
zM96#VA51$=$~5)IT@EO+Xb8jBaW-5yb+zd}hh@kR8eHR_N33zJ{~hv#_qa&y-t0pM
zn_2`qLI;08&VYn#ms=Y$MQUZXff<tlRLnCD>G8rnQ!}7L2M>AW(JaYGuOvlg8WBMP
zJvETX7RVt|rmWo!C4r%=!@6a&bP=)1&mHoy+0ZT}WhlaOYP<(?F2|&d!>U6=KD3GD
z7KpyF1-|OYti5Z-b)f}nR^%M@Beg_GvHuJQf*rMG*t{yU?vTPiy0EVnM_5JM*I#mF
zI%F}3M{nwbN93AIGwIs6!F7dVD0z$vWu}(A7#jo<rw`d|Pal0?Nnf4G2J{$v?!&%u
z-2p&JEM|BpU$FCkCG@kkEAm{POWb1ahxscT5s>RsNNjD88NApleM}7vrEPctP(y;g
zBgAnmWbu17Y!dU_WK4#_q7#fuOl?TK09Jia^uG<4=K8r)bPf03i8vKEK0{mqZW+SS
zzoBAHkE(^hkUeF7N#b)Ko<ZC8$}}5S*Z6_n%{g~OU+6LTJA<C0dKEOYQ>M&p^J>FD
zf8i``-^8AVwb>0~ZAbFo<~!_d4w3x|N_?TpL{gUzW8FpYXzziyH78v{-=&gRCf0@t
z4@9jU1-2a7U3M6LQd!E8SqN@P#wF^0Nx)q{-(MO6MM-t(;&?y&0GZ2zuY{sq0QIk<
zARuP@yS{NMlF-?Q$3Uh3BWRUrK$TYg3rJ@uY5%%~^qLtkF#4j6-j&hkR@uLxNDp#m
zxi@g&evQ1+U$eC=-b1oju_;*<|AS^SO>~A@>A{MVDbLcj17qdI{HTnY{_B|M#tKY^
zD77K*Rz-jYtxRR|q>mQy9sHINeaO^6H|3!110;350?RkJd*Kqyd-G|L_iSP+wJ!U+
z>Mljo4g9wazt9~^(-?}ZI2VWRTdE}r2AHOe!9WWhSK;UFpCF8zjP;~PKO4?l>NjTY
zAss~msOsNvVT*5uS2fKz8{K-Q{BmN<lUo;Y=Ayi*gFG>Yro0mDcok>;6^<`Sx55u(
zI-4?`_|XIGdS0N5Co`(4Db4x}l__xVmWGH1tA3M&?rat;+~M_*YtKe;arK7<{Hw+t
z9(^In3Xf*Y|1PE(6HFX?a_zPKU1>Q>V77r;hk0P1awcS)g$sxLqqqNF_#tF&c`Osn
zQuN}tUT5%`rQ?)%&3?pMut3|g!=)&)An+!r<7~v*CpaE}S6mKZCH~X0{8YEM>9V(}
z1?Bg=#kJqOIWk&2B0U|mcS}I7ZYRMtY3%QEnG1v!TPwyW7~|<gFqd`N-yDjlI!~$=
zGDpqvVvF>8nO?6FIW;bB>!WZD2K=?F^31S#&)GdaxOR1>Y-uFgM`Mw3X1>|I*nHhP
zvw9dg^I%{m-IJ7J+kUDk4iZeOZ>~CrP31Cgf-my1zqg<&IF(LgD`mr$;1{|1+c;i_
zeDffV3|XFaz4Xuj#DCg%@C=i0^`BEaT?yWp<w*YGA3Sip7(ozq9ifg7W!7#EXt({k
z{uHY&@Honp(Q1De1M<YcE9bYiy-HYxIgjy8IYcuMtfLTs96<V4@kbdjAtq*zkNsQ_
zUUN2iWmLwIs<#^e;wM$j2T`p%SoWJ7>ZI3R6+`c9VtK%gDH3sFN;L#db<q=Xxx2;)
z;U5G`=oMPyqeqnj%lft#TExG?L;DI?PEyMHhz2Yx^m>@ek&1o0wa0>7(^V&{T-5ju
zDFy%hNRY2jzTeUFl~g1^U4*SYV<OJNiV?nl421cx`}vQ!A(dcC0u}s|D(nNiPj#oA
zKoYy`pLPKBO$Nt5V9zoAuE2p2PvZW+^gH{P!CsY~%d^Wp@us`(L9kD?%><C!H`w<*
zw@md@?Z3z3j}%i&E>M^zA?L%UPohi)l}II&QOw4c>BKs&h3Rvzd{XSII$oFRx5s`i
zOG>Gh0wiUgY>ZbI9f}Yt4XasI>2MDKl~vM!rhHpn_A#wAvhosjn#U>PF0HcaAvNLu
z3FmcX-_z5@7#)wMrMZg7RQUd>7sz;<%Thv((oYlXS4}#4_BY|~jsE!UGb`m9GB`-d
z9yMwm3h;G8`3~)^S>p^;8!ys3R2$HgfT}4}8#72ELlojU4YO%cp}dDo6|=?7flgu5
z!)G8w?X&<qyR1&`Wizu`f@w)lk&3ngtrNw|+MbI6t*6VwvRF1oVVg4)+(mN@V=f{M
zD`I9mt#UajV$S=Dw(KQ;2fp7>yFOYoUXRz7#e>jbHF^@74+Do6Bk~FR(Bnnd0)s7)
zw#+X3Lnlmd6k#`&4m>dY)Wl^lW<*?k+_IV8lU*NhKb_Q-dG*9+i@OjZx=@{~FkKNI
z?9}8DJ0v+})7;k+Hk0ZR#mon!Z)J|MRSi13u#top{e2|eseEmzkcZn0jD#4`NX}O|
z?To>7o(p(q5(=U5D_h@iaIn9w9gIqF`8F1UIKjd+w1TH`C3dBmx?)A;tBKTjz7-fu
z24U$@k!)&c`4F<Lz>>{|b4I=E5mf+3mfRhrhrdRLANArB_vtCBd>I<HiL0C{e^fWj
zo6jtcQqt8jb#0{Y!|TdN#x17EM(=cf->Pl~sm~P{{XIBmzVK}~+6Iucy~1y?=x@)E
z%^cXQieB@2?4oj-nO3lB^OHeljwPuty#M+5`pv}~|N9O6bf|)xA~PKby*YqrF@ddW
z$>^#lvfI{H_|Du`WjZ5iY4TtKBxaf}GFg|8=6BD)y?RqZ%ea-f;#Zw^eD*-Mprx5?
zO*Ft78uQ%JL1QWUnFXMKoGPE7&di?ZlCLvaa#vChrZ(N9&u7Q14_h0Q`MHGkB72N!
zm99HBNFQK_%1q3c=soNisg0}E2H#t{L3*#ua8@D0+Tu$U;b_2AY%k@8-HlmvR9lbU
zTVE}OMM-QYO{|!c(n|#OOfK|Q`Uv%UXUJZ2Hb7#N$buaer{26vd|-O06ZC;CGU{C7
z=N;xnB$VCC`C^w5#LWy^j6}`PC^mtCz-&>;b5*6v^8pIw%Pvxu@VY2E>Pf1R8LOb-
zm}=ITN`AlX7Ub!(?~XkqcZ8!qLiqBL#VrcrGI~Kqy@c8Uf~~DwsqsR6j^rv&+&AP&
zwd|-95;?E$p2_!<T5%GsJqiaUQMQH6i9aX1oC$DzN_PyXp+ua37g;;}%6lK7t#S+J
z3oy0$i7TCi(QCH1MMne`@IX|wBp9ZEi^m?!<XQl~Y@lF9gK**k2oOBp1Gjc+sbBm}
z!WdcBK@RddmB;sSOz7|pLrtm#D_be_jb5A80&N+HaU$dbFLDru6|jaCHh@?`jTN{r
z$^)^bc$<J&6VJ3R5Jaoqfvw#31mLUuvGKv8b|nQ972X*jR_FHpV6!;)oO{6`bsTzw
zFDy|>O>BmG!Do195E|orRFxG~$b43qJX+aI1ic=!|Jl1(l1E8Qr-~T>FHzaxOgbxN
zcXGFwkA%F`;?hibCDivabvl!`+=Xr7R6}_RctOO<(C1p*&|aN7@fF5K(4*P**}c)}
zcc>r9{ADz6j$K2vKl0HkN3VoHSC)?yvS)-CnoAJJxvmOjSQ%%m0*yD-LaMKx2{7YO
z5CiSCW4ykCKN3@b7LlF}U`vlsv(VL!7muU|f+MJIv$#cPVC6D}Zi~kW6U`Ov>o>vi
z4A<%<Qz&OO;sVwusAQ(zMb(({&;XYzaA9QMFp1Y4hp*v<)F0i%wDLo#h{7FRwtH&6
z?3Z1?(QIrtT}Ox)z$Zx=h=*=;qd5V)Q-P^h!_i`(k?3BYSraDIE=3TSasaQtIG!e9
zgVQJKs7#=;_<f|&lKG#ag~N96xPYfOFl|=a(5$XR#yV8>GXFVZJtK!JUvevLkFVEo
z?#e!>Mfe9wn}o-vltV^bYr&8Ux42-gww^6uz-0qeW+Y*W5$`a;S8p*i6o<-^CG1q8
zd6xmN-U(s84k9&%R5XaUd_dQ0#`Ykz<3*rT6Yr>?00<7UR0AuwU)QS_Kdmek5~4K{
z5g*+s*Fujy5Hn7(aRe&y&CDN}a<OT}Hcaaol;mc?5KOBVYA1=)Yk!Cx5rpifkx-^o
zHqkG2^{yVkWtcGtZ9(TyG!MZ2Jdhhc+W~!ZZ{OrnV$yw2AAr1xAH4<k4n?&1MNkWq
z(s5}zqWh;s8}GohX|q1_{PU1=c`6iuPNAXtPby<CK{d-WLeyHK%Z_cK-RWy}e6`?o
z>(PjN2>!R#t<F*@>lKm4IOgy)F_F6p8k8znI3M^BiS`h23qhz3Ydd@NL<fR@ZaB*Y
zhds2^H8GVKCHWd*&WiE<{nK+-CYq`AwRbZUS<33nTKwK-UOTcz$^>&+pH&4T={TpF
zz^{WLRg;Lk5TW^V;}Qd-JQ133HayI5esrQw6oxspFEe%%X-)r7Kj1Q$E~-Di<VkA?
zl2t>`gq2B-f_X(&yZM9w5!itJuL%tzh+hfb!r01NgnD6igt#iD$htz=to|^Tryzge
zetX2Y2aXr2HPq$<T?%C%_4%GrYvJWYP1WYQ*Ks;vrFe!<q(urQX((ZXY)ioiC#ASm
z?pMv1;8iBOoelmeiIv110$n=XD~mZqk^hxScbizJ8v+jDcU@lqG~yO69{EVUR#G@9
z&ocvMZAl3x!(&Q`Sy%qgo+n&d^3f02&}gWMFl!`eb*dAMPKM{{h2hqZY#f1}Jp0MP
zc+Vf6FgBERnIRQC&g_&+IGxAWd85YKG``7#!_T4-rUE&N;rG>2!G`gh-Jaw5?0`-z
zL@Z*3f+G#ejw6jyo?qSSMT7{)d@cE@9!~S0whkqBz0uScH!r+h&Ym{bHnBMp?B*`z
zl&Sy>cJg=0&!)!pnl>7RYi;nW(WdU*#rCiA+}R=(-2h&IK`h=m+u;rSE4xm5=cMxE
zAfe;pt#H#sZN$5N2Fq*+&IJFs7PthW!r%7Pvp!UW-1khMYL0V|#Kvr=7G<8)z1#m>
z7mgLVDSRymOrmmZyl(*ka+(n&=peD~%lUApatmh(2{l(kKuIUYIR%_tfybc3@<!y+
zXm;XZ9S(wwILg8$$r*9NE*7Xa8P(Ukc!5spgrT^DYK5U{FoZaOxv|#tgdJ+JM}l#A
z+;n&PM2%bMcr=Dl7lHeWwlsl)emYl`zKW5|$p+;jerFe$pGBZS@9zji8^l5!zMflw
zy|5S@5hxY}43*u*aleq2POGu3w{0!QWzMUy&Y_}KF4~-zqa+`<L3zMUVg9y~u~egX
z?q1>ipSs>TII^hy7LJ{cZQHhO+nLx-CbsQNY}=UF$;7rbF(;VY^S<}@p}y~SSDjtG
zyZiies`gsXv)0<%_MO<BTl-ms)(nIv*ip@Cqzq7_mG2&RmxPzO307-bSQ_hQMMK~=
zf$!PLnL(CoA^Rhf)Q5V8f9>2W*u^<M(#xzdPLjXlKMaVu_ErS$7ZoX}9-Bu1-`%@P
zK2vK<)Zq&b?e5rJG;6_?AOJ<ZJti^)oa=DLTF)ArBs;-D>?9O_1m>@jS4u#~kIz?Y
z7iTfwJaQ>B{Gw_dH@WJRI==_gg$yeeDk2Npl+mrGGd@RDg!8}%a-UpjYMpn?J2`rS
z4z?G>0$}WUyqOZ2A<jYFhV6+K3V}Fepi?&nb86)6{Li_HXF^*Fr9DTKv0W@i1Q#dN
z+}+?41`Y|UPVAT@r{*lv_ZI!SQ|HC$c{S}rJ8a7p7l&`n)tW!|oaREgK{Q1Ohgxz@
z()n$<*-mZ^?=w#&jfC}#)Y_w~P}1kl(`??0D&PadM2QPK_V?*bTMz87Zr>hAz6qtg
zrH6o=*K#KE$jH&oK)Y^F^Jg<bm5daQk~7%h!KSO*!k(#7EyM~~90%$JZOpegF&HbU
z733A|zS&*9?JKZTQk`dMO~(otP8aKe#fn(e)9^WA#ZdG5|HaJB8%MYs<bBU2d?6`=
zRKfMNG8qCNpo!a&k%nD?D3&!5>Sxgl391@!5mt3V^9foZQ>Xs*3+B71BwJ0d6u-5?
z(-a})5~KKdOYVGc-9;cxy}__>gLZGMa2wPLlW>NWUwd#T#&oUml=eWZs!`eA3Uhn7
zhS89EeF0;|=*u$mZRN*n;YTq$`?l`_H2-O{gk4rVQTBix&H>)VL0c>kkGkWwSs_J^
zfJId5kONHst(@_3>f$lBfGgz{MM-5{qT2@gYf0Hg+R-AZx)BRi6l%NTy<JjQPa4FU
z<P&99ez0dNchv$!?GYu&VZXWEZt5$$FP`v>$v6AJZ`(+FjJx(Im$HLedQjc6q~_iR
zM1();DHn*hG`1s$x+f=jdM<VM3_A16Irq|rVeSOzf@Dwb>OCPJFNa|Q74{OI_UZw@
zWy`cZv6$}AqEO(v0gJJii$`ee@u@S8l1ktk6TXL+Fl94F{3_(a5!1PyBiW|;!b1-+
z81P2l2yVL}RA_hPI^%aie&6=djlDM+o_C3KmPyI}AV&t}MLV~=&V64)6^ATW6CqC4
z)2>@*pogqenj4eIWeme3dVGfN9oWYmjGNMn<8RYGp+Jf8T1g%Bak!^Qzk%ndFeNMN
z=(wEy%6cQSt>po64ik`7gE4Jgtme(@*wTR)cJ6GNfs#`{tf5?^Ps--Sa}9V)Jowno
z2dGYe&!e5tO+1JIC1u<t>V`mWw8KH&Ii)lix?VA<rjNK@*^loJ({f%h&e?3PK1I+x
zP0_J$uTg{aymaCa)Oo5M;&khBIoh0buBI7qYRo+-!)WzFw_n0~VYUrsslZNf?|a<T
z$U@V=RO5t?ii9XqyZ)o`rETnl*XOSRD9FIlA{{4O&?v*T@LbK*og}NB>yl3%Lr=8D
z71S5BzN^CaW-uT=$;AxY-_cP4dCujRRi^bu5NMxgJ(|CeWiw2}1UJ^S=JAZHWcjl_
zd~>cw^~K>Qe?U#xK!~LzU<dHd9z0Df_qE60N=`Pwfvy*DeCgtL9}<Keg8>&k7}|2Y
zrQ{*bOy!^ImI4SeT?2TyJHq)JKx<wBJZgUs(KtM-X<`Ek?9S7v+WBj(yurvMCJr&F
zJ0d$FX^r~VYPyeF9y{a|ACy?vuanhAoKDgf-lHW{Hnk#aAzA6K{d^4NxQsPceGjJ4
z^6RB)A#%atiFFrBW;kPYzEoCdg%bl!&13SooSdG4x`)*<x9W?|r@r$FB(=4`v4h!(
zLXvQ2VM)pn^TT95ZsZC`MD`95g4ItygbI4~xRob{gX%Q#?BPIKJZEfW9i9kK19$|h
zWbztLICi9W{7ze?Zg2?q)jSVE&U52Lx)6~rTcy%bJ;Lm>IspwFtryHzZFa95QHDt?
z&3>BnF3S)#dX2Vqh)A0ki1N&z`g8l}K%s*|7q;AsR{#L!(ss`r7=4UKs|P_#>8fXF
zjIY`V{v{Kk?j|kKpw-6$ku65MFm@(G>jpl^0jOL9QN4SNt=AR1fNv%_1&PTj@935Q
zG<2BvlXky`h7Gb~0nz^eV<EER5;>AwUPabhP1y&@nZ<&69%!S~&&hB9NmbeDZ(7-T
zb=Lb!v+RhqTbEC@hfkdg?9#=Xl0*CVXpw-r2_YQo$ZNx5GiPIW5exLpaRTI{64(qu
zWic;@9XJAz|HxK8uvIR3OdB(321pB=Vp`F@hqI5ih%mEoArk!PKoJln6vJ<Ges#(f
zjj6|1oF1sroe_l>ZGrbr#SP~V_usU_y|-%RgD8X7f^I8xtbp5@7-r0(sX|t<%=X7C
z)xw!wf{3j|Fk-dR2ML{s2g4sN31b>r+N4KN-+-(cl<v&;0zqh0DpW3I6_+`@)70W5
zPFbLU7G_V7Y05F9(@z#4oS=rs<T_aHMf|mf#YeCH9h<t~i_<ty7xaE_2JM*i{x8P~
zhLe4&<BX<l0N-@HDfcon-*oQAlK*Cdkw;+em74odp7zvMmOGB-dI(<ufG+3L*j!N8
zdFWEGJfCj13j`=_Uj_1dbf@ud!a*;|RMg=pTh0k8m*ejZUH-u&36mvN0CP``<1UD=
z`2l|6hE?IpD?u9FFt*kE<jh-c`Gmro86I-N4mRWL*}{PMc6e>&>e*6Dz+L&>v*p;`
ziv_zHqhiT=9$Lr79Z^K}e1oy}$XL}DEQQvA>te8^L`s0eNwxHAeXm3|&HmZAXhUE?
zhJgErIv#gr^9MsX5;&u~aw6Rlt$r2r$ng_p(r|~&lKP-E@{xL_6T#!szgCXop&8yI
zI#Cq90L6nF&*M^fxPioX;>Xl=d)ds;aklg<S5OFPq=au4+XBPzsT@G&5@G>lF77^M
zar(<dI<kDgb`H4R8R#>xokM2#e104mHnZ5QKtNw8*o{k8D<iE|ph4M^ngn3bpflAY
zM6b#+BR*UVMm{NroLQCl$7IwaZw2!T^yw)`6`kx7l749Zm&H`yUcg1Lk%AgDBNOE3
zQhv=XvZ2B%a)uo9@6}UpPTU7tnofA4I9nR)?)*TNH^ZLyb;G+4mvml`_)yxP{k!k-
zd{_?q)W()zj9+vnE7)RrHj+PYs@S)@LfP9{z-7K4)Nz!ENr0;I+98A4FY$p24|l!m
z2d~zyDR`ulBJ3WQtzO0T6byy1qt>)AT4nm`g0tvu@KW(E1+>N~=7=-Tj<TM`#hJwQ
zIQh9tMap9yHYPQ<!hnJQ*BNK}o2OSbD>AxE7n6O{n?10t%)k;0e2H7P&__CH#Xp#S
zZFvsXJqcFA6T>j<Jjx5ZV2ZEA-LMf{eoL?`TcUkDr=j_o&qv=-&|0p^(ShJ+K#ZbN
z+XSyo;;)-->Nuj5G%akX@U`y@JtizKyAr!?!XV+3dyq6vpxoT>+#v-0!asL|K;bU}
z;aYwV4M6+`fvss{IwtDIFyp(zTXI^d*`)Ta4^(M`%D38<)+2j!k8k7PQFH~;>q&`C
z+W&BbD}Ie+C<c<^1Py<}MV6>+LoL+D$XlurJ9VW{v!vb1G;$Hi5g<Jn6fBgb_kKTL
zhy_n!@l^|6bee3*9-6HCnvyNzOoUCBS6exyaIzcv9H78&Nsyz?FL~(dlR!vFmQLw_
z_(lfEAf`KYg0&5nGuFG;?GJ_HhVbW4cCKG5LcxFS4?_Ci7h}JEXdq@w;Nkxlvvms*
zC-EZrTZB)ZkmX!gga>i|gW1pQiC|;}1sxf)U*~h+%k$tP3L^H8fum6x;Nr>`Wr&dl
z>gyIm<W<{f$OB~1q*mbKw+)PX-v88PTAzM{wx$I&Cbf7R&vjX;J+NwSfrgoyrR5ax
z>gLg!F1;0=pl-WT-29r4CJa1L1D+B4V~FL{-CCd&H5RSQZ@@_#`yD2S6^!v#`*f;X
zJ(x$~TabHm;<zNS&!I!^UV_A)pIN)&I0^gx!DQq~gj+~R_{{ci#Fm0M`USY!DKhUB
z2=wAoc!<uqqU&d<OxlLHIq{i866$%}p!~A)b``I*Ta+3Lfmn!Am9Ab;2la6Whrrdm
zc5mB|E}eV`(oj&6N0aN_a(IG0wHroPX+ro9NQNCas1SZ(_iIL1WsIs2YPSp?>TorN
zB*~NH9*efF@Z2*2r3e#iAFXXTs^{icUx6;oi)qO~tIqEP3rJEY#TY;HubcnxcD!VE
z*6h}QiZGIyR3Q#0Mlir-htO-3)bB&8$wr8tI!Ba|67mIdf6?{GA*Jz2o{!<|J*s4K
zWOrorYa8f@I;S%@LF)eu_pJn7!LShM21%>?BOu70tzw;t*4`PKE?Rswu-wHRhZTsk
zR<AY@s(<a2aY`pSH<?v_=M}IL@~KP0SHvPU-wpMf@iRuE+Mp!_S+@36ag$3z_Y4A}
z_7k!9niEG!uLw{>1SS6(6yhP*IZMYvC1QK^;;Q~FMkI+C9_JtVP46NdOF_n>eea0r
zx}+aC2_B6kLv~yzMyyI2H$00MwD4Us`YtAlbDVFGQ^+x3cM3<j?a?KVO_s4aq7~?y
z6LTkPV9c;o4Ow=e?~=sOEGAY%7=FL~I^`UYDdLC_I7oo(6A2a|ZFIoEhQ=<gR8CiQ
zv{bG9O+BMK{gnu!Mjx&9jA)JT7*arEht1osP9_`54`42(hMA{7at^F)i3XRKv1tR%
zWVO-*v6_q*RoGk7VDEl9q56REl1nHimGD16kq!cp`&}@@_wl&X_ZxCxB!}ylgJb^4
z-QUfc@S@~DgUibZuQYAMpfD$mY92=Y`{l`F`{mQGG);}B(=uO$EWLrY<)(*ix`$gL
z73f2iP=%&DD`g&s;oB`kO5gIUHs6MSob=UAHB3Tn@0V$>UqO>S%tvP!zVQ4Hm--fw
z)3iCewC>5hr7r3|<D{0bIi`?i=I>>&OWLn2QzEmK+Jq93lbq(-QF(n(CM|A~z!Q8~
zTnf|Zbg-vN5F~du%LVY(mEu>E8jt|cx3D(MMep$t$x@A!TC5`H7dzqc83S?FHJZ}i
zz*sSe#75XfR-ifPD3x|o`xS_HK}Yz!(u#bEKR!N%k-!UFwUOzUScRqhpwa4?%vl^z
z>r!rUA)3@^^`YC?#uu;C)$Z4z+J>Y^BYq>`+m$P<#ji6+Wro7A191)|B9BmUQoidu
zcAcT7AJT1X3eDR7O2mth?IGoprRf6Uyv=nex{oOD71Mics^53-VSd;HZ;4&Ui=xBJ
z=317m4DnwOx}~CWIOlV!t%Kpm^HJHAQ1?O%FiD_5^@3{%s9wl~F&_d&3&<yu1DBC-
zoUS`lH=J-ZaW747+_3LxNo$2Vk@3G2C+PO?5To87acIj&Pqrvz;${xUJW!m?jNx{E
zB+DG0%>ki~mFbXL@-<-4;N!ni2z)v;9GlDkl<N-v%Jr0g<@z_<lvlrqUJ`hop<;rC
z{bX%I(p>Wiy<w(C^Szy|_Hip)d$Bx@sJN9giBeLvdgFdCW)3F%8d`b;IfSph#-un-
z{)^x99t$OXlqj*Sjg)tzqtZNv9eoyL;*>FsxMgI7_Dfws4;)O@zMPHIKMX5tL?sLa
zkg^r{a5HokQ=4PxDv?QlT53Ddja6FNQ;uKgGf?(9@b^5XrZe;n&ykdKO*Hw*&F-IY
zd7b+DiD609c7Ma_eW8pbifUTUW+*>qEbHW|e7Su6)N}J8)q8{oi^cL*<mLdSw}TWr
zYJZ+h9@z@O^4kP65KtvCHpHbz!pCF|-C?XSnA*7ox%UVjt9?fKhkNQgS9osbD;FEo
zohgAPX;4((w&!GlxCf|b_h$VM?uBXn7x(xXG#19_N!nu!$}krP!m^FESlc2ia7WzK
zf5n<6U6iNQut?7QD~oZAD116Tr*%eyCb;`(Cak%?YXXbnjKANG7jdbJbpNYd+(Eri
zp?)@eN<ZH3bJkz#i7!z{vExM5*$qn+O-*)6KLVtRe*VRI3PmgMpys`^zE$9awX(pJ
zC!zE+MUYc6O_4dR5-;s0cJs6xTQJ?)&Ly~>jc<h?y4lGkpvWa0S-VDINyTgG|M+6;
z%oDBK<E}2m*@wU&mogm(Fe{XCxpt-fFccFOqznv1-*lSWBzlC3&}c*)Ag6SlR*)5g
z))nSS^_2IP4w?Q%W|veW5vlQdBuBryV}pz+$uBnVo%p#JgjE%S72RC`)empeZh%NF
zR+-PK9IpB;hoPv#L#Y5k3NSebNZmIH#EOS23e|;T8ebvU=Ws-=+jGEboXkCNz&eMK
zH^HzZZ^H@c@)0z3FUi($o8m=uZjVtvOu^V;G!-kND_^Spft<sdj<HGOpsW&8ek!Tq
zj1;6RX$4Jq=^NEf&CJw5Z|8`Kx(_4nxy1qh(HQyRc%2Q&qc3HskE8mTSVup1+u2>$
zFN<s)wi1@aZwodtzW^y}XQkq404k5T231f*tBruxZC+L(s$XsW$3E47!V0Qd2Psd)
zI<<~2P!GMS8g8%kv{qjY#BrA@2*X6!CLr@YC;#Sh8S)m#c@>j90rDag(-G2Jl&~P(
za~0D{(g^zOtd2n$p<GusVcNiX<|+^oZ|Qqp#?S(FeV3Rbz3ttbkK5f6PAbrW$Aw)&
z6hAFR_a(e-`Q$pHgH=%Sl-iBh$d)^J{7>EvS)&QC*(-s--*OIcA_L;7<fJp?KRliO
zho=tWKs=2D;^~%jgfrPAR0#QRar>jl?%@KpR}{}Ek<)ohfIuVbV<>RuwnGkqkQq>5
zwagg^o|sgP{AP5KrEnBb*%X(=RJENl{+EjJ{%7U*-;vPUSC*9rBdKPI4`$K7`RL}b
z9E5+2GFR@SO*^UzI$+@PjRCbV*NSE{r;Vw<TXH|yc9R(U33u}FjeeYu2MkHBEM;HO
zTZ)ybpR?2tIO`2##)8R!kDZn}Moc8swKb^E+_(sGzm1jAPR*eqW4!IDsn?(7Y$WBn
zXXay_-;95*jV(d5|Docmn{CIw@y<{h{3_mScp2yO3H{6Fwej8OT;N>5|M79&cn=bE
z=SrrL?7q&DSDT)=IQdUE5qm1-L*F7+zA`Kq;;w<$L83TW1i7v)xyrjfStBKWd#cUy
zUOI)vzH3KwRY&ung|&2owjH%Qr2h);v@Jyk=Q_Kljday9Ih(HAr>Ocu$Z&fj9)b3_
zh3mc_5_K0NB1az}=(ZVsKY2G+x_*ilDv;`;tU>Ry=hKhLa&B{B>Mex2Gd5u*9{mQO
z(bwOlpOl1K<B_%|Zd}4DWP<a_h7Y$)suiBaYcEAB7AQ!|Ix=_3rTu3^yfXR(A0|x*
zQ=1DGCT&&?as||-TXd+NrJF1AhaYSwXkt3Vd@;rDL7mAC+5&b0<?5l6*OWiUDs;4^
zDmJNwj0v7I8j}1~Cf$_c)^IUOcS)pV*)X_KObTukJE}6$U-4)RIj9TL?DUO-E=W24
z6B6yH2%sy8YnBDgVuj~WtKCd!0N-oV9kr>!a&9_6Vb292uOtnZcbyD|FUtbFhAZWO
z(s_k;Arwx$Fj}fodjuTYyh#M%^k=lA;~p8%3l#Iu+}?nxACX<=#~nD=VE#?cKvyM)
zQ7k{0z3RL;dd#qTWwqLIVlRvrltydKik3zj=KM#peGDI6m9E}5KK%Y=26KlR4Myod
zA~vh4cVOyFPW{gptJKY{k8HPnn!4CdmUP}AL<<*+n))A*!dM_YgdSXUdm(sz(QSSE
z)i9JQhGVjXzx&wM`!Y2EzIWT)78H$Fy+-okh6nNqen|a7={|@Mkcx0Ism$VGf1_ue
zBal}ZuI}d`zKfWiPOY<}N<()-rB;fpuVmi;pwWQ3Ah9LAjm2>*F}FKVzvPI`5Xqhx
z9j-LrYjNBGiN%{!@9*W5!GQ0k^t4H$U(4AXR*K0Gn@;_ST1mRQ&TaGHM61I|+0=>}
zqXPEZI@l$dC4_qrHBMzC(cJ8O<uBg`>HOCf{KIAxsD<W2<;~{VD12f>T|*{W%}Qh*
zMh0To6)O%HB<ZPIOlBFEoLhpVn%bWlfCG5qTr59jJh76Nx-@}QJ<vWVdxe^pG`2+{
z7qi)NG&IeHr?zS5nKh;@b9`=?Q*(CGi_Z&b+jh>4f=6LnX|bu%f}vhZ#4rl_FK{4J
zkPTmhhr{dvJ%aKjFrP23U`i5b?qZ&hwLflF`axUu^Bb^j2KUb^id$0-^Uo_v{m(0!
zQe!0)e>}QH%w*f{Ifh|aL2rmnMEqJt(BO+Ll;0?vn=9b^G?OcgYl+)4ymHPz%~0r5
z%Jac-Qc@fQA2sPnMwbf{H#f^}m45ldA8%oS28Q}TGqo6c9g>GQ)k9N0R)2u6Hp20k
zD6VDY4gLHF?nleQ^D$zFc@Vh{F??_BOg^&h@;A6?A&sF-RJqtO3d1TS29Tm-R){j9
z*lDTKz*D%S<zzq!Gd!@j_br2@;SdLGc|nHYW@=AgqeAe?OqvHX+Idp>inF}xHouc(
zO9@chiHsgV`=N{;xNt^MQO#P%7d9`(tW6HPK!yfY9e6qm{&WmdRTY^F7CoIRRUrN5
z+DRn|6NfTnDB4N4?`IuNR~S?`h|?)9nj|n{)1nQ~F-;tM{f^SZ#^bY2{szGAzOl&8
z=x@Dvz~!cx{oOl}@u%d|xANGW9=M<<J<7<GO!!t#O6vEi>+obSwd%d8V$ow+XJ1y1
zF)mi6F{DA<dr|Xz7uOS~aco}1&tpp=%3UPOKO%$ODRUMI?yf$T)F4MYK7H*b*EFMg
zi#e(#_a^c@gY|pX%AQH?amkYE&hch{S1~x5*RUX5_QfYLbD+%0oDgT~Jcm%Q+)nKX
z!KHEDO;srb`fbUn9OiWsF+F9RBQBHB+dJGVQ_;0jmYO6rw^Uc{nhw%wH|>taIcBwk
zD^d3=55aCT@-bel9T@dB^>-fBy}N2UbhEs46DgKDYdY429%h5T|G?!Gka1cUS^u6v
zz`h7BD<dB^1-NJmIXUBR@l9alt2j)b<^z7ERZk<R^UXsU54TfWaY8)Z)}m>@l4{}@
z(!Pu&1FL1fr=XrvPJw28wt`x*4<si)O#B0Eo+!gL5x8_#AD`m)c;avxOb*zYM5a=N
z*_SBrGgn?}0$`0@=yT9f8IKEE8jJz(B`CF)X^`-F;8W~)#;sZCTv5%MNtEiua2ouw
zBeaD5#J^n)t;3XeP4SF<T^Cr$5al%6mP#>N&siU7q>Hl!tGupSZTxyKQ~{IGTI#KB
zlPjh8OM(TUo7G0e(<=+V=wzLZGurw~@l*LX>`&z~TpDC2MIH~7I(`+WIyP8pY=6VG
zo2&v|V=t%-e78xa#XOOpMY>=`%#Plm4RisckE0$;G14jTbJ2lX4%<{Ca@X%ZI1k2c
zRI2-Som`q^uX}8QnG@%3&)GU{R#S5AR<985`Vb%2I?cKknOs|7VGurGkwzr_8ALT^
z2)Uvb+z_v!iaHuqSt_B~^67yCwGVk=ceGDeKgA4et6>rzv$Rh!QwLo5!ey8+zZds>
zUuH#s%V`vh5slTzFlYX&9;YW8%L1e=f-4%j-(iWrF|Hf`*$3u%qKj&f>u7*^o>s*F
z<ay8?C~H*zV+=1>cd$8kn}FgQu4G&%KC)aFRsN{F6;lC`Ev^sw>Jx(9%WKOAsf*=1
zarcXXfCjciDFf9w4^aCjCOaXVa+N@+e5)Cue@ua%y7YJAJ9$*L=>s|_W=f_&ExB^t
zUHb`uldK^kx?4bPE(PCdWLqx6r9Z99A_cq-*vjFes&XDhl~03FB47&q`H1fn^0}qo
zf$!9FT6qs~8u-qPV`A#%0Q>Xh)pX0ugJqXqAhN{?GQ9{QTLB(A^Zb5rQL(He^oDr-
zKsKyat@~5*M|T&ce{~K^-D2fJyglpadb#{mkI>mY`v=qnwr2s}S5Qsc6n41^m?qBQ
zw4%cxzPOI5f*T|1uabFD*6KIHlX4m+Iwa<vFb2JXJlSHR62HP_efd~QO3Hbh>gX7g
zT?4>Vkx5KWHcu<>MXGBxicaEyGdUC%`Fbp=tPhTFHmGwlj(9OPgZL_V_;G4K7Z!wE
zTAuPz?UY^?P<*$THiX32NgLQNeCOO7Bb5*J1K`lFz-wc-a0%X>5PnvsKAJG?!`Z^B
z#X_gwOwhZvq+*UQ;z7BQ52ZFM*qPEL0plsOzzDMWLa@c{um3peKGXs~l?yWpD~xE?
zDPmwRP{L5q=;$e-lRa^c?|y>Z68UlSEB~<;!9x_L3v3bIrbyt&tra%PDFdk^u)2#*
z%#)oLyMTm)L7A)1AaW;gK%@bIgc0c%p_BlDfYbpE#+^ffiH27Fr|#C&d+QuG;}o*(
z6>zRI&i5pMT^E7O&rp>93k(ZxQ2%}`bT0C#*Z-ZVf(GnK5^=n({U;$TIFeL#>|&iX
ziz?;#KOx{wk^ff+coOGusyzQh{8?_C)o~oh=v-Vzf%9fQbV<LN{T@>bsU_KYrvr>`
zu#S$SY+*#=52RQ<oS`wSR%oV$BBizhtkuwJ*b+YGr1s#;Em+dCH>{0H4d`Fth$gr^
z9&N&3fn;gdh=x(()h)4F$q>W0U4s1BN(v<+J;_}t5n8|ohgYfMei|xW9u$cyT^`X5
zi<q{#C_MlnP)E09IOT?Tglrxmels$6L0T_^IK2paDmZdvGZE6~#dF>nd3=`XuFV*C
z-eFog^e3Dzxrzh0e2VTTY}t8g!rki?dZ-oa$Pc=MW1un2c+R57mt>{4=lK|XlfpH{
zNkg-ZX>12rvvDc1oBSRvcs^JmdAB@4!WxLbV93@WU1RVAUk=%r>TQLwVbW^TxtHLW
zwY?-<%KM452HE<Mw~A<kMRySrY09)qvu%OSm#@3dyCk{R)xGE25(*9n+&#{7!24f<
zq8olz4^hh~>}HNrO<T(^QnTD_ox@ybN6d4e6S$;zU;j|b{1wKah(onp*1;mEa{_tF
zI^=v7$3nHC-2Gy?REy8AHJ+<eOX9iQiIF;ut(}lYnTM9w+ufNun3(8L?c|_M{X)z7
zr>t-@e3SQ^$|lg93v-ZEk@K)+5q7}kBH7E(`?5Znsz2)ZO)A<mg4W2`pl)0maR{*_
z@YQ%+0$p}|lJ44^sidWz1_d9W3fRJ&IX7z~DihD@M}}M@&Kv2?xu=o-!wzDRSS>dp
znq9es8C{6tfu#lde??V|nf@D9jck*@5DNuHRY&ZAQC0Qhcc-fnFxd&8C_aPzbb0^d
zAE6Uxtpt#Xn&)NmaQ98cELf}Gvd3!BbngNm)m7IdjiR8-+N*^5MvCY4WKhP{`=7K`
zN5KBTc64Edo}njrOKbj-<fm-9bbl!oY1`9k)-jrvywNi&f1wZ<a<ED<Fog}YOdfko
z8ehbis5487EQd#RfZirg0Oo<{C}|AAv$N&`vAGUZaCr_u5gL<G7yhMz97^nTpEQ*H
zMbJkdRVVRo=;BNdZMR@m{KSu=6wpawwLRv4Dli_N|IDAQ1du<WXS-%#K-kEjRY#7=
zs%b8zO)aGp`~AzC<mxEd{>z)x{>z)}fQl|zn}EpY@`IcN4=!8l;EnToa~guwXkyC|
zQ~T!fkGhY&Qp7>FC}0b=qO2$qetXA-4(dip{#COtDGl^~S26P7$;^%_F1rzgX;TsB
z90^kDR5w#=xmQurQ46_rEFF2VPNlFP=OJ>X2c)*bB@z}~fvCE4z(dm<J5X^kj{yGp
zzZd*uT?*1?OH22iumIUS%Ld#qZ#r#29%n;b0T(;jAq2AH{|;iP^U6_ssb`#&DxM8-
z3zTnxGd$3H2H+r$NGg_gy?D@BM(ExXBf-hV6asbaY2TqBcQAun-P@t-9-oE3Dz_km
zuk+fDXj;1oUs`0IYFeVZtL+sMuO)`+ITs8DF*pi-mtL<6Z_1_F$C{|bv1J(7h(})7
z6@46wZ9XVVL))JUD5X_|wBa2WA(Xq%dFUZ@g|zWmb%(TJZC?O34EN=$SdcHo!0CW<
z|7Z}j{jX))XeCWV`}V?=7|mpPi_S9eR;}n?6)TD0ty~B;0Tc-$>gZA)`!?TTnD|H%
z4T^zk|0`sX5a4i%D2DnLilvW}Wrvm(z?1_FrtQhYwFhN{$ra(#0h5SMO{HVVC`vKH
zWngvi$+R5KO^62Jw1f}Twdx7Lf^Zd{w;F|m+hZD+=ft=fk^UY?Jo-1m`=<@SMD>yn
z0Gu)M_PlF$DK_=N2d;_h_s#qYunTE>6OF4GPwbR6W@+lt&Zai!KcK<0IPe;n8ASjR
zbcPk%PymTb<(2~}@0Y4Vs~ov@*hW?SM9#nJPx_RXRX~A(NG{Cd96T}|e5veTL!{I-
z6%Lvc$lop7|6}+Mr^zNw|F`C!3l3l`FPww45*(;QSA>1g>%l||aUf5E#zX!T3fvHR
z57gCJA_G2bVZwh8dkOfkfipbN6$bFawN7a~^0h-ty#M=Rj^UEI0Uck-u;EWIwDeDr
zuVm0@Ym5Lch5Esbs3cX*3HN$KO9yGrz7bqMZ?Fy<BCFlGB)K4~1-|_DKmGXsoC@{o
zIDK5^%<~fxK198YnqQcaf5oG`y&H<yH}j9iU^6ApItJbEtqgW&ueGD9%?<PFcqf`@
z$Ty`{sC(bjRKANbw#lTKzr+fuH6%(tXr<4G2F@p`?Acj#86_#BHXUcZbCC{<Ptz%>
zvs0xE5BfwoqHY_L2=j{?UWrF$5|dDkKb(3!FtB05P093a+||c=AoT*6P_lGr;u6V7
z^9t!4@gtf@e=>=N@8CpuwWFHM`^HC3X7As~b7tvLbv%rTAVdAa*8P6U?nCn>Q)Bpb
zWB+(JQZ5c=xzoOFOTQg6C4oQ7ov-{>48{EJ2sW}l1PpX-@x3rJh5xl|P>TO}F+3C?
zv`{C)!eMYw3h?f{95WKK_qDJwga5_)h5k#(e$L1fxvijB=hcTj=JbZeayIxBt68Gs
z^Cq9t++3byztMi4<qO`A3`&R;T=>^tp-1b(*HyG>iKY5K)`vzg%`n?=djqJb2Yida
zKCDTr^6y4semjgmhx<M&s0LPjf*5Qi7PH;^N8;s6*)>IKF##gPr|f!*Acu&bP8@E^
zTH6*!n@Svdyv`J^=P>bBJ<3K>=IP1h-OFtf^o}=)UW9Ha!|rfhzD~SuUzJs+q+uP$
z2Du1#%0@RgiJ<e>zhKoUem>0PCqWV10!Z~jU`r-R9G-tF?$}eA2|a&Wv1Hk9u%Qm)
zIrYSReY*#JV8DU9)(of3wHm-PXM0rRCW-ODzGB7@hWl+Uw5%8}<5l^9%;b@o>oF%&
zW$mGCq30@yRDK7bWgAmOT}hw)4S09sJ8xH_a;D;=!Qsq0oE>weck(KN11HfiVm$D6
zdyn=;%`49*C()u#v^Iw(89)dVEy_9IND-v>y&5TxQ&J@&TvVx#@}&Ops;-l3fZwNr
zHG=ny5<{t$9`lAp9JaGZp<-yog0Zhj6{FL1^26W}LwxbRemXlNLY=uf!N-`(pVSU*
zmeGO#P5hQNwD%y#N`CxCj!zW4_q^$D881#otK_j_$Q~0)eD^-2#j0$puxfU~PbKBI
z39$QexL3_}HxwuXY4NSj@|!^s#6*`E0c};@oGMRlY+J>}w&o9c8M9z=Xc>tYP;br?
z^3YW+$E{zHaUodD{F3Ws2C}S=j+A86H8xdPpI-wgsf6yWKwm_e+JQpLXW&{B4s_Y%
z(R?myLTHjW&)btJe_2_~0p235;Li6gO3QB4k)n7m6<-Sssm3>%hLai!8uvFH?{>?&
ziUz%G&Zwz)0lNI=Ltqq4V<7H;Jz{l2N!J6V3V9Xc2461Te7BLpS7ko+qdGl+orjp{
zn&<n$I`O;dlgW3F7y0&?*4a(?P4#URm-#1BrKAGhekS+LXN28B+dx$+VF%Sx3XDFv
zM7Ho0r?Iytmuv2yBZnW4NS>@}M)v4PmZ`eM@p3c1x@70Js@Ta8%T;})J7^rMmun{$
zB3mJ=e<j);uh+_I&2rkQ>cfd(Ze3m}a~%&ZP69}I|Gr$*P)=!Y^HnF^sa^R|h;-~A
z{DL8`#^wxsfB#cs$}1<)Fqo(~uPj+sH4NPEZpGef-vI3*AT8S-(jZ>rm_opp2Vj_z
zN$&!|EP|!NE}7bS{A@$%t&_ef)x;wi){N@tp)iXU%*S6y7I1l3j)-|r5$V6N_SS+T
zE=~vo7xj6*E2;f)_OsWRy)*hu=#;Hz8Q!7%5o!8$5i)CX|51-Q>ZJMhC9sdXu;muS
zQ3_2I3`5U1{*;Y!3@ceHxa#rP$oo`VNGOI4tqrfAEk=h203VX;ALHmTBqXZKfv6(q
zfA0wX>?j*w$jMWwWyG@nx@hj`h%aHJeTBz(p%ykO3M(L9SsFn^&mHbdqDao8)vwm1
zadysG7<Xo8Fi+i>s_26+g5*ct+~7~T1@8<Y>bvl@7_=MkLC$@T6kjKLb9R2{|93vk
z^YzU7FRicda=_ynJd~Ew$0wDPR7A!nm7&)odx!7BO@z{5h}cb_S2N4vUc6H}dA~n@
z->TV7b~uHp%CioDnAf~Wr3lhrtheOK7}-Go$4Dx|IRO#T0QdKlJxf&2tRLVg4%2yH
zQBB^^JuaA@%HcMJs+~G6(E|jGVNI2E0b@=u%KXJ9ddFKVgD3DkXTMX(uzS?~xxah%
zb#&o=f>thBrir%&x?qeZ^o%-`Wu?eWAJgku3Jx`~K3cHdIK+H;VkbEJ@vz93{tWT?
zw139>qOI@}=GY>-_it3g(FwW=ObM`zNuJ+#$r6bUkd^&5miD3Nyp@cb0lsdlp-$+n
zE-2J^W^Rvk4nQbv=)P*?<Kd=)k<XqSHFFIO7<L&%m%@gj>FyyDbryp+-AAI*mxAHv
zN#m!CDj5&<*`LQilNCj-Mr|S1Az?1nBh}LhiiM@=d3;65E9u^b>M1m}7$ymE)>IU~
zRN%}bl)~Qpd3N)X&mCc65MeU9)~EIk-<*Eo@)_oRxjSp1ebHLm%`69U%{Z-CDbl#^
z2+a+9%8;7ox+8kZK)=j(Z`G!Vwj-LjLhS>uAzM5PwRlCJ>b5+oW2LdH`a3H7WlZO+
zPSIvTXZ$6kchSgj6lufKsz>3R<Q;(mbRrFsiNv_Ysn$3AlxXMkbLjm6{y)3CmhWKo
z#QHSvHUuXm1+d{lldq-lq#aS(5g?hqMhF=~EYYRA*7d%&+?}g!Bq`<lXYJ#>J)XZ_
zF?=FHzxED)@WzCWAy(S-{s~zl$C_WCxXfrDxTdo{-_B@Gyl(4tuKDAaflA)V7++4N
zR*f~!jw`k5$zvKD=+*kZfcGB566MFPLUtFGVTk{{;{(A*&onb}IGZbR=*+!&`~X3d
zLM9_CxjW9kHS+WGesiDf1I@zSWj<@7)Y?N!^(Pr<_)OnCz<|*-d7Wp}7iTsyCWIpi
zc$CpY?dm)>{AO0fvh~5;l*=!V(WkMku!~#6XG6jfzOJqf+!2T}FTUJe`!vY`Tfa=j
zTb~l|YJZs%<D8d5ylb8voUr!$-xFs1ty>voPdXNKy6=n>X<0}qZVZPj8m~zE*J6n;
z$VdF*mxlt=XD`93Qu7$J*3doG2%djukMAu>Gr9-7rh7u#cL=%=RHU!gqll9KphJ_V
zqb6H1M&73DuJlIF@>E#frg4j{&r6Z>DH&Ymb#-OAReirW5@yaUuM>44JkQ(A%r6&F
z%9UFbGvZUqeORjPET2tv1HGuM?yIdnZ4WX3)==eG2_Z3q`ROtEGu2~p)LzT|z5ZFz
zZ>HI3r@CbE7E@n;kMT^jfyF>SUW#RBFqayJ982&wadF->E`;MrySmaB^XDCOPevr=
zs!;M3=P&=Y!+=7f!A&Bjvy-HpY9X&P3rs@+CD4r>EXNnl9W-l|u#Pb!%K7#Q>Ub=2
z*>kBsSf&AA4X2;dthPxXlEYgCPR}S93>I!hG*fWlcyN~Zzx`wMs3u0{t%5y^&1%By
zJp<N;w#nM*e6#mR_WWhLu=W(}4S8-T0-gW>qMN90$``ON93PUuFj>K+o&jX|Z~TK0
zKAESZ16<SFUYX~Qa;|CfNijI81{)&<&ny!o5~K0Z(J#BwZfM>RCD_f<L`^1%oZ<^L
zGq81j(5v|ot886C77vjDk=jK}GKUk8FlR3k9Wb6L>lg_4K`k78WJ?PdSVv3w9j4=i
zQK9@L^r>(BuV_?e`QMGK01ziIRL1&A+w?O<oWGQ}3t2Fo-RL-FGX;{nN|v2M1Af4A
zj^xO~maDEh<YB$u_i_R1d+!KW*#+(|GyjD2IwRR)PVc@R<~6ooktJ7?%1|#e%)4i*
z9gcYA#R2X{Kc<rA4_s8Lh?5eyhVIw|*-&<nOx>g3&-XcRkq+k*h&juKWR4sXELH&D
z$)C0|xtINdN<TNZx?}U%R^4wd$1lB`H}h^w|K<<K87B4(x~>(weK*(aVY!}{Q$(gi
zS47TrKH2zwnxyBUc1=>p%x}XgCUmv$yf=R(amWvjf}}4?H%p!K1waj(g((w!aY^h$
zH+e%3C?QsMDx8GPy&D$qTn$M**63o)fW}pt|5eD9Q=nIr+cRawk^zJHEjyrc*)ra|
zNbF84BMB>-)dEeStD4QzZ7O|37$uh)6Jm{WuS!slHUN9uu-NNFs6OZU@bru~dcFJT
zB5?cl@~Ip#6yxy&ip%NI>kstT10}gj&c`R&+?G0CbCq9XS+uW_^_r6An$*S(k!ud%
z&40c{Df9-(HIC*vg!5gv`ZM2p*RpqaDvq*SG%Xzc+X4svPd=KK7<=~Vc`_GWYyJ^5
z{1myq#B!;r$~WHe72nE)6xH99F6`zeAXhBif0MVS+)x^Dp=U-^-9c(xxO^BrC4+nz
zJ4<$oPA7d=v-=*<Ysdvm5>BbE!X6=t#vWqV;wbZ(8g?=&cnDeWZQQw7veWztShA0J
z)1jc;8XiG=ktPPP+O&1jca9p0Iujl%_{?nX)dURB8`eyWT#3#b;ESylX9(O)xD{MB
zQ_=v^KL)wR9F@9R@=mzxe(uJha7?&;9_zucv*hLxK!eI`t>AAyWjL~oODz!})~;Ac
zM=VjF)~;B+GUIWLyH>ZNk89%|wJqbqnKQ@TufrjPjf8HLzNYvB_xD$zZO6cd9T{N%
z<DBkDe&hgcW%4ed-Iqq(eOthjhey9Fo(QOr>6_ZE>?eH9L|C6+0tf%5aUhNk&O(7}
zisVcGCy;rD3(TaC8)HOUo}2o)#)jU5Q9{iQ7++M8(;`p#g9C5MZPNdP{NtXO$U12_
z$_{;N2j{QvpNCUBpus-Tdqd|MU8cb)`3>vItIR&RSd<(?Gfv@yjlf(jsK}xQ!~RFy
zcQW1S5x>>f)0@8!0Uv*r<v_vELH^HYkpd5G0s#df{x<+$|A&)F|DQMc|2y{S-(UZG
elMUc8r~jWrpp@kxq5k~@4EPQOj?r%aKK(EDFxfc(

diff --git a/Solutions/MicrosoftDefenderForEndpoint/Package/createUiDefinition.json b/Solutions/MicrosoftDefenderForEndpoint/Package/createUiDefinition.json
index e72c47935b6..05a44eed923 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/Package/createUiDefinition.json
+++ b/Solutions/MicrosoftDefenderForEndpoint/Package/createUiDefinition.json
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/MicrosoftDefenderForEndpoint/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Microsoft Defender for Endpoint](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide) solution for Microsoft Sentinel enables you to ingest security alerts from the Defender for Endpoint platform, integrating them into your Microsoft Sentinel Incidents queue. \r \n \r \n **Underlying Microsoft Technologies used:** \r \n \r \n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n\n a. [Codeless Connector Platform/Native Microsoft Sentinel Polling](https://docs.microsoft.com/azure/sentinel/create-codeless-connector?tabs=deploy-via-arm-template%2Cconnect-via-the-azure-portal)\n\n**Data Connectors:** 1, **Parsers:** 2, **Analytic Rules:** 1, **Hunting Queries:** 2, **Playbooks:** 22\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/MicrosoftDefenderForEndpoint/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Microsoft Defender for Endpoint](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide) solution for Microsoft Sentinel enables you to ingest security alerts from the Defender for Endpoint platform, integrating them into your Sentinel Incidents queue. \r \n \r \n **Underlying Microsoft Technologies used:** \r \n \r \n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n\n a. [Codeless Connector Platform/Native Sentinel Polling](https://docs.microsoft.com/azure/sentinel/create-codeless-connector?tabs=deploy-via-arm-template%2Cconnect-via-the-azure-portal)\n\n**Data Connectors:** 1, **Parsers:** 2, **Analytic Rules:** 1, **Hunting Queries:** 2, **Playbooks:** 22\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
diff --git a/Solutions/MicrosoftDefenderForEndpoint/Package/mainTemplate.json b/Solutions/MicrosoftDefenderForEndpoint/Package/mainTemplate.json
index 61a75a9f249..b854d869a14 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/Package/mainTemplate.json
+++ b/Solutions/MicrosoftDefenderForEndpoint/Package/mainTemplate.json
@@ -30,12 +30,12 @@
     }
   },
   "variables": {
-    "solutionId": "azuresentinel.azure-sentinel-solution-microsoftdefenderendpoint",
-    "_solutionId": "[variables('solutionId')]",
     "email": "support@microsoft.com",
     "_email": "[variables('email')]",
     "_solutionName": "MicrosoftDefenderForEndpoint",
     "_solutionVersion": "3.0.1",
+    "solutionId": "azuresentinel.azure-sentinel-solution-microsoftdefenderendpoint",
+    "_solutionId": "[variables('solutionId')]",
     "uiConfigId1": "MicrosoftDefenderAdvancedThreatProtection",
     "_uiConfigId1": "[variables('uiConfigId1')]",
     "dataConnectorContentId1": "MicrosoftDefenderAdvancedThreatProtection",
@@ -45,6 +45,12 @@
     "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]",
     "dataConnectorVersion1": "1.0.0",
     "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]",
+    "analyticRuleVersion1": "1.0.1",
+    "analyticRulecontentId1": "18dbdc22-b69f-4109-9e39-723d9465f45f",
+    "_analyticRulecontentId1": "[variables('analyticRulecontentId1')]",
+    "analyticRuleId1": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId1'))]",
+    "analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId1'))))]",
+    "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId1'),'-', variables('analyticRuleVersion1'))))]",
     "parserName1": "AssignedIPAddress",
     "_parserName1": "[concat(parameters('workspace'),'/',variables('parserName1'))]",
     "parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), variables('parserName1'))]",
@@ -63,202 +69,196 @@
     "parserContentId2": "Devicefromip-Parser",
     "_parserContentId2": "[variables('parserContentId2')]",
     "_parsercontentProductId2": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('_parserContentId2'),'-', variables('parserVersion2'))))]",
-    "Isolate-MDE-Machine-entity-trigger": "Isolate-MDE-Machine-entity-trigger",
-    "_Isolate-MDE-Machine-entity-trigger": "[variables('Isolate-MDE-Machine-entity-trigger')]",
+    "huntingQueryVersion1": "1.0.2",
+    "huntingQuerycontentId1": "c63ae777-d5e0-4113-8c9a-c2c9d3d09fcd",
+    "_huntingQuerycontentId1": "[variables('huntingQuerycontentId1')]",
+    "huntingQueryId1": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId1'))]",
+    "huntingQueryTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId1'))))]",
+    "_huntingQuerycontentProductId1": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId1'),'-', variables('huntingQueryVersion1'))))]",
+    "huntingQueryVersion2": "1.0.1",
+    "huntingQuerycontentId2": "4a3073ac-7383-48a9-90a8-eb6716183a54",
+    "_huntingQuerycontentId2": "[variables('huntingQuerycontentId2')]",
+    "huntingQueryId2": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId2'))]",
+    "huntingQueryTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId2'))))]",
+    "_huntingQuerycontentProductId2": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId2'),'-', variables('huntingQueryVersion2'))))]",
+    "Isolate-MDEMachine-alert-trigger": "Isolate-MDEMachine-alert-trigger",
+    "_Isolate-MDEMachine-alert-trigger": "[variables('Isolate-MDEMachine-alert-trigger')]",
     "playbookVersion1": "1.0",
-    "playbookContentId1": "Isolate-MDE-Machine-entity-trigger",
+    "playbookContentId1": "Isolate-MDEMachine-alert-trigger",
     "_playbookContentId1": "[variables('playbookContentId1')]",
     "playbookId1": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId1'))]",
     "playbookTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId1'))))]",
     "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
     "_playbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId1'),'-', variables('playbookVersion1'))))]",
-    "blanks": "[replace('b', 'b', '')]",
-    "Isolate-MDEMachine-alert-trigger": "Isolate-MDEMachine-alert-trigger",
-    "_Isolate-MDEMachine-alert-trigger": "[variables('Isolate-MDEMachine-alert-trigger')]",
+    "Isolate-MDEMachine-incident-trigger": "Isolate-MDEMachine-incident-trigger",
+    "_Isolate-MDEMachine-incident-trigger": "[variables('Isolate-MDEMachine-incident-trigger')]",
     "playbookVersion2": "1.0",
-    "playbookContentId2": "Isolate-MDEMachine-alert-trigger",
+    "playbookContentId2": "Isolate-MDEMachine-incident-trigger",
     "_playbookContentId2": "[variables('playbookContentId2')]",
     "playbookId2": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId2'))]",
     "playbookTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId2'))))]",
     "_playbookcontentProductId2": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId2'),'-', variables('playbookVersion2'))))]",
-    "Isolate-MDEMachine-incident-trigger": "Isolate-MDEMachine-incident-trigger",
-    "_Isolate-MDEMachine-incident-trigger": "[variables('Isolate-MDEMachine-incident-trigger')]",
+    "Restrict-MDEAppExecution-alert-trigger": "Restrict-MDEAppExecution-alert-trigger",
+    "_Restrict-MDEAppExecution-alert-trigger": "[variables('Restrict-MDEAppExecution-alert-trigger')]",
     "playbookVersion3": "1.0",
-    "playbookContentId3": "Isolate-MDEMachine-incident-trigger",
+    "playbookContentId3": "Restrict-MDEAppExecution-alert-trigger",
     "_playbookContentId3": "[variables('playbookContentId3')]",
     "playbookId3": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId3'))]",
     "playbookTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId3'))))]",
     "_playbookcontentProductId3": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId3'),'-', variables('playbookVersion3'))))]",
-    "Restrict-MDEAppExecution-alert-trigger": "Restrict-MDEAppExecution-alert-trigger",
-    "_Restrict-MDEAppExecution-alert-trigger": "[variables('Restrict-MDEAppExecution-alert-trigger')]",
+    "Restrict-MDEAppExecution-incident-trigger": "Restrict-MDEAppExecution-incident-trigger",
+    "_Restrict-MDEAppExecution-incident-trigger": "[variables('Restrict-MDEAppExecution-incident-trigger')]",
     "playbookVersion4": "1.0",
-    "playbookContentId4": "Restrict-MDEAppExecution-alert-trigger",
+    "playbookContentId4": "Restrict-MDEAppExecution-incident-trigger",
     "_playbookContentId4": "[variables('playbookContentId4')]",
     "playbookId4": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId4'))]",
     "playbookTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId4'))))]",
     "_playbookcontentProductId4": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId4'),'-', variables('playbookVersion4'))))]",
-    "Restrict-MDEAppExecution-incident-trigger": "Restrict-MDEAppExecution-incident-trigger",
-    "_Restrict-MDEAppExecution-incident-trigger": "[variables('Restrict-MDEAppExecution-incident-trigger')]",
+    "Restrict-MDEDomain-alert-trigger": "Restrict-MDEDomain-alert-trigger",
+    "_Restrict-MDEDomain-alert-trigger": "[variables('Restrict-MDEDomain-alert-trigger')]",
     "playbookVersion5": "1.0",
-    "playbookContentId5": "Restrict-MDEAppExecution-incident-trigger",
+    "playbookContentId5": "Restrict-MDEDomain-alert-trigger",
     "_playbookContentId5": "[variables('playbookContentId5')]",
     "playbookId5": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId5'))]",
     "playbookTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId5'))))]",
     "_playbookcontentProductId5": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId5'),'-', variables('playbookVersion5'))))]",
-    "Restrict-MDEDomain-alert-trigger": "Restrict-MDEDomain-alert-trigger",
-    "_Restrict-MDEDomain-alert-trigger": "[variables('Restrict-MDEDomain-alert-trigger')]",
+    "Restrict-MDEDomain-incident-trigger": "Restrict-MDEDomain-incident-trigger",
+    "_Restrict-MDEDomain-incident-trigger": "[variables('Restrict-MDEDomain-incident-trigger')]",
     "playbookVersion6": "1.0",
-    "playbookContentId6": "Restrict-MDEDomain-alert-trigger",
+    "playbookContentId6": "Restrict-MDEDomain-incident-trigger",
     "_playbookContentId6": "[variables('playbookContentId6')]",
     "playbookId6": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId6'))]",
     "playbookTemplateSpecName6": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId6'))))]",
     "_playbookcontentProductId6": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId6'),'-', variables('playbookVersion6'))))]",
-    "Restrict-MDEDomain-entity-trigger": "Restrict-MDEDomain-entity-trigger",
-    "_Restrict-MDEDomain-entity-trigger": "[variables('Restrict-MDEDomain-entity-trigger')]",
+    "Restrict-MDEFileHash-alert-trigger": "Restrict-MDEFileHash-alert-trigger",
+    "_Restrict-MDEFileHash-alert-trigger": "[variables('Restrict-MDEFileHash-alert-trigger')]",
     "playbookVersion7": "1.0",
-    "playbookContentId7": "Restrict-MDEDomain-entity-trigger",
+    "playbookContentId7": "Restrict-MDEFileHash-alert-trigger",
     "_playbookContentId7": "[variables('playbookContentId7')]",
     "playbookId7": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId7'))]",
     "playbookTemplateSpecName7": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId7'))))]",
     "_playbookcontentProductId7": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId7'),'-', variables('playbookVersion7'))))]",
-    "Restrict-MDEDomain-incident-trigger": "Restrict-MDEDomain-incident-trigger",
-    "_Restrict-MDEDomain-incident-trigger": "[variables('Restrict-MDEDomain-incident-trigger')]",
+    "Restrict-MDEFileHash-incident-trigger": "Restrict-MDEFileHash-incident-trigger",
+    "_Restrict-MDEFileHash-incident-trigger": "[variables('Restrict-MDEFileHash-incident-trigger')]",
     "playbookVersion8": "1.0",
-    "playbookContentId8": "Restrict-MDEDomain-incident-trigger",
+    "playbookContentId8": "Restrict-MDEFileHash-incident-trigger",
     "_playbookContentId8": "[variables('playbookContentId8')]",
     "playbookId8": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId8'))]",
     "playbookTemplateSpecName8": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId8'))))]",
     "_playbookcontentProductId8": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId8'),'-', variables('playbookVersion8'))))]",
-    "Restrict-MDEFileHash-alert-trigger": "Restrict-MDEFileHash-alert-trigger",
-    "_Restrict-MDEFileHash-alert-trigger": "[variables('Restrict-MDEFileHash-alert-trigger')]",
+    "Restrict-MDEIPAddress-alert-trigger": "Restrict-MDEIPAddress-alert-trigger",
+    "_Restrict-MDEIPAddress-alert-trigger": "[variables('Restrict-MDEIPAddress-alert-trigger')]",
     "playbookVersion9": "1.0",
-    "playbookContentId9": "Restrict-MDEFileHash-alert-trigger",
+    "playbookContentId9": "Restrict-MDEIPAddress-alert-trigger",
     "_playbookContentId9": "[variables('playbookContentId9')]",
     "playbookId9": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId9'))]",
     "playbookTemplateSpecName9": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId9'))))]",
     "_playbookcontentProductId9": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId9'),'-', variables('playbookVersion9'))))]",
-    "Restrict-MDEFileHash-entity-trigger": "Restrict-MDEFileHash-entity-trigger",
-    "_Restrict-MDEFileHash-entity-trigger": "[variables('Restrict-MDEFileHash-entity-trigger')]",
+    "Restrict-MDEIPAddress-incident-trigger": "Restrict-MDEIPAddress-incident-trigger",
+    "_Restrict-MDEIPAddress-incident-trigger": "[variables('Restrict-MDEIPAddress-incident-trigger')]",
     "playbookVersion10": "1.0",
-    "playbookContentId10": "Restrict-MDEFileHash-entity-trigger",
+    "playbookContentId10": "Restrict-MDEIPAddress-incident-trigger",
     "_playbookContentId10": "[variables('playbookContentId10')]",
     "playbookId10": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId10'))]",
     "playbookTemplateSpecName10": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId10'))))]",
     "_playbookcontentProductId10": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId10'),'-', variables('playbookVersion10'))))]",
-    "Restrict-MDEFileHash-incident-trigger": "Restrict-MDEFileHash-incident-trigger",
-    "_Restrict-MDEFileHash-incident-trigger": "[variables('Restrict-MDEFileHash-incident-trigger')]",
+    "Restrict-MDEUrl-alert-trigger": "Restrict-MDEUrl-alert-trigger",
+    "_Restrict-MDEUrl-alert-trigger": "[variables('Restrict-MDEUrl-alert-trigger')]",
     "playbookVersion11": "1.0",
-    "playbookContentId11": "Restrict-MDEFileHash-incident-trigger",
+    "playbookContentId11": "Restrict-MDEUrl-alert-trigger",
     "_playbookContentId11": "[variables('playbookContentId11')]",
     "playbookId11": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId11'))]",
     "playbookTemplateSpecName11": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId11'))))]",
     "_playbookcontentProductId11": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId11'),'-', variables('playbookVersion11'))))]",
-    "Restrict-MDEIPAddress-alert-trigger": "Restrict-MDEIPAddress-alert-trigger",
-    "_Restrict-MDEIPAddress-alert-trigger": "[variables('Restrict-MDEIPAddress-alert-trigger')]",
+    "Restrict-MDEUrl-incident-trigger": "Restrict-MDEUrl-incident-trigger",
+    "_Restrict-MDEUrl-incident-trigger": "[variables('Restrict-MDEUrl-incident-trigger')]",
     "playbookVersion12": "1.0",
-    "playbookContentId12": "Restrict-MDEIPAddress-alert-trigger",
+    "playbookContentId12": "Restrict-MDEUrl-incident-trigger",
     "_playbookContentId12": "[variables('playbookContentId12')]",
     "playbookId12": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId12'))]",
     "playbookTemplateSpecName12": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId12'))))]",
     "_playbookcontentProductId12": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId12'),'-', variables('playbookVersion12'))))]",
-    "Restrict-MDEIPAddress-entity-trigger": "Restrict-MDEIPAddress-entity-trigger",
-    "_Restrict-MDEIPAddress-entity-trigger": "[variables('Restrict-MDEIPAddress-entity-trigger')]",
+    "Run-MDEAntivirus-alert-trigger": "Run-MDEAntivirus-alert-trigger",
+    "_Run-MDEAntivirus-alert-trigger": "[variables('Run-MDEAntivirus-alert-trigger')]",
     "playbookVersion13": "1.0",
-    "playbookContentId13": "Restrict-MDEIPAddress-entity-trigger",
+    "playbookContentId13": "Run-MDEAntivirus-alert-trigger",
     "_playbookContentId13": "[variables('playbookContentId13')]",
     "playbookId13": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId13'))]",
     "playbookTemplateSpecName13": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId13'))))]",
     "_playbookcontentProductId13": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId13'),'-', variables('playbookVersion13'))))]",
-    "Restrict-MDEIPAddress-incident-trigger": "Restrict-MDEIPAddress-incident-trigger",
-    "_Restrict-MDEIPAddress-incident-trigger": "[variables('Restrict-MDEIPAddress-incident-trigger')]",
-    "playbookVersion14": "1.0",
-    "playbookContentId14": "Restrict-MDEIPAddress-incident-trigger",
+    "Run-MDEAntivirus-incident-trigger": "Run-MDEAntivirus-incident-trigger",
+    "_Run-MDEAntivirus-incident-trigger": "[variables('Run-MDEAntivirus-incident-trigger')]",
+    "playbookVersion14": "1.1",
+    "playbookContentId14": "Run-MDEAntivirus-incident-trigger",
     "_playbookContentId14": "[variables('playbookContentId14')]",
     "playbookId14": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId14'))]",
     "playbookTemplateSpecName14": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId14'))))]",
     "_playbookcontentProductId14": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId14'),'-', variables('playbookVersion14'))))]",
-    "Restrict-MDEUrl-alert-trigger": "Restrict-MDEUrl-alert-trigger",
-    "_Restrict-MDEUrl-alert-trigger": "[variables('Restrict-MDEUrl-alert-trigger')]",
+    "Unisolate-MDEMachine-alert-trigger": "Unisolate-MDEMachine-alert-trigger",
+    "_Unisolate-MDEMachine-alert-trigger": "[variables('Unisolate-MDEMachine-alert-trigger')]",
     "playbookVersion15": "1.0",
-    "playbookContentId15": "Restrict-MDEUrl-alert-trigger",
+    "playbookContentId15": "Unisolate-MDEMachine-alert-trigger",
     "_playbookContentId15": "[variables('playbookContentId15')]",
     "playbookId15": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId15'))]",
     "playbookTemplateSpecName15": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId15'))))]",
     "_playbookcontentProductId15": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId15'),'-', variables('playbookVersion15'))))]",
-    "Restrict-MDEUrl-entity-trigger": "Restrict-MDEUrl-entity-trigger",
-    "_Restrict-MDEUrl-entity-trigger": "[variables('Restrict-MDEUrl-entity-trigger')]",
-    "playbookVersion16": "1.0",
-    "playbookContentId16": "Restrict-MDEUrl-entity-trigger",
+    "Unisolate-MDEMachine-incident-trigger": "Unisolate-MDEMachine-incident-trigger",
+    "_Unisolate-MDEMachine-incident-trigger": "[variables('Unisolate-MDEMachine-incident-trigger')]",
+    "playbookVersion16": "1.1",
+    "playbookContentId16": "Unisolate-MDEMachine-incident-trigger",
     "_playbookContentId16": "[variables('playbookContentId16')]",
     "playbookId16": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId16'))]",
     "playbookTemplateSpecName16": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId16'))))]",
     "_playbookcontentProductId16": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId16'),'-', variables('playbookVersion16'))))]",
-    "Restrict-MDEUrl-incident-trigger": "Restrict-MDEUrl-incident-trigger",
-    "_Restrict-MDEUrl-incident-trigger": "[variables('Restrict-MDEUrl-incident-trigger')]",
+    "Restrict-MDEDomain-entity-trigger": "Restrict-MDEDomain-entity-trigger",
+    "_Restrict-MDEDomain-entity-trigger": "[variables('Restrict-MDEDomain-entity-trigger')]",
     "playbookVersion17": "1.0",
-    "playbookContentId17": "Restrict-MDEUrl-incident-trigger",
+    "playbookContentId17": "Restrict-MDEDomain-entity-trigger",
     "_playbookContentId17": "[variables('playbookContentId17')]",
     "playbookId17": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId17'))]",
     "playbookTemplateSpecName17": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId17'))))]",
     "_playbookcontentProductId17": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId17'),'-', variables('playbookVersion17'))))]",
-    "Run-MDEAntivirus-alert-trigger": "Run-MDEAntivirus-alert-trigger",
-    "_Run-MDEAntivirus-alert-trigger": "[variables('Run-MDEAntivirus-alert-trigger')]",
+    "blanks": "[replace('b', 'b', '')]",
+    "Restrict-MDEFileHash-entity-trigger": "Restrict-MDEFileHash-entity-trigger",
+    "_Restrict-MDEFileHash-entity-trigger": "[variables('Restrict-MDEFileHash-entity-trigger')]",
     "playbookVersion18": "1.0",
-    "playbookContentId18": "Run-MDEAntivirus-alert-trigger",
+    "playbookContentId18": "Restrict-MDEFileHash-entity-trigger",
     "_playbookContentId18": "[variables('playbookContentId18')]",
     "playbookId18": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId18'))]",
     "playbookTemplateSpecName18": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId18'))))]",
     "_playbookcontentProductId18": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId18'),'-', variables('playbookVersion18'))))]",
-    "Run-MDEAntivirus-incident-trigger": "Run-MDEAntivirus-incident-trigger",
-    "_Run-MDEAntivirus-incident-trigger": "[variables('Run-MDEAntivirus-incident-trigger')]",
-    "playbookVersion19": "1.1",
-    "playbookContentId19": "Run-MDEAntivirus-incident-trigger",
+    "Restrict-MDEIPAddress-entity-trigger": "Restrict-MDEIPAddress-entity-trigger",
+    "_Restrict-MDEIPAddress-entity-trigger": "[variables('Restrict-MDEIPAddress-entity-trigger')]",
+    "playbookVersion19": "1.0",
+    "playbookContentId19": "Restrict-MDEIPAddress-entity-trigger",
     "_playbookContentId19": "[variables('playbookContentId19')]",
     "playbookId19": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId19'))]",
     "playbookTemplateSpecName19": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId19'))))]",
     "_playbookcontentProductId19": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId19'),'-', variables('playbookVersion19'))))]",
-    "Unisolate-MDE-Machine-entity-trigger": "Unisolate-MDE-Machine-entity-trigger",
-    "_Unisolate-MDE-Machine-entity-trigger": "[variables('Unisolate-MDE-Machine-entity-trigger')]",
+    "Restrict-MDEUrl-entity-trigger": "Restrict-MDEUrl-entity-trigger",
+    "_Restrict-MDEUrl-entity-trigger": "[variables('Restrict-MDEUrl-entity-trigger')]",
     "playbookVersion20": "1.0",
-    "playbookContentId20": "Unisolate-MDE-Machine-entity-trigger",
+    "playbookContentId20": "Restrict-MDEUrl-entity-trigger",
     "_playbookContentId20": "[variables('playbookContentId20')]",
     "playbookId20": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId20'))]",
     "playbookTemplateSpecName20": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId20'))))]",
     "_playbookcontentProductId20": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId20'),'-', variables('playbookVersion20'))))]",
-    "Unisolate-MDEMachine-alert-trigger": "Unisolate-MDEMachine-alert-trigger",
-    "_Unisolate-MDEMachine-alert-trigger": "[variables('Unisolate-MDEMachine-alert-trigger')]",
+    "Isolate-MDE-Machine-entity-trigger": "Isolate-MDE-Machine-entity-trigger",
+    "_Isolate-MDE-Machine-entity-trigger": "[variables('Isolate-MDE-Machine-entity-trigger')]",
     "playbookVersion21": "1.0",
-    "playbookContentId21": "Unisolate-MDEMachine-alert-trigger",
+    "playbookContentId21": "Isolate-MDE-Machine-entity-trigger",
     "_playbookContentId21": "[variables('playbookContentId21')]",
     "playbookId21": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId21'))]",
     "playbookTemplateSpecName21": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId21'))))]",
     "_playbookcontentProductId21": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId21'),'-', variables('playbookVersion21'))))]",
-    "Unisolate-MDEMachine-incident-trigger": "Unisolate-MDEMachine-incident-trigger",
-    "_Unisolate-MDEMachine-incident-trigger": "[variables('Unisolate-MDEMachine-incident-trigger')]",
-    "playbookVersion22": "1.1",
-    "playbookContentId22": "Unisolate-MDEMachine-incident-trigger",
+    "Unisolate-MDE-Machine-entity-trigger": "Unisolate-MDE-Machine-entity-trigger",
+    "_Unisolate-MDE-Machine-entity-trigger": "[variables('Unisolate-MDE-Machine-entity-trigger')]",
+    "playbookVersion22": "1.0",
+    "playbookContentId22": "Unisolate-MDE-Machine-entity-trigger",
     "_playbookContentId22": "[variables('playbookContentId22')]",
     "playbookId22": "[resourceId('Microsoft.Logic/workflows', variables('playbookContentId22'))]",
     "playbookTemplateSpecName22": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pl-',uniquestring(variables('_playbookContentId22'))))]",
     "_playbookcontentProductId22": "[concat(take(variables('_solutionId'),50),'-','pl','-', uniqueString(concat(variables('_solutionId'),'-','Playbook','-',variables('_playbookContentId22'),'-', variables('playbookVersion22'))))]",
-    "analyticRuleVersion1": "1.0.1",
-    "analyticRulecontentId1": "18dbdc22-b69f-4109-9e39-723d9465f45f",
-    "_analyticRulecontentId1": "[variables('analyticRulecontentId1')]",
-    "analyticRuleId1": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', variables('analyticRulecontentId1'))]",
-    "analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring(variables('_analyticRulecontentId1'))))]",
-    "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-',variables('_analyticRulecontentId1'),'-', variables('analyticRuleVersion1'))))]",
-    "huntingQueryVersion1": "1.0.2",
-    "huntingQuerycontentId1": "c63ae777-d5e0-4113-8c9a-c2c9d3d09fcd",
-    "_huntingQuerycontentId1": "[variables('huntingQuerycontentId1')]",
-    "huntingQueryId1": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId1'))]",
-    "huntingQueryTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId1'))))]",
-    "_huntingQuerycontentProductId1": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId1'),'-', variables('huntingQueryVersion1'))))]",
-    "huntingQueryVersion2": "1.0.1",
-    "huntingQuerycontentId2": "4a3073ac-7383-48a9-90a8-eb6716183a54",
-    "_huntingQuerycontentId2": "[variables('huntingQuerycontentId2')]",
-    "huntingQueryId2": "[resourceId('Microsoft.OperationalInsights/savedSearches', variables('_huntingQuerycontentId2'))]",
-    "huntingQueryTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring(variables('_huntingQuerycontentId2'))))]",
-    "_huntingQuerycontentProductId2": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('_huntingQuerycontentId2'),'-', variables('huntingQueryVersion2'))))]",
     "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
   },
   "resources": [
@@ -421,6 +421,132 @@
         }
       }
     },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('analyticRuleTemplateSpecName1')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "AquaBlizzardAVHits_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('analyticRuleVersion1')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
+              "name": "[variables('analyticRulecontentId1')]",
+              "apiVersion": "2022-04-01-preview",
+              "kind": "Scheduled",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "description": "Identifies a match in the Security Alert table for MDATP hits related to the Aqua Blizzard actor",
+                "displayName": "Aqua Blizzard AV hits - Feb 2022",
+                "enabled": false,
+                "query": "let iocs = externaldata(DateAdded:string,IoC:string,Type:string) [@\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample%20Data/Feeds/ActiniumIOC.csv\"] with (format=\"csv\", ignoreFirstRecord=True);\nlet AVHits = (iocs | where Type =~ \"AVDetection\"| project IoC);\nSecurityAlert\n| where ProviderName == 'MDATP'\n| extend ThreatName_ = tostring(parse_json(ExtendedProperties).ThreatName)\n| where ThreatName_ has_any (AVHits)\n| extend Directory = tostring(parse_json(Entities)[0].Directory), SHA256 = tostring(parse_json(tostring(parse_json(Entities)[0].FileHashes))[2].Value), FileName = tostring(parse_json(Entities)[0].Name), Hostname = tostring(parse_json(Entities)[6].FQDN)| extend AccountName = tostring(parse_json(tostring(parse_json(Entities)[6].LoggedOnUsers))[0].AccountName)\n| project TimeGenerated, AlertName, ThreatName_, ProviderName, AlertSeverity, Description, RemediationSteps, ExtendedProperties, Entities, FileName,SHA256, Directory, Hostname, AccountName\n| extend timestamp = TimeGenerated, HostCustomEntity = Hostname , AccountCustomEntity = AccountName,  FileHashCustomEntity = SHA256, FileHashType = \"SHA256\"\n",
+                "queryFrequency": "PT6H",
+                "queryPeriod": "PT6H",
+                "severity": "High",
+                "suppressionDuration": "PT1H",
+                "suppressionEnabled": false,
+                "triggerOperator": "GreaterThan",
+                "triggerThreshold": 0,
+                "status": "Available",
+                "requiredDataConnectors": [
+                  {
+                    "dataTypes": [
+                      "SecurityAlert (MDATP)"
+                    ],
+                    "connectorId": "MicrosoftDefenderAdvancedThreatProtection"
+                  }
+                ],
+                "tactics": [
+                  "Persistence"
+                ],
+                "techniques": [
+                  "T1137"
+                ],
+                "entityMappings": [
+                  {
+                    "entityType": "Account",
+                    "fieldMappings": [
+                      {
+                        "identifier": "FullName",
+                        "columnName": "AccountCustomEntity"
+                      }
+                    ]
+                  },
+                  {
+                    "entityType": "Host",
+                    "fieldMappings": [
+                      {
+                        "identifier": "FullName",
+                        "columnName": "HostCustomEntity"
+                      }
+                    ]
+                  },
+                  {
+                    "entityType": "FileHash",
+                    "fieldMappings": [
+                      {
+                        "identifier": "Algorithm",
+                        "columnName": "FileHashType"
+                      },
+                      {
+                        "identifier": "Value",
+                        "columnName": "FileHashCustomEntity"
+                      }
+                    ]
+                  }
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId1'),'/'))))]",
+              "properties": {
+                "description": "MicrosoftDefenderForEndpoint Analytics Rule 1",
+                "parentId": "[variables('analyticRuleId1')]",
+                "contentId": "[variables('_analyticRulecontentId1')]",
+                "kind": "AnalyticsRule",
+                "version": "[variables('analyticRuleVersion1')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "MicrosoftDefenderForEndpoint",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Microsoft Corporation",
+                  "email": "support@microsoft.com",
+                  "tier": "Microsoft",
+                  "link": "https://support.microsoft.com"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_analyticRulecontentId1')]",
+        "contentKind": "AnalyticsRule",
+        "displayName": "Aqua Blizzard AV hits - Feb 2022",
+        "contentProductId": "[variables('_analyticRulecontentProductId1')]",
+        "id": "[variables('_analyticRulecontentProductId1')]",
+        "version": "[variables('analyticRuleVersion1')]"
+      }
+    },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
@@ -444,16 +570,16 @@
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
-                "displayName": "AssignedIPAddress",
-                "category": "Samples",
+                "displayName": "Parser for AssignedIPAddress",
+                "category": "Microsoft Sentinel Parser",
                 "functionAlias": "AssignedIPAddress",
-                "query": "\nlet AssignedIPAddresses = (Device:string, Timestamp:datetime = datetime(null))\n{\nlet t = coalesce(Timestamp, now());\nlet adapters = materialize(\n    DeviceNetworkInfo \n    | where Timestamp between(max_of(t - 1d, ago(30d)) .. t)\n    | where DeviceId == Device or DeviceName == Device\n    | top 500 by Timestamp);\nlet lastReportId = tolong(toscalar(adapters | summarize arg_max(Timestamp, ReportId) | project ReportId));\nadapters | where ReportId == lastReportId\n| project Timestamp, NetworkAdapterType, IpAddresses = todynamic(tostring(IPAddresses)), ConnectedNetworks\n| mv-expand IpAddresses\n| project Timestamp, IPAddress = tostring(IpAddresses.IPAddress), IPType = tostring(IpAddresses.AddressType), NetworkAdapterType, ConnectedNetworks\n};\n",
+                "query": "let AssignedIPAddresses = (Device:string, Timestamp:datetime = datetime(null))\n{\nlet t = coalesce(Timestamp, now());\nlet adapters = materialize(\n    DeviceNetworkInfo \n    | where Timestamp between(max_of(t - 1d, ago(30d)) .. t)\n    | where DeviceId == Device or DeviceName == Device\n    | top 500 by Timestamp);\nlet lastReportId = tolong(toscalar(adapters | summarize arg_max(Timestamp, ReportId) | project ReportId));\nadapters | where ReportId == lastReportId\n| project Timestamp, NetworkAdapterType, IpAddresses = todynamic(tostring(IPAddresses)), ConnectedNetworks\n| mv-expand IpAddresses\n| project Timestamp, IPAddress = tostring(IpAddresses.IPAddress), IPType = tostring(IpAddresses.AddressType), NetworkAdapterType, ConnectedNetworks\n};\n",
                 "functionParameters": "",
-                "version": 1,
+                "version": 2,
                 "tags": [
                   {
                     "name": "description",
-                    "value": "AssignedIPAddress"
+                    "value": ""
                   }
                 ]
               }
@@ -496,7 +622,7 @@
         "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('_parserContentId1')]",
         "contentKind": "Parser",
-        "displayName": "AssignedIPAddress",
+        "displayName": "Parser for AssignedIPAddress",
         "contentProductId": "[variables('_parsercontentProductId1')]",
         "id": "[variables('_parsercontentProductId1')]",
         "version": "[variables('parserVersion1')]"
@@ -509,16 +635,16 @@
       "location": "[parameters('workspace-location')]",
       "properties": {
         "eTag": "*",
-        "displayName": "AssignedIPAddress",
-        "category": "Samples",
