From 398e1a9abbfc19b8be86b0fb9572bc4eb89d1b0c Mon Sep 17 00:00:00 2001 From: Kamalgurna Date: Thu, 11 Jun 2026 13:09:15 -0400 Subject: [PATCH 1/2] TLS/SSL Hardening - Updated Validate TLS SSL Hardening to validate that TLS 1.2 and TLS 1.3 are enabled when supported by the operating system. The script now updates the `cpvalTlsSslHardeningRequired` custom field if any insecure protocol is enabled, any weak cipher suite is present, or if TLS 1.2 and/or TLS 1.3 are not enabled when supported. - Updated Enforce TLS SSL Hardening for below : - Updated the script to configure .NET Framework strong cryptography settings, helping maintain application compatibility when legacy protocols are disabled and modern TLS versions are enforced. - Added a Force Reboot parameter that can immediately restart the machine after hardening so the TLS/SSL changes are fully applied. - Added an option for reboot prompts through the `cPVAL Enable Reboot Prompts` custom field. When enabled, the script sets `cPVAL Pending Reboot` to trigger user notifications. This feature requires the `Reboot Pending Prompt` solution to be enabled in the environment. -updated `TLS Enabled List Audit` to include SSL 3.0 as well. --- .../automations/enforce-tls-ssl-hardnening.md | 24 +++++- .../automations/tls-enabled-list-audit.md | 6 +- .../validate-tls-ssl-hardnening.md | 14 +++- ...ecute-enforce-tls-ssl-hardening-servers.md | 37 +++++++++ ...-enforce-tls-ssl-hardening-workstations.md | 37 +++++++++ ...cute-validate-tls-ssl-hardening-servers.md | 37 +++++++++ ...validate-tls-ssl-hardening-workstations.md | 37 +++++++++ .../cpval-enable-reboot-prompts.md | 40 ++++++++++ .../custom-fields/cpval-tls-client-enabled.md | 4 +- .../custom-fields/cpval-tls-hardening.md | 42 +++++++++++ .../custom-fields/cpval-tls-server-enabled.md | 4 +- .../cpval-tls-ssl-hardening-required.md | 40 ++++++++++ docs/solutions/tls-ssl-hardening-ninja.md | 71 ++++++++++++++++++ .../enforce.webp | Bin 8290 -> 11902 bytes .../image1.webp | Bin 0 -> 5984 bytes .../image1.webp | Bin 0 -> 18482 bytes .../image1.webp | Bin 0 -> 10420 bytes 17 files changed, 382 insertions(+), 11 deletions(-) create mode 100644 docs/ninjaone/compound-conditions/execute-enforce-tls-ssl-hardening-servers.md create mode 100644 docs/ninjaone/compound-conditions/execute-enforce-tls-ssl-hardening-workstations.md create mode 100644 docs/ninjaone/compound-conditions/execute-validate-tls-ssl-hardening-servers.md create mode 100644 docs/ninjaone/compound-conditions/execute-validate-tls-ssl-hardening-workstations.md create mode 100644 docs/ninjaone/custom-fields/cpval-enable-reboot-prompts.md create mode 100644 docs/ninjaone/custom-fields/cpval-tls-hardening.md create mode 100644 docs/ninjaone/custom-fields/cpval-tls-ssl-hardening-required.md create mode 100644 docs/solutions/tls-ssl-hardening-ninja.md create mode 100644 static/img/docs/6959568a-a814-4c96-8b5a-d83e315c637d/image1.webp create mode 100644 static/img/docs/6f8d4110-f4ee-4965-8853-8b4a7b03bda5/image1.webp create mode 100644 static/img/docs/89a6d344-ae79-42fb-ae76-b855a3081201/image1.webp diff --git a/docs/ninjaone/automations/enforce-tls-ssl-hardnening.md b/docs/ninjaone/automations/enforce-tls-ssl-hardnening.md index 4709e36ba..50261a20a 100644 --- a/docs/ninjaone/automations/enforce-tls-ssl-hardnening.md +++ b/docs/ninjaone/automations/enforce-tls-ssl-hardnening.md @@ -9,12 +9,12 @@ tags: ['tls','windows'] draft: false unlisted: false last_update: - date: 2026-04-10 + date: 2026-06-10 --- ## Overview -This script is designed to disable SSL 3.0, TLS 1.0, and TLS 1.1 at both server and client levels. Additionally, it disables below Cipher Suites: +Enforces Windows TLS/SSL security hardening by disabling legacy protocols (SSL 3.0, TLS 1.0, and TLS 1.1), enabling supported modern TLS versions (TLS 1.2 and TLS 1.3), configuring .NET Framework strong cryptography settings to help maintain application compatibility when legacy protocols are disabled, removing weak TLS cipher suites, and optionally initiating a reboot or enabling the `Reboot Pending Prompt` solution to notify users that a restart is required for the changes to take effect. It disables below Cipher Suites: - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - TLS_RSA_WITH_AES_256_CBC_SHA256 @@ -23,7 +23,7 @@ This script is designed to disable SSL 3.0, TLS 1.0, and TLS 1.1 at both server - TLS_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 -**NOTE:** `A system reboot is required for all changes to take full effect.` +**NOTE:** `A system reboot is required for all changes to take full effect. Either use 'Force Reboot' paramter to immediately restart the machine after hardening so the TLS/SSL changes are fully applied. Or enable 'cPVAL Enable Reboot Prompts' custom field to send user prompts for Reboot. 'Reboot Pending Prompt' solution must be enabled in the environment to use this feature.` ## Sample Run @@ -31,6 +31,17 @@ This script is designed to disable SSL 3.0, TLS 1.0, and TLS 1.1 at both server ![SampleRun1](../../../static/img/docs/5a33db63-8a92-4ab3-9984-e0af4db8f576/enforce.webp) +## Dependencies + +- [Solution - TLS/SSL Security Hardening](/docs/5e391e0f-088e-41be-8b6c-306e02a2cadb) +- [Solution - Reboot Pending Prompt](/docs/d7758fa4-9fcc-4259-a7a5-0ca65dda10eb) + +## Parameters + +| Name | Example | Accepted Values | Required | Default | Type | Description | +| ---- | ------- | --------------- | -------- | ------- | ---- | ----------- | +|Force Reboot| - | - | False | Not selected | Check-box |Select it to immediately reboot the machine after applying the TLS Hardening.| + ## Automation Setup/Import [Automation Configuration](https://github.com/ProVal-Tech/ninjarmm/blob/main/scripts/enforce-tls-ssl-hardening.ps1) @@ -41,6 +52,13 @@ This script is designed to disable SSL 3.0, TLS 1.0, and TLS 1.1 at both server ## Changelog +### 2026-06-10 + +- Updated the script to configure .NET Framework strong cryptography settings, helping maintain application compatibility when legacy protocols are disabled and modern TLS versions are enforced. +- Added a Force Reboot parameter that can immediately restart the machine after hardening so the TLS/SSL changes are fully applied. +- Added an option for reboot prompts through the `cPVAL Enable Reboot Prompts` custom field. When enabled, the script sets `cPVAL Pending Reboot` to trigger user notifications. This feature requires the `Reboot Pending Prompt` solution to be enabled in the environment. + + ### 2026-04-10 - Initial version of the document. \ No newline at end of file diff --git a/docs/ninjaone/automations/tls-enabled-list-audit.md b/docs/ninjaone/automations/tls-enabled-list-audit.md index 55dd43f26..b83ae47f7 100644 --- a/docs/ninjaone/automations/tls-enabled-list-audit.md +++ b/docs/ninjaone/automations/tls-enabled-list-audit.md @@ -9,7 +9,7 @@ tags: ['tls', 'audit'] draft: false unlisted: false last_update: - date: 2026-04-15 + date: 2026-06-10 --- ## Overview @@ -42,6 +42,10 @@ Click `Run` ## Changelog +### 2026-06-10 + +- Updated script to include SSL 3.0 as well. + ### 2026-04-15 - Initial version of the document \ No newline at end of file diff --git a/docs/ninjaone/automations/validate-tls-ssl-hardnening.md b/docs/ninjaone/automations/validate-tls-ssl-hardnening.md index e52063e1d..614728a79 100644 --- a/docs/ninjaone/automations/validate-tls-ssl-hardnening.md +++ b/docs/ninjaone/automations/validate-tls-ssl-hardnening.md @@ -4,17 +4,17 @@ slug: /f4505cf9-915f-464f-ab45-95f9eaea7a8d title: 'Validate TLS SSL Hardening' title_meta: 'Validate TLS SSL Hardening' keywords: ['tls','ssl','validate','disable'] -description: 'This script validates whether insecure SSL/TLS protocols and specified weak TLS 1.2 cipher suites have been successfully disabled on the target system.' +description: 'This script validates that insecure protocols (SSL 3.0, TLS 1.0, TLS 1.1) and specified weak cipher suites are disabled at both the server and client levels on the system, while ensuring TLS 1.2 and TLS 1.3 are enabled when supported, providing a clear PASS/FAIL status without making any changes.' tags: ['tls','windows'] draft: false unlisted: false last_update: - date: 2026-04-10 + date: 2026-06-10 --- ## Overview -This script is designed to validate if SSL 3.0, TLS 1.0, and TLS 1.1 are disabled at both the server and client levels. Additionally, it checks if below cipher suites are disabled: +This script validates that insecure protocols (SSL 3.0, TLS 1.0, TLS 1.1) and specified weak cipher suites are disabled at both