+        "displayName": "Parser for AssignedIPAddress",
+        "category": "Microsoft Sentinel Parser",
         "functionAlias": "AssignedIPAddress",
-        "query": "\nlet AssignedIPAddresses = (Device:string, Timestamp:datetime = datetime(null))\n{\nlet t = coalesce(Timestamp, now());\nlet adapters = materialize(\n    DeviceNetworkInfo \n    | where Timestamp between(max_of(t - 1d, ago(30d)) .. t)\n    | where DeviceId == Device or DeviceName == Device\n    | top 500 by Timestamp);\nlet lastReportId = tolong(toscalar(adapters | summarize arg_max(Timestamp, ReportId) | project ReportId));\nadapters | where ReportId == lastReportId\n| project Timestamp, NetworkAdapterType, IpAddresses = todynamic(tostring(IPAddresses)), ConnectedNetworks\n| mv-expand IpAddresses\n| project Timestamp, IPAddress = tostring(IpAddresses.IPAddress), IPType = tostring(IpAddresses.AddressType), NetworkAdapterType, ConnectedNetworks\n};\n",
+        "query": "let AssignedIPAddresses = (Device:string, Timestamp:datetime = datetime(null))\n{\nlet t = coalesce(Timestamp, now());\nlet adapters = materialize(\n    DeviceNetworkInfo \n    | where Timestamp between(max_of(t - 1d, ago(30d)) .. t)\n    | where DeviceId == Device or DeviceName == Device\n    | top 500 by Timestamp);\nlet lastReportId = tolong(toscalar(adapters | summarize arg_max(Timestamp, ReportId) | project ReportId));\nadapters | where ReportId == lastReportId\n| project Timestamp, NetworkAdapterType, IpAddresses = todynamic(tostring(IPAddresses)), ConnectedNetworks\n| mv-expand IpAddresses\n| project Timestamp, IPAddress = tostring(IpAddresses.IPAddress), IPType = tostring(IpAddresses.AddressType), NetworkAdapterType, ConnectedNetworks\n};\n",
         "functionParameters": "",
-        "version": 1,
+        "version": 2,
         "tags": [
           {
             "name": "description",
-            "value": "AssignedIPAddress"
+            "value": ""
           }
         ]
       }
@@ -576,16 +702,16 @@
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
-                "displayName": "Devicefromip",
-                "category": "Samples",
+                "displayName": "Parser for Devicefromip",
+                "category": "Microsoft Sentinel Parser",
                 "functionAlias": "Devicefromip",
-                "query": "\nlet DeviceFromIP2 = (T:(IP:string), Timestamp:datetime = datetime(null))\n{\nlet t = coalesce(Timestamp, now());\nlet lastReportIds = DeviceNetworkInfo \n    | where Timestamp between(max_of(t - 1d, ago(30d)) .. t)\n    | summarize arg_max(Timestamp, ReportId) by DeviceId;\nlet adapters = DeviceNetworkInfo\n    | where Timestamp between(max_of(t - 1d, ago(30d)) .. t)\n    | lookup kind = inner lastReportIds on ReportId, DeviceId\n    | mv-expand todynamic(IPAddresses)\n    | project DeviceId, IP = tostring(IPAddresses.IPAddress);\nT | join adapters on IP | project-away IP1\n};\n",
+                "query": "let DeviceFromIP2 = (T:(IP:string), Timestamp:datetime = datetime(null))\n{\nlet t = coalesce(Timestamp, now());\nlet lastReportIds = DeviceNetworkInfo \n    | where Timestamp between(max_of(t - 1d, ago(30d)) .. t)\n    | summarize arg_max(Timestamp, ReportId) by DeviceId;\nlet adapters = DeviceNetworkInfo\n    | where Timestamp between(max_of(t - 1d, ago(30d)) .. t)\n    | lookup kind = inner lastReportIds on ReportId, DeviceId\n    | mv-expand todynamic(IPAddresses)\n    | project DeviceId, IP = tostring(IPAddresses.IPAddress);\nT | join adapters on IP | project-away IP1\n};\n",
                 "functionParameters": "",
-                "version": 1,
+                "version": 2,
                 "tags": [
                   {
                     "name": "description",
-                    "value": "Devicefromip"
+                    "value": ""
                   }
                 ]
               }
@@ -628,7 +754,7 @@
         "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('_parserContentId2')]",
         "contentKind": "Parser",
-        "displayName": "Devicefromip",
+        "displayName": "Parser for Devicefromip",
         "contentProductId": "[variables('_parsercontentProductId2')]",
         "id": "[variables('_parsercontentProductId2')]",
         "version": "[variables('parserVersion2')]"
@@ -641,16 +767,16 @@
       "location": "[parameters('workspace-location')]",
       "properties": {
         "eTag": "*",
-        "displayName": "Devicefromip",
-        "category": "Samples",
+        "displayName": "Parser for Devicefromip",
+        "category": "Microsoft Sentinel Parser",
         "functionAlias": "Devicefromip",
-        "query": "\nlet DeviceFromIP2 = (T:(IP:string), Timestamp:datetime = datetime(null))\n{\nlet t = coalesce(Timestamp, now());\nlet lastReportIds = DeviceNetworkInfo \n    | where Timestamp between(max_of(t - 1d, ago(30d)) .. t)\n    | summarize arg_max(Timestamp, ReportId) by DeviceId;\nlet adapters = DeviceNetworkInfo\n    | where Timestamp between(max_of(t - 1d, ago(30d)) .. t)\n    | lookup kind = inner lastReportIds on ReportId, DeviceId\n    | mv-expand todynamic(IPAddresses)\n    | project DeviceId, IP = tostring(IPAddresses.IPAddress);\nT | join adapters on IP | project-away IP1\n};\n",
+        "query": "let DeviceFromIP2 = (T:(IP:string), Timestamp:datetime = datetime(null))\n{\nlet t = coalesce(Timestamp, now());\nlet lastReportIds = DeviceNetworkInfo \n    | where Timestamp between(max_of(t - 1d, ago(30d)) .. t)\n    | summarize arg_max(Timestamp, ReportId) by DeviceId;\nlet adapters = DeviceNetworkInfo\n    | where Timestamp between(max_of(t - 1d, ago(30d)) .. t)\n    | lookup kind = inner lastReportIds on ReportId, DeviceId\n    | mv-expand todynamic(IPAddresses)\n    | project DeviceId, IP = tostring(IPAddresses.IPAddress);\nT | join adapters on IP | project-away IP1\n};\n",
         "functionParameters": "",
-        "version": 1,
+        "version": 2,
         "tags": [
           {
             "name": "description",
-            "value": "Devicefromip"
+            "value": ""
           }
         ]
       }
@@ -688,200 +814,56 @@
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName1')]",
+      "name": "[variables('huntingQueryTemplateSpecName1')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Isolate-MDE-Machine-entityTrigger Playbook with template version 3.0.1",
+        "description": "MDE_Usage_HuntingQueries Hunting Query with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion1')]",
-          "parameters": {
-            "PlaybookName": {
-              "defaultValue": "Isolate-MDE-Machine-entityTrigger",
-              "type": "string"
-            }
-          },
-          "variables": {
-            "MicrosoftSentinelConnectionName": "[[concat('MicrosoftSentinel-', parameters('PlaybookName'))]",
-            "WdatpConnectionName": "[[concat('Wdatp-', parameters('PlaybookName'))]",
-            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
-            "_connection-2": "[[variables('connection-2')]",
-            "connection-3": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Wdatp')]",
-            "_connection-3": "[[variables('connection-3')]",
-            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
-            "workspace-name": "[parameters('workspace')]",
-            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
-          },
+          "contentVersion": "[variables('huntingQueryVersion1')]",
+          "parameters": {},
+          "variables": {},
           "resources": [
             {
+              "type": "Microsoft.OperationalInsights/savedSearches",
+              "apiVersion": "2022-10-01",
+              "name": "MicrosoftDefenderForEndpoint_Hunting_Query_1",
+              "location": "[parameters('workspace-location')]",
               "properties": {
-                "provisioningState": "Succeeded",
-                "state": "Enabled",
-                "definition": {
-                  "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
-                  "contentVersion": "1.0.0.0",
-                  "parameters": {
-                    "$connections": {
-                      "type": "Object"
-                    }
+                "eTag": "*",
+                "displayName": "Probable AdFind Recon Tool Usage",
+                "category": "Hunting Queries",
+                "query": "let args = dynamic([\"objectcategory\",\"domainlist\",\"dcmodes\",\"adinfo\",\"trustdmp\",\"computers_pwdnotreqd\",\"Domain Admins\", \"objectcategory=person\", \"objectcategory=computer\", \"objectcategory=*\",\"dclist\"]);\nlet parentProcesses = dynamic([\"pwsh.exe\",\"powershell.exe\",\"cmd.exe\"]);\nDeviceProcessEvents\n//looks for execution from a shell\n| where InitiatingProcessFileName in (parentProcesses)\n// main filter\n| where FileName =~ \"AdFind.exe\" or SHA256 == \"c92c158d7c37fea795114fa6491fe5f145ad2f8c08776b18ae79db811e8e36a3\"\n   // AdFind common Flags to check for from various threat actor TTPs\n    or ProcessCommandLine has_any (args)\n| extend ProcessCustomEntity = InitiatingProcessFileName, CommandLineCustomEntity = ProcessCommandLine, AlgorithmCustomEntity = \"SHA256\", FileHashCustomEntity = SHA256,Name = tostring(split(AccountName, '@', 0)[0]), UPNSuffix = tostring(split(AccountName, '@', 1)[0]),HostName = tostring(split(DeviceName, '.', 0)[0]), DnsDomain = tostring(strcat_array(array_slice(split(DeviceName, '.'), 1, -1), '.'))\n | extend Account_0_Name = Name\n | extend Account_0_UPNSuffix = UPNSuffix\n | extend Host_0_HostName = HostName\n | extend Host_0_DnsDomain = DnsDomain\n | extend Process_0_ProcessId = ProcessCustomEntity\n | extend Process_0_CommandLine = CommandLineCustomEntity\n | extend FileHash_0_Algorithm = AlgorithmCustomEntity\n | extend FileHash_0_Value = FileHashCustomEntity\n",
+                "version": 2,
+                "tags": [
+                  {
+                    "name": "description",
+                    "value": "Identifies the host and account that executed AdFind by hash and filename in addition to common and unique flags that are used by many threat actors in discovery."
                   },
-                  "triggers": {
-                    "Microsoft_Sentinel_entity": {
-                      "type": "ApiConnectionWebhook",
-                      "inputs": {
-                        "body": {
-                          "callback_url": "@{listCallbackUrl()}"
-                        },
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['microsoftsentinel']['connectionId']"
-                          }
-                        },
-                        "path": "/entity/@{encodeURIComponent('Host')}"
-                      }
-                    }
+                  {
+                    "name": "tactics",
+                    "value": "Discovery"
                   },
-                  "actions": {
-                    "Actions_-_Isolate_machine": {
-                      "type": "ApiConnection",
-                      "inputs": {
-                        "body": {
-                          "Comment": "Host is isolated from Microsoft Sentinel using playbook Isolate-MDE-machine-entityTrigger.",
-                          "IsolationType": "Full"
-                        },
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['wdatp']['connectionId']"
-                          }
-                        },
-                        "method": "post",
-                        "path": "/api/machines/@{encodeURIComponent(triggerBody()?['entity']?['properties']?['additionalData']?['MdatpDeviceId'])}/isolate"
-                      }
-                    },
-                    "Condition": {
-                      "actions": {
-                        "Add_comment_to_incident_(V3)_-_device_isolated": {
-                          "type": "ApiConnection",
-                          "inputs": {
-                            "body": {
-                              "incidentArmId": "@triggerBody()?['IncidentArmID']",
-                              "message": "<p>Host - @{triggerBody()?['Entity']?['properties']?['HostName']} - is succesfully isolated!</p>"
-                            },
-                            "host": {
-                              "connection": {
-                                "name": "@parameters('$connections')['microsoftsentinel']['connectionId']"
-                              }
-                            },
-                            "method": "post",
-                            "path": "/Incidents/Comment"
-                          }
-                        }
-                      },
-                      "runAfter": {
-                        "Actions_-_Isolate_machine": [
-                          "Succeeded"
-                        ]
-                      },
-                      "expression": {
-                        "and": [
-                          {
-                            "not": {
-                              "equals": [
-                                "@triggerBody()?['IncidentArmID']",
-                                "@null"
-                              ]
-                            }
-                          }
-                        ]
-                      },
-                      "type": "If"
-                    }
-                  }
-                },
-                "parameters": {
-                  "$connections": {
-                    "value": {
-                      "microsoftsentinel": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
-                        "connectionName": "[[variables('MicrosoftSentinelConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
-                        "connectionProperties": {
-                          "authentication": {
-                            "type": "ManagedServiceIdentity"
-                          }
-                        }
-                      },
-                      "wdatp": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('WdatpConnectionName'))]",
-                        "connectionName": "[[variables('WdatpConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Wdatp')]",
-                        "connectionProperties": {
-                          "authentication": {
-                            "type": "ManagedServiceIdentity"
-                          }
-                        }
-                      }
-                    }
+                  {
+                    "name": "techniques",
+                    "value": "T1018"
                   }
-                }
-              },
-              "name": "[[parameters('PlaybookName')]",
-              "type": "Microsoft.Logic/workflows",
-              "location": "[[variables('workspace-location-inline')]",
-              "tags": {
-                "hidden-SentinelTemplateName": "Isolate-MDE-Machine-entityTrigger",
-                "hidden-SentinelTemplateVersion": "1.0",
-                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
-              },
-              "identity": {
-                "type": "SystemAssigned"
-              },
-              "apiVersion": "2017-07-01",
-              "dependsOn": [
-                "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
-                "[[resourceId('Microsoft.Web/connections', variables('WdatpConnectionName'))]"
-              ]
-            },
-            {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('MicrosoftSentinelConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "kind": "V1",
-              "properties": {
-                "displayName": "[[variables('MicrosoftSentinelConnectionName')]",
-                "parameterValueType": "Alternative",
-                "api": {
-                  "id": "[[variables('_connection-2')]"
-                }
-              }
-            },
-            {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('WdatpConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "kind": "V1",
-              "properties": {
-                "displayName": "[[variables('WdatpConnectionName')]",
-                "parameterValueType": "Alternative",
-                "api": {
-                  "id": "[[variables('_connection-3')]"
-                }
+                ]
               }
             },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId1'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId1'),'/'))))]",
               "properties": {
-                "parentId": "[variables('playbookId1')]",
-                "contentId": "[variables('_playbookContentId1')]",
-                "kind": "Playbook",
-                "version": "[variables('playbookVersion1')]",
+                "description": "MicrosoftDefenderForEndpoint Hunting Query 1",
+                "parentId": "[variables('huntingQueryId1')]",
+                "contentId": "[variables('_huntingQuerycontentId1')]",
+                "kind": "HuntingQuery",
+                "version": "[variables('huntingQueryVersion1')]",
                 "source": {
                   "kind": "Solution",
                   "name": "MicrosoftDefenderForEndpoint",
@@ -899,70 +881,132 @@
                 }
               }
             }
-          ],
-          "metadata": {
-            "title": "Isolate MDE Machine using entity trigger",
-            "description": "This playbook will isolate Microsoft Defender for Endpoint (MDE) device using entity trigger.",
-            "postDeployment": [
-              "1. Add Microsoft Sentinel Responder role to the managed identity.",
-              "2. Assign Machine.Isolate API permissions to the managed identity."
-            ],
-            "lastUpdateTime": "2022-12-22T00:00:00Z",
-            "tags": [
-              "Host"
-            ],
-            "releaseNotes": {
-              "version": "1.0",
-              "title": "[variables('blanks')]",
-              "notes": [
-                "Initial version"
-              ]
-            }
-          }
+          ]
         },
         "packageKind": "Solution",
         "packageVersion": "[variables('_solutionVersion')]",
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId1')]",
-        "contentKind": "Playbook",
-        "displayName": "Isolate-MDE-Machine-entityTrigger",
-        "contentProductId": "[variables('_playbookcontentProductId1')]",
-        "id": "[variables('_playbookcontentProductId1')]",
-        "version": "[variables('playbookVersion1')]"
+        "contentId": "[variables('_huntingQuerycontentId1')]",
+        "contentKind": "HuntingQuery",
+        "displayName": "Probable AdFind Recon Tool Usage",
+        "contentProductId": "[variables('_huntingQuerycontentProductId1')]",
+        "id": "[variables('_huntingQuerycontentProductId1')]",
+        "version": "[variables('huntingQueryVersion1')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName2')]",
+      "name": "[variables('huntingQueryTemplateSpecName2')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Isolate-MDEMachine Playbook with template version 3.0.1",
+        "description": "MDE_Process-IOCs_HuntingQueries Hunting Query with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion2')]",
-          "parameters": {
-            "PlaybookName": {
-              "defaultValue": "Isolate-MDEMachine",
-              "type": "string"
-            }
-          },
-          "variables": {
-            "AzureSentinelConnectionName": "[[concat('azuresentinel-', parameters('PlaybookName'))]",
-            "MDATPConnectionName": "[[concat('wdatp-', parameters('PlaybookName'))]",
-            "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
-            "_connection-1": "[[variables('connection-1')]",
-            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/wdatp')]",
-            "_connection-2": "[[variables('connection-2')]",
-            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
-            "workspace-name": "[parameters('workspace')]",
-            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
-          },
+          "contentVersion": "[variables('huntingQueryVersion2')]",
+          "parameters": {},
+          "variables": {},
+          "resources": [
+            {
+              "type": "Microsoft.OperationalInsights/savedSearches",
+              "apiVersion": "2022-10-01",
+              "name": "MicrosoftDefenderForEndpoint_Hunting_Query_2",
+              "location": "[parameters('workspace-location')]",
+              "properties": {
+                "eTag": "*",
+                "displayName": "SUNBURST suspicious SolarWinds child processes",
+                "category": "Hunting Queries",
+                "query": "let excludeProcs = dynamic([@\"\\SolarWinds\\Orion\\APM\\APMServiceControl.exe\", @\"\\SolarWinds\\Orion\\ExportToPDFCmd.Exe\", @\"\\SolarWinds.Credentials\\SolarWinds.Credentials.Orion.WebApi.exe\", @\"\\SolarWinds\\Orion\\Topology\\SolarWinds.Orion.Topology.Calculator.exe\", @\"\\SolarWinds\\Orion\\Database-Maint.exe\", @\"\\SolarWinds.Orion.ApiPoller.Service\\SolarWinds.Orion.ApiPoller.Service.exe\", @\"\\Windows\\SysWOW64\\WerFault.exe\"]);\nDeviceProcessEvents\n| where InitiatingProcessFileName =~ \"solarwinds.businesslayerhost.exe\"\n| where not(FolderPath has_any (excludeProcs))\n| extend\n    timestamp = TimeGenerated,\n    AccountCustomEntity = iff(isnotempty(InitiatingProcessAccountUpn), InitiatingProcessAccountUpn, InitiatingProcessAccountName),\n    HostName = tostring(split(DeviceName, '.', 0)[0]), DnsDomain = tostring(strcat_array(array_slice(split(DeviceName, '.'), 1, -1), '.')),\n    AlgorithmCustomEntity = \"MD5\",FileHashCustomEntity = MD5\n|extend Name = tostring(split(AccountCustomEntity, '@', 0)[0]), UPNSuffix = tostring(split(AccountCustomEntity, '@', 1)[0])    \n| extend Account_0_Name = Name\n| extend Account_0_UPNSuffix = UPNSuffix\n| extend Host_0_HostName = HostName\n| extend Host_0_DnsDomain = DnsDomain \n| extend FileHash_0_Algorithm = AlgorithmCustomEntity\n| extend FileHash_0_Value = FileHashCustomEntity \n",
+                "version": 2,
+                "tags": [
+                  {
+                    "name": "description",
+                    "value": "Identifies suspicious child processes of SolarWinds.Orion.Core.BusinessLayer.dll that may be evidence of the SUNBURST backdoor"
+                  },
+                  {
+                    "name": "tactics",
+                    "value": "Execution,Persistence"
+                  }
+                ]
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId2'),'/'))))]",
+              "properties": {
+                "description": "MicrosoftDefenderForEndpoint Hunting Query 2",
+                "parentId": "[variables('huntingQueryId2')]",
+                "contentId": "[variables('_huntingQuerycontentId2')]",
+                "kind": "HuntingQuery",
+                "version": "[variables('huntingQueryVersion2')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "MicrosoftDefenderForEndpoint",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Microsoft Corporation",
+                  "email": "support@microsoft.com",
+                  "tier": "Microsoft",
+                  "link": "https://support.microsoft.com"
+                }
+              }
+            }
+          ]
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_huntingQuerycontentId2')]",
+        "contentKind": "HuntingQuery",
+        "displayName": "SUNBURST suspicious SolarWinds child processes",
+        "contentProductId": "[variables('_huntingQuerycontentProductId2')]",
+        "id": "[variables('_huntingQuerycontentProductId2')]",
+        "version": "[variables('huntingQueryVersion2')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('playbookTemplateSpecName1')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "Isolate-MDEMachine Playbook with template version 3.0.1",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('playbookVersion1')]",
+          "parameters": {
+            "PlaybookName": {
+              "defaultValue": "Isolate-MDEMachine",
+              "type": "string"
+            }
+          },
+          "variables": {
+            "AzureSentinelConnectionName": "[[concat('azuresentinel-', parameters('PlaybookName'))]",
+            "MDATPConnectionName": "[[concat('wdatp-', parameters('PlaybookName'))]",
+            "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
+            "_connection-1": "[[variables('connection-1')]",
+            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/wdatp')]",
+            "_connection-2": "[[variables('connection-2')]",
+            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
+            "workspace-name": "[parameters('workspace')]",
+            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
+          },
           "resources": [
             {
               "type": "Microsoft.Web/connections",
@@ -1185,12 +1229,12 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId2'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId1'),'/'))))]",
               "properties": {
-                "parentId": "[variables('playbookId2')]",
-                "contentId": "[variables('_playbookContentId2')]",
+                "parentId": "[variables('playbookId1')]",
+                "contentId": "[variables('_playbookContentId1')]",
                 "kind": "Playbook",
-                "version": "[variables('playbookVersion2')]",
+                "version": "[variables('playbookVersion1')]",
                 "source": {
                   "kind": "Solution",
                   "name": "MicrosoftDefenderForEndpoint",
@@ -1215,6 +1259,19 @@
             "prerequisites": [
               "- You will need to grant Machine.Isolate permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Machine.Isolate' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"
             ],
+            "postDeployment": [
+              "Assign Playbook Microsoft Sentinel Responder Role",
+              "1. Select the Playbook (Logic App) resource",
+              "2. Click on Identity Blade",
+              "3. Choose System assigned tab",
+              "4. Click on Azure role assignments",
+              "5. Click on Add role assignments",
+              "6. Select Scope - Resource group",
+              "7. Select Subscription - where Playbook has been created",
+              "8. Select Resource group - where Playbook has been created",
+              "9. Select Role - Microsoft Sentinel Responder",
+              "10. Click Save (It takes 3-5 minutes to show the added role.)"
+            ],
             "lastUpdateTime": "2022-07-14T00:00:00Z",
             "entities": [
               "Host"
@@ -1238,18 +1295,18 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId2')]",
+        "contentId": "[variables('_playbookContentId1')]",
         "contentKind": "Playbook",
         "displayName": "Isolate-MDEMachine",
-        "contentProductId": "[variables('_playbookcontentProductId2')]",
-        "id": "[variables('_playbookcontentProductId2')]",
-        "version": "[variables('playbookVersion2')]"
+        "contentProductId": "[variables('_playbookcontentProductId1')]",
+        "id": "[variables('_playbookcontentProductId1')]",
+        "version": "[variables('playbookVersion1')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName3')]",
+      "name": "[variables('playbookTemplateSpecName2')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
@@ -1258,7 +1315,7 @@
         "description": "Isolate-MDEMachine Playbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion3')]",
+          "contentVersion": "[variables('playbookVersion2')]",
           "parameters": {
             "PlaybookName": {
               "defaultValue": "Isolate-MDEMachine",
@@ -1481,12 +1538,12 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId3'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId2'),'/'))))]",
               "properties": {
-                "parentId": "[variables('playbookId3')]",
-                "contentId": "[variables('_playbookContentId3')]",
+                "parentId": "[variables('playbookId2')]",
+                "contentId": "[variables('_playbookContentId2')]",
                 "kind": "Playbook",
-                "version": "[variables('playbookVersion3')]",
+                "version": "[variables('playbookVersion2')]",
                 "source": {
                   "kind": "Solution",
                   "name": "MicrosoftDefenderForEndpoint",
@@ -1511,6 +1568,19 @@
             "prerequisites": [
               "- You will need to grant Machine.Isolate permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Machine.Isolate' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"
             ],
+            "postDeployment": [
+              "Assign Playbook Microsoft Sentinel Responder Role",
+              "1. Select the Playbook (Logic App) resource",
+              "2. Click on Identity Blade",
+              "3. Choose System assigned tab",
+              "4. Click on Azure role assignments",
+              "5. Click on Add role assignments",
+              "6. Select Scope - Resource group",
+              "7. Select Subscription - where Playbook has been created",
+              "8. Select Resource group - where Playbook has been created",
+              "9. Select Role - Microsoft Sentinel Responder",
+              "10. Click Save (It takes 3-5 minutes to show the added role.)"
+            ],
             "lastUpdateTime": "2022-07-14T00:00:00Z",
             "entities": [
               "Host"
@@ -1534,18 +1604,18 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId3')]",
+        "contentId": "[variables('_playbookContentId2')]",
         "contentKind": "Playbook",
         "displayName": "Isolate-MDEMachine",
-        "contentProductId": "[variables('_playbookcontentProductId3')]",
-        "id": "[variables('_playbookcontentProductId3')]",
-        "version": "[variables('playbookVersion3')]"
+        "contentProductId": "[variables('_playbookcontentProductId2')]",
+        "id": "[variables('_playbookcontentProductId2')]",
+        "version": "[variables('playbookVersion2')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName4')]",
+      "name": "[variables('playbookTemplateSpecName3')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
@@ -1554,7 +1624,7 @@
         "description": "Restrict-MDEAppExecution Playbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion4')]",
+          "contentVersion": "[variables('playbookVersion3')]",
           "parameters": {
             "PlaybookName": {
               "defaultValue": "Restrict-MDEAppExecution",
@@ -1793,12 +1863,12 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId4'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId3'),'/'))))]",
               "properties": {
-                "parentId": "[variables('playbookId4')]",
-                "contentId": "[variables('_playbookContentId4')]",
+                "parentId": "[variables('playbookId3')]",
+                "contentId": "[variables('_playbookContentId3')]",
                 "kind": "Playbook",
-                "version": "[variables('playbookVersion4')]",
+                "version": "[variables('playbookVersion3')]",
                 "source": {
                   "kind": "Solution",
                   "name": "MicrosoftDefenderForEndpoint",
@@ -1823,6 +1893,19 @@
             "prerequisites": [
               "- You will need to grant Machine.RestrictExecution permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Machine.RestrictExecution' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"
             ],
+            "postDeployment": [
+              "Assign Playbook Microsoft Sentinel Responder Role",
+              "1. Select the Playbook (Logic App) resource",
+              "2. Click on Identity Blade",
+              "3. Choose System assigned tab",
+              "4. Click on Azure role assignments",
+              "5. Click on Add role assignments",
+              "6. Select Scope - Resource group",
+              "7. Select Subscription - where Playbook has been created",
+              "8. Select Resource group - where Playbook has been created",
+              "9. Select Role - Microsoft Sentinel Responder",
+              "10. Click Save (It takes 3-5 minutes to show the added role.)"
+            ],
             "lastUpdateTime": "2022-07-14T00:00:00Z",
             "entities": [
               "Host"
@@ -1846,18 +1929,18 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId4')]",
+        "contentId": "[variables('_playbookContentId3')]",
         "contentKind": "Playbook",
         "displayName": "Restrict-MDEAppExecution",
-        "contentProductId": "[variables('_playbookcontentProductId4')]",
-        "id": "[variables('_playbookcontentProductId4')]",
-        "version": "[variables('playbookVersion4')]"
+        "contentProductId": "[variables('_playbookcontentProductId3')]",
+        "id": "[variables('_playbookcontentProductId3')]",
+        "version": "[variables('playbookVersion3')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName5')]",
+      "name": "[variables('playbookTemplateSpecName4')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
@@ -1866,7 +1949,7 @@
         "description": "Restrict-MDEAppExecution Playbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion5')]",
+          "contentVersion": "[variables('playbookVersion4')]",
           "parameters": {
             "PlaybookName": {
               "defaultValue": "Restrict-MDEAppExecution",
@@ -2088,12 +2171,12 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId5'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId4'),'/'))))]",
               "properties": {
-                "parentId": "[variables('playbookId5')]",
-                "contentId": "[variables('_playbookContentId5')]",
+                "parentId": "[variables('playbookId4')]",
+                "contentId": "[variables('_playbookContentId4')]",
                 "kind": "Playbook",
-                "version": "[variables('playbookVersion5')]",
+                "version": "[variables('playbookVersion4')]",
                 "source": {
                   "kind": "Solution",
                   "name": "MicrosoftDefenderForEndpoint",
@@ -2118,6 +2201,19 @@
             "prerequisites": [
               "- You will need to grant Machine.RestrictExecution permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Machine.RestrictExecution' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"
             ],
+            "postDeployment": [
+              "Assign Playbook Microsoft Sentinel Responder Role",
+              "1. Select the Playbook (Logic App) resource",
+              "2. Click on Identity Blade",
+              "3. Choose System assigned tab",
+              "4. Click on Azure role assignments",
+              "5. Click on Add role assignments",
+              "6. Select Scope - Resource group",
+              "7. Select Subscription - where Playbook has been created",
+              "8. Select Resource group - where Playbook has been created",
+              "9. Select Role - Microsoft Sentinel Responder",
+              "10. Click Save (It takes 3-5 minutes to show the added role.)"
+            ],
             "lastUpdateTime": "2022-07-14T00:00:00Z",
             "entities": [
               "Host"
@@ -2141,18 +2237,18 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId5')]",
+        "contentId": "[variables('_playbookContentId4')]",
         "contentKind": "Playbook",
         "displayName": "Restrict-MDEAppExecution",
-        "contentProductId": "[variables('_playbookcontentProductId5')]",
-        "id": "[variables('_playbookcontentProductId5')]",
-        "version": "[variables('playbookVersion5')]"
+        "contentProductId": "[variables('_playbookcontentProductId4')]",
+        "id": "[variables('_playbookcontentProductId4')]",
+        "version": "[variables('playbookVersion4')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName6')]",
+      "name": "[variables('playbookTemplateSpecName5')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
@@ -2161,7 +2257,7 @@
         "description": "Restrict-MDEDomain Playbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion6')]",
+          "contentVersion": "[variables('playbookVersion5')]",
           "parameters": {
             "PlaybookName": {
               "defaultValue": "Restrict-MDEDomain",
@@ -2494,12 +2590,12 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId6'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId5'),'/'))))]",
               "properties": {
-                "parentId": "[variables('playbookId6')]",
-                "contentId": "[variables('_playbookContentId6')]",
+                "parentId": "[variables('playbookId5')]",
+                "contentId": "[variables('_playbookContentId5')]",
                 "kind": "Playbook",
-                "version": "[variables('playbookVersion6')]",
+                "version": "[variables('playbookVersion5')]",
                 "source": {
                   "kind": "Solution",
                   "name": "MicrosoftDefenderForEndpoint",
@@ -2524,6 +2620,19 @@
             "prerequisites": [
               "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to assign Microsoft Sentinel Responder role to the managed identity \n\n - You will need to grant Ti.ReadWrite permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"
             ],
+            "postDeployment": [
+              "Assign Playbook Microsoft Sentinel Responder Role",
+              "1. Select the Playbook (Logic App) resource",
+              "2. Click on Identity Blade",
+              "3. Choose System assigned tab",
+              "4. Click on Azure role assignments",
+              "5. Click on Add role assignments",
+              "6. Select Scope - Resource group",
+              "7. Select Subscription - where Playbook has been created",
+              "8. Select Resource group - where Playbook has been created",
+              "9. Select Role - Microsoft Sentinel Responder",
+              "10. Click Save (It takes 3-5 minutes to show the added role.)"
+            ],
             "lastUpdateTime": "2022-07-14T00:00:00Z",
             "entities": [
               "dnsresolution"
@@ -2547,30 +2656,30 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId6')]",
+        "contentId": "[variables('_playbookContentId5')]",
         "contentKind": "Playbook",
         "displayName": "Restrict-MDEDomain",
-        "contentProductId": "[variables('_playbookcontentProductId6')]",
-        "id": "[variables('_playbookcontentProductId6')]",
-        "version": "[variables('playbookVersion6')]"
+        "contentProductId": "[variables('_playbookcontentProductId5')]",
+        "id": "[variables('_playbookcontentProductId5')]",
+        "version": "[variables('playbookVersion5')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName7')]",
+      "name": "[variables('playbookTemplateSpecName6')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Restrict-MDEDomain-entityTrigger Playbook with template version 3.0.1",
+        "description": "Restrict-MDEDomain Playbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion7')]",
+          "contentVersion": "[variables('playbookVersion6')]",
           "parameters": {
             "PlaybookName": {
-              "defaultValue": "Restrict-MDEDomain-entityTrigger",
+              "defaultValue": "Restrict-MDEDomain",
               "type": "string"
             }
           },
@@ -2596,7 +2705,7 @@
                     }
                   },
                   "triggers": {
-                    "Microsoft_Sentinel_entity_(DNS)": {
+                    "Microsoft_Sentinel_incident": {
                       "type": "ApiConnectionWebhook",
                       "inputs": {
                         "body": {
@@ -2604,273 +2713,45 @@
                         },
                         "host": {
                           "connection": {
-                            "name": "@parameters('$connections')['azuresentinel_1']['connectionId']"
+                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
                           }
                         },
-                        "path": "/entity/@{encodeURIComponent('DNS')}"
+                        "path": "/incident-creation"
                       }
                     }
                   },
                   "actions": {
-                    "Condition": {
+                    "Entities_-_Get_DNS": {
+                      "type": "ApiConnection",
+                      "inputs": {
+                        "body": "@triggerBody()?['object']?['properties']?['relatedEntities']",
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                          }
+                        },
+                        "method": "post",
+                        "path": "/entities/dnsresolution"
+                      }
+                    },
+                    "For_each": {
+                      "foreach": "@body('Entities_-_Get_DNS')?['Dnsresolutions']",
                       "actions": {
                         "Add_comment_to_incident_(V3)": {
+                          "runAfter": {
+                            "HTTP": [
+                              "Succeeded"
+                            ]
+                          },
                           "type": "ApiConnection",
                           "inputs": {
                             "body": {
-                              "incidentArmId": "@triggerBody()?['IncidentArmID']",
-                              "message": "<p><br>\nAn AlertAndBlock request has been sent to the security centre API for the domain: @{triggerBody()?['Entity']?['properties']?['DomainName']}. Note that the expiration time on this request is 90 days.<br>\nThe response from the API was: @{outputs('HTTP_-_AlertAndBlock')['statusCode']}</p>"
+                              "incidentArmId": "@triggerBody()?['object']?['id']",
+                              "message": "<p>@{items('For_each')?['DomainName']} was added to MDE Indicators with action: AlertandBlock via playbook.</p>"
                             },
                             "host": {
                               "connection": {
-                                "name": "@parameters('$connections')['azuresentinel_1']['connectionId']"
-                              }
-                            },
-                            "method": "post",
-                            "path": "/Incidents/Comment"
-                          }
-                        }
-                      },
-                      "runAfter": {
-                        "HTTP_-_AlertAndBlock": [
-                          "Succeeded"
-                        ]
-                      },
-                      "expression": {
-                        "and": [
-                          {
-                            "not": {
-                              "equals": [
-                                "@triggerBody()?['IncidentArmID']",
-                                "@null"
-                              ]
-                            }
-                          }
-                        ]
-                      },
-                      "type": "If"
-                    },
-                    "HTTP_-_AlertAndBlock": {
-                      "type": "Http",
-                      "inputs": {
-                        "authentication": {
-                          "audience": "https://api.securitycenter.windows.com/",
-                          "type": "ManagedServiceIdentity"
-                        },
-                        "body": {
-                          "action": "AlertAndBlock",
-                          "application": "Microsoft Sentinel",
-                          "description": "This block command has been made through the Restrict-MDEDomain-entityTrigger. Ran on URL Entity from Microsoft Sentinel Incident with ARM ID: @{triggerBody()?['IncidentArmID']}. Entity properties: @{triggerBody()?['Entity']?['properties']}",
-                          "expirationTime": "@{addDays(utcNow(), 90)}",
-                          "indicatorType": "DomainName",
-                          "indicatorValue": "@{triggerBody()?['Entity']?['properties']?['DomainName']}",
-                          "title": "@{guid()}"
-                        },
-                        "method": "POST",
-                        "uri": "https://api.securitycenter.windows.com/api/indicators"
-                      }
-                    }
-                  }
-                },
-                "parameters": {
-                  "$connections": {
-                    "value": {
-                      "azuresentinel_1": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
-                        "connectionName": "[[variables('MicrosoftSentinelConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
-                        "connectionProperties": {
-                          "authentication": {
-                            "type": "ManagedServiceIdentity"
-                          }
-                        }
-                      }
-                    }
-                  }
-                }
-              },
-              "name": "[[parameters('PlaybookName')]",
-              "type": "Microsoft.Logic/workflows",
-              "location": "[[variables('workspace-location-inline')]",
-              "tags": {
-                "hidden-SentinelTemplateName": "Restrict-MDEDomain-entityTrigger",
-                "hidden-SentinelTemplateVersion": "1.0",
-                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
-              },
-              "identity": {
-                "type": "SystemAssigned"
-              },
-              "apiVersion": "2017-07-01",
-              "dependsOn": [
-                "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]"
-              ]
-            },
-            {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('MicrosoftSentinelConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "kind": "V1",
-              "properties": {
-                "displayName": "[[variables('MicrosoftSentinelConnectionName')]",
-                "parameterValueType": "Alternative",
-                "api": {
-                  "id": "[[variables('_connection-2')]"
-                }
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId7'),'/'))))]",
-              "properties": {
-                "parentId": "[variables('playbookId7')]",
-                "contentId": "[variables('_playbookContentId7')]",
-                "kind": "Playbook",
-                "version": "[variables('playbookVersion7')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "MicrosoftDefenderForEndpoint",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "Microsoft Corporation",
-                  "email": "support@microsoft.com",
-                  "tier": "Microsoft",
-                  "link": "https://support.microsoft.com"
-                }
-              }
-            }
-          ],
-          "metadata": {
-            "title": "Restrict MDE Domain - Entity Triggered",
-            "description": "This playbook will take the triggering entity and generate an alert and block threat indicator for the domain in MDE for 90 days.",
-            "prerequisites": "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions and assign Microsoft Sentinel Reader to the resource group for the managed identity. Run the following code replacing the managed identity object id, subscriptionId and resource group. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $SubscriptionId = '<Enter your subsciption id here>' \n\n $ResourceGroup = '<Enter your resource group here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $RoleName = 'Microsoft Sentinel Responder' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n New-AzRoleAssignment -ObjectId $MIGuid -RoleDefinitionName $RoleName -Scope /subscriptions/$SubscriptionId/resourcegroups/$ResourceGroup \n\n ```",
-            "postDeployment": [
-              "1. Add Microsoft Sentinel Responder role to the managed identity.",
-              "2. Assign Ti.ReadWrite API permissions to the managed identity."
-            ],
-            "lastUpdateTime": "2023-02-26T00:00:00Z",
-            "entities": [
-              "Url"
-            ],
-            "tags": [
-              "Remediation"
-            ],
-            "releaseNotes": {
-              "version": "1.0",
-              "title": "[variables('blanks')]",
-              "notes": [
-                "Initial version"
-              ]
-            }
-          }
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId7')]",
-        "contentKind": "Playbook",
-        "displayName": "Restrict-MDEDomain-entityTrigger",
-        "contentProductId": "[variables('_playbookcontentProductId7')]",
-        "id": "[variables('_playbookcontentProductId7')]",
-        "version": "[variables('playbookVersion7')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName8')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "Restrict-MDEDomain Playbook with template version 3.0.1",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion8')]",
-          "parameters": {
-            "PlaybookName": {
-              "defaultValue": "Restrict-MDEDomain",
-              "type": "string"
-            }
-          },
-          "variables": {
-            "MicrosoftSentinelConnectionName": "[[concat('MicrosoftSentinel-', parameters('PlaybookName'))]",
-            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
-            "_connection-2": "[[variables('connection-2')]",
-            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
-            "workspace-name": "[parameters('workspace')]",
-            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
-          },
-          "resources": [
-            {
-              "properties": {
-                "provisioningState": "Succeeded",
-                "state": "Enabled",
-                "definition": {
-                  "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
-                  "contentVersion": "1.0.0.0",
-                  "parameters": {
-                    "$connections": {
-                      "type": "Object"
-                    }
-                  },
-                  "triggers": {
-                    "Microsoft_Sentinel_incident": {
-                      "type": "ApiConnectionWebhook",
-                      "inputs": {
-                        "body": {
-                          "callback_url": "@{listCallbackUrl()}"
-                        },
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                          }
-                        },
-                        "path": "/incident-creation"
-                      }
-                    }
-                  },
-                  "actions": {
-                    "Entities_-_Get_DNS": {
-                      "type": "ApiConnection",
-                      "inputs": {
-                        "body": "@triggerBody()?['object']?['properties']?['relatedEntities']",
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                          }
-                        },
-                        "method": "post",
-                        "path": "/entities/dnsresolution"
-                      }
-                    },
-                    "For_each": {
-                      "foreach": "@body('Entities_-_Get_DNS')?['Dnsresolutions']",
-                      "actions": {
-                        "Add_comment_to_incident_(V3)": {
-                          "runAfter": {
-                            "HTTP": [
-                              "Succeeded"
-                            ]
-                          },
-                          "type": "ApiConnection",
-                          "inputs": {
-                            "body": {
-                              "incidentArmId": "@triggerBody()?['object']?['id']",
-                              "message": "<p>@{items('For_each')?['DomainName']} was added to MDE Indicators with action: AlertandBlock via playbook.</p>"
-                            },
-                            "host": {
-                              "connection": {
-                                "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                                "name": "@parameters('$connections')['azuresentinel']['connectionId']"
                               }
                             },
                             "method": "post",
@@ -2959,12 +2840,12 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId8'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId6'),'/'))))]",
               "properties": {
-                "parentId": "[variables('playbookId8')]",
-                "contentId": "[variables('_playbookContentId8')]",
+                "parentId": "[variables('playbookId6')]",
+                "contentId": "[variables('_playbookContentId6')]",
                 "kind": "Playbook",
-                "version": "[variables('playbookVersion8')]",
+                "version": "[variables('playbookVersion6')]",
                 "source": {
                   "kind": "Solution",
                   "name": "MicrosoftDefenderForEndpoint",
@@ -2989,6 +2870,19 @@
             "prerequisites": [
               "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to assign Microsoft Sentinel Responder role to the managed identity \n\n - You will need to grant Ti.ReadWrite permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"
             ],
+            "postDeployment": [
+              "Assign Playbook Microsoft Sentinel Responder Role",
+              "1. Select the Playbook (Logic App) resource",
+              "2. Click on Identity Blade",
+              "3. Choose System assigned tab",
+              "4. Click on Azure role assignments",
+              "5. Click on Add role assignments",
+              "6. Select Scope - Resource group",
+              "7. Select Subscription - where Playbook has been created",
+              "8. Select Resource group - where Playbook has been created",
+              "9. Select Role - Microsoft Sentinel Responder",
+              "10. Click Save (It takes 3-5 minutes to show the added role.)"
+            ],
             "lastUpdateTime": "2022-07-14T00:00:00Z",
             "entities": [
               "dnsresolution"
@@ -3012,18 +2906,18 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId8')]",
+        "contentId": "[variables('_playbookContentId6')]",
         "contentKind": "Playbook",
         "displayName": "Restrict-MDEDomain",
-        "contentProductId": "[variables('_playbookcontentProductId8')]",
-        "id": "[variables('_playbookcontentProductId8')]",
-        "version": "[variables('playbookVersion8')]"
+        "contentProductId": "[variables('_playbookcontentProductId6')]",
+        "id": "[variables('_playbookcontentProductId6')]",
+        "version": "[variables('playbookVersion6')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName9')]",
+      "name": "[variables('playbookTemplateSpecName7')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
@@ -3032,7 +2926,7 @@
         "description": "Restrict-MDEFileHash Playbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion9')]",
+          "contentVersion": "[variables('playbookVersion7')]",
           "parameters": {
             "PlaybookName": {
               "defaultValue": "Restrict-MDEFileHash",
@@ -3249,12 +3143,12 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId9'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId7'),'/'))))]",
               "properties": {
-                "parentId": "[variables('playbookId9')]",
-                "contentId": "[variables('_playbookContentId9')]",
+                "parentId": "[variables('playbookId7')]",
+                "contentId": "[variables('_playbookContentId7')]",
                 "kind": "Playbook",
-                "version": "[variables('playbookVersion9')]",
+                "version": "[variables('playbookVersion7')]",
                 "source": {
                   "kind": "Solution",
                   "name": "MicrosoftDefenderForEndpoint",
@@ -3279,6 +3173,19 @@
             "prerequisites": [
               "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"
             ],
+            "postDeployment": [
+              "Assign Playbook Microsoft Sentinel Responder Role",
+              "1. Select the Playbook (Logic App) resource",
+              "2. Click on Identity Blade",
+              "3. Choose System assigned tab",
+              "4. Click on Azure role assignments",
+              "5. Click on Add role assignments",
+              "6. Select Scope - Resource group",
+              "7. Select Subscription - where Playbook has been created",
+              "8. Select Resource group - where Playbook has been created",
+              "9. Select Role - Microsoft Sentinel Responder",
+              "10. Click Save (It takes 3-5 minutes to show the added role.)"
+            ],
             "lastUpdateTime": "2022-07-14T00:00:00Z",
             "entities": [
               "FileHash"
@@ -3302,196 +3209,212 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId9')]",
+        "contentId": "[variables('_playbookContentId7')]",
         "contentKind": "Playbook",
         "displayName": "Restrict-MDEFileHash",
-        "contentProductId": "[variables('_playbookcontentProductId9')]",
-        "id": "[variables('_playbookcontentProductId9')]",
-        "version": "[variables('playbookVersion9')]"
+        "contentProductId": "[variables('_playbookcontentProductId7')]",
+        "id": "[variables('_playbookcontentProductId7')]",
+        "version": "[variables('playbookVersion7')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName10')]",
+      "name": "[variables('playbookTemplateSpecName8')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Restrict-MDEFileHash-entityTrigger Playbook with template version 3.0.1",
+        "description": "Restrict-MDEFileHash Playbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion10')]",
+          "contentVersion": "[variables('playbookVersion8')]",
           "parameters": {
             "PlaybookName": {
-              "defaultValue": "Restrict-MDEFileHash-entityTrigger",
-              "type": "string"
+              "defaultValue": "Restrict-MDEFileHash",
+              "type": "String"
             }
           },
           "variables": {
-            "MicrosoftSentinelConnectionName": "[[concat('MicrosoftSentinel-', parameters('PlaybookName'))]",
-            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
-            "_connection-2": "[[variables('connection-2')]",
+            "AzureSentinelConnectionName": "[[concat('azuresentinel-', parameters('PlaybookName'))]",
+            "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
+            "_connection-1": "[[variables('connection-1')]",
             "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
             "workspace-name": "[parameters('workspace')]",
             "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
           },
           "resources": [
             {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('AzureSentinelConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
+              "properties": {
+                "displayName": "[[parameters('PlaybookName')]",
+                "parameterValueType": "Alternative",
+                "api": {
+                  "id": "[[variables('_connection-1')]"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.Logic/workflows",
+              "apiVersion": "2017-07-01",
+              "name": "[[parameters('PlaybookName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "tags": {
+                "LogicAppsCategory": "security",
+                "hidden-SentinelTemplateName": "Restrict-MDEFileHash",
+                "hidden-SentinelTemplateVersion": "1.0",
+                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
+              },
+              "dependsOn": [
+                "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]"
+              ],
+              "identity": {
+                "type": "SystemAssigned"
+              },
               "properties": {
-                "provisioningState": "Succeeded",
                 "state": "Enabled",
                 "definition": {
                   "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
-                  "contentVersion": "1.0.0.0",
-                  "parameters": {
-                    "$connections": {
-                      "type": "Object"
-                    }
-                  },
-                  "triggers": {
-                    "Microsoft_Sentinel_entity_(FileHash)": {
-                      "type": "ApiConnectionWebhook",
+                  "actions": {
+                    "Entities_-_Get_FileHashes": {
                       "inputs": {
-                        "body": {
-                          "callback_url": "@{listCallbackUrl()}"
-                        },
+                        "body": "@triggerBody()?['object']?['properties']?['relatedEntities']",
                         "host": {
                           "connection": {
-                            "name": "@parameters('$connections')['azuresentinel_2']['connectionId']"
+                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
                           }
                         },
-                        "path": "/entity/@{encodeURIComponent('FileHash')}"
-                      }
-                    }
-                  },
-                  "actions": {
-                    "Condition": {
+                        "method": "post",
+                        "path": "/entities/filehash"
+                      },
+                      "type": "ApiConnection"
+                    },
+                    "For_each": {
                       "actions": {
-                        "Add_comment_to_incident_(V3)_2": {
-                          "type": "ApiConnection",
+                        "Add_comment_to_incident_(V3)": {
                           "inputs": {
                             "body": {
-                              "incidentArmId": "@triggerBody()?['IncidentArmID']",
-                              "message": "<p>An AlertAndBlock request has been sent to the security centre API for file with hash: @{triggerBody()?['Entity']?['properties']?['Value']}. Note that the expiration time on this is 90 days.<br>\nThe response from the API was: @{outputs('HTTP_Alert_and_Block_Sha1')['statusCode']}</p>"
+                              "incidentArmId": "@triggerBody()?['object']?['id']",
+                              "message": "<p>@{items('For_each')?['Value']} was added to MDE Indicators with action: AlertandBlock via playbook.</p>"
                             },
                             "host": {
                               "connection": {
-                                "name": "@parameters('$connections')['azuresentinel_2']['connectionId']"
+                                "name": "@parameters('$connections')['azuresentinel']['connectionId']"
                               }
                             },
                             "method": "post",
                             "path": "/Incidents/Comment"
-                          }
+                          },
+                          "runAfter": {
+                            "Switch": [
+                              "Succeeded"
+                            ]
+                          },
+                          "type": "ApiConnection"
+                        },
+                        "Switch": {
+                          "cases": {
+                            "Case": {
+                              "actions": {
+                                "HTTP": {
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://api.securitycenter.windows.com/",
+                                      "type": "ManagedServiceIdentity"
+                                    },
+                                    "body": {
+                                      "action": "AlertAndBlock",
+                                      "application": "Microsoft Sentinel",
+                                      "description": "@{triggerBody()?['object']?['properties']?['incidentNumber']}-@{triggerBody()?['object']?['properties']?['title']}",
+                                      "expirationTime": "@{addDays(triggerBody()?['object']?['properties']?['createdTimeUtc'], 90)}",
+                                      "indicatorType": "FileSha1",
+                                      "indicatorValue": "@{items('For_each')?['Value']}",
+                                      "severity": "@{triggerBody()?['object']?['properties']?['severity']}",
+                                      "title": "@{guid()}"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://api.securitycenter.windows.com/api/indicators"
+                                  },
+                                  "type": "Http"
+                                }
+                              },
+                              "case": "SHA1"
+                            },
+                            "Case_2": {
+                              "actions": {
+                                "HTTP_2": {
+                                  "inputs": {
+                                    "authentication": {
+                                      "audience": "https://api.securitycenter.windows.com/",
+                                      "type": "ManagedServiceIdentity"
+                                    },
+                                    "body": {
+                                      "action": "AlertAndBlock",
+                                      "application": "Microsoft Sentinel",
+                                      "description": "@{triggerBody()?['object']?['properties']?['incidentNumber']}-@{triggerBody()?['object']?['properties']?['title']}",
+                                      "expirationTime": "@{addDays(triggerBody()?['object']?['properties']?['createdTimeUtc'], 90)}",
+                                      "indicatorType": "FileSha256",
+                                      "indicatorValue": "@{items('For_each')?['Value']}",
+                                      "severity": "@{triggerBody()?['object']?['properties']?['severity']}",
+                                      "title": "@{guid()}"
+                                    },
+                                    "method": "POST",
+                                    "uri": "https://api.securitycenter.windows.com/api/indicators"
+                                  },
+                                  "type": "Http"
+                                }
+                              },
+                              "case": "SHA256"
+                            }
+                          },
+                          "expression": "@items('For_each')?['Algorithm']",
+                          "type": "Switch"
                         }
                       },
+                      "foreach": "@body('Entities_-_Get_FileHashes')?['Filehashes']",
                       "runAfter": {
-                        "Switch": [
+                        "Entities_-_Get_FileHashes": [
                           "Succeeded"
                         ]
                       },
-                      "expression": {
-                        "and": [
-                          {
-                            "not": {
-                              "equals": [
-                                "@triggerBody()?['IncidentArmID']",
-                                "@null"
-                              ]
-                            }
-                          },
-                          {
-                            "or": [
-                              {
-                                "equals": [
-                                  "@triggerBody()?['Entity']?['properties']?['Algorithm']",
-                                  "SHA1"
-                                ]
-                              },
-                              {
-                                "equals": [
-                                  "@triggerBody()?['Entity']?['properties']?['Algorithm']",
-                                  "SHA256"
-                                ]
-                              }
-                            ]
-                          }
-                        ]
-                      },
-                      "type": "If"
-                    },
-                    "Switch": {
-                      "cases": {
-                        "If_Encoding_==_SHA1": {
-                          "case": "SHA1",
-                          "actions": {
-                            "HTTP_Alert_and_Block_Sha1": {
-                              "type": "Http",
-                              "inputs": {
-                                "authentication": {
-                                  "audience": "https://api.securitycenter.windows.com/",
-                                  "type": "ManagedServiceIdentity"
-                                },
-                                "body": {
-                                  "action": "AlertAndBlock",
-                                  "application": "Microsoft Sentinel",
-                                  "description": "Placeholder description from Automated Restrict-MDEFileHash-entityTrigger App. Incident ARM ID: @{triggerBody()?['IncidentArmID']} File Entity Properties: @{triggerBody()?['Entity']?['properties']}",
-                                  "expirationTime": "@{addDays(utcNow(), 90)}",
-                                  "indicatorType": "FileSha1",
-                                  "indicatorValue": "@{triggerBody()?['Entity']?['properties']?['Value']}",
-                                  "title": "@{guid()}"
-                                },
-                                "headers": {
-                                  "Content-type": "application/json"
-                                },
-                                "method": "POST",
-                                "uri": "https://api.securitycenter.windows.com/api/indicators"
-                              }
-                            }
+                      "type": "Foreach"
+                    }
+                  },
+                  "contentVersion": "1.0.0.0",
+                  "parameters": {
+                    "$connections": {
+                      "type": "Object"
+                    }
+                  },
+                  "triggers": {
+                    "Microsoft_Sentinel_incident": {
+                      "inputs": {
+                        "body": {
+                          "callback_url": "@{listCallbackUrl()}"
+                        },
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
                           }
                         },
-                        "If_Encoding_==_SHA256": {
-                          "case": "SHA256",
-                          "actions": {
-                            "HTTP_Alert_and_Block_Sha256": {
-                              "type": "Http",
-                              "inputs": {
-                                "authentication": {
-                                  "audience": "https://api.securitycenter.windows.com/",
-                                  "type": "ManagedServiceIdentity"
-                                },
-                                "body": {
-                                  "action": "AlertAndBlock",
-                                  "application": "Microsoft Sentinel",
-                                  "description": "Placeholder description from Automated Restrict-MDEFileHash-entityTrigger App. Incident ARM ID: @{triggerBody()?['IncidentArmID']} File Entity Properties: @{triggerBody()?['Entity']?['properties']}",
-                                  "expirationTime": "@{addDays(utcNow(), 90)}",
-                                  "indicatorType": "FileSha256",
-                                  "indicatorValue": "@{triggerBody()?['Entity']?['properties']?['Value']}",
-                                  "title": "@{guid()}"
-                                },
-                                "headers": {
-                                  "Content-type": "application/json"
-                                },
-                                "method": "POST",
-                                "uri": "https://api.securitycenter.windows.com/api/indicators"
-                              }
-                            }
-                          }
-                        }
+                        "path": "/incident-creation"
                       },
-                      "expression": "@triggerBody()?['Entity']?['properties']?['Algorithm']",
-                      "type": "Switch"
+                      "type": "ApiConnectionWebhook"
                     }
                   }
                 },
                 "parameters": {
                   "$connections": {
                     "value": {
-                      "azuresentinel_2": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
-                        "connectionName": "[[variables('MicrosoftSentinelConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
+                      "azuresentinel": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]",
+                        "connectionName": "[[variables('AzureSentinelConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
                         "connectionProperties": {
                           "authentication": {
                             "type": "ManagedServiceIdentity"
@@ -3501,46 +3424,17 @@
                     }
                   }
                 }
-              },
-              "name": "[[parameters('PlaybookName')]",
-              "type": "Microsoft.Logic/workflows",
-              "location": "[[variables('workspace-location-inline')]",
-              "tags": {
-                "hidden-SentinelTemplateName": "Restrict-MDEFileHash-entityTrigger",
-                "hidden-SentinelTemplateVersion": "1.0",
-                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
-              },
-              "identity": {
-                "type": "SystemAssigned"
-              },
-              "apiVersion": "2017-07-01",
-              "dependsOn": [
-                "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]"
-              ]
-            },
-            {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('MicrosoftSentinelConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "kind": "V1",
-              "properties": {
-                "displayName": "[[variables('MicrosoftSentinelConnectionName')]",
-                "parameterValueType": "Alternative",
-                "api": {
-                  "id": "[[variables('_connection-2')]"
-                }
               }
             },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId10'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId8'),'/'))))]",
               "properties": {
-                "parentId": "[variables('playbookId10')]",
-                "contentId": "[variables('_playbookContentId10')]",
+                "parentId": "[variables('playbookId8')]",
+                "contentId": "[variables('_playbookContentId8')]",
                 "kind": "Playbook",
-                "version": "[variables('playbookVersion10')]",
+                "version": "[variables('playbookVersion8')]",
                 "source": {
                   "kind": "Solution",
                   "name": "MicrosoftDefenderForEndpoint",
@@ -3560,23 +3454,40 @@
             }
           ],
           "metadata": {
-            "title": "Restrict MDE FileHash - Entity Triggered",
-            "description": "This playbook will take the triggering FileHash entity and generate an alert and block threat indicator for the file hash in MDE for 90 days.",
-            "prerequisites": "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions and assign Microsoft Sentinel Reader to the resource group for the managed identity. Run the following code replacing the managed identity object id, subscriptionId and resource group. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $SubscriptionId = '<Enter your subsciption id here>' \n\n $ResourceGroup = '<Enter your resource group here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $RoleName = 'Microsoft Sentinel Responder' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n New-AzRoleAssignment -ObjectId $MIGuid -RoleDefinitionName $RoleName -Scope /subscriptions/$SubscriptionId/resourcegroups/$ResourceGroup \n\n ```",
-            "lastUpdateTime": "2023-02-26T00:00:00Z",
+            "title": "Restrict MDE FileHash - Incident Triggered",
+            "description": "This playbook will take FileHash entities and generate alert and block threat indicators for each file hash in MDE for 90 days.",
+            "prerequisites": [
+              "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"
+            ],
+            "postDeployment": [
+              "Assign Playbook Microsoft Sentinel Responder Role",
+              "1. Select the Playbook (Logic App) resource",
+              "2. Click on Identity Blade",
+              "3. Choose System assigned tab",
+              "4. Click on Azure role assignments",
+              "5. Click on Add role assignments",
+              "6. Select Scope - Resource group",
+              "7. Select Subscription - where Playbook has been created",
+              "8. Select Resource group - where Playbook has been created",
+              "9. Select Role - Microsoft Sentinel Responder",
+              "10. Click Save (It takes 3-5 minutes to show the added role.)"
+            ],
+            "lastUpdateTime": "2022-07-14T00:00:00Z",
             "entities": [
               "FileHash"
             ],
             "tags": [
               "Remediation"
             ],
-            "releaseNotes": {
-              "version": "1.0",
-              "title": "[variables('blanks')]",
-              "notes": [
-                "Initial version"
-              ]
-            }
+            "releaseNotes": [
+              {
+                "version": "1.0.0",
+                "title": "Restrict MDE FileHash",
+                "notes": [
+                  "Initial version"
+                ]
+              }
+            ]
           }
         },
         "packageKind": "Solution",
@@ -3584,30 +3495,30 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId10')]",
+        "contentId": "[variables('_playbookContentId8')]",
         "contentKind": "Playbook",
-        "displayName": "Restrict-MDEFileHash-entityTrigger",
-        "contentProductId": "[variables('_playbookcontentProductId10')]",
-        "id": "[variables('_playbookcontentProductId10')]",
-        "version": "[variables('playbookVersion10')]"
+        "displayName": "Restrict-MDEFileHash",
+        "contentProductId": "[variables('_playbookcontentProductId8')]",
+        "id": "[variables('_playbookcontentProductId8')]",
+        "version": "[variables('playbookVersion8')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName11')]",
+      "name": "[variables('playbookTemplateSpecName9')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Restrict-MDEFileHash Playbook with template version 3.0.1",
+        "description": "Restrict-MDEIpAddress Playbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion11')]",
+          "contentVersion": "[variables('playbookVersion9')]",
           "parameters": {
             "PlaybookName": {
-              "defaultValue": "Restrict-MDEFileHash",
+              "defaultValue": "Restrict-MDEIpAddress",
               "type": "String"
             }
           },
@@ -3641,7 +3552,7 @@
               "location": "[[variables('workspace-location-inline')]",
               "tags": {
                 "LogicAppsCategory": "security",
-                "hidden-SentinelTemplateName": "Restrict-MDEFileHash",
+                "hidden-SentinelTemplateName": "Restrict-MDEIPAddress_alert",
                 "hidden-SentinelTemplateVersion": "1.0",
                 "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
               },
@@ -3656,16 +3567,33 @@
                 "definition": {
                   "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
                   "actions": {
-                    "Entities_-_Get_FileHashes": {
+                    "Alert_-_Get_incident": {
                       "inputs": {
-                        "body": "@triggerBody()?['object']?['properties']?['relatedEntities']",
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                          }
+                        },
+                        "method": "get",
+                        "path": "/Incidents/subscriptions/@{encodeURIComponent(triggerBody()?['WorkspaceSubscriptionId'])}/resourceGroups/@{encodeURIComponent(triggerBody()?['WorkspaceResourceGroup'])}/workspaces/@{encodeURIComponent(triggerBody()?['WorkspaceId'])}/alerts/@{encodeURIComponent(triggerBody()?['SystemAlertId'])}"
+                      },
+                      "type": "ApiConnection"
+                    },
+                    "Entities_-_Get_IPs": {
+                      "inputs": {
+                        "body": "@triggerBody()?['Entities']",
                         "host": {
                           "connection": {
                             "name": "@parameters('$connections')['azuresentinel']['connectionId']"
                           }
                         },
                         "method": "post",
-                        "path": "/entities/filehash"
+                        "path": "/entities/ip"
+                      },
+                      "runAfter": {
+                        "Alert_-_Get_incident": [
+                          "Succeeded"
+                        ]
                       },
                       "type": "ApiConnection"
                     },
@@ -3674,8 +3602,8 @@
                         "Add_comment_to_incident_(V3)": {
                           "inputs": {
                             "body": {
-                              "incidentArmId": "@triggerBody()?['object']?['id']",
-                              "message": "<p>@{items('For_each')?['Value']} was added to MDE Indicators with action: AlertandBlock via playbook.</p>"
+                              "incidentArmId": "@body('Alert_-_Get_incident')?['id']",
+                              "message": "<p>@{items('For_each')?['Address']} was added to MDE Indicators with action: AlertandBlock via playbook.</p>"
                             },
                             "host": {
                               "connection": {
@@ -3686,74 +3614,40 @@
                             "path": "/Incidents/Comment"
                           },
                           "runAfter": {
-                            "Switch": [
+                            "HTTP": [
                               "Succeeded"
                             ]
                           },
                           "type": "ApiConnection"
                         },
-                        "Switch": {
-                          "cases": {
-                            "Case": {
-                              "actions": {
-                                "HTTP": {
-                                  "inputs": {
-                                    "authentication": {
-                                      "audience": "https://api.securitycenter.windows.com/",
-                                      "type": "ManagedServiceIdentity"
-                                    },
-                                    "body": {
-                                      "action": "AlertAndBlock",
-                                      "application": "Microsoft Sentinel",
-                                      "description": "@{triggerBody()?['object']?['properties']?['incidentNumber']}-@{triggerBody()?['object']?['properties']?['title']}",
-                                      "expirationTime": "@{addDays(triggerBody()?['object']?['properties']?['createdTimeUtc'], 90)}",
-                                      "indicatorType": "FileSha1",
-                                      "indicatorValue": "@{items('For_each')?['Value']}",
-                                      "severity": "@{triggerBody()?['object']?['properties']?['severity']}",
-                                      "title": "@{guid()}"
-                                    },
-                                    "method": "POST",
-                                    "uri": "https://api.securitycenter.windows.com/api/indicators"
-                                  },
-                                  "type": "Http"
-                                }
-                              },
-                              "case": "SHA1"
+                        "HTTP": {
+                          "inputs": {
+                            "authentication": {
+                              "audience": "https://api.securitycenter.windows.com",
+                              "type": "ManagedServiceIdentity"
                             },
-                            "Case_2": {
-                              "actions": {
-                                "HTTP_2": {
-                                  "inputs": {
-                                    "authentication": {
-                                      "audience": "https://api.securitycenter.windows.com/",
-                                      "type": "ManagedServiceIdentity"
-                                    },
-                                    "body": {
-                                      "action": "AlertAndBlock",
-                                      "application": "Microsoft Sentinel",
-                                      "description": "@{triggerBody()?['object']?['properties']?['incidentNumber']}-@{triggerBody()?['object']?['properties']?['title']}",
-                                      "expirationTime": "@{addDays(triggerBody()?['object']?['properties']?['createdTimeUtc'], 90)}",
-                                      "indicatorType": "FileSha256",
-                                      "indicatorValue": "@{items('For_each')?['Value']}",
-                                      "severity": "@{triggerBody()?['object']?['properties']?['severity']}",
-                                      "title": "@{guid()}"
-                                    },
-                                    "method": "POST",
-                                    "uri": "https://api.securitycenter.windows.com/api/indicators"
-                                  },
-                                  "type": "Http"
-                                }
-                              },
-                              "case": "SHA256"
-                            }
+                            "body": {
+                              "action": "AlertAndBlock",
+                              "application": "Microsoft Sentinel",
+                              "description": "@{body('Alert_-_Get_incident')?['properties']?['incidentNumber']}-@{body('Alert_-_Get_incident')?['properties']?['title']}",
+                              "expirationTime": "@{addDays(string(triggerbody()['TimeGenerated']), 90)}",
+                              "indicatorType": "IpAddress",
+                              "indicatorValue": "@{items('For_each')?['Address']}",
+                              "severity": "@{body('Alert_-_Get_incident')?['properties']?['severity']}",
+                              "title": "@{guid()}"
+                            },
+                            "headers": {
+                              "Content-type": "application/json"
+                            },
+                            "method": "POST",
+                            "uri": "https://api.securitycenter.windows.com/api/indicators"
                           },
-                          "expression": "@items('For_each')?['Algorithm']",
-                          "type": "Switch"
+                          "type": "Http"
                         }
                       },
-                      "foreach": "@body('Entities_-_Get_FileHashes')?['Filehashes']",
+                      "foreach": "@body('Entities_-_Get_IPs')?['IPs']",
                       "runAfter": {
-                        "Entities_-_Get_FileHashes": [
+                        "Entities_-_Get_IPs": [
                           "Succeeded"
                         ]
                       },
@@ -3767,7 +3661,7 @@
                     }
                   },
                   "triggers": {
-                    "Microsoft_Sentinel_incident": {
+                    "Microsoft_Sentinel_alert": {
                       "inputs": {
                         "body": {
                           "callback_url": "@{listCallbackUrl()}"
@@ -3777,7 +3671,7 @@
                             "name": "@parameters('$connections')['azuresentinel']['connectionId']"
                           }
                         },
-                        "path": "/incident-creation"
+                        "path": "/subscribe"
                       },
                       "type": "ApiConnectionWebhook"
                     }
@@ -3804,12 +3698,12 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId11'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId9'),'/'))))]",
               "properties": {
-                "parentId": "[variables('playbookId11')]",
-                "contentId": "[variables('_playbookContentId11')]",
+                "parentId": "[variables('playbookId9')]",
+                "contentId": "[variables('_playbookContentId9')]",
                 "kind": "Playbook",
-                "version": "[variables('playbookVersion11')]",
+                "version": "[variables('playbookVersion9')]",
                 "source": {
                   "kind": "Solution",
                   "name": "MicrosoftDefenderForEndpoint",
@@ -3829,14 +3723,27 @@
             }
           ],
           "metadata": {
-            "title": "Restrict MDE FileHash - Incident Triggered",
-            "description": "This playbook will take FileHash entities and generate alert and block threat indicators for each file hash in MDE for 90 days.",
+            "title": "Restrict MDE Ip Address - Alert Triggered",
+            "description": "This playbook will take IP entities and generate alert and block threat indicators for each IP in MDE for 90 days.",
             "prerequisites": [
-              "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"
+              "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions and assign Microsoft Sentinel Reader to the resource group for the managed identity. Run the following code replacing the managed identity object id, subscriptionId and resource group. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $SubscriptionId = '<Enter your subsciption id here>' \n\n $ResourceGroup = '<Enter your resource group here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $RoleName = 'Microsoft Sentinel Responder' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n New-AzRoleAssignment -ObjectId $MIGuid -RoleDefinitionName $RoleName -Scope /subscriptions/$SubscriptionId/resourcegroups/$ResourceGroup \n\n ```"
+            ],
+            "postDeployment": [
+              "Assign Playbook Microsoft Sentinel Responder Role",
+              "1. Select the Playbook (Logic App) resource",
+              "2. Click on Identity Blade",
+              "3. Choose System assigned tab",
+              "4. Click on Azure role assignments",
+              "5. Click on Add role assignments",
+              "6. Select Scope - Resource group",
+              "7. Select Subscription - where Playbook has been created",
+              "8. Select Resource group - where Playbook has been created",
+              "9. Select Role - Microsoft Sentinel Responder",
+              "10. Click Save (It takes 3-5 minutes to show the added role.)"
             ],
             "lastUpdateTime": "2022-07-14T00:00:00Z",
             "entities": [
-              "FileHash"
+              "Ip"
             ],
             "tags": [
               "Remediation"
@@ -3844,7 +3751,7 @@
             "releaseNotes": [
               {
                 "version": "1.0.0",
-                "title": "Restrict MDE FileHash",
+                "title": "Restrict MDE Ip Address",
                 "notes": [
                   "Initial version"
                 ]
@@ -3857,18 +3764,18 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId11')]",
+        "contentId": "[variables('_playbookContentId9')]",
         "contentKind": "Playbook",
-        "displayName": "Restrict-MDEFileHash",
-        "contentProductId": "[variables('_playbookcontentProductId11')]",
-        "id": "[variables('_playbookcontentProductId11')]",
-        "version": "[variables('playbookVersion11')]"
+        "displayName": "Restrict-MDEIpAddress",
+        "contentProductId": "[variables('_playbookcontentProductId9')]",
+        "id": "[variables('_playbookcontentProductId9')]",
+        "version": "[variables('playbookVersion9')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName12')]",
+      "name": "[variables('playbookTemplateSpecName10')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
@@ -3877,7 +3784,7 @@
         "description": "Restrict-MDEIpAddress Playbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion12')]",
+          "contentVersion": "[variables('playbookVersion10')]",
           "parameters": {
             "PlaybookName": {
               "defaultValue": "Restrict-MDEIpAddress",
@@ -3914,7 +3821,7 @@
               "location": "[[variables('workspace-location-inline')]",
               "tags": {
                 "LogicAppsCategory": "security",
-                "hidden-SentinelTemplateName": "Restrict-MDEIPAddress_alert",
+                "hidden-SentinelTemplateName": "Restrict-MDEIPAddress",
                 "hidden-SentinelTemplateVersion": "1.0",
                 "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
               },
@@ -3929,21 +3836,9 @@
                 "definition": {
                   "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
                   "actions": {
-                    "Alert_-_Get_incident": {
-                      "inputs": {
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                          }
-                        },
-                        "method": "get",
-                        "path": "/Incidents/subscriptions/@{encodeURIComponent(triggerBody()?['WorkspaceSubscriptionId'])}/resourceGroups/@{encodeURIComponent(triggerBody()?['WorkspaceResourceGroup'])}/workspaces/@{encodeURIComponent(triggerBody()?['WorkspaceId'])}/alerts/@{encodeURIComponent(triggerBody()?['SystemAlertId'])}"
-                      },
-                      "type": "ApiConnection"
-                    },
                     "Entities_-_Get_IPs": {
                       "inputs": {
-                        "body": "@triggerBody()?['Entities']",
+                        "body": "@triggerBody()?['object']?['properties']?['relatedEntities']",
                         "host": {
                           "connection": {
                             "name": "@parameters('$connections')['azuresentinel']['connectionId']"
@@ -3952,11 +3847,6 @@
                         "method": "post",
                         "path": "/entities/ip"
                       },
-                      "runAfter": {
-                        "Alert_-_Get_incident": [
-                          "Succeeded"
-                        ]
-                      },
                       "type": "ApiConnection"
                     },
                     "For_each": {
@@ -3964,7 +3854,7 @@
                         "Add_comment_to_incident_(V3)": {
                           "inputs": {
                             "body": {
-                              "incidentArmId": "@body('Alert_-_Get_incident')?['id']",
+                              "incidentArmId": "@triggerBody()?['object']?['id']",
                               "message": "<p>@{items('For_each')?['Address']} was added to MDE Indicators with action: AlertandBlock via playbook.</p>"
                             },
                             "host": {
@@ -3991,11 +3881,11 @@
                             "body": {
                               "action": "AlertAndBlock",
                               "application": "Microsoft Sentinel",
-                              "description": "@{body('Alert_-_Get_incident')?['properties']?['incidentNumber']}-@{body('Alert_-_Get_incident')?['properties']?['title']}",
-                              "expirationTime": "@{addDays(string(triggerbody()['TimeGenerated']), 90)}",
+                              "description": "@{triggerBody()?['object']?['properties']?['incidentNumber']}-@{triggerBody()?['object']?['properties']?['title']}",
+                              "expirationTime": "@{addDays(string(triggerbody()['object']?['properties']?['createdTimeUtc']), 90)}",
                               "indicatorType": "IpAddress",
                               "indicatorValue": "@{items('For_each')?['Address']}",
-                              "severity": "@{body('Alert_-_Get_incident')?['properties']?['severity']}",
+                              "severity": "@{triggerBody()?['object']?['properties']?['severity']}",
                               "title": "@{guid()}"
                             },
                             "headers": {
@@ -4023,7 +3913,7 @@
                     }
                   },
                   "triggers": {
-                    "Microsoft_Sentinel_alert": {
+                    "Microsoft_Sentinel_incident": {
                       "inputs": {
                         "body": {
                           "callback_url": "@{listCallbackUrl()}"
@@ -4033,7 +3923,7 @@
                             "name": "@parameters('$connections')['azuresentinel']['connectionId']"
                           }
                         },
-                        "path": "/subscribe"
+                        "path": "/incident-creation"
                       },
                       "type": "ApiConnectionWebhook"
                     }
@@ -4060,12 +3950,12 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId12'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId10'),'/'))))]",
               "properties": {
-                "parentId": "[variables('playbookId12')]",
-                "contentId": "[variables('_playbookContentId12')]",
+                "parentId": "[variables('playbookId10')]",
+                "contentId": "[variables('_playbookContentId10')]",
                 "kind": "Playbook",
-                "version": "[variables('playbookVersion12')]",
+                "version": "[variables('playbookVersion10')]",
                 "source": {
                   "kind": "Solution",
                   "name": "MicrosoftDefenderForEndpoint",
@@ -4085,11 +3975,24 @@
             }
           ],
           "metadata": {
-            "title": "Restrict MDE Ip Address - Alert Triggered",
+            "title": "Restrict MDE Ip Address - Incident Triggered",
             "description": "This playbook will take IP entities and generate alert and block threat indicators for each IP in MDE for 90 days.",
             "prerequisites": [
               "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions and assign Microsoft Sentinel Reader to the resource group for the managed identity. Run the following code replacing the managed identity object id, subscriptionId and resource group. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $SubscriptionId = '<Enter your subsciption id here>' \n\n $ResourceGroup = '<Enter your resource group here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $RoleName = 'Microsoft Sentinel Responder' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n New-AzRoleAssignment -ObjectId $MIGuid -RoleDefinitionName $RoleName -Scope /subscriptions/$SubscriptionId/resourcegroups/$ResourceGroup \n\n ```"
             ],
+            "postDeployment": [
+              "Assign Playbook Microsoft Sentinel Responder Role",
+              "1. Select the Playbook (Logic App) resource",
+              "2. Click on Identity Blade",
+              "3. Choose System assigned tab",
+              "4. Click on Azure role assignments",
+              "5. Click on Add role assignments",
+              "6. Select Scope - Resource group",
+              "7. Select Subscription - where Playbook has been created",
+              "8. Select Resource group - where Playbook has been created",
+              "9. Select Role - Microsoft Sentinel Responder",
+              "10. Click Save (It takes 3-5 minutes to show the added role.)"
+            ],
             "lastUpdateTime": "2022-07-14T00:00:00Z",
             "entities": [
               "Ip"
@@ -4113,141 +4016,195 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId12')]",
+        "contentId": "[variables('_playbookContentId10')]",
         "contentKind": "Playbook",
         "displayName": "Restrict-MDEIpAddress",
-        "contentProductId": "[variables('_playbookcontentProductId12')]",
-        "id": "[variables('_playbookcontentProductId12')]",
-        "version": "[variables('playbookVersion12')]"
+        "contentProductId": "[variables('_playbookcontentProductId10')]",
+        "id": "[variables('_playbookcontentProductId10')]",
+        "version": "[variables('playbookVersion10')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName13')]",
+      "name": "[variables('playbookTemplateSpecName11')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Restrict-MDEIP-entityTrigger Playbook with template version 3.0.1",
+        "description": "Restrict-MDEUrl Playbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion13')]",
+          "contentVersion": "[variables('playbookVersion11')]",
           "parameters": {
             "PlaybookName": {
-              "defaultValue": "Restrict-MDEIP-entityTrigger",
-              "type": "string"
+              "defaultValue": "Restrict-MDEUrl",
+              "type": "String"
             }
           },
           "variables": {
-            "MicrosoftSentinelConnectionName": "[[concat('MicrosoftSentinel-', parameters('PlaybookName'))]",
-            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
-            "_connection-2": "[[variables('connection-2')]",
+            "AzureSentinelConnectionName": "[[concat('azuresentinel-', parameters('PlaybookName'))]",
+            "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
+            "_connection-1": "[[variables('connection-1')]",
             "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
             "workspace-name": "[parameters('workspace')]",
             "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
           },
           "resources": [
             {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('AzureSentinelConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
+              "properties": {
+                "displayName": "[[parameters('PlaybookName')]",
+                "parameterValueType": "Alternative",
+                "api": {
+                  "id": "[[variables('_connection-1')]"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.Logic/workflows",
+              "apiVersion": "2017-07-01",
+              "name": "[[parameters('PlaybookName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "tags": {
+                "LogicAppsCategory": "security",
+                "hidden-SentinelTemplateName": "Restrict-MDEUrl_alert",
+                "hidden-SentinelTemplateVersion": "1.0",
+                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
+              },
+              "dependsOn": [
+                "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]"
+              ],
+              "identity": {
+                "type": "SystemAssigned"
+              },
               "properties": {
-                "provisioningState": "Succeeded",
                 "state": "Enabled",
                 "definition": {
                   "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
-                  "contentVersion": "1.0.0.0",
-                  "parameters": {
-                    "$connections": {
-                      "type": "Object"
-                    }
-                  },
-                  "triggers": {
-                    "Microsoft_Sentinel_entity_(IP)": {
-                      "type": "ApiConnectionWebhook",
+                  "actions": {
+                    "Alert_-_Get_incident": {
                       "inputs": {
-                        "body": {
-                          "callback_url": "@{listCallbackUrl()}"
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                          }
                         },
+                        "method": "get",
+                        "path": "/Incidents/subscriptions/@{encodeURIComponent(triggerBody()?['WorkspaceSubscriptionId'])}/resourceGroups/@{encodeURIComponent(triggerBody()?['WorkspaceResourceGroup'])}/workspaces/@{encodeURIComponent(triggerBody()?['WorkspaceId'])}/alerts/@{encodeURIComponent(triggerBody()?['SystemAlertId'])}"
+                      },
+                      "type": "ApiConnection"
+                    },
+                    "Entities_-_Get_URLs": {
+                      "inputs": {
+                        "body": "@triggerBody()?['Entities']",
                         "host": {
                           "connection": {
-                            "name": "@parameters('$connections')['azuresentinel_1']['connectionId']"
+                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
                           }
                         },
-                        "path": "/entity/@{encodeURIComponent('IP')}"
-                      }
-                    }
-                  },
-                  "actions": {
-                    "Condition": {
+                        "method": "post",
+                        "path": "/entities/url"
+                      },
+                      "runAfter": {
+                        "Alert_-_Get_incident": [
+                          "Succeeded"
+                        ]
+                      },
+                      "type": "ApiConnection"
+                    },
+                    "For_each": {
                       "actions": {
                         "Add_comment_to_incident_(V3)": {
-                          "type": "ApiConnection",
                           "inputs": {
                             "body": {
-                              "incidentArmId": "@triggerBody()?['IncidentArmID']",
-                              "message": "<p>An AlertAndBlock request has been sent to the security centre API for the IP address@{triggerBody()?['Entity']?['properties']?['Address']} . Note that the expiration time for this request is 90 days.<br>\nHTTP Response of AlertAndBlock request: @{outputs('HTTP_-_Alert_And_Block_IP')['statusCode']}</p>"
+                              "incidentArmId": "@body('Alert_-_Get_incident')?['id']",
+                              "message": "<p>@{items('For_each')?['Url']} was added to MDE Indicators with action: AlertandBlock via playbook.</p>"
                             },
                             "host": {
                               "connection": {
-                                "name": "@parameters('$connections')['azuresentinel_1']['connectionId']"
+                                "name": "@parameters('$connections')['azuresentinel']['connectionId']"
                               }
                             },
                             "method": "post",
                             "path": "/Incidents/Comment"
-                          }
+                          },
+                          "runAfter": {
+                            "HTTP": [
+                              "Succeeded"
+                            ]
+                          },
+                          "type": "ApiConnection"
+                        },
+                        "HTTP": {
+                          "inputs": {
+                            "authentication": {
+                              "audience": "https://api.securitycenter.windows.com",
+                              "type": "ManagedServiceIdentity"
+                            },
+                            "body": {
+                              "action": "AlertAndBlock",
+                              "application": "Microsoft Sentinel",
+                              "description": "@{body('Alert_-_Get_incident')?['properties']?['incidentNumber']}-@{body('Alert_-_Get_incident')?['properties']?['title']}",
+                              "expirationTime": "@{formatDateTime(addDays(string(triggerbody()['TimeGenerated']), 90), 'yyyy-MM-ddTHH:mm:ssZ')}",
+                              "indicatorType": "Url",
+                              "indicatorValue": "@{items('For_each')?['Url']}",
+                              "severity": "@{body('Alert_-_Get_incident')?['properties']?['severity']}",
+                              "title": "@{guid()}"
+                            },
+                            "headers": {
+                              "Content-type": "application/json"
+                            },
+                            "method": "POST",
+                            "uri": "https://api.securitycenter.windows.com/api/indicators"
+                          },
+                          "type": "Http"
                         }
                       },
+                      "foreach": "@body('Entities_-_Get_URLs')?['URLs']",
                       "runAfter": {
-                        "HTTP_-_Alert_And_Block_IP": [
+                        "Entities_-_Get_URLs": [
                           "Succeeded"
                         ]
                       },
-                      "expression": {
-                        "and": [
-                          {
-                            "not": {
-                              "equals": [
-                                "@triggerBody()?['IncidentArmID']",
-                                "@null"
-                              ]
-                            }
-                          }
-                        ]
-                      },
-                      "type": "If"
-                    },
-                    "HTTP_-_Alert_And_Block_IP": {
-                      "type": "Http",
+                      "type": "Foreach"
+                    }
+                  },
+                  "contentVersion": "1.0.0.0",
+                  "parameters": {
+                    "$connections": {
+                      "type": "Object"
+                    }
+                  },
+                  "triggers": {
+                    "Microsoft_Sentinel_alert": {
                       "inputs": {
-                        "authentication": {
-                          "audience": "https://api.securitycenter.windows.com",
-                          "type": "ManagedServiceIdentity"
-                        },
                         "body": {
-                          "action": "AlertAndBlock",
-                          "application": "Microsoft Sentinel",
-                          "description": "IP blocked by Restrict-MDEIP-entityTrigger Logic app from an entity in Microsoft Sentinel Incident (ARM ID): @{triggerBody()?['IncidentArmID']}. Properties: @{triggerBody()?['Entity']?['properties']}",
-                          "expirationTime": "@{addDays(utcNow(), 90)}",
-                          "indicatorType": "IpAddress",
-                          "indicatorValue": "@{triggerBody()?['Entity']?['properties']?['Address']}",
-                          "title": "@{guid()}"
+                          "callback_url": "@{listCallbackUrl()}"
                         },
-                        "headers": {
-                          "Content-type": "application/json"
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                          }
                         },
-                        "method": "POST",
-                        "uri": "https://api.securitycenter.windows.com/api/indicators"
-                      }
+                        "path": "/subscribe"
+                      },
+                      "type": "ApiConnectionWebhook"
                     }
                   }
                 },
                 "parameters": {
                   "$connections": {
                     "value": {
-                      "azuresentinel_1": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
-                        "connectionName": "[[variables('MicrosoftSentinelConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
+                      "azuresentinel": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]",
+                        "connectionName": "[[variables('AzureSentinelConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
                         "connectionProperties": {
                           "authentication": {
                             "type": "ManagedServiceIdentity"
@@ -4257,46 +4214,17 @@
                     }
                   }
                 }
-              },
-              "name": "[[parameters('PlaybookName')]",
-              "type": "Microsoft.Logic/workflows",
-              "location": "[[variables('workspace-location-inline')]",
-              "tags": {
-                "hidden-SentinelTemplateName": "Restrict-MDEIP-entityTrigger",
-                "hidden-SentinelTemplateVersion": "1.0",
-                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
-              },
-              "identity": {
-                "type": "SystemAssigned"
-              },
-              "apiVersion": "2017-07-01",
-              "dependsOn": [
-                "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]"
-              ]
-            },
-            {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('MicrosoftSentinelConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "kind": "V1",
-              "properties": {
-                "displayName": "[[variables('MicrosoftSentinelConnectionName')]",
-                "parameterValueType": "Alternative",
-                "api": {
-                  "id": "[[variables('_connection-2')]"
-                }
               }
             },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId13'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId11'),'/'))))]",
               "properties": {
-                "parentId": "[variables('playbookId13')]",
-                "contentId": "[variables('_playbookContentId13')]",
+                "parentId": "[variables('playbookId11')]",
+                "contentId": "[variables('_playbookContentId11')]",
                 "kind": "Playbook",
-                "version": "[variables('playbookVersion13')]",
+                "version": "[variables('playbookVersion11')]",
                 "source": {
                   "kind": "Solution",
                   "name": "MicrosoftDefenderForEndpoint",
@@ -4316,23 +4244,40 @@
             }
           ],
           "metadata": {
-            "title": "Restrict MDE Ip Address - Entity Triggered",
-            "description": "This playbook will and generate alert and block threat indicators for the IP entity in MDE for 90 days.",
-            "prerequisites": "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions and assign Microsoft Sentinel Reader to the resource group for the managed identity. Run the following code replacing the managed identity object id, subscriptionId and resource group. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $SubscriptionId = '<Enter your subsciption id here>' \n\n $ResourceGroup = '<Enter your resource group here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $RoleName = 'Microsoft Sentinel Responder' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n New-AzRoleAssignment -ObjectId $MIGuid -RoleDefinitionName $RoleName -Scope /subscriptions/$SubscriptionId/resourcegroups/$ResourceGroup \n\n ```",
-            "lastUpdateTime": "2023-02-26T00:00:00Z",
+            "title": "Restrict MDE Url - Alert Triggered",
+            "description": "This playbook will take Url entities and generate alert and block threat indicators for each IP in MDE for 90 days.",
+            "prerequisites": [
+              "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"
+            ],
+            "postDeployment": [
+              "Assign Playbook Microsoft Sentinel Responder Role",
+              "1. Select the Playbook (Logic App) resource",
+              "2. Click on Identity Blade",
+              "3. Choose System assigned tab",
+              "4. Click on Azure role assignments",
+              "5. Click on Add role assignments",
+              "6. Select Scope - Resource group",
+              "7. Select Subscription - where Playbook has been created",
+              "8. Select Resource group - where Playbook has been created",
+              "9. Select Role - Microsoft Sentinel Responder",
+              "10. Click Save (It takes 3-5 minutes to show the added role.)"
+            ],
+            "lastUpdateTime": "2022-07-14T00:00:00Z",
             "entities": [
-              "Ip"
+              "Url"
             ],
             "tags": [
               "Remediation"
             ],
-            "releaseNotes": {
-              "version": "1.0",
-              "title": "[variables('blanks')]",
-              "notes": [
-                "Initial version"
-              ]
-            }
+            "releaseNotes": [
+              {
+                "version": "1.0.0",
+                "title": "Restrict MDE Url",
+                "notes": [
+                  "Initial version"
+                ]
+              }
+            ]
           }
         },
         "packageKind": "Solution",
@@ -4340,30 +4285,30 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId13')]",
+        "contentId": "[variables('_playbookContentId11')]",
         "contentKind": "Playbook",
-        "displayName": "Restrict-MDEIP-entityTrigger",
-        "contentProductId": "[variables('_playbookcontentProductId13')]",
-        "id": "[variables('_playbookcontentProductId13')]",
-        "version": "[variables('playbookVersion13')]"
+        "displayName": "Restrict-MDEUrl",
+        "contentProductId": "[variables('_playbookcontentProductId11')]",
+        "id": "[variables('_playbookcontentProductId11')]",
+        "version": "[variables('playbookVersion11')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName14')]",
+      "name": "[variables('playbookTemplateSpecName12')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Restrict-MDEIpAddress Playbook with template version 3.0.1",
+        "description": "Restrict-MDEUrl Playbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion14')]",
+          "contentVersion": "[variables('playbookVersion12')]",
           "parameters": {
             "PlaybookName": {
-              "defaultValue": "Restrict-MDEIpAddress",
+              "defaultValue": "Restrict-MDEUrl",
               "type": "String"
             }
           },
@@ -4397,7 +4342,7 @@
               "location": "[[variables('workspace-location-inline')]",
               "tags": {
                 "LogicAppsCategory": "security",
-                "hidden-SentinelTemplateName": "Restrict-MDEIPAddress",
+                "hidden-SentinelTemplateName": "Restrict-MDEUrl",
                 "hidden-SentinelTemplateVersion": "1.0",
                 "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
               },
@@ -4412,7 +4357,7 @@
                 "definition": {
                   "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
                   "actions": {
-                    "Entities_-_Get_IPs": {
+                    "Entities_-_Get_URLs": {
                       "inputs": {
                         "body": "@triggerBody()?['object']?['properties']?['relatedEntities']",
                         "host": {
@@ -4421,7 +4366,7 @@
                           }
                         },
                         "method": "post",
-                        "path": "/entities/ip"
+                        "path": "/entities/url"
                       },
                       "type": "ApiConnection"
                     },
@@ -4431,7 +4376,7 @@
                           "inputs": {
                             "body": {
                               "incidentArmId": "@triggerBody()?['object']?['id']",
-                              "message": "<p>@{items('For_each')?['Address']} was added to MDE Indicators with action: AlertandBlock via playbook.</p>"
+                              "message": "<p>@{items('For_each')?['Url']} was added to MDE Indicators with action: AlertandBlock via playbook.</p>"
                             },
                             "host": {
                               "connection": {
@@ -4458,9 +4403,9 @@
                               "action": "AlertAndBlock",
                               "application": "Microsoft Sentinel",
                               "description": "@{triggerBody()?['object']?['properties']?['incidentNumber']}-@{triggerBody()?['object']?['properties']?['title']}",
-                              "expirationTime": "@{addDays(string(triggerbody()['object']?['properties']?['createdTimeUtc']), 90)}",
-                              "indicatorType": "IpAddress",
-                              "indicatorValue": "@{items('For_each')?['Address']}",
+                              "expirationTime": "@{formatDateTime(addDays(triggerBody()?['object']?['properties']?['createdTimeUtc'], 90), 'yyyy-MM-ddTHH:mm:ssZ')}",
+                              "indicatorType": "Url",
+                              "indicatorValue": "@{items('For_each')?['Url']}",
                               "severity": "@{triggerBody()?['object']?['properties']?['severity']}",
                               "title": "@{guid()}"
                             },
@@ -4473,9 +4418,9 @@
                           "type": "Http"
                         }
                       },
-                      "foreach": "@body('Entities_-_Get_IPs')?['IPs']",
+                      "foreach": "@body('Entities_-_Get_URLs')?['URLs']",
                       "runAfter": {
-                        "Entities_-_Get_IPs": [
+                        "Entities_-_Get_URLs": [
                           "Succeeded"
                         ]
                       },
@@ -4526,12 +4471,12 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId14'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId12'),'/'))))]",
               "properties": {
-                "parentId": "[variables('playbookId14')]",
-                "contentId": "[variables('_playbookContentId14')]",
+                "parentId": "[variables('playbookId12')]",
+                "contentId": "[variables('_playbookContentId12')]",
                 "kind": "Playbook",
-                "version": "[variables('playbookVersion14')]",
+                "version": "[variables('playbookVersion12')]",
                 "source": {
                   "kind": "Solution",
                   "name": "MicrosoftDefenderForEndpoint",
@@ -4551,14 +4496,27 @@
             }
           ],
           "metadata": {
-            "title": "Restrict MDE Ip Address - Incident Triggered",
-            "description": "This playbook will take IP entities and generate alert and block threat indicators for each IP in MDE for 90 days.",
+            "title": "Restrict MDE Url - Incident Triggered",
+            "description": "This playbook will take Url entities and generate alert and block threat indicators for each IP in MDE for 90 days.",
             "prerequisites": [
-              "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions and assign Microsoft Sentinel Reader to the resource group for the managed identity. Run the following code replacing the managed identity object id, subscriptionId and resource group. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $SubscriptionId = '<Enter your subsciption id here>' \n\n $ResourceGroup = '<Enter your resource group here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $RoleName = 'Microsoft Sentinel Responder' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n New-AzRoleAssignment -ObjectId $MIGuid -RoleDefinitionName $RoleName -Scope /subscriptions/$SubscriptionId/resourcegroups/$ResourceGroup \n\n ```"
+              "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"
+            ],
+            "postDeployment": [
+              "Assign Playbook Microsoft Sentinel Responder Role",
+              "1. Select the Playbook (Logic App) resource",
+              "2. Click on Identity Blade",
+              "3. Choose System assigned tab",
+              "4. Click on Azure role assignments",
+              "5. Click on Add role assignments",
+              "6. Select Scope - Resource group",
+              "7. Select Subscription - where Playbook has been created",
+              "8. Select Resource group - where Playbook has been created",
+              "9. Select Role - Microsoft Sentinel Responder",
+              "10. Click Save (It takes 3-5 minutes to show the added role.)"
             ],
             "lastUpdateTime": "2022-07-14T00:00:00Z",
             "entities": [
-              "Ip"
+              "Url"
             ],
             "tags": [
               "Remediation"
@@ -4566,7 +4524,7 @@
             "releaseNotes": [
               {
                 "version": "1.0.0",
-                "title": "Restrict MDE Ip Address",
+                "title": "Restrict MDE Url",
                 "notes": [
                   "Initial version"
                 ]
@@ -4579,37 +4537,52 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId14')]",
+        "contentId": "[variables('_playbookContentId12')]",
         "contentKind": "Playbook",
-        "displayName": "Restrict-MDEIpAddress",
-        "contentProductId": "[variables('_playbookcontentProductId14')]",
-        "id": "[variables('_playbookcontentProductId14')]",
-        "version": "[variables('playbookVersion14')]"
+        "displayName": "Restrict-MDEUrl",
+        "contentProductId": "[variables('_playbookcontentProductId12')]",
+        "id": "[variables('_playbookcontentProductId12')]",
+        "version": "[variables('playbookVersion12')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName15')]",
+      "name": "[variables('playbookTemplateSpecName13')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Restrict-MDEUrl Playbook with template version 3.0.1",
+        "description": "Run-MDEAntivirus Playbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion15')]",
+          "contentVersion": "[variables('playbookVersion13')]",
           "parameters": {
             "PlaybookName": {
-              "defaultValue": "Restrict-MDEUrl",
-              "type": "String"
+              "defaultValue": "Run-MDEAntivirus",
+              "type": "string"
+            },
+            "SentinelResourceGroupName": {
+              "defaultValue": "",
+              "type": "string"
+            },
+            "SentinelSubscriptionId": {
+              "defaultValue": "",
+              "type": "string"
             }
           },
           "variables": {
             "AzureSentinelConnectionName": "[[concat('azuresentinel-', parameters('PlaybookName'))]",
+            "MDATPConnectionName": "[[concat('wdatp-', parameters('PlaybookName'))]",
+            "roleAssignmentName": "[[guid(subscription().subscriptionId, resourceGroup().id)]",
+            "ASSubscriptionId": "[[if(empty(parameters('SentinelSubscriptionId')), subscription().subscriptionId, parameters('SentinelSubscriptionId'))]",
+            "roleDefinitionId": "[[concat('/subscriptions/', variables('ASSubscriptionId'),'/providers/Microsoft.Authorization/roleDefinitions/ab8e14d6-4a74-4a29-9ba8-549422addade')]",
+            "_roleDefinitionId": "[[variables('roleDefinitionId')]",
             "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
             "_connection-1": "[[variables('connection-1')]",
+            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/wdatp')]",
+            "_connection-2": "[[variables('connection-2')]",
             "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
             "workspace-name": "[parameters('workspace')]",
             "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
@@ -4629,6 +4602,20 @@
                 }
               }
             },
+            {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('MDATPConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
+              "properties": {
+                "displayName": "[[parameters('PlaybookName')]",
+                "parameterValueType": "Alternative",
+                "api": {
+                  "id": "[[variables('_connection-2')]"
+                }
+              }
+            },
             {
               "type": "Microsoft.Logic/workflows",
               "apiVersion": "2017-07-01",
@@ -4636,16 +4623,17 @@
               "location": "[[variables('workspace-location-inline')]",
               "tags": {
                 "LogicAppsCategory": "security",
-                "hidden-SentinelTemplateName": "Restrict-MDEUrl_alert",
+                "hidden-SentinelTemplateName": "Run-MDEAntivirus_alert",
                 "hidden-SentinelTemplateVersion": "1.0",
                 "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
               },
-              "dependsOn": [
-                "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]"
-              ],
               "identity": {
                 "type": "SystemAssigned"
               },
+              "dependsOn": [
+                "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]",
+                "[[resourceId('Microsoft.Web/connections', variables('MDATPConnectionName'))]"
+              ],
               "properties": {
                 "state": "Enabled",
                 "definition": {
@@ -4661,9 +4649,14 @@
                         "method": "get",
                         "path": "/Incidents/subscriptions/@{encodeURIComponent(triggerBody()?['WorkspaceSubscriptionId'])}/resourceGroups/@{encodeURIComponent(triggerBody()?['WorkspaceResourceGroup'])}/workspaces/@{encodeURIComponent(triggerBody()?['WorkspaceId'])}/alerts/@{encodeURIComponent(triggerBody()?['SystemAlertId'])}"
                       },
+                      "runAfter": {
+                        "Initialize_variable": [
+                          "Succeeded"
+                        ]
+                      },
                       "type": "ApiConnection"
                     },
-                    "Entities_-_Get_URLs": {
+                    "Entities_-_Get_Hosts": {
                       "inputs": {
                         "body": "@triggerBody()?['Entities']",
                         "host": {
@@ -4672,7 +4665,7 @@
                           }
                         },
                         "method": "post",
-                        "path": "/entities/url"
+                        "path": "/entities/host"
                       },
                       "runAfter": {
                         "Alert_-_Get_incident": [
@@ -4683,59 +4676,171 @@
                     },
                     "For_each": {
                       "actions": {
-                        "Add_comment_to_incident_(V3)": {
-                          "inputs": {
-                            "body": {
-                              "incidentArmId": "@body('Alert_-_Get_incident')?['id']",
-                              "message": "<p>@{items('For_each')?['Url']} was added to MDE Indicators with action: AlertandBlock via playbook.</p>"
-                            },
-                            "host": {
-                              "connection": {
-                                "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                              }
+                        "Condition": {
+                          "actions": {
+                            "Machines_-_Get_single_machine": {
+                              "inputs": {
+                                "host": {
+                                  "connection": {
+                                    "name": "@parameters('$connections')['wdatp']['connectionId']"
+                                  }
+                                },
+                                "method": "get",
+                                "path": "/api/machines/@{encodeURIComponent(items('For_each')?['HostName'])}"
+                              },
+                              "type": "ApiConnection"
                             },
-                            "method": "post",
-                            "path": "/Incidents/Comment"
+                            "Set_variable": {
+                              "inputs": {
+                                "name": "MDEDeviceId",
+                                "value": "@body('Machines_-_Get_single_machine')?['id']"
+                              },
+                              "runAfter": {
+                                "Machines_-_Get_single_machine": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "type": "SetVariable"
+                            }
                           },
-                          "runAfter": {
-                            "HTTP": [
-                              "Succeeded"
-                            ]
+                          "else": {
+                            "actions": {
+                              "Machines_-_Get_single_machine_2": {
+                                "inputs": {
+                                  "host": {
+                                    "connection": {
+                                      "name": "@parameters('$connections')['wdatp']['connectionId']"
+                                    }
+                                  },
+                                  "method": "get",
+                                  "path": "/api/machines/@{encodeURIComponent(items('For_each')?['MdatpDeviceId'])}"
+                                },
+                                "type": "ApiConnection"
+                              },
+                              "Set_variable_2": {
+                                "inputs": {
+                                  "name": "MDEDeviceId",
+                                  "value": "@body('Machines_-_Get_single_machine_2')?['id']"
+                                },
+                                "runAfter": {
+                                  "Machines_-_Get_single_machine_2": [
+                                    "Succeeded"
+                                  ]
+                                },
+                                "type": "SetVariable"
+                              }
+                            }
                           },
-                          "type": "ApiConnection"
+                          "expression": {
+                            "and": [
+                              {
+                                "equals": [
+                                  "@items('For_each')?['MdatpDeviceId']",
+                                  "@null"
+                                ]
+                              }
+                            ]
+                          },
+                          "type": "If"
                         },
-                        "HTTP": {
-                          "inputs": {
-                            "authentication": {
-                              "audience": "https://api.securitycenter.windows.com",
-                              "type": "ManagedServiceIdentity"
-                            },
-                            "body": {
-                              "action": "AlertAndBlock",
-                              "application": "Microsoft Sentinel",
-                              "description": "@{body('Alert_-_Get_incident')?['properties']?['incidentNumber']}-@{body('Alert_-_Get_incident')?['properties']?['title']}",
-                              "expirationTime": "@{formatDateTime(addDays(string(triggerbody()['TimeGenerated']), 90), 'yyyy-MM-ddTHH:mm:ssZ')}",
-                              "indicatorType": "Url",
-                              "indicatorValue": "@{items('For_each')?['Url']}",
-                              "severity": "@{body('Alert_-_Get_incident')?['properties']?['severity']}",
-                              "title": "@{guid()}"
-                            },
-                            "headers": {
-                              "Content-type": "application/json"
+                        "Condition_2": {
+                          "actions": {
+                            "Actions_-_Run_antivirus_scan": {
+                              "inputs": {
+                                "body": {
+                                  "Comment": "AV Scan run from playbook for Microsoft Sentinel Incident: @{body('Alert_-_Get_incident')?['properties']?['incidentNumber']} -  @{body('Alert_-_Get_incident')?['properties']?['title']}",
+                                  "ScanType": "Full"
+                                },
+                                "host": {
+                                  "connection": {
+                                    "name": "@parameters('$connections')['wdatp']['connectionId']"
+                                  }
+                                },
+                                "method": "post",
+                                "path": "/api/machines/@{encodeURIComponent(variables('MDEDeviceId'))}/runAntiVirusScan"
+                              },
+                              "type": "ApiConnection"
                             },
-                            "method": "POST",
-                            "uri": "https://api.securitycenter.windows.com/api/indicators"
+                            "Add_comment_to_incident_(V3)": {
+                              "inputs": {
+                                "body": {
+                                  "incidentArmId": "@body('Alert_-_Get_incident')?['id']",
+                                  "message": "<p>@{items('For_each')?['HostName']} (MDE Device ID: @{body('Machines_-_Get_single_machine')?['id']}) had a full AV scan triggered and the status was @{body('Actions_-_Run_antivirus_scan')?['status']}</p>"
+                                },
+                                "host": {
+                                  "connection": {
+                                    "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                                  }
+                                },
+                                "method": "post",
+                                "path": "/Incidents/Comment"
+                              },
+                              "runAfter": {
+                                "Actions_-_Run_antivirus_scan": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "type": "ApiConnection"
+                            }
                           },
-                          "type": "Http"
+                          "else": {
+                            "actions": {
+                              "Add_comment_to_incident_(V3)_2": {
+                                "inputs": {
+                                  "body": {
+                                    "incidentArmId": "@body('Alert_-_Get_incident')?['id']",
+                                    "message": "<p>@{items('For_each')?['HostName']} could not be found in MDE, so no AV scan was run.</p>"
+                                  },
+                                  "host": {
+                                    "connection": {
+                                      "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                                    }
+                                  },
+                                  "method": "post",
+                                  "path": "/Incidents/Comment"
+                                },
+                                "type": "ApiConnection"
+                              }
+                            }
+                          },
+                          "expression": {
+                            "and": [
+                              {
+                                "not": {
+                                  "equals": [
+                                    "@variables('MDEDeviceId')",
+                                    "@null"
+                                  ]
+                                }
+                              }
+                            ]
+                          },
+                          "runAfter": {
+                            "Condition": [
+                              "Succeeded"
+                            ]
+                          },
+                          "type": "If"
                         }
                       },
-                      "foreach": "@body('Entities_-_Get_URLs')?['URLs']",
+                      "foreach": "@body('Entities_-_Get_Hosts')?['Hosts']",
                       "runAfter": {
-                        "Entities_-_Get_URLs": [
+                        "Entities_-_Get_Hosts": [
                           "Succeeded"
                         ]
                       },
                       "type": "Foreach"
+                    },
+                    "Initialize_variable": {
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "MDEDeviceId",
+                            "type": "string"
+                          }
+                        ]
+                      },
+                      "type": "InitializeVariable"
                     }
                   },
                   "contentVersion": "1.0.0.0",
@@ -4773,21 +4878,43 @@
                             "type": "ManagedServiceIdentity"
                           }
                         }
+                      },
+                      "wdatp": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('MDATPConnectionName'))]",
+                        "connectionName": "[[variables('MDATPConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/wdatp')]",
+                        "connectionProperties": {
+                          "authentication": {
+                            "type": "ManagedServiceIdentity"
+                          }
+                        }
                       }
                     }
                   }
                 }
               }
             },
+            {
+              "type": "Microsoft.Authorization/roleAssignments",
+              "apiVersion": "2022-04-01",
+              "name": "[[variables('roleAssignmentName')]",
+              "dependsOn": [
+                "[[resourceId('Microsoft.Logic/workflows', parameters('PlaybookName'))]"
+              ],
+              "properties": {
+                "roleDefinitionId": "[[variables('_roleDefinitionId')]",
+                "principalId": "[[reference(resourceId('Microsoft.Logic/workflows', parameters('PlaybookName')), '2019-05-01', 'full').identity.principalId]"
+              }
+            },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId15'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId13'),'/'))))]",
               "properties": {
-                "parentId": "[variables('playbookId15')]",
-                "contentId": "[variables('_playbookContentId15')]",
+                "parentId": "[variables('playbookId13')]",
+                "contentId": "[variables('_playbookContentId13')]",
                 "kind": "Playbook",
-                "version": "[variables('playbookVersion15')]",
+                "version": "[variables('playbookVersion13')]",
                 "source": {
                   "kind": "Solution",
                   "name": "MicrosoftDefenderForEndpoint",
@@ -4807,14 +4934,27 @@
             }
           ],
           "metadata": {
-            "title": "Restrict MDE Url - Alert Triggered",
-            "description": "This playbook will take Url entities and generate alert and block threat indicators for each IP in MDE for 90 days.",
+            "title": "Run MDE Antivirus - Alert Triggered",
+            "description": "This playbook will run a antivirus (full) scan on the machine in Microsoft Defender for Endpoint.",
             "prerequisites": [
-              "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"
+              "- You will need to grant Machine.Scan, Machine.Read.All, and Machine.ReadWrite.All permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Machine.Scan' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id $PermissionName = 'Machine.Read.All' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id $PermissionName = 'Machine.ReadWrite.All' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"
             ],
-            "lastUpdateTime": "2022-07-14T00:00:00Z",
+            "postDeployment": [
+              "Assign Playbook Microsoft Sentinel Responder Role",
+              "1. Select the Playbook (Logic App) resource",
+              "2. Click on Identity Blade",
+              "3. Choose System assigned tab",
+              "4. Click on Azure role assignments",
+              "5. Click on Add role assignments",
+              "6. Select Scope - Resource group",
+              "7. Select Subscription - where Playbook has been created",
+              "8. Select Resource group - where Playbook has been created",
+              "9. Select Role - Microsoft Sentinel Responder",
+              "10. Click Save (It takes 3-5 minutes to show the added role.)"
+            ],
+            "lastUpdateTime": "2022-02-14T00:00:00Z",
             "entities": [
-              "Url"
+              "Host"
             ],
             "tags": [
               "Remediation"
@@ -4822,7 +4962,7 @@
             "releaseNotes": [
               {
                 "version": "1.0.0",
-                "title": "Restrict MDE Url",
+                "title": "Run MDE Antivirus",
                 "notes": [
                   "Initial version"
                 ]
@@ -4835,36 +4975,39 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId15')]",
+        "contentId": "[variables('_playbookContentId13')]",
         "contentKind": "Playbook",
-        "displayName": "Restrict-MDEUrl",
-        "contentProductId": "[variables('_playbookcontentProductId15')]",
-        "id": "[variables('_playbookcontentProductId15')]",
-        "version": "[variables('playbookVersion15')]"
+        "displayName": "Run-MDEAntivirus",
+        "contentProductId": "[variables('_playbookcontentProductId13')]",
+        "id": "[variables('_playbookcontentProductId13')]",
+        "version": "[variables('playbookVersion13')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName16')]",
+      "name": "[variables('playbookTemplateSpecName14')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Restrict-MDEUrl-entityTrigger Playbook with template version 3.0.1",
+        "description": "Run-MDEAntivirus Playbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion16')]",
+          "contentVersion": "[variables('playbookVersion14')]",
           "parameters": {
             "PlaybookName": {
-              "defaultValue": "Restrict-MDEUrl-entityTrigger",
+              "defaultValue": "Run-MDEAntivirus",
               "type": "string"
             }
           },
           "variables": {
-            "MicrosoftSentinelConnectionName": "[[concat('MicrosoftSentinel-', parameters('PlaybookName'))]",
-            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
+            "AzureSentinelConnectionName": "[[concat('azuresentinel-', parameters('PlaybookName'))]",
+            "MDATPConnectionName": "[[concat('wdatp-', parameters('PlaybookName'))]",
+            "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
+            "_connection-1": "[[variables('connection-1')]",
+            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/wdatp')]",
             "_connection-2": "[[variables('connection-2')]",
             "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
             "workspace-name": "[parameters('workspace')]",
@@ -4872,337 +5015,241 @@
           },
           "resources": [
             {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('AzureSentinelConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
+              "properties": {
+                "displayName": "[[parameters('PlaybookName')]",
+                "parameterValueType": "Alternative",
+                "api": {
+                  "id": "[[variables('_connection-1')]"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('MDATPConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
+              "properties": {
+                "displayName": "[[parameters('PlaybookName')]",
+                "parameterValueType": "Alternative",
+                "api": {
+                  "id": "[[variables('_connection-2')]"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.Logic/workflows",
+              "apiVersion": "2017-07-01",
+              "name": "[[parameters('PlaybookName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "tags": {
+                "LogicAppsCategory": "security",
+                "hidden-SentinelTemplateName": "Run-MDEAntivirus",
+                "hidden-SentinelTemplateVersion": "1.1",
+                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
+              },
+              "identity": {
+                "type": "SystemAssigned"
+              },
+              "dependsOn": [
+                "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]",
+                "[[resourceId('Microsoft.Web/connections', variables('MDATPConnectionName'))]"
+              ],
               "properties": {
-                "provisioningState": "Succeeded",
                 "state": "Enabled",
                 "definition": {
                   "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
-                  "contentVersion": "1.0.0.0",
-                  "parameters": {
-                    "$connections": {
-                      "type": "Object"
-                    }
-                  },
-                  "triggers": {
-                    "Microsoft_Sentinel_entity_(URL)": {
-                      "type": "ApiConnectionWebhook",
+                  "actions": {
+                    "Entities_-_Get_Hosts": {
                       "inputs": {
-                        "body": {
-                          "callback_url": "@{listCallbackUrl()}"
-                        },
+                        "body": "@triggerBody()?['object']?['properties']?['relatedEntities']",
                         "host": {
                           "connection": {
-                            "name": "@parameters('$connections')['azuresentinel_1']['connectionId']"
+                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
                           }
                         },
-                        "path": "/entity/@{encodeURIComponent('UrlEntity')}"
-                      }
-                    }
-                  },
-                  "actions": {
-                    "Condition": {
-                      "actions": {
-                        "Add_comment_to_incident_(V3)": {
-                          "type": "ApiConnection",
-                          "inputs": {
-                            "body": {
-                              "incidentArmId": "@triggerBody()?['IncidentArmID']",
-                              "message": "<p>An AlertAndBlock request has been sent to the security centre API to block the URL: @{triggerBody()?['Entity']?['properties']?['Url']}. Note that the expiration time on this is 90 days.<br>\nThe response from the API was: @{outputs('HTTP_-_Alert_And_Block_URL')['statusCode']}</p>"
-                            },
-                            "host": {
-                              "connection": {
-                                "name": "@parameters('$connections')['azuresentinel_1']['connectionId']"
-                              }
-                            },
-                            "method": "post",
-                            "path": "/Incidents/Comment"
-                          }
-                        }
+                        "method": "post",
+                        "path": "/entities/host"
                       },
                       "runAfter": {
-                        "HTTP_-_Alert_And_Block_URL": [
+                        "Initialize_variable": [
                           "Succeeded"
                         ]
                       },
-                      "expression": {
-                        "and": [
-                          {
-                            "not": {
-                              "equals": [
-                                "@triggerBody()?['IncidentArmID']",
-                                "@null"
-                              ]
-                            }
-                          }
-                        ]
-                      },
-                      "type": "If"
-                    },
-                    "HTTP_-_Alert_And_Block_URL": {
-                      "type": "Http",
-                      "inputs": {
-                        "authentication": {
-                          "audience": "https://api.securitycenter.windows.com/",
-                          "type": "ManagedServiceIdentity"
-                        },
-                        "body": {
-                          "action": "AlertAndBlock",
-                          "application": "Microsoft Sentinel",
-                          "description": "This block command has been made through the Restrict-MDEUrl-entityTrigger. Ran on URL Entity from Microsoft Sentinel Incident with ARM ID: @{triggerBody()?['IncidentArmID']}. Entity properties: @{triggerBody()?['Entity']?['properties']}",
-                          "expirationTime": "@{addDays(utcNow(), 90)}",
-                          "indicatorType": "Url",
-                          "indicatorValue": "@{triggerBody()?['Entity']?['properties']?['Url']}",
-                          "title": "@{guid()}"
-                        },
-                        "method": "POST",
-                        "uri": "https://api.securitycenter.windows.com/api/indicators"
-                      }
-                    }
-                  }
-                },
-                "parameters": {
-                  "$connections": {
-                    "value": {
-                      "azuresentinel_1": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
-                        "connectionName": "[[variables('MicrosoftSentinelConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
-                        "connectionProperties": {
-                          "authentication": {
-                            "type": "ManagedServiceIdentity"
-                          }
-                        }
-                      }
-                    }
-                  }
-                }
-              },
-              "name": "[[parameters('PlaybookName')]",
-              "type": "Microsoft.Logic/workflows",
-              "location": "[[variables('workspace-location-inline')]",
-              "tags": {
-                "hidden-SentinelTemplateName": "Restrict-MDEUrl-entityTrigger",
-                "hidden-SentinelTemplateVersion": "1.0",
-                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
-              },
-              "identity": {
-                "type": "SystemAssigned"
-              },
-              "apiVersion": "2017-07-01",
-              "dependsOn": [
-                "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]"
-              ]
-            },
-            {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('MicrosoftSentinelConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "kind": "V1",
-              "properties": {
-                "displayName": "[[variables('MicrosoftSentinelConnectionName')]",
-                "parameterValueType": "Alternative",
-                "api": {
-                  "id": "[[variables('_connection-2')]"
-                }
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId16'),'/'))))]",
-              "properties": {
-                "parentId": "[variables('playbookId16')]",
-                "contentId": "[variables('_playbookContentId16')]",
-                "kind": "Playbook",
-                "version": "[variables('playbookVersion16')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "MicrosoftDefenderForEndpoint",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "Microsoft Corporation",
-                  "email": "support@microsoft.com",
-                  "tier": "Microsoft",
-                  "link": "https://support.microsoft.com"
-                }
-              }
-            }
-          ],
-          "metadata": {
-            "title": "Restrict MDE URL - Entity Triggered",
-            "description": "This playbook will take the triggering entity and generate an alert and block threat indicator for the URL in MDE for 90 days.",
-            "prerequisites": "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions and assign Microsoft Sentinel Reader to the resource group for the managed identity. Run the following code replacing the managed identity object id, subscriptionId and resource group. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $SubscriptionId = '<Enter your subsciption id here>' \n\n $ResourceGroup = '<Enter your resource group here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $RoleName = 'Microsoft Sentinel Responder' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n New-AzRoleAssignment -ObjectId $MIGuid -RoleDefinitionName $RoleName -Scope /subscriptions/$SubscriptionId/resourcegroups/$ResourceGroup \n\n ```",
-            "postDeployment": [
-              "1. Add Microsoft Sentinel Responder role to the managed identity.",
-              "2. Assign Ti.ReadWrite API permissions to the managed identity."