the server and client levels on the system, while ensuring TLS 1.2 and TLS 1.3 are enabled when supported, providing a clear PASS/FAIL status without making any changes. - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - TLS_RSA_WITH_AES_256_CBC_SHA256 @@ -29,6 +29,10 @@ This script is designed to validate if SSL 3.0, TLS 1.0, and TLS 1.1 are disable ![SampleRun1](../../../static/img/docs/f4505cf9-915f-464f-ab45-95f9eaea7a8d/validate.webp) +## Dependencies + +- [Solution - TLS/SSL Security Hardening](/docs/5e391e0f-088e-41be-8b6c-306e02a2cadb) + ## Automation Setup/Import [Automation Configuration](https://github.com/ProVal-Tech/ninjarmm/blob/main/scripts/validate-tls-ssl-hardening.ps1) @@ -39,6 +43,10 @@ This script is designed to validate if SSL 3.0, TLS 1.0, and TLS 1.1 are disable ## Changelog +### 2026-06-10 + +- Updated the script to validate that TLS 1.2 and TLS 1.3 are enabled when supported by the operating system. The script now updates the `cpvalTlsSslHardeningRequired` custom field if any insecure protocol is enabled, any weak cipher suite is present, or if TLS 1.2 and/or TLS 1.3 are not enabled when supported. + ### 2026-04-10 - Initial version of the document. \ No newline at end of file diff --git a/docs/ninjaone/compound-conditions/execute-enforce-tls-ssl-hardening-servers.md b/docs/ninjaone/compound-conditions/execute-enforce-tls-ssl-hardening-servers.md new file mode 100644 index 000000000..fb40d2380 --- /dev/null +++ b/docs/ninjaone/compound-conditions/execute-enforce-tls-ssl-hardening-servers.md @@ -0,0 +1,37 @@ +--- +id: '93609405-1ef4-4aaa-b421-4f86a7e51145' +slug: /93609405-1ef4-4aaa-b421-4f86a7e51145 +title: 'Execute - Enforce TLS SSL Hardening - Servers' +title_meta: 'Execute - Enforce TLS SSL Hardening - Servers' +keywords: ['tls','ssl','disable'] +description: 'Triggers `Enforce TLS SSL Hardening` script on opted windows servers.' +tags: ['tls','windows'] +draft: false +unlisted: false +last_update: + date: 2026-06-10 +--- + +## Summary + +Triggers [Enforce TLS SSL Hardening](/docs/5a33db63-8a92-4ab3-9984-e0af4db8f576) script on windows servers where [cPVAL TLS Hardening](/docs/f4505cf9-915f-464f-ab45-95f9eaea7a8d) is either set to `Enforce and Validation (servers)`,`Enforce and Validation (Both)`. + +## Details + +- **Name:** `Execute - Enforce TLS SSL Hardening` +- **Description:** `Triggers 'Enforce TLS SSL Hardening' script on opted windows servers.` +- **Recommended Agent Policies:** `Windows servers` + +## Dependencies + +- [Solution - TLS/SSL Security Hardening](/docs/5e391e0f-088e-41be-8b6c-306e02a2cadb) + +## Compound Condition Creation + +- [Compound Condition Configuration](https://github.com/ProVal-Tech/ninjarmm/blob/main/compound-conditions/execute-enforce-tls-ssl-hardening-servers.toml) + +## Changelog + +### 2026-06-10 + +- Initial version of the document \ No newline at end of file diff --git a/docs/ninjaone/compound-conditions/execute-enforce-tls-ssl-hardening-workstations.md b/docs/ninjaone/compound-conditions/execute-enforce-tls-ssl-hardening-workstations.md new file mode 100644 index 000000000..84a9d95ab --- /dev/null +++ b/docs/ninjaone/compound-conditions/execute-enforce-tls-ssl-hardening-workstations.md @@ -0,0 +1,37 @@ +--- +id: '52a43eef-d4d7-4f91-b8c1-cb6e786ddcce' +slug: /52a43eef-d4d7-4f91-b8c1-cb6e786ddcce +title: 'Execute - Enforce TLS SSL Hardening - Workstations' +title_meta: 'Execute - Enforce TLS SSL Hardening - Workstations' +keywords: ['tls','ssl','disable'] +description: 'Triggers `Enforce TLS SSL Hardening`script on opted windows workstations.' +tags: ['tls','windows'] +draft: false +unlisted: false +last_update: + date: 2026-06-10 +--- + +## Summary + +Triggers [Enforce TLS SSL Hardening](/docs/5a33db63-8a92-4ab3-9984-e0af4db8f576) script on windows workstations where [cPVAL TLS Hardening](/docs/f4505cf9-915f-464f-ab45-95f9eaea7a8d) is either set to `Enforce and Validation (Workstations)`,`Enforce and Validation (Both)`. + +## Details + +- **Name:** `Execute - Enforce TLS SSL Hardening` +- **Description:** `Triggers 'Enforce TLS SSL Hardening' script on opted windows workstations.` +- **Recommended Agent Policies:** `Windows Workstations` + +## Dependencies + +- [Solution - TLS/SSL Security Hardening](/docs/5e391e0f-088e-41be-8b6c-306e02a2cadb) + +## Compound Condition Creation + +- [Compound Condition Configuration](https://github.com/ProVal-Tech/ninjarmm/blob/main/compound-conditions/execute-enforce-tls-ssl-hardening-workstations.toml) + +## Changelog + +### 2026-06-10 + +- Initial version of the document \ No newline at end of file diff --git a/docs/ninjaone/compound-conditions/execute-validate-tls-ssl-hardening-servers.md b/docs/ninjaone/compound-conditions/execute-validate-tls-ssl-hardening-servers.md new file mode 100644 index 000000000..05df72078 --- /dev/null +++ b/docs/ninjaone/compound-conditions/execute-validate-tls-ssl-hardening-servers.md @@ -0,0 +1,37 @@ +--- +id: '79c1901b-3e55-42e3-8152-360605a4dbce' +slug: /79c1901b-3e55-42e3-8152-360605a4dbce +title: 'Execute - Validate TLS SSL Hardening - Servers' +title_meta: 'Execute - Validate TLS SSL Hardening - Servers' +keywords: ['tls','ssl','disable'] +description: 'Triggers `Validate TLS SSL Hardening`script on opted windows Servers.' +tags: ['tls','windows'] +draft: false +unlisted: false +last_update: + date: 2026-06-10 +--- + +## Summary + +Triggers [Validate TLS SSL Hardening](/docs/f4505cf9-915f-464f-ab45-95f9eaea7a8d) on windows Servers where [cPVAL TLS Hardening](/docs/f4505cf9-915f-464f-ab45-95f9eaea7a8d) is either set to `Validation (Both)`, `Validation (Servers)`, `Enforce and Validation (Servers)`,`Enforce and Validation (Both)`. + +## Details + +- **Name:** `Execute - Validate TLS SSL Hardening` +- **Description:** `Triggers 'Validate TLS SSL Hardening' script on opted windows Servers.` +- **Recommended Agent Policies:** `Windows Servers` + +## Dependencies + +- [Solution - TLS/SSL Security Hardening](/docs/5e391e0f-088e-41be-8b6c-306e02a2cadb) + +## Compound Condition Creation + +- [Compound Condition Configuration](https://github.com/ProVal-Tech/ninjarmm/blob/main/compound-conditions/execute-validate-tls-ssl-hardening-servers.toml) + +## Changelog + +### 2026-06-10 + +- Initial version of the document \ No newline at end of file diff --git a/docs/ninjaone/compound-conditions/execute-validate-tls-ssl-hardening-workstations.md b/docs/ninjaone/compound-conditions/execute-validate-tls-ssl-hardening-workstations.md new file mode 100644 index 000000000..6430f6bb3 --- /dev/null +++ b/docs/ninjaone/compound-conditions/execute-validate-tls-ssl-hardening-workstations.md @@ -0,0 +1,37 @@ +--- +id: '28f17281-2502-43a0-8d4d-5da2b06580f8' +slug: /28f17281-2502-43a0-8d4d-5da2b06580f8 +title: 'Execute - Validate TLS SSL Hardening - Workstations' +title_meta: 'Execute - Validate TLS SSL Hardening - Workstations' +keywords: ['tls','ssl','disable'] +description: 'Triggers `Validate TLS SSL Hardening`script on opted windows workstations.' +tags: ['tls','windows'] +draft: false +unlisted: false +last_update: + date: 2026-06-10 +--- + +## Summary + +Triggers [Validate TLS SSL Hardening](/docs/f4505cf9-915f-464f-ab45-95f9eaea7a8d) script on windows workstations where [cPVAL TLS Hardening](/docs/f4505cf9-915f-464f-ab45-95f9eaea7a8d) is either set to `Validation (Both)`, `Validation (Workstations)`, `Enforce and Validation (Workstations)`,`Enforce and Validation (Both)`. + +## Details + +- **Name:** `Execute - Validate TLS SSL Hardening` +- **Description:** `Triggers 'Validate TLS SSL Hardening' script on opted windows workstations.` +- **Recommended Agent Policies:** `Windows Workstations` + +## Dependencies + +- [Solution - TLS/SSL Security Hardening](/docs/5e391e0f-088e-41be-8b6c-306e02a2cadb) + +## Compound Condition Creation + +- [Compound Condition Configuration](https://github.com/ProVal-Tech/ninjarmm/blob/main/compound-conditions/execute-validate-tls-ssl-hardening-workstations.toml) + +## Changelog + +### 2026-06-10 + +- Initial version of the document \ No newline at end of file diff --git a/docs/ninjaone/custom-fields/cpval-enable-reboot-prompts.md b/docs/ninjaone/custom-fields/cpval-enable-reboot-prompts.md new file mode 100644 index 000000000..11d96cfdf --- /dev/null +++ b/docs/ninjaone/custom-fields/cpval-enable-reboot-prompts.md @@ -0,0 +1,40 @@ +--- +id: '6f8d4110-f4ee-4965-8853-8b4a7b03bda5' +slug: /6f8d4110-f4ee-4965-8853-8b4a7b03bda5 +title: 'cPVAL Enable Reboot Prompts' +title_meta: 'cPVAL Enable Reboot Prompts' +keywords: ['tls','ssl','disable'] +description: 'Enables reboot prompts following TLS Hardening. Requires the Reboot Pending Prompt solution to be enabled in the environment.' +tags: ['tls','windows'] +draft: true +unlisted: false +last_update: + date: 2026-06-10 +--- + +## Summary +Enables reboot prompts following TLS Hardening. Requires the [Solution - Reboot Pending Prompt](/docs/d7758fa4-9fcc-4259-a7a5-0ca65dda10eb) to be enabled in the environment. + +## Details + +| Label | Field Name | Definition Scope | Type | Required | Default Value | Options | Technician Permission | Automation Permission | API Permission | Description | Tool Tip | Footer Text | Custom Field Tab Name | +| ----- | ---- | ---------------- | ---- | -------- | ------------- | ------------- | --------------------- | --------------------- | -------------- | ----------- | -------- | ----------- | ----------- | +| cPVAL Enable Reboot Prompts | cpvalEnableRebootPrompts | `Organization`,`Location`,`Device` | CheckBox | False | - | - | Editable | Read_Write | Read_Write | Enables reboot prompts following TLS Hardening. Requires the Reboot Pending Prompt solution to be enabled in the environment. | Select it to display reboot prompts on the machine after TLS Hardening has been applied. Requires the 'Reboot Pending Prompt solution' to be enabled in the environment. | Select it to display reboot prompts on the machine after TLS Hardening has been applied.| TLS/SSL | + +## Dependencies + +- [Solution - TLS/SSL Security Hardening](/docs/5e391e0f-088e-41be-8b6c-306e02a2cadb) + +## Custom Field Creation + +[Custom Field Configuration](https://github.com/ProVal-Tech/ninjarmm/blob/main/custom-fields/cpval-tls-ssl-hardening-required.toml) + +## Sample Screenshot + +![Image1](../../../static/img/docs/6f8d4110-f4ee-4965-8853-8b4a7b03bda5/image1.webp) + +## Changelog + +### 2026-06-10 + +- Initial version of the document diff --git a/docs/ninjaone/custom-fields/cpval-tls-client-enabled.md b/docs/ninjaone/custom-fields/cpval-tls-client-enabled.md index 287fd4325..53cd57b30 100644 --- a/docs/ninjaone/custom-fields/cpval-tls-client-enabled.md +++ b/docs/ninjaone/custom-fields/cpval-tls-client-enabled.md @@ -9,7 +9,7 @@ tags: ['tls', 'audit'] draft: false unlisted: false last_update: - date: 2026-04-15 + date: 2026-06-10 --- ## Summary @@ -20,7 +20,7 @@ This stores the enabled TLS Client versions on an endpoint. | Label | Field Name | Definition Scope | Type | Required | Default Value | Technician Permission | Automation Permission | API Permission | Description | Tool Tip | Footer Text | Custom Field Tab Name | | ----- | ---- | ---------------- | ---- | -------- | ------------- | --------------------- | --------------------- | -------------- | ----------- | -------- | ----------- | ----------- | -| cPVAL TLS Client Enabled | cpvalTlsClientEnabled | Device | Text | False | | Read Only | Read/Write | Read/Write | This stores the enabled TLS Client versions on an endpoint. | This stores the enabled TLS Client versions on an endpoint. | This stores the enabled TLS Client versions on an endpoint. | TLS Audit | +| cPVAL TLS Client Enabled | cpvalTlsClientEnabled | Device | Text | False | | Read Only | Read/Write | Read/Write | This stores the enabled TLS Client versions on an endpoint. | This stores the enabled TLS Client versions on an endpoint. | This stores the enabled TLS Client versions on an endpoint. | TLS/SSL | ## Dependencies diff --git a/docs/ninjaone/custom-fields/cpval-tls-hardening.md b/docs/ninjaone/custom-fields/cpval-tls-hardening.md new file mode 100644 index 000000000..eadf37706 --- /dev/null +++ b/docs/ninjaone/custom-fields/cpval-tls-hardening.md @@ -0,0 +1,42 @@ +--- +id: '6959568a-a814-4c96-8b5a-d83e315c637d' +slug: /6959568a-a814-4c96-8b5a-d83e315c637d +title: 'cPVAL TLS Hardening' +title_meta: 'cPVAL TLS Hardening' +keywords: ['tls','ssl','disable'] +description: 'Enables TLS hardening for workstations and servers. `Validate` identifies devices that require TLS hardening without making changes. `Enforce` applies hardening to devices flagged by Validate. `Validate` must be enabled for Enforce to work properly.' +tags: ['tls','windows'] +draft: true +unlisted: false +last_update: + date: 2026-06-10 +--- + +## Summary + +Enables TLS hardening for workstations and servers. `Validate` identifies devices that require TLS hardening without making changes. `Enforce` applies hardening to devices flagged by Validate. `Validate` must be enabled for Enforce to work properly. + +## Details + +| Label | Field Name | Definition Scope | Type | Option Value | Required | Default Value | Technician Permission | Automation Permission | API Permission | Description | Tool Tip | Footer Text | Custom Field Tab Name | +| ----- | ---- | ---------------- | ---- | -------- | ------------- | --------------------- | --------------------- | -------------- | ----------- | -------- | ----------- |----------- | ---- | +| cPVAL TLS Hardening | cpvalTlsHardening | `Organization`, `Location`, `Device` | DropDown | `Validation (Both)`, `Validation (Servers)`, `Validation (Workstations)`,`Disabled`,`Enforce and Validation (Servers)`,`Enforce and Validation (Workstations)`,`Enforce and Validation (Both)` | True | - | Editable | Read/Write | Read/Write | Enables TLS hardening for workstations and servers. `Validate` identifies devices that require TLS hardening without making changes. `Enforce` applies hardening to devices flagged by Validate. `Validate` must be enabled for Enforce to work properly.| Enables TLS hardening for workstations and servers. `Validate` identifies devices that require TLS hardening without making changes. `Enforce` applies hardening to devices flagged by Validate. `Validate` must be enabled for Enforce to work properly. | Enables TLS hardening for workstations and servers. | TLS/SSL | + +## Dependencies + +- [Solution - TLS/SSL Security Hardening](/docs/5e391e0f-088e-41be-8b6c-306e02a2cadb) + +## Custom Field Creation + +- [Custom Field Configuration](https://github.com/ProVal-Tech/ninjarmm/blob/main/custom-fields/cpval-tls-hardening.toml) + +## Sample Screenshot + +![Image1](../../../static/img/docs/6959568a-a814-4c96-8b5a-d83e315c637d/image1.webp) + +## Changelog + +### 2026-06-10 + +- Initial version of the document + diff --git a/docs/ninjaone/custom-fields/cpval-tls-server-enabled.md b/docs/ninjaone/custom-fields/cpval-tls-server-enabled.md index 4b417a5bd..9682b8dd0 100644 --- a/docs/ninjaone/custom-fields/cpval-tls-server-enabled.md +++ b/docs/ninjaone/custom-fields/cpval-tls-server-enabled.md @@ -9,7 +9,7 @@ tags: ['tls', 'audit'] draft: false unlisted: false last_update: - date: 2026-04-15 + date: 2026-06-10 --- ## Summary @@ -20,7 +20,7 @@ This stores the enabled TLS Server versions on an endpoint. | Label | Field Name | Definition Scope | Type | Required | Default Value | Technician Permission | Automation Permission | API Permission | Description | Tool Tip | Footer Text | Custom Field Tab Name | | ----- | ---- | ---------------- | ---- | -------- | ------------- | --------------------- | --------------------- | -------------- | ----------- | -------- | ----------- | ----------- | -| cPVAL TLS Server Enabled | cpvalTlsServerEnabled | Device | Text | False | | Read Only | Read/Write | Read/Write | This stores the enabled TLS Server versions on an endpoint. | This stores the enabled TLS Server versions on an endpoint. | This stores the enabled TLS Server versions on an endpoint. | TLS Audit | +| cPVAL TLS Server Enabled | cpvalTlsServerEnabled | Device | Text | False | | Read Only | Read/Write | Read/Write | This stores the enabled TLS Server versions on an endpoint. | This stores the enabled TLS Server versions on an endpoint. | This stores the enabled TLS Server versions on an endpoint. | TLS/SSL | ## Dependencies diff --git a/docs/ninjaone/custom-fields/cpval-tls-ssl-hardening-required.md b/docs/ninjaone/custom-fields/cpval-tls-ssl-hardening-required.md new file mode 100644 index 000000000..dad31005f --- /dev/null +++ b/docs/ninjaone/custom-fields/cpval-tls-ssl-hardening-required.md @@ -0,0 +1,40 @@ +--- +id: '89a6d344-ae79-42fb-ae76-b855a3081201' +slug: /89a6d344-ae79-42fb-ae76-b855a3081201 +title: 'cPVAL TLS SSL Hardening Required' +title_meta: 'cPVAL TLS SSL Hardening Required' +keywords: ['tls','ssl','disable'] +description: 'This custom field is populated by the "Validate TLS SSL Hardening" script and flags devices that require TLS/SSL hardening to meet security best practices.' +tags: ['tls','windows'] +draft: false +unlisted: false +last_update: + date: 2026-06-10 +--- + +## Summary +This custom field is populated by the [Validate TLS SSL Hardening](/docs/f4505cf9-915f-464f-ab45-95f9eaea7a8d) and flags devices that require TLS/SSL hardening to meet security best practices. + +## Details + +| Label | Field Name | Definition Scope | Type | Required | Default Value | Options | Technician Permission | Automation Permission | API Permission | Description | Tool Tip | Footer Text | Custom Field Tab Name | +| ----- | ---- | ---------------- | ---- | -------- | ------------- | ------------- | --------------------- | --------------------- | -------------- | ----------- | -------- | ----------- | ----------- | +| cPVAL TLS SSL Hardening Required | cpvalTlsSslHardeningRequired | `Device` | Text | False | - | - | Editable | Read_Write | Read_Write | This custom field is populated by the "Validate TLS SSL Hardening" script and flags devices that require TLS/SSL hardening to meet security best practices. | This custom field is populated by the "Validate TLS SSL Hardening" script and flags devices that require TLS/SSL hardening to meet security best practices. | "This custom field is populated by the "Validate TLS SSL Hardening" script. | TLS/SSL | + +## Dependencies + +- [Solution - TLS/SSL Security Hardening](/docs/5e391e0f-088e-41be-8b6c-306e02a2cadb) + +## Custom Field Creation + +[Custom Field Configuration](https://github.com/ProVal-Tech/ninjarmm/blob/main/custom-fields/cpval-tls-ssl-hardening-required.toml) + +## Sample Screenshot + +![Image1](../../../static/img/docs/89a6d344-ae79-42fb-ae76-b855a3081201/image1.webp) + +## Changelog + +### 2026-06-10 + +- Initial version of the document diff --git a/docs/solutions/tls-ssl-hardening-ninja.md b/docs/solutions/tls-ssl-hardening-ninja.md new file mode 100644 index 000000000..1ef85d765 --- /dev/null +++ b/docs/solutions/tls-ssl-hardening-ninja.md @@ -0,0 +1,71 @@ +--- +id: '5e391e0f-088e-41be-8b6c-306e02a2cadb' +slug: /5e391e0f-088e-41be-8b6c-306e02a2cadb +title: 'TLS/SSL Security Hardening' +title_meta: 'TLS/SSL Security Hardening' +keywords: ['tls','ssl','disable'] +description: 'This solution validates and hardens the system`s SSL/TLS configuration by disabling insecure protocols and weak cipher suites while enabling secure protocols and supporting optional reboot management.' +tags: ['tls','windows'] +draft: false +unlisted: false +last_update: + date: 2026-06-10 +--- + +## Purpose + +This solution validates and hardens the system's SSL/TLS configuration by disabling insecure protocols (SSL 3.0, TLS 1.0, and TLS 1.1) and ensuring that specified weak cipher suites are disabled for both server and client communications. It also verifies that TLS 1.2 and TLS 1.3 are enabled where supported. Additionally, the solution configures .NET Framework strong cryptography settings to help maintain application compatibility after legacy protocols are disabled. With an Optional settings to either enforce an immediate reboot upon completion of the hardening process or present users with reboot prompts to complete the changes. Solution verifies below Cipher suites : + +- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 +- TLS_RSA_WITH_AES_256_CBC_SHA256 +- TLS_RSA_WITH_AES_256_GCM_SHA384 +- TLS_RSA_WITH_AES_128_CBC_SHA256 +- TLS_RSA_WITH_AES_128_GCM_SHA256 +- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 + +**Note** : `[Solution - Reboot Pending Prompt](/docs/d7758fa4-9fcc-4259-a7a5-0ca65dda10eb) should be imported to use prompt feature for reboot.` + +## Associated Content + +| Content | Type | Function | +|---------------------|--------------------------------|-------------------------------------| +| [Custom Field - cPVAL TLS Hardening](/docs/6959568a-a814-4c96-8b5a-d83e315c637d) | Custom Field | Custom Fields to enable TLS hardening for workstations and servers. `Validate` identifies devices that require TLS hardening without making changes. `Enforce` applies hardening to devices flagged by Validate. `Validate` must be enabled for Enforce to work properly.| +| [Custom Field - cPVAL TLS SSL Hardening Required](/docs/89a6d344-ae79-42fb-ae76-b855a3081201) | Custom Field | This custom field is populated by [Script - Validate TLS SSL Hardening](/docs/f4505cf9-915f-464f-ab45-95f9eaea7a8d) and flags devices that require TLS/SSL hardening to meet security best practices. | +| [Custom Field - cPVAL Enable Reboot Prompts](/docs/6f8d4110-f4ee-4965-8853-8b4a7b03bda5) | Custom Field | Enables reboot prompts following TLS Hardening. Requires the [Solution - Reboot Pending Prompt](/docs/d7758fa4-9fcc-4259-a7a5-0ca65dda10eb) to be enabled in the environment. | +| [Script - Validate TLS SSL Hardening](/docs/6f8d4110-f4ee-4965-8853-8b4a7b03bda5) | Script | Validates that insecure protocols (SSL 3.0, TLS 1.0, TLS 1.1) and specified weak cipher suites are disabled at both the server and client levels on the system, while ensuring TLS 1.2 and TLS 1.3 are enabled when supported, providing a clear PASS/FAIL status without making any changes. | +| [Script - Enforce TLS SSL Hardening](/docs/5a33db63-8a92-4ab3-9984-e0af4db8f576) | Script | Enforces Windows TLS/SSL security hardening by disabling legacy protocols (SSL 3.0, TLS 1.0, and TLS 1.1), enabling supported modern TLS versions (TLS 1.2 and TLS 1.3), configuring .NET Framework strong cryptography settings to help maintain application compatibility when legacy protocols are disabled, removing weak TLS cipher suites, and optionally initiating a reboot or enabling the [Solution - Reboot Pending Prompt](/docs/d7758fa4-9fcc-4259-a7a5-0ca65dda10eb) to notify users that a restart is required for the changes to take effect. **Note** [Custom Field - cPVAL Enable Reboot Prompts](/docs/6f8d4110-f4ee-4965-8853-8b4a7b03bda5) needs to be selected and [Solution - Reboot Pending Prompt](/docs/d7758fa4-9fcc-4259-a7a5-0ca65dda10eb) should be imported to use prompt feature for reboot. | +| [Compound Condition - Execute - Validate TLS SSL Hardening - Workstations](/docs/28f17281-2502-43a0-8d4d-5da2b06580f8) | Compound Condition | Triggers [Validate TLS SSL Hardening](/docs/f4505cf9-915f-464f-ab45-95f9eaea7a8d) script on windows workstations where [cPVAL TLS Hardening](/docs/f4505cf9-915f-464f-ab45-95f9eaea7a8d) is either set to `Validation (Both)`, `Validation (Workstations)`, `Enforce and Validation (Workstations)`,`Enforce and Validation (Both)`. | +| [Compound Condition - Execute - Validate TLS SSL Hardening - Servers](/docs/79c1901b-3e55-42e3-8152-360605a4dbce) | Compound Condition | Triggers [Validate TLS SSL Hardening](/docs/f4505cf9-915f-464f-ab45-95f9eaea7a8d) on windows Servers where [cPVAL TLS Hardening](/docs/f4505cf9-915f-464f-ab45-95f9eaea7a8d) is either set to `Validation (Both)`, `Validation (Servers)`, `Enforce and Validation (Servers)`,`Enforce and Validation (Both)`. | +| [Compound Condition - Execute - Enforce TLS SSL Hardening - Workstations](/docs/52a43eef-d4d7-4f91-b8c1-cb6e786ddcce) | Compound Condition | Triggers [Enforce TLS SSL Hardening](/docs/5a33db63-8a92-4ab3-9984-e0af4db8f576) script on windows workstations where [cPVAL TLS Hardening](/docs/f4505cf9-915f-464f-ab45-95f9eaea7a8d) is either set to `Enforce and Validation (Workstations)`,`Enforce and Validation (Both)`. | +| [Compound Condition - Execute - Enforce TLS SSL Hardening - Servers](/docs/93609405-1ef4-4aaa-b421-4f86a7e51145) | Compound Condition |Triggers [Enforce TLS SSL Hardening](/docs/5a33db63-8a92-4ab3-9984-e0af4db8f576) script on windows servers where [cPVAL TLS Hardening](/docs/f4505cf9-915f-464f-ab45-95f9eaea7a8d) is either set to `Enforce and Validation (servers)`,`Enforce and Validation (Both)`. | + + +## Implementation + +- Create the following Custom Fields as per instructions provided in the documents + - [Custom Field - cPVAL TLS Hardening](/docs/6959568a-a814-4c96-8b5a-d83e315c637d) + - [Custom Field - cPVAL TLS SSL Hardening Required](/docs/89a6d344-ae79-42fb-ae76-b855a3081201) + - [Custom Field - cPVAL Enable Reboot Prompts](/docs/6f8d4110-f4ee-4965-8853-8b4a7b03bda5) +- Create the following Scripts as per instructions provided in the documents + - [Script - Validate TLS SSL Hardening](/docs/6f8d4110-f4ee-4965-8853-8b4a7b03bda5) + - [Script - Enforce TLS SSL Hardening](/docs/5a33db63-8a92-4ab3-9984-e0af4db8f576) +- Create the following Compound Conditions as per instructions provided in the documents + - [Compound Condition - Execute - Validate TLS SSL Hardening - Workstations](/docs/28f17281-2502-43a0-8d4d-5da2b06580f8) + - [Compound Condition - Execute - Validate TLS SSL Hardening - Servers](/docs/79c1901b-3e55-42e3-8152-360605a4dbce) + - [Compound Condition - Execute - Enforce TLS SSL Hardening - Workstations](/docs/52a43eef-d4d7-4f91-b8c1-cb6e786ddcce) + - [Compound Condition - Execute - Enforce TLS SSL Hardening - Servers](/docs/93609405-1ef4-4aaa-b421-4f86a7e51145) + +## FAQ + +**Can the scripts be used independently?