-            ],
-            "lastUpdateTime": "2023-02-26T00:00:00Z",
-            "entities": [
-              "dnsresolution"
-            ],
-            "tags": [
-              "Remediation"
-            ],
-            "releaseNotes": {
-              "version": "1.0",
-              "title": "[variables('blanks')]",
-              "notes": [
-                "Initial version"
-              ]
-            }
-          }
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId16')]",
-        "contentKind": "Playbook",
-        "displayName": "Restrict-MDEUrl-entityTrigger",
-        "contentProductId": "[variables('_playbookcontentProductId16')]",
-        "id": "[variables('_playbookcontentProductId16')]",
-        "version": "[variables('playbookVersion16')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName17')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "Restrict-MDEUrl Playbook with template version 3.0.1",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion17')]",
-          "parameters": {
-            "PlaybookName": {
-              "defaultValue": "Restrict-MDEUrl",
-              "type": "String"
-            }
-          },
-          "variables": {
-            "AzureSentinelConnectionName": "[[concat('azuresentinel-', parameters('PlaybookName'))]",
-            "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
-            "_connection-1": "[[variables('connection-1')]",
-            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
-            "workspace-name": "[parameters('workspace')]",
-            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
-          },
-          "resources": [
-            {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('AzureSentinelConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "kind": "V1",
-              "properties": {
-                "displayName": "[[parameters('PlaybookName')]",
-                "parameterValueType": "Alternative",
-                "api": {
-                  "id": "[[variables('_connection-1')]"
-                }
-              }
-            },
-            {
-              "type": "Microsoft.Logic/workflows",
-              "apiVersion": "2017-07-01",
-              "name": "[[parameters('PlaybookName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "tags": {
-                "LogicAppsCategory": "security",
-                "hidden-SentinelTemplateName": "Restrict-MDEUrl",
-                "hidden-SentinelTemplateVersion": "1.0",
-                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
-              },
-              "dependsOn": [
-                "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]"
-              ],
-              "identity": {
-                "type": "SystemAssigned"
-              },
-              "properties": {
-                "state": "Enabled",
-                "definition": {
-                  "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
-                  "actions": {
-                    "Entities_-_Get_URLs": {
-                      "inputs": {
-                        "body": "@triggerBody()?['object']?['properties']?['relatedEntities']",
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                          }
-                        },
-                        "method": "post",
-                        "path": "/entities/url"
-                      },
                       "type": "ApiConnection"
                     },
                     "For_each": {
                       "actions": {
-                        "Add_comment_to_incident_(V3)": {
-                          "inputs": {
-                            "body": {
-                              "incidentArmId": "@triggerBody()?['object']?['id']",
-                              "message": "<p>@{items('For_each')?['Url']} was added to MDE Indicators with action: AlertandBlock via playbook.</p>"
+                        "Condition": {
+                          "actions": {
+                            "Machines_-_Get_single_machine": {
+                              "inputs": {
+                                "host": {
+                                  "connection": {
+                                    "name": "@parameters('$connections')['wdatp']['connectionId']"
+                                  }
+                                },
+                                "method": "get",
+                                "path": "/api/machines/@{encodeURIComponent(items('For_each')?['HostName'])}"
+                              },
+                              "type": "ApiConnection"
                             },
-                            "host": {
-                              "connection": {
-                                "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                            "Set_variable": {
+                              "inputs": {
+                                "name": "MDEDeviceId",
+                                "value": "@body('Machines_-_Get_single_machine')?['id']"
+                              },
+                              "runAfter": {
+                                "Machines_-_Get_single_machine": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "type": "SetVariable"
+                            }
+                          },
+                          "else": {
+                            "actions": {
+                              "Machines_-_Get_single_machine_2": {
+                                "inputs": {
+                                  "host": {
+                                    "connection": {
+                                      "name": "@parameters('$connections')['wdatp']['connectionId']"
+                                    }
+                                  },
+                                  "method": "get",
+                                  "path": "/api/machines/@{encodeURIComponent(items('For_each')?['MdatpDeviceId'])}"
+                                },
+                                "type": "ApiConnection"
+                              },
+                              "Set_variable_2": {
+                                "inputs": {
+                                  "name": "MDEDeviceId",
+                                  "value": "@body('Machines_-_Get_single_machine_2')?['id']"
+                                },
+                                "runAfter": {
+                                  "Machines_-_Get_single_machine_2": [
+                                    "Succeeded"
+                                  ]
+                                },
+                                "type": "SetVariable"
                               }
-                            },
-                            "method": "post",
-                            "path": "/Incidents/Comment"
+                            }
                           },
-                          "runAfter": {
-                            "HTTP": [
-                              "Succeeded"
+                          "expression": {
+                            "and": [
+                              {
+                                "equals": [
+                                  "@items('For_each')?['MdatpDeviceId']",
+                                  "@null"
+                                ]
+                              }
                             ]
                           },
-                          "type": "ApiConnection"
+                          "type": "If"
                         },
-                        "HTTP": {
-                          "inputs": {
-                            "authentication": {
-                              "audience": "https://api.securitycenter.windows.com",
-                              "type": "ManagedServiceIdentity"
-                            },
-                            "body": {
-                              "action": "AlertAndBlock",
-                              "application": "Microsoft Sentinel",
-                              "description": "@{triggerBody()?['object']?['properties']?['incidentNumber']}-@{triggerBody()?['object']?['properties']?['title']}",
-                              "expirationTime": "@{formatDateTime(addDays(triggerBody()?['object']?['properties']?['createdTimeUtc'], 90), 'yyyy-MM-ddTHH:mm:ssZ')}",
-                              "indicatorType": "Url",
-                              "indicatorValue": "@{items('For_each')?['Url']}",
-                              "severity": "@{triggerBody()?['object']?['properties']?['severity']}",
-                              "title": "@{guid()}"
-                            },
-                            "headers": {
-                              "Content-type": "application/json"
+                        "Condition_2": {
+                          "actions": {
+                            "Actions_-_Run_antivirus_scan": {
+                              "inputs": {
+                                "body": {
+                                  "Comment": "AV Scan run from playbook for Microsoft Sentinel Incident:  @{triggerBody()?['object']?['properties']?['incidentNumber']}- @{triggerBody()?['object']?['properties']?['title']}",
+                                  "ScanType": "Full"
+                                },
+                                "host": {
+                                  "connection": {
+                                    "name": "@parameters('$connections')['wdatp']['connectionId']"
+                                  }
+                                },
+                                "method": "post",
+                                "path": "/api/machines/@{encodeURIComponent(variables('MDEDeviceId'))}/runAntiVirusScan"
+                              },
+                              "type": "ApiConnection"
                             },
-                            "method": "POST",
-                            "uri": "https://api.securitycenter.windows.com/api/indicators"
+                            "Add_comment_to_incident_(V3)": {
+                              "inputs": {
+                                "body": {
+                                  "incidentArmId": "@triggerBody()?['object']?['id']",
+                                  "message": "<p>@{items('For_each')?['HostName']} (MDE Device ID: @{body('Machines_-_Get_single_machine')?['id']}) had a full AV scan triggered and the status was @{body('Actions_-_Run_antivirus_scan')?['status']}</p>"
+                                },
+                                "host": {
+                                  "connection": {
+                                    "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                                  }
+                                },
+                                "method": "post",
+                                "path": "/Incidents/Comment"
+                              },
+                              "runAfter": {
+                                "Actions_-_Run_antivirus_scan": [
+                                  "Succeeded"
+                                ]
+                              },
+                              "type": "ApiConnection"
+                            }
                           },
-                          "type": "Http"
+                          "else": {
+                            "actions": {
+                              "Add_comment_to_incident_(V3)_2": {
+                                "inputs": {
+                                  "body": {
+                                    "incidentArmId": "@triggerBody()?['object']?['id']",
+                                    "message": "<p>@{items('For_each')?['HostName']} could not be found in MDE, so no AV scan was run.</p>"
+                                  },
+                                  "host": {
+                                    "connection": {
+                                      "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                                    }
+                                  },
+                                  "method": "post",
+                                  "path": "/Incidents/Comment"
+                                },
+                                "type": "ApiConnection"
+                              }
+                            }
+                          },
+                          "expression": {
+                            "and": [
+                              {
+                                "not": {
+                                  "equals": [
+                                    "@variables('MDEDeviceId')",
+                                    "@null"
+                                  ]
+                                }
+                              }
+                            ]
+                          },
+                          "runAfter": {
+                            "Condition": [
+                              "Succeeded"
+                            ]
+                          },
+                          "type": "If"
                         }
                       },
-                      "foreach": "@body('Entities_-_Get_URLs')?['URLs']",
+                      "foreach": "@body('Entities_-_Get_Hosts')?['Hosts']",
                       "runAfter": {
-                        "Entities_-_Get_URLs": [
+                        "Entities_-_Get_Hosts": [
                           "Succeeded"
                         ]
                       },
                       "type": "Foreach"
+                    },
+                    "Initialize_variable": {
+                      "inputs": {
+                        "variables": [
+                          {
+                            "name": "MDEDeviceId",
+                            "type": "string"
+                          }
+                        ]
+                      },
+                      "type": "InitializeVariable"
                     }
                   },
                   "contentVersion": "1.0.0.0",
@@ -5240,6 +5287,16 @@
                             "type": "ManagedServiceIdentity"
                           }
                         }
+                      },
+                      "wdatp": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('MDATPConnectionName'))]",
+                        "connectionName": "[[variables('MDATPConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/wdatp')]",
+                        "connectionProperties": {
+                          "authentication": {
+                            "type": "ManagedServiceIdentity"
+                          }
+                        }
                       }
                     }
                   }
@@ -5249,12 +5306,12 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId17'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId14'),'/'))))]",
               "properties": {
-                "parentId": "[variables('playbookId17')]",
-                "contentId": "[variables('_playbookContentId17')]",
+                "parentId": "[variables('playbookId14')]",
+                "contentId": "[variables('_playbookContentId14')]",
                 "kind": "Playbook",
-                "version": "[variables('playbookVersion17')]",
+                "version": "[variables('playbookVersion14')]",
                 "source": {
                   "kind": "Solution",
                   "name": "MicrosoftDefenderForEndpoint",
@@ -5274,14 +5331,27 @@
             }
           ],
           "metadata": {
-            "title": "Restrict MDE Url - Incident Triggered",
-            "description": "This playbook will take Url entities and generate alert and block threat indicators for each IP in MDE for 90 days.",
+            "title": "Run MDE Antivirus - Incident Triggered",
+            "description": "This playbook will run a antivirus (full) scan on the machine in Microsoft Defender for Endpoint.",
             "prerequisites": [
-              "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"
+              "- You will need to grant Machine.Scan, Machine.Read.All, and Machine.ReadWrite.All permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Machine.Scan' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id $PermissionName = 'Machine.Read.All' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id $PermissionName = 'Machine.ReadWrite.All' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"
+            ],
+            "postDeployment": [
+              "Assign Playbook Microsoft Sentinel Responder Role",
+              "1. Select the Playbook (Logic App) resource",
+              "2. Click on Identity Blade",
+              "3. Choose System assigned tab",
+              "4. Click on Azure role assignments",
+              "5. Click on Add role assignments",
+              "6. Select Scope - Resource group",
+              "7. Select Subscription - where Playbook has been created",
+              "8. Select Resource group - where Playbook has been created",
+              "9. Select Role - Microsoft Sentinel Responder",
+              "10. Click Save (It takes 3-5 minutes to show the added role.)"
             ],
             "lastUpdateTime": "2022-07-14T00:00:00Z",
             "entities": [
-              "Url"
+              "Host"
             ],
             "tags": [
               "Remediation"
@@ -5289,7 +5359,7 @@
             "releaseNotes": [
               {
                 "version": "1.0.0",
-                "title": "Restrict MDE Url",
+                "title": "Run MDE Antivirus",
                 "notes": [
                   "Initial version"
                 ]
@@ -5302,48 +5372,36 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId17')]",
+        "contentId": "[variables('_playbookContentId14')]",
         "contentKind": "Playbook",
-        "displayName": "Restrict-MDEUrl",
-        "contentProductId": "[variables('_playbookcontentProductId17')]",
-        "id": "[variables('_playbookcontentProductId17')]",
-        "version": "[variables('playbookVersion17')]"
+        "displayName": "Run-MDEAntivirus",
+        "contentProductId": "[variables('_playbookcontentProductId14')]",
+        "id": "[variables('_playbookcontentProductId14')]",
+        "version": "[variables('playbookVersion14')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName18')]",
+      "name": "[variables('playbookTemplateSpecName15')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Run-MDEAntivirus Playbook with template version 3.0.1",
+        "description": "Unisolate-MDEMachine Playbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion18')]",
+          "contentVersion": "[variables('playbookVersion15')]",
           "parameters": {
             "PlaybookName": {
-              "defaultValue": "Run-MDEAntivirus",
-              "type": "string"
-            },
-            "SentinelResourceGroupName": {
-              "defaultValue": "",
-              "type": "string"
-            },
-            "SentinelSubscriptionId": {
-              "defaultValue": "",
+              "defaultValue": "Unisolate-MDEMachine",
               "type": "string"
             }
           },
           "variables": {
             "AzureSentinelConnectionName": "[[concat('azuresentinel-', parameters('PlaybookName'))]",
             "MDATPConnectionName": "[[concat('wdatp-', parameters('PlaybookName'))]",
-            "roleAssignmentName": "[[guid(subscription().subscriptionId, resourceGroup().id)]",
-            "ASSubscriptionId": "[[if(empty(parameters('SentinelSubscriptionId')), subscription().subscriptionId, parameters('SentinelSubscriptionId'))]",
-            "roleDefinitionId": "[[concat('/subscriptions/', variables('ASSubscriptionId'),'/providers/Microsoft.Authorization/roleDefinitions/ab8e14d6-4a74-4a29-9ba8-549422addade')]",
-            "_roleDefinitionId": "[[variables('roleDefinitionId')]",
             "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
             "_connection-1": "[[variables('connection-1')]",
             "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/wdatp')]",
@@ -5388,7 +5446,7 @@
               "location": "[[variables('workspace-location-inline')]",
               "tags": {
                 "LogicAppsCategory": "security",
-                "hidden-SentinelTemplateName": "Run-MDEAntivirus_alert",
+                "hidden-SentinelTemplateName": "Unisolate-MDEMachine_alert",
                 "hidden-SentinelTemplateVersion": "1.0",
                 "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
               },
@@ -5414,11 +5472,6 @@
                         "method": "get",
                         "path": "/Incidents/subscriptions/@{encodeURIComponent(triggerBody()?['WorkspaceSubscriptionId'])}/resourceGroups/@{encodeURIComponent(triggerBody()?['WorkspaceResourceGroup'])}/workspaces/@{encodeURIComponent(triggerBody()?['WorkspaceId'])}/alerts/@{encodeURIComponent(triggerBody()?['SystemAlertId'])}"
                       },
-                      "runAfter": {
-                        "Initialize_variable": [
-                          "Succeeded"
-                        ]
-                      },
                       "type": "ApiConnection"
                     },
                     "Entities_-_Get_Hosts": {
@@ -5443,78 +5496,10 @@
                       "actions": {
                         "Condition": {
                           "actions": {
-                            "Machines_-_Get_single_machine": {
-                              "inputs": {
-                                "host": {
-                                  "connection": {
-                                    "name": "@parameters('$connections')['wdatp']['connectionId']"
-                                  }
-                                },
-                                "method": "get",
-                                "path": "/api/machines/@{encodeURIComponent(items('For_each')?['HostName'])}"
-                              },
-                              "type": "ApiConnection"
-                            },
-                            "Set_variable": {
-                              "inputs": {
-                                "name": "MDEDeviceId",
-                                "value": "@body('Machines_-_Get_single_machine')?['id']"
-                              },
-                              "runAfter": {
-                                "Machines_-_Get_single_machine": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "type": "SetVariable"
-                            }
-                          },
-                          "else": {
-                            "actions": {
-                              "Machines_-_Get_single_machine_2": {
-                                "inputs": {
-                                  "host": {
-                                    "connection": {
-                                      "name": "@parameters('$connections')['wdatp']['connectionId']"
-                                    }
-                                  },
-                                  "method": "get",
-                                  "path": "/api/machines/@{encodeURIComponent(items('For_each')?['MdatpDeviceId'])}"
-                                },
-                                "type": "ApiConnection"
-                              },
-                              "Set_variable_2": {
-                                "inputs": {
-                                  "name": "MDEDeviceId",
-                                  "value": "@body('Machines_-_Get_single_machine_2')?['id']"
-                                },
-                                "runAfter": {
-                                  "Machines_-_Get_single_machine_2": [
-                                    "Succeeded"
-                                  ]
-                                },
-                                "type": "SetVariable"
-                              }
-                            }
-                          },
-                          "expression": {
-                            "and": [
-                              {
-                                "equals": [
-                                  "@items('For_each')?['MdatpDeviceId']",
-                                  "@null"
-                                ]
-                              }
-                            ]
-                          },
-                          "type": "If"
-                        },
-                        "Condition_2": {
-                          "actions": {
-                            "Actions_-_Run_antivirus_scan": {
+                            "Actions_-_Unisolate_machine": {
                               "inputs": {
                                 "body": {
-                                  "Comment": "AV Scan run from playbook for Microsoft Sentinel Incident: @{body('Alert_-_Get_incident')?['properties']?['incidentNumber']} -  @{body('Alert_-_Get_incident')?['properties']?['title']}",
-                                  "ScanType": "Full"
+                                  "Comment": "Relased from isolation from playbook for Microsoft Sentinel Incident:  @{body('Alert_-_Get_incident')?['properties']?['incidentNumber']} - @{body('Alert_-_Get_incident')?['properties']?['title']}"
                                 },
                                 "host": {
                                   "connection": {
@@ -5522,7 +5507,7 @@
                                   }
                                 },
                                 "method": "post",
-                                "path": "/api/machines/@{encodeURIComponent(variables('MDEDeviceId'))}/runAntiVirusScan"
+                                "path": "/api/machines/@{encodeURIComponent(items('For_each')?['MdatpDeviceId'])}/unisolate"
                               },
                               "type": "ApiConnection"
                             },
@@ -5530,7 +5515,7 @@
                               "inputs": {
                                 "body": {
                                   "incidentArmId": "@body('Alert_-_Get_incident')?['id']",
-                                  "message": "<p>@{items('For_each')?['HostName']} (MDE Device ID: @{body('Machines_-_Get_single_machine')?['id']}) had a full AV scan triggered and the status was @{body('Actions_-_Run_antivirus_scan')?['status']}</p>"
+                                  "message": "<p>@{items('For_each')?['HostName']} was released from isolation in MDE and the status was </p>"
                                 },
                                 "host": {
                                   "connection": {
@@ -5541,7 +5526,7 @@
                                 "path": "/Incidents/Comment"
                               },
                               "runAfter": {
-                                "Actions_-_Run_antivirus_scan": [
+                                "Actions_-_Unisolate_machine": [
                                   "Succeeded"
                                 ]
                               },
@@ -5554,7 +5539,7 @@
                                 "inputs": {
                                   "body": {
                                     "incidentArmId": "@body('Alert_-_Get_incident')?['id']",
-                                    "message": "<p>@{items('For_each')?['HostName']} could not be found in MDE, so no AV scan was run.</p>"
+                                    "message": "<p>@{items('For_each')?['HostName']} does not have MDEDeviceID in the Entities list. &nbsp;It was not released from isolation.&nbsp;</p>"
                                   },
                                   "host": {
                                     "connection": {
@@ -5573,18 +5558,13 @@
                               {
                                 "not": {
                                   "equals": [
-                                    "@variables('MDEDeviceId')",
+                                    "@items('For_each')?['MdatpDeviceId']",
                                     "@null"
                                   ]
                                 }
                               }
                             ]
                           },
-                          "runAfter": {
-                            "Condition": [
-                              "Succeeded"
-                            ]
-                          },
                           "type": "If"
                         }
                       },
@@ -5595,17 +5575,6 @@
                         ]
                       },
                       "type": "Foreach"
-                    },
-                    "Initialize_variable": {
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "MDEDeviceId",
-                            "type": "string"
-                          }
-                        ]
-                      },
-                      "type": "InitializeVariable"
                     }
                   },
                   "contentVersion": "1.0.0.0",
@@ -5659,27 +5628,15 @@
                 }
               }
             },
-            {
-              "type": "Microsoft.Authorization/roleAssignments",
-              "apiVersion": "2022-04-01",
-              "name": "[[variables('roleAssignmentName')]",
-              "dependsOn": [
-                "[[resourceId('Microsoft.Logic/workflows', parameters('PlaybookName'))]"
-              ],
-              "properties": {
-                "roleDefinitionId": "[[variables('_roleDefinitionId')]",
-                "principalId": "[[reference(resourceId('Microsoft.Logic/workflows', parameters('PlaybookName')), '2019-05-01', 'full').identity.principalId]"
-              }
-            },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId18'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId15'),'/'))))]",
               "properties": {
-                "parentId": "[variables('playbookId18')]",
-                "contentId": "[variables('_playbookContentId18')]",
+                "parentId": "[variables('playbookId15')]",
+                "contentId": "[variables('_playbookContentId15')]",
                 "kind": "Playbook",
-                "version": "[variables('playbookVersion18')]",
+                "version": "[variables('playbookVersion15')]",
                 "source": {
                   "kind": "Solution",
                   "name": "MicrosoftDefenderForEndpoint",
@@ -5699,12 +5656,25 @@
             }
           ],
           "metadata": {
-            "title": "Run MDE Antivirus - Alert Triggered",
-            "description": "This playbook will run a antivirus (full) scan on the machine in Microsoft Defender for Endpoint.",
+            "title": "Unisolate MDE Machine - Alert Triggered",
+            "description": "This playbook will release a machine from isolation in Microsoft Defender for Endpoint.",
             "prerequisites": [
-              "- You will need to grant Machine.Scan, Machine.Read.All, and Machine.ReadWrite.All permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Machine.Scan' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id $PermissionName = 'Machine.Read.All' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id $PermissionName = 'Machine.ReadWrite.All' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"
+              "- You will need to grant Machine.Isolate permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Machine.Isolate' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"
             ],
-            "lastUpdateTime": "2022-02-14T00:00:00Z",
+            "postDeployment": [
+              "Assign Playbook Microsoft Sentinel Responder Role",
+              "1. Select the Playbook (Logic App) resource",
+              "2. Click on Identity Blade",
+              "3. Choose System assigned tab",
+              "4. Click on Azure role assignments",
+              "5. Click on Add role assignments",
+              "6. Select Scope - Resource group",
+              "7. Select Subscription - where Playbook has been created",
+              "8. Select Resource group - where Playbook has been created",
+              "9. Select Role - Microsoft Sentinel Responder",
+              "10. Click Save (It takes 3-5 minutes to show the added role.)"
+            ],
+            "lastUpdateTime": "2022-07-14T00:00:00Z",
             "entities": [
               "Host"
             ],
@@ -5714,7 +5684,7 @@
             "releaseNotes": [
               {
                 "version": "1.0.0",
-                "title": "Run MDE Antivirus",
+                "title": "Unisolate MDE Machine",
                 "notes": [
                   "Initial version"
                 ]
@@ -5727,30 +5697,30 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId18')]",
+        "contentId": "[variables('_playbookContentId15')]",
         "contentKind": "Playbook",
-        "displayName": "Run-MDEAntivirus",
-        "contentProductId": "[variables('_playbookcontentProductId18')]",
-        "id": "[variables('_playbookcontentProductId18')]",
-        "version": "[variables('playbookVersion18')]"
+        "displayName": "Unisolate-MDEMachine",
+        "contentProductId": "[variables('_playbookcontentProductId15')]",
+        "id": "[variables('_playbookcontentProductId15')]",
+        "version": "[variables('playbookVersion15')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName19')]",
+      "name": "[variables('playbookTemplateSpecName16')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Run-MDEAntivirus Playbook with template version 3.0.1",
+        "description": "Unisolate-MDEMachine Playbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion19')]",
+          "contentVersion": "[variables('playbookVersion16')]",
           "parameters": {
             "PlaybookName": {
-              "defaultValue": "Run-MDEAntivirus",
+              "defaultValue": "Unisolate-MDEMachine",
               "type": "string"
             }
           },
@@ -5801,7 +5771,7 @@
               "location": "[[variables('workspace-location-inline')]",
               "tags": {
                 "LogicAppsCategory": "security",
-                "hidden-SentinelTemplateName": "Run-MDEAntivirus",
+                "hidden-SentinelTemplateName": "Unisolate-MDEMachine",
                 "hidden-SentinelTemplateVersion": "1.1",
                 "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
               },
@@ -5828,89 +5798,16 @@
                         "method": "post",
                         "path": "/entities/host"
                       },
-                      "runAfter": {
-                        "Initialize_variable": [
-                          "Succeeded"
-                        ]
-                      },
                       "type": "ApiConnection"
                     },
                     "For_each": {
                       "actions": {
                         "Condition": {
                           "actions": {
-                            "Machines_-_Get_single_machine": {
-                              "inputs": {
-                                "host": {
-                                  "connection": {
-                                    "name": "@parameters('$connections')['wdatp']['connectionId']"
-                                  }
-                                },
-                                "method": "get",
-                                "path": "/api/machines/@{encodeURIComponent(items('For_each')?['HostName'])}"
-                              },
-                              "type": "ApiConnection"
-                            },
-                            "Set_variable": {
-                              "inputs": {
-                                "name": "MDEDeviceId",
-                                "value": "@body('Machines_-_Get_single_machine')?['id']"
-                              },
-                              "runAfter": {
-                                "Machines_-_Get_single_machine": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "type": "SetVariable"
-                            }
-                          },
-                          "else": {
-                            "actions": {
-                              "Machines_-_Get_single_machine_2": {
-                                "inputs": {
-                                  "host": {
-                                    "connection": {
-                                      "name": "@parameters('$connections')['wdatp']['connectionId']"
-                                    }
-                                  },
-                                  "method": "get",
-                                  "path": "/api/machines/@{encodeURIComponent(items('For_each')?['MdatpDeviceId'])}"
-                                },
-                                "type": "ApiConnection"
-                              },
-                              "Set_variable_2": {
-                                "inputs": {
-                                  "name": "MDEDeviceId",
-                                  "value": "@body('Machines_-_Get_single_machine_2')?['id']"
-                                },
-                                "runAfter": {
-                                  "Machines_-_Get_single_machine_2": [
-                                    "Succeeded"
-                                  ]
-                                },
-                                "type": "SetVariable"
-                              }
-                            }
-                          },
-                          "expression": {
-                            "and": [
-                              {
-                                "equals": [
-                                  "@items('For_each')?['MdatpDeviceId']",
-                                  "@null"
-                                ]
-                              }
-                            ]
-                          },
-                          "type": "If"
-                        },
-                        "Condition_2": {
-                          "actions": {
-                            "Actions_-_Run_antivirus_scan": {
+                            "Actions_-_Unisolate_machine": {
                               "inputs": {
                                 "body": {
-                                  "Comment": "AV Scan run from playbook for Microsoft Sentinel Incident:  @{triggerBody()?['object']?['properties']?['incidentNumber']}- @{triggerBody()?['object']?['properties']?['title']}",
-                                  "ScanType": "Full"
+                                  "Comment": "Relased from isolation from playbook for Microsoft Sentinel Incident:  @{triggerBody()?['object']?['properties']?['incidentNumber']} - @{triggerBody()?['object']?['properties']?['title']}"
                                 },
                                 "host": {
                                   "connection": {
@@ -5918,7 +5815,7 @@
                                   }
                                 },
                                 "method": "post",
-                                "path": "/api/machines/@{encodeURIComponent(variables('MDEDeviceId'))}/runAntiVirusScan"
+                                "path": "/api/machines/@{encodeURIComponent(items('For_each')?['additionalData']?['MdatpDeviceId'])}/unisolate"
                               },
                               "type": "ApiConnection"
                             },
@@ -5926,7 +5823,7 @@
                               "inputs": {
                                 "body": {
                                   "incidentArmId": "@triggerBody()?['object']?['id']",
-                                  "message": "<p>@{items('For_each')?['HostName']} (MDE Device ID: @{body('Machines_-_Get_single_machine')?['id']}) had a full AV scan triggered and the status was @{body('Actions_-_Run_antivirus_scan')?['status']}</p>"
+                                  "message": "<p>@{items('For_each')?['HostName']} was released from isolation in MDE and the status was </p>"
                                 },
                                 "host": {
                                   "connection": {
@@ -5937,7 +5834,7 @@
                                 "path": "/Incidents/Comment"
                               },
                               "runAfter": {
-                                "Actions_-_Run_antivirus_scan": [
+                                "Actions_-_Unisolate_machine": [
                                   "Succeeded"
                                 ]
                               },
@@ -5950,7 +5847,7 @@
                                 "inputs": {
                                   "body": {
                                     "incidentArmId": "@triggerBody()?['object']?['id']",
-                                    "message": "<p>@{items('For_each')?['HostName']} could not be found in MDE, so no AV scan was run.</p>"
+                                    "message": "<p>@{items('For_each')?['HostName']} does not have MDEDeviceID in the Entities list. &nbsp;It was not released from isolation.&nbsp;</p>"
                                   },
                                   "host": {
                                     "connection": {
@@ -5969,18 +5866,13 @@
                               {
                                 "not": {
                                   "equals": [
-                                    "@variables('MDEDeviceId')",
+                                    "@items('For_each')?['additionalData']?['MdatpDeviceId']",
                                     "@null"
                                   ]
                                 }
                               }
                             ]
                           },
-                          "runAfter": {
-                            "Condition": [
-                              "Succeeded"
-                            ]
-                          },
                           "type": "If"
                         }
                       },
@@ -5991,17 +5883,6 @@
                         ]
                       },
                       "type": "Foreach"
-                    },
-                    "Initialize_variable": {
-                      "inputs": {
-                        "variables": [
-                          {
-                            "name": "MDEDeviceId",
-                            "type": "string"
-                          }
-                        ]
-                      },
-                      "type": "InitializeVariable"
                     }
                   },
                   "contentVersion": "1.0.0.0",
@@ -6058,12 +5939,12 @@
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId19'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId16'),'/'))))]",
               "properties": {
-                "parentId": "[variables('playbookId19')]",
-                "contentId": "[variables('_playbookContentId19')]",
+                "parentId": "[variables('playbookId16')]",
+                "contentId": "[variables('_playbookContentId16')]",
                 "kind": "Playbook",
-                "version": "[variables('playbookVersion19')]",
+                "version": "[variables('playbookVersion16')]",
                 "source": {
                   "kind": "Solution",
                   "name": "MicrosoftDefenderForEndpoint",
@@ -6083,10 +5964,23 @@
             }
           ],
           "metadata": {
-            "title": "Run MDE Antivirus - Incident Triggered",
-            "description": "This playbook will run a antivirus (full) scan on the machine in Microsoft Defender for Endpoint.",
+            "title": "Unisolate MDE Machine - Incident Triggered",
+            "description": "This playbook will release a machine from isolation in Microsoft Defender for Endpoint.",
             "prerequisites": [
-              "- You will need to grant Machine.Scan, Machine.Read.All, and Machine.ReadWrite.All permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Machine.Scan' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id $PermissionName = 'Machine.Read.All' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id $PermissionName = 'Machine.ReadWrite.All' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"
+              "- You will need to grant Machine.Isolate permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Machine.Isolate' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"
+            ],
+            "postDeployment": [
+              "Assign Playbook Microsoft Sentinel Responder Role",
+              "1. Select the Playbook (Logic App) resource",
+              "2. Click on Identity Blade",
+              "3. Choose System assigned tab",
+              "4. Click on Azure role assignments",
+              "5. Click on Add role assignments",
+              "6. Select Scope - Resource group",
+              "7. Select Subscription - where Playbook has been created",
+              "8. Select Resource group - where Playbook has been created",
+              "9. Select Role - Microsoft Sentinel Responder",
+              "10. Click Save (It takes 3-5 minutes to show the added role.)"
             ],
             "lastUpdateTime": "2022-07-14T00:00:00Z",
             "entities": [
@@ -6098,7 +5992,7 @@
             "releaseNotes": [
               {
                 "version": "1.0.0",
-                "title": "Run MDE Antivirus",
+                "title": "Unisolate MDE Machine",
                 "notes": [
                   "Initial version"
                 ]
@@ -6111,40 +6005,274 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId19')]",
+        "contentId": "[variables('_playbookContentId16')]",
+        "contentKind": "Playbook",
+        "displayName": "Unisolate-MDEMachine",
+        "contentProductId": "[variables('_playbookcontentProductId16')]",
+        "id": "[variables('_playbookcontentProductId16')]",
+        "version": "[variables('playbookVersion16')]"
+      }
+    },
+    {
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('playbookTemplateSpecName17')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "Restrict-MDEDomain-entityTrigger Playbook with template version 3.0.1",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('playbookVersion17')]",
+          "parameters": {
+            "PlaybookName": {
+              "defaultValue": "Restrict-MDEDomain-entityTrigger",
+              "type": "string"
+            }
+          },
+          "variables": {
+            "MicrosoftSentinelConnectionName": "[[concat('MicrosoftSentinel-', parameters('PlaybookName'))]",
+            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
+            "_connection-2": "[[variables('connection-2')]",
+            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
+            "workspace-name": "[parameters('workspace')]",
+            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
+          },
+          "resources": [
+            {
+              "properties": {
+                "provisioningState": "Succeeded",
+                "state": "Enabled",
+                "definition": {
+                  "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
+                  "contentVersion": "1.0.0.0",
+                  "parameters": {
+                    "$connections": {
+                      "type": "Object"
+                    }
+                  },
+                  "triggers": {
+                    "Microsoft_Sentinel_entity_(DNS)": {
+                      "type": "ApiConnectionWebhook",
+                      "inputs": {
+                        "body": {
+                          "callback_url": "@{listCallbackUrl()}"
+                        },
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['azuresentinel_1']['connectionId']"
+                          }
+                        },
+                        "path": "/entity/@{encodeURIComponent('DNS')}"
+                      }
+                    }
+                  },
+                  "actions": {
+                    "Condition": {
+                      "actions": {
+                        "Add_comment_to_incident_(V3)": {
+                          "type": "ApiConnection",
+                          "inputs": {
+                            "body": {
+                              "incidentArmId": "@triggerBody()?['IncidentArmID']",
+                              "message": "<p><br>\nAn AlertAndBlock request has been sent to the security centre API for the domain: @{triggerBody()?['Entity']?['properties']?['DomainName']}. Note that the expiration time on this request is 90 days.<br>\nThe response from the API was: @{outputs('HTTP_-_AlertAndBlock')['statusCode']}</p>"
+                            },
+                            "host": {
+                              "connection": {
+                                "name": "@parameters('$connections')['azuresentinel_1']['connectionId']"
+                              }
+                            },
+                            "method": "post",
+                            "path": "/Incidents/Comment"
+                          }
+                        }
+                      },
+                      "runAfter": {
+                        "HTTP_-_AlertAndBlock": [
+                          "Succeeded"
+                        ]
+                      },
+                      "expression": {
+                        "and": [
+                          {
+                            "not": {
+                              "equals": [
+                                "@triggerBody()?['IncidentArmID']",
+                                "@null"
+                              ]
+                            }
+                          }
+                        ]
+                      },
+                      "type": "If"
+                    },
+                    "HTTP_-_AlertAndBlock": {
+                      "type": "Http",
+                      "inputs": {
+                        "authentication": {
+                          "audience": "https://api.securitycenter.windows.com/",
+                          "type": "ManagedServiceIdentity"
+                        },
+                        "body": {
+                          "action": "AlertAndBlock",
+                          "application": "Microsoft Sentinel",
+                          "description": "This block command has been made through the Restrict-MDEDomain-entityTrigger. Ran on URL Entity from Microsoft Sentinel Incident with ARM ID: @{triggerBody()?['IncidentArmID']}. Entity properties: @{triggerBody()?['Entity']?['properties']}",
+                          "expirationTime": "@{addDays(utcNow(), 90)}",
+                          "indicatorType": "DomainName",
+                          "indicatorValue": "@{triggerBody()?['Entity']?['properties']?['DomainName']}",
+                          "title": "@{guid()}"
+                        },
+                        "method": "POST",
+                        "uri": "https://api.securitycenter.windows.com/api/indicators"
+                      }
+                    }
+                  }
+                },
+                "parameters": {
+                  "$connections": {
+                    "value": {
+                      "azuresentinel_1": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
+                        "connectionName": "[[variables('MicrosoftSentinelConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
+                        "connectionProperties": {
+                          "authentication": {
+                            "type": "ManagedServiceIdentity"
+                          }
+                        }
+                      }
+                    }
+                  }
+                }
+              },
+              "name": "[[parameters('PlaybookName')]",
+              "type": "Microsoft.Logic/workflows",
+              "location": "[[variables('workspace-location-inline')]",
+              "tags": {
+                "hidden-SentinelTemplateName": "Restrict-MDEDomain-entityTrigger",
+                "hidden-SentinelTemplateVersion": "1.0",
+                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
+              },
+              "identity": {
+                "type": "SystemAssigned"
+              },
+              "apiVersion": "2017-07-01",
+              "dependsOn": [
+                "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]"
+              ]
+            },
+            {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('MicrosoftSentinelConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
+              "properties": {
+                "displayName": "[[variables('MicrosoftSentinelConnectionName')]",
+                "parameterValueType": "Alternative",
+                "api": {
+                  "id": "[[variables('_connection-2')]"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
+              "apiVersion": "2022-01-01-preview",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId17'),'/'))))]",
+              "properties": {
+                "parentId": "[variables('playbookId17')]",
+                "contentId": "[variables('_playbookContentId17')]",
+                "kind": "Playbook",
+                "version": "[variables('playbookVersion17')]",
+                "source": {
+                  "kind": "Solution",
+                  "name": "MicrosoftDefenderForEndpoint",
+                  "sourceId": "[variables('_solutionId')]"
+                },
+                "author": {
+                  "name": "Microsoft",
+                  "email": "[variables('_email')]"
+                },
+                "support": {
+                  "name": "Microsoft Corporation",
+                  "email": "support@microsoft.com",
+                  "tier": "Microsoft",
+                  "link": "https://support.microsoft.com"
+                }
+              }
+            }
+          ],
+          "metadata": {
+            "title": "Restrict MDE Domain - Entity Triggered",
+            "description": "This playbook will take the triggering entity and generate an alert and block threat indicator for the domain in MDE for 90 days.",
+            "prerequisites": "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions and assign Microsoft Sentinel Reader to the resource group for the managed identity. Run the following code replacing the managed identity object id, subscriptionId and resource group. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $SubscriptionId = '<Enter your subsciption id here>' \n\n $ResourceGroup = '<Enter your resource group here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $RoleName = 'Microsoft Sentinel Responder' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n New-AzRoleAssignment -ObjectId $MIGuid -RoleDefinitionName $RoleName -Scope /subscriptions/$SubscriptionId/resourcegroups/$ResourceGroup \n\n ```",
+            "postDeployment": [
+              "Assign Playbook Microsoft Sentinel Responder Role",
+              "1. Select the Playbook (Logic App) resource",
+              "2. Click on Identity Blade",
+              "3. Choose System assigned tab",
+              "4. Click on Azure role assignments",
+              "5. Click on Add role assignments",
+              "6. Select Scope - Resource group",
+              "7. Select Subscription - where Playbook has been created",
+              "8. Select Resource group - where Playbook has been created",
+              "9. Select Role - Microsoft Sentinel Responder",
+              "10. Click Save (It takes 3-5 minutes to show the added role.)"
+            ],
+            "lastUpdateTime": "2023-02-26T00:00:00Z",
+            "entities": [
+              "Url"
+            ],
+            "tags": [
+              "Remediation"
+            ],
+            "releaseNotes": {
+              "version": "1.0",
+              "title": "[variables('blanks')]",
+              "notes": [
+                "Initial version"
+              ]
+            }
+          }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_playbookContentId17')]",
         "contentKind": "Playbook",
-        "displayName": "Run-MDEAntivirus",
-        "contentProductId": "[variables('_playbookcontentProductId19')]",
-        "id": "[variables('_playbookcontentProductId19')]",
-        "version": "[variables('playbookVersion19')]"
+        "displayName": "Restrict-MDEDomain-entityTrigger",
+        "contentProductId": "[variables('_playbookcontentProductId17')]",
+        "id": "[variables('_playbookcontentProductId17')]",
+        "version": "[variables('playbookVersion17')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName20')]",
+      "name": "[variables('playbookTemplateSpecName18')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Unisolate-MDE-Machine-entityTrigger Playbook with template version 3.0.1",
+        "description": "Restrict-MDEFileHash-entityTrigger Playbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion20')]",
+          "contentVersion": "[variables('playbookVersion18')]",
           "parameters": {
             "PlaybookName": {
-              "defaultValue": "Unisolate-MDE-Machine-entityTrigger",
+              "defaultValue": "Restrict-MDEFileHash-entityTrigger",
               "type": "string"
             }
           },
           "variables": {
             "MicrosoftSentinelConnectionName": "[[concat('MicrosoftSentinel-', parameters('PlaybookName'))]",
-            "WdatpConnectionName": "[[concat('Wdatp-', parameters('PlaybookName'))]",
             "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
             "_connection-2": "[[variables('connection-2')]",
-            "connection-3": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Wdatp')]",
-            "_connection-3": "[[variables('connection-3')]",
             "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
             "workspace-name": "[parameters('workspace')]",
             "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
@@ -6163,7 +6291,7 @@
                     }
                   },
                   "triggers": {
-                    "Microsoft_Sentinel_entity": {
+                    "Microsoft_Sentinel_entity_(FileHash)": {
                       "type": "ApiConnectionWebhook",
                       "inputs": {
                         "body": {
@@ -6171,41 +6299,26 @@
                         },
                         "host": {
                           "connection": {
-                            "name": "@parameters('$connections')['microsoftsentinel']['connectionId']"
+                            "name": "@parameters('$connections')['azuresentinel_2']['connectionId']"
                           }
                         },
-                        "path": "/entity/@{encodeURIComponent('Host')}"
+                        "path": "/entity/@{encodeURIComponent('FileHash')}"
                       }
                     }
                   },
                   "actions": {
-                    "Actions_-_Unisolate_machine": {
-                      "type": "ApiConnection",
-                      "inputs": {
-                        "body": {
-                          "Comment": "Host is unisolated from Microsoft Sentinel using playbook Unisolate-MDE-machine-entityTrigger."
-                        },
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['wdatp']['connectionId']"
-                          }
-                        },
-                        "method": "post",
-                        "path": "/api/machines/@{encodeURIComponent(triggerBody()?['entity']?['properties']?['additionalData']?['MdatpDeviceId'])}/unisolate"
-                      }
-                    },
                     "Condition": {
                       "actions": {
-                        "Add_comment_to_incident_(V3)_-_device_unisolated": {
+                        "Add_comment_to_incident_(V3)_2": {
                           "type": "ApiConnection",
                           "inputs": {
                             "body": {
                               "incidentArmId": "@triggerBody()?['IncidentArmID']",
-                              "message": "<p>Host - @{triggerBody()?['Entity']?['properties']?['HostName']} - is succesfully unisolated!</p>"
+                              "message": "<p>An AlertAndBlock request has been sent to the security centre API for file with hash: @{triggerBody()?['Entity']?['properties']?['Value']}. Note that the expiration time on this is 90 days.<br>\nThe response from the API was: @{outputs('HTTP_Alert_and_Block_Sha1')['statusCode']}</p>"
                             },
                             "host": {
                               "connection": {
-                                "name": "@parameters('$connections')['microsoftsentinel']['connectionId']"
+                                "name": "@parameters('$connections')['azuresentinel_2']['connectionId']"
                               }
                             },
                             "method": "post",
@@ -6214,7 +6327,7 @@
                         }
                       },
                       "runAfter": {
-                        "Actions_-_Unisolate_machine": [
+                        "Switch": [
                           "Succeeded"
                         ]
                       },
@@ -6227,17 +6340,95 @@
                                 "@null"
                               ]
                             }
+                          },
+                          {
+                            "or": [
+                              {
+                                "equals": [
+                                  "@triggerBody()?['Entity']?['properties']?['Algorithm']",
+                                  "SHA1"
+                                ]
+                              },
+                              {
+                                "equals": [
+                                  "@triggerBody()?['Entity']?['properties']?['Algorithm']",
+                                  "SHA256"
+                                ]
+                              }
+                            ]
                           }
                         ]
                       },
                       "type": "If"
+                    },
+                    "Switch": {
+                      "cases": {
+                        "If_Encoding_==_SHA1": {
+                          "case": "SHA1",
+                          "actions": {
+                            "HTTP_Alert_and_Block_Sha1": {
+                              "type": "Http",
+                              "inputs": {
+                                "authentication": {
+                                  "audience": "https://api.securitycenter.windows.com/",
+                                  "type": "ManagedServiceIdentity"
+                                },
+                                "body": {
+                                  "action": "AlertAndBlock",
+                                  "application": "Microsoft Sentinel",
+                                  "description": "Placeholder description from Automated Restrict-MDEFileHash-entityTrigger App. Incident ARM ID: @{triggerBody()?['IncidentArmID']} File Entity Properties: @{triggerBody()?['Entity']?['properties']}",
+                                  "expirationTime": "@{addDays(utcNow(), 90)}",
+                                  "indicatorType": "FileSha1",
+                                  "indicatorValue": "@{triggerBody()?['Entity']?['properties']?['Value']}",
+                                  "title": "@{guid()}"
+                                },
+                                "headers": {
+                                  "Content-type": "application/json"
+                                },
+                                "method": "POST",
+                                "uri": "https://api.securitycenter.windows.com/api/indicators"
+                              }
+                            }
+                          }
+                        },
+                        "If_Encoding_==_SHA256": {
+                          "case": "SHA256",
+                          "actions": {
+                            "HTTP_Alert_and_Block_Sha256": {
+                              "type": "Http",
+                              "inputs": {
+                                "authentication": {
+                                  "audience": "https://api.securitycenter.windows.com/",
+                                  "type": "ManagedServiceIdentity"
+                                },
+                                "body": {
+                                  "action": "AlertAndBlock",
+                                  "application": "Microsoft Sentinel",
+                                  "description": "Placeholder description from Automated Restrict-MDEFileHash-entityTrigger App. Incident ARM ID: @{triggerBody()?['IncidentArmID']} File Entity Properties: @{triggerBody()?['Entity']?['properties']}",
+                                  "expirationTime": "@{addDays(utcNow(), 90)}",
+                                  "indicatorType": "FileSha256",
+                                  "indicatorValue": "@{triggerBody()?['Entity']?['properties']?['Value']}",
+                                  "title": "@{guid()}"
+                                },
+                                "headers": {
+                                  "Content-type": "application/json"
+                                },
+                                "method": "POST",
+                                "uri": "https://api.securitycenter.windows.com/api/indicators"
+                              }
+                            }
+                          }
+                        }
+                      },
+                      "expression": "@triggerBody()?['Entity']?['properties']?['Algorithm']",
+                      "type": "Switch"
                     }
                   }
                 },
                 "parameters": {
                   "$connections": {
                     "value": {
-                      "microsoftsentinel": {
+                      "azuresentinel_2": {
                         "connectionId": "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
                         "connectionName": "[[variables('MicrosoftSentinelConnectionName')]",
                         "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
@@ -6246,16 +6437,6 @@
                             "type": "ManagedServiceIdentity"
                           }
                         }
-                      },
-                      "wdatp": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('WdatpConnectionName'))]",
-                        "connectionName": "[[variables('WdatpConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Wdatp')]",
-                        "connectionProperties": {
-                          "authentication": {
-                            "type": "ManagedServiceIdentity"
-                          }
-                        }
                       }
                     }
                   }
@@ -6265,7 +6446,7 @@
               "type": "Microsoft.Logic/workflows",
               "location": "[[variables('workspace-location-inline')]",
               "tags": {
-                "hidden-SentinelTemplateName": "Unisolate-MDE-Machine-entityTrigger",
+                "hidden-SentinelTemplateName": "Restrict-MDEFileHash-entityTrigger",
                 "hidden-SentinelTemplateVersion": "1.0",
                 "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
               },
@@ -6274,8 +6455,7 @@
               },
               "apiVersion": "2017-07-01",
               "dependsOn": [
-                "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
-                "[[resourceId('Microsoft.Web/connections', variables('WdatpConnectionName'))]"
+                "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]"
               ]
             },
             {
@@ -6292,29 +6472,15 @@
                 }
               }
             },
-            {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('WdatpConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "kind": "V1",
-              "properties": {
-                "displayName": "[[variables('WdatpConnectionName')]",
-                "parameterValueType": "Alternative",
-                "api": {
-                  "id": "[[variables('_connection-3')]"
-                }
-              }
-            },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId20'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId18'),'/'))))]",
               "properties": {
-                "parentId": "[variables('playbookId20')]",
-                "contentId": "[variables('_playbookContentId20')]",
+                "parentId": "[variables('playbookId18')]",
+                "contentId": "[variables('_playbookContentId18')]",
                 "kind": "Playbook",
-                "version": "[variables('playbookVersion20')]",
+                "version": "[variables('playbookVersion18')]",
                 "source": {
                   "kind": "Solution",
                   "name": "MicrosoftDefenderForEndpoint",
@@ -6334,15 +6500,28 @@
             }
           ],
           "metadata": {
-            "title": "Unisolate MDE Machine using entity trigger",
-            "description": "This playbook will unisolate Microsoft Defender for Endpoint (MDE) device using entity trigger.",
+            "title": "Restrict MDE FileHash - Entity Triggered",
+            "description": "This playbook will take the triggering FileHash entity and generate an alert and block threat indicator for the file hash in MDE for 90 days.",
+            "prerequisites": "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions and assign Microsoft Sentinel Reader to the resource group for the managed identity. Run the following code replacing the managed identity object id, subscriptionId and resource group. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $SubscriptionId = '<Enter your subsciption id here>' \n\n $ResourceGroup = '<Enter your resource group here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $RoleName = 'Microsoft Sentinel Responder' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n New-AzRoleAssignment -ObjectId $MIGuid -RoleDefinitionName $RoleName -Scope /subscriptions/$SubscriptionId/resourcegroups/$ResourceGroup \n\n ```",
             "postDeployment": [
-              "1. Add Microsoft Sentinel Responder role to the managed identity.",
-              "2. Assign Machine.Isolate API permissions to the managed identity."
+              "Assign Playbook Microsoft Sentinel Responder Role",
+              "1. Select the Playbook (Logic App) resource",
+              "2. Click on Identity Blade",
+              "3. Choose System assigned tab",
+              "4. Click on Azure role assignments",
+              "5. Click on Add role assignments",
+              "6. Select Scope - Resource group",
+              "7. Select Subscription - where Playbook has been created",
+              "8. Select Resource group - where Playbook has been created",
+              "9. Select Role - Microsoft Sentinel Responder",
+              "10. Click Save (It takes 3-5 minutes to show the added role.)"
             ],
-            "lastUpdateTime": "2022-12-22T00:00:00Z",
+            "lastUpdateTime": "2023-02-26T00:00:00Z",
             "entities": [
-              "Host"
+              "FileHash"
+            ],
+            "tags": [
+              "Remediation"
             ],
             "releaseNotes": {
               "version": "1.0",
@@ -6358,251 +6537,141 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId20')]",
+        "contentId": "[variables('_playbookContentId18')]",
         "contentKind": "Playbook",
-        "displayName": "Unisolate-MDE-Machine-entityTrigger",
-        "contentProductId": "[variables('_playbookcontentProductId20')]",
-        "id": "[variables('_playbookcontentProductId20')]",
-        "version": "[variables('playbookVersion20')]"
+        "displayName": "Restrict-MDEFileHash-entityTrigger",
+        "contentProductId": "[variables('_playbookcontentProductId18')]",
+        "id": "[variables('_playbookcontentProductId18')]",
+        "version": "[variables('playbookVersion18')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName21')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "Unisolate-MDEMachine Playbook with template version 3.0.1",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion21')]",
-          "parameters": {
-            "PlaybookName": {
-              "defaultValue": "Unisolate-MDEMachine",
-              "type": "string"
-            }
-          },
-          "variables": {
-            "AzureSentinelConnectionName": "[[concat('azuresentinel-', parameters('PlaybookName'))]",
-            "MDATPConnectionName": "[[concat('wdatp-', parameters('PlaybookName'))]",
-            "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
-            "_connection-1": "[[variables('connection-1')]",
-            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/wdatp')]",
-            "_connection-2": "[[variables('connection-2')]",
-            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
-            "workspace-name": "[parameters('workspace')]",
-            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
-          },
-          "resources": [
-            {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('AzureSentinelConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "kind": "V1",
-              "properties": {
-                "displayName": "[[parameters('PlaybookName')]",
-                "parameterValueType": "Alternative",
-                "api": {
-                  "id": "[[variables('_connection-1')]"
-                }
-              }
-            },
-            {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('MDATPConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "kind": "V1",
-              "properties": {
-                "displayName": "[[parameters('PlaybookName')]",
-                "parameterValueType": "Alternative",
-                "api": {
-                  "id": "[[variables('_connection-2')]"
-                }
-              }
-            },
+      "apiVersion": "2023-04-01-preview",
+      "name": "[variables('playbookTemplateSpecName19')]",
+      "location": "[parameters('workspace-location')]",
+      "dependsOn": [
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
+      ],
+      "properties": {
+        "description": "Restrict-MDEIP-entityTrigger Playbook with template version 3.0.1",
+        "mainTemplate": {
+          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+          "contentVersion": "[variables('playbookVersion19')]",
+          "parameters": {
+            "PlaybookName": {
+              "defaultValue": "Restrict-MDEIP-entityTrigger",
+              "type": "string"
+            }
+          },
+          "variables": {
+            "MicrosoftSentinelConnectionName": "[[concat('MicrosoftSentinel-', parameters('PlaybookName'))]",
+            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
+            "_connection-2": "[[variables('connection-2')]",
+            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
+            "workspace-name": "[parameters('workspace')]",
+            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
+          },
+          "resources": [
             {
-              "type": "Microsoft.Logic/workflows",
-              "apiVersion": "2017-07-01",
-              "name": "[[parameters('PlaybookName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "tags": {
-                "LogicAppsCategory": "security",
-                "hidden-SentinelTemplateName": "Unisolate-MDEMachine_alert",
-                "hidden-SentinelTemplateVersion": "1.0",
-                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
-              },
-              "identity": {
-                "type": "SystemAssigned"
-              },
-              "dependsOn": [
-                "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]",
-                "[[resourceId('Microsoft.Web/connections', variables('MDATPConnectionName'))]"
-              ],
               "properties": {
+                "provisioningState": "Succeeded",
                 "state": "Enabled",
                 "definition": {
                   "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
-                  "actions": {
-                    "Alert_-_Get_incident": {
+                  "contentVersion": "1.0.0.0",
+                  "parameters": {
+                    "$connections": {
+                      "type": "Object"
+                    }
+                  },
+                  "triggers": {
+                    "Microsoft_Sentinel_entity_(IP)": {
+                      "type": "ApiConnectionWebhook",
                       "inputs": {
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                          }
+                        "body": {
+                          "callback_url": "@{listCallbackUrl()}"
                         },
-                        "method": "get",
-                        "path": "/Incidents/subscriptions/@{encodeURIComponent(triggerBody()?['WorkspaceSubscriptionId'])}/resourceGroups/@{encodeURIComponent(triggerBody()?['WorkspaceResourceGroup'])}/workspaces/@{encodeURIComponent(triggerBody()?['WorkspaceId'])}/alerts/@{encodeURIComponent(triggerBody()?['SystemAlertId'])}"
-                      },
-                      "type": "ApiConnection"
-                    },
-                    "Entities_-_Get_Hosts": {
-                      "inputs": {
-                        "body": "@triggerBody()?['Entities']",
                         "host": {
                           "connection": {
-                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                            "name": "@parameters('$connections')['azuresentinel_1']['connectionId']"
                           }
                         },
-                        "method": "post",
-                        "path": "/entities/host"
-                      },
-                      "runAfter": {
-                        "Alert_-_Get_incident": [
-                          "Succeeded"
-                        ]
-                      },
-                      "type": "ApiConnection"
-                    },
-                    "For_each": {
+                        "path": "/entity/@{encodeURIComponent('IP')}"
+                      }
+                    }
+                  },
+                  "actions": {
+                    "Condition": {
                       "actions": {
-                        "Condition": {
-                          "actions": {
-                            "Actions_-_Unisolate_machine": {
-                              "inputs": {
-                                "body": {
-                                  "Comment": "Relased from isolation from playbook for Microsoft Sentinel Incident:  @{body('Alert_-_Get_incident')?['properties']?['incidentNumber']} - @{body('Alert_-_Get_incident')?['properties']?['title']}"
-                                },
-                                "host": {
-                                  "connection": {
-                                    "name": "@parameters('$connections')['wdatp']['connectionId']"
-                                  }
-                                },
-                                "method": "post",
-                                "path": "/api/machines/@{encodeURIComponent(items('For_each')?['MdatpDeviceId'])}/unisolate"
-                              },
-                              "type": "ApiConnection"
+                        "Add_comment_to_incident_(V3)": {
+                          "type": "ApiConnection",
+                          "inputs": {
+                            "body": {
+                              "incidentArmId": "@triggerBody()?['IncidentArmID']",
+                              "message": "<p>An AlertAndBlock request has been sent to the security centre API for the IP address@{triggerBody()?['Entity']?['properties']?['Address']} . Note that the expiration time for this request is 90 days.<br>\nHTTP Response of AlertAndBlock request: @{outputs('HTTP_-_Alert_And_Block_IP')['statusCode']}</p>"
                             },
-                            "Add_comment_to_incident_(V3)": {
-                              "inputs": {
-                                "body": {
-                                  "incidentArmId": "@body('Alert_-_Get_incident')?['id']",
-                                  "message": "<p>@{items('For_each')?['HostName']} was released from isolation in MDE and the status was </p>"
-                                },
-                                "host": {
-                                  "connection": {
-                                    "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                                  }
-                                },
-                                "method": "post",
-                                "path": "/Incidents/Comment"
-                              },
-                              "runAfter": {
-                                "Actions_-_Unisolate_machine": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "type": "ApiConnection"
-                            }
-                          },
-                          "else": {
-                            "actions": {
-                              "Add_comment_to_incident_(V3)_2": {
-                                "inputs": {
-                                  "body": {
-                                    "incidentArmId": "@body('Alert_-_Get_incident')?['id']",
-                                    "message": "<p>@{items('For_each')?['HostName']} does not have MDEDeviceID in the Entities list. &nbsp;It was not released from isolation.&nbsp;</p>"
-                                  },
-                                  "host": {
-                                    "connection": {
-                                      "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                                    }
-                                  },
-                                  "method": "post",
-                                  "path": "/Incidents/Comment"
-                                },
-                                "type": "ApiConnection"
-                              }
-                            }
-                          },
-                          "expression": {
-                            "and": [
-                              {
-                                "not": {
-                                  "equals": [
-                                    "@items('For_each')?['MdatpDeviceId']",
-                                    "@null"
-                                  ]
-                                }
+                            "host": {
+                              "connection": {
+                                "name": "@parameters('$connections')['azuresentinel_1']['connectionId']"
                               }
-                            ]
-                          },
-                          "type": "If"
+                            },
+                            "method": "post",
+                            "path": "/Incidents/Comment"
+                          }
                         }
                       },
-                      "foreach": "@body('Entities_-_Get_Hosts')?['Hosts']",
                       "runAfter": {
-                        "Entities_-_Get_Hosts": [
+                        "HTTP_-_Alert_And_Block_IP": [
                           "Succeeded"
                         ]
                       },
-                      "type": "Foreach"
-                    }
-                  },
-                  "contentVersion": "1.0.0.0",
-                  "parameters": {
-                    "$connections": {
-                      "type": "Object"
-                    }
-                  },
-                  "triggers": {
-                    "Microsoft_Sentinel_alert": {
+                      "expression": {
+                        "and": [
+                          {
+                            "not": {
+                              "equals": [
+                                "@triggerBody()?['IncidentArmID']",
+                                "@null"
+                              ]
+                            }
+                          }
+                        ]
+                      },
+                      "type": "If"
+                    },
+                    "HTTP_-_Alert_And_Block_IP": {
+                      "type": "Http",
                       "inputs": {
+                        "authentication": {
+                          "audience": "https://api.securitycenter.windows.com",
+                          "type": "ManagedServiceIdentity"
+                        },
                         "body": {
-                          "callback_url": "@{listCallbackUrl()}"
+                          "action": "AlertAndBlock",
+                          "application": "Microsoft Sentinel",
+                          "description": "IP blocked by Restrict-MDEIP-entityTrigger Logic app from an entity in Microsoft Sentinel Incident (ARM ID): @{triggerBody()?['IncidentArmID']}. Properties: @{triggerBody()?['Entity']?['properties']}",
+                          "expirationTime": "@{addDays(utcNow(), 90)}",
+                          "indicatorType": "IpAddress",
+                          "indicatorValue": "@{triggerBody()?['Entity']?['properties']?['Address']}",
+                          "title": "@{guid()}"
                         },
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                          }
+                        "headers": {
+                          "Content-type": "application/json"
                         },
-                        "path": "/subscribe"
-                      },
-                      "type": "ApiConnectionWebhook"
+                        "method": "POST",
+                        "uri": "https://api.securitycenter.windows.com/api/indicators"
+                      }
                     }
                   }
                 },
                 "parameters": {
                   "$connections": {
                     "value": {
-                      "azuresentinel": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]",
-                        "connectionName": "[[variables('AzureSentinelConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
-                        "connectionProperties": {
-                          "authentication": {
-                            "type": "ManagedServiceIdentity"
-                          }
-                        }
-                      },
-                      "wdatp": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('MDATPConnectionName'))]",
-                        "connectionName": "[[variables('MDATPConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/wdatp')]",
+                      "azuresentinel_1": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
+                        "connectionName": "[[variables('MicrosoftSentinelConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
                         "connectionProperties": {
                           "authentication": {
                             "type": "ManagedServiceIdentity"
@@ -6612,17 +6681,46 @@
                     }
                   }
                 }
+              },
+              "name": "[[parameters('PlaybookName')]",
+              "type": "Microsoft.Logic/workflows",
+              "location": "[[variables('workspace-location-inline')]",
+              "tags": {
+                "hidden-SentinelTemplateName": "Restrict-MDEIP-entityTrigger",
+                "hidden-SentinelTemplateVersion": "1.0",
+                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
+              },
+              "identity": {
+                "type": "SystemAssigned"
+              },
+              "apiVersion": "2017-07-01",
+              "dependsOn": [
+                "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]"
+              ]
+            },
+            {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('MicrosoftSentinelConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
+              "properties": {
+                "displayName": "[[variables('MicrosoftSentinelConnectionName')]",
+                "parameterValueType": "Alternative",
+                "api": {
+                  "id": "[[variables('_connection-2')]"
+                }
               }
             },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId21'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId19'),'/'))))]",
               "properties": {
-                "parentId": "[variables('playbookId21')]",
-                "contentId": "[variables('_playbookContentId21')]",
+                "parentId": "[variables('playbookId19')]",
+                "contentId": "[variables('_playbookContentId19')]",
                 "kind": "Playbook",
-                "version": "[variables('playbookVersion21')]",
+                "version": "[variables('playbookVersion19')]",
                 "source": {
                   "kind": "Solution",
                   "name": "MicrosoftDefenderForEndpoint",
@@ -6642,27 +6740,36 @@
             }
           ],
           "metadata": {
-            "title": "Unisolate MDE Machine - Alert Triggered",
-            "description": "This playbook will release a machine from isolation in Microsoft Defender for Endpoint.",
-            "prerequisites": [
-              "- You will need to grant Machine.Isolate permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Machine.Isolate' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"
+            "title": "Restrict MDE Ip Address - Entity Triggered",
+            "description": "This playbook will and generate alert and block threat indicators for the IP entity in MDE for 90 days.",
+            "prerequisites": "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions and assign Microsoft Sentinel Reader to the resource group for the managed identity. Run the following code replacing the managed identity object id, subscriptionId and resource group. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $SubscriptionId = '<Enter your subsciption id here>' \n\n $ResourceGroup = '<Enter your resource group here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $RoleName = 'Microsoft Sentinel Responder' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n New-AzRoleAssignment -ObjectId $MIGuid -RoleDefinitionName $RoleName -Scope /subscriptions/$SubscriptionId/resourcegroups/$ResourceGroup \n\n ```",
+            "postDeployment": [
+              "Assign Playbook Microsoft Sentinel Responder Role",
+              "1. Select the Playbook (Logic App) resource",
+              "2. Click on Identity Blade",
+              "3. Choose System assigned tab",
+              "4. Click on Azure role assignments",
+              "5. Click on Add role assignments",
+              "6. Select Scope - Resource group",
+              "7. Select Subscription - where Playbook has been created",
+              "8. Select Resource group - where Playbook has been created",
+              "9. Select Role - Microsoft Sentinel Responder",
+              "10. Click Save (It takes 3-5 minutes to show the added role.)"
             ],
-            "lastUpdateTime": "2022-07-14T00:00:00Z",
+            "lastUpdateTime": "2023-02-26T00:00:00Z",
             "entities": [
-              "Host"
+              "Ip"
             ],
             "tags": [
               "Remediation"
             ],
-            "releaseNotes": [
-              {
-                "version": "1.0.0",
-                "title": "Unisolate MDE Machine",
-                "notes": [
-                  "Initial version"
-                ]
-              }
-            ]
+            "releaseNotes": {
+              "version": "1.0",
+              "title": "[variables('blanks')]",
+              "notes": [
+                "Initial version"
+              ]
+            }
           }
         },
         "packageKind": "Solution",
@@ -6670,39 +6777,36 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId21')]",
+        "contentId": "[variables('_playbookContentId19')]",
         "contentKind": "Playbook",
-        "displayName": "Unisolate-MDEMachine",
-        "contentProductId": "[variables('_playbookcontentProductId21')]",
-        "id": "[variables('_playbookcontentProductId21')]",
-        "version": "[variables('playbookVersion21')]"
+        "displayName": "Restrict-MDEIP-entityTrigger",
+        "contentProductId": "[variables('_playbookcontentProductId19')]",
+        "id": "[variables('_playbookcontentProductId19')]",
+        "version": "[variables('playbookVersion19')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('playbookTemplateSpecName22')]",
+      "name": "[variables('playbookTemplateSpecName20')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Unisolate-MDEMachine Playbook with template version 3.0.1",
+        "description": "Restrict-MDEUrl-entityTrigger Playbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('playbookVersion22')]",
+          "contentVersion": "[variables('playbookVersion20')]",
           "parameters": {
             "PlaybookName": {
-              "defaultValue": "Unisolate-MDEMachine",
+              "defaultValue": "Restrict-MDEUrl-entityTrigger",
               "type": "string"
             }
           },
           "variables": {
-            "AzureSentinelConnectionName": "[[concat('azuresentinel-', parameters('PlaybookName'))]",
-            "MDATPConnectionName": "[[concat('wdatp-', parameters('PlaybookName'))]",
-            "connection-1": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
-            "_connection-1": "[[variables('connection-1')]",
-            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/wdatp')]",
+            "MicrosoftSentinelConnectionName": "[[concat('MicrosoftSentinel-', parameters('PlaybookName'))]",
+            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
             "_connection-2": "[[variables('connection-2')]",
             "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
             "workspace-name": "[parameters('workspace')]",
@@ -6710,194 +6814,101 @@
           },
           "resources": [
             {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('AzureSentinelConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "kind": "V1",
-              "properties": {
-                "displayName": "[[parameters('PlaybookName')]",
-                "parameterValueType": "Alternative",
-                "api": {
-                  "id": "[[variables('_connection-1')]"
-                }
-              }
-            },
-            {
-              "type": "Microsoft.Web/connections",
-              "apiVersion": "2016-06-01",
-              "name": "[[variables('MDATPConnectionName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "kind": "V1",
-              "properties": {
-                "displayName": "[[parameters('PlaybookName')]",
-                "parameterValueType": "Alternative",
-                "api": {
-                  "id": "[[variables('_connection-2')]"
-                }
-              }
-            },
-            {
-              "type": "Microsoft.Logic/workflows",
-              "apiVersion": "2017-07-01",
-              "name": "[[parameters('PlaybookName')]",
-              "location": "[[variables('workspace-location-inline')]",
-              "tags": {
-                "LogicAppsCategory": "security",
-                "hidden-SentinelTemplateName": "Unisolate-MDEMachine",
-                "hidden-SentinelTemplateVersion": "1.1",
-                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
-              },
-              "identity": {
-                "type": "SystemAssigned"
-              },
-              "dependsOn": [
-                "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]",
-                "[[resourceId('Microsoft.Web/connections', variables('MDATPConnectionName'))]"
-              ],
               "properties": {
+                "provisioningState": "Succeeded",
                 "state": "Enabled",
                 "definition": {
                   "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
-                  "actions": {
-                    "Entities_-_Get_Hosts": {
+                  "contentVersion": "1.0.0.0",
+                  "parameters": {
+                    "$connections": {
+                      "type": "Object"
+                    }
+                  },
+                  "triggers": {
+                    "Microsoft_Sentinel_entity_(URL)": {
+                      "type": "ApiConnectionWebhook",
                       "inputs": {
-                        "body": "@triggerBody()?['object']?['properties']?['relatedEntities']",
+                        "body": {
+                          "callback_url": "@{listCallbackUrl()}"
+                        },
                         "host": {
                           "connection": {
-                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
+                            "name": "@parameters('$connections')['azuresentinel_1']['connectionId']"
                           }
                         },
-                        "method": "post",
-                        "path": "/entities/host"
-                      },
-                      "type": "ApiConnection"
-                    },
-                    "For_each": {
+                        "path": "/entity/@{encodeURIComponent('UrlEntity')}"
+                      }
+                    }
+                  },
+                  "actions": {
+                    "Condition": {
                       "actions": {
-                        "Condition": {
-                          "actions": {
-                            "Actions_-_Unisolate_machine": {
-                              "inputs": {
-                                "body": {
-                                  "Comment": "Relased from isolation from playbook for Microsoft Sentinel Incident:  @{triggerBody()?['object']?['properties']?['incidentNumber']} - @{triggerBody()?['object']?['properties']?['title']}"
-                                },
-                                "host": {
-                                  "connection": {
-                                    "name": "@parameters('$connections')['wdatp']['connectionId']"
-                                  }
-                                },
-                                "method": "post",
-                                "path": "/api/machines/@{encodeURIComponent(items('For_each')?['additionalData']?['MdatpDeviceId'])}/unisolate"
-                              },
-                              "type": "ApiConnection"
+                        "Add_comment_to_incident_(V3)": {
+                          "type": "ApiConnection",
+                          "inputs": {
+                            "body": {
+                              "incidentArmId": "@triggerBody()?['IncidentArmID']",
+                              "message": "<p>An AlertAndBlock request has been sent to the security centre API to block the URL: @{triggerBody()?['Entity']?['properties']?['Url']}. Note that the expiration time on this is 90 days.<br>\nThe response from the API was: @{outputs('HTTP_-_Alert_And_Block_URL')['statusCode']}</p>"
                             },
-                            "Add_comment_to_incident_(V3)": {
-                              "inputs": {
-                                "body": {
-                                  "incidentArmId": "@triggerBody()?['object']?['id']",
-                                  "message": "<p>@{items('For_each')?['HostName']} was released from isolation in MDE and the status was </p>"
-                                },
-                                "host": {
-                                  "connection": {
-                                    "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                                  }
-                                },
-                                "method": "post",
-                                "path": "/Incidents/Comment"
-                              },
-                              "runAfter": {
-                                "Actions_-_Unisolate_machine": [
-                                  "Succeeded"
-                                ]
-                              },
-                              "type": "ApiConnection"
-                            }
-                          },
-                          "else": {
-                            "actions": {
-                              "Add_comment_to_incident_(V3)_2": {
-                                "inputs": {
-                                  "body": {
-                                    "incidentArmId": "@triggerBody()?['object']?['id']",
-                                    "message": "<p>@{items('For_each')?['HostName']} does not have MDEDeviceID in the Entities list. &nbsp;It was not released from isolation.&nbsp;</p>"
-                                  },
-                                  "host": {
-                                    "connection": {
-                                      "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                                    }
-                                  },
-                                  "method": "post",
-                                  "path": "/Incidents/Comment"
-                                },
-                                "type": "ApiConnection"
-                              }
-                            }
-                          },
-                          "expression": {
-                            "and": [
-                              {
-                                "not": {
-                                  "equals": [
-                                    "@items('For_each')?['additionalData']?['MdatpDeviceId']",
-                                    "@null"
-                                  ]
-                                }
+                            "host": {
+                              "connection": {
+                                "name": "@parameters('$connections')['azuresentinel_1']['connectionId']"
                               }
-                            ]
-                          },
-                          "type": "If"
+                            },
+                            "method": "post",
+                            "path": "/Incidents/Comment"
+                          }
                         }
                       },
-                      "foreach": "@body('Entities_-_Get_Hosts')?['Hosts']",
                       "runAfter": {
-                        "Entities_-_Get_Hosts": [
+                        "HTTP_-_Alert_And_Block_URL": [
                           "Succeeded"
                         ]
                       },
-                      "type": "Foreach"
-                    }
-                  },
-                  "contentVersion": "1.0.0.0",
-                  "parameters": {
-                    "$connections": {
-                      "type": "Object"
-                    }
-                  },
-                  "triggers": {
-                    "Microsoft_Sentinel_incident": {
+                      "expression": {
+                        "and": [
+                          {
+                            "not": {
+                              "equals": [
+                                "@triggerBody()?['IncidentArmID']",
+                                "@null"
+                              ]
+                            }
+                          }
+                        ]
+                      },
+                      "type": "If"
+                    },
+                    "HTTP_-_Alert_And_Block_URL": {
+                      "type": "Http",
                       "inputs": {
-                        "body": {
-                          "callback_url": "@{listCallbackUrl()}"
+                        "authentication": {
+                          "audience": "https://api.securitycenter.windows.com/",
+                          "type": "ManagedServiceIdentity"
                         },
-                        "host": {
-                          "connection": {
-                            "name": "@parameters('$connections')['azuresentinel']['connectionId']"
-                          }
+                        "body": {
+                          "action": "AlertAndBlock",
+                          "application": "Microsoft Sentinel",
+                          "description": "This block command has been made through the Restrict-MDEUrl-entityTrigger. Ran on URL Entity from Microsoft Sentinel Incident with ARM ID: @{triggerBody()?['IncidentArmID']}. Entity properties: @{triggerBody()?['Entity']?['properties']}",
+                          "expirationTime": "@{addDays(utcNow(), 90)}",
+                          "indicatorType": "Url",
+                          "indicatorValue": "@{triggerBody()?['Entity']?['properties']?['Url']}",
+                          "title": "@{guid()}"
                         },
-                        "path": "/incident-creation"
-                      },
-                      "type": "ApiConnectionWebhook"
+                        "method": "POST",
+                        "uri": "https://api.securitycenter.windows.com/api/indicators"
+                      }
                     }
                   }
                 },
                 "parameters": {
                   "$connections": {
                     "value": {
-                      "azuresentinel": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]",
-                        "connectionName": "[[variables('AzureSentinelConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
-                        "connectionProperties": {
-                          "authentication": {
-                            "type": "ManagedServiceIdentity"
-                          }
-                        }
-                      },
-                      "wdatp": {
-                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('MDATPConnectionName'))]",
-                        "connectionName": "[[variables('MDATPConnectionName')]",
-                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/wdatp')]",
+                      "azuresentinel_1": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
+                        "connectionName": "[[variables('MicrosoftSentinelConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
                         "connectionProperties": {
                           "authentication": {
                             "type": "ManagedServiceIdentity"
@@ -6907,17 +6918,46 @@
                     }
                   }
                 }
+              },
+              "name": "[[parameters('PlaybookName')]",
+              "type": "Microsoft.Logic/workflows",
+              "location": "[[variables('workspace-location-inline')]",
+              "tags": {
+                "hidden-SentinelTemplateName": "Restrict-MDEUrl-entityTrigger",
+                "hidden-SentinelTemplateVersion": "1.0",
+                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
+              },
+              "identity": {
+                "type": "SystemAssigned"
+              },
+              "apiVersion": "2017-07-01",
+              "dependsOn": [
+                "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]"
+              ]
+            },
+            {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('MicrosoftSentinelConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
+              "properties": {
+                "displayName": "[[variables('MicrosoftSentinelConnectionName')]",
+                "parameterValueType": "Alternative",
+                "api": {
+                  "id": "[[variables('_connection-2')]"
+                }
               }
             },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId22'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId20'),'/'))))]",
               "properties": {
-                "parentId": "[variables('playbookId22')]",
-                "contentId": "[variables('_playbookContentId22')]",
+                "parentId": "[variables('playbookId20')]",
+                "contentId": "[variables('_playbookContentId20')]",
                 "kind": "Playbook",
-                "version": "[variables('playbookVersion22')]",
+                "version": "[variables('playbookVersion20')]",
                 "source": {
                   "kind": "Solution",
                   "name": "MicrosoftDefenderForEndpoint",
@@ -6937,27 +6977,36 @@
             }
           ],
           "metadata": {
-            "title": "Unisolate MDE Machine - Incident Triggered",
-            "description": "This playbook will release a machine from isolation in Microsoft Defender for Endpoint.",
-            "prerequisites": [
-              "- You will need to grant Machine.Isolate permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Machine.Isolate' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"
+            "title": "Restrict MDE URL - Entity Triggered",
+            "description": "This playbook will take the triggering entity and generate an alert and block threat indicator for the URL in MDE for 90 days.",
+            "prerequisites": "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions and assign Microsoft Sentinel Reader to the resource group for the managed identity. Run the following code replacing the managed identity object id, subscriptionId and resource group. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $SubscriptionId = '<Enter your subsciption id here>' \n\n $ResourceGroup = '<Enter your resource group here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $RoleName = 'Microsoft Sentinel Responder' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n New-AzRoleAssignment -ObjectId $MIGuid -RoleDefinitionName $RoleName -Scope /subscriptions/$SubscriptionId/resourcegroups/$ResourceGroup \n\n ```",
+            "postDeployment": [
+              "Assign Playbook Microsoft Sentinel Responder Role",
+              "1. Select the Playbook (Logic App) resource",
+              "2. Click on Identity Blade",
+              "3. Choose System assigned tab",
+              "4. Click on Azure role assignments",
+              "5. Click on Add role assignments",
+              "6. Select Scope - Resource group",
+              "7. Select Subscription - where Playbook has been created",
+              "8. Select Resource group - where Playbook has been created",
+              "9. Select Role - Microsoft Sentinel Responder",
+              "10. Click Save (It takes 3-5 minutes to show the added role.)"
             ],
-            "lastUpdateTime": "2022-07-14T00:00:00Z",
+            "lastUpdateTime": "2023-02-26T00:00:00Z",
             "entities": [
-              "Host"
+              "dnsresolution"
             ],
             "tags": [
               "Remediation"
             ],
-            "releaseNotes": [
-              {
-                "version": "1.0.0",
-                "title": "Unisolate MDE Machine",
-                "notes": [
-                  "Initial version"
-                ]
-              }
-            ]
+            "releaseNotes": {
+              "version": "1.0",
+              "title": "[variables('blanks')]",
+              "notes": [
+                "Initial version"
+              ]
+            }
           }
         },
         "packageKind": "Solution",
@@ -6965,108 +7014,211 @@
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_playbookContentId22')]",
+        "contentId": "[variables('_playbookContentId20')]",
         "contentKind": "Playbook",
-        "displayName": "Unisolate-MDEMachine",
-        "contentProductId": "[variables('_playbookcontentProductId22')]",
-        "id": "[variables('_playbookcontentProductId22')]",
-        "version": "[variables('playbookVersion22')]"
+        "displayName": "Restrict-MDEUrl-entityTrigger",
+        "contentProductId": "[variables('_playbookcontentProductId20')]",
+        "id": "[variables('_playbookcontentProductId20')]",
+        "version": "[variables('playbookVersion20')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('analyticRuleTemplateSpecName1')]",
+      "name": "[variables('playbookTemplateSpecName21')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "AquaBlizzardAVHits_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "description": "Isolate-MDE-Machine-entityTrigger Playbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('analyticRuleVersion1')]",
-          "parameters": {},
-          "variables": {},
+          "contentVersion": "[variables('playbookVersion21')]",
+          "parameters": {
+            "PlaybookName": {
+              "defaultValue": "Isolate-MDE-Machine-entityTrigger",
+              "type": "string"
+            }
+          },
+          "variables": {
+            "MicrosoftSentinelConnectionName": "[[concat('MicrosoftSentinel-', parameters('PlaybookName'))]",
+            "WdatpConnectionName": "[[concat('Wdatp-', parameters('PlaybookName'))]",
+            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
+            "_connection-2": "[[variables('connection-2')]",
+            "connection-3": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Wdatp')]",
+            "_connection-3": "[[variables('connection-3')]",
+            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
+            "workspace-name": "[parameters('workspace')]",
+            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
+          },
           "resources": [
             {
-              "type": "Microsoft.SecurityInsights/AlertRuleTemplates",
-              "name": "[variables('analyticRulecontentId1')]",
-              "apiVersion": "2022-04-01-preview",
-              "kind": "Scheduled",
-              "location": "[parameters('workspace-location')]",
               "properties": {
-                "description": "Identifies a match in the Security Alert table for MDATP hits related to the Aqua Blizzard actor",
-                "displayName": "Aqua Blizzard AV hits - Feb 2022",
-                "enabled": false,
-                "query": "let iocs = externaldata(DateAdded:string,IoC:string,Type:string) [@\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample%20Data/Feeds/ActiniumIOC.csv\"] with (format=\"csv\", ignoreFirstRecord=True);\nlet AVHits = (iocs | where Type =~ \"AVDetection\"| project IoC);\nSecurityAlert\n| where ProviderName == 'MDATP'\n| extend ThreatName_ = tostring(parse_json(ExtendedProperties).ThreatName)\n| where ThreatName_ has_any (AVHits)\n| extend Directory = tostring(parse_json(Entities)[0].Directory), SHA256 = tostring(parse_json(tostring(parse_json(Entities)[0].FileHashes))[2].Value), FileName = tostring(parse_json(Entities)[0].Name), Hostname = tostring(parse_json(Entities)[6].FQDN)| extend AccountName = tostring(parse_json(tostring(parse_json(Entities)[6].LoggedOnUsers))[0].AccountName)\n| project TimeGenerated, AlertName, ThreatName_, ProviderName, AlertSeverity, Description, RemediationSteps, ExtendedProperties, Entities, FileName,SHA256, Directory, Hostname, AccountName\n| extend timestamp = TimeGenerated, HostCustomEntity = Hostname , AccountCustomEntity = AccountName,  FileHashCustomEntity = SHA256, FileHashType = \"SHA256\"\n",
-                "queryFrequency": "PT6H",
-                "queryPeriod": "PT6H",
-                "severity": "High",
-                "suppressionDuration": "PT1H",
-                "suppressionEnabled": false,
-                "triggerOperator": "GreaterThan",
-                "triggerThreshold": 0,
-                "status": "Available",
-                "requiredDataConnectors": [
-                  {
-                    "connectorId": "MicrosoftDefenderAdvancedThreatProtection",
-                    "dataTypes": [
-                      "SecurityAlert (MDATP)"
-                    ]
-                  }
-                ],
-                "tactics": [
-                  "Persistence"
-                ],
-                "techniques": [
-                  "T1137"
-                ],
-                "entityMappings": [
-                  {
-                    "fieldMappings": [
-                      {
-                        "identifier": "FullName",
-                        "columnName": "AccountCustomEntity"
-                      }
-                    ],
-                    "entityType": "Account"
+                "provisioningState": "Succeeded",
+                "state": "Enabled",
+                "definition": {
+                  "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
+                  "contentVersion": "1.0.0.0",
+                  "parameters": {
+                    "$connections": {
+                      "type": "Object"
+                    }
                   },
-                  {
-                    "fieldMappings": [
-                      {
-                        "identifier": "FullName",
-                        "columnName": "HostCustomEntity"
+                  "triggers": {
+                    "Microsoft_Sentinel_entity": {
+                      "type": "ApiConnectionWebhook",
+                      "inputs": {
+                        "body": {
+                          "callback_url": "@{listCallbackUrl()}"
+                        },
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['microsoftsentinel']['connectionId']"
+                          }
+                        },
+                        "path": "/entity/@{encodeURIComponent('Host')}"
                       }
-                    ],
-                    "entityType": "Host"
+                    }
                   },
-                  {
-                    "fieldMappings": [
-                      {
-                        "identifier": "Algorithm",
-                        "columnName": "FileHashType"
+                  "actions": {
+                    "Actions_-_Isolate_machine": {
+                      "type": "ApiConnection",
+                      "inputs": {
+                        "body": {
+                          "Comment": "Host is isolated from Microsoft Sentinel using playbook Isolate-MDE-machine-entityTrigger.",
+                          "IsolationType": "Full"
+                        },
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['wdatp']['connectionId']"
+                          }
+                        },
+                        "method": "post",
+                        "path": "/api/machines/@{encodeURIComponent(triggerBody()?['entity']?['properties']?['additionalData']?['MdatpDeviceId'])}/isolate"
+                      }
+                    },
+                    "Condition": {
+                      "actions": {
+                        "Add_comment_to_incident_(V3)_-_device_isolated": {
+                          "type": "ApiConnection",
+                          "inputs": {
+                            "body": {
+                              "incidentArmId": "@triggerBody()?['IncidentArmID']",
+                              "message": "<p>Host - @{triggerBody()?['Entity']?['properties']?['HostName']} - is succesfully isolated!</p>"
+                            },
+                            "host": {
+                              "connection": {
+                                "name": "@parameters('$connections')['microsoftsentinel']['connectionId']"
+                              }
+                            },
+                            "method": "post",
+                            "path": "/Incidents/Comment"
+                          }
+                        }
                       },
-                      {
-                        "identifier": "Value",
-                        "columnName": "FileHashCustomEntity"
+                      "runAfter": {
+                        "Actions_-_Isolate_machine": [
+                          "Succeeded"
+                        ]
+                      },
+                      "expression": {
+                        "and": [
+                          {
+                            "not": {
+                              "equals": [
+                                "@triggerBody()?['IncidentArmID']",
+                                "@null"
+                              ]
+                            }
+                          }
+                        ]
+                      },
+                      "type": "If"
+                    }
+                  }
+                },
+                "parameters": {
+                  "$connections": {
+                    "value": {
+                      "microsoftsentinel": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
+                        "connectionName": "[[variables('MicrosoftSentinelConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/azuresentinel')]",
+                        "connectionProperties": {
+                          "authentication": {
+                            "type": "ManagedServiceIdentity"
+                          }
+                        }
+                      },
+                      "wdatp": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('WdatpConnectionName'))]",
+                        "connectionName": "[[variables('WdatpConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Wdatp')]",
+                        "connectionProperties": {
+                          "authentication": {
+                            "type": "ManagedServiceIdentity"
+                          }
+                        }
                       }
-                    ],
-                    "entityType": "FileHash"
+                    }
                   }
-                ]
+                }
+              },
+              "name": "[[parameters('PlaybookName')]",
+              "type": "Microsoft.Logic/workflows",
+              "location": "[[variables('workspace-location-inline')]",
+              "tags": {
+                "hidden-SentinelTemplateName": "Isolate-MDE-Machine-entityTrigger",
+                "hidden-SentinelTemplateVersion": "1.0",
+                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
+              },
+              "identity": {
+                "type": "SystemAssigned"
+              },
+              "apiVersion": "2017-07-01",
+              "dependsOn": [
+                "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
+                "[[resourceId('Microsoft.Web/connections', variables('WdatpConnectionName'))]"
+              ]
+            },
+            {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('MicrosoftSentinelConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
+              "properties": {
+                "displayName": "[[variables('MicrosoftSentinelConnectionName')]",
+                "parameterValueType": "Alternative",
+                "api": {
+                  "id": "[[variables('_connection-2')]"
+                }
+              }
+            },
+            {
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('WdatpConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
+              "properties": {
+                "displayName": "[[variables('WdatpConnectionName')]",
+                "parameterValueType": "Alternative",
+                "api": {
+                  "id": "[[variables('_connection-3')]"
+                }
               }
             },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('AnalyticsRule-', last(split(variables('analyticRuleId1'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId21'),'/'))))]",
               "properties": {
-                "description": "MicrosoftDefenderForEndpoint Analytics Rule 1",
-                "parentId": "[variables('analyticRuleId1')]",
-                "contentId": "[variables('_analyticRulecontentId1')]",
-                "kind": "AnalyticsRule",
-                "version": "[variables('analyticRuleVersion1')]",
+                "parentId": "[variables('playbookId21')]",
+                "contentId": "[variables('_playbookContentId21')]",
+                "kind": "Playbook",
+                "version": "[variables('playbookVersion21')]",
                 "source": {
                   "kind": "Solution",
                   "name": "MicrosoftDefenderForEndpoint",
@@ -7084,155 +7236,245 @@
                 }
               }
             }
-          ]
+          ],
+          "metadata": {
+            "title": "Isolate MDE Machine using entity trigger",
+            "description": "This playbook will isolate Microsoft Defender for Endpoint (MDE) device using entity trigger.",
+            "postDeployment": [
+              "Assign Playbook Microsoft Sentinel Responder Role",
+              "1. Select the Playbook (Logic App) resource",
+              "2. Click on Identity Blade",
+              "3. Choose System assigned tab",
+              "4. Click on Azure role assignments",
+              "5. Click on Add role assignments",
+              "6. Select Scope - Resource group",
+              "7. Select Subscription - where Playbook has been created",
+              "8. Select Resource group - where Playbook has been created",
+              "9. Select Role - Microsoft Sentinel Responder",
+              "10. Click Save (It takes 3-5 minutes to show the added role.)"
+            ],
+            "lastUpdateTime": "2022-12-22T00:00:00Z",
+            "tags": [
+              "Host"
+            ],
+            "releaseNotes": {
+              "version": "1.0",
+              "title": "[variables('blanks')]",
+              "notes": [
+                "Initial version"
+              ]
+            }
+          }
         },
         "packageKind": "Solution",
         "packageVersion": "[variables('_solutionVersion')]",
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_analyticRulecontentId1')]",
-        "contentKind": "AnalyticsRule",
-        "displayName": "Aqua Blizzard AV hits - Feb 2022",
-        "contentProductId": "[variables('_analyticRulecontentProductId1')]",
-        "id": "[variables('_analyticRulecontentProductId1')]",
-        "version": "[variables('analyticRuleVersion1')]"
+        "contentId": "[variables('_playbookContentId21')]",
+        "contentKind": "Playbook",
+        "displayName": "Isolate-MDE-Machine-entityTrigger",
+        "contentProductId": "[variables('_playbookcontentProductId21')]",
+        "id": "[variables('_playbookcontentProductId21')]",
+        "version": "[variables('playbookVersion21')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryTemplateSpecName1')]",
+      "name": "[variables('playbookTemplateSpecName22')]",
       "location": "[parameters('workspace-location')]",
       "dependsOn": [
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "MDE_Usage_HuntingQueries Hunting Query with template version 3.0.1",
+        "description": "Unisolate-MDE-Machine-entityTrigger Playbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryVersion1')]",
-          "parameters": {},
-          "variables": {},
+          "contentVersion": "[variables('playbookVersion22')]",
+          "parameters": {
+            "PlaybookName": {
+              "defaultValue": "Unisolate-MDE-Machine-entityTrigger",
+              "type": "string"
+            }
+          },
+          "variables": {
+            "MicrosoftSentinelConnectionName": "[[concat('MicrosoftSentinel-', parameters('PlaybookName'))]",
+            "WdatpConnectionName": "[[concat('Wdatp-', parameters('PlaybookName'))]",
+            "connection-2": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
+            "_connection-2": "[[variables('connection-2')]",
+            "connection-3": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Wdatp')]",
+            "_connection-3": "[[variables('connection-3')]",
+            "workspace-location-inline": "[concat('[resourceGroup().locatio', 'n]')]",
+            "workspace-name": "[parameters('workspace')]",
+            "workspaceResourceId": "[[resourceId('microsoft.OperationalInsights/Workspaces', variables('workspace-name'))]"
+          },
           "resources": [
             {
-              "type": "Microsoft.OperationalInsights/savedSearches",
-              "apiVersion": "2022-10-01",
-              "name": "MicrosoftDefenderForEndpoint_Hunting_Query_1",
-              "location": "[parameters('workspace-location')]",
               "properties": {
-                "eTag": "*",
-                "displayName": "Probable AdFind Recon Tool Usage",
-                "category": "Hunting Queries",
-                "query": "let args = dynamic([\"objectcategory\",\"domainlist\",\"dcmodes\",\"adinfo\",\"trustdmp\",\"computers_pwdnotreqd\",\"Domain Admins\", \"objectcategory=person\", \"objectcategory=computer\", \"objectcategory=*\",\"dclist\"]);\nlet parentProcesses = dynamic([\"pwsh.exe\",\"powershell.exe\",\"cmd.exe\"]);\nDeviceProcessEvents\n//looks for execution from a shell\n| where InitiatingProcessFileName in (parentProcesses)\n// main filter\n| where FileName =~ \"AdFind.exe\" or SHA256 == \"c92c158d7c37fea795114fa6491fe5f145ad2f8c08776b18ae79db811e8e36a3\"\n   // AdFind common Flags to check for from various threat actor TTPs\n    or ProcessCommandLine has_any (args)\n| extend ProcessCustomEntity = InitiatingProcessFileName, CommandLineCustomEntity = ProcessCommandLine, AlgorithmCustomEntity = \"SHA256\", FileHashCustomEntity = SHA256,Name = tostring(split(AccountName, '@', 0)[0]), UPNSuffix = tostring(split(AccountName, '@', 1)[0]),HostName = tostring(split(DeviceName, '.', 0)[0]), DnsDomain = tostring(strcat_array(array_slice(split(DeviceName, '.'), 1, -1), '.'))\n | extend Account_0_Name = Name\n | extend Account_0_UPNSuffix = UPNSuffix\n | extend Host_0_HostName = HostName\n | extend Host_0_DnsDomain = DnsDomain\n",
-                "version": 2,
-                "tags": [
-                  {
-                    "name": "description",
-                    "value": "Identifies the host and account that executed AdFind by hash and filename in addition to common and unique flags that are used by many threat actors in discovery."
+                "provisioningState": "Succeeded",
+                "state": "Enabled",
+                "definition": {
+                  "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
+                  "contentVersion": "1.0.0.0",
+                  "parameters": {
+                    "$connections": {
+                      "type": "Object"
+                    }
                   },
-                  {
-                    "name": "tactics",
-                    "value": "Discovery"
+                  "triggers": {
+                    "Microsoft_Sentinel_entity": {
+                      "type": "ApiConnectionWebhook",
+                      "inputs": {
+                        "body": {
+                          "callback_url": "@{listCallbackUrl()}"
+                        },
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['microsoftsentinel']['connectionId']"
+                          }
+                        },
+                        "path": "/entity/@{encodeURIComponent('Host')}"
+                      }
+                    }
                   },
-                  {
-                    "name": "techniques",
-                    "value": "T1018"
+                  "actions": {
+                    "Actions_-_Unisolate_machine": {
+                      "type": "ApiConnection",
+                      "inputs": {
+                        "body": {
+                          "Comment": "Host is unisolated from Microsoft Sentinel using playbook Unisolate-MDE-machine-entityTrigger."
+                        },
+                        "host": {
+                          "connection": {
+                            "name": "@parameters('$connections')['wdatp']['connectionId']"
+                          }
+                        },
+                        "method": "post",
+                        "path": "/api/machines/@{encodeURIComponent(triggerBody()?['entity']?['properties']?['additionalData']?['MdatpDeviceId'])}/unisolate"
+                      }
+                    },
+                    "Condition": {
+                      "actions": {
+                        "Add_comment_to_incident_(V3)_-_device_unisolated": {
+                          "type": "ApiConnection",
+                          "inputs": {
+                            "body": {
+                              "incidentArmId": "@triggerBody()?['IncidentArmID']",
+                              "message": "<p>Host - @{triggerBody()?['Entity']?['properties']?['HostName']} - is succesfully unisolated!</p>"
+                            },
+                            "host": {
+                              "connection": {
+                                "name": "@parameters('$connections')['microsoftsentinel']['connectionId']"
+                              }
+                            },
+                            "method": "post",
+                            "path": "/Incidents/Comment"
+                          }
+                        }
+                      },
+                      "runAfter": {
+                        "Actions_-_Unisolate_machine": [
+                          "Succeeded"
+                        ]
+                      },
+                      "expression": {
+                        "and": [
+                          {
+                            "not": {
+                              "equals": [
+                                "@triggerBody()?['IncidentArmID']",
+                                "@null"
+                              ]
+                            }
+                          }
+                        ]
+                      },
+                      "type": "If"
+                    }
                   }
-                ]
-              }
+                },
+                "parameters": {
+                  "$connections": {
+                    "value": {
+                      "microsoftsentinel": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
+                        "connectionName": "[[variables('MicrosoftSentinelConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Azuresentinel')]",
+                        "connectionProperties": {
+                          "authentication": {
+                            "type": "ManagedServiceIdentity"
+                          }
+                        }
+                      },
+                      "wdatp": {
+                        "connectionId": "[[resourceId('Microsoft.Web/connections', variables('WdatpConnectionName'))]",
+                        "connectionName": "[[variables('WdatpConnectionName')]",
+                        "id": "[[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', variables('workspace-location-inline'), '/managedApis/Wdatp')]",
+                        "connectionProperties": {
+                          "authentication": {
+                            "type": "ManagedServiceIdentity"
+                          }
+                        }
+                      }
+                    }
+                  }
+                }
+              },
+              "name": "[[parameters('PlaybookName')]",
+              "type": "Microsoft.Logic/workflows",
+              "location": "[[variables('workspace-location-inline')]",
+              "tags": {
+                "hidden-SentinelTemplateName": "Unisolate-MDE-Machine-entityTrigger",
+                "hidden-SentinelTemplateVersion": "1.0",
+                "hidden-SentinelWorkspaceId": "[[variables('workspaceResourceId')]"
+              },
+              "identity": {
+                "type": "SystemAssigned"
+              },
+              "apiVersion": "2017-07-01",
+              "dependsOn": [
+                "[[resourceId('Microsoft.Web/connections', variables('MicrosoftSentinelConnectionName'))]",
+                "[[resourceId('Microsoft.Web/connections', variables('WdatpConnectionName'))]"
+              ]
             },
             {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId1'),'/'))))]",
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('MicrosoftSentinelConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
               "properties": {
-                "description": "MicrosoftDefenderForEndpoint Hunting Query 1",
-                "parentId": "[variables('huntingQueryId1')]",
-                "contentId": "[variables('_huntingQuerycontentId1')]",
-                "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryVersion1')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "MicrosoftDefenderForEndpoint",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "Microsoft Corporation",
-                  "email": "support@microsoft.com",
-                  "tier": "Microsoft",
-                  "link": "https://support.microsoft.com"
+                "displayName": "[[variables('MicrosoftSentinelConnectionName')]",
+                "parameterValueType": "Alternative",
+                "api": {
+                  "id": "[[variables('_connection-2')]"
                 }
               }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_huntingQuerycontentId1')]",
-        "contentKind": "HuntingQuery",
-        "displayName": "Probable AdFind Recon Tool Usage",
-        "contentProductId": "[variables('_huntingQuerycontentProductId1')]",
-        "id": "[variables('_huntingQuerycontentProductId1')]",
-        "version": "[variables('huntingQueryVersion1')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('huntingQueryTemplateSpecName2')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "MDE_Process-IOCs_HuntingQueries Hunting Query with template version 3.0.1",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('huntingQueryVersion2')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
+            },
             {
-              "type": "Microsoft.OperationalInsights/savedSearches",
-              "apiVersion": "2022-10-01",
-              "name": "MicrosoftDefenderForEndpoint_Hunting_Query_2",
-              "location": "[parameters('workspace-location')]",
+              "type": "Microsoft.Web/connections",
+              "apiVersion": "2016-06-01",
+              "name": "[[variables('WdatpConnectionName')]",
+              "location": "[[variables('workspace-location-inline')]",
+              "kind": "V1",
               "properties": {
-                "eTag": "*",
-                "displayName": "SUNBURST suspicious SolarWinds child processes",
-                "category": "Hunting Queries",
-                "query": "let excludeProcs = dynamic([@\"\\SolarWinds\\Orion\\APM\\APMServiceControl.exe\", @\"\\SolarWinds\\Orion\\ExportToPDFCmd.Exe\", @\"\\SolarWinds.Credentials\\SolarWinds.Credentials.Orion.WebApi.exe\", @\"\\SolarWinds\\Orion\\Topology\\SolarWinds.Orion.Topology.Calculator.exe\", @\"\\SolarWinds\\Orion\\Database-Maint.exe\", @\"\\SolarWinds.Orion.ApiPoller.Service\\SolarWinds.Orion.ApiPoller.Service.exe\", @\"\\Windows\\SysWOW64\\WerFault.exe\"]);\nDeviceProcessEvents\n| where InitiatingProcessFileName =~ \"solarwinds.businesslayerhost.exe\"\n| where not(FolderPath has_any (excludeProcs))\n| extend\n    timestamp = TimeGenerated,\n    AccountCustomEntity = iff(isnotempty(InitiatingProcessAccountUpn), InitiatingProcessAccountUpn, InitiatingProcessAccountName),\n    HostName = tostring(split(DeviceName, '.', 0)[0]), DnsDomain = tostring(strcat_array(array_slice(split(DeviceName, '.'), 1, -1), '.')),\n    FileHashCustomEntity = MD5\n|extend Name = tostring(split(AccountCustomEntity, '@', 0)[0]), UPNSuffix = tostring(split(AccountCustomEntity, '@', 1)[0])    \n| extend Account_0_Name = Name\n| extend Account_0_UPNSuffix = UPNSuffix\n| extend Host_0_HostName = HostName\n| extend Host_0_DnsDomain = DnsDomain \n",
-                "version": 2,
-                "tags": [
-                  {
-                    "name": "description",
-                    "value": "Identifies suspicious child processes of SolarWinds.Orion.Core.BusinessLayer.dll that may be evidence of the SUNBURST backdoor"
-                  },
-                  {
-                    "name": "tactics",
-                    "value": "Execution,Persistence"
-                  }
-                ]
+                "displayName": "[[variables('WdatpConnectionName')]",
+                "parameterValueType": "Alternative",
+                "api": {
+                  "id": "[[variables('_connection-3')]"
+                }
               }
             },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
               "apiVersion": "2022-01-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('HuntingQuery-', last(split(variables('huntingQueryId2'),'/'))))]",
+              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('Playbook-', last(split(variables('playbookId22'),'/'))))]",
               "properties": {
-                "description": "MicrosoftDefenderForEndpoint Hunting Query 2",
-                "parentId": "[variables('huntingQueryId2')]",
-                "contentId": "[variables('_huntingQuerycontentId2')]",
-                "kind": "HuntingQuery",
-                "version": "[variables('huntingQueryVersion2')]",
+                "parentId": "[variables('playbookId22')]",
+                "contentId": "[variables('_playbookContentId22')]",
+                "kind": "Playbook",
+                "version": "[variables('playbookVersion22')]",
                 "source": {
                   "kind": "Solution",
                   "name": "MicrosoftDefenderForEndpoint",
@@ -7250,19 +7492,47 @@
                 }
               }
             }
-          ]
+          ],
+          "metadata": {
+            "title": "Unisolate MDE Machine using entity trigger",
+            "description": "This playbook will unisolate Microsoft Defender for Endpoint (MDE) device using entity trigger.",
+            "postDeployment": [
+              "Assign Playbook Microsoft Sentinel Responder Role",
+              "1. Select the Playbook (Logic App) resource",
+              "2. Click on Identity Blade",
+              "3. Choose System assigned tab",
+              "4. Click on Azure role assignments",
+              "5. Click on Add role assignments",
+              "6. Select Scope - Resource group",
+              "7. Select Subscription - where Playbook has been created",
+              "8. Select Resource group - where Playbook has been created",
+              "9. Select Role - Microsoft Sentinel Responder",
+              "10. Click Save (It takes 3-5 minutes to show the added role.)"
+            ],
+            "lastUpdateTime": "2022-12-22T00:00:00Z",
+            "entities": [
+              "Host"
+            ],
+            "releaseNotes": {
+              "version": "1.0",
+              "title": "[variables('blanks')]",
+              "notes": [
+                "Initial version"
+              ]
+            }
+          }
         },
         "packageKind": "Solution",
         "packageVersion": "[variables('_solutionVersion')]",
         "packageName": "[variables('_solutionName')]",
         "packageId": "[variables('_solutionId')]",
         "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_huntingQuerycontentId2')]",
-        "contentKind": "HuntingQuery",
-        "displayName": "SUNBURST suspicious SolarWinds child processes",
-        "contentProductId": "[variables('_huntingQuerycontentProductId2')]",
-        "id": "[variables('_huntingQuerycontentProductId2')]",
-        "version": "[variables('huntingQueryVersion2')]"
+        "contentId": "[variables('_playbookContentId22')]",
+        "contentKind": "Playbook",
+        "displayName": "Unisolate-MDE-Machine-entityTrigger",
+        "contentProductId": "[variables('_playbookcontentProductId22')]",
+        "id": "[variables('_playbookcontentProductId22')]",
+        "version": "[variables('playbookVersion22')]"
       }
     },
     {
@@ -7275,7 +7545,7 @@
         "contentSchemaVersion": "3.0.0",
         "displayName": "MicrosoftDefenderForEndpoint",
         "publisherDisplayName": "Microsoft Sentinel, Microsoft Corporation",
-        "descriptionHtml": "<p><strong>Note:</strong> <em>There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</em></p>\n<p>The <a href=\"https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide\">Microsoft Defender for Endpoint</a> solution for Microsoft Sentinel enables you to ingest security alerts from the Defender for Endpoint platform, integrating them into your Microsoft Sentinel Incidents queue.</p>\n<p><strong>Underlying Microsoft Technologies used:</strong></p>\n<p>This solution takes a dependency on the following technologies, and some of these dependencies either may be in <a href=\"https://azure.microsoft.com/support/legal/preview-supplemental-terms/\">Preview</a> state or might result in additional ingestion or operational costs:</p>\n<ol type=\"a\">\n<li><a href=\"https://docs.microsoft.com/azure/sentinel/create-codeless-connector?tabs=deploy-via-arm-template%2Cconnect-via-the-azure-portal\">Codeless Connector Platform/Native Sentinel Polling</a></li>\n</ol>\n<p><strong>Data Connectors:</strong> 1, <strong>Parsers:</strong> 2, <strong>Analytic Rules:</strong> 1, <strong>Hunting Queries:</strong> 2, <strong>Playbooks:</strong> 22</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "descriptionHtml": "<p><strong>Note:</strong> <em>There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</em></p>\n<p>The <a href=\"https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide\">Microsoft Defender for Endpoint</a> solution for Microsoft Sentinel enables you to ingest security alerts from the Defender for Endpoint platform, integrating them into your Sentinel Incidents queue.</p>\n<p><strong>Underlying Microsoft Technologies used:</strong></p>\n<p>This solution takes a dependency on the following technologies, and some of these dependencies either may be in <a href=\"https://azure.microsoft.com/support/legal/preview-supplemental-terms/\">Preview</a> state or might result in additional ingestion or operational costs:</p>\n<ol type=\"a\">\n<li><a href=\"https://docs.microsoft.com/azure/sentinel/create-codeless-connector?tabs=deploy-via-arm-template%2Cconnect-via-the-azure-portal\">Codeless Connector Platform/Native Sentinel Polling</a></li>\n</ol>\n<p><strong>Data Connectors:</strong> 1, <strong>Parsers:</strong> 2, <strong>Analytic Rules:</strong> 1, <strong>Hunting Queries:</strong> 2, <strong>Playbooks:</strong> 22</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
         "contentKind": "Solution",
         "contentProductId": "[variables('_solutioncontentProductId')]",
         "id": "[variables('_solutioncontentProductId')]",
@@ -7305,6 +7575,11 @@
               "contentId": "[variables('_dataConnectorContentId1')]",
               "version": "[variables('dataConnectorVersion1')]"
             },
+            {
+              "kind": "AnalyticsRule",
+              "contentId": "[variables('analyticRulecontentId1')]",
+              "version": "[variables('analyticRuleVersion1')]"
+            },
             {
               "kind": "Parser",
               "contentId": "[variables('_parserContentId1')]",
@@ -7315,130 +7590,125 @@
               "contentId": "[variables('_parserContentId2')]",
               "version": "[variables('parserVersion2')]"
             },
+            {
+              "kind": "HuntingQuery",
+              "contentId": "[variables('_huntingQuerycontentId1')]",
+              "version": "[variables('huntingQueryVersion1')]"
+            },
+            {
+              "kind": "HuntingQuery",
+              "contentId": "[variables('_huntingQuerycontentId2')]",
+              "version": "[variables('huntingQueryVersion2')]"
+            },
             {
               "kind": "Playbook",
-              "contentId": "[variables('_Isolate-MDE-Machine-entity-trigger')]",
+              "contentId": "[variables('_Isolate-MDEMachine-alert-trigger')]",
               "version": "[variables('playbookVersion1')]"
             },
             {
               "kind": "Playbook",
-              "contentId": "[variables('_Isolate-MDEMachine-alert-trigger')]",
+              "contentId": "[variables('_Isolate-MDEMachine-incident-trigger')]",
               "version": "[variables('playbookVersion2')]"
             },
             {
               "kind": "Playbook",
-              "contentId": "[variables('_Isolate-MDEMachine-incident-trigger')]",
+              "contentId": "[variables('_Restrict-MDEAppExecution-alert-trigger')]",
               "version": "[variables('playbookVersion3')]"
             },
             {
               "kind": "Playbook",
-              "contentId": "[variables('_Restrict-MDEAppExecution-alert-trigger')]",
+              "contentId": "[variables('_Restrict-MDEAppExecution-incident-trigger')]",
               "version": "[variables('playbookVersion4')]"
             },
             {
               "kind": "Playbook",
-              "contentId": "[variables('_Restrict-MDEAppExecution-incident-trigger')]",
+              "contentId": "[variables('_Restrict-MDEDomain-alert-trigger')]",
               "version": "[variables('playbookVersion5')]"
             },
             {
               "kind": "Playbook",
-              "contentId": "[variables('_Restrict-MDEDomain-alert-trigger')]",
+              "contentId": "[variables('_Restrict-MDEDomain-incident-trigger')]",
               "version": "[variables('playbookVersion6')]"
             },
             {
               "kind": "Playbook",
-              "contentId": "[variables('_Restrict-MDEDomain-entity-trigger')]",
+              "contentId": "[variables('_Restrict-MDEFileHash-alert-trigger')]",
               "version": "[variables('playbookVersion7')]"
             },
             {
               "kind": "Playbook",
-              "contentId": "[variables('_Restrict-MDEDomain-incident-trigger')]",
+              "contentId": "[variables('_Restrict-MDEFileHash-incident-trigger')]",
               "version": "[variables('playbookVersion8')]"
             },
             {
               "kind": "Playbook",
-              "contentId": "[variables('_Restrict-MDEFileHash-alert-trigger')]",
+              "contentId": "[variables('_Restrict-MDEIPAddress-alert-trigger')]",
               "version": "[variables('playbookVersion9')]"
             },
             {
               "kind": "Playbook",
-              "contentId": "[variables('_Restrict-MDEFileHash-entity-trigger')]",
+              "contentId": "[variables('_Restrict-MDEIPAddress-incident-trigger')]",
               "version": "[variables('playbookVersion10')]"
             },
             {
               "kind": "Playbook",
-              "contentId": "[variables('_Restrict-MDEFileHash-incident-trigger')]",
+              "contentId": "[variables('_Restrict-MDEUrl-alert-trigger')]",
               "version": "[variables('playbookVersion11')]"
             },
             {
               "kind": "Playbook",
-              "contentId": "[variables('_Restrict-MDEIPAddress-alert-trigger')]",
+              "contentId": "[variables('_Restrict-MDEUrl-incident-trigger')]",
               "version": "[variables('playbookVersion12')]"
             },
             {
               "kind": "Playbook",
-              "contentId": "[variables('_Restrict-MDEIPAddress-entity-trigger')]",
+              "contentId": "[variables('_Run-MDEAntivirus-alert-trigger')]",
               "version": "[variables('playbookVersion13')]"
             },
             {
               "kind": "Playbook",
-              "contentId": "[variables('_Restrict-MDEIPAddress-incident-trigger')]",
+              "contentId": "[variables('_Run-MDEAntivirus-incident-trigger')]",
               "version": "[variables('playbookVersion14')]"
             },
             {
               "kind": "Playbook",
-              "contentId": "[variables('_Restrict-MDEUrl-alert-trigger')]",
+              "contentId": "[variables('_Unisolate-MDEMachine-alert-trigger')]",
               "version": "[variables('playbookVersion15')]"
             },
             {
               "kind": "Playbook",
-              "contentId": "[variables('_Restrict-MDEUrl-entity-trigger')]",
+              "contentId": "[variables('_Unisolate-MDEMachine-incident-trigger')]",
               "version": "[variables('playbookVersion16')]"
             },
             {
               "kind": "Playbook",
-              "contentId": "[variables('_Restrict-MDEUrl-incident-trigger')]",
+              "contentId": "[variables('_Restrict-MDEDomain-entity-trigger')]",
               "version": "[variables('playbookVersion17')]"
             },
             {
               "kind": "Playbook",
-              "contentId": "[variables('_Run-MDEAntivirus-alert-trigger')]",
+              "contentId": "[variables('_Restrict-MDEFileHash-entity-trigger')]",
               "version": "[variables('playbookVersion18')]"
             },
             {
               "kind": "Playbook",
-              "contentId": "[variables('_Run-MDEAntivirus-incident-trigger')]",
+              "contentId": "[variables('_Restrict-MDEIPAddress-entity-trigger')]",
               "version": "[variables('playbookVersion19')]"
             },
             {
               "kind": "Playbook",
-              "contentId": "[variables('_Unisolate-MDE-Machine-entity-trigger')]",
+              "contentId": "[variables('_Restrict-MDEUrl-entity-trigger')]",
               "version": "[variables('playbookVersion20')]"
             },
             {
               "kind": "Playbook",
-              "contentId": "[variables('_Unisolate-MDEMachine-alert-trigger')]",
+              "contentId": "[variables('_Isolate-MDE-Machine-entity-trigger')]",
               "version": "[variables('playbookVersion21')]"
             },
             {
               "kind": "Playbook",
-              "contentId": "[variables('_Unisolate-MDEMachine-incident-trigger')]",
+              "contentId": "[variables('_Unisolate-MDE-Machine-entity-trigger')]",
               "version": "[variables('playbookVersion22')]"
-            },
-            {
-              "kind": "AnalyticsRule",
-              "contentId": "[variables('analyticRulecontentId1')]",
-              "version": "[variables('analyticRuleVersion1')]"
-            },
-            {
-              "kind": "HuntingQuery",
-              "contentId": "[variables('_huntingQuerycontentId1')]",
-              "version": "[variables('huntingQueryVersion1')]"
-            },
-            {
-              "kind": "HuntingQuery",
-              "contentId": "[variables('_huntingQuerycontentId2')]",
-              "version": "[variables('huntingQueryVersion2')]"
             }
           ]
         },
diff --git a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Isolate-MDEMachine/Isolate-MDE-Machine-entity-trigger/azuredeploy.json b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Isolate-MDEMachine/Isolate-MDE-Machine-entity-trigger/azuredeploy.json
index a4faf8f7244..064dae726b9 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Isolate-MDEMachine/Isolate-MDE-Machine-entity-trigger/azuredeploy.json
+++ b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Isolate-MDEMachine/Isolate-MDE-Machine-entity-trigger/azuredeploy.json
@@ -5,7 +5,17 @@
         "title": "Isolate MDE Machine using entity trigger",
         "description": "This playbook will isolate Microsoft Defender for Endpoint (MDE) device using entity trigger.",
         "prerequisites": "",
-    "postDeployment": ["1. Add Microsoft Sentinel Responder role to the managed identity.", "2. Assign Machine.Isolate API permissions to the managed identity."],
+		"postDeployment": ["Assign Playbook Microsoft Sentinel Responder Role",
+		"1. Select the Playbook (Logic App) resource",
+		"2. Click on Identity Blade",
+		"3. Choose System assigned tab",
+		"4. Click on Azure role assignments",
+		"5. Click on Add role assignments",
+		"6. Select Scope - Resource group",
+		"7. Select Subscription - where Playbook has been created",
+		"8. Select Resource group - where Playbook has been created",
+		"9. Select Role - Microsoft Sentinel Responder",
+		"10. Click Save (It takes 3-5 minutes to show the added role.)"],
     "prerequisitesDeployTemplateFile": "",
     "lastUpdateTime": "2022-12-22T00:00:00.000Z",
 "entities": [],
diff --git a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Isolate-MDEMachine/Isolate-MDEMachine-alert-trigger/azuredeploy.json b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Isolate-MDEMachine/Isolate-MDEMachine-alert-trigger/azuredeploy.json
index 27f6c368e44..de082d94715 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Isolate-MDEMachine/Isolate-MDEMachine-alert-trigger/azuredeploy.json
+++ b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Isolate-MDEMachine/Isolate-MDEMachine-alert-trigger/azuredeploy.json
@@ -5,7 +5,18 @@
         "title": "Isolate MDE Machine - Alert Triggered",
         "description": "This playbook will isolate (full) the machine in Microsoft Defender for Endpoint.",
         "prerequisites": ["- You will need to grant Machine.Isolate permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Machine.Isolate' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"],
-        "lastUpdateTime": "2022-07-14T00:00:00.000Z",
+		"postDeployment": ["Assign Playbook Microsoft Sentinel Responder Role",
+		"1. Select the Playbook (Logic App) resource",
+		"2. Click on Identity Blade",
+		"3. Choose System assigned tab",
+		"4. Click on Azure role assignments",
+		"5. Click on Add role assignments",
+		"6. Select Scope - Resource group",
+		"7. Select Subscription - where Playbook has been created",
+		"8. Select Resource group - where Playbook has been created",
+		"9. Select Role - Microsoft Sentinel Responder",
+		"10. Click Save (It takes 3-5 minutes to show the added role.)"],
+        "lastUpdateTime": "2022-07-14T00:00:00.000Z", 
         "entities": [ "Host" ],
         "tags": [ "Remediation" ],
         "support": {
diff --git a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Isolate-MDEMachine/Isolate-MDEMachine-incident-trigger/azuredeploy.json b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Isolate-MDEMachine/Isolate-MDEMachine-incident-trigger/azuredeploy.json
index a4dd6019bbc..0081e4447bc 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Isolate-MDEMachine/Isolate-MDEMachine-incident-trigger/azuredeploy.json
+++ b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Isolate-MDEMachine/Isolate-MDEMachine-incident-trigger/azuredeploy.json
@@ -5,6 +5,17 @@
         "title": "Isolate endpoint - MDE - Incident Triggered",
         "description": "This playbook will isolate (full) the machine in Microsoft Defender for Endpoint.",
         "prerequisites": ["- You will need to grant Machine.Isolate permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Machine.Isolate' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"],
+		"postDeployment": ["Assign Playbook Microsoft Sentinel Responder Role",
+		"1. Select the Playbook (Logic App) resource",
+		"2. Click on Identity Blade",
+		"3. Choose System assigned tab",
+		"4. Click on Azure role assignments",
+		"5. Click on Add role assignments",
+		"6. Select Scope - Resource group",
+		"7. Select Subscription - where Playbook has been created",
+		"8. Select Resource group - where Playbook has been created",
+		"9. Select Role - Microsoft Sentinel Responder",
+		"10. Click Save (It takes 3-5 minutes to show the added role.)"],
         "lastUpdateTime": "2022-07-14T00:00:00.000Z",
         "entities": [ "Host" ],
         "tags": [ "Remediation" ],
diff --git a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEAppExecution/Restrict-MDEAppExecution-alert-trigger/azuredeploy.json b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEAppExecution/Restrict-MDEAppExecution-alert-trigger/azuredeploy.json
index ce812cd16e4..84951d6e468 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEAppExecution/Restrict-MDEAppExecution-alert-trigger/azuredeploy.json
+++ b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEAppExecution/Restrict-MDEAppExecution-alert-trigger/azuredeploy.json
@@ -5,6 +5,17 @@
         "title": "Restrict MDE App Execution - Alert Triggered",
         "description": "This playbook will restrict app execution on the machine in Microsoft Defender for Endpoint.",
         "prerequisites": ["- You will need to grant Machine.RestrictExecution permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Machine.RestrictExecution' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"],
+		"postDeployment": ["Assign Playbook Microsoft Sentinel Responder Role",
+		"1. Select the Playbook (Logic App) resource",
+		"2. Click on Identity Blade",
+		"3. Choose System assigned tab",
+		"4. Click on Azure role assignments",
+		"5. Click on Add role assignments",
+		"6. Select Scope - Resource group",
+		"7. Select Subscription - where Playbook has been created",
+		"8. Select Resource group - where Playbook has been created",
+		"9. Select Role - Microsoft Sentinel Responder",
+		"10. Click Save (It takes 3-5 minutes to show the added role.)"],
         "lastUpdateTime": "2022-07-14T00:00:00.000Z",
         "entities": [ "Host" ],
         "tags": [ "Remediation" ],
diff --git a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEAppExecution/Restrict-MDEAppExecution-incident-trigger/azuredeploy.json b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEAppExecution/Restrict-MDEAppExecution-incident-trigger/azuredeploy.json
index 38a52c0723a..8b652222948 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEAppExecution/Restrict-MDEAppExecution-incident-trigger/azuredeploy.json
+++ b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEAppExecution/Restrict-MDEAppExecution-incident-trigger/azuredeploy.json
@@ -5,6 +5,17 @@
         "title": "Restrict MDE App Execution - Incident Triggered",
         "description": "This playbook will restrict app execution on the machine in Microsoft Defender for Endpoint.",
         "prerequisites": ["- You will need to grant Machine.RestrictExecution permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Machine.RestrictExecution' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"],
+		"postDeployment": ["Assign Playbook Microsoft Sentinel Responder Role",
+		"1. Select the Playbook (Logic App) resource",
+		"2. Click on Identity Blade",
+		"3. Choose System assigned tab",
+		"4. Click on Azure role assignments",
+		"5. Click on Add role assignments",
+		"6. Select Scope - Resource group",
+		"7. Select Subscription - where Playbook has been created",
+		"8. Select Resource group - where Playbook has been created",
+		"9. Select Role - Microsoft Sentinel Responder",
+		"10. Click Save (It takes 3-5 minutes to show the added role.)"],
         "lastUpdateTime": "2022-07-14T00:00:00.000Z",
         "entities": [ "Host" ],
         "tags": [ "Remediation" ],
diff --git a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEDomain/Restrict-MDEDomain-alert-trigger/azuredeploy.json b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEDomain/Restrict-MDEDomain-alert-trigger/azuredeploy.json
index 50697ca00f6..5247c554a02 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEDomain/Restrict-MDEDomain-alert-trigger/azuredeploy.json
+++ b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEDomain/Restrict-MDEDomain-alert-trigger/azuredeploy.json
@@ -5,6 +5,17 @@
         "title": "Restrict MDE Domain - Alert Triggered",
         "description": "This play book will take DNS entities and generate alert and block threat indicators for each domain in Microsoft Defender for Endpoint for 90 days.",
         "prerequisites": ["- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to assign Microsoft Sentinel Responder role to the managed identity \n\n - You will need to grant Ti.ReadWrite permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"],
+		"postDeployment": ["Assign Playbook Microsoft Sentinel Responder Role",
+		"1. Select the Playbook (Logic App) resource",
+		"2. Click on Identity Blade",
+		"3. Choose System assigned tab",
+		"4. Click on Azure role assignments",
+		"5. Click on Add role assignments",
+		"6. Select Scope - Resource group",
+		"7. Select Subscription - where Playbook has been created",
+		"8. Select Resource group - where Playbook has been created",
+		"9. Select Role - Microsoft Sentinel Responder",
+		"10. Click Save (It takes 3-5 minutes to show the added role.)"],
         "lastUpdateTime": "2022-07-14T00:00:00.000Z",
         "entities": [ "dnsresolution" ],
         "tags": [ "Remediation" ],
diff --git a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEDomain/Restrict-MDEDomain-entity-trigger/azuredeploy.json b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEDomain/Restrict-MDEDomain-entity-trigger/azuredeploy.json
index 757f3b3ef7c..da6385c9515 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEDomain/Restrict-MDEDomain-entity-trigger/azuredeploy.json
+++ b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEDomain/Restrict-MDEDomain-entity-trigger/azuredeploy.json
@@ -5,10 +5,17 @@
         "title": "Restrict MDE Domain - Entity Triggered",
         "description": "This playbook will take the triggering entity and generate an alert and block threat indicator for the domain in MDE for 90 days.",
         "prerequisites": "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions and assign Microsoft Sentinel Reader to the resource group for the managed identity. Run the following code replacing the managed identity object id, subscriptionId and resource group. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $SubscriptionId = '<Enter your subsciption id here>' \n\n $ResourceGroup = '<Enter your resource group here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $RoleName = 'Microsoft Sentinel Responder' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n New-AzRoleAssignment -ObjectId $MIGuid -RoleDefinitionName $RoleName -Scope /subscriptions/$SubscriptionId/resourcegroups/$ResourceGroup \n\n ```",
-        "postDeployment": [
-            "1. Add Microsoft Sentinel Responder role to the managed identity.",
-            "2. Assign Ti.ReadWrite API permissions to the managed identity."
-        ],
+        "postDeployment": ["Assign Playbook Microsoft Sentinel Responder Role",
+		"1. Select the Playbook (Logic App) resource",
+		"2. Click on Identity Blade",
+		"3. Choose System assigned tab",
+		"4. Click on Azure role assignments",
+		"5. Click on Add role assignments",
+		"6. Select Scope - Resource group",
+		"7. Select Subscription - where Playbook has been created",
+		"8. Select Resource group - where Playbook has been created",
+		"9. Select Role - Microsoft Sentinel Responder",
+		"10. Click Save (It takes 3-5 minutes to show the added role.)"],
         "prerequisitesDeployTemplateFile": "",
         "lastUpdateTime": "2023-02-26T00:00:00Z",
         "entities": [
diff --git a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEDomain/Restrict-MDEDomain-incident-trigger/azuredeploy.json b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEDomain/Restrict-MDEDomain-incident-trigger/azuredeploy.json
index 3234304b09f..018871709ab 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEDomain/Restrict-MDEDomain-incident-trigger/azuredeploy.json
+++ b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEDomain/Restrict-MDEDomain-incident-trigger/azuredeploy.json
@@ -5,6 +5,17 @@
         "title": "Restrict MDE Domain - Incident Triggered",
         "description": "This play book will take DNS entities and generate alert and block threat indicators for each domain in Microsoft Defender for Endpoint for 90 days.",
         "prerequisites": ["- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to assign Microsoft Sentinel Responder role to the managed identity \n\n - You will need to grant Ti.ReadWrite permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"],
+		"postDeployment": ["Assign Playbook Microsoft Sentinel Responder Role",
+		"1. Select the Playbook (Logic App) resource",
+		"2. Click on Identity Blade",
+		"3. Choose System assigned tab",
+		"4. Click on Azure role assignments",
+		"5. Click on Add role assignments",
+		"6. Select Scope - Resource group",
+		"7. Select Subscription - where Playbook has been created",
+		"8. Select Resource group - where Playbook has been created",
+		"9. Select Role - Microsoft Sentinel Responder",
+		"10. Click Save (It takes 3-5 minutes to show the added role.)"],
         "lastUpdateTime": "2022-07-14T00:00:00.000Z",
         "entities": [ "dnsresolution" ],
         "tags": [ "Remediation" ],
diff --git a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEFileHash/Restrict-MDEFileHash-alert-trigger/azuredeploy.json b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEFileHash/Restrict-MDEFileHash-alert-trigger/azuredeploy.json
index 10a14f8791a..db6e6406cb4 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEFileHash/Restrict-MDEFileHash-alert-trigger/azuredeploy.json
+++ b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEFileHash/Restrict-MDEFileHash-alert-trigger/azuredeploy.json
@@ -5,6 +5,17 @@
         "title": "Restrict MDE FileHash - Alert Triggered",
         "description": "This playbook will take FileHash entities and generate alert and block threat indicators for each file hash in MDE for 90 days.",
         "prerequisites": ["- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"],
+		"postDeployment": ["Assign Playbook Microsoft Sentinel Responder Role",
+		"1. Select the Playbook (Logic App) resource",
+		"2. Click on Identity Blade",
+		"3. Choose System assigned tab",
+		"4. Click on Azure role assignments",
+		"5. Click on Add role assignments",
+		"6. Select Scope - Resource group",
+		"7. Select Subscription - where Playbook has been created",
+		"8. Select Resource group - where Playbook has been created",
+		"9. Select Role - Microsoft Sentinel Responder",
+		"10. Click Save (It takes 3-5 minutes to show the added role.)"],
         "lastUpdateTime": "2022-07-14T00:00:00.000Z",
         "entities": [ "FileHash" ],
         "tags": [ "Remediation" ],
diff --git a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEFileHash/Restrict-MDEFileHash-entity-trigger/azuredeploy.json b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEFileHash/Restrict-MDEFileHash-entity-trigger/azuredeploy.json
index 8cd709eddbf..27a36616645 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEFileHash/Restrict-MDEFileHash-entity-trigger/azuredeploy.json
+++ b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEFileHash/Restrict-MDEFileHash-entity-trigger/azuredeploy.json
@@ -5,7 +5,17 @@
         "title": "Restrict MDE FileHash - Entity Triggered",
         "description": "This playbook will take the triggering FileHash entity and generate an alert and block threat indicator for the file hash in MDE for 90 days.",
         "prerequisites": "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions and assign Microsoft Sentinel Reader to the resource group for the managed identity. Run the following code replacing the managed identity object id, subscriptionId and resource group. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $SubscriptionId = '<Enter your subsciption id here>' \n\n $ResourceGroup = '<Enter your resource group here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $RoleName = 'Microsoft Sentinel Responder' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n New-AzRoleAssignment -ObjectId $MIGuid -RoleDefinitionName $RoleName -Scope /subscriptions/$SubscriptionId/resourcegroups/$ResourceGroup \n\n ```",
-        "postDeployment": [],
+        "postDeployment": ["Assign Playbook Microsoft Sentinel Responder Role",
+		"1. Select the Playbook (Logic App) resource",
+		"2. Click on Identity Blade",
+		"3. Choose System assigned tab",
+		"4. Click on Azure role assignments",
+		"5. Click on Add role assignments",
+		"6. Select Scope - Resource group",
+		"7. Select Subscription - where Playbook has been created",
+		"8. Select Resource group - where Playbook has been created",
+		"9. Select Role - Microsoft Sentinel Responder",
+		"10. Click Save (It takes 3-5 minutes to show the added role.)"],
         "prerequisitesDeployTemplateFile": "",
         "lastUpdateTime": "2023-02-26T00:00:00Z",
         "entities": [
diff --git a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEFileHash/Restrict-MDEFileHash-incident-trigger/azuredeploy.json b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEFileHash/Restrict-MDEFileHash-incident-trigger/azuredeploy.json
index 883406d8594..662b31475fe 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEFileHash/Restrict-MDEFileHash-incident-trigger/azuredeploy.json
+++ b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEFileHash/Restrict-MDEFileHash-incident-trigger/azuredeploy.json
@@ -5,6 +5,17 @@
         "title": "Restrict MDE FileHash - Incident Triggered",
         "description": "This playbook will take FileHash entities and generate alert and block threat indicators for each file hash in MDE for 90 days.",
         "prerequisites": ["- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"],
+		"postDeployment": ["Assign Playbook Microsoft Sentinel Responder Role",
+		"1. Select the Playbook (Logic App) resource",
+		"2. Click on Identity Blade",
+		"3. Choose System assigned tab",
+		"4. Click on Azure role assignments",
+		"5. Click on Add role assignments",
+		"6. Select Scope - Resource group",
+		"7. Select Subscription - where Playbook has been created",
+		"8. Select Resource group - where Playbook has been created",
+		"9. Select Role - Microsoft Sentinel Responder",
+		"10. Click Save (It takes 3-5 minutes to show the added role.)"],
         "lastUpdateTime": "2022-07-14T00:00:00.000Z",
         "entities": [ "FileHash" ],
         "tags": [ "Remediation" ],
diff --git a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEIPAddress/Restrict-MDEIPAddress-alert-trigger/azuredeploy.json b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEIPAddress/Restrict-MDEIPAddress-alert-trigger/azuredeploy.json
index 7701ee7126a..ced435b0593 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEIPAddress/Restrict-MDEIPAddress-alert-trigger/azuredeploy.json
+++ b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEIPAddress/Restrict-MDEIPAddress-alert-trigger/azuredeploy.json
@@ -5,6 +5,17 @@
         "title": "Restrict MDE Ip Address - Alert Triggered",
         "description": "This playbook will take IP entities and generate alert and block threat indicators for each IP in MDE for 90 days.",
         "prerequisites": ["- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions and assign Microsoft Sentinel Reader to the resource group for the managed identity. Run the following code replacing the managed identity object id, subscriptionId and resource group. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $SubscriptionId = '<Enter your subsciption id here>' \n\n $ResourceGroup = '<Enter your resource group here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $RoleName = 'Microsoft Sentinel Responder' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n New-AzRoleAssignment -ObjectId $MIGuid -RoleDefinitionName $RoleName -Scope /subscriptions/$SubscriptionId/resourcegroups/$ResourceGroup \n\n ```"],
+		"postDeployment": ["Assign Playbook Microsoft Sentinel Responder Role",
+		"1. Select the Playbook (Logic App) resource",
+		"2. Click on Identity Blade",
+		"3. Choose System assigned tab",
+		"4. Click on Azure role assignments",
+		"5. Click on Add role assignments",
+		"6. Select Scope - Resource group",
+		"7. Select Subscription - where Playbook has been created",
+		"8. Select Resource group - where Playbook has been created",
+		"9. Select Role - Microsoft Sentinel Responder",
+		"10. Click Save (It takes 3-5 minutes to show the added role.)"],
         "lastUpdateTime": "2022-07-14T00:00:00.000Z",
         "entities": [ "Ip" ],
         "tags": [ "Remediation" ],
diff --git a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEIPAddress/Restrict-MDEIPAddress-entity-trigger/azuredeploy.json b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEIPAddress/Restrict-MDEIPAddress-entity-trigger/azuredeploy.json
index e19022a9908..4a415b43d42 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEIPAddress/Restrict-MDEIPAddress-entity-trigger/azuredeploy.json
+++ b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEIPAddress/Restrict-MDEIPAddress-entity-trigger/azuredeploy.json
@@ -5,7 +5,17 @@
         "title": "Restrict MDE Ip Address - Entity Triggered",
         "description": "This playbook will and generate alert and block threat indicators for the IP entity in MDE for 90 days.",
         "prerequisites": "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions and assign Microsoft Sentinel Reader to the resource group for the managed identity. Run the following code replacing the managed identity object id, subscriptionId and resource group. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $SubscriptionId = '<Enter your subsciption id here>' \n\n $ResourceGroup = '<Enter your resource group here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $RoleName = 'Microsoft Sentinel Responder' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n New-AzRoleAssignment -ObjectId $MIGuid -RoleDefinitionName $RoleName -Scope /subscriptions/$SubscriptionId/resourcegroups/$ResourceGroup \n\n ```",
-        "postDeployment": [],
+        "postDeployment": ["Assign Playbook Microsoft Sentinel Responder Role",
+		"1. Select the Playbook (Logic App) resource",
+		"2. Click on Identity Blade",
+		"3. Choose System assigned tab",
+		"4. Click on Azure role assignments",
+		"5. Click on Add role assignments",
+		"6. Select Scope - Resource group",
+		"7. Select Subscription - where Playbook has been created",
+		"8. Select Resource group - where Playbook has been created",
+		"9. Select Role - Microsoft Sentinel Responder",
+		"10. Click Save (It takes 3-5 minutes to show the added role.)"],
         "prerequisitesDeployTemplateFile": "",
         "lastUpdateTime": "2023-02-26T00:00:00Z",
         "entities": [
diff --git a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEIPAddress/Restrict-MDEIPAddress-incident-trigger/azuredeploy.json b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEIPAddress/Restrict-MDEIPAddress-incident-trigger/azuredeploy.json
index 4ebbd5e9dbb..e88a15313a4 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEIPAddress/Restrict-MDEIPAddress-incident-trigger/azuredeploy.json
+++ b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEIPAddress/Restrict-MDEIPAddress-incident-trigger/azuredeploy.json
@@ -5,6 +5,17 @@
         "title": "Restrict MDE Ip Address - Incident Triggered",
         "description": "This playbook will take IP entities and generate alert and block threat indicators for each IP in MDE for 90 days.",
         "prerequisites": ["- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions and assign Microsoft Sentinel Reader to the resource group for the managed identity. Run the following code replacing the managed identity object id, subscriptionId and resource group. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $SubscriptionId = '<Enter your subsciption id here>' \n\n $ResourceGroup = '<Enter your resource group here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $RoleName = 'Microsoft Sentinel Responder' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n New-AzRoleAssignment -ObjectId $MIGuid -RoleDefinitionName $RoleName -Scope /subscriptions/$SubscriptionId/resourcegroups/$ResourceGroup \n\n ```"],
+		"postDeployment": ["Assign Playbook Microsoft Sentinel Responder Role",
+		"1. Select the Playbook (Logic App) resource",
+		"2. Click on Identity Blade",
+		"3. Choose System assigned tab",
+		"4. Click on Azure role assignments",
+		"5. Click on Add role assignments",
+		"6. Select Scope - Resource group",
+		"7. Select Subscription - where Playbook has been created",
+		"8. Select Resource group - where Playbook has been created",
+		"9. Select Role - Microsoft Sentinel Responder",
+		"10. Click Save (It takes 3-5 minutes to show the added role.)"],
         "lastUpdateTime": "2022-07-14T00:00:00.000Z",
         "entities": [ "Ip" ],
         "tags": [ "Remediation" ],
diff --git a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEUrl/Restrict-MDEUrl-alert-trigger/azuredeploy.json b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEUrl/Restrict-MDEUrl-alert-trigger/azuredeploy.json
index feebad76fe4..a5286554e68 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEUrl/Restrict-MDEUrl-alert-trigger/azuredeploy.json
+++ b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEUrl/Restrict-MDEUrl-alert-trigger/azuredeploy.json
@@ -5,6 +5,17 @@
         "title": "Restrict MDE Url - Alert Triggered",
         "description": "This playbook will take Url entities and generate alert and block threat indicators for each IP in MDE for 90 days.",
         "prerequisites": ["- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"],
+		"postDeployment": ["Assign Playbook Microsoft Sentinel Responder Role",
+		"1. Select the Playbook (Logic App) resource",
+		"2. Click on Identity Blade",
+		"3. Choose System assigned tab",
+		"4. Click on Azure role assignments",
+		"5. Click on Add role assignments",
+		"6. Select Scope - Resource group",
+		"7. Select Subscription - where Playbook has been created",
+		"8. Select Resource group - where Playbook has been created",
+		"9. Select Role - Microsoft Sentinel Responder",
+		"10. Click Save (It takes 3-5 minutes to show the added role.)"],
         "lastUpdateTime": "2022-07-14T00:00:00.000Z",
         "entities": [ "Url" ],
         "tags": [ "Remediation" ],
diff --git a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEUrl/Restrict-MDEUrl-entity-trigger/azuredeploy.json b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEUrl/Restrict-MDEUrl-entity-trigger/azuredeploy.json
index c8c5cd23286..58e2800894b 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEUrl/Restrict-MDEUrl-entity-trigger/azuredeploy.json
+++ b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEUrl/Restrict-MDEUrl-entity-trigger/azuredeploy.json
@@ -5,10 +5,17 @@
         "title": "Restrict MDE URL - Entity Triggered",
         "description": "This playbook will take the triggering entity and generate an alert and block threat indicator for the URL in MDE for 90 days.",
         "prerequisites": "- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions and assign Microsoft Sentinel Reader to the resource group for the managed identity. Run the following code replacing the managed identity object id, subscriptionId and resource group. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $SubscriptionId = '<Enter your subsciption id here>' \n\n $ResourceGroup = '<Enter your resource group here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $RoleName = 'Microsoft Sentinel Responder' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n New-AzRoleAssignment -ObjectId $MIGuid -RoleDefinitionName $RoleName -Scope /subscriptions/$SubscriptionId/resourcegroups/$ResourceGroup \n\n ```",
-        "postDeployment": [
-            "1. Add Microsoft Sentinel Responder role to the managed identity.",
-            "2. Assign Ti.ReadWrite API permissions to the managed identity."