** +- Yes. Both scripts can be used independently, however, the associated custom fields must be imported into the environment for the scripts to function correctly. + +**Can `Enforce TLS SSL Hardening` works automatically to enforce Hardening** +- No, `Validate TLS SSL Hardening` scripts should be executed as `Validate TLS SSL Hardening` marks the machines that requires SSL Hardening. + + +## Changelog + +### 2026-06-10 + +- Initial version of the document \ No newline at end of file diff --git a/static/img/docs/5a33db63-8a92-4ab3-9984-e0af4db8f576/enforce.webp b/static/img/docs/5a33db63-8a92-4ab3-9984-e0af4db8f576/enforce.webp index 7f1b50085d9e5597373db9a7142c4e450772d737..c87562dc0ecf4ed1151381fdbc59ca107836fefd 100644 GIT binary patch literal 11902 zcmaiaV{|4_(`_)ZCr&1|Il;uXZ95a&cqTR`_QdAI#uMANZ9aGA)%SjP-L-E2s6M?` z_1RVXRPEE>&B$MYClK3rO=xYBXzV zKEqkry~*J2pAriwF}tl~gW(%;AGoW$%ezN{dQ3Y!i(lOLV*NMQ{V4?My%e4%M?oGR z)35HQLT?5kj6Xo3ACPm^yPM_$xbI!Bpbvw~O?Hqc$l!hQ`gXc2KwuuE{igE_@wWMF z@pO4+umQUCK6|r&n>eUgeTR8bxa#a79D1jF=X|o?$hqQQ*Khl1dp#`eN(8Bb+#g;a zz~3@nG~Vo$Kyx07zK`!j=Mvpix1h_MI{_f**ZcO1$_E<==_Z4N$=wn|6#%> zVlsYC@5Q8lRV}|n(fOzjyO{%^6-)RA6lr$pKIlnfs>r2Nl=c>2DcLHFK zSRdHG8MnV5e@CD?xT>&9a=7d>kzHN$yBS#Kb(D5)e}~$4G|C{(M3Jw9$0yfS2MxCp zk8fc0QbQPGT_HFpHo=HD&MTEjV4*S$`UctUd#Q1u^n7=p6RclV>xJ&_!0ARna01E* z?IlQwxu_o29$uj->rX|n>lj}>1yoZEI&1bws@yC)m=9xD1X;|LzJkyMiZ-I}1{&sR zuT5~54mIk$3Xw0dq)pL&Zk5nGw;*Fj7{7q6B?i=a%Rdb~nPLJ<>R+b;Vp9`pAifwP z{r(Ls7Hq=khsIrGUEoXe884zB*|JbaN+%y?g7{H@7Z?f=&fMs(8gv%+Z+;s+SB>fb zIn+rKFtA80?7U^Uy(B$LkR56>{nQKpXdi~&hEHa)39*rz*QwrxkQYx2EVT2czpyN) zhqSMTqBQh4QB|3~#?=C)3^pO5J&6_Fix z@!oDHFCvW`zpgPpe!kWk)R~N;Cf`*=$_QI?s9?Vcb*axs>KEb)*JlMgCpG?zAZ6WH zWS;O9Or=8%rpek`s2wOwW^qs_PAC9t!03z%Xv-$?L1sMWn*GM#+n0SMb-+1&8ZYL0 zak3kh4*Rud&z84sTrBf_ z8RHENxfOE@k*Fdlp-4YwokI6mE=}k{^%NQ_gkC2A-G;mGx z6?Q*6A(3fRsSD&IlCpCmNdpe#wr5m1{0T-D&@8S$fvaf3T3HI@Oo6tI z_X1M?H6|O>%{KwsggJaxZY&(f5-q z+NM*(zS#D05noEbZRq0GiJcM`Bq9xObeB)v#nP-xm~{CFy=WZVY>g){X(1yUF#i{= zK_Mg9F84Wi)#LwJZ~YFG+Rd>4j)!`$uWEY$^q<-D>SPd#p5N(iJ^v{!f9tGO2sid` zEs7|Gude(5)Ah$XpT$4CBo6jgb>5b+ghWgu7xNx?uA%=K3>4Czh@iftx~_3`9UEkf z26ISum|}298M$o!Df<6X;1o$Rma~7;^AC<3oL*o4;rwrdO_-9I@IO`ir*yfQPn#Y6 zXS)8ANlL;H*7WVGn81NyJ{ zD1OZP{7*Oj$#FrCIBMwcI{d}>hau@1y*&QUcJdcU*Gu0?@;{;dh5Uc849jQa_n(&a zD;1ou0_a(})UFK!&G5Y%ouoVsPc!YyLwC{$l?n`TsV8*$nA8t~xBE)$ru1 z;H&>^?7!Vjc2G{d8%T-1Sn17eE!UeIi zu=)9)_<=t{0ZqF)OdsK$NQ|t1RN@~}pVUyF{4ANLq*lczCy=A{Gl2x{|unc(& zqb>X=Sg0aT!E7s1{0Mt9Kb{#PmFz?{HG`%)>BeAu*qa<;92`F1x*pf9v-qMPu>T6~ z^9O+g<0y%t=f1jkjf5*w zxmKnqC`wu`^%cmWLrXaTtT}X|;=iKtITIlduUx>sg#2|nq$Tk7ZZV}gv z>&r;7gr8|sbUS(E+QjNN+a_1f=NulHP_hU%EiU^DnlqbEmcCg+P)Ye3;dj;D)_yk3 zt3dzWEMVbHW*jWPI!^a^=T&gviN>q20r@EIRc1ZWBXV#8*x=m-c^Q9#Z!XE!HL#|F z=N!{pA;hjktked4CJ9{hd4#EDh+>_q9$o!)&BK&_rQ_W2<~J5^d^TQ-QB;E3duGa? zhs&(6^XpCgT|)2LV9v)eiE%)!t%QnCw30%K9Aa#z00YCfz85i7Qc0%Qu}V*}8}kcf z%`Y^jlKup3UHEzk#?HfnY|8RWqpS%Lz$1uF9iIk9>bp%v5>7^x)^A(~bY4Hms?LfL zpkiV14n%j5l?~gMp6d@4{#mrT7h`k;Q+d9D zW49Y80k(52JerBn09U~|R9I>Tdfm+ouWAC;Xni>%O6>gK3ax-uEwbU&?4KM3ms78z z5i0oPH=DG+50GFug`qAn3dj{p7^KEgte2JekLuXGn`k)#OboFXY%sZ>h6#eEu!U=( zg&oDI#A%_uZZh-+wgS2eRR}JR(uVUx`d}&bJRKInK)fVmO14P5R$lTDK&BsVr3PQc z5G4-Aq>dmEiwdexR^d6AGZmCdl8ze}ra3=R+H;Lfnmms!2y!`07>Xf>#abCe7qTo3 zzq*}ip*ed4&kEU8tlvZ3P9=u7OA%C>qm#*dXM3iSs0vA^*~%8zg6hnapnol7yzoEG zF%+vNF23NHziQh7m|A-*>`yljr>$qYQ|jObyYMa6e=O6*a3DYqr8*B<3d888P=!t9 zjv-DURU=Q_p*tv2OF*5LX&Q6JxzYgUhp|-!L%79(IGtLX^&&p-8`!76L#|`mi?4F~d+7 zC@)O2^7is>UucDW|H%++f33ch8>GP?T%+WA14v_;>5(40NimpEV6*12s_lt1Wv!2DhNokH0}R!zWJ4s_T<#JJ)k6nx zz@tmTWk0WdHF(;aUcrk@%HcDQoT*e2*fCjFI?Pr+Dfh53y_{d&ND|<;--+8Vwx0oo zn2S1g2ZItEVx$xCGU785$|ptp2tP(>nm~_zCA_Xb6 zy_tzMn6Ny%>Sq1Bd|r$3w`|U8#ptm|Y?RoPNcNb6mvEic^j($N!A4HHO@;tivn9$% z-`B+gw@xuC7tJU7G@B64%FGJSzDsY6tFK(+0DyZF+)5F3o?kw-{+b{mQ5&Ydf-fU? z4S(;z*?_!vZpD{P%*oI5_6q}2O9m&X@4=@RDrBy`=0CkP*J}jH+ezasWSH39n1xeO z>aIsu$0a5_a51l1cM-mXwQ*1xVNKVbZBkSenW!!3e`^1}Ckn`5`shzJ^22%`yH(S! zMwpG22qs0pX3$ElLHii>8~Q$(aEf)!mrjix%RbcT)&DwU&%tr9?d2sY~XM z!nqU6IrtoMjCX@gAM4D$-_zjNfSSw%h9E56fb4LqH-Ev2ft>8_dXT%Ha3Q{0t{%Sf(>u)9Ver(Ov85T0DY z#^EVL0ai}fTZ~X!Am)kK)(QIL%!MAyT+EAuM(429R}-ggPC2Q;9J#*!(bh(M5?CxZ z!(8%>FRn?Y%a1x#(xiY@XpYp6x&D6U;^7bC$7t&egkzT2huBY;j|KW(Ea^p}L$pz8 z2Ax{Nqt6=@GL=QOSEW}e)Ij}-2F$JBg+d{Rn+Use!kwkqH=C-m@#zut9WZi)X| zH+0$qT%FRX{>>SV3qo*FR|OXbl3wBM);ly%Y}vX7h4{XvAS~+P*>c1_05)=rKM~bOL}x=4k6o>F71~s4&BV&AHlZoDnxAcU00orlnGNjL!O!K$ji4Q`<92I`F^tIZAJAWyqB z_f&dRnUn&0(RAvWW|SqFdPsg0;YSVBBP|!!hi^W!tl(4*v{Ai@IWS^>*}vKe-{p51 z-kL&aXxmxKWE{>vHrZ49ZU=F{dguJ#W{5TnKJtgO&F3v<-xWVM%Z%=w{dTf zZ1mPLr^Enc^E)Cf`NJfUYYH%VNtu|eOvB+-*G*o`LD`?xOLCI=y054@o*K zs7r3?rxZ}6tNV(P&Ku<86^3hNNPoUzmVWOKANckKi_8RJ*+1W8^xNAe#w2j{1e>Mm zVITjJ<);{=kPdd-$nTttjHTXmk3)U1Z;TOROs{if$FK(p!q8Fr{nE=KDC7|Ct5tdR zya`e1p$~BzWvWDb5)X=Y@tU(~7JZJ(o$wO0QdK=-bLD}`+dYIllh9{Ax#vn=n;*Yq zpYZt66bkbxV?LCmf3hO5mhSTFr{c??en6|SloRiJLdyJ}OYmDpsaKLb?}<-- zUGb(oM(kjgL5yfr#s8USsg=gW63w+R+@qK}FY^8-5pQ_4ySDi%DC8Wk;**QcHl!HH z)!wu9axmcNnSdY-8opAwH_^rHuK%T?xYL!j*JOt>yNr=SN8HCH%lOpWF=5c9M=b)- zu!_{;x=ym9JsXHnhhWJ_gkbKQ8dLPXsJ)MJ11QCO!M>ygGgHD6s2L@QP1c<=)9^`LYm8 z8YLdCKw>j9k2?qLNvgn^ZTOpVHkR)o#YXG%6UXeIHxP#OhI_S}p2u2GIZK8L|`*D&~FaAVa;GyDV8%zAZuOAuLSoZFTR_PdH{6ikp(^Q;Pl z-2%IJ?57(Efuh1x2Jl?pqU=ZQZNgg|-7FXo>4bTleolxE#QDoQu{7WzhjwS#Q7`5w zXan`eB%^O&TN^3(6cNmAjinHfKq6)Aqqx}S zV}r5K$)K2GP&W^u?Uz2-dc(mgs z$t)9U%`SX~5~9xtkGk0FDg||aJ{sgRwI{epy4;Dud$1AQyw)pcnQ=lSG0%iB#91h% z*o~NA5SQ7P831xL*n)BiXpo{O{j-;WjpKK^Jn2|tM3PNop(%z0(*#T(zE#c*;0bJ$ z>ORK0Mf_ct-)hwyPj}c5Pog=cW51FITBdT+4hB6}te7{vObx$G7yBJDbuZeVHdtXj zp!5*R)R}o%7M!#&GrJ;6bbScfI(}p7XRNH4#DBmI;mID##1(+jq=gzFUL03i6rI^%fm{&n2E&?r$+g;!mA|slgs2N$X*b91qFAg$KMU`a z^iCdl1X5?fih9Q6j-gJnEavJr{VQ7pr{NPC8C;8f3sD;#p(w;Ij_|6awkOz2LXz!y z1@-)ANd(RIS-lLZft%zX7HdGlw=4%*%Nv@(7}azuZE8L4A75Tp@O~IhM^e?m6hs7s zA#EAVP#YvH5{&8;*Xd}IQ{97Ssj&Ez#hWfHwde6n>F*3N@xtP7?6z_mK(113#P(oN zUn%uj%6Ym)i08`}S}|Bt&;TLPpZ3+oBbDMY&M17j1QE9*- zP!tYdD_~;;`G}f+%?%X6Rl17UUgEADrwm-R4?U$1kx&>vO-;aH-`u*1(wdn9>{ z@p;rt{@NrjklX;r)Eg?{MZtZe4N;zUa}^bqsPE45PB16+0y#H2AVME#x|IgwB-rjW(%ihOV$BTc7Z*n_O+-$Sk3EvE?KjeHs;jA%#VjYp*;) z{NKPhM;AulA_}5TtLhU;hJ-qfRhmR3EbU%+T z<=8NL2AU&FS@-IuOYWEZ9UR@10GQ5jrMc0&weOcQ>Ce-p$3qB+15x4t!CD5YD~Bp# z7fL8awO05Oja92(lACF246;5`=O8~10oa04G){_)1gR5_pa3}C74%c?zjq_>Ge~j(7<#_hsV6|;sEo}5ICV!~4 zxc}^XRa=Zc+y+dOJE0!g&tR{GMpJj0#BL8d5A?Oy+>O0U11@y5zBI>XRue+$nD=7p z-6{zyTKb%0EIp;JOqqR}c*$cAB{v?7&7blZu~V@c6L1T)plosYR**M#-tVet{X5cI z>+nMsa;-FQQstH*!uA~ZzEC+#XJ$1*gY^KLjs?nD4C(vA69;m!q`I_0xvDj^+D9mI zM(j!RXZ}aAm2@Tg!q2I$2?=eim`zNIgEsN;bSI^Yb&d>POywHPS!~^|KkA&B_pExg zF18-;d&>OBW~RAc-JzxZD*CpHV2~lqXldYum5(HLF$!H)FPy>S)xd_&^sJJLjqyQQ z_RtlgBE7=|iblSxw+BYUevc783a*yAQSOo=w_aJUq9(Dt) zv1ax+YXingc7?FH*{{j6^A3t#4=%(QZi1!R4ixUDL)*Z%74(TO_W2IS zNvO(NR@RBfW1E=_!|p=~9yI7AiJ*5q+V*_WUzyDj-L_8E?&U=$`{8u!jH>PXlqOYS zZTtpX%WGG|+G%)eg+LI`Cs_lKD<8OB*zKthVXPOo*Hv(+#oK5$?10LVS6guHM2 z`KJg8Jun)MGha4K5Ks@YW@H1RqvM=LU?_BK9#VCdVJryWa7U3yxTk%~AP3RyK6#Rr z78;0CAfuY6EpScJNy-l!*zmiIZ_vxno^Wdm2O~9?sy{4;Tubv=(c`d>c6%TXX;SkP zgyzLsOSZM4QI=(^m4(?8@hnBWMeyxvi>QjCOdmo=QI!AZIzkU(~}gAH|N zA*UhQVdHY$d}VCM%S^$lf)8mcl-`Za9Y>Yg0Pg@VbEL5hao5yAft#T1YzANIOBdkQ zy}eY`B{_jDUireY)I>sT6tbqaR;!S7WJMm^d{Yx(B~6f<2hIKH*G5>hdo5?~0=omr z84K?eY@}l}nsIidb?^TyI`|O^yJ}})Um@%?aWa^zHS)tWZ@tj2^US*+zXb3r;+l*W z91=5Q_hN$7)0sV&8f+C#9&Q&}-BMn2Fk=kQbJ&5JqR7q++ODZBd`pdBquk*4mz9Ar z6~C+}XDYUxIhVIrLduXXTJ`fvgl<^9Z=pizuo00>-%DpNP^tj)6KT<8u>|2{ZA#p* zSxo6es=u9`?*QN>aGkW6Jv}M%&BO|){_6|vLu3~#$2LfP9qP1)*h1{&#s$`O3pBOR>otL^@%aX zA~y^8`gZ)O83^$Gu;X8xvRw9F+4Gc0HF3`5D4tb)D{C-@XDu1m*tZAl5lhBU&+0fm znFj8S^KDemRRp)l7a8q5%Rw=bksZ=G zuu3b>rI|KtJGfT|0K{l;u(8@lswrwqr4YtOlSkJR8 zAnq0C?q;;Tz4G-KdS+@;x~E};1XF+%2aAHj^8!|egG3xH@$?o)7BZ^iAN7IEYGy+E zqZ4j*xh>!J7G%`sAGDG_s+)sr;L-XBvvlFdalIA~V!B1lizDl__P~A{#?Jbh(pXts zMsSV>$sZ+b(%a2D!!3kSB=@81M6u*^8}X4@Fy*WA_S zD*I2KU-y)`CobO8Qk$K5YQi*jQ()f+JIS;WXKfJ^EOT*bVBABf5{CB*P#tq6ePQ|8 zn_4w03LmYY7Z1B~@`YbY09G?K5|M>H?k`_=DWB_7+UdaW|Jh zxqgP?Np4po-CRz_(Y%fT1#*c2;vx+m4I`dp!Cj>Z>&klv>geJM1Lfx)J?AX7VpB2| z1wB|hQ$m@S;C|kZamWZ9Xdh9Bq_@T!SKF3rH$4^Ju%ZH?HC)tghM$J$%M_1XK>0=1 z^G;QPEDMVt@&GQ=82?S2_8(~ixd&RmruCdPqlSpa%3o@WJCK5+`lZu@0KF< z{Hj}z53hg9c4v#3?ZtmKaCmUhli`l6YfC=z#8q|^+we8|GERN*+nUux7eWHR->L5Q zbJ}P%WDRX9nCkD|H=0QUBMHHyUTlnEW^jb4=fNnQ4(ThRAWQv;NT^>c%a`*V{L&B zes4WahlfT(7#{4uqPB<%^px_XPvGd#6rD}{+4WWF&x8CV>uoG@i^mL`1&o@1%<3-& zdn5_&Na7`nu7#M$X!3!