-        ],
+        "postDeployment": ["Assign Playbook Microsoft Sentinel Responder Role",
+		"1. Select the Playbook (Logic App) resource",
+		"2. Click on Identity Blade",
+		"3. Choose System assigned tab",
+		"4. Click on Azure role assignments",
+		"5. Click on Add role assignments",
+		"6. Select Scope - Resource group",
+		"7. Select Subscription - where Playbook has been created",
+		"8. Select Resource group - where Playbook has been created",
+		"9. Select Role - Microsoft Sentinel Responder",
+		"10. Click Save (It takes 3-5 minutes to show the added role.)"],
         "prerequisitesDeployTemplateFile": "",
         "lastUpdateTime": "2023-02-26T00:00:00Z",
         "entities": [
diff --git a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEUrl/Restrict-MDEUrl-incident-trigger/azuredeploy.json b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEUrl/Restrict-MDEUrl-incident-trigger/azuredeploy.json
index 427956c659b..0c18039faab 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEUrl/Restrict-MDEUrl-incident-trigger/azuredeploy.json
+++ b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Restrict-MDEUrl/Restrict-MDEUrl-incident-trigger/azuredeploy.json
@@ -5,6 +5,17 @@
         "title": "Restrict MDE Url - Incident Triggered",
         "description": "This playbook will take Url entities and generate alert and block threat indicators for each IP in MDE for 90 days.",
         "prerequisites": ["- **For Gov Only** \n\n You will need to update the HTTP action URL to the correct URL documented [here](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide#api) \n\n - You will need to grant Ti.ReadWrite permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Ti.ReadWrite' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"],
+		"postDeployment": ["Assign Playbook Microsoft Sentinel Responder Role",
+		"1. Select the Playbook (Logic App) resource",
+		"2. Click on Identity Blade",
+		"3. Choose System assigned tab",
+		"4. Click on Azure role assignments",
+		"5. Click on Add role assignments",
+		"6. Select Scope - Resource group",
+		"7. Select Subscription - where Playbook has been created",
+		"8. Select Resource group - where Playbook has been created",
+		"9. Select Role - Microsoft Sentinel Responder",
+		"10. Click Save (It takes 3-5 minutes to show the added role.)"],
         "lastUpdateTime": "2022-07-14T00:00:00.000Z",
         "entities": [ "Url" ],
         "tags": [ "Remediation" ],
diff --git a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Run-MDEAntivirus/Run-MDEAntivirus-alert-trigger/azuredeploy.json b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Run-MDEAntivirus/Run-MDEAntivirus-alert-trigger/azuredeploy.json
index 13f148fbfab..fbece694ffc 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Run-MDEAntivirus/Run-MDEAntivirus-alert-trigger/azuredeploy.json
+++ b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Run-MDEAntivirus/Run-MDEAntivirus-alert-trigger/azuredeploy.json
@@ -5,6 +5,17 @@
         "title": "Run MDE Antivirus - Alert Triggered",
         "description": "This playbook will run a antivirus (full) scan on the machine in Microsoft Defender for Endpoint.",
         "prerequisites": ["- You will need to grant Machine.Scan, Machine.Read.All, and Machine.ReadWrite.All permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Machine.Scan' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id $PermissionName = 'Machine.Read.All' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id $PermissionName = 'Machine.ReadWrite.All' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"],
+		"postDeployment": ["Assign Playbook Microsoft Sentinel Responder Role",
+		"1. Select the Playbook (Logic App) resource",
+		"2. Click on Identity Blade",
+		"3. Choose System assigned tab",
+		"4. Click on Azure role assignments",
+		"5. Click on Add role assignments",
+		"6. Select Scope - Resource group",
+		"7. Select Subscription - where Playbook has been created",
+		"8. Select Resource group - where Playbook has been created",
+		"9. Select Role - Microsoft Sentinel Responder",
+		"10. Click Save (It takes 3-5 minutes to show the added role.)"],
         "lastUpdateTime": "2022-02-14T00:00:00.000Z",
         "entities": [ "Host" ],
         "tags": [ "Remediation" ],
diff --git a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Run-MDEAntivirus/Run-MDEAntivirus-incident-trigger/azuredeploy.json b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Run-MDEAntivirus/Run-MDEAntivirus-incident-trigger/azuredeploy.json
index 553a2c8984c..f8c0817d005 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Run-MDEAntivirus/Run-MDEAntivirus-incident-trigger/azuredeploy.json
+++ b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Run-MDEAntivirus/Run-MDEAntivirus-incident-trigger/azuredeploy.json
@@ -5,6 +5,17 @@
         "title": "Run MDE Antivirus - Incident Triggered",
         "description": "This playbook will run a antivirus (full) scan on the machine in Microsoft Defender for Endpoint.",
         "prerequisites": ["- You will need to grant Machine.Scan, Machine.Read.All, and Machine.ReadWrite.All permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Machine.Scan' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id $PermissionName = 'Machine.Read.All' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id $PermissionName = 'Machine.ReadWrite.All' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"],
+		"postDeployment": ["Assign Playbook Microsoft Sentinel Responder Role",
+		"1. Select the Playbook (Logic App) resource",
+		"2. Click on Identity Blade",
+		"3. Choose System assigned tab",
+		"4. Click on Azure role assignments",
+		"5. Click on Add role assignments",
+		"6. Select Scope - Resource group",
+		"7. Select Subscription - where Playbook has been created",
+		"8. Select Resource group - where Playbook has been created",
+		"9. Select Role - Microsoft Sentinel Responder",
+		"10. Click Save (It takes 3-5 minutes to show the added role.)"],
         "lastUpdateTime": "2022-07-14T00:00:00.000Z",
         "entities": [ "Host" ],
         "tags": [ "Remediation" ],
diff --git a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Unisolate-MDEMachine/Unisolate-MDE-Machine-entity-trigger/azuredeploy.json b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Unisolate-MDEMachine/Unisolate-MDE-Machine-entity-trigger/azuredeploy.json
index 3f5a52873ef..4af1df6cee0 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Unisolate-MDEMachine/Unisolate-MDE-Machine-entity-trigger/azuredeploy.json
+++ b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Unisolate-MDEMachine/Unisolate-MDE-Machine-entity-trigger/azuredeploy.json
@@ -5,7 +5,17 @@
         "title": "Unisolate MDE Machine using entity trigger",
         "description": "This playbook will unisolate Microsoft Defender for Endpoint (MDE) device using entity trigger.",
         "prerequisites": "",
-    "postDeployment": ["1. Add Microsoft Sentinel Responder role to the managed identity.", "2. Assign Machine.Isolate API permissions to the managed identity."],
+		"postDeployment": ["Assign Playbook Microsoft Sentinel Responder Role",
+		"1. Select the Playbook (Logic App) resource",
+		"2. Click on Identity Blade",
+		"3. Choose System assigned tab",
+		"4. Click on Azure role assignments",
+		"5. Click on Add role assignments",
+		"6. Select Scope - Resource group",
+		"7. Select Subscription - where Playbook has been created",
+		"8. Select Resource group - where Playbook has been created",
+		"9. Select Role - Microsoft Sentinel Responder",
+		"10. Click Save (It takes 3-5 minutes to show the added role.)"],
     "prerequisitesDeployTemplateFile": "",
     "lastUpdateTime": "2022-12-22T00:00:00.000Z",
 "entities": ["Host"],
diff --git a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Unisolate-MDEMachine/Unisolate-MDEMachine-alert-trigger/azuredeploy.json b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Unisolate-MDEMachine/Unisolate-MDEMachine-alert-trigger/azuredeploy.json
index ac0c9add3ed..13588d8b00b 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Unisolate-MDEMachine/Unisolate-MDEMachine-alert-trigger/azuredeploy.json
+++ b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Unisolate-MDEMachine/Unisolate-MDEMachine-alert-trigger/azuredeploy.json
@@ -5,6 +5,17 @@
         "title": "Unisolate MDE Machine - Alert Triggered",
         "description": "This playbook will release a machine from isolation in Microsoft Defender for Endpoint.",
         "prerequisites": ["- You will need to grant Machine.Isolate permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Machine.Isolate' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"],
+		"postDeployment": ["Assign Playbook Microsoft Sentinel Responder Role",
+		"1. Select the Playbook (Logic App) resource",
+		"2. Click on Identity Blade",
+		"3. Choose System assigned tab",
+		"4. Click on Azure role assignments",
+		"5. Click on Add role assignments",
+		"6. Select Scope - Resource group",
+		"7. Select Subscription - where Playbook has been created",
+		"8. Select Resource group - where Playbook has been created",
+		"9. Select Role - Microsoft Sentinel Responder",
+		"10. Click Save (It takes 3-5 minutes to show the added role.)"],
         "lastUpdateTime": "2022-07-14T00:00:00.000Z",
         "entities": [ "Host" ],
         "tags": [ "Remediation" ],
diff --git a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Unisolate-MDEMachine/Unisolate-MDEMachine-incident-trigger/azuredeploy.json b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Unisolate-MDEMachine/Unisolate-MDEMachine-incident-trigger/azuredeploy.json
index 3ab1eabe078..7d642d82848 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Unisolate-MDEMachine/Unisolate-MDEMachine-incident-trigger/azuredeploy.json
+++ b/Solutions/MicrosoftDefenderForEndpoint/Playbooks/Unisolate-MDEMachine/Unisolate-MDEMachine-incident-trigger/azuredeploy.json
@@ -5,6 +5,17 @@
         "title": "Unisolate MDE Machine - Incident Triggered",
         "description": "This playbook will release a machine from isolation in Microsoft Defender for Endpoint.",
         "prerequisites": ["- You will need to grant Machine.Isolate permissions to the managed identity. Run the following code replacing the managed identity object id. You find the managed identity object id on the Identity blade under Settings for the Logic App. \n\n ```powershell \n\n $MIGuid = '<Enter your managed identity guid here>' \n\n $MI = Get-AzureADServicePrincipal -ObjectId $MIGuid \n\n $MDEAppId = 'fc780465-2017-40d4-a0c5-307022471b92' \n\n $PermissionName = 'Machine.Isolate' \n\n $MDEServicePrincipal = Get-AzureADServicePrincipal -Filter 'appId eq '$MDEAppId'' \n\n $AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains 'Application'} \n\n New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id \n\n ```"],
+		"postDeployment": ["Assign Playbook Microsoft Sentinel Responder Role",
+		"1. Select the Playbook (Logic App) resource",
+		"2. Click on Identity Blade",
+		"3. Choose System assigned tab",
+		"4. Click on Azure role assignments",
+		"5. Click on Add role assignments",
+		"6. Select Scope - Resource group",
+		"7. Select Subscription - where Playbook has been created",
+		"8. Select Resource group - where Playbook has been created",
+		"9. Select Role - Microsoft Sentinel Responder",
+		"10. Click Save (It takes 3-5 minutes to show the added role.)"],
         "lastUpdateTime": "2022-07-14T00:00:00.000Z",
         "entities": [ "Host" ],
         "tags": [ "Remediation" ],
diff --git a/Solutions/MicrosoftDefenderForEndpoint/ReleaseNotes.md b/Solutions/MicrosoftDefenderForEndpoint/ReleaseNotes.md
index d6203fc467a..645abaf7213 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/ReleaseNotes.md
+++ b/Solutions/MicrosoftDefenderForEndpoint/ReleaseNotes.md
@@ -1,3 +1,4 @@
 | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                          |
 |-------------|--------------------------------|---------------------------------------------|
+| 3.0.1       | 24-11-2023                     | Entities has been mapped for **Playbooks**  |
 | 3.0.0       | 17-07-2023                     | Initial Version                             |
\ No newline at end of file

From 3a6fc6b3f37da98d0f6a678fe5be7fafe1720056 Mon Sep 17 00:00:00 2001
From: v-atulyadav <104008048+v-atulyadav@users.noreply.github.com>
Date: Fri, 24 Nov 2023 17:37:37 +0530
Subject: [PATCH 13/15] Update system_generated_metadata.json

---
 .../Data/system_generated_metadata.json                         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Solutions/MicrosoftDefenderForEndpoint/Data/system_generated_metadata.json b/Solutions/MicrosoftDefenderForEndpoint/Data/system_generated_metadata.json
index 48642faf63d..f95ccc283b7 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/Data/system_generated_metadata.json
+++ b/Solutions/MicrosoftDefenderForEndpoint/Data/system_generated_metadata.json
@@ -27,7 +27,7 @@
     "link": "https://support.microsoft.com"
   },
   "Data Connectors": "[\n  \"Data Connectors/template_MicrosoftDefenderAdvancedThreatProtection.JSON\"\n]",
-  "Parsers": "[\n  \"AssignedIPAddress.txt\",\n  \"Devicefromip.txt\"\n]",
+  "Parsers": "[\n  \"AssignedIPAddress.yaml\",\n  \"Devicefromip.yaml\"\n]",
   "Playbooks": [
     "Playbooks/Isolate-MDEMachine/Isolate-MDE-Machine-entity-trigger/azuredeploy.json",
     "Playbooks/Isolate-MDEMachine/Isolate-MDEMachine-alert-trigger/azuredeploy.json",

From 85f8ef38298cd95bfecb3e0d19fca2ada6c6ad9a Mon Sep 17 00:00:00 2001
From: v-atulyadav <104008048+v-atulyadav@users.noreply.github.com>
Date: Fri, 24 Nov 2023 17:39:04 +0530
Subject: [PATCH 14/15] removed txt parsers

---
 .../Parsers/AssignedIPAddress.txt             | 19 -----------------
 .../Parsers/Devicefromip.txt                  | 21 -------------------
 2 files changed, 40 deletions(-)
 delete mode 100644 Solutions/MicrosoftDefenderForEndpoint/Parsers/AssignedIPAddress.txt
 delete mode 100644 Solutions/MicrosoftDefenderForEndpoint/Parsers/Devicefromip.txt

diff --git a/Solutions/MicrosoftDefenderForEndpoint/Parsers/AssignedIPAddress.txt b/Solutions/MicrosoftDefenderForEndpoint/Parsers/AssignedIPAddress.txt
deleted file mode 100644
index ca0281272bb..00000000000
--- a/Solutions/MicrosoftDefenderForEndpoint/Parsers/AssignedIPAddress.txt
+++ /dev/null
@@ -1,19 +0,0 @@
-// This function queries to quickly obtain the latest IP addresses that have been assigned to a device. If you specify a timestamp //argument, this function obtains the most recent //IP addresses at the specified time.
-// Usage Instruction : 
-// This Function should be deployed via Solution install only from content hub
-// Syntax :: e.g. AssignedIPAddresses(x, y) .
-// Reference : https://docs.microsoft.com/microsoft-365/security/defender/advanced-hunting-assignedipaddresses-function?view=o365-worldwide
-let AssignedIPAddresses = (Device:string, Timestamp:datetime = datetime(null))
-{
-let t = coalesce(Timestamp, now());
-let adapters = materialize(
-    DeviceNetworkInfo 
-    | where Timestamp between(max_of(t - 1d, ago(30d)) .. t)
-    | where DeviceId == Device or DeviceName == Device
-    | top 500 by Timestamp);
-let lastReportId = tolong(toscalar(adapters | summarize arg_max(Timestamp, ReportId) | project ReportId));
-adapters | where ReportId == lastReportId
-| project Timestamp, NetworkAdapterType, IpAddresses = todynamic(tostring(IPAddresses)), ConnectedNetworks
-| mv-expand IpAddresses
-| project Timestamp, IPAddress = tostring(IpAddresses.IPAddress), IPType = tostring(IpAddresses.AddressType), NetworkAdapterType, ConnectedNetworks
-};
diff --git a/Solutions/MicrosoftDefenderForEndpoint/Parsers/Devicefromip.txt b/Solutions/MicrosoftDefenderForEndpoint/Parsers/Devicefromip.txt
deleted file mode 100644
index 567093fd930..00000000000
--- a/Solutions/MicrosoftDefenderForEndpoint/Parsers/Devicefromip.txt
+++ /dev/null
@@ -1,21 +0,0 @@
-//This function queries to quickly obtain the list of devices that have been assigned to a certain IP address at a given point in time.
-//This function is invoked as part of a query.
-//The first parameter is typically already a column in the query. In this case, it is the column named IP, the IP address for which you want to see a list of devices that have been //assigned to it. It should be a local IP address. External IP addresses are not supported.
-//The second optional parameter is the Timestamp, which instructs the function to obtain the most recent assigned devices from a specific time. If not specified, the function returns 
-// Usage Instruction : 
-// This Function should be deployed via Solution install only from content hub
-//Sample Usage: DeviceNetworkInfo |mv-expand IPAddresses |project IP=tostring(IPAddresses.IPAddress) |invoke DeviceFromIP(now())
-// Reference : https://docs.microsoft.com/microsoft-365/security/defender/advanced-hunting-devicefromip-function?view=o365-worldwide
-let DeviceFromIP2 = (T:(IP:string), Timestamp:datetime = datetime(null))
-{
-let t = coalesce(Timestamp, now());
-let lastReportIds = DeviceNetworkInfo 
-    | where Timestamp between(max_of(t - 1d, ago(30d)) .. t)
-    | summarize arg_max(Timestamp, ReportId) by DeviceId;
-let adapters = DeviceNetworkInfo
-    | where Timestamp between(max_of(t - 1d, ago(30d)) .. t)
-    | lookup kind = inner lastReportIds on ReportId, DeviceId
-    | mv-expand todynamic(IPAddresses)
-    | project DeviceId, IP = tostring(IPAddresses.IPAddress);
-T | join adapters on IP | project-away IP1
-};

From 5fe180909898f6d71c6bd27b2fa528f77a6145f3 Mon Sep 17 00:00:00 2001
From: v-atulyadav <104008048+v-atulyadav@users.noreply.github.com>
Date: Fri, 24 Nov 2023 18:56:13 +0530
Subject: [PATCH 15/15] branding validation

---
 .../Package/3.0.1.zip                         | Bin 30646 -> 27949 bytes
 .../Package/createUiDefinition.json           |   2 +-
 .../Package/mainTemplate.json                 |   2 +-
 3 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Solutions/MicrosoftDefenderForEndpoint/Package/3.0.1.zip b/Solutions/MicrosoftDefenderForEndpoint/Package/3.0.1.zip
index 5a903f03050f1c803708c174a408332fa8dcf3ee..72246745cb34ddda405f866875a6e6733c95e32d 100644
GIT binary patch
literal 27949
zcmY(KV~nW5x~1DTcH6dX+qP}nwr$(CZM%2dw)^gLCUYnAuf9rF@@3VVRZmG?3K#?h
z00002;3?Hz?WmmiZwV9tKodCt0NTG^BS#YhXA>0*VG~meTMK6kJ6l>yCp+66&2L+*
z4#eL+{=Wh8TI!6=R9ho0Aqsl=>k}mYN$stP`SsEMn<dTMPH9+)RALgqPZ}TQK8dsO
z+jJJ!>S(9&x(MjHj^eYYcBbNfAK$kS=idrqkWv=6@lQxbjy~*|9SQU$7&`UICZxr9
z&?AH5rM|LpFN5EA_~WQrj;>6cs?nG)AMcP^kI`7PO?M&$Fn&p)d{!CX1#Hb`B+OBu
zO75%BxD*w~+rdU%Zbsm8-NuqbqT<_}({iWE3&|MxK#_9nAVCS!C*BJ1{RnGz?_!mP
z=-EmI8}*qP3Nu7I#GwP}=i>L<Z%MziOP~vsoSCYd3Qwfk_DLvBf=r-fn9B$kqml={
zU}*H?Or)au)cTIjlxT`w9d5_k<!MnCaocz6#P<Dqe&c-oW`l2p3@fj3OV*j!H@(TB
zI5#(mOatYn!VMfs!{UZWq9=+F9z#u_84VrE(Rb2VlpwKt-KmBA0dNz_2^OM1pSQp9
zPE}K@%pKfjwr<?gde2f3In8ZR<|sxb*=W8@JeAZiq$V2E%Ssiw#tyU|rlLQ@Uh?Uq
zL75E_gZzQXwfyLg9yt?P(e^b_q(V=a-AZxIX89=mT9#tm_#8^1foz3H@^acqi5&zJ
zY%A%umUO~9z(PljNTJD#{;Q}I#}yh;CLlm6voV}iy@7nc$Kd*$lqhUf3Ri4U>J`bE
z_C_~|nwR2(U;{DAgkX6FL7R@_QZt4Y=!1-$$kItE)bir-;TA%Ya1bHt%$d_E(ltcR
zkzkdDU|@>`)oj)U<@dfR2mZq|T=0ImBK^i-;N5iU1A@2SH>Wo@R@@TR_H~~3!6Fi*
zA=>tPn1fWJX?C?)`506UusvX$l7^{7hZ@a<?3+-KOY4r}0RH+Oli}G!IPLr`f8vby
z&hh(RdEp2gPWa3Az5dj0{#g~tl`;_xq$x-D$cD04R{ts{^j`;v15Lv4=K%VUVVE2M
zWZ5Im6+T=CB17GkCC8taxHGySBdmzw&8Bpg5)^Xupf-Xau9;|<X8ePZ&-ZwO*%PcH
zwQ7>VWYO~}Th?NzipUyC%?+Nw2k(1-%ERbf8pj_YSQ|)E2B<;-kyW@>&xeEUCCCNZ
z347HGXc-k55Y&onX-?xWnsf_4AT(PJ<lpia{EY_;wHhXF+yjtX*?2B;+VhAHs+7HI
zLIANUBYDmC2w<+0+eF!fc!a!+Nh2NZ+B!e_xLtYJ|0~M+MloP_CyFW?$OqnYNOW~!
zq&mYD6B3ft02rbnJcptqIJ^<^woyVL^ZZHWobE#;rB7^SVn)eMOMK)}y2$MUQGcdo
z)?%31y@k)m*kEXLFLp;$OPy(30A?aVEY%TCp~_2Uu<GN`Ny$V|v{^|<9%UX~+tLT<
z5*}Bm*htrJ)aWV0F^QnVz<2;3K?XL=AHyGQ_LR9odEwy3NveD|(F!hHYZbGtUKjI;
zj3mlC$S-pI`3QLJY=z!Rd11T!YvotbR$GlJ#fo_<6ULGx8OxX(r>{oX!qG&P!%EFG
zMJvoGCDsX!!7>@;T17DuQjEg$Pu8inzKp18m8KEqvIMLFIkF%Q<?HsPzd8xOEE2*u
zwe2<R`aV6PTc5T%grd(tV~E5D4ao~Qfh0Tn4Q#Eajf&92Lg|zQQUr^^Z5dfotC^sQ
z1(FwGHvG+k9T*w*@Zr8J5#|jRf1LR&u-+0b&K1rTsFxq~%Zr=;KJBF{wTs66NiG<7
zss&WZTSVeJq_QZDrGS|<zDFAyfUg*J0-@{iM@S2N@upU+?qeXjY;=QT*S;V^fNNTY
zdAsls(NijIK}=xd>=|s<X1~Eb7G?j@sz1fd=Pbb|E%yi4HNZMXuoN*Kk{lbp7#~vg
z`98!B+XITLvM(GpA9|u=_0lgG|NLqE&lN8RX?^c&VUC<q*`vj+{pMDHCDiy;CBa6<
zOXyPWak1CSBb>EQ%SqYUmUe?XGEpXG6+wl>5zcj`FnsyWBV8bPp=HXOOB-7a$>W~|
z>G^b-_J-|ki3#nU=7jTAz@DroA98-)^cZg^D{pE44~F8v%NP<yHw`DEls#8>(epbJ
z<<yy=R@@ltgvdJAl-&i?kfS{LaxvzniZfbCB-Bm*%s~_r_yB~?8n`+`TH-^F_IsP1
z{rL8qj{ZilN#ix{_E8HN1c2Aheq9vqQVruN6E(+WP|no>gSwi|xtTfFpYA*lU@Wx@
zHCD#UdIlGQTI@_fS`$nuJ2P*!k*0QLgl0*c)d~Mxs2{{LdkRpp{wCJYDqY)A7)*vl
zNd^I(G<q_IJRvgZEF@+BRw4Il8q*62t`mDHBQbO;YsCI8AfkpfV)+@tXZWPd1r#bD
z0GoQN6~;hPj&%TIti)l|-F381S$JO!!^1{<>jGpz$&-97`v?dSd2P++zso~IT##?C
z&jW3)@Z7~#g%ROcJAr0MMr9Up&q3F;`OmtCrZ>1TnYV5Br}^6+K8JJH0j-Ufag|TK
zU6>V?M>o;*H`$?u7t2b`P3+Ed@dJR0lY_VIf+W$EvqSb6&7;>YWQ<m;7d6G}v%)*r
zwpl@xv%V(!mb&51jdHLHBv!(x;b*;EYkIN}tw*+|L94PKSc1MaGFV1`)w8xn?uUdc
zDG<afAPi0E4P^p1R|BN3<91~SnLWo2i<rFBkdza9ozli<pdV`vyr`aU|LQ%Wg<CLg
zsmlWod<G_t#V_A+=0^XG4;H$|i!ZYl%_rCdx!fW|_;ty!40@jxZ!X^YjMH%qgYU5M
zQRW?U9zWgQl@)x6O>CU#AZI#9w^ImjP%wcWO1eLqt{5hD9sm0A?5kmmJhvG-z+(N2
z-frn@3;)2o(dU+Cy(8Y|itHwK?T2>U+P-yi^$Dyuhj$O-i|DM9@LqM^l5z&mZoD&6
zG*Sa0-HRKzhVrR3VnBDo2Cxtcqy`UJY$iENZ5w@9hVA&s5mXr`U5s+n0;c9pk8cBc
z$Ky{SDhZU5OCw>9A^`*LmjcosnSbsAL}MxFVhDMvO^;IXJ{>rKqCra|k>C)YI1Q@v
zwj~J#O4iH2FH13_%6owQv)LZi5qpHBjNEBfVcK5%)s;93ULi?`+y$CG$Btb0y7G<O
zdh}9=SLym~9KlL-g8`BkNNWBxpl0;D+S?_9^(^wY$Nl@^{_-&jav@~aW7x!iPOjW@
zN<m9uP(<3X%s&=9H0<su=yo6p>!5BTy2q;~;SQB~2BW?}{jGi8UtKeA5mm{6I`~of
zS99V{5cAexdx^AynWt#Mg?hp7C$GEtr`;?hG40l8XJkU-^oh<!hzp)bZ!Of-sojP{
z+2N%}S+GRi<*x-a2C3tq(l7rFEnU^-TS{a;0OMreOiY22<Rw?h<AZF4-@T<bZ@J!h
zpSD&<=OnM>^wm;dJXPpfoZquN17`*Lvxrv^pjD&RP5s@8t;wyO!Q%xZORIDjUuop!
z+DL6B>?@C}pS*A`Y7@A5k(J$BO{$#=)^#oBVPzbx$ggXTGn#ORUZoqVMtZk-pUO&|
zo4_G#mm9~aWY!OzcOwwmrQb-?O1wZEg>%PXFIURg-(|A89=i>;O2yFCPvtrijrRq+
zgk`!2@g)b%cX~?~D89YlUjX_4CEJUCWNS5QnH^~W0Fb8v27vgFY;6oIY?V!H?5+Rt
z?SGl}O2@`&OEmGvSLGG2)ZLBBF{&6u9;w9o-L@qar^=8llEmwBQjr3Io)|F*0LDKt
zW%zZg&dh({vOA#AW>~6(k~APU_ePYDX@^N>`u6w74&wQTsTIxL;<;C-M<g-$-mR<a
zJmr4zp@u`(kPkzvuZEDjHOR!3ZkOdX`fy?Q$9!(x#r_NwKKKTSPH0Z@?rn|z?zf1o
z7-u~oufL~_J#wd?>>K@%=RwcaF9Lb00f}(n_6SJ3QFVea9O9g6EjExnoy0u&Km{F4
z;o+5}OB6&hW8OAZI5@qz6QWxMD5roJ8Db_7;<#J(9_AA+HWz$>=`SSknw)3wRGD)A
zd?Ymj)Dca@5ol{l@q<~~p5X(6;i6u)a4nx%AwrJ!FUia41kerUhza;ybxK-yOE;>`
zEA5~|eWdl54@&jmkN&i02koQfI@uxWRsxnO<FhXeQgdVjlW<!V$U8dMx`2egAXRJv
zDvg-L1MV~;*;!he23b**Nc}@LA~Vi6aGb7sf)V)qRT_if@9_BZA&3^-eq<u3Xx}#Y
z!Y6yPHMgPRPv8w&Z4bX~bbs~@jx$G8API?|N8ke(59w>!(-7Iqd?xktl@^<^l~WIJ
zT`=4ySKWO!r=-6kn<&F0&Wp7nGtl3mVXAN<#P9Ta`;8&i_hu&Q?$W-Yn_C#LHOn0;
zN-1V!udLL`U*m5AJdl!bcZ}(U2s;n>2&=I>YKLIx<a}uVq)VeX?p<`Us`>&+NM<+H
zBh5BkS|czpsI?*_sRXa2rJkvdC%3baoB<bs(cI}cd|wmmz5R}bO6DJF{U-)TC{g>9
zcrWMTD5jYu2fN|kSoCvpwc&}*(LrCOR+E`XE|X`~o2CA|jz^}kJxaHOZH?ZToGFpu
znj>zg#O23GTr2EJomAVDPhweMHt#(YVYwv-&+i|S?a4-n@nA=WKW{|xiDGY@z$Y0?
zaglLc9m9utg4haQ8oL<H>2!(iY+_p7Ou{DB|B|v=Ncq4q;9BK~6rLk0QaM;gf+FF;
z8DvjO+ypa2W?k3|(J-rjfIQ9u=sJ|E3+dQ3v~rbb4EGvFt@qO)WQm~sU;PJ&N5Ld2
zyBCE+V5UwILfmnfnViz5Ok}CwI*7zGc87v{2|wiQ#~R(v!;`D*5vt%H5?IS-<))fQ
zbeL1*zL0r#OTT9ZR9mzA_B`0{@PegH*5c2wJKExGF^jc@jWsRwHn?$fjwT&0EN8Qi
zeTIQIeFte6m@?!wYCTlAf+#Y9d0Vq$-wqEc2yQau)e=Z8cjUj;1;S7z5(t$G{Ig!3
zXL7&B+$L;J2#8Q>X<y`n`77siilt?slp*#3+yyCU!RIPFCyyPDU0!>=Otiwc7_~sE
z#x3)EN=KD9=W6uNa1YvgBtBE3G%e~>_;5$X<dV5UkdEhlRl7I2%eylDK6U)=ANb$r
z6YVwh9Hq+6>s+X?hEjRhAv+-V{f~Yr7E8if3J+i_l_V$yQ=|~t`y4By#EEtSc>U5`
zU`PN{M?h0w8vhJ${|rL^3`>8D%~NQg>14oZWuWSPR7z{eYPD3ch?+=Lt{@tvkebd4
zG^#}GSwG$VvjX124DCwGd=orbYVI6av01>~Ape>4=-4YGE90z}1}2A>ShH58bj9hi
zFXlI8E})97IbRpy)N6_ht@(GgjP5^p#_LFy@)+Xm%5j;jfACgauhB>pGT~?y%l1#W
z<y5)6cstP@&B~lVSB>pB8?F|d9hot%@igLdt~A7myuH|2;9`m*T<YuWUq<JL%8<Cc
zwld0FnzA-$e?&+VS+aY0M<sH6avZ*<IJxYkPdyxEE}71-aaYe)&YRRyd+dF<8^s$r
zfh<m)q+iLBnL8j;l3ChR7t{t(<~-YB17BO-%N+Rfj-y>0AGg#_e!)QHc;BTT8PmI1
zVZTgu?e&5%>wsn9^-MS+c`V9Dle($BW~<fLt<^0ka0(wvd^QeFTpm4a4R@h>S_-^#
zBL*NR*;%bZO<3yGhSr{K)&PB>K-k8O@lWoR_u6-bflOGtA`7frRRiY)BTbXyOgEG_
z;buzzWcH1FZy?RYbSQ$<x|~eV0n^&fDm@Nmrq)&1Tm`#tOQ7?9LWGub8O3nOBr&q(
zk^0OSJ!?w%vnl}DG{&-e(<)ZWys2kd!&o8HRLgLNw?xpclIDzT3dgi`rV8dA%J6&)
zTMk#0vR;QGZC_J4wDpy0dW$NaT|XAI^)Z}XTM5|p1<h}*h3xv86|~ib>gr52ZsmYU
zO{qxRYh%*R3vUa*9V|%cyW|J22ykt@UzeD3?iHQu8<}&?3oZ$OFF5B%l?Kfgp7Y0)
zcBW$6DajZRGGdf&N^1p@A{paQCb+C?Lh?dWw8Opcac-lx!?pCgtP9xVTm)X$H|=pM
z2UXRYZ0zTD;rbekK))N4<R1u1O)CUb`$9w3mrCl(Y+3f7;*YE($5ow=+Ow<-t~3X=
zXI>mwZfa=Dth85JO+2%$G?S1f7gfzHlUNfEtS2BDiCL8onh}O<AmW*dVFhg@{F#pB
zglHntNyl;dV=88uzS2V7rLAy4lG7(_tQ{`l9tl8dP8hJ(fTTNCld{(oA9$G#Uwar6
zaH$ThJ%$6a)<D}H%LQF)#L|AD`G6zK5+Om3ieSYQ6QMQX+Wwj>E+z5gnV3&wLiG1y
z7x~KN)&|DD7#eoigr}1K(S$(EWNlDe<x4gomb^evM`)q(u_uE2-FlUHFEDyaEVu@&
z0Y(v1g-8^-0JP><97!d{y53s2$+kEtgeZnkm>`i;d!j&TQbDcx#;LL*N{VP$DeF8^
zj7}(})1Qb$;h6w9wbOS90mU9Yt7?z_Ns>L9cGVtzQv_S(z6+E(hA}p@uuhHlz8#s*
z;da}6WUBoL1++Xln=(F8aSEV>c3E7)`S=fW+K_~Nk%4us_|SaSB7LWNse$>L1^N!n
zGCeaT3uYv1b}W|yMZ|EvqO3|K7^AsK3wkJs<|hp*f_;3ElziwvCEU<F)$l)Mgn@aQ
zA^J|u2t9Ko17>9J{f_CsNXlHupQI@h(0WvLfyNkIHo>5X=tRR9UM|51&1W52*LDak
zP|GoJZr~o8ubrds)XFz7S2kxxIp)N*TU;PY29{yTuwY3XxR&QBz^N^W_K(7L2n>WZ
zaze!l)tv}k7|Dbc>M|cXvt0=-P-tC{Z_a)*3lZ#xsix7~+CxSqC`xR`Wvs*;M<}J;
zq{mdjf&vA>J~~56w)tn;7X1?xTQsezE&65&mZ+N*8%)eWOlV<S?r~on6B&RZ)~lOs
zfXGK54j|lPCO8L@h_N=cq&p=Q_tSkj?H&CvD(*+PGMYPjAQZfj6A5mpZcNz12qC;s
z*W|zd$p|Y@I9-rW?jxcC&y0_aV#ZK=rfue3U0%TrE#4Nwv%Uy~7m~mK=ikvk=imSN
z_hewM=JU__PkQDHUd+f<x0ECLLwS3^(Np3rh9$6+3fe1rtPmW=4$zqrdqz-DoRbqM
zPU)UNxTYvjoKjbTu#KHSIHjWeq5|`CvlpUP>3NVqFcn)4*v-tgO0Ds|650p)%Udvo
z3w(Wou=M=Jp>6GwunM(v1J{Pdq2<~q`Yx?=150I3W|SK05efVPku)v2sLqonP8(x+
zB{kn-V$SdJ{?ghXdXc)@b?xVW((ixLkAKpi^2on5^%ly0%%~<htEf6cGwwbtbd6Lp
zELhFqZfr_)O0j3DIFkL`S=0bMQZBZ*v<h#T2Ry|FDBB%yPc2y)RDMP*Oyu@0f^5iP
zcdW0|5}uNi<k5FIQMXdXy(zgy@}sq1G`A$^MUx4{J#N~}(UC#qldw40hJPdc9-y1%
zFZF&=Kd0eoK6_Z~x^3#NV1o|yV=e`m+=cPg4^ra_#+7TcLlUC;IXHn5%>1oi5axTb
zs3U`nZx+L%D9yy@X~zp$y$n}&7f$(1$ZpA-^e4bWZblMEBc0?)M}~+Zy(@R8Hymyp
z0LFfN>wIZG`z-m><iJhf7uZ7zi1~r5M$PR8M=W=b5Q9XY-yq;_UGB4)+;2aek9x)Z
z$9<hf2@nB^$;Q8bWL%9Q^5DpKMh8fbk;U7Q7F`k6+*Pm$Lj^s_WxgTOG#~9<E<5fC
zW7Zu1039G*>1ix@k+r|Fc#?wes*}%Z!y?uXT$2FVKA|2xX_MF^+Sd|j6N4APBwYR#
zXx^U%OcyeKhvVQQhw+xQHZd#955~<!id#4aLi4t9L=?&^?hncxIxKQW4XeEdt7=CG
zei4^-8nlNs*T&-%6ku-ier3BrGkU@%dkJ*NG|FQqbA~CVED@LuB<A}hgX1@+5`Z6o
z+L*`6o#EGch4X?B@BRDBrj2GF{li8iiz>7LwH<^lee4MrU3-7PT2Dw;swx@xAxNzl
zQ6YWf7=e?<S|S?FKn}K+CLlapLMU2v0T+RDW}$S;UdR>DLwIQ7sl4Q;_qs981wT54
z-DljMv*T6!>&v$NjrUM@$;}{x?lDu;w@r3f;scDfj>zvEJi!3OGt9OT?q&438-t_O
za1A#K<d!X_+WzJdLX^fP*vLn_J&wn5M&W2d&fopUC{9h6Q$uKN<oNZcPj7Q|Xb<-M
zE}o|r`GC0m_u}d3!5iPg!)hcQ;(OluOU%`L*@JZwabZ4*?5t9(L-*O!yEe}~t?pfP
zs``3YpiZv9sy??R^?7}L2KxvcotER!Ue+%yXMp4^e32Ola-TthkaR7s4Z$HmO5T>H
zs$QeLM$KI{J3h%l*Q~a!Hcb27q}8v#zfF5E8E9y-L`r;N@nf9~ug@%KBY&6pdLZW8
zKiFadm;|rcvFBt2Oy_#AEYl+Meul^}goJBBhR7U|6x|~U7F1K?^1?%$n2e})K2B(^
zhSYOrsd~HsF$JcXxR{X<u)=~_jOG0zW6}s7xT@TgDN$6ogqONzFkHkxMQpgF+e<ny
z{$6~B1_t5Lo>^)OB#H1*RzsH5T+>6RkzA?!1O~+APSN(gqR86?(-A88AlKAA3D2yY
zLfX~1u$TGF0zm*;%Fv?c5#1^VAVIT$H6q*d_=)wp2-D)eSuLjNxUR&Z)0zbx>nv~p
z9x2X<IdHnYBi(t%YQ~VxR>@ImUiQ4`n03S6UH}bH@<DdetUZ}x4VN7~2v7M?bk4yD
zspxmzp3CHB^rM`X7RsbXiB0(ADCZiz8RtWNX%ny(OGCn1_KAk{O;+yeKt+^;>ZWtI
zQ;O&Sbij@-)BQ_7KN?q4sBAkGkA}Q3n58i2MM1!Xa$gLvazoE=wa%F|{djBorpDA|
z#d_EC&zzar{$6_lgXB~W)%=>?j?Xjzt>%i3-#Aj;L8KUyR*PlVNoCcl<)v$iOV{LP
zfQstKg{6~^Y0S#<OI3N6Hcw5dAPY?78o&sbT_@+)#_ET0XybEg(#VuY<gw94<2_Mo
zRNXU+vfVW5(Z%~GqEpfL#w2kunXg?HF{?6(!-Ijz_mGp{C+tZ=QXAbiaj$_`kQOe3
zPxM34AmaOv%!=fl9NjNx36cx~Yjz;qfC=~AC@E^HwSsMWi(UV!vMuk?J~cNfc<0`1
zrIjJGS^hS6xyMU}5ZHZ&)Sy7Rvp79?0~Vx1x{d;83CXZHvu2?Zx+VYwKJT4*dm2bH
zWB{ZgyFjY_L{Dq5s*URd>oHH@`okZ@DMt_eJP2VJ&ZchkM{(ZziH#uyBcUshM@o!F
zLibr>$+IEpSUGHPuD>NK2}4bL6rbXP;a86UJ)fT{vHjzncyoX|Ra+_!sZ1k(Aq5OS
zei5^<+yLX}4{t(1d&7UHwuu&oZk(cV?3L5^yxm&3KhMwCV{dCc*Usw~<bY?%)Ob8m
z4Zl0!6V9C2B9S4u@!`B3F>3Di?9_M{sBz-?+jv(JM8JdrpN@X<PuM-YBAYgzDqq2i
zkp}ASU;`S1MMxYw9z+VJ;C!yQg8kt>;Uvv09e=?%<pQe*nTgGW|Hdnn{zfAio^rcQ
z4z!!IkaJQsX{z7H9P{P-R<7kQA68&3u)hf`<58fJ_H=J`;hqlDhiP}SGr+@v)+A@I
z&k62d?&Wy!_(~mM?n%~`ohV2Nq2d;z@t<BYa|GM^@qRnRU-}wu4NS@re^X%e!kjo=
zeI4}y_K{TnJ4&cso}Xr;EI6gd0fJbl|0)kfC7URx#it;;VGeGl!?OrIW06&&esfIN
zLs)Dob?R@C-X3fndRl;uGSfqMP-m5#kU>J=l?AZZFV7?_K3`JF29erCbtwKyIJ&X~
zDUl6@U@$93WMJ61M)3jYeFBSk>li}EDasW?|9Q6IRL{}F?L|n+4RQb$lSDI<^GE3M
zr$~@%h7x+Xlyb){t0K>Hnx%sUTnhZj@I0D{d|oP#t0j2pE$i@b?x=qY9nVB~jYJC&
zTfcPx4fygD@f-7XH0!`c44H~cN6{YTsG*gDybuIYA>afh5l`lMn0Qa2DsOg7sa>nh
z!%yIowE?d?)CEdn9<C<5_B<sX4S<B<Jb4;2i?|l~hyo^9lNw5wc6m2|YEV-}A6#Gk
z04%McYbs|5Vw^J|XBigAExL&Og6t&n<4FrqUcSw%<BkL44CJ*y#$rq<$r}@zF%Va0
z9-%ovTvohqU2~xk6P<|7s^M+*bIEGx*pu449?k-%N1*``fzimS+@EwxT{jo>{TN*6
zw}2gB{Z-CF!*bTCab%K6eJ82fen^2$M2lh@n%a0gwA$YMk}hd|GQ8ui?wp}P?y@n^
zj8XwsrUp`uo-9GRqPL<MHKuMgvEb&shP8ZYqmfF|Sx+sgQAsUjv0koP3@#cqN?l$y
zvB1{QQYmS%{Oh=FMDwe?#p)bk`q{KP*JglRR)YMlRf?bi&VRam^>_J1`a(j_ODpvB
zkgdX8W^7i=!BEQxo_dJDCgxzhb7&T{m9YNP>^-J}F?b~HPX+JAcM4Y43fR>&)5MSD
zklQ;TMLTq{Cp>Bq$_P0HpY7DfWEr#=nQrIbzaY?U8YXNd3m{9d;Y#SA)~z;-#Zh(6
z1TS3Tw)Tmtto3m|c#2;Gdy~IBJEP)zxj5>3oUAveG-2cLH=n?*Yk(Sx;<(5)@%gCG
z^ke(Jnpg=hKSZ+QMBI;NfRc5mT`=#RcQo_*SFdTSV_EvEa{8vs*#wOz0)CCBFkt4~
zq7(U>oX5T=@iXyHOo3r3&lV+F#OG|Qw2*?%^=)Ccc#*Xkgv4Q<F%kfx>_8Q0Z%&QD
zc3Qcp&rUp3B?PL>eFiQB84l=CfRw8@k5<KXNJYvqg-c|p1Q%7m8sHf$a*C|RA^PF7
zgAYP-K&OCvx0@qi!V^^E!SOVGhGa&6l6q6!h`tzzNi;}Yfe0cMx|<&rELmqE!GhVf
zyiOHO^B^Yt>u|(2<@}JVcbUj@(!e)x)0!cyq<61}E&Ez0z;+(C$M$6`G-%*{-O9I~
z<NsU|oX=CftMGH)QmpZVC}{fTF{QCqrY`oKbar^UR#t~qBLl0NsXGX(`@qX_5S#Zb
zC${=l_KXu|fPiX*5@t?fQmv}sHs}|25I5<lZPZr9_g!~NZZQ=07A|5FuEtESOp#ZZ
zPl6)M0!5liT?@ptY-|@s;O{Jo-)|nrTAkV)lmOf2w)Ubm&rE5a7;SM|XNB23)?+#k
zzo+5f9-L^k_zRKsAswldba3T$u(7R9J{13XU-%HRXhWjx`K#uHOrDc+JWC=O2jM#$
zk>GnJZ`=G$;?&gS7of+;XE^+^sAYK)S~zx{s)?yIQ>cF)`it3RVQSMZgtH-IH7TN1
zp;VLI%;Nvs-DP3YcFby%Q-4f@6_M3gCwY^q$OnGW<dkG=llE6&c-GhHiKDUAF;~Fw
zZ7!wUqEs?IuEDrALzUHdE81Kap<6E`T$p@50-8cpnF%^t=W2>RE$-jiqJ(gV(o7>d
zmPD?aM<R@}VxEJ}0*Fdm@K6u<p%l~<Djt0Egj#I1=NUjP`nnY*&a{iBWV&#AuAauk
zmugG#<gl&eZHZ}fy)`-h*HtT0tSo1wq3^mi`D)Nr%My7@(FKOjQcDuWwYH0B1wqzJ
zta3roi`&SCwe95Y-L;strL?{QhoS+vdB*0+Dbt3wX~u-th_)zU$hyt7x1a{cS8>tS
zs*Ew=tlHj{cEep5;C{R&2dwXURko?=dUbYfV^gDAyq~d*PHX$e^uo#JuA9@x^^r7`
z)>aqgg_I6#s+Z96*Uqx5>`Fb5$M&g&)#oX`Y%^TJjE$pWR((c$KQ!|!bj(y|_!uVH
zD)741w{S0&8{YYVn=F9A!yq$`HmF}{xub)7(nE1$OD8u*f#x-!+aKheI@s531=?1^
zc`9A^IaG~@4B!23n_Z%Ba|&Qjj86;BV}$-YUAT(fA(h}8C>F0aoWgF<YYaXS!q5IJ
zMrjfnMZ1&NAmD<B7tm|;$iyyNE1K%{M2~4-k)uwdHf2;oUn2`OD<v8B_HYE<Z@Ae4
zeOqV^`pV;-#Ou5`kD`k?VqBf4=+>_H!OgAbOJ|zjatRPNAv>uXEz6!t7uD^g3(_Ml
zoo_Dv$j$&b>B%Y)4#G~jhQ*1e&}FvF-2=-<1lJ{1SyoZj{hrXr0NW!d&BuCkbRdDL
zg=`6<wR8+Tw1KY)?lmq3gEt-H6Fk*uHukEg==|w!mA&!qX}yDo5ym^1ENqq7Yl{vd
zv4fa9kmT%jJ4iUBn-ekLy02_fDP<yDaCa!Dw;O9=jl6Jb>XBV$d{3(MuhJgy`Igl9
zaa7w0q8)V~Q`|x=WgQi=X2SB$x1ZPP;Pz+?$wl9y8kZYMiS$IGp2O;ddPBClQbQ5d
zhQv;cPUfGDMD+r3*sSKFiIYCM-S5FefE^juiJ;6$br}HI{D2_fJ#TQzHO0aUtBScc
zs~fvg6gDUCm;Qam7{6d^j)^r0&@!tnx{2b~c+P4frQ@(Ax6{X}s(rk8VQ_9l7uaGy
zIa4-C#j9goCvMph_NlTAnF;ld@Uo>h->~mjLY#!Bk7;pQaQMRA0ovav+VZKJFIrsP
zaL0w;C9!ce^=~e`l-1bbDHX*ZC1ff+y60PO?)wx8<$F3)^r~~w58-#&_nHc(<D|)5
zfyK&MVMR->R05nwD&fU5&dmMrW~$R%j^C=~pbOY{@ohPt->+>9-n57beyI2<FV0;%
zbz#D_#0CVvdwqK2!XzkET4Qq*Uw9Aakz?4I_|B)iGRUd()X13bY6%NfW7TUpaiX2u
zb2-x%RHv5cC)QKz6r=YSQoY>w5~tqZ?}4G9x_j}?n;SV>90$8y;7O`|S@XpT>JRo<
zN?Pl$FHsfAYcI>}IsOqx!kBkb7YNqhl-O~g9ntfHfVODkekbECU~VxuPBAcvm<NkS
z3G-zQt}ggA77?E30NkEMuSlK@N1qpgEY9RnANfvr%2lSGq&&S6tR9?BW-Rx00PP#s
z@)Og@y?`=Cd&_p+t%6g$U7z3mt1q9QKsLsh(Ivg}5*dZx(A@-Ave&66O6#1Ng`>D1
zb6$Nc-w>anG`u!m-)X3a`@=b<MM6A2+?-yMUk<raXS$GFH(4@ACI-e5&u{P*iCsC_
zI6rq6u63`Pn4VY5%=#5qZb_NBSM^Y@KGHNXH=#AHzj8OEMHA0H1WdUBUlzA2+!u3V
z%aFZPY>~_JREwT=5yj~khEZ1%`?6$33XD6**B}u}<B6l$-UZk8c|RYIb#iz~V#QTs
zj|<Z+T9>;KCR&vgH1lYx`BNU8*hvt@dZbF7BLjK~CM>zruD<Ef<N91N5$q~i8SlGI
zSz9YdTm?)fY)ZYS0l&3<vj*-iElFK0HHy#)7ehPgg3~8@GklAz>!>DYqq9ZU2#2QE
zTZd%DR_Lsj=W&O>h+DR+*PGsgw>DZbhP^&gQMp?StkyY$Zn6ScW%)i!-VI+b3_fiP
zMJpR)(=*H^=OmfhBB&f9t8EjzuY!VK!X(4H`pgHP$!+&O&KbgxE7fDm3qz=VnUb=W
zX~JmO(&GoZYTf-df@iqLRvz-td&$1Qha?#7X6qlh1wrNxmdg8Hp&wln`d*=;u|rPJ
zw?{IV+e|Pfa`tlwuP_dC^-^A;v_PPpX6U{B)ono#0m|KrUQhxVjxDYTx5GWB<{}%b
zH~Ww}ue0NnKX1=l=}$inNI8+BdR0Aw8%g=5Ng@)xBwNDa36;KF;<aa{!*rGb3KnWH
zrDS8+db+8m>4R4WTdmZnDLQAA85L>=i_WzB8b#tGZdojzl!PymJS=(!I7ZWUp=~C=
zA!k=^yBjYmu{}YCzQ&rp$~tM4dkQ}Tvp2dwa*^NGr^3pti@q|nuO;;Q9Y>rJD%wxw
zh)3xJh+CiCLvXP-q36B@_sp6nt0FC=9c;&b%O$hlzU#-P`gj{E-$Gi?E|eds4ItEH
z8z_+h?+%<9e-kRB#*10E4&`3FSFDW?=2DwClKU@H^3ZH+9tZ2*Jp{J)j5uhigZfT7
zK)xR|K80in;BsGZd0X-XQF?1dfX?R-pdMfC>T}Dd#AvsC7f@Gvs%b4F`@T*8Xn%;5
zM9!H4x<rt%9N{Dl`mJI)C9STakt<3X3P@2$#aarUb`~o~+dg5=1PAt%Bvy*rEpYN!
zl(l^^ci_HcV0yD;dILVEn)QUuY4?m&MPOZ$87gV6L8|k_-P|mybqI|qpFM2ex-ntH
zBs$1Rid8I3+A6DH(HVM5HOc9Axbl$GcFIt!bUQ0v3uIczt;JPx2^=u0xHh!aUK`hO
z^vO+N3VDWx8eciT8~GbaF;=sKYmw0mA;5VisLonwJ}I>v$QB6OVV!n;A1pfQR7@zE
zu;WH16r>U7MzQ7uPKfZ^a*&k*lb|*lo~1ffk~gH=!-&L`j}zNCE_A&yWaz+*`K(?~
zFIbFW|D7>Q#nvG9ys?TyI$m*BTh7Mz%0M&nn|e*!`5PJ4crDj=tZc$~=lsA0of(An
zoYd;zu})~xkx`%EmxFFMW6E%QumKy>=0~{6K|>>^`;!s<nI!PAe|5BS^kU0M>fkzl
z@$$i$;me1yeS7uu-DX2#I}0t9axK^8ca5g(`S)w~Awt8o<D0UtTG%1|4zv_CFuHWF
zA_i~jizQi^xT;E86rGXLL`ak`p-WgYTtFZ$xMl~3m5^3KMB|r6O}p1ti;6_$BL-W+
z4f#>ziMkR~F~WSrXH^zZ$BYvXPiF?{kRd+Y6d^4$f;sKXd-s-Xf}e@ctiVy6T4-zM
zJ8a^KkYF>hC5r15@lO<rp?(gginP2h^$B8}M5ea68(N#8*nGwxc4if024O%24IMkX
z_qH_4Q-9<f$GT*O+zpDHhauvSUp9rO2e}W)LLLjw71k8kjLF9Dh%X91FSfoO>C&yd
zpGePLk9Y${NpZ!k`bm|fwHR-}j^PgjUQ7)!9{5&3T43?gigDgX8L;%|!!3K?e~qYU
zB?WvLz%&oah(sS_mUcR@5Q9dX#EKMUZ8(=zy4^)hDK<IlPTU9ItLnBcLES_NFtt`K
zv7iBwJov7t4dLg9sDCT#YrzlUs73zNV{^|bwE#MtB1iW6xz~<vyQJiMbmBEMx4%7K
zO0Nth6j&*cdI!vyk_pV%V#X}f<MNi$B5CZ8$s!7YL&W+TquhWKFC#xYZnL@jKjF;I
zCfjQZHpXXzZ*!^0j*5;Yu4s_u@D*pR7MqpW71;Qai7=uj5@7tGLBh$`W}jSbi3(8j
z8he=uLioDaf{k}5k-3HqIs@qVnBYmoB`>E7GG818feO=pWB=glogB>w(Iv7G?fdkN
zvFEcc2?IHuIVZWw>kBPk-uW38qZ`C1-(0)c9wb7{{_rho+*1%qwH}}2z&c$s@Fb4w
zA{lv^s@2dn@-TVcf3`(rH0(2k(DtFugPRevN^NLW${z~)5{bEq!5R@b-8@@w5o6#3
zYOE~P=k{n)5$o`ih6~#Gn(_stxPSFJlH%QRryHmesnn<K*tX^iA5#!dVXOH=o8^xx
z_;R(9-zdrkO{H>i_i`&sUFF=|G`KqO3gT9J>tMx99CXJ!LF}P5Xh=B`K8bM^UYuw$
zMn}3_#{J_I-+A$mB=<Kx&b2yg#<dVUvx1k*+_l_fL05w%7^)d++6gRBzdPl0;=hTO
zEotIbx2NGl{#CXA3@{dF1R$f!dcTU@)AlE5;RS*d1eV=q1qGj}*Wc7;P6Jc^iOa(3
zl#zp4nZ&ACX{^A37I8$}{Abd3kmV@l7@V#Y-%ajl!0${S4n4;j+!>K)&Dk6N6MYjG
zy2X3)c>OxpvJr|#*?`B(d?q6Qs~k{^ntpV_VpcKJD+5Ey!&2ohSyn_Cb+>>W;xZf8
zFj|COfKS;3r4<pz9Uj>Uej?Ftc~sb!QPh{w{*IR9y0WH4RL<?<L%5H->le{}vF`AT
zPSLCPy()_X6|n5BU8sd?;kOAp<^;{W`Dvu?(U7amh$<hKwPK#gi>WId?dPNJafmRO
zY?9wh*tvaa(*zlV=fZE^^n2HsafRG>j;`F{z4WT3+-mZ8$ri!Zn_+IM$He+Ds)W^K
z&zbeCn`a$q(ZUgQNY}ZA1+$De&F7PxPGfl2EUDjZ!=N_oh({&|Vb4$KXnc~1Ge_iv
z*GaX+Y!b#XOb4<xX4J-~h?tw3*MitZ{%hXvm)VI<7T?F#RubN+&_%A>=ZF;{XxRc!
z0?-PQ_LBJW!lc_4C4t0~5#uGp@z0sM^kJD&=e;jlTp{jXRCbK=wD91uI*EjIslDr}
zpQbuIUf+-6vFaE+K5Xur5%^Cz&p2FOBIM0OGw`%I_+x0fm9YFxbQzrw<*f~9$`A*X
zXYi9vuFY7DfkZ!%t;+N*My-dn4P#-wYOkT(H;$MevX2zj<Z|Dq)4#MY?OL(86K&d2
zxI98646){Y5@2@7mO%nFgp1{3WVP<%oja@(Uc^sT*M05|yCizTF2z73Q2jNo=eo}K
z&{q|Fo|W^*dOsM?j7f$*EKS<xF!!@PNdXrIBn3|ujLc*d8A-&v<v3a0P#90;4Q>P@
z-C6aza)0X<$l+eZj}X5BoQcb;U6<3>V~!++l0NL|JVi9W++25(v4Q_CHIzntg$ws)
zNG}o}oP;V+!;}?icvnRHvZrx;1}`MPRH^&0=Q#W%c^3`<Bpy{*20rpC)P-lK;-!Um
zPG~#zJ*_rTOV~OHDms!$Rbtp3Fn3BPIxLsT=DCQ@Xz5i|N7}(oUU{Tq)VR%Uk~sJ5
z7g+Z?d5X3<33iHnabXz8dCC=T?Yr|zr8~>nk?N_3MSuqdvpwwAR*5O?ybj^?M8<Z;
zPd4A1^#qOG;_-fke&6;{IVlsmmbM7($*k<vKj<cz<<>MEv0}h<+#HM>NoumlCb=OG
zaaSyjIC<U#SX6CPGMFPr%ZTXrIf`izNpM>+=S}*0OFUA1<$luC(G{M8|FS4<Tn5=j
zD3dl_5w~tt1yL(=5Dt@3v)7C{%9bMSNV-z6xL;TUKB3)A0Dkuul7(sJVrS#(MI~bJ
za40(iKOOn!V$UZDy|Y8`aDZf&u#RfmVP?hUV%N7F`3lLwg*eMRCmnk_-c5k|um`W3
zf~cd0^g#HqGhYqux9mEuBJeygHC7{Cenm$u6qB?&XVP;Drh+H9B66>XfF-!%F%Bfd
z9_&*x4xg!u*n+`_#c}gs!pX&{vm5TioW`$BjuLr_!CqpCM{W^$L55NySYQ;}qc38G
z2uos<gI$zEGdc@kzX8YJ5CSgHqT*0Epe=+Yy9Ws}@KX~K;L<442MQClJA928@c=?n
zsmH@Ouu9VqG%*CXYh{HzCqfiBya##o0Tws}j~)y8+z;m8pKLD*E+ZX{MiDqqDa}+p
zJU*u{)Z1JD!_XX!HNlH*5uE{$?iGtE`CpBrWw!8~+A4L>3Y7_}G>U4HajtQ5Cg9!5
z%Zd16Kd7@ICgZW_0|K$)>S6hI-+Xu5`f~5l?m%JfcZ;cki<OJh?*ZJ-neeGiT9BhW
z9OfL2A$wrB#^oSBFGI2@9*HLqiNvCKIFzTvyu=fVMQ-yk6^|$UYjh){czB>LkwkVY
zvcgApC$1VPkSRsjl5{0wa=WkseL$Cu<DqH-Q8+3*NV^77I4bsSIIrhDw==$fz$+rK
z7F2fF#b`W;l>nl$%p_)Msxkc%Dd<kHZrzI%X8*<td({4yj>VJz^^Th@p&JlSHvDI(
z3%lcMD|{Qp3%858BdH{~9fdo&haHLfPsp!C#M9WM)39p0S%u^LOVhE8Au|jh*C6A+
zXVrrb3WcK_QZ+FCLu1f?L~Z||c>P}#!=e8FQ4Fhzhy^1avr(hD5A>bWxePxL{A?+o
z3lu*=A0chi2ri}EhOj`@O%DSNL2;}r{Pu<xsfFik8i-v`#TY^~pO9@2Qcz&MRLV(U
z7XRx(9*$r;r5RQQgMU#%<Rw9ovA=l5l+&f$(>^`2;31NDj&)Io#6fLN>R^0t(zWG_
zgV}YUg{@l}<0yl9(#TN6_at0=SX^Ql+=C8YC?^TLhgd`p-rvndK=Q3<`d_&{<Du@X
zWN33HOhOc5P3SKt7y~Rbi3e`@w)P?G@G{e|X{BVRIoTSBlc-K;31`2eHGreU)!q;U
zrG>+wBu1em;R`_8V*43r$Y~Ek{UMgjhE<YUwT?aocYgG@#RZ5I%8@~Je$+3QP0s@N
zMKGfx7bXHcCpbGSKo@*9Sb?FGrJ$XmB>+5x^x-nbi*6O0zc=gWs44}>xCdpn@|xWt
zJ<%Zz3#l}YX_h_e_HZt=3xj)Be!2$msLq0zjKi!S0V2Y&I^5b<xa`HLL<kVy3`3S0
z<;Hxv*7pYgaGf6!`U{uyaE<SFgi-9_?1pAitVn0bRo{}$b@nP-LKj5x=@IWTR~e0q
z$9a2S@USrd3jE<K?~#8C{`4JRBK8+Plza2_TYr_R`FtKUSh8{>^DGuR{K1fH7&Q0_
zlhvJT8&S9<7&jK5(t=0TpE2c3yV0m3LD_6Azt3I_Ar6`*AQoSEf=M7U79XGJ(7}RV
z<P5?vJQlzEwNs~z@eHC+5!mN>0TF~V&>U)Gm$?}aM?l|h;yW}JAL=~wf=tIAWIqY5
z(;tH24uW0=$_ug6-+Uc(*sABfhQRa4tiqz_s!6y+78z`Q@&O<5->VIP1$@NYAhz^I
zfzEDh48#6vLN>v)p|QMN>aa4g%5EfV2#6>k3#fJwd5L&RJ)FvI#?d`v<0x%nq~n-N
zpnoYO_(qiYuPpZI{!<pM{^R%%Fi8Ut;S&JmX7Nvr-`0L)NXIgh)2bz;i$^oz;_>ky
zY_Wa$)nt?gpwLJ}v!N9vX7QwL;KdUo@FzSV#S;mnY4Fb@&_xqjkIK*rLI~t^q4PG<
zED@7)YeuevtsZdn%?Q+Uyx2Bz`9dlFOIR|1jYHbzt1sDIF_)dv=};;Ym=-zpI*(_<
z_1!`|r~{7UMmxgtzRUhL;OoNPHvJD{H9^NJMaBuu@Td6E9?TG_SbqcbJ7{qOkE?)F
zr(zh4rxIwyTCq1CKsFu(jsMSAHwt9Fruh<qmTv=+wTDN~5>IQlq9A<he^LmMTq$Cf
zgew(O!i5#?1KMmV4@DDb<3A}B57uxzhCCT&2cq&*%$!`vTH&}`iwVk4z(O^iWVY3Y
z1?x-nZhc<*;DfmW+32*xJ9Octx{hAdZb5wsG+}0}fu*nUp4`&8mO%%~LDN^(T^plm
zY@NesM5Lh9ZKEA5k6bzJj$wy22eJb7mvz^L-!+B2bMyusgn__Y(ljY1U+~TK&U%oQ
zL2i5uA8N!n^TCD7?$NFt_{N?4E%ywoPb@F2ffFdi5FbAqfDl>57;l4I=#x<qtjvVF
zUgB#Yj&nV%OPoK*74>`O^R>+LSppfuaGo{@6(=819u3ccJcvq5!^rILO#(wNizUUH
zo>)mLajkiL(nPNE?K?O(;ns(MN}_SvVDe9K-0>!DKWQwun$Y4NnYIxHZ2P1u@eyjh
zpo1$?Pl_INr4hS6Z%L2BU#%Oe9~jSG4)Qp#`Ug_KZP@qK816%_cd`tW*u&4}!oYcS
zK2oF3l_Ug-H+;_@d$fOhJ=t1EvI4AV?<e`J;($rm^ta6K+5c__Pkts%G~cyV5DlmK
zDGH%*MGyd+_ZvTsoX?%!5{zsR2KEba%a6fa2o=v7c0tz=Phcqmq}{drtJ#&sd49fa
zIpEI(12IjAYB0Fbn>wHj-fP6_a~wUxfTLXtZkePgzwF;HTd%ckU;YwPs;QZ04uQ((
z23WvLHt;Mn%??ycc_(n8?39L8S~--uF?=_5ORVwUCnKRjR4T_?y_CY=m}@q!!(&aI
z%cc%Y0Kr>wTyOED^9dxW`CGY@mz-*C>%LMGi62&(+WdrXD{&#EDC+l%2v~%fKrXpX
zPysS5^=F?dIFH{mPeIbVtgVt1e_D<S>JMbT5p6|`_7$8JO}^=mDVosvx-^a0!~JAu
zJKyo9Vx(v#gR%N%B;%-96V&}@^7rY_p`%x051RWS`{eG3C9HDcu-QSv*5BZL9+NjV
zXn21M;Ke{@YX;sRM<V`jT~#EcHqWOr=-wu@YD>yBcg~odEsh)NjvczQEwCq?xm@H$
zJAj_i9jKqYshrbP=O>V=KD!-2Q1*_PI%G;Yf0F*&EKs*xEi%K!uQ6kGS#LC$w4@30
z2%WCYJx6bhIMRFljuQ5emnPNSA1Uq!T{c#A|GWcd(NtSwhX!kx#MC3T#&Pjf9fW`x
z8V8yh$-7*$Yo*A2_f&1NCDO?IoA1Py%aU2avgmfc9NCY%6t-Dm4g1p$5=^%UqU&v~
z7uNS1KQgkz+gr2w-NjLK_;~u6mj3_UYoDSTSl-u^9I^h{>1)^4KR)>A-N7ADVXreG
z-+FajOLbxPqFw`95d+$&g3yf(#l`}Z^Mi5CUwyIt#tz3h`yyi5x;w|cd=#OJS(YMd
zQ*A><ab^c&&=x?889}hrtA^PPuDL7Gumu!F=`^+OAIOPvtoNDqCE%n3`tR)J>V6ss
z1N|?<AaVX;;IRM%2E0GFIC#GnyNtQ1*lH4A59KhUKbp_q=iK9*y~(1%<NS45yU)3s
zoIfNM^Y7{+e{>VuffgCNoh=eZ_YhfLT5F+)j!g%e!PQ~ZG<Fr5!7H3LP3~|i8ns&R
zPn*2PjQhU-GGGqBU7~06(DM-yRe3r*a(a4ncm7>b+pbU>@z~Ag;4<`0EXU~s&@Y5H
z<CD<y_?}4CRHzpVlJJx5fJ%H}yLdZaioF6kN^4#Rep%7$5tGZil7im)4k)*yLv-2c
z%k}=@%K6iq6Cch)cr6x0XB_(u&lq#{U})9-<KU;^>Ss9JkUDUj$6$0Ld-rXBOC14j
z-G#>k;kp*2|HD<V#P5t*{=i=raK=n8)#oS+41SpGI+t+sF)InEI`5S~(WMk@3#>L`
zqwmq8zGkD}A{ER9Q=L3BWS~z{Gj^cy|7gGcAMMlMQE<WthXsgWT%Xe4Sy+&ZNV%Yw
z^JLOW!;QdVRt@p5RN%`3Qzcxo!*Nre?9}jl6XA^o6q0(51%#ck*UO9r+}PM`N}S=7
z8l7l&4ou3vx@2x)dQMeFcEK_u0&oB};gVTN4J8&h2&lzCbKm$?|7FOTtqqr^*hcsI
zy4mjIVqJ!>S<6iGHi>s(*;$G&al6~cTAtgB&26NmXp?@i*&@=Qf0i2R(zo5sZX-#`
zo#<&inlkTW-q`rmsOGfY^=I{?rd$p|9bb(DE9$|6<>wOLV>h+HH_8wRo~EKUT#3mM
z0qWOYcUkkvS$g|JSfVbBCozK5Oj~1KZsi4&rcLdc@6{>a0p&1ODvIhPuspB-z|tD2
z`LL=w77l&)Jith_&ZUK%yHTmTu}2v-ON7PEvi<L(0rHmjsvp~XV-vJXN2|)zj%I47
zhME-#o7J7_lViilt?tam)c1B}%c&yGc;#ZX`9L%Nx8_hKe1J1S5iUsmqU&4VB9G|M
zm2%Uw=5|?)Rrd9?ZwhR)PFBZ1T!Re(+Z+{JxkvNX5Pc?I@Ch69)UMx8l2WT(jaPLJ
zRZYTM`h|jyv(nJ)*d3w(V7XSx1Q((Yd9mYgRF!6<&&1S+{p+mUr0MZLb)9uk+g<eL
zaVQY9xCi&*9yGWWcPp;Np=cqvdvPxmcXucRcPLJg0>!mxyJ_F~?d;6%CV$+MO!Cdl
zo#dW-p67FOD9qn_Q&EsAAF@gp1)3rlnpFX=u9`geN<Un2Cf|KWk%evcWK3euCHBBX
z*hv`#5+-{fS`AM5ZtB~R1&seANE1!`Fv@x;-+j-i*eTPkHTFZYTWjt^RlZflZGlN1
z&Fvh*EwKCC1?ksS74N4a{&u3323T^ZVC7Zl(R+SdZ~ZnRGpun_cxYUbYs;A;xuZ*u
zAd=`UzSyN(@Q_mW&^R|%l7B#}=Plgmv8^!YDWRv4M_t=4@E2F-NT%cAQIO_~r9R_>
z+Z^7RoS573SX3Zu*%608^8T+>qNcYo=_smS>cj8z@h9F0DZmO4v%3Xq3_s4}$2<08
z>C;6XrTJr|NO-I88?eg7e*WkuN^yTd5nsOc?(A5FoUybiMbaFirlJ32;wGm5sZEfp
zO?8R{mH83oqc4>;FBYs>#=Z@se3PZxNL5+!A@n*Wb<`t%5P47?I+nQz*5dWqAb7AA
z@K7L`i3ny`%Jtwdt=tMdlste8SS$ixsA;3XNGWXEkCU#Z{-H?Zh7#1zOOb4a=HP7s
zhaL%%!J@pBp8nwy?S_kTxFad)Yr#sPDDC0O4k3mnLC@@+6rWmoQE%RI9L;(fiK1vs
z0uyc@d?bC_2vBMv)|W)&<@c%ZY~xmFW%yRMAsVTLimbv6#BlY88HhOssr`za>9?As
zyK?5jawWX4?NbZU1vIK3pBa`MnKKcHT~m2#<d(o=v$gx(@^U24QF0`Gv||ausfA*A
z8Yp_m(U4Y=FlqMSuJlQso3sO$c&wlH`W_q|f)M$p;1#rVu9*1iw=``%*_eV<PCxuT
z?)U8EIRt6p5vJrz(WaJv*wC%=P`D?b+Ke>B$BH$uWE^O4dgk8SdWg|D1-c)vl8(mP
z-d|0T3k)HK%m-+<n2txkgnmPBI<H31-COGZzVG}JcCS10BbtMD#HX@^-tD;4zmO5d
zr_%BuC!=iw-Z8(?G;%5iZgMrxy)`$z?d0<B*7sFzIx(#J=0WEFWkNReTmLvRU=gYZ
zOB;45?<fJlyJ2r?i`tlo$N+C#KV&Y*7OOtOiFW*G8-taa6F-xd&!B{#h92aI;*A*h
zIkb!RI(|arZ@`)0t9zffyTKaSnLRp$_VJfC{O0(0Ye!#ajV6TlJZ;XG`aG?P@>oAp
z(SvQ}%K}_QBkG)~;MH$F;CW=%vh-#z2jDYWlDEvJJD=npMba;?x7IS7`tO}1)1%>!
z_#(RmBD<dULhJlEQZpKH2hK3UH%tvDT4N)&P0~R=&DI<cgR4H0?(h{;s*cIjNm<vX
zn07E8$?A_`IskMgs~BOz!%iZc5ZI^XXlWY&IB3`=jpq*DZ^JaUN#D*|C~|&I?T^vs
z?$yfy&ar_e9sw50xkL8fPeb75NfDGI7j|wS^Z2T28>Nol*+cOcNLAJ4zcmCyoVcjX
zv&9yOIAiOardHTw>Ls8p#8Rz47ESV={lz}hf8(!%lg2PNggA-Vz0xXIT#`pyBZW<W
zH9SABG1<4f<0bR83g2Q_jcKSsc5RE(!q<anZfGnDaneO-Nkh$tt^r+Qy4bH;plh<w
zHTxY}m*ZTLs}@nM&A2YuXS;L~Z?<%W922@2GUuYY7%Cjsm!y4J3T+LD?{dQEIvu6R
z>^Y+OE(_N>tyIixkKd-PQaKBk*k=42B!br}zaFBNK}yS<)MnM+&T7DdQnF0#x(4U!
z=f+~q-et9VT+;cRch$i!b>Y>&&A!RaE>*svV!aa8s%#TtAK;t`5^_qB%;1zBGD5<J
zXor5no?IGDcSht5{u)#26gTflz3Hl{8>-%=4#16Zk%^z#-hP#{7%~2uFyKh9E4ZOL
zISdSuCnAl-3rCS_51<18bdIq4C%^CXEkk(Fzuy^c&@aotrx(`z_=WqSU(W<zaFb=j
z(eCSoM#~x-ftC(rW2`&9Q+=-{dR5=6Ych%gV$8n}$8G!#kp9~!*PU&h?oz@Jy)f!2
zn(D*N-r<DjRX~SrjUl1<=UTCJY^Gj{6BAYmQhm{S6PZ6-MJDhEvM+Ov?T-QtHsL=Z
z^)^18#msKU(O!ok6fWK}+n67Dkfv4ztB?#0ssZosx;(e5>^Es)`QkGKmM@T|VEJNO
znF#x1;~9btqjwT7wc|<PNXq<U3CSoTZlf#?&+2;4$;>+}k7cPPbrz41>cnrlyFLbQ
z^My(3qzFxWqLB<Q*E@6ID;p%t#+We}*Y_c%wGHSq<oot}=lpFbG@Yf=UR_!(7Ih}`
z#a!`ePS_4nCp^Cd@pTLY(oi7W2<<;)sY^`~pj5!1hbo+h%FyTBRPO~=7h}n9obx)(
zQ8>R00qeD0fi*EtcGK*GzP*Z<qCUNf1_>0%nf78ny`d3k&omdh`1h=yz;t-LAo*vS
z%ZQ=;U7uR6WQ-_r!ko3aQVWR>0K6a-ydV$>&2a|CzLgWCYAZy)cUkyas2DdSqm*E?
zCKIDDUF*GaA=l05NZS_dr)Vyd?i`PX8*|7*s2{R4LJNq*ApuHZme@%^n3O`$k{GPW
z&~S~u=q;$2z#rl~Q`X)VMsKSm$Rwf5zovN$kx8l-HkWzpuIfac!XyR$iqr9Wc&*BZ
z7ZMYmJ|AH;g+}yH{q855AP$E{dkvwH4ECep=NR4=B%l+ObBE<riDVD-84oGe;}YkM
z0d8M;yGV5+m((yC39V(Ug=Osjj!(o$Ns1NeG6pJCAhEOdZ)DT>JVvOC?H@#$itR1(
z<B&5QRRoKRs>R)8i}o_f0XwlEWw~rgV(qs{gs*7lDzc)eR*LrX-Kh;Bj=1+8wOrOn
zD?q{=k^d&G0Su@ETlNh24RtwUj-4}e+R$3Y5Ka(&7qb9D3`DJ3@_iEY7|NFpDC=Q6
z=;o-k(N-E2#t_u{;=-fyTWg6Ccms-E6^oYPBVmNLw(Oxui%2vxS}6#M3>*NLCOHf?
zHqu4H*=w|XgnQgjYrZiYs$rO4^YLO+4faOhAn?O++De)6dukCN?h3m8k-fI&GI!J4
zI@l(0YSJc@8H%=tk4G)t^$s(t&)zl+tptO0Q|L&Xt%B(N886#<dSwpnYuj>F;@6SO
zv6;Zuny3hlgUc)~I`||c8N9kUP35}pi;s!HsHZ8x!uVL}E$8NDwi6`^cr*8Sbnu>+
ziAX0LujJX$$vWS~TBpb2!kwVOF`;h>4z)%@OypdJhPKkfduiT>_hmxSKQ;>Ytwcnh
zO7Azb%IA<^N#XDr5-e18$ydf?r3uRbpj8^&RM4vAZ#I)GDb=qmy&@Ayq^uu^w6QB4
zrFZIhQ-P2P9PV8{Nhl^wqt|yD$b{Z|XRm)r1TB*fG4sLlqmMpE>T(V4jupo6xQT;P
zLoDN($qx}9Z*2}p)<Iv~Zg#PgzvGz7isS3{hEL;_i3WD|Z{~s*qG^Cbd+8`8It_I4
z)wUWflGS~D(WNFvRt4JI=bT$+%{53EUEoBMx9~><CAxZpz-|lJly%SL1Q9@QqT!Ud
zAT^1Xima3X$@Ic~QD6p72wNa)j<6CglD<|AD@p@-3wDFnDZ0#RPsBqqR|<n9;jR*n
z<?L7K#L{DGC3kOqn(+`ej0QGn1NHv|<xJ3q@?f^{5WVy(;c5{!rBX`}n-YEfbb~g7
zA%6NkZUdW2J=-<c>8_m2R1l@=!I5<zTY};{W_xmLX1+@6jtp9k#W}Wp1$BFz261j~
z1f!f`6Vn@;t*OrIAVQ2e<ivy1%h@MQ!#mT+WY2@#)22F>F*mDljQHY6Zgw7WTa))5
zCJ$b8Pu~}@NVFTD25K69zvD^TXL`j%6tLf@<ZiVxA;<GTTX6068~cWlN6t~#{ochn
z_^toD4l2{YTyjxL(NnSbd@+VULjIe6fh0j2epmMoyMxk2wkg_a>EUxkV!C~9NX8s1
zucl-N&D*!IJJ&HCA)OULwv|0+Oz<mh12XE#&(L8SvJ8BRMaa~3iUwE5tOM^V(p|b@
z1!?#Gd)IDcg)#Nyh9*6Oji*NgM4}8S`=41{hhPKdGP~KUB~BSSC%XD5B7|rhd(JG9
z>D{p4Ogf{fuwaQbKi2{7XKyzeaEuA@kGUo%KWxcm<&{+P5CO}Z=27GEWf~p!5Y+B3
z{T2Em$Q~4CE+dAR>~YfQTy;}FSQwbZ39s3iNss*8cs~zb-ZHhf?W=7ZeH_#Thhy>(
ztk|@T!jXCTvyQv8jhc~ou|!)bkHY20XruFyGJj?OC7BP;nMZ5QaZ@btn~!eSge+eq
z_NSdL2^~S&eWxB4Upn$n$SqeqbKXk_s*eZhz%ikoRTVRI*3YLkR`T_^X@b20HkH)c
z?Gi{8n6mvWhy}^^A3se5CT(rbCOC?(ZMCJvYDg@HjH~N5nvzRhU7U>NHSnruaY*Hb
z&{Z54k8N{mACE7#HeG4t1VdP>_$3htlRYJ&EsG+E;Og4CZb3+lq5PUpjM2;?YLu~B
zKL$>BANo^_>A|OJ`usm_v<^kD>B?IyT58W7P5UC&6@T+3$jNGsDBfhi>BF5|a>9T!
z=*nI&_Srql(oK9VP-Jv8t+Zgtv&^8U4UFY~wIRI2HTq2?JAu=pIWzC>oy4EZR0rxd
zV{p1^d^y@5dSOQ7=t#$?n$Ia~u?$7Lk;4`S&Yc1H4<??5uD|haf#=HGATvD`yN$gs
zOW1Win90f@7S+U%`JNAm>dq1>@LSDq6+~~c2EK%4)wOybf!H&#6w02%;#nSZbDO<%
z8RZ*YtqjMtDaQ-M6x2Pl4~XO6Ec>##L_T#n9{tg6lCFMvAc|Lw=XpRdod4ZSwlNgS
z6kh{<lMty_?8cv^kep1D@OrM`K=V3P=tQ$&1o%b&w<y3DwGT`MsG*dU)|HXZjWZ$X
zpjLb~x}V+VNG=;b&AKxGnVnE^y41PuiHYail5cF_aotJI4}ZLLB*OrbTGE_oVYNk+
zaSGz50u)_Z5*lmV`>0yd%5_u896>~NuTr8FxY4M46nx)%3zBw0ObhM}OW=^AB>plQ
z{U1VbV2p<3cNn9QY^iYU%I&<)`P%hm>5Q&lDP<Vr7!}ul7V8rzCx4oxaB7Sa^hBsi
zoy!i$vp9ZD*}`uAIO=wPeA58MBua(43{DsE#?`g(mZu%(1d5QelXAcLR!!`HJ%@o#
zo!YEzL?LA6y&CUA5Ng%5^zd3gTlmhd`Fyz-Zo^dLSH}8Hi`O5BZRO!p1F_WPr&I=p
z6Fknz2*TjPFc4=Ww(J@$bX%ye!9X(@v+*xbK@wo%wSG|Q>(LPR3w&dg@&$DA&eo4D
z)%8DCVn-Z9TW^}uz#YgW&LYNy9jtiDx1gPN3~CV0ne#OZII*Zx6!pekSVq(;98!$}
zx<BAD9Xx+Az+;r!wfx4K+KGEUp3|c6$|FtrsF?}noY|zAem7AB#aF6_Xg~L8cAWp#
zyRY-f<m{Hzs4~zLv2&>1m<+owVf7cBk>@aQ?oKQRM8ab?hgf$>e+aKfge?Z=J&t&h
z<F`ENFLrx>`@Z@4kA`%fpoUGtEEd67=QFRI&qo5egA=G+0NqM!=0?KFhWTb7;LP=_
z&~M7-MW2G-MR|H(80S$>AfP{~4>qOZg`68_k8_hjS~sPg%BCIZ3A7``EtdG~U-t0$
z8Ow!cM|p&Or)<Jh^ROKReFHW3b6C%faXF{0UUbPQHbhOU!m|&qEJUG`jbBw90OHeW
zMGyDBHFS3?If<h(BgwgnfIQ)BgO{&QzJW%z7&q5!ig~ZpZmu0E@Dr5YG5^fTKX}gn
zdRoip<&~2gSJ-R#Tja5GGA($YE*s%xqo{XH3Y7h$|Mkm;#b2N4w=>3HpK1KY`#43e
zUs!)WaWPfsPy7$rvCksLf4=067nK=`U$?vcrm+?#J36|%^(j>4e)z(A{jBbW#HDh0
zK?c1lAX32<J?#JLH)|x4Uw<gWLq)<pre&Ew%Yf*(;5p8UKC_XXp!wRP=t~@%NCc|L
z$eizkXQ-d2dozljW5r?3cSnK}7NSUrw0<T%D>$vWt(a_2oYk#w;eM}L$;50Z^Nd$C
z(@_-X!BEXa8P5PMlIK$Ufc9urUeDQoiyN3RYYDERuJ_(Ee#PL*S3y<encTGiUqz*k
zL&UTYe-ei=Yj#}xyB{S1c9vM}-l0e%b2UoAd~g;*k8W|YPdQImfcj1DQS?t%xC)L9
zHfh|msmZlWvd2kYIcGKhg_YH`LJW(cE#sU{`8>rIhx7<LN6>1s;iB6zm;CxlpcnJh
zq>E!!$<~A{#4-32I6rd|T|Ds~5$21bRWTy{^~Lc1`eNYprf1pw%nLM6!mEo+q5$in
z=?RTDl<vjT$^qrq%riFDzYBYO%t1V*Q+mBIQmNV=+4`7;UP_82DfzV{<)+y^NW@l$
zAfBi9O=2NcOo$VFe8|wMmO}kC_p=sFDWb}M73=X{&Wxz=Y=Cvd2bPX$i0G0E(!N|N
z>OQ>smjH@KzW^grkn>ild722J-4i7iR%|Bk(Hv~!=V1q<kT?J$=X2_3)kV6}H};Vx
zfZ58z{A<A*`?i8~ncDEc$*8|inS)qw?C&wVNq=gYIeFaJ`_z+~0LG6mv3&WeUQdox
zn!`3Uzah#D!s#bk_7@8)%Rf0cE5D~m85ZbD!%Q@vkZ#gIVr&KL5+}PLqSbwCAAWxg
zQnk19c>qt9%FKt^PILOTlS71Vva2mv{GW?|xPjA6MtHTt8{`QK{gloGZk+Yxm$k(8
zOT49XcbIAjenG2k-=Zr-1!9F_9t@a30<p;M+@Tyh_@AF9SMXgDg*d-yC&Ul1aL6~k
z_ai~n+WFB{r&mbncZZ?a?GkA7FvQlm-jnuEEW1aTN0*e<6kNxCAcfgy)U_iRx6jO`
z5%FT+3kh<f^KbLi9L*zSEN|E9G^@`xU8nO%xNC1Z@18$My&)zLIv_e=Bl&8_y$y2p
zVOA(aG}=Q8!p~A2{v?)>ol}008*!DkThr(?GX|He$<mO}l?>0&y0mo!=yM^;3^{O{
z5p+1KNzUj>f^8q{g?e0L+1pG}Txu~VRuIG&YM~@&d6EbHD2G}7w@J2#W6+x7B<M^S
z?%8>CzcF0_VR6wKqi&@}@l`OB05@?OISHILCZ1GF{^_}lH?K-e58QWwPjt-J^6t{r
zUEI$vpQ1r5S9?H~BAF|boBZAJo3mb3Yh{!<50ugN5n6=OlFCZxHa#<<)jqJ4Ufv{x
zY{b-hDJ82e1UZVpW^f@{#Nnt9rJ#ABL#9c#$8m-NQzojsQF`Y+YO!C{Gyz3|`Uvf_
z)})Slq!+@R!pyNe7sR=uf<%j4$SBJj32ygQciexTzrJ-};TM?aPw=1TfA@X6f#M&I
z=XtenMwxr)R06YpyW=D%j~PO)icw-K`m}~0eaL+0dRmiMFsNaRdLQjO29*zFTs=tL
zafdsFtx2lBWN)*tPd>@*$aY6M4KKM14EzEY>-iGQlC!h-k3yr$IXke9x{h%!zs&fd
z3EROu{}dFDIhg0q2!MJ1-g5<u<V^}QZ$n|8zu#eEarl)6!_eE%nEIOURfQU&R5pOL
zA<(!;rm_deO8o+LMI-x+X;))-Sy+pN4FFbi;(%=cQ?8dyym>&6rR`H~_*}k%Mih@F
zbr6%34FJBZD$aZ{JAA9S5#@xveQQQvn#LF=5U)&;`d=}B+p;5V%);B?MbamSQAiuS
zyeFSw6jH@M3aPJYlh0@eT=t405K*79WC?t+O-fp_6i|+=$uA##0F+iv*52bsdw(y#
zFu!$iBOj<65_)O&4~<1;QBb)Op}cS<N{HXppXlKn*pA;8_*N-XVpZO6C+|XtCwYOw
z;7ii+X8R>c);lS<E*-`#`0RaP4B1wR?uP4+!13W@Q`HEuq=&&s`&MF6e_<r~zc5l}
zBNtAa;m5x)Qu})tjI;*V{(f)ZAB@y?@q-*H)%03s5C$V1X#58wvHu4n$qfAmBazc@
z_sPOwq!Yq_Fj8nMM@;E|FcKULM#9DY3nR(=Zy0F|z6IHoO6J+_Dbi;VLBHhGj~aVe
zIZI|Jj#E;`hzJ|^GEHJ=Ux!3vM?Q*{K0a0OZ%|p4h$pAGUM^~zLQP+jY~Mm9EEAQX
z%R^B-#QOERaELW3K*xtW^B=$=sbynR(Cef4tY65Uh(|;}4Pp9($9S8q67fQEdNP8q
z==ZBlgGNU+TQXLhHLkkc&SHIWf^@Qg;DgbvAey8}lo9H$Gu{LLy-+{e^DfcNm2M#=
zkyjM+mJ>NjmMo2BGj`q%@;ch3TPRsp@8SLG-C;(OJ=jIOb2&YdUOEP=96a*1zsO1W
zzI8d2ZmmSxam{(Pddoa_Y37aPL@suWHYybtagYHi$+v5L8ToS?+>N^>#&+TnoJMGJ
z>21vTkvG+d+`BW-oh=LuP_FHj^We!lv|iD{K5cXpF)rGCn=hKfFgtq`wK_oghW(5T
z;CGjGD@Nfr%qMQX(oHnm4M^6V@J2`xKMVJdj<X(IgSeDqYidhfO&?$vOZw-ZU3PT!
z7Czm3I4~2);q#Ii40F0FV(@29A9}B@1YZAsIRc*-sk;ly3o&0uW8!E~2Gh5VXA#pm
z!mO*0gLrHbhcnx696b4h^TWK$oxBrIKl%a@vl@PWm|bd6)-Pn(f&H~X#%si^FuzQQ
z0QEMoe6qDZz_;$scRYb6f6{KvNzvhFfOGX3VD{^=y=!1NnC{U`{x$a9hxXTz=iz>C
zpu%|t?u{pIa%=`ujTX}P6K(zBiaMUJxWzCiAYahJT3U$&r?61;+gZzi@i!g24@&&+
zG*u$<R4PcG(kXeTouNe!kKrmGYbMjX57{W^A8rR%)X4KY4zA0>G!E8G<!oGvQ{HWq
zn38r|dJ&P>umnfcTx1k`avMuho^(C)P-4bMxz+LH-)^b&oScBDe-6~J(#|0s>1HXH
zh88J<KYrHoGumEF<D=2t%0T7k{8JL~!nY)~a^nAZ{ouFe&<Yj2CGJi&(FG*)H#U@m
zPSR=azkZaq{h?i3J+_3mP_WcvuD{l{l=i|xw%Xyv_t#-Y2RO$iRM5Wp7N8%g+l<^M
z>Mr=kU8Q=pTQib}=SBa;UWDiReaLe37Ejsx`6e}mFW6knroo&Fx?eqVd%pC~*O`uH
zEsi<BIUL&IIYR0{J_C(+myn;Xt@3NX>YBN%=jigx{9o<7>hOtV^gvfjT*c#gv-eYD
zA%zUla|X#CIMyOO6rD|a<xU^&+uxx&tmVkCmk?=eFqL<8nz90Dwu)P@Z}upl$+ep;
zyJ{=c=;I!$Ta4*>jK<7792q@0Jh(jkU0K_<=ox1DiN`_f4%AUdbU8`if=fGP^q6v#
znl(T7&!QF>R9M|Aw>m4McnBNiw7a}MtL*)dkOx}Hh`D|FNIWZ}w!iE9=fl;*xz<^b
z2o0{EOiludDU|Mt$};cU{#Sk=@p*)wje_WX+MdxKr|pwlwoNzudu6}?7*NW<SQT&e
zBrxUtnkb(UQ3tv+u8Vsv$f;A23R8ODU~!hEvLafWYO3lzvKZ4UUWutK+HfoGov)fO
zPE6s7>k9`CC|R+h9P^2h?&_`F*QG;2?g{gFr7EB2g1==@WZu5Ja<5-zCH@SYPYRTL
z{3_76SZqppOG$Z$l^;IGN%eVucM06bxtQjb<T2Y+H79w^3eRnq5TtgyMoKvRRiQ0a
zAnqy%IE5GAn5x@LBN#Is?*wQn)zG49DuqdG-V!hwscGLq#?U~*Fp@GGMt@|hKn#00
z;%drO+Q3^g9k0+Y)2GOhXg5QAFm~7<c$6Z|&E+l#nO&1yU0?SN?uibqKhMmscNq_Z
z@1o=2jn|1#9Wj5-VeYwsKj19KC^V2^?`mH$Y68TFGddhGD$l^8lty*vra4<fsK?lC
z_lo4CIPbY)GTi6ZGW~oeDfK|4K=w!IEwX+SPRUmTOx<xVR)CFzpy5)ZlV`O9VXs{A
z@hjXTfz~?yvVh0Q*^iC0xszx1hNL=mR#^F>P9;t!FhqylPFhAqFuc^VL_gzr<jc56
zPS^bo-=e`N_ubB#3#Z;M_b)EIrUtfzD>cm@7ZeER%Rz1PKUQa_K7Bb<w@L=zHCOA7
zl3Gt|P4PMY@_mnidPP`HISE9qx6}XmAvSBQtm)ieIQnUH(o#mP-(B35@6HyKy*@X;
zfKY1vEzg>eH(DZe&<1x>Z8g(MFd_o$4^iDum5;V8gXoE}l>@`YHjmV7Dm8||oY%m4
zOSrfYGHWiB*95qRR`V3~dE~|IHQj37b6G4zIR%;u1~f;O@7Zk}#Uq^iv<^5bsC_0(
zct5ON6BWp_iA|XahJMFvi6og2`dKNoO&;#9cTaBp_^JbW@xDV?n)v~!L8TV-tR7Gf
z)?H@|=yM0TkZ!s@2lM(b$5H>a3(@U-c8h<at(%cj+TUAF5%}J-v0Pn12T`?IYZ0lj
zd$B~Hmrt)Rv@!IPV5)DG3rzK;+`Pxz`wmlmBhERnISD@BMf%*L)J#K)FDG6{8%WYn
zBzTC<UCNKp!UBJNT(EFY7TVE$T+wdn!2SmT;1#lp@GrT*myePDeHEP?!1K-FYWPuI
z^kc+PUA!kp5~yWS<*4&#S(V)C&%bwQ9uCk(Tj56YbDV*cf4X>Uiuf<@-SCe;(<AMQ
zxHH6>iH2OF4If~0I-zh;AnvNE;zoJD?nBf7z-tA#m|-+S!)Y!V%g7K1J3)*^7bZ-i
zYir`AYpf;iWuW0UInh_mwqErY&)^mes+G){%#s~O-A5Sk9@r(Q5e!Fxeylq3gib|j
z^tr7DMbAcf^IKXA&Zp^}hk|iHWT!1npMPUMJ2|MuQ?fO$6^}?#_{X+cjCtj6q|CZO
z`O*%EhHq!|#K43OEs0FVFJ!nc4ZdHeC!kM4u*2%5Bv5sSumb8*3RUJ)sW+wFI^Rl$
zKb5e=c(^h0;@J*RBQei^Fxpr_1vS)qo7KIgfI=Sw1+^Bil=qtbVFC%Ua;UBnP<fYc
zekqd_k>F<*V$Cy}Ice=XJomuJS<AP$#gefM<pvKcR9sn}eYSb63A0*ib6}YEESUh)
zp1DY2+H)~Xdyf6wNjy1fOqaek8O#foAC`ocJnSZ|-=PD!Bcas5&`8X`!CnzHP*VjG
zIU!5K&FEdz3M3DGuPpsu**DXWD8Alle5ucZ<?Btq1xr*w3!G)cZJz}e6_9Wqf$-W~
zcvXVq^FpQ`%Bd??8vl}t0@|?04}YS5Vx)ICv7=OSQfxRP2*dt@Pp?La<={mz7l_Pr
zHaSS7NpJX`DBwvliQ!3@sHFpwBcxx6d0f_o(g!8iwD$P{D_eF;`XUDo5sKbek6N55
z8A1mvFB8MQn<ueho`*UwI@6mGk932+GxR!04ZgVsfF3l!5qUlpcCd6^3rp8yf75mJ
z(&@i+EjN%DGQH$4yqGh>q!E4^*nfVrlJZ}Y-j-5WeP=EIPBH~)mfHx~&GU9xo`g<2
zQOj;XLT^95Bzl@x&t?^U!P^0=?TVI8`x%R4f&^HR3<hf<zfCK!-!BW2(O!bnE@Yf$
zFJ{RabV_Q$7O3U2nWL_-2z*t<0!xk+9z@!Oei(6YSUSc{+EDNVM=;pQi&!ITs5?Rq
z(f<ZAVZn#d47f$CWMMU!!_2377DC^d;569e>v^T?wRHMCnF){6odkz9*vn9dHB?R-
z#i(K4$*@~6v63|L_^Z+ACbrYt?pD`7;mV5HkqzXjD7p*0V>^yE8|zIdg5$L^gKdr7
zA>fNC{@!_$376)nbO#OY_AM&Uc9L&$UfO?>svi?@@TBC?c&(`EN_@*XO(^8iv^0i7
zC4PW3#`FMpX%p)6QTd~Roxw9?b4*G$q47SkF`HrPtsKtn75iKIL~}~?y%Hv>Yn&F(
z=&bjBwuT~VM=RmNr(?%yt-{?6ZXj(I#OdG#JyP(qnLy(C&dmM5Ld;i8RKe!tICA@6
zEFjeiDsd}Av)`{gTly}8cU>+I1@pe1%o-ZJ>_W29oP$<h987P3=d-rulLG}J+-|5<
zltgaiZ5@&4hgNpfw4cC`SPR1X0L+9}k(BGCdCv+dbp#7#z4D4cBaMpMQeDg7Emq0v
zprv4|N)f&}Gpi49DsUMXY>$ewjxD~o0*0=*);!=EPO742$cjgTC&NKUbBSLwvXKKk
zaY8iI^=7b(ceUaKl^78E5|`$LuF#7UP}#MyGqIWH*UFsmtsY+&MhB=L%lLj8q1P-R
znhoV!>-Y4l<{#HS`|^2mPKscuF=8p_^;iObo;13kC$~*Bn+Bn$9b0nEVyKCA^3eYC
zI6rGCf>saQfNB_3E-EXU$d{S89;8J^oq|6Sl?}0=Yg^X<6vxpfQ1H6sQ?SvZr7Wz>
z(K~}lmw1UhJxK6E#-d1j!pP896nU;TQV~QE!A5}eNW*pmI7MfsMx8AQFJlze(J8Xi
zMDKIiXG_^9X8=+}9})t7Pi8gc8`p0lf+rM|2Engre@Lhu7@f=X&`{aDdkAkpz#kCs
zaY9}+BWJO?H7AFy0lcD_$~R5gHssMLy->l(WYjlURKwD`2V0n9h4#{$Z}#DA?Ka56
zazdHco*4|edYyCiX%2#OLVsx8FA0ZHAE-y}2-#5|6u`b{lx|qzGvIg5^gIZ0LQdhR
zEkA4M4hmk^EYec^XgD-mDl9i9wT<Yj?Jb##-;;_mQtuw{gOL1eMDn6JUa4{35drFx
zLdz|2X=qcxMq(dm94z*TeCo1X5wqYpDD-X!_K7^M_gz{LX#35gjZ9@_<lnqTG^0Q^
z0@L(wo4+Y@J8v;=b4aLGPpc|i8U?M3awM4@!Ya!Uc-S!)=2R*t(S96{BFia4l5jQ_
zZcLz7PoKugR4#iNnVt$@=FV|Ox`KecpOS(k-1&~mRy%#xCehqB#az%a-+YFItga~l
z`&bkvLvUjbXHX9o#6)09ml30ser=WHnrNI@^p=RHk&2h(qlFWbi0|*`sxz_bxQEwA
zAx*SGn@N|_Lzz}7B;}PZZ36L1)7K}|Fs4NHETK$N1I`<{ANw%-B|>H$|G3vD5S*Sm
zMOVq`vft8`_jGy+^pXQKx$()#xYd(iBvn_*7W%t1uC2Ys7yAF6R+YDzAH9DRVFC8~
z)^q-jHlb_X>b7y8aq?IDoOcK&-%w7ebb$%+oWI33J5_$|e@`TzKRVwXCF0hZ^Gyz1
ze~f=2xD+=%8QGc@c|6oMKWPyC@I?8x+VUDitw>0)EOXkXk#W6|+=?H@5*5DdL6{KP
z;@kbpBL8*5s+m7|3QMA!eYEZYXn@UPUtmKltRxGIJ#o>f1?LIOBf>b5Do~oSHQSLA
z&2Yq){B_S;_Vc=P+*I!e&y+L46x3F1`A2;>l_&V#^ow-Rr;F@cUQS&Gg4y05qoOOC
z)vO{=)W@1xu}OBN-=L$dSVr2SH_2|(^OlL8h3f}}Uc3!wMrDz-J-9isPrt5!gD0wA
z^*NSNPvVC>+_Gg-SV<E+u+!3e_(+l?G*?t2-WjV|-Hm_kq1Iu3D&7;OJjGC$FIJPA
zI25A1jkKhB$@X8@{LT6&64v_w$R4O<MWLN|K>NYfCRINxic`)(X-9<{p5!)aEIE+Y
zz?wU{T#$Z0c2oo!I(s3aE?~X*cGo$-5+Y_#C-*^Z72gk>a<moYoEtb^n74Ugz8+K7
zDyBg4vNfm+1U^MInJ4V86<6aW$VZt(VHWFhOIIW`Of~<BcXB#<oIQd7-mdC!-YLY%
zci%A<Tj&;j_R+7gQ#~OUjkGM8_sL=iqrz^aN|1NhoQAUOJE}&PPj659Pdxtqlg&79
zZUL2_dJfCSZk%#S{(w9kSW+LTxN{`fQR>FhlQUtH_1S#mAZQ|_DX}#9^WM{OLk5s%
zAD|NBp!wbr|C7FSQW%pQ(jnt^NdU;Mhj`OO?x-o>A>HoT>O2ec?13JaO*09X49*b@
z{Zkn~apy9MN1J(;^7UBe6FXDoWB1MV?Ff6rd#VX%C`O)G`%~z%Z^{gA)$iX}<;Gc_
zy7Qa)^ihGdll317>s){In(OGjI~0H#k-fVB)DMhfl9_?XOijp4YT`J~0X0%iSMJ)S
zivG@K?46!BXKgo|pl<#2rZvJ~u4J+BXdQa}n1_0wAAw@fGA$*>ZZfj@qN2nI^(gG<
z{4A7T`jD#l)NAInYtUj8SSqWAN+;8wP-P)Z%@&l_*7i;TK^#SGJudlJ4Nro8IVWjA
ziNgb~0%6@R?GHo7o4P-HjkY_iyoN-*oJC)hs?RMzxeW`n2P#s|y>)zV)f`Lw7R#Id
zygeT0)h3IQ;eA{9H7Kuf-Rd*!cx>$-Y7AXrK7n6JymDLP6`CpeKQA>ZJw*#m=(C>W
z)jHI(8N{dOOLYz-zBBpamkCS;6xeK(tEJ>09+&DI?cLbEDKJuT-#YY_V_Ddf6ZUCa
zP@H{gCVK**#w-(!dD`8~vq>6$N?0jTycwGwJnHJNcdtX@D>TZK6`$I<4IR+8x$d~z
z(MEC#BYlw{U&Mo~rqs<J%Kn_kWiRX}^#m)})+vr_;~%mu7+GNv)lz=i(B#)B{CbSW
zPnITIQ8JHz74!r16ME;i?x3Bp$o>z^kpcI#CgdQkrgn8gTEkMO^Y!2UclVkgyZk+W
zvCN-dtEkEn_9qQ3CHp=LF`HX6#S4cX!kMn`o}{#|JyZTnu&ksmcC1m*`w7+lTCxPC
z1PVdlUG@G!R#$>Ycn$aeZ%PL1-T(&=NBwtz-Tpr<%Kp!b{J;7?{C(?x7g>e%JNv)7
WL8vPsqx^jd0_+ZfjVX?QAN?=c*%QkE

literal 30646
zcmZUaV{j)x^XFsRwr$(o*tTtNY}-yYwr$(CHa36B?epBf>h9`Z460vr)qH!Z`ZGN<
zin5?!Xh1+fP(Wy5o*HU^l^!z~AfSFqARx?tRugA4BUdvuD={;3D|;(fD+hZ9YZnLm
z9c?=Y+z#Y#{equBMIB9+lGLNa&A~s6idV-d{nENR(u$fALf6XLt6fv@6D`HZ4|})R
zH(kyCvN@vOzm24}Hx3;2^D+<4AM<~PHE-)i5yhu{e5x_Ev$J~cxeV@&^X^I`#EtpC
zsh0*H)pYq-kMM63+jwPK+EWg#eG9<b4rii88xkU$mC1Lf=o%mFt^jj?jv0Fjw`h;0
zk)Y*$dQy7TCFrX;ow{-HU=C#q;jxgNY?=<8CfVad!I7y1mQXPKQt6Hx_4||9ZjUKz
zLFpJgO^55fS<WOrV%v6%iDK%^tfO;(=#R)*H}~?@HW$7ob!2eOAE%*W@#(E1T#tSw
z{Sf9FD^ZZ(h-x7@`<A3l9?$Kj&+)l*<UFsZ!r4Z^f4{4IARCAhrx(`r{_x3~PrSU)
znvLwfaQFzqhhos3(sE#4U6CkhKqrry4(7bdBEN%ITa1>ikNu%42E~@lMMc!4X+Eh}
zZ!}eB#+4cR1v^MAOF9s1s7)6#OBjuX%YgQh7TLfTbyxJ77ZNOXRozG#3@(nc&yLho
zE}cM=xvt$R^gbF*dzrjj=}_GFb3`e1ZK1un!bOD@D>hIf+<t$>+%eh<61<SQs036R
z1x%}OV_G3j2j4F?c$UayTgt*i9!C~qRtgp~q*Y@CTVuQ^^tw<$Yu|u`c;AaIJ5#en
zZ3PD#m2v4kg&B#sfKm@gh?MiRE!&`@{&sNaBmQ29;#z+A6-r1!qbv)pb>If<CGyxq
ztyRZUeS%qVM2AEjnf*p9QN`6SBA(dke8{eefPIKkHx^U@zA*5x($!r0yX$B<bZH_a
z7yqnb-H{t}#I7rgPCm8uNQ%yjjbYG3tST`Wogfwo$59n)lH>!s87KL1=oW52*!@s=
z|1Lx_)b0Ftfr_JnKHptxgSkW51UB~T`bHoO*tGR}pbW}^&O9Ne1Ww<ePI^)67_%zK
zEGN$&US0HGCVNIJ<BaYD;l}A>X>&6Is+bik=gJSrYs_(2$>9-w*92%GH^^)}&c2c*
zqy+E}T!P1GYsR=NPsPMvhZ!~nv7f!Ndz4&nlQQ|arU`{4K6!~TvM>2^mYTIBWA_>^
zr3??LdYhM5QjWRx86sJ8YUaEkrl86>!=)q;R~oGorC`V|k5lMW!h6AZOR!KJ8{Lru
z@UEkxOhR1mhniKg!-=9lO%&iZr)g`Y=^5#2EVvrHoE|+l;siZXaPKA9pc)KvlYU0~
zQzJJfkjS$ToQ^gPj^^!wSeYUpan6C7>^&3*UVsx>6|=+#uky|WVlSX{?Es+(O^65w
z8Rt1OApsQ@>_*ywG>`)en{!ZQAadt?)@o&O+0HVll>X90p*5C!eNu0$d4uN3Mfmqb
zi{+K2coe66Mg2A&8x|Tt3__VvH|sjx;>;sdGz3@soO{cMS{@k{nl2f9X}h$^nx4ow
z$_lX<?V6$&9T{;I>GE@KG5zrf7&H!p6&zMY$~L+AOsIXS4$4r33>A<Eg^+Vh;b_i!
zQc00R|5jI|lFvk`G>)sblyyQ+*TDft3&&mKLU84{2EAV>G&Bj`eSEpC{HSJW@H=tq
zgf|Ng5R@EA1CCY5@E-65V|=N_Mg3cQI~zOL*IzcxkCw0?9$Frr$>?=Ami?gUV}E23
zTVxQGAX@&A3Sc59dia3eZDAHhIZBZ5xV;Dm^_X9>GeXsy2$^lB#*knn?x>-#>lPg#
zpXM<bRZGBI$b0NZ?9;~^I$QK-lmoVjKfOGk+BSjf+3y%4eaB%sfwz9JC(t8t$PM-?
zNgbC*ST+5bOi#4Sf8d4Y)1?C95dXT7euQG$`Q@GP<UhZd_t2~UB64wn-&n2Y%z4fs
z+fnGV4Ro7og568Qf!XYjC>ynwvPMCVbJs6|gn4;VzavtuLFv1ADQhv^CCQTHLsGHI
zW#d#Hd`fBKVA<g*@Q{6h0w0&`N_41=ji>&TPlT>(+g+qP@6fJ28}~wm-y1U7s6sR@
zDlRQqeQd39Y-R+IyJ)O_Sr1T3`Q&q|IH!;~wHPIlSBi4ZCJND=*-^UFU_NV@0I}b;
zG|x#evtu&#qKyn1K_BxfPVkVnfdp<}Gka!923A07O(16E{@a*SX;7ESgp1X7Q|ZBe
zJ3f;7of}KXV>|tbw8otUoQ@(2?qUDc?T#sIMbs>gzbY*>NBR!!`a~0sI<JpArMAa`
znHF<STLW%wyM{}rNrY*sGmw%95~EXOr^l=!=xW1lFDwO~Q#J~;%ib9EAroeeu_8!-
zGhkBr1iV>qvqB(}jKa~s5k@x+>+l!&@f(4Vp+ZmV)Ho3pm|W!?gW=!^NSh}7CEMH6
zlQJ;C;L6|OwLrd;fDPHHScfX4WZi1h#Lr|5T-!lkWv5Vy_JjVAkA}OB_1ihQ@sjb(
zqe`L@r-PSNj)$=L4-XC1rWPJQD+?D<Dcu(WjcU=KzuPhTqN3aWw~FL5+JLF&%s)DV
zpQi;fjeCNh8M9X^qOR09OXr)K8@btAs6n(H*&78T6TXt;buAahSK(1d;gPD@$O(rc
zRQ;(8B&%U1cDgm~%inK1%h7;WmUTgQ5Ax!_CAW{bE2r1@J%^wAe*;`SX7W+Wh@Vys
z{siuej&7imv3F*hC%4h1P<=~YWoEFliDeu5>4CXJ?b7>NkolMXY@dqO{P7jOP-HkK
zNjySW_%PZy&PmI36=|btZ!7uZ9C~nI>YY<HOzv*_{e_a%@;pl2W2fmmbczdmwg>Sb
z-uRPX(C9`A*p%OfZ~2i=c^%nlH5DXy!+2;A>DLj~u$Wa*WUc9u{uYv*)q`nn#|YeL
z6TQna{`teDi}%R;+fp>JDjZB%7i<pSUM|Q2rQ=<!;IE0w_CP%+MD3lS&?ZlRJWv@L
zH8BmpMv~*61{%VM8p`ifp{99g?d62*dE~<nh!a=|{@4Q;@Z{SPS28UUCz;lWx5oCG
zV=6AI8?hWF41ILu^rO1yE+HI)0|^IldfeXy*tJ#0Ss}lw7jES6VKd@U1fUyMHC_>!
z8J#f!e>P{9WI0)<#)#N}vXT}c_hJCAFFQMsPdiJTb$Q*~+_@~tnW`VkW;YKZmmc+5
zM*dXAze_tncp%^q4<@<<gD5%U`rOU`?%2e7)-AA6B7qi<Qf2}hW4jD%w8z3ZHvQ#m
z$xs?}v-H$LVACqS;C^KU5&wStIWB#zRa|u5UDL}^J?e+F66NLm9OY>Kw`bBsQ%wbB
z$W;ldZg};GNsCgX>Drf41+l2CkJfMmI|_ZiyGgPNRH80<OOqddRRnx^JG1;bJ8WB1
z_tHBFLy5@nwT6$F+h)Y05iU<H5MS6u>d(B&;-%~C(CPTpVX9+L0i|^Po+>KHV{liq
z8%__iElE7v_yXQM-^BgCvvc)d!BX{e^?JHpllBl^-qZzu^|M;dQ(IZ;QZfnK;nk6{
zv;Co!ROf@XoPTODsUnt;#?nl8Xzx(z@FQoKDbRkT=Pag~o6k~UFMsT5dXViCS5`oY
zEHi0yX8P+I74Y^6ulWCvX#rP=w2CbdP_z~V5b{4VwKKA^S2eS9wEf4Y|7Fta9vhFX
z_9TWczg3<e;JUK8@!hE;`uE+X3w)0pSH2}_ALDYL88UqY`b7*%whD|=uH6l<fKO^&
zFHotwqN;<7iB@tTu>MMs!pgi#ho3V8Bx?W?LfCB2$_H{wSn>qbmy=Jn|6)&@@8xWV
z$Cvcl$C&GtE93zGC&Tv5?Nb~tuTO67ZtHbS_dar4m+OsW9=lWL4=%)aUu)|)C`6!O
z;O)2LXd&*~8+XqQ!nfcHpog`=)+Wf}4n6>gP-|&|3G1lLVS9iJDtHU}Z-FBZ4*1c;
zqt7>X9uj^C-zk9t@o*0Vhyzbxcp-E)QYZYVRE*o-ZJyri7z6O5^j>}#-GIfxV&8I9
z94!-A3h>8R`3YDE3<8!9D1jWlIJ~cJM;3PguK;>C#oEuz{Vj#)TPvoYEpOZEa`u;z
zm&)Sp&^mPRh3Ebk4?<aS><mM|q?&K_^ml#3;J`Y519!_V1S%Umz7On<9ObwN-d4i`
znGh*0Tq1k#tsF(Z5$_=M#}lrP)R{4s9Df(69&aC4?%L`)0oeSt3TB}o{_)4baDy!$
zO%@#f(*-eB0D|Od|HYk^zX+nJ2a}k6gdy(^<K6g{lcPe`k9&|9WMkLc880Bzo{f%#
zw`BLbjI;5{-4CcT1k%2FkJ}?e5kzbPD>TRbtqWQS(sFJ<H4qxQE?xmc;3Wt6yQT+S
zX+|PDU~hN3n?~Qqc!HZ&MJ0PR>F0P(R6s7paoAx1pXZ+b*69#I#4~+%J+d844~Vy;
z_vl~^mnZpxswo9)$+uy&*6oPfDGylqz}s}RBgcn+(+{cGws|7lZe4I8rZ2ON2@qnN
zaPLy4A@_Y1^mGx4(LInE+eezjU`ku=TsQP{bytSpfRxR@sU(n&fNP-jB=75`@+!W+
z*Xd#5uF%<z`WbzKi1+Et<z7AU&Xu7!8J(AbL;O9yu5oW+TolOYi$#sqSK!?F@#rEE
zJtw{($IU1Z@`$c|sPPuZe45!a;DzRI7me)^K*-%+HNW^UTQIich++?G54)v9HCuHE
zYq&~}hI=xIEjM;^tOS>sflfftO0{wr36^lHxUhPB4J~NNC@~AvB+AIJgjTg>?Qlj{
z+oQJJWrE0aT~l%U&F=OGYIA<;_ZtS8Hgnn)bgoc?id-;IR#Q2su(EA0>Sa@MhEz^Z
z>x;+T^p=jD&pbsRQRi>iP9To3M&1i=oP1b(ahroDugbM4%=}HF=*S}vl{x8K1%=J1
zYlN+|-9$eV#1Fvi%)q^!MO~ZAHn+QbJa0Ha@6+?v@W<WZhhx+Hnaim$r7a58q8pr0
zXf_*rkoP|49_;mqE%%UaWe8ot0Lnu1h;LT0mWUXati~F-o4r=<PK3PQWdfz!njhOc
zeZkp!qrSY56@&3FS%~~A{^!-#aBJZ2LCXMT`e*|y<Hd$u=*7bPvt-+Er$&73f>(X6
zRV;f6?r>RS3)Ll~s+7BeH<DTRr=ie<FRJw8i{X@VAb>Xg_tH*j$pSZJ&7x1aI$vY*
zq^&P%3}@x6r>nSD+|(@Jkj(_WnzI%m<N5OYAp)LnvXdkW#O0cCeQ(OZNA$lTXW)Yd
z;u4cpGvETNI)BU%AObO^D30tv?anBWFS7fWk=)@q+LN|tWr(^LZx^t(j4fD3u5GYM
zQ(*~@;7)&bcUNz6%gb9(|Lo2y8EjI;dX5-(t><(0=58pdQ$axa&2e0FcuTfh^mUPb
zI{xNgnOEcaCW26RVBpnVsw*s#Af>&+!x0vsMsdB?P+<zK+mZv9IYrfxvHrQS75Nld
zvXj@+<<f2g&lBDy*_GQv3TscvyQ(zS!OeAr{}kt51Ly%Uo{J#xqGfM*wUEE^vopSB
zq;7bfLh=c?h}5H4GE2$Pe#Yj*(^o&6xtQWyHH5<Gj|*k2!q2$g!Ow}SzZv8(hINyO
zPIgoJ49Pmwisux*<97Qt?N#_Y`r(rPs*v-OiP89elFw!s>kcV)-}M|6j#f26K;$)O
zd?TV?TS<}a<$GgXKVF}?QTnNi{9GRA#9EusK+W#Fb6;6yYKwzXD%WVC)j}u!JaTpU
z0lF4;55vW^L>C`vW`c3&)G3QV`wFYoVc?DYK<wPn!FYD+Z?e6;c6j=Y;_Px-t;(zs
zV3jHBeI~tNWSvS>X~+-^UDlqwaDJk(Zh443m1C7fKk{-Bk5{hQqt6}FsxxlcrKV0w
zNS?mte$w5#g;jTLeZP5w@~~OUP<PEhUw4i1sO_C9la-9m{}CI_U3+f1bdxdU;S=iH
zrs1UZ5a_JspfKz06Wg$xhjDpLPkecO(YU+2*to0Dd|9f2P1&^sM4}9Xz-5I?U0fld
za-Ux9hoEzf*|_50(J}RT=DgIKll_8wROUx-ziA+1zqxi&1}Od4jO}IWltt{sB{M3u
z2ozGeTha8Kxh@M5nh<0dMFhkcT=2&;FAJDYdFG94gUL;6LG?~~G__B8sLX4hXpX>M
zC!cfH)VZbwtI=vos!Iu!MzkIXxMSQj$2G&vG>8a^)9VmUeBIWu4DhY*R}N4fRtgym
z@EPb0@G&0Myi=9EX?a?g;U7DyrWZ=DQie<<L;2iQji?`loj0zeX3ZsI8#WR#vhnGO
zv+*w)Hx?EfH<XyO|Fhl>s$tsKFJ<=RM$Op_8VD8F38T6rkry6@9;kPuj%hbKi`t{n
zj7!bvj=1!MjySi>OHZrJ%l3?p#i|rk-38*brN-YQlXxb7^}Psga*Z)xf2BTCg-v+4
z-BS7P@Xl~|c|3LR@XC%mo8EZeoaL69@pMOsK)QMtIvx55zC0*2*@99hOOGkttCu+u
z$XbcTKFP>wFYx9kt16Mghs9cs#?qPXODSY0r*S2TQl^mh%(Km)<LfPQ$oSK^=uT{&
zIjK1TLE04w`iua*$CN_t8|vX2(e)r9ybP0@&|MS79Y3W<H?R$IvB3IqK1a%;2NCzR
zA5~n9rtXm#R}Lnk(4}ti#1}?^vRk6=c+qyAH6@cs1iRUV<USR#t)r&L<Tf9%B`p~+
zxGzR5kJGV<x-JG+)+c6Fz{FP;A$V1f7&8|MeP5MbrRx4R4)MKF4l$~)jde`dCxY-f
zOma$hr;>2~m>SW;8NkX6?S0jYCGw6{H$Hokh*7a|iswV1MVKm(pR5*U788i3HfGga
zlhBl7<O$|?n$VQv6(HpXoES65Ld8ytl!j39x<28YvT83Fm90?6?;u1WHV4B*E5#(u
zIYs@3Uu{8-TY}v%RM2IKTSC~B`W4W@^^4S&v`JCA00|DFOAiSp)j9<eDHXqt2#;oi
zIDRN9n8Pv|1y(U8VNNfq{yz?G7Gbyl<KSiyVdp;%+GR;SNt@<z=N<&ZW1tG|`!_82
z`jMXUxfY~M2p+hVR_FvrMe}jd^&Z|DxcY-Rs9WGhu-@@1BJTc0;XtYf3-MnRj-;-s
z;{Ou`QuaeW7T8oD(?@LijoN<1nmOxA0k3X#yldg?6rD)p1YdI%G2egcF=gvdL;h2b
zIoo|%@;~a?;y4jzhL-inyxUS(6+UHNG^w|`5$tww)dzDd<hB+02yAL0&kuBR1bM8&
zp8s0`gFA`KS}-4@gAk;?81XrG&pg(2@6ZgGmc+azx%)2%F>wK4@p!%$8ia@cqdp1$
z|5ktTf7D<6AN8f;r$tc9+VRrnttmMLty!{u<@2d8N$o5!_Mwary-%0P>@666Bg}vi
zOkn|pPix0)r*Hv*m`dZenV}DoWtiGVnMTiM56<`-X6Bm|jdi8UpG_kpQ79282=#f0
zt}`2lD4SkVl1KZno?xQ~99s;D4OtFUG1jrV9Qb_h0p)$NRVA(xCTG!?e8X9XEO1u4
zGjk6FCMM^Ew3!PZL?;kRYNQ(r?h<hh;eDSAtqF6O`NsK6h3s#(J7$g7BNc%?mR~OD
zHE{aKa<+$~Q;Or(M#rgfLT~s5zyZ+b1G#X;A}j{yQ{s_0D96a_e`fYHA1++}G?Eew
zyE91y%RC&WkAgYP+sUc+zvq1^!%@Ef8g%@kY#@~WsPn)}sUAei77Ek&N9B6dbx{oL
zArg(gA*NTAUvv;}S07@|266=p`+&@n$SC2%CsB*Hyi~Zvw%|1TvU=%mkVw}sSJ<7%
z^lj1Mjs&z)>2ycwIz#WHj)R21HpWomM_5~Z4Ws$j`vYs9EDW9|g$ao`gVPWOd!$&g
zB}9~NslUa3x3}(#>Oz^pc6?*bb8Pb(PScydbJP;D!T2t&8@H&;hoC7ycbz+*iya}{
zg(L8xLV70f@Cm?_AB^L-53t2hh~!07adY2cH#_-xBEgJ$q}_f8&x>RBI8y`@6JE^T
zGdm3i7g{Y88RaEy3K{_=w^E!lXA}YR&2;pPxEb_v?UItb1AY!lDA&b*W^k553-8g!
zK{3mm`Eg5ZxVoXM8{lCBcM3~;k=9g2SSVk=cN_E;Q*DjU`v><QKY`M2K0KGko!jmN
z60B7S$yC~c2hgTuwJR^qs^A&CZiDQLP!?XUgU>$l+a$LF#(pk0=RW)rx&g%jJ{hjJ
zkZX6qjKE@KG5g4#BAzp3H_!dAwUCAA2-`EYL3p>LtCkTeah)vC69FYx5+A`rK-rje
z0j}6`bn$uWCKmhq4>}KLNxgZX%R(cdK6)h&5SyMZ-p*dVnM;qOF!)K7>|5{o)t1ZL
z$<ChE=Nqg~4dN1jb(C<|hj8=+nQyT(&%=A$HsWQ+hc^%c_$~{zO@4+h?!Yg~2-!$H
zjO)I79Nj3$M2-)$B-LQul|5oPko5X?nXW;FgGSW@tphNPQLiznI+{@5r=y{7RIoh&
zKOQxaI)mOe+K!F^=UrW&vr%j2jY$4}n1JmI!16&V%OQ=V=PEqYy#g^QD_*XzqL4Ns
z${t51`XOkcxoE_j@{;&~7n>q9*73MwB3i#S3!MQcu{|(tLC$bhESr>8>)qHevNTd|
z1v|E~T{BA+RIZ!EYKqZ~0m>Gxb4LbT=}+<1W*HY60OjPX1U11{r*Swhq{D0qSxvI<
zVn&6T+KOFN`>1}{RC7WMuu*_HfaN`pD>g9ge92tK11xD>v8m}Iqw8?Nnv|tp6_gYE
zgPpu|uLrsz1PAexDeBZ6duX1+PN6s9?Xn}gi5^gKt|3)?FCd4fi$p49+q-^RPimv3
z<#-4D-6Un-Y>Nrj{hU$Jqvh*iBOMz(*<r5xa6v75lY0U|Mf-sUu8Z41W{&tFgE36b
zx4xo2`c+us-ZNSDt5nz#&>Z<OSfJ?hr<k3pITVDxFvwj|pH>Qw+?l@M{Ao?_85L0_
z=fUjPt8%&bf|dRU+K)aJ9;Vp|z0po?s9Ia+xU!DZ%3}4rwa&udN;5llb#)UnJrG)(
zKsR=q{0c*PdIxd4MenR`m{LzgJ5W`hUDvgG>(<`x*hMzVsu?fv(<8nnCwQ0p)Nhz*
zd>6CX+fumX@tQZgA~Kw)B(8TGYrtX0&l{xY<*#qg>tBO5`Z(JUcdOx2DKL_6w=Ger
z2^x$Ba(~3qpjl~HkO!Rn6DG<?^iedVI%YVhS^*+w!HO0K>>GDbJ{XCJp|ingX8A^j
zZ9cHq0}F_~rjD7x;ds1B@4Y16CGvL^$l#fHMwU==Kp()n28SDCdQ90wvy|h?S=%ZU
z&8BV1g6He_cl&!p-A#+kc!Ua24(Bx|p>fp{249XZcoC*RJJ7Rgw)<E^KBL-$5IM)Q
zk#@W<@&7I*F6lf60!C=SKK)SrJinD3_t(A8cY!?=9LkjFEd~Q9Gf*%3@clXLK}82q
z+ZgEz#Ls?SJnCQS0h3O)M5<i-z8>BIFQ3sjL|+dLZsH@O5N?-(pX(&~B4Q)Ch~M8D
zH(WWt4}rb+o2KrUH@;ru1@y7erRrPZ8zpM7_rVJ+egx0)C<Ahm=HWa~2z7o!e#h<y
z958}KkBE}7rN{TmxLGBy?T*4nB#uiwm5lBg3=L5NM>CPL7u7YSY<NoJ@Vs;oP0rXa
z!?NKpudOSJ(ss9gNj3|wwP5=kR=~ngBdrww_2N>+5<D52RnuUDh+Z1GO#c23EYdiT
z!oz?Gu=hVVaQo@^hL4F7EZ<V$!)@HBf5O>(=g~vhZ}@Tha961Ym@+|?32YS0T>b_o
zPI#Yf2zcEC-8n4nZ#FJYial*kROD~_1JxhfdRS*oD@<0s0v^(9=)4)E(~`iZbDk>-
zs<j^<9myI*ltJgzZ(-ZHuxr1d0a<*%hHXc}$DHLKBS*pX?g#=0iJPhob@O42^DD^b
zfl5y5Fg4;p8QvIiLnH!Kv=TX=;wQ_QkckigV)I2`8sp9Gz8?SpMpi#dhpbzXpEGg+
z<!#d&-vzRN!if{}B4x5LdLr+RU!ra*OBD90i{9*`OY5f7%>O$!9Jc<EDkc=m7@p=!
zs);G5f53EicgMRJ*$?oRalE25=-&=6C&5Q_piYR%Wjdfa5<ycU<^d*`a`Q>yOqZ-3
zrq@{3*I~?)K-nVpafFS5)wEEnsRcjA=yd!&5UkTF$`ed1jz=ZgbM@?w=r&gT7SFkA
z3D#Ki1Y6Q`PfJE7s-=ZKy#&HP-V{xc`pCr+F{MT$@>*AxCy9n{288VOy8D#pDR0sg
zBa3A=pTZU)i7ZR*Qg?ZSmzE^kYiG65d&hrdF~IkFJ=_H=ga(f;47V5?ov-y*eydWD
zyNF9IL-Wx=jl@Ttd=j1^tEWSv19}Rg7qcq&;C{;mfYrvrl$vruZe*C))$v%S$H7z+
zvO;7ICS_}#+0I690*5;oQaaI$h?-_TxQIcRRz}XTsAMHmp)^*aj+aJ}X;bm1Ss5TZ
z*|Xxhg@hU#*fI;Z>W!lOJ8PUJv>qQQH`&gB_6)AHM7+z)l+9nhJndQR^rE!~e?608
zzpN1a<{fqnXQ+1$%tZUoAWu3*oPaezehhMu3iVTirI}VkDo}U7QnK0?Wt<RSVe`@b
zFY3@jq$B{KWp0J;t-_**cletNe1mh}9<?6bMf57(vBRle3j^ogfYZ1A&>?8$9oNl7
zZof;|5cmQv2Y$f?_I+Szl;YK`pWZ6O05vj!2pQIKlpB|gBS-*H!#YrRH{A!11km-w
z4$*sq*yM`q16IOV8@L_?`!!0S8D7(6XyP%pyDhfEkY!8Zv$Qa0dj(h6N9w6{l{qaf
z@^c8F7=XIIy(-8aJ74f6enWVk9Y7BC6tnybZrA~dD!`Reb04N@!N)d?v#0mij?~KS
z8zGOjaWi7^rqvL5&QcUEAS*{=2e3di?D7%`AHWErcjbucdy+O31o`X=9tTD)hQYg?
zny!nRfq=bly6JPxsUwB+jfF4I5F;Bg$&1%)tF;7D;N`Vw^{|qC!L@IsHpn$?-7_L}
z(YoMcFx3HH>*(D^(%EgD2(|yZQpwEnq>IA~x4t4Kzamy`J}m$_@6fOWRq6*Beobm(
zLv1N(%uWYGR)@Y<$gBVR`^S_ZuU$rQb6LdaGWf?CVSq8UnVP>#1|Bb;LV3O)0Jk0Q
z)DZZYnuKf>Eu$``x-uO-L*;6%21k{}-x8|*D1kcSCVLd6adX233Y7Ddr=ANlxjQAZ
zJ2uTfy*)I|FZcOf+U_BJt3z$~>&(BjU1Q`%MI#zQo)$2&B7Whl_vh(uWf3+d&dlqA
zL1u+fiW{?729qS%)VvxnoG?v$tQ<}0TTA*NSEgC%u@e{U<MG7SZ6&>_Mc|<AuJ8QK
zyvue_P-x0)BdLARgd)JU`GMXnz<X<QyKxe~&wY?ltmQd(_)Tyno0&Q!w`2zH&+MN$
z)%nWeVq<QtkK~&dhol~|Pt4HnJz8N0yfN~#j`Dc4Lt3YH{1WBU<;i<9d<baJp*cw6
zN$0LJ#AGOZ{0R!=+JwnKd_os>uZFxt7P!D}Lwjd7>NImu0${h7eq0`=$*A5+<)L=A
z)qcn9C{NzU>d2hZvL5tOY<t`v^n$Y#rRm6&x~o4+J=6M>u<*B>Y|wa>d`z7tDx(Vd
zS)@4Ix}-CEWNz%3#n_x#b+~`Px4VB-oo-I(a#&L#vFq_>-peIvSH@$l%^vFU4pFOX
z-bgiyCm-9JmjWpm==UKWIJ*LPHXU-XVgQlj-*u^7l)p5i!xS&{9HR{7$#aBwj3#r?
zY9}!CUe$r5*b(fdDmzg>(K#NDLaYQj;Xn|P4;h|-M=J2=D(2%s1rV<4_iuh966y@V
zuiC#C5bEd<>bU=YA8;9h2Dms90(~a#(c@w|llJ`@U2-(uiytQxdMl>hoxEHKzJ^S0
zcube?<svs30J+s8L=0S1@P+t<?j{06#nS*D9BiFk^E9>{#Gc94H-I4l!x+5YP~m!K
zRid47L6DwL^Y?uB3;VleeaQ#sZb|UZNvac{=MD}&MThuo_(*|ace$t<gu}(+6^FCF
z9zl;0?;f^DiJ|bVrljmDcVo5=q>Valwc#4{qmfB%iD+ISn&*7X)zOqOL)hIAV*p`?