_fzpiy7?~2<>MV36#WPVwS0g5M@nmlrhPY~lcLU7grprt+ z>fp;plJQ0!-iMB%yMy8hhN9uDANL-|Ql06dt14Z!#o(ytvr*BvoZi*RRhnMlXWc_H zRU>FQL?`tEYV9hGm0mKL6L#6A2TCir$0hq~@3cz&cBoi$eOzZ~F6{GOjK0^4-i+h& zPHspi8KhZ_KW)=UBCcO;3;5P&9zq3qiI+hAPOOL1Mi?1Wt)$~r>X%k#Z*gY0nVEq6 z*4ii+H-wN_Z2y`9>Ny?LY=MW&GxpaXqSUhODBtauIX`JKW-1zuh@r(Ba{{jww6{SB zpyl9*saQM8Od3Fvz};~*l@s*eC0plDa>+NQZ|*fNOlA}n&r4Nug9}pg zIkW$yPRcCSmp=~`MzYy55$%xtw*F;Pt{f&=88ga56`IVpqTeN+Fxbn__tWTpB$#oK zd?1aFE22fW6KSDi%Tp^KcNeJ|uKw3t9XkKCxW@s>f)f6pIClaf1iK-P$A{ zQf(&7nZ!f%k-vd>Mna1WY5RD>p`+d+k0`Na+_?-L_-RDs~vfxsV zyHONvdAkQJozlPVVX>Ong!_RM>`g2=CRawI{j-mS5-C2xFb^uO!))JAE?J%<+K zL);|PSu@Z5 zJ&4Mno)HEzfKAiwz#z~hXOae$Sh-;8Yg}$4cU|-ks|Hn^EN^WYyM~35AJ4g$Nbrt&8pl1TJ`N*0qoi&ztuZ!PN>V>seg5COh}`(k4>D@FWFKO^7{we@Urum|o#UZ4ivNPPyfj;)){s>NG!x%7o=Z0xE<80;vMn*YKa0fa<#0<|JL)#8W$widkC?VPY&*VwPI!hXbB-rdijS4itVCxARae z&v|2_fn3XG;s;j=Lf=YMCl9X)z1TG>pOj^Wv$-BPyR>8*4~~kwMjkt6oem81&&i)w zJN)MCFEkCAnI$6w)8E;MG#?Hb)cv( zAN@uMQ>^&l0ayD(@QZauE)DLG0{~%H0V$}Zmwd6V{K~`J#Yb$;eh>6wa zj6Z^*@IdRsE72$vj;BZVL#R(7z6es#JsCe2{T!QHL*#yT7gl68922v^T&lvpEE4jY zxeaVUmPAFY^L}D^z$xJZYXp$55&=kb^cMC60CdR!8RVs01QSH#z>N7+!UC}mO1`J1 zgyrW)^a0tGaF!Uv%4Np=8Jv#z2*I$2I!D`byE<-ui zc^?H#5xk1cp`d9hLuS;QWip=jYwIwr<%28uH)_S1Ouj_OR!w!4qcg{AgzNE;5F1LB zyy73gpcG<_lnb#E&$mF}TDdkeSnA+)OcWgmE=4aVXp(9{Q-xC3$dDsiK|>6AK&|`V zTB?>D+(Qf9n*X*ien!0E>Rt^X93ct=FCd8FC=K=fxl!hm^+*VI50@DvIVQ{qcC=y0 VKY1tjG7I(QbN=cn)%~}&{|^m0D$4)> literal 8290 zcmY*+V{j!7@Z^ha+qRQUHpa%uhP%NFHpa%-*tTuk#*1y+w*BsRRd-kan@{tptE+pa zrst=uwDfOs06%#Nm6t|qYmrw1UYw|Lxu40}Tc@>B& zSREUI244~Fu}_@RhxSo3;Y|U%#!P7hp*mFKq``P=jRInqyNr#sJO&WPRYzCh)B9-R zLl=%0<;~y!MH^(>k^E!8%Q0(y#3l&yKyK&Q-|dZZrv|HdI4=;V{^k(GSL@;-0xmoh zz}JpCaMGbQH)-EUff;ZPIb}!IL$wBaw&GDV>6Rs2^ohV7+CzF$NAK%G7;HRwY0s#< zW1PLQZ4GO(qoW!#U#?elvkA~szSkeuPthM(6V49%MRwV{W4zy7?!ucDf2&YFea1nEf`RdPUPl%mxMWwBgn!%Y64q7bb5& z;UyyOU)xZavX}0@WJ!0mZCzDDHq6Bz=V~z7|D_Ph>1tp?{nbpc#HB4{<~)Et;);e* zYL?XyOn3z$Ngw2LO#O#?YTsPlZ9~a5a&h53j)Ms?f}Zg|4G2kE+lXtP|0EF8sg6E8 z%0<1D9{LY&KlU+QzirPTS8}E2mgs$n{IeB!9ecTu`F(x+wu_VW|0(usn?47H`8rWK zIN5cKu3uj8@PDp^S)95ml9Z|8G&-718^DE&JaDkmE%GU*NwAfcASP z{n+d0IMEO#cSGV2e4H^fVQt|h43fxgWnMs}To9%|<((x$+$o9V3c;dIjhLImdAf>(J15Oz`LBJaHMtac(p#L`bP( z#8t{&MuZGp*iM>C2WLvNIn|W&j!|{@3Vu`46%LKA#pq$Z_ba^cNKltkBX{@`?|l%d z-1boEFM2o$(mSpnGsQ3d4hEF{L_UAo;V2O;;HENtL0aHJ0i=^LsSMuuH#4`g!a#yh z1RbhBYWzrT@?zE|Ec&M(P4>Px9JI8`LE7@@fthl&n@N;|a^541_Z&l`3%&)mg72({#c&p~&2BkP99=P&&6lTe11{pXbnU4>QO4&%-U6~vUuAC5QIv7oir{-` z>qt);g{mNo<&SYEM?>iHzj1B)whW9eYL|2y*mIXS(L)_xVS5BJm(bmLyfSuGp87R4 zYPE;lRVo-diKy=dBEKdW`Z2RXT(SzHwyf{Fx+nIEd5gxvk2&u$95DJ8lP}o5?E=!@ z=N{>EMmiOp#B=qHi$%%;EV+2IoWIlLSA6tp9mrwj4;Fu1+;rcEZjX9v+H*=e_;Cw{ z`r%wTW&`b>yspN)c>e-HA5&noGj{ zql_*5v57>I$TRLc*=VGM_uqiW&OHfVFd;9Cl!QTyj1_F;KWB-~&sQOuWWw|~0M6wk zKS?|&>LkxW6edJ;k@bINRAZhUqey6)*cjMLHH6MC?m6=%ImD@x@1v&LP3 zqMYmpM-XQk+&cNUde=P0%Q7PP0*E{K7U0aVQ5=)cXs`au>}oPqc8tm9a)6(0dkE5G z&UDM6Ccs6d#S~oVyJt9*;=8O-an>v$xH5= zG#BJ=s^1Da3x$Zz?XMfht&u1D`J&Ld=h?kj>$FX{N)^(ZK@K!$88!WMF4i;KqAehK zkDdSi4JCX5pX{wHSggh4tnKmCgGKo=-I8hlT9Y&?Py;Kh_IM60Ul@(rdlL4m0fH8WXyBXfFH>2L~& zjZ&y@oE8<7#i9a4x-n}k3~iQZ!Cj`TreP!@kwx_x%I(V<(4#viX+D6JN%RwCF1=!R z_-9t}H7Sq~Q@dcV-6Z5cS*ACSe6OhQS6G3qcPq87#q3voT3B*VHZF_VO(Qd;wRjjW zH4lo_ywK@68*$Xm8hQ%bPhPX)IWW9|LsiFV>z5#u;__FZ0+$1Kd4xnldY5Zqn&Drx zD~bZ|3aru(UuZf`bIYr=30hsOSzV>pkS<4#_3{;<1|DITxYEsxf1Q2O)Fhk5Q}ac{ zYb3Hq;`fW_zN}{dH>RNQhwA4t5o7tS!S!ZpTf$-~h+P8MG+hB&UxG(Vi^HA8>q5?B zrYxC8(nOpj)0?4@k`FZUItUOSyG~Gxwk5PUf`tl&J6Ui`z1lW(K*}jJP_9k_ zPvOm`d%ii%Cx;C#YLj9#6Bj|@we^!#x`9{L6L*CQDQ&mEmsMgx1r?I`Ixi@^_(hkl z5iNX$wn=lPdG^4!>^HXyUYo^Hq49c3B)Qy6@cvN9Y0N}_WVvfm>0laDcA{*bZQa)e z;z^7RE(+`L{5B3NZ3OF}(Qxr2dJYO>UP+JP{&)=pv6`2(? zQbthP&8Z9Qh9~XUH2ohR9}UwqRCc!jCBM#Npu6bgS&dRz9{+|9*PPw-c_CMN!%k@-qzCRdOYRZfbnYeKN;Y zRzN*WH)QaA*!k$d#@7f*^Mv{^;tvbBkaF#X#a>)QPr4zp0Y~p*Q;XpBeiJsf>5aFZ zWeBALYWNUsytVwDnA}?`9!$)yb zV>q9Xh7K*9R>IykS>??*0fzp)2 z6)iuOv`T1mq9%Ka4?I!>{gez*vwY#IeAqrhV#CAu+0MIqB{aq*hg-|{Wg(l0%va5T!|&5A?Xqa*vA=qW6%_|>S0 z5kfb497TIDTZ!Xh7$fT*w5qge`u<+%_xlwoGl`%%j0MGZUpV!x~#6 zr&8SeUzntof;XMN3PB3Sn;>&eIl`Kg_<|g;--C!3oS5UmniC z+h`^q)7OV`Hn~|P#|56kw@-P;{W9d5)1@aU-!FlCBofnJ<6x_#8epRoqrxXSzz7)I zKVwB&84Sk)|(xrr83d*66{5~<+A`R_$+aa zq%Z;7+;l{O&YH7$DrBXo>E3U7DK08fH=v{$#@?YO84HcR`^Smjd@D0bbcJpfnQNLm zkCqh0T4VS#LSuIh@B4SP8C-da`H4_@LYclD-CW;Vx#DHd()Rnd2)1Zac$^s-17uC` z(on)P#6KiB9+|U!hdBQPkDS@4;D3WMB^50V$i=Z7_@`Wod@SUnGA% zvfQUyD?>T?!vMZsQf#bdK)ss|U%=VGqFaKr^<9*GhXe4u-+n7xmpvwYeN##bU+Y=< z4I~z;l4Xooks9WEm41rc6swaEz{o!3jBAWXW{IG|2ZcxBF6S6Cy5z@AJ8Vavu9K-W zkLz{UX})er7INBCg;<=h@4AQZlfKeeVk}`9jp#O4!!t~?E$~Y~YBtQXHxD$een5Ts(DyfDbMllAfivRDyF=i^ZyDcBb~Q?uS1$`}H(Fks*ZWTC z#5!~ii#oG(O3Z%nfBHi@TnI(?~ zbz}qsl~_02?|q99@9lg;bQBAz0^TET_(v%l5&F^hlB(%%?PXD~Ye%?=k!S|$Y@}|= zaK@II)y&cw)Qr9M`~k-4Y@plY<+l^6SeB%2&tnYTyrF z5v*BC#1n>RzSD3u0eY^pnq>G4uvB}%X{tW0#g)r%C;?LIQ;W7=D8!DAj@CkWn*kWn zKlk*aEYwBiABch4n!9iHI=(DH>$4zL;SHb>$?YUg!;`gAt6wm@Y__+Uk!Wb2XDxQ8 z-kO;OzXE6j``p-X*LuT$pW0bowt9pyMt&RcX)w@fl3f>hQ~JRI zJ-V#kmH~zu0CRuYp9a1A(sjligyQF1hN!~(RwD&FrTeeua9eR*aq#q`wN?Byux1GT zT}BS1{8dTFL|_`xf)@*_-nbL?i)kFBrLxA3Z7kk-PHW;Wj%49kdE!&}d+TS&YS2!2 zSA^YOoG1KNcj{R#{|SJsy_vSe8M`=!?S2uw0DB-WY%K$#luW%948)iD4ph|;-RjF~ ziGJjV)7C5ehGlvnh(h52o^8clg+AX$!Tgs@+u}E+y@uTidHXpF#`IL|eCShc<^p|@ zF&h%}3+z6kKGfdP9;GbY0r?8lO~(7yLHP^Utrb~lTW`EoSxgkZ2Jy_VIXt%HCpwfJ0Q$yK5cvEMg+0220oBHv|?8s>;O9RLk;`eIYw zU{@JGzLVlm(AjODN2o^n1MrA{E z)5*o7^YUc3gCWuB=|tO?+FNSG(lRe8yv1%G>=U$NTn`C+y&<viQ5pTY#!|BBgA*m7I^XZSh ze~U8xj*|YHCr0la)1J%L&g+490QAb@jRI_=EW%6^#lXC6YTfB9xa7f%dMhTJN8%%pP5yC{A&kW;eY*5i4uEA6fe(V?BiirN zelF{H#UAGK+_;vgThW?&L>*dFCCnZa@2{1QE2iP^d96*hz&gI(h;MdHzB2h}t`yK&z0eXcAc>NK8NX zEf1XD809y*F&#pk=+-To4EYZh$+Rl7q?--%Vq^yA1(w04l%C$C5(9C|#(xP7fwv0! za%pJ=|Lt2Z!9+_5TEd-gG~xi-{J@F3kPZ`0xM-K~lpMRJ{q|-;`YBJkZ2*A!TSC`O3C0kVXX|igK-!t% zso!rv8qm(B*9=qZws3Whi`6aVZigwZCmF9& ztx3h2=DHtZrC^+DsNE{=0Batp%tm2Ra0VY{^JKQ$n|0Y6!l7h8cGE)yxvfW<(FoTq z)d|{3%l$aW{eTg(6CUU2fKi9JYHy%-4f3;uFMdnX-BQJbv2CH0Zn29LnmV@fD*$3K z@BvZ8GZG!A)2zUyI80U%s-G^+8CPja%k!tE+(1yc=iayJfuH3O#Y<4fj8!Q9_-(`p zqlp@mafa3#ubY81(<|Dq7c5)jl7$#oq2KJx?J3X1#ELVa99QtV<@p1Vh!ffNlE_yk z5AD3@3*zO^n5>DTnneAhuqkyJQscD=!2^N#|@#9V7ucoy{b%R36MxK84 zQV6ZDQ()Ms;I-{+kr-j%x^)8u>0ci3qTg!kG->P3?^c6(oQx7NBI#$kHLyYr{2lh`>z zQDIf5@@*rxgdV+xLJTxsjH3u}pX~apwk_UkR%CdYF9pvP!0DH`!<@k5K2p^$7TyQ1 zSh&l1ivLcqBbjtyT9-X?H7J{9318i+eY1LWG_bP1=Ju3qnPS{@p!sIx>GOp>U_~rE zcamh9N~i=``%z-YXhdwa1|9&24&>-gY01bMx{+E{ZtxzTHg~`qP5p;p7F< zhN&l4SN=ONV@#b)b}Z`S-(l%KZY8I^NN5N&wH;=#87c%b28d8m>~E>Ka2fZ_B*PD= zO}c1kwSCBaf!o3Z#gFuyGzQlaww9>ARC)TaK<(KuL(G}7DzqCuJMm#&L8@jOraRmI zcr;9l8)EIp7nE#Y?p(>ZQ*Oo)D+A`=t{qAdvY0Zq5IG$-j~GpmXd!ssY~_Kw?(^ZT zPkT3&001iYupo7@Hf=LM#SVl2J`A>jJaIL8D!(_Uof8jLLxYaS4_nqt=;L^L)NP-8 z`#QB2$Mws|y)g*-VcVXRwPoeoWGBLKe^buLnKYDVEm+Qw*a=Mh-IF3GY_uqJ%n)0v zyq52spbr;4h@EJ)ZJ(yE~GL&*xLPnf-Xu%D%7dPkpD2Mb1z|6JaD3oQF- zB|q|+BXrGh(|p4fAKc;j4pm@;^Tle~u2?%lS4p5$o{Vfy=_Q1Z4W?k#txop(k>^WM zp#YC3ZIVF19?E@KN#nn7X?Jrw|G;sMx8vx7_u0BxEUhX24H?U?CH3(p`VF~#qMnS9 zad$XnjRgyo7(Wi!MP3`9mq4a?(Y8) zgbe>%cNp8+{|@=x=-F5KWo;It;a@I;1`=ZseOG-TW@l4!JjKK1dcgcvFHXFba+24( zy+_H7!R#?-;1^_#bDNv5c#N!SCUIUSuJ@bgu%0U`mO9LmWc>ZoG2+UH0lW=*yH z+|Ok1Rap=TJ7wIIGv#yZ1@i^^^ovkCn0XkUng_=QkSWPoo>?fmvh(c!%_0<{O<8>p zDBDXe6hq&L=jk8X8TBFi%e6?1a^O>rEt1!5EaJ<{iF#hL1bC&mx988)BqzDf|_x&ks+ z0VVi$E8qelIYQFh+_=C*2^Bbs&>w-HJ(%3GV|mCQZ#93g1Mgc+1k$BHTp(kQ7CZXa zD>E@!E>N%~d^heY-4L-&3!Yltlnd!IX}m7b*Wo%OL#wo({bbn z`AjEuNJ=^ef=<3=W~iwxF=T@rQdx5wqw;3%S0^Md$}SEmq+{(T>11aB(>H0tX6Tyz zon0Ce30yHfun^Nra*3(Ff=v~5T>8A$jW~YYk~yeluRSp4-jXhEzcfji^I3ApRC|#m zEdv6ewiX(En7vDa#L1i`XFjaG=R+legMhhV6WrP4VdBv{omaOu&wLJRDUyJsL3%H9 zjMe1AT^#Bi004rUVT-kd(9;z?)z1mijCROvToI2>6!2d`tdCrME#YmHJO(L~+{a{-fvAN}RGchc=a)vLqDJeBTYEV(4 zO~@E>A$|t8ZAPbYQ-qk!5atv~W~bmUG1bEJdYuA~WofJAmLc}vn=fwd0^BiB*j1ik z*t8JJ1@{me+8(vypSc^O+9yeWIc~kw#j&TNLT8Vdi>nopsN> z@ArGz`(dxWcKp8m*HuwcG9m{63>D?H4YWn*)&KfHC?F4o!wd}%MJiPxU!A$6gqgnK zV7dW>?clQQ13(A|cZ{G`A>JXd5+j)&$dRu*R|g`l(KbAvDyr&Yr*vU5gbUK9bnt>k zOFY;v{K(rSko}3jdFl}9Y>{!Nb>Wa;F>Ung0=5@8gwVTLy+p1{d`HS}6YfcuB3rIe zZ?Nv@e&vfHdv0{(5b}@h*T{Lx@DM6Q`V(>u?e6r-^(sFX8G&@zNw}^* zLwtjcAnQY#kX#7iTeSoEJJ-j8ed*cY;{Xx(A)Fjha7hQ)9FwjOSwzwuJ0OuOi^t?h zB!UhL*A@8mW4;W-Iu*aTYixaq*Woa#Kb{{7X+ zK3h=2MF;s$5AM-DOXvs;oEmJ%0Ix>qHvxT|uXk5~lEG2KK&32n*h z$}_GxqqzTPO|R?%AcZeQ`V%u&!!T6vlHHp`4y=Ai-?1gLvU$A3>6+b^WwI$1p6=BH z2PbTv1d<^;l-LF-N=R%Hb>eyd=~487pW&gpdzlE1ZD`&t-c6yPm6Re11svTlQ<^N zk%*bo=wrsb$nHU;nd#nI(JJzS?)Osr+aC|!A@LtazGAvaR5Cky5fg{i^$9NE-SJtt z{bRcU)=Rvh26E8cmB+%g+*lPU;&4`k4%N@Sgzvd*psA#B4{H&dv^`=S{I8f_J*9?uK^>divG;Nq|i1LJ63K2R`ZDpqdip1^)C-ND$tzJJ@prJ}oCUS5 z0J7{i)&E`Zf6$%&!V|r`Z8RYZ8K{cE?cXXfTrRCv<-b?E!>6M>zmrM3;!?r7}sCWvOl>Vh@yAd-O5$cTdM#5R5 zlYZ2E=6#ZtIx9=E0?+x1N7jnAoCd&GJNE(IxuEZg>fRKsE%|<$NEEm+_eBz?io(l0qEa z%%C-Y#|vp4boyDJL!gB`Uv9TFFuckN$*R?PqOa|_Zg`D;}V zu~Ru6N!zwm844hc4t1J+Z4T60&nspv;B`r16}mlZ9u#PK(eCU1#Qz3}$7N*NT-hW& z)tJ89EdI3UJY29mL0xpk^oO)#M)EtYpX<-p64|9`fAE{MnuxRF&jgpO;qLd-ANllu;C$LRU+Ul{jM;F|R z9_5U~n6#Re?e6)zk{b4>c3B)eI_9t(%Iu5ZL>9Y938{Bwb61~(qv2G8p|PUae({cC z1U?H+00;OQ%%&4KRf>;+_a%1DkE3|P6}0!2eb3Kvo|dJPWQOip-Hywc2Acn7&u!!> z3w%Ai5cZrS)!`QpJv-}7wdF+^-O`=ppuVEZDJ87v>M+jKUnrBzyUW4~3>3*p{)P7G zU`z9s;avCA&x0VGZ>v1_AN2{%==r@puyEzA474bnt-^==_1pr10JNARka5CF`m@5G zVzfnA(NuuM6(@d0BQ>50fmLTr)^AJ$nVt~jSb?)AO_1JVR2?^2Ap#ox!dl$}OvHBW z<0Wv|cfSbbsQkoS9q+nuvtyz*klt3a7!a?FiUIQ8XnH*EDi>kKs~cW60&?_xgLlyf zs?>}mPqpvTls0+CJN{MVR^H=H14V>kCZz+?xyBELrW?;VAF3O3_05f7G=v|G&9KIf zkSAPs8ur~Q|B9$eD|7v0U*AzlyBg-Ps38O%I{1yHSuIeZ>y-8bD-=1 zD#K8=6q+RLHLW~HTj0j8_Y^A^pn&J1Z5+g7a(J*7`>o%%f;?^AWfxc*@@E z_MIc(w9U>W<$b$~cMwBu3B;!L>n@2*^#iJD;v#A&pZc&_5k|wC5oL7|g@div_>c{G zAMrv!Fn_G6%7ua~=yZrtuu}c1u_FM8x&m{O&trM^%lNmvKnAJbA^gV-xUDM;Vk6Wb zvE5LV$2a_lzvlv$L&bq_x}3wDp=1(hjtY?{b=6_>-2mMnh8Uv3bUsuHK-0*UT5XtK zC=ZT>T%xZ zADmbr()dvn%x7f9%A4arTZ%^SC7*_|(kMPvsg2;Yd!C^OEX(Xv-0SBhB~(lx<1}jg zt1tgzI9^zK(sI3Yy@eeeF7;j=+O(*TYqbh)uJ_yp({K86d}Z8J3JJEuaLHjAxiD~%ZM zmz3=9`tl&3Far&GZgkUxBjobbHfCv;216*q$*uxy#nR!fRW4c163fbFwB~ zLj_gM(y#)FIk{e1d%g)qGpH}Iu(5gnXKk$FlDml(CJipzVKtVJ>zwPURId5gp37;+ z_T|2uW^|SjVb88|I@frZu;wQ#?zx;MDaPoI16FGZ1^1WiesatZQ@Ij}525rT37T1RimlkcZ zJA~^>$&BQJWKh3RfxYu!f1$TDsz@qEr{NzJ`Qdki8k`}g@cG@?Yr_uD1csTu$vF{I zwl@6bPy5PMGsF7ZHI3$96=>qF++^UFbfe7~zU{Z0#UoQ%1*w?DDf1xiZx~9Cq(SU` zkv58{Yl(DWnd&rOyP#=U#Jb^|&+Sm0PE);`_0NGFxgDD3uV-p@bk?O+&uW^LD9-JS zm}PKnq}~Bv^U`23Hs8gE)||EQPz)d4rLh?{4=&pB`2)S|I=YtTySJcwt8INXue@?< zdASQo2MS9RWn1pAqKzipnoL!EZ*$6sg7wtV&}r&OMW|?|3|Ky|)#!B$=84kILYzbV zrIoE{FWb6`#Kh)3e?DzTP8k`b-AF zJowv`Ob-6n!*w&ml5-HWVzo@uZWUxTj`1*sW0FF$icLhIcVwu|*ha-G-{qJpBCZx# zmrkdl;%RLht9CRz8}xWu=d991{o`>TU?hLTJ>&)efDDKP4Cdq3E^EU5D*4LO#LmT6 zHBJ^5olLGb$Fx8zepe6es;t%PV&@)(L*`Hyr^KBRkP?1S>_<%9k5pxc;8;kZ1~*q9Uu>rt)$U{n0l7y8fTssS3~%CaLz2!=wi1Q#AA@1qn`Jn7N7 z_tKd8G$Lh@dZ*@6qui=<`_(zG#iduVxGPDF+0-riq~VBQ-$lh6FRMWvmkWDHku3>a z^581Jp^0JB4f>WjboU{05N@^y-l z?@fkimUc_ss=TTQpZwy1No|8w2+=`LjBAluVoh<>zq*mahVz zpojGJ^$!3mc>hu7L(=x#()>FxS^e zr~S)D4&TQJ%&2?|(R6Dx8b<85Q3z@+6 z#v)6mG%`>4i{FV_%@eJlfUbaT$NP`4x8_bekD!?^1jkL(+jJNS z7YaA(L~av&_JMhS8&e}qj~|M*AqN)2WWE-9`N@D)2&FIP!ct}*28=uXP(S-iKL==; zHVF)rjc-H`Xh%22sh)=yGS3}`jOX!YiL(6BGsG?SYcg`t=*JP@kM}T>%KRBatWmP{ zm*>$hIS{qUg%4od4uT%VNp2cDzVqwr}QY$|QnDbdZTx4u3K4;?!!)s!oQ5TZ%q zH-c^0*+}=M)-O-_)Q%4YbMiNiel0I7yi0qwpzuib`QdpgFW36Wir$r;Q}e9F#~c2N zqrNDn2_ MG9JJE4gUN74a$3jzyJUM literal 0 HcmV?d00001 diff --git a/static/img/docs/6f8d4110-f4ee-4965-8853-8b4a7b03bda5/image1.webp b/static/img/docs/6f8d4110-f4ee-4965-8853-8b4a7b03bda5/image1.webp new file mode 100644 index 0000000000000000000000000000000000000000..c67192988a2172aee780363699d38ef87679c82e GIT binary patch literal 18482 zcmaHSb95)smTqjD9ox2Tqhs5)^NXEy?4)Dcww;b`+j%{A=DwLX@6Mb*YSlV*&f0tJ zZ`b$jvul;Il(;yxBoL5>n6RR{A}8UGzxVO_z}djmAz;uT{0WkIvSdXh#0APPtFn3>CC4d+NU=ycljq zUKy_Zdi9gOslL%ajXxmM;$Hn%zsH{|j<+ubZv5T9{#=2duZ;Om`rCg#e8XREpZOp7 zm%pXIhCTT|672Yse)S5(`b&MAe=*$o?|(mj!4nvKi@f9CfPYlHW4_Pa=^y)>`z7}H ze%E~|e9T-UHY!Z^4ES$<<9~G=5WKoSe82W=3(R;QeSbfLzh{46Z$du#e}8}Ie-Q2O z9$L!9qHj%F6&s8g%nikV8W&FosJJwd8G= zEi!*t!v_|Zbo}={S=n<42M1T-ZrnAv2K>mZx(lkPFJSiGB42hKtltW5L>vEH@h?of zaW+01{VPxYxyKcg8%F}@M;C6)i?QfT7A{!XY*7VS!pt=Xs=<-2}t`Z1}wEjy;81x}Z;0lWs_?wX_8tW3OOCRXZ}uQOS<_f0}CM zs*FsDW_JHyy&c_1{9$C&%LH#OP4>S4acWpKy2@Jxvf-n|jgMA~)d5725H#)~(MtJ^ zlPf{Og1WILnd`2{6QZoyp8;~l2N?X2vosWS;?Y~pji{ofjFqrnN4;e$4n-cl^fvM% zZ>%lgymq68PNBg24>0~ksQ;oY0wCWNdZokf5G>!=%pH+*N1Hbpj}M~;qw4%+*S2)C z?&4VkSTCINVc+~=z1w_puMgiMk?~^N&ifn8;~NS%)t~YBYcF`S3>4uGo7EyK48(`c z(ww1mO$!3&7z>?{bPxiFd#_7xmFS*56*~I1e#g@CYVhAv>z{!B(=#vbcu0FikVH$F zssBBHd)|2p27Qf*c4wOG#st@_!QpXpgM=+&C%4^afit7aRad z#F*Ti3To@1g(PDZHLc3@4cX~oNx+U;&EZw$Kk8kTHwf{ehr0F3Ge5g;xOvmGc49}Q zQS%RevA8~i+gVJb$-%S?jd}bX}F%Hw{#kz4wi&^%&^y2IKQW=$^(NJcBx#}qd^`68 z>zjAo|Cl)r<-vH9jJ%3KI~wJMWV75DqOCKE(^EPQ)N^cJ@uKo|4m;GtI6WzTd`3RZ zJZ-P!g(XcfE?$ysAx4NhhdFHSX4(7k1yjAcVIA-&D}sW7SS)|KtTvUH@9Zy~`S~&! zK$as0oP@5)iE@{q;_;6vY#IWwY+Q+o)T(nU>N||DjLu^}w(fEWd51@#Cx(&C80?ZY z|L8Wen=?!Xyke|F0z+G{fq>Zl0TGzTwl8rCRt)F;(rhJx+jw)vCpwl3Z7FF9%XcGr zs9pYl!iS)QoGv-=Og`C&MPdvEBEOu+T-g=o`J40o*`Uwu&-V zjg^Bexp;`4_!DF&_ol!+43SxgiIKiRzu6SiHU&Auwg?VxHD!!r#(~UZ5#rk2_YmI3<`Kq4H(0Ma1yub z24)T!hS@dc9frvOG8efbN(e4j$OL8v#spg9?PJWhT}-eAT9-8>hKmy|%Vhl$;#l^3 zrsXvwI^`W0EgmN8<`4J=>{+l2?g?9$o=z0QiZn-<&uYv6l|(0op5TAHQ~#d40#}I= zyE-4DA@NtIRv%H=glFLGj{ixp+nnM5RT>Fqe%@YC;=1LU{C^y-)PijPpE~Mc2d^uC z8yR(IGL|fOgbE{pBXcim8OOEjd`rUF2pN7fMl?8iR5Xvs zBt$oMf0|jNq6tNg>R|&<$G7_L+8@Z84+}N{y@&f4^$qY}yEdj`+xIVEIcXs^3C{4w zTmO*F^6|d>3}5s`kQM;9(4qqO8t|)Qzj&yW^Tb7_OZKVR${PH+)vGDp%~Co9)0>1S z!vIfU*9)Q_a5&&B`g&YM?_|s6WxD!7Rlh+j`2?vCX_pyTso+JT$<)crontiaSK;vw;99CItHKL2pX3BaqqL zUH{gGxm2&;yr2pQ<5gM}a{$F{jXR=h(jQtE6vo|nSJwS6tQTxX+Ccpym>ji3tgUE? zXGO83f5g4>XeKoFT3120U}N4Y`+D54Q9IF!JLZ@@+Nl_K8XfCU{&8`Q30q#q=LPI< zne$H#iN}+7WJ0zgruqCgvWD@}nu+>(Yt2t*K2-VA^L;JzO=sT2!IqoViJBVZbR(|^ zJ<-SILBRlaxLpeLRieO?XGW zHPZWZ$`N#m>Vp<&qJE}4HNG`!QB^`WuoT@Ek!0Fq_!zeOD+`1pm+pFH#>>*2dpwHa zl|K?H{MVNgs}abxV6>mW4*eW{|9QMUa@KC{;@mRz@a~MuK7>Kuc!PH_Rn8sMHEN@Q zFLAmp3Mp{fGOwRmccroVofB&ce-(HPq2aszo`CkVn%LzC*m<8j0Jer9&8PgX2LM-% z4#9;^zTh6xeT`{oGSvLXAKroF1_%h+E0e!qBB|b5SpAFUs~BE_RmQTMiD@(|N?nH2 zPlDlC1@`#kVJRFX=@)!PbLl+xSs)%kIgHHW9!VPl1LGLpB87tp_VD&DjnEj8#M3+3 z-M;c45LO!ebvn|6YP$<3^=irI%a@g)9(Ix5HQS)L7?U{iLZ;BTwSXR=^jKNo+#k}!t#Xw7BE(uK-g zNK{5KV+Jf}Q4Q*Qttd3!;6(6PXEJQi1~XuL*v$Yb(PP!crj0!k6W~)0y4EHt8~-?s zM5z?^_s_b)V;)pQj+t3V<0@twy;}kV!s-W=$~aVq#{3aJ!XXw%Hq)DoGd&U{R!G6{ zW>WByBe{=r_#nnu(Ul+26zZ*s44&;5MVF9%x@7%vjeI}G-Nei3$1%e?1#B5m*XJT; z*dR{5t|!t;>MMa!17izVCjcRQ#X-!i@WwSLhPNSn?>+1cMSAUPWOa}9WHykf5b`IO zQX!-Iwx1ga9*S?(*Uy2%I@1sb)#xK~!tpyKEuy-`!?AO~pkeo>>qGpoa&RS;vO!=S zDj-I%wA;RtItnOU(N}Y`kOzVcE`AyREPl~;$Y8IvwMI0Rw|yi1R9ITfO|OG0EZs7N zPcflRY&xR9jqtrn`pG(jNKk4IDjYW+Noh8}hg=S)DT&)wIDkXIb;)X~^`V{}D#yhM zHe-N3kyh;hYnlV5Z#PLA71W%8-RJ091r}SD>Z7BOIN(CUwr){TaqM-U`Qq$Hs)7#A z&QT$4fmc)&{hZYp3i7Lx$6|CRVPxSrCwm{;1!N3q( zJPAB?)#r&}C0?+aioJYw!Lp_KO9i6X+tJ&O3UE2w!0~V@v?+)U{R^s^IEE3v>0JNO ziCDqCdbG<&UQE;hGGxYaWN)$D3+(lUefD zYvB*!PN!>Zs1N*BvM?TF@|>l?HBBbHxzNJ32?1G_YwY5T+L+q7H^g0|fCsrqeboWe zuxKG?QtEV;DEF4&81hj;Zl;0t&4E8iSYBX2jFPQ&KrY;shKzGiUjaZcVaD%ookE&s zHCG9S2{^mQ1y_o<7Xuc(KtO8%$r6fl^GLlrd6ZG$LQ}uLb7X*pZzEa4&5MeXb;iHs zclxHUbFV|*j*8WdP=6Z&;iq}2F&csR);EWSSFK??0!sV2&$j)GH5ljp7+U!x7uY^5 z`mNt^h@KU3caPE|h$foA9+z)%%j1caoy9udAL7()uvn3IU~>Oe7v&0AM3?bCZ0OKb z1Nq&q%>2e@_?Dt+4Ys~7^WGv~cIj59uqlslyRSqAzbX{}762$odb0Md5>mETmnX+e zmHwj-s89ws-!Hl%iTvXcN&Bj7wb3L|fRFYyh(+C**k0>T%dj&gG04+0FLhOBB6XI< zhV^-=N;#~v5bLhOXtku%`NHUnWr3`cO!LfU9_*9Vpjz3;wh~_`M®THNQY(4WxV zAAK*9XIR^AgHf2qr9@=LyURSlF3AxDFWu_pT*?Xh1|m{l?PvH!w8?1jJ=hTn;`QBk zyL6K4l+?uhi)I-BT!q6D5t+nSi4+8|oE|T{e2{*>TWkxL)P&lO+hW$jxa&G}Fm;{# zkjcT1Ptx2!yk})?0p+ro%VD0*5jl1##)}C4#-auxltYl=Bvl-7YpVM>Rw%E#QItWt z_2JP!aVq{7xPJ@~vavv3sApH3EX#`=wb62%44)(SaIE#fVcy`&bBad~UTQpwcAi^@ zo4HAB#%7P>x-3pTw+=H`XieuCLk94nXANnE<$0(`Cg$TpjV2#bFI6qHkM1}%xFZa- zez_)V4do$Pr5F_Am5GhPRyJjylLhnP`>(c~4k8;S7P^LC29AtizoA-xJMj8H9&|-d zrS~&6nF9_K6aZ=DP3~Mju+xb5Gzk?PK#0|r+JXD`X`HE?1E6+H`3!pPxV05(TOj(8 zdI=U(b)tXq><@j{gDy7J}6(Pikq6enf{X`!rSt5EBAyF?wL0@)Gwb98^W1zORw z5zBn0k&83XZesOa*NguyS`U^#zuL(TB|>Kr!#KJXzN_Dz68{dRhHk5Q>uCw2#TqWq z^<@GUrVUK3wE{f_66EOm7?eD`H$6uwZ?C@+Rkmfe<8JDH@JbN^GII*|5jo@Z^5$S6 zLJ_Y#FmM8X6?uD1Tga(|NH$5Syfveh!yH0h+1-_yvi8xfMO_I+$DDVjp4QiQ1x z-J*emWw@jG8wr(C9DArxbA#8_LaD?`2g`5)4On(Dpw|`ZMa>T@ML7#1vYf+zE)>XDp*`yEv<{%_D;+pL@_?Hb6J4E`q>NI%Nsn z`ijeZRPTDYvpS?+;QsTK=HLjt<}p=p5Kl`cr&5tQ7(ZDe)Y42YnkJNRZ0$1xawEN8 z4_tmZNckGcF1aDtr}246f#6mF+*?#(2*JrO7gexNXG&qk``F?BEZ=U%H{O({;EEeC zS=QIDJapdxU*YOTT#TGoF*%~aai>jNz2RE{F-fg z9(}Jh7|>VEmQb~JA8BeRGDUPzVi|%O7n&0N>$8QFv$GN0T3O8 zZ>9M3{fNQ$c=68`DM`?<;eV%jd%vor71|c5qMHvWMYrs!a~uiC$%Ch9!Q4>u?I!eV zo;baMOzfE3m|2VL$xC+;5C|+865Hiso4i`mYgVv(iTs3c7$I9-T(%sjao*s_zrGx( zf0~Bt@jQ^WvM)N*M^deDa1gj-hAjt`P)6T5l^{m8vPfhO84euxKc4T~X|Nt6C}Qpb z%}5C7R0X7#N&I-U2t?DRmyVImc!lDm!&q(6_40T$86G=aLcKx>00O!QXKM;8{En!< zL!qiNaLXjBUVW5*oX}b>hb;WG1Hl$Qa{|y44FZ7Fn3?FWpfs1d z21db-(@G=+^attGu_!wRe9e{$B2;?NY_w3we1E~|tYaZ?)oLWEBh>C>J2$`G6;{d7 zxg^V(Mcn*MTSflB-9f<>#K_a!IcB;lgi15?b}*i={u@XCeNA`jS~g7K-D50JwD|5* zzi>h4%9tKU%&u53ARZz;V9YFmboV9N$prW-;kpk^>C{JmqdcUYarKyQa2u?Fm<-aP zo9WfC?;E&{t-M@Q>$mN%2v&#mU=%U{At^+Ben1{l*S#6y&g2sGxc7@)$a{-z{ul7p z9lw{0QI{n>!%A1D7Q6D$E$CztVid8S_~g!aC#^OP(7i9ks{@6E42DL z5K&E%xLD};kEZs4pzO5gx_jnMv0)A1wlyFy)mEOdKOMkA1u;C3b#BNFYj9S{U(AN; zvuAX;#*u>7o(ED+VqKabvEqKCDc__(_?Xs3X+n8zIDUfsc4zg)iv|2 z6m)FE&GO(r=018BbWl1rE5A8m_ zktjf{IamPxkhM=oK2rNGdt)G5bCt(v0B40ru7Ug6)B8e~_I+DMB_K`i#$sdRMjF;M z5Vu9e{pZ}6!)