zpK$@aD}r5~)q{Kgx;76R{44xd`&_`*?ryKyt3x~luVi>QBxeul6gOY1L!3AN+4u&3
zy}MScK?W45v?us$eXj<=aKXWHWdCIFoaw#kgl5scb$GKFiF|Pc1LK@gG1L73p{*aI
zA)cc+0K(&)%7&n9)N__^mm{-Qt|J=jhfG4=ZBhW^%-7`IT-mO8*g^-KdT9~+`W&A)
z(X|GEhtPwcQ;)!Q@p|UKSk~5dqmlcIe-pYKB1w>P@K!k9{))NWfBcPZ*MbE?zoT{3
z<PzB(=eq}i|D2H!PU6C@@RvjKcW7?#g{%J>@0zVXTX=4@u<yX(tEWmgk0quK*^k;H
zO)tZ}PdC2L)O-p+0w@ZFCCMWS^@J6jd8Etv@9*BA498V|Y$NKA#BPy!NeN4s<K4#o
zd*gQvCx{i|ZZd87lwN;r=afmYu~QH*ytDpW(M6==EYU?w6y9ifTlgYySacdwM^x=_
zyd7n)V94Q6mGVMSiJ;fVj0ARK0+?Sb!a&(i>#3j+ZIxGWa~vA&wB=tH@&bI5vKnt+
zQ@g)z$BD=<wF8V_BP3hkscJ*!IGt1<j8zyMRLxh-dPeVopB^Pf+L~h^wJyts!kDaz
zV+gg7f-B71Raf9zN+dS3t5I;=Ze~Yj%_dZ30|{iG8L3}Z=MbzxcCwp;8$adFu3j+@
zk~zW|=pg*jrwaimoZ<T20iRQ!9+>G!$@p>Gz|3@dV0rA{sF-#jOUaiT>-Y-SW;3{w
zxpklp)~LY-gZ6KD)y9Oyk-lGVyjVS7@q`MqdkFyyIn1r4h5=_>`=eqdf1e*{5!QR*
zW)%#2fLxAbtuAk(8$|85(jfUy@;xSg?+E5*CnxGWEl(Muc@FHD7&Gwz{ZxJqK0v4#
zjv4B*;e;*kqgdr~5>Zn`t=f8KY<ul{&9+ayNSDhSOKr1w_J7`CeZPO^L;BnyCv>tu
zQ;4r_8q3l#R|FB5#uAQ)*q0Gw{T@U*U&J;+h4d3+L(^>I)CVVE+Ufv5RK;RFS`NOp
z*nShGFZ|1c_~hfo4f*=wPO8pM-vqOI2^b%nC|TaC>?>&zILAvHdKl*vv#R!U=|n6k
zWLiFC1O%`&>C|>`>^3xSs4r$_IovOsVAzFTsO~vensKc(W{;Mu&Bkf1#zd-*#bNVW
zDUZRz*egl=>VXofdJmP3*sBjY-^`P|PI*Nla6cj<vd1Ez-0mtZt#~VR2W?~Gg&K{n
zSL!{EtE~AV!KUcioVE)Cgl@onvfGBq;7Lww1q8%#3{|e9&UBlzvy^A1SW=MVm<S}J
z)C4X6v1YCIAE>qvUIwm6`D>sIRa*v*+}D8{(ZZ~hqQe?h#5eT13%z})V9?v}`-2$n
zFvspgdjp1>{31-A0`VGS50yfq@kMZ}V`LOcn?<Ix4n;ox5wA!8bVX#2Ri~^>2By<_
z8f^*zp7s>v4m4b*d7>=5ns`<3=(O)G$PCLw8(YBP4RR|hMh0=JsvFY3JRQ%0H)j`W
zafF5|Dxkh$Blag!1*_SFgeJ+_kap`7L!Lz@Myiox4gn$P37V{^M;>|=LRPIkcbzXX
zZKHFxmh7eEExmEK;r4T?8~&IalfEy%%{Mb@S9z8w?%4_!Zo2NskSD0LX|z78H6T^6
zmdg%}nUvda5BeBhPXjN~CEv&UoBEf+O4yMVxmah&yUhprU3UD7!5HiU@A(zpu@5nd
z1E(a&gdY?%<uD|_OiJufon62ajb2r9)?qlJ^#FOFYShay8j?7l6Hy&v@(&5(Y1oeX
zu4rab#yrYW5$V?bCtOn8be=UCWK>}qMMbHgp!GX_y9?xTqvK`ZmPEKV0xxg4__A^o
zF>W%=G!;E6wrMV9vC<pKsViJ&i{j+9=o-Y9W4Nqj?SgY*vKnq3y>4m8v}S|fH94r8
zD*s5wa6H?Fx%gOKOkCrtjk;XwzbAj!_~kfv=L7h`l!>d@?Mx@}Ab8nHMiZ=Duk*@K
zUowbElO17;$OqO(%bRmid9r#pvo+CrfgxhYNhQan@@0m~$VgqY4M##!p_Vv}mpK_x
zBM5jSs`sIgtmAHH9~u_U*B_uF?tf1+m;ei|NvtGRA%Na@c@%4JrKJo!9|BAh!Ql(j
zN6`o6)!q*zmDIp{(}%A55~g>V140ti;0`#@!FP|iMr#f$ZV(Sn`!>JP7j8K{$-Ds2
zHf2NJ+r8W#s2j;ZL_3ascOQ?lm;mUjvDlfu083aWm&EqU<~oi(2TIkC#-pBS4~n6Y
zE47m_<0axjjV4A^({{*fy+W>*geb?ZDAN#Qq7|lo0Fj5V3{zP@!$G}(<aWOZG@uM~
zmJsqdQ<6_1saS$L^gNmFq+V~E;!`!ybyVf&7~`d2pPgp7v@wJC!j%~x4iAcVGH(vN
zbm~m_X5X&MT}Wq={C?0Sq&Y}hQBIk-&^lI9J8wR%{zR^;tJeZ!V6Zo<I@4S!w#>BV
z^$jn+B9}wl)mevnz*FXd$?4#SRAjF2Kr-lsjJT2`4L)&lu{TKY-NT{$m2<Y;?-}1s
zCLY-Kkb9mzzQ%Z}#3q=tpYizLAt`<8c?3>hrc5o#?!*+2eJC~A&Nvs|F0^-gYEqyb
z-k!Bg5wDd2ucqE{_HPKo?!MY%O3QJ(J2gILZI`ETDOvJOeGTeX7%sO_*QGSkpD*vD
z_?;PWSx|xW<a_=eZ~?}B8BEj+0$7o4(gBnHKZ3FT{@?O1EM8Q&Y0!x35$jdW%$=zA
zLtxlZ!4-GtkiM<$kw|znz_Ji!_=fBGt&)Ou*n4XWc4?76#g|}$DLDIv{C-lG8MA6}
zGSt$clZ(~js<oZjpVMhap*TFzz2>S!NOhlC4z)3gbkrCYv{<we61>0LRU;t63mzE}
zFk-I0ct@O3rX>BbMY*VDFag;CsBzx_TM;mdo3Rt?bpK*%v}aQx=>bh8wpkS}>qyD#
z8EQt7OK55N2|e*RG<!LE;Yakr;C`ZNGcceLAxV)-D3pCfJL<zP_7*;~`p%Le7kG4a
z9b3M!XSQal_Pc@wqWd5S4R(F@@}8!xoE6_XL#^Lkv`x^Cf%HvL(C=9`-HYrsR9E)V
z>^0rSxP?rW;{s{%G?DcnKgu|8wb)AJI3uO*wZP$ZXC6tQ)qy8WtmeDNA@@gFxPlqH
zwbUlofy~Pfd@<M^d2!NSEoXaoh2KGbAO2T%$5@%Law!VqIJCbMPpjIMaG@r%Xa<%z
z!DO|lt*8B|d@3PcEg$0gflja_j~q&WJ0CI9;R3PqI#ij0IAli%B!MYbn~xV7C(pv>
zj5@Jo48ntqVmhIU(=n0=p0i;)zsB%>SFyN&-;iO<dnwjV`WXZpyOHLrhbgNm6)OA|
zu^|Avh?nbN%FE1uFImQty=ke;PnHi2m*XpRU7=sq(z@o##>s!C3J#<T;jX`d_@P=V
zm%FaPUfq>}Xo&VE)&hdPza8yf90m*xNaKrL)t)Em?=}+KTm4=-nTIEhe+j<y+6If_
zuy;~YHfA>~^FOpjL2!sWCHHrXJG(X~fNHH|)(qZ8g5z7f^sfs3=FM2N_;g$ud;fJi
znkINq_4gq)NVn4?@*vt&yNs0-67z5&MeoU8hQ6mQ5YosMYdf~5)bgsI2J%foi&IR+
zVrWl~1v{dr2^Qz@fwLW4kZvK?V!)-$RF)wJdK7z+Y`q;l@>LWGc1xVlDQH(AUqF1L
z<w8=hoBPuZ=14&FI=^2Pq?j-0B{g>d-#!Gj=4%@RzYsM;l}D^YklSqR?HvnuS28V}
zXPL&)JUYBSuAI?GhK$_t)7{atxyhq`k9c9!hxbK)Y!my+!`%bH;{(t$v^(RJFL<Zh
z4V7k9oa?P-Y+laDnoOPXmo{k=w}qaC`HXQHW6Ac>=%CIcFr1LiM<m@3zbK$c@Lr<f
zq}V}F*TYIX4k0F6UmWsNv2X;s40p``Xdep>4;{G(L7<%ubG#Pb#7C~rI-q>X>yoej
z#1TA7{<p-nv5xBlyz2-dKJ&#BXTBmO40ReKD-L*@;oQ~WZO)*w2sJ*7?DSPRhyc}z
zd}j#M6IG-~pp^(3NSXJSZ=}S+rHBb)AJ8<k@gMjB)a?G;tMQqa8;=Fp_4~P!ZM3sM
z1ExA@oLdo-dae+JqJyw;<G>|L;~lBZ+Yt!LI;2=;y#;+w71M$D&--7kHA^Q#wgV$T
z%d`ngUnfC-f-U8w(}(`ZUO9vCTP2Y<#ERbO?r_D$LvUR*(f#RgBMXxeXjwEITQKz8
z$<<9tP#Qwm>xI24-U2$?8vcNjYu(zAe61A>H35-*b;ROB3Tm*e|4x#>vBywiTlL$E
zchs`W5uu@}c3Z!=*1Ng-lKTG4pT-^uhApN0eZ4F`r)G9))e~&!h+CdI*&f4U5@V!M
zGw+2<H9O((?#;l=A=|RS7c0C8T)w2NeX7Hzls1Muhca_kDfB4q`=h6nH(}~e<tI70
zjGwBTxX9J(OV%o}p!5<$!)?^^nbtmAqd@_g47qCR{3msykm<<gFA_^8p4>m%#DJ+Y
zQzjmYAVspMFYA9TMv;&H8FC0!850A?juF>+69<OQTyzKxzx;H;<g-B1gJMy#L*YyO
zsEMv22)-F<5fInT__*10`}zVyaW%ODUG5qi)52|*kv5s6?jgWMF_1EcN+8JX6%U;b
znW>zDQ37zN?j=Hsgd=c6Jc&cGLf&vlhof7xKylK)vF1JDgQJ0CIbm=d80c#TVi|!r
zXAKO(!QjuxC7Iuxf(Z@ORci<0alhKRY~cL2_s5>Cy(}T)VWljbS`cG2FQkLV#4(Y@
zW<xIU?vDVOM`N_hi!+9#A1?jz*&iLy+Gr_dQl4gaN3xNG9-hos2*6=(A>o?^<M2`2
z|6kXzm_JIvn$szzM@cKj5GZ-)pVTGS?c0I2=O;WlI#L_cWpx#ho4v?VIR445c%0cw
z&fs<#O0p+^CD!;*zU)X;T{;m5qbhP4{D`g|QjT9*y^%l}KfPC~%Kel<44Q4@LWlje
zqmn0cQX<EsdUYb<K~cIulFI<Q3dvAA0EYT8VfpkxD;H8?hK#LBuswk!zYe?4&4Oe;
zFLuAW+H>;p#b4@RWd<uZIw?h<6134Ou1)xz@S*uYhCKr$Tf3=;tsZ$#c(cFP;%q-!
z@vv{~l>~iuJSu;RD*pykKO?8-t)Wb#mo(4D%_ohd?Y-`Ka;fIt+>FBB%_`OB8hD#y
zcV1_Vu|E9p={1#}NvJc4JzO(lm$;d}3=;Z(F{~F_5l^{;E1xMU+}>Fpa?yjOOe<x1
zY6V)3vHv%p^!kFcsuyE+ZdU`%?l#T0WL=cBU@3eWowz;H344VEr)X;-MljWy(Riv@
zN>z%adQ!=7!~_fj55I|9!-@_DzW+UL8P6NYO(z|EmoMb|`!I}6lUO<rD6VUVa5`ps
zcP)0*dkD?B*q<6+Nz_k#wJKSCnUWR1B~5H%`@>8lt=PQ~V*~eYkNa8E_6+c<ZADui
zu{Y}%vmm(Ff*#DU$b6Sx@Z?`c)Qi-XX$>k7QzK~&RpK{zO3AW^+7ZJTazP-@Fyeh2
zgUssQ8JC`GtCp_UP>=hQ7C}g*ooeDPElI*DxT0hsnsr%w%hj!&ExiL6K;|NcA}V;<
zIHAfF1VWl8;I8p-7tu6TdQ7$qAzlMl{6ipXrBgabG%Ipm{UQ*<Faa}AWF#mkPSIqu
zh?J|QI3%1grlNsl<cK9Z`%YOSbsEw<Y)Vhw*d=1`#%nk^HRV4k+-WTZJrpNHsM7EA
z8QVD($K9EWJnWjr#Js=X6a+I0h-=l14}h%PC-dCdM~d^<sHjP3VJ5tyr0In#dbm$Q
z&G?-vsE4YkL_={Odn5)t&uBwn60_7V^WFzaybPN?+_N=~yMyF`OGuj_95d;g!l992
zD~+pKmBfvlbgGp`O1v!DW<cGBGw~2<k2jDgsUDTLxhUF1ox@Qa%m~m|T|`6vs%bOg
z`ZcpecqMNQ9J_16%czNm(yYIA6R|Kd{3&y+0$;^Q<QH!PMgEa0ADf(eK&eiR$1N2o
zbJU&?_|^xe&)rl^-V#ppGV(a>z;7f9dWb09;XZa(6bMGAQ5Q#fpw?xYjwHbpp|Aj{
zD?{)=(3jO)U`H0I8I6_J6w|hV92P0)&duCLc&DZpiU`mj-A33ZQDET_Vk3)6kii$D
zt8Yo-9k(lQC*Ww!VR<EY24t*dFL5^XIK$kU=fSU5F|UVjBgqLoL`~v9?G2>-8Va8h
zWI*@hZ1vTop%tE6BcS&pgXu}0Ty%{)RuttMZH(TPzqoP$)&1FdzD0WJ9#l5E0R1Yj
z#x1gnKDcGbT%~sm5Eku~ElPWbuQiJ+Gj;g~0aSY)#2e(>GRso8QI$8v`@mw$^MUY0
zgn+x#t2OGFPq>x<5LTF&2PhO0-eBHssPxb84tgFDN~X5@zt80tFpm?J&&R~oq|gog
zq;uW)cm&s1_*Wi8_JI1PHj`Vo>f8Z;3y(9$^1VIYs~x=8chI?!=zb5FZJqbUVZ5f$
z+h_{F<Veei;ueXD>$iv<^8p7T#y82yRK9fnyqQ7vHX=CtR0H$3st|nXmkek!>2Fj0
z4o_ueeRWp-<(x4-;;>Dm?S@Ek6#k5+p3m-mKF7TMP6MX3|77ALBc%Ui;s}aY(A`wh
zdl1hEDk!}O<j|#K;OLa|T)2S+_aiO=k_n;GV0_77BaEx#q>vaK_cz#{e*KPERwCF-
zR;EjP3&NeQZ?rfBy0ampJ0Ymi#sP_#(YyK^b7b+OD~nr6$6lUv2DJrCf!3j44!6!0
zXOa(lKc=(v1in;ez_v3C-VDJqro4SFH~3qrCu%b>%wc*hB4>65T)cfJHbXtG7=bL_
zq0RYqS<vq<)8X`>fivX^cCKm#6y&|}ey@5-mIs0^XfC@Ffx#GA&z)tz*X@YFLl8W>
zyh$Q<a3YCV{A9O*)@YH3^Q6IyP=uEiz!J$wDJJDeppu~m$%2?7iT+JDfbCI)GsKXZ
z6bOw`gcA(qY`-6c!GA~?X%M??QH1$=#E>Y!#cUDfVW5&hjGcaaxMeys85vhK2oE!Y
zlk65ut%2&*&ILG|cK8Pb)66|+h-#7s(-_#OdXa)Rz!&NE(nBcKu44sLX@Cry=b{!P
zOfJEuBL7i<R@#l2X0vn-rdTUf52j#D;DC_Vzsy-^r$%FIuXHNGV(So2maMJdTOuq+
z!@=FvM$78%kZa+wma;MQ+Jzs!)KeJ4I^FXAo^ctPfPK06Y-meNu4@J|1B57_M2V*K
z^&&)~&Z?wOZBh=*zyNRO%OaOiXwooFMzTjbI3oxL7_mDzKiJ_IzCR4P!PjpCO=$!x
z!`FBJ6;=dWVe5A$l7Y+KfRfDP-AEYheKkj*n}Z-v9}~Ws0oJVb4FgV_dZIqtb?%wY
zCe2S1>R{Dv6`02Fff}6;wk`u_H3=3}2<k=mz)vp`(NQqu_Ta{~?HEY=Z@07zjGrU$
z8~AV69q*ipVf_h&PTU+uFg@qGb1=Puj_v#IqRG^&wc!-2pR6v(8mvyQL;VSBe_B3-
z<5Y~<oR=e|D4UVa9IFM<bOCgNChY5>1C?LC4FCxRL1CM5f>O_#d01FT&v<jRP3}dn
zeP{0iUq$&}2A<77RXmXf$zra|xv7Gy7_O=mQTeG&b@BPNf`JK}EXPjSV83Xti>N?Q
z1;3|bRwsSQ)0MQId}wf*Ua2q>5;NQ;cC1e^!e9ieX`-pN)i+6~F+TEk$vke+C=2l}
z2dzHS;rv)<sc^h<a@9~B;&FO(ON6CR^k>_9AQ<D}9jSbqMo2)Ao{pBkQN1naU4*Fo
z;;h7_Y^HJAyHEvIW0TaR@9Ex|tmEMi#?hge)!+8~#*dsU({enVr6<i(;DP1^Hq)#;
z|M89r4t>s$NmX2fChMaqeSfc1Mc2og8JYNF&sgCsYgZJcpL6VPI7O-;C#l<O*SUZa
z=yv+OZ}6wsx$|fnXr?-QC1DkpXRB3RKR+)o2910gh-OASaE*`yGg^Di$rSo9lFkhV
zJo;a{OF`MP=~Zu_SWDO*g#FF%Yj{PrRx;T*BkD2<0n`UFrRY5&LESt?4>B&ot587$
zMX(wi!hxq;)LWJtG_RSy5V?({5it<nk8Ztjy4FQ!@5T86!J-Gt-f*lmQ1<s#M<&U=
zppZ)#Ji8mqesNQC81~c=vqg=hP@ol~#O2)X=fAD8b}MB1SavmjtVnn+-Z^!Ti3lT=
z?z_2u0Efz#-9W;MB7FU8TZiHy@;OwxN!?-4&8v0uwjGBJNsA5r?)9RZ)&=l9&ZuK&
z+C;CjHBRTcKVu`e4qMsJHoX$X^t>DjZZ5Lb1r#u`?~^6%?lZ2MgK#MU&!lvP11;h&
zRjQAK5j|Sr;qSHKEQC7bg&xKmx1tult^L?=5Cd$4v6@~s(&>bwvo-cd545%{O2`3h
zGo$n4r<)uCwivI@{7k1q@ZbJMto<6lxWogB^{2sS0@Ymyv@bs=3>%gVKb}d>oc_iI
zc2^`@2(#XaVvN<-V~eH7iOV09p7|C&A^Eyvw4v7N&Ux8|it0ty`oL%iFv$>NuOPtJ
zn26r)_h*sT0>W)jtpC3HCi2)d)%H>Rs!OscVkgjvm!HS2pf*d1#iqjbw7{fUn7tVQ
zi#Un&>TB}sv$&f7iU&%mXvBnYT=a}P;bf18+=Hd_X=vi|z<76M5=iUi<lqY2t9As@
z;B42W)6N}ceMe=$o-LvrlxbwRW1u(hx7{)`KL|nxm!p)IJGwpzYPk%}6EWN>5`vt@
zJ0;5+ksjvo2+VPB5X#;O{X{&Q{y9lZgVIBa*GOQRx$ggbY{OjI(s{i+G#5(Bq(9x*
zzUGQ9UxVYJa)BpzcaRsEa!_*>rY8+#^OF!?TcEKgmA{Rj#_x6%L~=U+f*fw+NLXcp
z^(O&OJ0V`zo;Yb<nxa=olfbF5S7xg<j*<w2?oyhfPtHO<%z)YHJPbY1%Y~jKzI8(&
za}?bv)ZjkIm7e*71VnMa69&@Su@aYf01mr}!u9!rLHWcIdHZ6K_r?&N&5&PW6o3$U
zn=;1~d29NSChgnS9eJy%9)=+9tSaRZuE_#9C;IQ>Lh!FWeIorDMByCBP7|Yn2&(zx
zV%#8%OgN`E&?sXGX#gi)cbF{??HglMtALw5J|TkU;@?t-`2GuK;sCr`BHW;)u1s!G
zUCNH1FvI9H2<=v$bBBQ72<|7FJ8-~_Pkg{9uKeHUf1Fc0;Xwsu&J$$kW;ly5==22#
z6ujH_2_FzGNC0MnCoU||`0rue5lz8uIPvs>bui?@Ag56hNb86}?oKekj=-qPuIbqw
zuXXjhYkz9bNjupBnC<F!^XnC)BKJ2si38_FGw(*E4%jI*Z55;|6U=yA+yL}I`T!c@
za6`#t;O!{JZ2Y<V9(S7jGyv-Or$?5=N_55XUybE&vV%S794yiAHw5=t_xW{TYn*+-
z(x!qikhd;bb7xppm3gFr%K>_>2cSO)Un-U|>b?hZhNw4G69?*G>`_ZX?&9igN_Rkq
z{^$K!UL^en#1y#v|0*m*F~|~LVAq_ypm^=EcRD}+#jAP**N7-@=Se2yGecmUcG4+P
zeDAiAi<5OxP01v(^BBIz|5jKa8S{iDU)`^I;#yeOZ?FDWU2g%@R@k+R;uHw(?ogz-
zySq~)xJz-D;%=o7EV#S7y9IYEQYbDhT3jyuzVpvL_uM(j%*yOHJ9{#dWU}7J)*q5T
zH&0(9yEAu10=L_}F?FAYyLZp!l}>Lgt=<hzaK<b~-s@D2uKyaXQ6BPCS_r2+tnz$c
zQQhY60{lUW52R9<m2|cgTewMFbt>~>>*)2kA#_!Y<AY;Yh8D6uhZ}+|cE@q-o_(g|
z0#2~u3YVYWw8a6X^PQ480d&8&D@(+Bga;YW#4N6@t%(hBkJ6*h&42o*(H!nFT(I0{
zCN!z<P3t{11wWydqE3RO{)PoVabqD^J*Kt^)#?oN!6vcI(g3QG*x2O7VpRwTc+%O_
z*xuhrpVF>CH0;xa{emb%5?@_z8eg3g7UBrcR$B3dLL!rwzI<}26Yk^>upApU?2N$$
zmu{k0;Hj;}1P3KdM>vTa(@XiTfYQq-ciEe+sAn-B6RE6jV-QW<Xd3-!#1UI-l@Fs1
z!bT-KjV3nvYuHKL3B7NO94J$%<$97jT(dIm;8Ug>rD8f4lcHaIJF5|=he0-%6YadN
zZE4-Sit&=vAAqt5ONxzx;5vxrn_)cMtfFaa*YPQGsFO$0XIpu0a$D(T9k+*ljYTbG
zRUNIGlOl7)5{fTT>EqV+naV9KzUe=ZfA+LYmStsEM^D<XRoOo>#xhf91~|Rg+qb8$
zmL&DBZ=0HH^6u+(yW2G?G^Z*wmh{FJYgDDE)@n<P92aS28Y(mkG4KiQh2GTEFFw>3
z>3o`+uN<yJP*#H_P(p!{tZqlN!e6yLMX<(4>m7&wAw6O+ER$_#Ex}ODxyZlH6b;Ha
zD^U;4`%)jr$St&7*f+wMx(o&)#bQ|ktu(eIWqV3;J+yj_l)tD5{QUw(q-Zr#Rvz0T
z2))dE6}4FS<i1%H!c4?hcVPS!)%NC2^Tl6pKE4k_{b+b``F!^R1qdgTdUAm7!w=@)
zqdk3KB{y+rLxjX$5h7esnd`y&0HGl$t(-)QvEtnX|1Bso6drIJkpqbxFqt<<9tBTX
zI3hUBzqj!KNQ>b=`F(K1SIkxC%0G@Vqb`@W_LL>KvoxWK8W*(x?U-F16k`XxVo5rD
zAXugQ<s~G49)RBsH9BYwV8^~_FlOsgnqSQ`qPcWH_-m%d8qTOUk!Pfh|JSu{s4Oj%
zs4PwCC)VBJUx{uKqQwb-8mrJ#Kv8l+R58-JU;LpYm>*ka2JZm<HGV#Ary>7Web9xu
z0`q#y?D)Op$*vKIhRb{d<>%U2JyttzhE&hqUZH{jCw9-4KvdcmqjkLkg^{mMR9cRB
z*Cf_u!v}hewGD@f6EVj945P5lGG0+H_4>^2Fx8fdyTB#khv!+dV_BWqLQ!ldUv;9f
zIC}s1M1*h+bJU%{;W`>=&|XF{T`mpU(ezvxv~=)|yz<2Z?*}?``@@&cM*MzZU4?w*
zlA^{01bn1V_5RHd{+VuP|7bu)!L3ejYYu}m34O<pJfu{_+)o?<Bf>W4BN{MipV~8!
zbC#GowXp-Ow>`cMoI37gqh6+5MboC$O5f=n_48A_90Uh2mEr%SfQdJt0NnpB5B}Mb
z0n=y{l%9C8$1w<Gs!%a=fcGuHJ;AxK?GEzPyAo53N`awC#WUhoi)@r8=LwZy)=6#-
zW3K(KVvki^Cc}hB!bTJ|>`Hx9h}S$DYx{!JdY?iYhrm#c^5t_ValN)bdy}u$$j2bQ
zE9};xS@~r1_H5R0_o{er<|*}kjD$v6iBx?ttR2IR-LJ6w0~h>~N{Y3rz8;sQ_skuC
zW{$Y#iNRdFhw9~bbhlGkvZ_}?C+Fl~?6E94MQ<w8ab~`xF9xSUciY<2FB&tJUzVZ~
zMYulrw6k)2lVTzA?Ve~S(Ps0&Evbz;Yqt1N3ua&w^#BeJAtS9{ob2l)JjE%E%V}!4
z;*z?QRP4>uva)N@Dr=1)mj<SDGC$=9uku3Ii)Qf;i4a>DkWD%BAx3q-fA!5+HOWzj
z0(>ZMVTRPYYb+|NiU{gG9pp(GgD;f7C8vdrWnh8eX=#*;Wi^lIKKpWky+VEPWpSg%
z5Dk8DOC0w{hd7dq$`&Dq^>?XmCB=+w3~Thx7Y3bI8z;(gb6~FbE2WR7Ky{Jx0KC&M
zr9B`|rl^pwB~H;#XTIWF-vN7@Vq2%;TS+uSQsCe&Vn}Cj7blQ)){uez`+p7>vFs_%
z?T~zUO}t<|jn(U(sPei?nhs7(0#V~V87k$70Kb!%DQwxAhKWttnh+#AYrw_(mG?lT
z%Ax=^H~C+bTdD}BXqDOOmui<>u;rhAP{5X_{D}=-%)mh({xwXZdK%xrjkuUJ{a}L8
z;;sl7&{j!7Fs+0FaJHvgd*kB|+6A!Nv#nK4cjFUmUOQ6I{q_~OEo-~maK8EvU$kGk
zJ=WYWlyBcUkUIJf)EbywgZfgMTi=d104_pC$~Y#DdS0~h&A&3UBxj8Qt30jSu5=$v
zxMPiJQnA!We4roeWdeEyeD1EmKY|?6+H(HRP4>5}U5s2MF3P$=tuyAD_O&3`Getp%
zJsfJmtS^_@I9#-ZGI-(&@;nA58tM=~7q9nIDD_-AT<TcgnFMC8v$aqLK>D?;1uxD&
zI=_tF8eZ(5-xGM_i4CI3dCdd_@mgH8P=rUuAF5AYqB~6oWOwlRM*I*JKT0;gXhCqY
z`(MQ-?zGeiZ%3<s%jw?=Q)q7k%FGX3u!!E5uHWjYT@LRbBGYf*9f$9zTb>Bs>y2~K
z4!c}kss$rAmqO63W_HSn$Hh&JnN$lLwoVwWB@lNF$Q-rdaTizAdb7kvPIjZ_#OHJ#
ztr8s~Z@UVmMsiKdAD`1x#ph<Gm3@v=g2A09M;4m80-eDnbvMk&ikwTc$*DYb_c6uA
zK+|1rX69<m24L^B-vibZt^%i>T(}-?I!cnjQNd_s;Yg-fY^_G|zCkiy&;FAa3A0K`
zU3$4)dpSz`gv4)G=B*S=&$+}x_M?q2jA@7g_*Vn7^%q*eSW@tA<6t|d%-;I_ynz?X
z{t4eqO+aJGGfUr}siHk<gPaezJ8up>5bExX^pkl015)8xr8tEE`gU@>2w`eVTfl`q
zZLsyElg}<eAJ8>Y$wRgQ6~WmG%DO(+K1=SK98)m#*y9JzMC}(#ge=k-66aLZa|Ut+
zZz06K^!Fd*zcVZ0`2>k6$;4K5{YM+GA5%z80h;smm{EjVjwk`W*XqmO5zge+agord
zP?xToY*uWfiLJq+R_Z=ct47-t#|2)RxqfcM-rHA*g*ZfTJb%#l*!lv;J18@{(O*?y
z?q}>d#`Xp~E%GrGOz`8vDcW#bw|SKFKIvj*m|c)nxxt)v6^4cDCtkqA_468b<mQU_
z6TvG}uCjn)6;Q=eCl#iPztRb99LJZpf{yMF0D7Ur`I6%$xmg^r=llf7JHU4;?&b$z
zVdvD0RMmKZWfr)FhW6d_7VTCLW7=hPZN2_ZV0qf4x3SahgTUC9>G?t147oRp9EvRY
z&X&tK_9>E3WFTvChcnJLK2562BM0Yoh)1`paF?V*Y}G)}Sw+a%mH>L)*nJ^36|FNM
zA?%Al+i-c*Z%S5P->K|aXq&)~DP`2d80%RHNTh=+@)d{Ax^M{t(|4Mf1}vP7%|{9a
z3HL%+Qr?(Y{w*uvBV?)Ux{gu#JYjHaIB^Weo4g64un+n)d*}8|5yRZn4ok@^2BvL4
zT?U;+%YQZqY@N3uY_Tr1hDn=tUj%fM!rpTR^=1V1;$X6~TVVv2jFgnu+hPPFOP89`
z;Cqog&sF~VD_8!BT%@dWcibPjKp3g%SH2$o>iy2(Uay>EF2dy<4Q5~oq=ccNy+F6O
zohnnwV@fMXB)ua;5va2u7L^faPa||O#ArwKAu$-ES|rTo0a;l)2<<p6-GKb_TpXh(
zp_IBGC!hdA5pzYs2c(B`fuG3khv#`qk;X~?qRoWL$gxxfL8`Xmgk_;xH|di`Fu-|Y
z-=-qGK@@znj$;80VI`v*YM{?k^vJznz_M{b72+ZgaO*6Lo5ZD-$EEZW5XL3;6Ug`T
z0vxgbk)Z6Zv6ObRt>iVGLy%~JX=6fNEkrk*Ccgd)fp;3zWPzQhECgrxN6bFVO0z1}
zpy$(9lBrNiO`#S1%pl|qY)Qmu`O@BpFaeSZb2gdhJPv}ws?;8GN#Xu-)ooUQUkrn)
zw*0PGU)9I3s?bCrds|`Agz4h2NgQAVViLzf;3pe#>r+8H%;9xJ3rlEur~_k}{M%rp
zuFi_DFsJ{W__4kTI1`QrnK4|Yvk!dmT>6a7xin-m68fHx0E^eus<z$>TH=dk`ylb2
zaTTzC^Nqy`XSeSfFKdnXHzdZQB3fP4HCbW9Bo@%}u{c49-5xVbrz9R+PTexUN~I|q
z_W~9$dp`y^+`Vo(l_ac=<6vbD;5NWysWiq1OX#w+fPz*0$(PtlK&wiO(ZOam6;XsA
zOtS0&a2V-~X2o#NF_KU^RWYj$Y(1@XrOXq1GT{YgCdGbXxzm}vr0YF?FOQ>7PvnCa
zfj^d<gEjQMEu|=g6O_KO*SnOAtPa@4?Zo2Jsyr)RYmKZ9PbCxTQ>*1MaJF<riD_CX
z)k`8E$+h%TK%-)@-I^x^X@HHKZsq#yCso6t2DgL~g2p2WX!68iYVfcyWN~=3%>n3E
zF>#+zp%RwR?Yh)f8MUGH=RpP~L(2o(P9<fy1onhzfLQEPnSzzy!}aE1H}_d{1ZSCG
zXYhuY{oxXSQVQSt&es4_f0x;jwJ?$z${)Ya3cs%8s*q6q_y<<+9TY%YuUggxXjS9H
zC#2T;iagu`5J&rM2gtMjLCl-~g_vQEew8u6axb(YEr(|me<(nJROujEq#hd_Om|pO
zH1<HJ6D9yX5`Z8-un9K>CqukMh{brSe~2mtqe)?Q1>d@gcIwvZ86AqUBwQ#L(TnP#
zRVFMu<fE?|st`#hrbL`sTlS5JJf3T|q5PTrCF^y+NqKrg;(h7|?=<N26t*UF<fzV=
z#viVaHak(_25o9*zd?$qD-)=YNt`+j&8Z~V^z?bH68EK;fr$f@687dwZ5Rjh1SUmb
z*La?`(oO}=8o^?Wcy%)NAEtOcVB&xla#PIf^#X3yGH$=w32=!i!~6AV*wS=vs8n}m
zJWofVUsy?=Npt?o5;Sv3Q3``?aTDk0hY=_sAc6MQJcwB%Sw8SqEY;pX9G*fkkW373
zUlNco3<cE2gv=X!VhXhcR+wocOqkU%mn0|kHw?i&IO2B`Ac!C3#ma_S?sU4+oUqX<
z@&r%%_eHgp1q{t1&wbmyk0RWs{c+*K1@3Qf{yS&_44by9W4>m{Tr}2WR_sMfrCn&B
zZ1$L{W9~$ln8!)AJTWH{g|>Ua_Yy+Ql^HIgd6|Tn1pQdf0?BiIwH&8P@bql*?vkQ{
z?z(j+`s&wZK%3~t>Fo)#knSh{D@9>T9gU9?sZIXARN(igqIj(|3f--&9D|%g)HkS9
zu==s-Xf#agTp1t#pbRv{$8V`F4r8z?EF9-(5nfKbL6vmhi7&^-jd_$hF*1s{WBe{l
zsWQ@Mlu;96BsDZ9s1WRce1DPnghJ|{&|Qlh=yM4i^?7AgoMuFh&VZ3$FI3;!-2BW*
zJ#O#f?;ia>Y}VV`23OcUESh60@g{sT>oYxeIAZ0LiFfwK<f+Mx{Fc;?1>mVkp?+wO
zOR~UbTjitjcs<g(oGtz%OdG84(j855e;WQRQ@B8*KzS06@@}z=*5xVtQ?ptho~*U4
z`UIs4ou=3)RVexN4(4jdZjl^K<$AX)t1_gViYE|A5){0H2Ot}~@G{O(qSwM~&X)+%
zR~D9I+@}%r)e@%($Nu7F(|vQfKojBPOK*vM?@Pg>EG~9yjto;1ATBmFj>)VKeh2t6
zV)3-B>X$yArou3Fp$&{NyR1CBJg6-$V^GJTh?&-BJ|=~0CHZHNHfJ(M@MppbSs&&c
zJj#~aJd6+lf^YeFBTT@zS*Kqg%kdO6B83&}fwZ1Xqn?Y&TJf7)t14U!VK8*77t>?=
z1I)Z;V4|<mG1!U-nnR$}qdXtP)K@HpY=n-%kWou4(L*9SQ56#B-vaQe%<TxrXV3W1
zQ19V?1~t))o;-D9j~~50c}_18D;%ST`%1wpgrvP82HwHDe}>IC_RdGJJ)W2?aOnMG
z*VDyOWT26%om_IAP^yQerCOq$Sn+rNgt*I_MWrdM@&HL)y6?-Sz5!%9Mt~{iN5jBv
zM=h%(cWZYRWa(GHr+R&ji!V`IAomj102H5=RKHhbQw^FTV_604&VZfQ6O6X&mBlOM
z367Y98E%VUx?$0~(i{POt@K8o-hM4uB-Clg>v=-^V*}$DX_aV{NhAlPF2vg#J4J$p
z!Qg$~TCtOZc*<`(t9=KWR0D5f_-vGL4e;+SkEajHVN98F4R3A<^WV!n+s&d*ScIbj
z&<Gkdx_JI9`4-Dg=z+!z@R@WSDvr33YQy>J`t>jUiOD0yk^@a@2F`tKYvbu#P+8Ol
zTvw9B67K$vkauRHq{6K=`M{r*r3t7C`Ww0beT(N|!vgh~x_c6h;dcxEzEkFEvbV_B
zH*teAL!AH)#nqts^&^XzzTt!|iRhZre08PaCd|DJwtj9Be)O4=k|UKo=ZMA%U<qG;
zcF*ihEZl||I}*z>B(@r8#|uFVR@zw*vJ2{q>x(a<g_K)Uzw_qA269fw4Re3lu}ER~
zVebtfs?2o3NF5m=s_R4zQgj7$aNAW%(j8`XITTsdOV%%ccKdjLm=$bnk{Y*b5!JS^
z&2~4PuG!*wH?k(m@%{;B-mv{m?Rjez4YUB#1fxjo9gg51`S#-GW5%N1dJppySb!si
z9E+`zWl27ybTW1H6Vg^KJY0NoaIC&&ED-)ww~%p@=3^Q*u;Dp1<-mN?QvR_h<RjI@
zwPRKPp`AfNkOj=`|7^w__Bs+=9ja76#>v~50pL6eJ@t}NZ9~hpC}qaeOl!^}8%hs;
zIRKOH4-VAWy^_l1c`mh)Kk~i~*jU{AQB~4nd#_8O)~rJ44);NaU7y|PqnW^n`xO#@
z?bNDRMr<uVYK6ajwjcL_4x?Ni)AK~G_Q9Bh@<<u>kY)2F1>mt9b?d;?r@^00K!4W4
z6lA~ws*?rNQE-J5+ycf8k<LR=`uj+MMl`{W{lve}v%Vo{qxi{Thn@{Sg_Jm)`P%OK
zAtrBh){iP~>;1J=7Nm`rgOtk#3fn4VF_Ut*5d5UN^akBiWSqbc?ne8xw7x5eJ7e5F
zZ)4pN??BwJb7pjXw>H<Tp{D7~%M)&Fy~qfIQqb86gDf9A-JIHu4mJ~2amx&jx8~tG
z#`Qz$Orlm3|6@9)ZZfg5zc?H_>$*}A+ut1u)&2y_7PeuM=9PR}9vUTBru}M60x=J6
z&HUaT9DYUj_W(}BC75%C-{m1H&3&9>2h^6E#!T$U%L$zjV_s+5N!bQ28mUR;5N5gF
z^>V2iNxet0p8TETy@hu<J1R=+<9?|_m&PKZjHx0V=8QL)yUvCAZzDR(35T$T)*hCV
z#o=+CMc!F<EjZJK><~Eo0vugPqc6ntdj_EW?%$c4-s%sC-2VB$qs{}SZC<OL{C}<y
zb7G4|bm9BDcUiUm2X*$_|CJ0|=8y>F56o`?n`fe<1SU%5%qX!K0$Db*(guAd&n)7O
zI<&krAheCydh7CScMGMe<<va>oK(|)G!qTgd|PH?jgqm|v2q`$ktp3U$Sv+4uyEVy
z=V5jm)d0=nH6kAlx*4$A<bCftkHQbpM0OjKjZf!Tb1Wx_GHGTSx+dwy+<F(*J2%!I
z5})rx2}xtkGv1YN{<U_Xeg5h<g-pr1@E?`qq~C=|E2Lt1ZF3Hj4}4mqxn}rn_3ZY1
zwyKj3`4`&bT+F7fgwE52X6R<zz6s69KLSUDW>h)W>c_k?w-A!fc@A8@Jqi3EpI@s^
z|BCk%_+0rc)bXoI-CN1^QKtN@q2}gkqfv8jLBVG^X<?l2T&YJtsef^=6F1K0YBR&H
zRh9Oq!@g3haCQ#eLiLz?XGgl@VHOQ1g$g|AfimR-%vn;~pWLy6b_F2U3X3(f?CL>e
z=c!n_GM4f;@+7GRnmJ}Vv?M9cv`8f^WyADIo=KWHE_p6xtSLGv2LP!J$Oi8jOp`$u
zZFMzDGiT6ClX3LG>z^r07iv}d*(*uV%}4PQcq82|L69>NS9wb*iPw!`IBF~t=&-K5
zH3`2zWiJK6Dq-j6q+K_2waUm!&%#rho;>?LmY&XPtURqWB1C6hGM3IDXreql892Ap
zs=wrF<(fTLG-WW>l>YqJ1HoJtL2HR{rfA0E$z<M|<s*YBC_Kl)RU%0w$)QU=x4j5Q
zPe!slfnu_VYf;{|jrS=z0=VH44u|;lTF$o2FG}9_V<!bTIYKdaK0y$yq%E1W<QxZ%
ziSv#(Nm`n<;I2xHohjN;ES~2Aq5@kMR%N25<O8qYq2n&BtEvLJ%KWh}_k^g`82_Y|
zQS$Q^+*w`Z!Hh=+9gC?-jR)izRS|TRrW{&iU<J|84*ILl!>p^OVs7Q~uJZ5VJG+Oj
zMxsBToU{kK1%RlW*%Pbu%gmKKJ!4;1)wBoidQbq!Ut^E6kB`-3_7S}}q_A6_ge;i`
zp3~*B<~v#qa(j!Kn)B^j;@HNcU6jf#*YWsE9wdn%_TZv?LJOW`hw3p$n+9U!m^gZu
z<l=eGHPrnY{iIC{`lpgs6Zry%YypFE<Om|I7Vi+MO-3inO8X2y58Ue|%sF;)ox`(o
znb!H@e7vMhXNN}OaU5A~?XE95l0K%0Nr!dO9Sc*bNR9<0wtV?_Y*99&s!4Q@HquB4
zE7UWT3`3(J5*~b2rTJ6b;lI+XJ}HAf)JiAWh3VmJAq8|3ilT1^_o02BTfKr`F*m;3
zpfzy;)QYsa<)nOC{$oDSNKGR>H|*jhWU*>x<i*KE!|ciMXC;%Y17mzC>ei1{@ZdX~
z%%!V8WTd_Q9Hp4FhV6uQk(K?GD|JR;MIir^=|p&d*VIV|i>gtU7aClkL>>BAw4`<P
zr=ESyy=|l*9$LzV+Y*@!k|+r#!3apof?5nhc2X}0K}`i)_pOMRg(R)cIR~89wa)9k
zB&15pA5xlSs~0;CSFauIgzRk>G3G=@!4aCmI0+$4Ln!>!G2gaG-!m#E#rWrP;TE!2
z2vk8cuJPk)806L|2YRP&YDj#%`<3<|b-wc9+7!0W$_uTs>;m|xlH&QS4=Isci9+Oe
zY^Wuv;I2yj(IC}#<AQ|4h$NOr-Zwgum#4Kbh}ecIC4XmAeo68oHZrY8UW{IXyh$Mw
zH@CD8ZoP(g!Xik}nDR&DQ0S=~IaZO@$2yNa<hs}vHJ8^6y_^P{`hR--YAyX3q4##F
z6|LP~sw8e*yYa%j&9$L`)F5CYPG4dp!Y8wL`q)Il;she2n25aXs-rIMoNR;B+kKEh
z^x$jL^g4j`U9DD6lV=WwHF)2L7lZDrFzMH@gx(#_SNNx!m(_JhJud$0pWK8@i48&U
z#Ey&uCfk|}No|m;atmgXL)b#d7!T<1Agyk4U4T-l9`iq|Qk-zA#3_`0Z^Pog1jx%t
z1so0izEx#y1tj;{f_RTE{StXYLhJfnG(P3_)K85wJfLBi&roE)XQ<bst|;l&qt3KV
z8on`WwP2cN(L0i%@t#na#Z{*{hW(IE3<s|nALwC;oN68}Uy3VX>D(&*B!g#>YOo|j
zxpD@iQu4x?f4@2Td6M^rR^pBzV(|1Hspw@sk$chXF|+C`OT{1&MQp0+Bv3Ddzhl9C
zpSj)_3gKJnm0SfP+l4lxUF0@6MwMtr_I6ruV5nH*b4k^ax529}ggXkM<Z#mJyY47$
z3wYs!y8El;K9Gk%t*|^E1>Ve+s^-e{!$J!4VJGPRKf1U^q`0d#-*U;-N-WNa1H6wJ
zCrm4Yc24>hX4A%HpGwva1~bkm>EuH{4MP9%oQpNZ2m%yhhCyH$yRYlj>K$o*ze_;h
z|E<ie=y0M(f)DGAR`V$at<OdU*IHE4LRq5V&{5*wF*QAkY9Bw^D1i@k$?p7d9YYd=
z`G>FvFCUD)fVhTuP*3~m<RxQ3SKNr@Q~*cv2UF5o>*@MQEYhP2F+>GF@~1zYG^8*y
z{LcNZ6c7!%kK5x^PB2daFIe1Xya{FbAIuG@frA0r7O3gdmNi~>sZ~3DG<IxbL|^Fa
z<mNH3E$D!uL?{gM^c3t$n!DVs<B4j!^MfP#kg-dRJPHEu^o7n=th|#r;7=O6?XL@I
z4mnrSU<=fLuhO1U-VMB|(7n|h-~Nw1j5j0pmd195_IuW#HVJvuee81tbPPy-*#yKr
znWGm~l&$&&J!at`&%Sz*ERrwSLj243()6l)*Nli9l^Fs)V7Iz@ssSOYC2V034sZ<Z
zp~of0^vKF8W07#xQ)b%^De!KeC;iJBwo*ofmhu9dwVH3$vNJL(GMQu+!D`-e8cg$+
z+yE?DT&|+3-aTC?RP8sYl|w21NB!Pj@qk*)tMvxk1NaHSa1*Sn08|3M5t9oNZBDU^
zwNmf0&;nh$2wt%Zg-*wyZ4{UgUaDKb2cc$S1UM1JXj`%E2{ag1Z4*=$1C>?WNdyFZ
zN9Uc!zHr_&v1PGAd??hz+FHqq-u-=1b_^F-Oyi}fVz}S3XC6ivJea2z%Jh;#J<gqY
zmf>vwo=sC@RMvQ;VfegL0P=tK7s)44#h?mc`x@oV1Je$(w_`$v;qs11NEvvFvteAO
z1Vy=Nri(`tC%1`5f0sFj!FWB&JyHdfTT=Mk{Ej?jL9&z~J*)*RcZXhok&MO8GVH7W
z$;Y<=6ImZo7OKiV@mF#&qF%VfvAI`s_EG;ZIC!gFWSCBD7pi_oAbR0EMpOWXEcf*Q
z`$S4SMx)K&9%my&xDloIS_qEeA-N_+$`4#x;9bQP3Tr44CZ8JC+{Z;}0(~gcH<NaR
zFC6SO@_;p@Moi^4K=+G19<=pBK&NkEaSv~8!S+v#ud3c89z79~gsR}@p#BSS;v1G|
zSt!<wJB!<(K4<cMzIZfm7#5-je3nrt65Z{>Hd#{#niivOK((Cse?@XmA*DlNU}J2t
zWIVFa-nyI3YUW3ZI5vdQWY-pl{QS#Et{?){`2_&RuJk(dAT4|R5a~;&_Vh5n?VVk;
zhXNhTs=iS(7t+`?R}JjlAJ)d}y&}LyXD;F$kN4sI$Wwzvvq#JVKCv}>qDc-yPWyI>
zL!r=<zG@*<jr<C_DdFcnBd4sMZpf!{I`ne*F^<ox%RpZ2xqRZ1fXz%VB}D%_R|<LJ
z4+Ysewykk#HH;1Fl{RH`&s8d)#HEFN0`~DXSM7e6y=NSsHtNP|X4gSJw^!#nj)(@{
zsQP7y+zzz{LRW8df`7bbggD|^;tz36B-OZ<@e=h#nj>as<wi@D^344TNH&@IAa|o4
zAzYY2&UC&c?F6e<L@ybu2a{b(oo3WFI|L8QEZ=z&VHR<5dWqIhJzA%@;);|VG#XSP
znc9bk9(s6h67Fr*?;i4VLFVc2{{Dl<p+LRsWKomFdnhUf_`3{$-9SZZ2W_9isQ--Q
zQ3CGrMv!Y1xT1bD#SHyR8Xrh~Za{(Lco}J-98+6&Q-+nf>$99UER0Gg-l|r%tHV@J
z%Rq*)LR(A7V@z|$N?z>B(ywuNJaM;m_~F55WB5Lt<^4k>5tS^LJLoD<zoeWaEIhsA
zzF4t=hdk2;_=JMXN7?WEn%-VIzCR48&Nq(yI00(=nSf1fC$P%PpmO##E8dTT1aYC0
zk{>2E?vvro^ws6V<2y#&6mdW;Eb69qviR(A^#@fzFopDy;ZOKNHY!Ou6s>#sIeaJf
zF>)G<Abu~f#UFXRf5e@`n^?#`=-aM0V$%kd^7M!k14WLZkV;X((Jc;7&3J|y=5M#i
zscR=bTEA}t)^o>x|G-7ZXUYp(q(8$)9`%%_oV+OSeYc}FM=@Zbsu9ss@{!7|hFbpR
z3)#{DG9b12loc1Xcf1)KQ<V|(jRU&%<f8dtK22+^f+sTB8XjqK{E2<hoGv!H#+0KG
zOa8(Nbf+Zi`A>c!S|r3xpM4fIIhmbFT351Yw9H)8j9%D0&Gi7cgA~~qNpG>aiEHM7
zb_lJiCNk8AZ4qa;jid;#y8Q!7oL<cX$)n9QPX)R&`Y&Oo(DvIgMcW2(Ec{4GqTuML
z*+Q@=27{i8NbvzSTQc9a3r6cwvSes-Pw3h&)%MQ(x<$ixL)vYt&g|~WHp=7X9ogG0
zFOf%fxfd^Kf6iRFc_>-I2(4L^sYseQ8`<u*&2u6tpk$Q*&0lmI^0yK-fIQM^VDEGj
zFVMpi{kHYNlJr-&&0mpOP22sR|7f-9Hv<2$q)~3~EUDz4@lMui(SkPKNvC_~ImyH;
zwv3AQ@!*ppllhqWK))3C0TT&5qgnKeQ`dm;)s>G`k~|%GPmDCwuGYXb2W$duBbM25
z&a>48)7stV(M5e=OGoH`2`<@1+DUOLFjY88WUiW;(iYc;C3ojoP0U?MBgdNz!KM<U
zaY(XRl!FQ+EPm&dW(kEYPQ15>+fI|Z-o1a=JlJwT3i;3~hX7=n@5z^SJn;A{?^`31
zx`Ra1e@$5MFEHepJ8a$*^eBA%BzjQ|oj{})80e!HmACExk%tomTbHK7^lg3bE*Rz5
z)oVEyjDl)11V*G!5>$z?qhTZ(UH@94FaOOvFTUH##MksPgTX-AsdMmIg1IUb%tJK%
z#wCqjIS51}4r)xUUtJDrAz2P?u@FeBN2?-i+J}hgTR}Pa?E6mJF_DN!J1c?;tN@OQ
zPEEnB%+1uRefk#kAs0L)8($E%%(g%2p3SX)wVS)ZV{t(pp%sm<SAzJYIA6bNm>TeD
z2@&Q^a7S1Ym7zp*aKXB^!y^~?vbz(f!ggRR)xnJvv$TXW-w{0%uUPc2;7eAvzCxun
zU`1Bd9UxS3_U*%zWiN(uCZsk;H0`Mr%5i=e5$MbxyxeD$v+&aS6rkGG2_^M-Vbtm;
zb^7bCylP>VTz|{yA~CQ(`}mxktAY33sGtoKL2FT@mqr|PSRj`q*x4Nr-K_nAxGmuJ
zEF-}<@iAhQHn^?L1^Q7=Hk;;C%1P)lLv18`<>$r<caBq_=}d-Ps$oHiLHS8oN}a8;
z>EdTk>$+UDEYt0sS@5dP=WoL4Dt$<y)EQip3p61z6tg$|)*rr)?oLiyLy6guM3o>E
z?G$4KFt7DuF@O81@6KNU;HbvI2gnbB1AGJzIM1BPz9ruB+){9Hv--nr+9$f3&3oMR
z#UOys*1~bauuAbAMNY33%@vAz`THl4tW@fJvP{Aaa!LEMOb-B+0TD}674!Gq0wEgn
ziWY=-gY$(uC>!Vqs7|vNb~*v$c{>w`B7{O+{ez{jCjhdo?HyDyqu@x<3}G@6VoH5V
z-8UODZ}0bRfXt}mlvwEb>eo*D0GFUtm$!tWjSy1!fVvt2snhJ`e+u9)It;=gx=m>7
z?@5_|Eh@&F16qf*ob!zm8ZqxMA*z6gz@d@@WH~q}dBGl$l;k7k#3W@q42g`PSy_cb
z&~4#|*_=s44a++Ecl`o#S}=q->N$&1gp3=I$jY<33^hi+1U+Ugkj73}MJV^W8nkB(
z1rikujJdd{`7}j9mb+yJ8^_z{o%kc&;^@cf8HZ5dSCr-#CPD+zXfb-Y8i?Av|3$$@
zCh27aTS+!T;{9X~@@5#TRCIzsPe+Q&*zh4%owavfo*p)WSM6RV|AOZFH$PA9_7Q|5
z2!#Cu-rO~&?&3z=2cBGhWY3EPmwaP9t)%MN+n)*w28_E*O6oK&I$iT@9+C_&3D|_b
zp3sHmP!6%v_%Od1tn|lZ+yK6mEqV!xcXWz+oZD!Q=4LyixKBUo&cu|WZ9rTle-t&Q
zadWZq%DYEzpL9k>i8|fZV^r=mUEfw#xzC<7uZrPQ`lgDe-h6T@S269b#6XZO(Z^4~
zGdgxQBG|(B(vMP7Rdmm8Nn1>iw!1cH(~xt63@to*9W?im+{}avL54c2-|b~a5xtO~
zn9_685kW2qZVZRQq5u?V0*+4CQG%A&6r0CM;DV<?l^Vf$&n6RTy0yg7&WMbp03#88
zln7$HsHcAS#Bf{lN;BxlpNq(T4q7o>Y<PiRX-MJP3LhDyfHHm>HvceJTQ$J?9+voS
zP|bt^Ay8?;CGry!I>$keP9l-GZLsmt%`of3;<*_h;w2p$jKI|y)q!8*gNG-f@UGt(
zUU37Z7_e1b?ATd7^az1T9P~&LF2o7<?Dk%40Py?K3m@Y`5xY(W5q7lRvdqIC?r_TJ
zQI`io49(lw#@r@=TvKI|geykd+R+AikCx~Q6n5R)^6i)8LQRKEVEPMJ0ml?d?G6$R
zO-&}Bym|>O;>1U!AOw8=K(<_HNRjTX#a>TTAF{M~lJCBMlifyNlzJCKJND9d0z`C8
z0v@D<;Mz7fh&YAbxK<3@e5QFe#Quy=X;sYBLbOE9!uBIz7Sum5)G}sbdhk6wpR0||
z1ROH%zI1(f7;$x)HNC_*vsBGTkNPt&l2ry~mk-s&{%5Ev%BUUOzXk)xZR)=b20O~l
zV4)nuB_lGKa+&p|!rf5h!ls#xvku59J)wqc<0wb?g5}uAuzBlWJ>G+}h{SDathAN}
zPzE=!rf16$KDT+O!f4vppUEu-VtScK0TaEG;!h<3r6+6J*mAh2qv6371Z6S76(5Y)
z)Nn7&^B6fukZy%$2r8&t9MjNi)!$_UpQYbr16u5ADN7+0ChG%}G2M&Rmm&1lc}#qE
zJ;5~uM=}4a4587&8jdmkdSYjridIJX&KCC$=Yj~GlswXws{fchQOan~Vc3P5v42c`
z$kXNE-R}69YLMjML7?cFLu<mkHf=cxYlmQdOh}+8$(G8Au~OFvJ`r@P>c{9JRK*+z
z(UcL20g>-~ly{f|Ln7G6zrxw7`L05=ejd}0!VWGYKcwoftfdU);Jj%p3*Nr`;c$ZW
z8Izv)Ii>&V7?6^=2!P1>F#+TtL16&7GTVd%ZGbHdF?54PnX^YqG{X{d4~cG$m$`V;
zDUQUooKn_1;DUdqIeUIe12R(DA=xRz93A6Gnf5`=Y;d-pMRI@^pHbTE=qatx_A$#w
zNf~%G6;74XAAB{vh*6|>WHPrarM$I7a?&xVwTM+7{*4#*Z64ZLjd?vn=V6#CHIbVv
z%9owoGb+Sf*1KLWD|FXrZ31ckIVm3AGr7LcWS81RdqNO?hVkJD)#$Zcl6rkzC-Y}3
zA#TdSNHx4pG0b%Hm_Q9bIgZAHX7COs^c+KY)}SE-_2fkG25tw-OwG$11@QV2ZtATS
z!7}@V?3=|m?p85l78*;~(pcxrTm-G+<uhc#{p`witvEAVxQuFyJwJF9s{6#4qcV6G
zQt2dSp%571A3P>42z~Y%{?173WQ2+4YGjk?^+j}La35tc*%`JRrD)av(xKk`0u>4^
z`pM%Q`KZ+mkuW!&Gm?=2zsE)xSSn}{D&|6kFAL$!lUp)~xN-)lJrOS>Mt<%;wWyO*
z{3Z?Ru9cy6@qJGAG=k3qWkgyCF1Wx5Me8tq51u&NSOTmine)FhwZR1hbqk<5P>o1E
z%uQh}k+c^*R(+pCKRub>uR*LHxrW?@Zf&FHHV`hlqk^Ej$MnVHm8>90ep@T1yyEAm
zsZxVn39|<~H)oA=)F?KEKGzaTs*w0(WA|{%=bFN8T_lpOcIflXY<tL@UH2O7UIQg3
zF4djyH57z_+ziT<V<bF?X=S2I@Txq-y7;T&rKQ4UUpuv{%YV#TF^eJT_5Hc@{dO@*
zV3v9(8FW4NAd-b0B$4>zi%BF1l*1&Y8Z_;w9~3+9Zn+zZZ?&Yj6RZDMoVK=YZlSN(
z>N9aSYlQUF>>;@^a>BMvZO}^gmbXJtbT<2V20!5aw0-uCQ(@TV&Tk&G14I$o`dQ9_
zSEF0)1=jJVyj8RP<*dc@9?x)RV;Z=!W;865PC^rJfE>>BFHl=({2j2P$lF5WsiWqB
zs6D1C_Yp?0_YoQ;c|-(}Mx=3)C2oYMPE%}XV?jUn95j7XFj}W9WW&oV{`Nm0D-K)-
z-~+$!MHD?dC=5G}*6^%0WxKWR)RI$O^>t)5s2cJ{x_F;+N*|UNk~}ub@Y|d<_45;C
zh5jqBkT=m?*{H>UlZh@YhB|D~1{#G*h6uBme2n3lZ4zyI@cK51!Zu0RK(nu0WVtck
zX~H54u1(|;m1n4d93?)SRu!8kWr2OD5g5~#@`qWdF~l;K>ek!r9)8Wo76agy3kb<i
z`1M}2pS^}LWH)s$7+r#xu<?zO759*aA}b%}DF{-dG*CmtBMaUOY`@xAp#>WNVG!eu
zod6-!^ka<d`3x)BrU`+D{`-13*EJkF;APF6z(O8ZQTFifVX*1@4#$K55Mg@E4v>h=
zg^v-xhXKSxQ{lE>!oU0iw!k$b=0lE#-?c`FhC&e-N01ZtAY#w|Ml#s(nP4ZY;39^a
z>++IFI_@BbT2idD6(mjyF~5cA47?i^q|Rc>tZ)4V$a4PTjW_{yqKh-{l8!j9M>uYX
z`#6%hke9?bZ%*?FIkG2?eBH!2FZ!Oom_&>R!C9^b*ne%fyv@A^E98FGOs3)a4ohwf
zZ;tj=iDUL=#BDI2Q$!0uLGy&i7}hkBlChHX^*g-$GmgqgaNr$h#MhVm1)e9Am%WWQ
zKO|Mp+3vqljwClp;SuJCw`;QbhrrzGKmKh~*^*hMgEIjaP+eFm*%#)g)>rrifv-&t
zFL4)kbq3^irp_5kbzg>Cy-<>w0m70O6xK?;2!=Z&?WiVHHRLMH=uK0de^l4mgtH{C
z3egpVd=yHo5kuL^Lmgv#1v(L**j#)qH(J*0psY$*DVN!<H-EBAi=dbUq0MGli$Zw}
za-hssS?v2oLU=(7YnMn)1*0Z0D`+Sl6hYytNy~8n+YKU-!2LR)JtPACPix-WQ2U^J
zkQdQ8wI9ZI|L7dGGzI*l-HB3m&8nsf-uWeVm#mNs*RG;9+YKyh8>}Zx_>X$(f#_}=
z65&A|C2k}Xb%TUmbh3J@NF5hqZ=(yb0|H`?*u@b*=vPGe);3a%@T1t=leUW;Fm~zb
z#8Hx%Aqc1M58Zl>o3+onQjhyZDOvxht`XuMk{Wl{yxZd^e-G@clR=T6=17P)get-Y
zHQ3VWE^AK%mEoS^G<b7RX8Hr<YtwLK0}?m~w*8#jurn{fSnn}cxK;;r=YF-)(4<G0
zsW4J2Ex<@1;x_?5nS7ya)|#dIk-NH&Cp-7OFZflI56HK5k|V#j4eN!#b0|C%QJ6dw
z5e%519|4LWSE)rev~x7=Z(c{G4!Vd{R)QBGxG-!4S@Upq%!PG{uDNz@wCtg@m!k>n
z)j`<{^g=I9FxW3>MN_C)@Wxov8n8!69+i6)UHgPNR!L((6-#bE=M>L<J13kfzpTub
zE$5w%F(sO~l_25zKCTgUW|%rL*S*7MTxrX+cv<G2W*(K>9rJh1Y*3cKpBGZ((a_bF
zxa!D1q;)qp2t#9FR4GW##_Lh<fH7i#ahp_pYaq%W7`y@sMtJu@RxfgWXZcooN$<X$
z*CVE9es{K?F};Dyi!@8V730%s3(}5U6HDwC3{1$$2$y*S?b80gUg5C5V_Jl)H(bjJ
ze-;du{bd>xMrw)Wk*qMQo(wK*VrQz)xJOC>VhLkHrdw3Da!S}!oQFb>8r(0Wvdrpi
za6wwGg*pq(q~{DZ@>j{+6(~|>fRa}_in%q^abvW!Ys%DX%T)9F__m*UKg@nfa@FJc
z=B4=3Q_mOwn#jveGe3Aa;XGeS=U;%XL%z`c@;azH8gqk9UJ%_nd#3m3v7&L>T_&u~
ze;Q>Ozg>do`gY8g<j+r}_(Q;VqK*h{*TzizI#Bp>pqRdJZlcy%o)#1JTX)gsK2S5M
z_KQ>ggaE2DLiB;r{3}OQ$=Hfp-7NgOZ1%7j7cKLvc;rNV4xRDboJ5+tXMovy8?v0+
z`H{Cg-r}C($!}(N^|n+`w-X7c9Xs2bC1x>w@Z+8ueD_tXU=9yNuzPcuwPY@hGw_9C
z=RKlvWy?4op8FAmmMZ=`Kj%<pxsgUsB9uuFk2b%bmX!4w=Zhoz%R?pN$>-#6%r>tA
z5=KG_)QX^Eq)X9S9PJBzFA|k$+anloS)mPU)X}Q)h)&c|LerX{Rql6@c-fR@3dmqP
zN?jwXxovB7P%_-NX76M^sZqla^XUu<XYJsh>E5`X?RI-*V(l3vy7~Un`0yEep%?@U
zaiaMF-d;r26ro{op#JaEao@*~{cpGb%dFi0^CJJ}AhZAX3K{Q%cmIE5&D0d(5&oS5
P^L`I|e<bnxcl7@N0*nKU

diff --git a/Solutions/MicrosoftDefenderForEndpoint/Package/createUiDefinition.json b/Solutions/MicrosoftDefenderForEndpoint/Package/createUiDefinition.json
index 05a44eed923..acfa97b9caa 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/Package/createUiDefinition.json
+++ b/Solutions/MicrosoftDefenderForEndpoint/Package/createUiDefinition.json
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/MicrosoftDefenderForEndpoint/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Microsoft Defender for Endpoint](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide) solution for Microsoft Sentinel enables you to ingest security alerts from the Defender for Endpoint platform, integrating them into your Sentinel Incidents queue. \r \n \r \n **Underlying Microsoft Technologies used:** \r \n \r \n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n\n a. [Codeless Connector Platform/Native Sentinel Polling](https://docs.microsoft.com/azure/sentinel/create-codeless-connector?tabs=deploy-via-arm-template%2Cconnect-via-the-azure-portal)\n\n**Data Connectors:** 1, **Parsers:** 2, **Analytic Rules:** 1, **Hunting Queries:** 2, **Playbooks:** 22\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \r \n • Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/MicrosoftDefenderForEndpoint/ReleaseNotes.md)\r \n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Microsoft Defender for Endpoint](https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide) solution for Microsoft Sentinel enables you to ingest security alerts from the Defender for Endpoint platform, integrating them into your Microsoft Sentinel Incidents queue. \r \n \r \n **Underlying Microsoft Technologies used:** \r \n \r \n This solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\r\n\n a. [Codeless Connector Platform/Native Microsoft Sentinel Polling](https://docs.microsoft.com/azure/sentinel/create-codeless-connector?tabs=deploy-via-arm-template%2Cconnect-via-the-azure-portal)\n\n**Data Connectors:** 1, **Parsers:** 2, **Analytic Rules:** 1, **Hunting Queries:** 2, **Playbooks:** 22\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
diff --git a/Solutions/MicrosoftDefenderForEndpoint/Package/mainTemplate.json b/Solutions/MicrosoftDefenderForEndpoint/Package/mainTemplate.json
index b854d869a14..f17e3cea419 100644
--- a/Solutions/MicrosoftDefenderForEndpoint/Package/mainTemplate.json
+++ b/Solutions/MicrosoftDefenderForEndpoint/Package/mainTemplate.json
@@ -7545,7 +7545,7 @@
         "contentSchemaVersion": "3.0.0",
         "displayName": "MicrosoftDefenderForEndpoint",
         "publisherDisplayName": "Microsoft Sentinel, Microsoft Corporation",
-        "descriptionHtml": "<p><strong>Note:</strong> <em>There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</em></p>\n<p>The <a href=\"https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide\">Microsoft Defender for Endpoint</a> solution for Microsoft Sentinel enables you to ingest security alerts from the Defender for Endpoint platform, integrating them into your Sentinel Incidents queue.</p>\n<p><strong>Underlying Microsoft Technologies used:</strong></p>\n<p>This solution takes a dependency on the following technologies, and some of these dependencies either may be in <a href=\"https://azure.microsoft.com/support/legal/preview-supplemental-terms/\">Preview</a> state or might result in additional ingestion or operational costs:</p>\n<ol type=\"a\">\n<li><a href=\"https://docs.microsoft.com/azure/sentinel/create-codeless-connector?tabs=deploy-via-arm-template%2Cconnect-via-the-azure-portal\">Codeless Connector Platform/Native Sentinel Polling</a></li>\n</ol>\n<p><strong>Data Connectors:</strong> 1, <strong>Parsers:</strong> 2, <strong>Analytic Rules:</strong> 1, <strong>Hunting Queries:</strong> 2, <strong>Playbooks:</strong> 22</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "descriptionHtml": "<p><strong>Note:</strong> <em>There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</em></p>\n<p>The <a href=\"https://docs.microsoft.com/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide\">Microsoft Defender for Endpoint</a> solution for Microsoft Sentinel enables you to ingest security alerts from the Defender for Endpoint platform, integrating them into your Microsoft Sentinel Incidents queue.</p>\n<p><strong>Underlying Microsoft Technologies used:</strong></p>\n<p>This solution takes a dependency on the following technologies, and some of these dependencies either may be in <a href=\"https://azure.microsoft.com/support/legal/preview-supplemental-terms/\">Preview</a> state or might result in additional ingestion or operational costs:</p>\n<ol type=\"a\">\n<li><a href=\"https://docs.microsoft.com/azure/sentinel/create-codeless-connector?tabs=deploy-via-arm-template%2Cconnect-via-the-azure-portal\">Codeless Connector Platform/Native Microsoft Sentinel Polling</a></li>\n</ol>\n<p><strong>Data Connectors:</strong> 1, <strong>Parsers:</strong> 2, <strong>Analytic Rules:</strong> 1, <strong>Hunting Queries:</strong> 2, <strong>Playbooks:</strong> 22</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
         "contentKind": "Solution",
         "contentProductId": "[variables('_solutioncontentProductId')]",
         "id": "[variables('_solutioncontentProductId')]",