_1jKG8P2ArKN-=6haY$jz!#cZ$Nz8X{%4~3Xmy!>HYYY~^;Stc zzOVm|Ez&1J{L!6mcMBkdM4Ut2IDc=%c@y{(b?fy2INMla!c)R(htG6*f_+}{N82Y- zmI^p53mcWfJ~SxEOwCj?7bFGSWsO1};`?WMBvTp%Ql}sISYD%)Pw7gj2Cz za|68SA@sy91cVscl+VsP{Ja7ygBtDx%2MwO7fLsSRmYjZ*eTt%)@YBilTB!UyApP9 zTzKN|I)n8EzI$maqyA`;4hEJ;etCRkg=gXVox@)}wWF<%U9CdSXLR2XT_V>&epe9f zHF8@mqeQY=d)YE*n^3|}fI@vgW zg1E4YTDkwcd0H?x8-}hpvX(0ng%Yv&W`#79qkqarfM^$epFXg5dNBgw*xj?o7OdfY zx`N`?i~Ts13ZjPod2M>U>g3SbDvQQ@91(Gx=NCAj-7YH0y)H^I`{$_}xFXEz1-GpJ z55l1M^iu1nv+oG`&w~B3RV1bX z^Gll->s1a90chF@kk6L!q9$Fvr_QDD3``J}23_D}`mRuiC zg9+68nUi`ZDuE%XCkM#X9wR)ktJL?7!3V_XR8HVXA}|jOV(t-#CQ)%!olMAd<{?d} zdek5ls}KfVf0Dv3K-xOE*Phrc+?#<>%P^KNZdheDp6L~wr6Ustbcy>a*xE%HA*Fy-#%JL)m%yr3Mb*)WPf@lDw0`RO z;jz__K0@C2T4O2!mYQPrTFk*7W1rP5xo&+6h5I_V3}C3NKC&B*8bA~!s_`1?f5S$< zynUTtU;@;Jtk}ZJm+CnW{?rkLvU8QUjK}<(%#E>HK#?T@5mTWv8Y%f=eSVfMci5cB zmrCTalR|k9=Go5^BdfZev4&A3y{8k*&$!MuOH-x4d6vFT64|UoRf=8xLcLw)v%S3# zLz5O~r8)~P-bi{GQ(zwKtXB>fvvWKhYtemBtJ?TRB}5UJak!b~5(1t^l+6z<9p7kx zmm-~QKc`R1JUCu{pYZ&lTuRb?yPc&EKvW)b7B{e;bSSg*)orj;4E_MW^RSjE&MRUQ z`7Py~e5wislLv%&WnBGGOer`v2{~-1n`J#kX&_ZW9_X>-Z}0Ld8nvFmCB<=Axq^NH zoQHIX*`q$aufKfn@#uRP0T;XQ4gR#vg0WpbG~|(|scha>D_VDsVn75(Pc^~pW}vh( zK+8)aOA9Ub(Cn=`jF8ZxBQ08Ei^N;z9i;N*Wm_4)kEEBbs#3jVh(+Dk)46eAY+^zZ3&bz4n6x$r8R=M9^yHPVOZaqL|vm?~TB9r;As zLj?0sL)G`ofWQl3-AwPv1}JZ%IYl@CegZKf{!fPooJAz#42WdwobsBPlknbCV|7BT z@r`aZtm-=l@jC&C;BE=9ouDT;!a_1mUK=7a`To>W44R%kA z+Qv1#IXFm(7W6Mw)JuPpCekxVE}Svqw6J1z)f!RA-9;?DePnb@mw|CP|93+SeCowN z8+skc=R~Uqr-&AxKV<5>2yaQjHp$bkO~e`wP!J#-F$Ch1mx$20H?`hE@B$X#z* zi&A-1mJY5=3KCcyR?QGNp4o0M{hIr!rCSj^i2<5pQUlEik|!lKDvf!v<@xFeIoKTD(K3mPuf?K9^WR-d_&Rpm8oSLZI~0kaA~D_eD5vbO zz%Q&^rSxAz-%~2e;cg#Qe*ELpJ?vvpBav4KEh2Miu+>HFza()P>tizePYq4&)3%#b z(gSicox|ubI$)=xm{QziJL-j=Xo2C)O&@ta)ljs!Z!J+LIkKt~HE+b@4$l1|qbGkP zx<;r!@X?+uo?jox-)H1MtW@*MEJq|nwNlm25|QB-|DKU$Uz3hQ`jgwv_=wJ4=`SDJ z($h#MrJ-Axd#o$4+u)`A#K}L&3j8vq%x~vhVSrs0=|F$lvBn6w*MShXKj)% z$I+n1w0xh1eiipYMIM(Ln1`%w*7@FzUG6y5NllYGaf456(aG;S8NJ#x39*zt&LQvY z>#-vGPQ&A|KQ>Dk@y=jDi0wzSuXTZFuGCKY{=sGoR2QuRM46T1E#Rfwa(wstTB7h% zVZd33^FY5JWe+fsZps?ZsHWZ#SZ|b?--hrn<7y~Kh?FOar3F`sZ)x4)RZc5putu%s zuJ8y6ll)j|(_%5U%yB$N?!w7>!^@G1(4VU*P`N`!l6uAp(5Ey8G!lvHIl@^z44hwyexau zQQ84VSaFzY71k;K+88v4$ zk={~R8t$G#;^?6_-47QpUY7?S7E}Kgm#{@_ox$xH&1tD8^Te`&3P&ldnb%rT}jzGmsZkO<1Q!9sT>i z@ZgqDk`NS)HMl4`k!~phDqvhQ`{t51uqAQxX`K62)V-B`6&!yYPc>zx2KU($!&s*z zvbM3E;!V@DUm>Y!Pt;{v8;TC-iH&GSVvRR-AD8Uc@?tsweg>qxVzkS=GtCMy74v7W zIx*rfQ5eAc(*v~i_JM4wiW}3A1w8@6C1w3F2Ua8bfeg2ZDZfmQ5_~3+ymryQOE~b8 ze2^1LS{IaDgs?xZWg!e)rYm{gzL^SmchdPb?4U;*_-X_*1lMl4unVrFK9!xRJok-C zJ28PDuI{-HII;HHeHm-rUt^?*LU_)j2J&_?oF>{hwSanb@lre-Sw8#cdrl&&zYRL@ zkgAc;yhz5UNFZbrgy$YZ2}rgMCb_Brsp?&^r#Y%^I{ASJXNc6f>#UP^=pu{$HJu|- zqP66{t9Ds-uc4@qEviS67kDrGWJAhb01UQ`_M9K3bSk&+860Y-E^c5YhdC*3O0G5I7r&235|6`3f9CT^7C0yW) zJl2H55vNQjT`ud->^x>n*3BWvmXCK7)&@%;AVljGek^0&gm}+@JcQf!3Q->*U*-kd z^Q~cAm0^~iFavNR12#?pwW$0XlN)R=#D@`p%ln9S6@yAYi7?ZNVO;0Ba#Z zggBA@gT&H%ev7~f#&)h}#8y87ty6@-qR;#$zsUGNIwRN3FaHN(ct9_LXZ5NM^1l73 z46uhd5{5L*N3>*(?mc=Xb4hc^`TzK;H{Q;AVTBP_gZbO+kQ zuw!JL-PQf6f3_ATfa02(W1Ys8yq$i9Lf#L6zKq?zDfnbd?& zwA%YV`0+?ALofGaD88hq$|$BlFti6M`^1VacR6I{ba1fueC<2hR($vji?O>fx+{6t zbuN|LRx`aCQk|>BgIN zTA3a|hSKiVoJ6;zYY%YZKo8X=haTk|z^4TSa=(5_pEV|I7$><=1fVCVLyn4ankMPh z7JzCrEsv4Jg0)e%_7wsHLc5nND(cOulH2{ZJ4T)wh=SyqN&5SAxU$;fEZh~Zh97(7 zWY@C`gOEDAymd{5(WLGNu4rIKEhd{M>kYb8ve8YZ&qGcL&B+%fIBNIcljf%ug_^}M zaE(&%HHD|YS)v#Ab!CJ%QO%C=9f^fsKISZYlI^p2MY+7bl_>|fEgFDeuMMJDhibn! zlU5{#z&W8UB#zPP4xnRQM~O|T;_|*e`&t7w)$O|9$R*wx-p|)NW*J^rHcczp;f)n> z?pcO_KKo5$L>oMxBYyfvY;Ku;3tBJxLlFi643oTa58x$qR0y%YY#iPg^d>yHTUZa8 zJ;3Q4-4dQBqaJzV75?^3b>hS%N85J7+jh;T)=ZewrBd7npOoctwM1)c@Tv^IaKNQ* z-D`Nma&%V4nm6Ok`K)ha_23RM1yK{hVMrTvJkam&QdDo;f}<9eLCUP}XmuMkiWP*K z2BfpMM3}|cWw4mhCAh5vnVHHX*va^zc^r=DkwUr`>l<{ee6#T6BVD%iNR`Ax1M;k~ zZ-U+FNcUpA{T2&{N8*=;%@||wl14HFG;TXOJ(s29cit*Fh+NJ0LObuyxCT8{ilZ>Q z+?3=+&#c=57GgEB8{su(&551-(?)x1_KD$w>=&Ewoy8bw8&e!Y{tA%t3prZpX+HM7 z{^L}FS4eTlI6SY6Be_qhQ%klWD$bS3T|@1B&OStKJ{v4_^J0#fWbL#l@zT^RglxoA z35|Zsrchzs+g(`VfipF16?cPJOAMRtx*Y6E&f1VD_^Vtl%TdyN2(o>VBvI?FHWuc( zQ$@QzH>PV<1M~^f)4gvh8E|jn+Ns4YeENIg?;e_u3o2%Cv5;*S&RoL@oF;`stWv$m(2x^56aiza=b4Ep0hRtsJH4bbI@hvJQaySJmjs_s zvK0(_wB$&x2xNz1uPyuV?~j}w)Sz^!uE?WE3so9*3sbGeyZgnyH;AhkLJxkH)=jX- ze!$pbNekaqU1;bF!wz$G?G(XF^XguLwPsfx$U9V?Zt7iv^{B88viYs}FXZl!&%v1E z2eEm9LAXRa)0)O3-2+b}viZRkWIv!_t+4jBhvnRjpqufe04veg3BR$(X%$2954}p% z6-nV!{dNRu0(iHTzQLjme+dh>>~iRq8s0F9Sig|K9Xb2uce!TOa zs2*Ml{%o{Q-)*EDhwzwx$);Ju+;+b$c$St_DI(9mr6?rzhM^jj(j&gpR8!}(jUaCW zhaVdpG4EzjxCPSh+f|p5=2pFG^@o7y>JC0q^vDMlPmn&FWx0>l&GcZJ5vzxgV*T~WG{=RKRaP*Vx`F~isdIv^nqfgQ`K+o(ve;>Aa%j_@?X8QGzq~$H zXS9p)Vw^{0frNW;LT@Rb`@w6`DGGEXBXdi}6+pS%8px@ zT#eMXZR9)I2!2Q*`QD4tD8HgnP@afdBH$EG9bU7gzBZYN!PQD8XMyZ8Aw1wF^?Q!S zPg3mc?GM?^vk=L;R-sI_^gGZqxtoPbz{S*CEN&8!T`!RW02h9`lcqMmAg$>SbW@A8 zq=-;;;dqh?+x7gh1=m!J%-$qMT`*1}#@BX9(NRle*rW6X0bWp=dfvu9Qk6G>Jh|Z| zaDwncKYn8Ls`(R^CWVp6qZKve`2#5CRI2Z6=Ybx%3|$1Kmn{m78E*%)np>bV`H)Pp z`1p^lAILk!vCsP6+UsGOQ3JC=Fzhzmj0-;VxIAVql&o~`H9ZnmMq6VZO+@VFV%yP){zx8s zCZXa)=LhnDh`I5+7%AK)<=ze$Gu)ok^IuWU2#7nLDjK#t{)wsk6Fytt>cG)0^gOZe zDQ}4}|NY1uNLDjG9?`eOrq1|?v#jha>L%HW`~D*c_Y%C__{T$P$KxJMe-_cTFVDDR z#nM~7CVmcDFa#05E83>)O?WH*p?)=V8Mt<6Y#WxNvpH_6}Gq&2xNXav2+ znUR^(>t;V07*VSb0q80qyEE7z1_E8w$`4kwdTo%qeY1^%jT1VP`U1UrWkbPAB}z4| z5XB8ITn0KF8wrDjPh)UD@7cY6jNj1C30%6K=#Ffkw{s_3xpB}0(5%qy^%78A#8X*K z^E@d&|B*d_OLi_Ji9^Q$KG~Pu(@2%BQ-i784uc2I_}x0+vI6n=sUl+a>2Fi1L;`qs zij6=E$6InTatwmAm^IP{8kBcRLIPVlBL-t^8C4<8?p@P)m!K+ZcJe$?EEy2z$YrS z#STgL@JJRX$eFu(jO08)+b~m`i%V^a$~|+)hnj>oE0kgGSyZt!RV;b6QMo)=3b*ri z`9RK2Cso9$r?XdF{-bbYtH9!C({;pVn0A7_numpOJ1~`9#^_d!%60zyenvgQR;AG8 zu#e|x9A1$eH+BReG}h^y&j;41$L))`l>T{6_g;W8&5lXJFN$)vpVrd`(7FpA4Hyb?Agow@&+&F zwhrv=FwQLIjCe6O3m-vY@JJKqP<<0{=sgmHmSap5yE9z*^Cpmv;ZilbJg%YMu3%DY z`Z2qeVyUpBMr^WGLRzHx$j;qwdBmHik()$gN9uK0;?RQ6?J(~@ z*OswwAIBm#TL5ucIRBsYBy7CI!l`VJQMG3qgkj2{I49!8PDu<|gnLF&osLp)KB3I! zh%IXQi!9I-xL^EUN z9dMmKNStI~^Ci&_k!`a%U^ua%^3?H8d`8|Qq_NNu& zoVKQ0VX)3NcqKdzep%6-^EaU5y3G<^)!;i8IAuC|TkIb@<+?Bv;Y~_=;mW+-IGi7_ zraW$uYsm`TTa}Ur?tPFc8rcFflGzfA{eb2%Yymfd?thssSlCp2h2VqhVAt<2-VO_b z9-d(yygh!8TN3cZ5r?PL@QeMa><#01=*>dzC+cURr;mG4N2#%^`%UPt-r=+_<22m{ z@K;)dDTXUI?H+wrdf1%A4_M08qo3Z0A|#ElA!s^U81e|Q1ThFd%cGN4_k-5$et#a< z-BlUmAyQ}Z)m{2yR~Wot-}pc&sF)IrA@ZpJEEZcP-N7-i|D#AuV9ozfC|K%G?Rm

jEXHhbZHZotfRev~R7D(fi~?cTpMi?;Q@1nChoyUej*wfF)Cx zDQScNsLxkBZBth#I!pGoZ{)=fh?ml{?5Hi@m)(1-!BwUr7{~~EjEt+b(z3a4y&Tx@ zjI}?&t^cwJ%;q);OE0}f9@4YO6Kf;T}Ts>0`ZqhjaQ zGZ>hGQH?%{avk@60Zw1Pwtz~(JX(3X1W~qOzc~{Tqvvy{EWXtYbBE?)=nfSj@;T+T zog%PoyTjU{&gu4M_3?v5i}^N3W1xOFSr|ZxB<*?{9FAAQBbG#o9%kGav}L^Bl|!Dg zWr&ybVoWoibSs6n0;92uu~+jlMUwW%c~v62Ru4NK$GzeSDD?~o1(NtYm{2uvHfwAt zRJo@UlsGpd97kC@Oc^x9>Zi_~HuF_{Ks1@RMW1f-Bnh4eqc1c|VoU8cYrGA;`Ja~A~)OGmLTiu<07du{V z<7ym=^1CsPp>Df?T@Oq8C>ybYh+m2j2H;u957SJ`JsA=4P_=3K$Z`bp>@-LW2}M@g zc_na6D{;v0P;K#F8*`hlc+4~CiXUNi(^L!GXLLV>f4o=d9@5IAaqv10;q=O8^~n{N z#%y_nt6MgJf(}T2FAs)>CBkKrX?a#82eN_pXnIAB;nsOWmkAQV!!Py(Au$$_+uZRD zVP9*(W~cWALexx=m_y0Emyr%<-l{xf+4S&@O*h`WL2jD+Cr`sO){7u{q6+vH0VQgp zKYO#HXo`S|GKgAzU>2KD+?ddG+3Toi&_?&KPru>_m`noZ5|+bKykE^sNZM$>On(vr zh_G zA8lXi`#{wytqUN@)Hs(DL_Os({QY|fg$kW{tXRd%74eEc<6hyLo!NcsSm~25n(l+7 zsIz=L;>-KUx=W2j4`q*0WUx0cy$z+a5*+|z9uh(W@zBo=xL<-NuHAmWxt|V&`Zev1 zz!#2rJn3@oIo`2+URt}H2kGGjVh;)a?cVpEtoE|cn&WCv1*qV@Iu!}8i;rRKuU|++ zUmxY#t?+GFXdAZK?AP=2f43Xg$RP{3o|LrmxJ{Ad;+a8SOq#PnG;28aI8>yS{dW6x zmKBd0+aTy<@A%Uhne*vle765iRSZd^6X2oZ@bz`nF8>p~G#z1C=o-b$uO0we)#Dr9 zO)iL9fW?9y%`gr~Zx0H?6RJ5jgV>_YFzA@LI4^&ir$y=>`$A-@4#>{`jRRrP*=RMJ zIgGHm8y~LYV&?(j%kVb5F4#9j&HF3JM1s3hKp+WJ3?aa=t<)5Y`)IUF@+qY~x5{9; zSEz8`kCnrKQJ{Xa=uQgvI!6)U~O%k0_T!8#MeSw)Yja4Nfr zkEqzZfMX(AApKw39)5+ib6V9jp@z=|Q9wN(jdB9P&T@Ylg&iH<4{6IrRv=8iu%rp% zx+C!Gnz#_gRmP6wE6|Xbp!^P!01J3ktA10F_uZJ?zghr=IpP- za%uYjE>`@NIAzu=xAMZc901n#=Wj!$CxCX9?d`Nte&vHnc@etsp_U zd9C!4p=8RFe56x>%2b+<6A4eSKR|A6&Bvh7{vuA4M?XNMi&${M>jx0+7|8(IGkeDq z0$Z$qx(eV|X1?Rf_7QH|Z9FQPqT6IxLjQ91dfrN1GgDNm9uT7amGi~0TH5H2lIU%P zEh+6aNlK^oTcE?QDFTU|_V*_?%+s;r2a1-*{q&cX&u$*~##3S-`+tYn}>_-6~_f)!xpQH;1O$Rp< znW~Ltsvlzm>y$@u{n{9|donn2&b+gbvwcSH*l71Bgc*hFJ)Mrl(>+!GdgJo1 z5095wV6lurWUm>Y*2WEK>@wI5H51{SxNc3U%1%)wJW&Lwrx!ZJ&H57($>=)Z7F)y_ zceR;>L5MfWA=w36%bjty;tjIg^0$429_<0l13%?xP#;h6ZrP1J-pKyc^UwFp5qdUW z-FADS)22E7O!`=xvKLRAyu!Pm|4tEr6fWWR*`+hqi%5&YG5 zK)@`vg=9A7cTV;B$JY{lT9!E1atclSi*8RR=3*W8G_+}CL=+K)YypFJzrzz6Y# zF#5BwGl7Sb=&$@aLwD_^=myn_*LTSqqKViPnH@=o^15uW;plDK(Oo`AqclN^U+`Xw zNq#rUK!}oli*_g}-ue1`GIg`<>r;#JgZ+*5=@*pHxp};{V_7XGABg-%x1WF$tNaEy zc2>$^X}RdylL02@X^0emhx%zoC3~01^IKtUY;rf550@!QIN9;_@q(vxd?6hh`#o^s3<#&`928~91mHH^x2%J?u#->nmR`T{N zb?oyZQ#Mx6OPa?%=vvVgW9@XL^x`<`QwB4s=gxgg#r5`c(ExHOt=q477EueW=z!qp zF{Lh5<*#(xXz-O0mdAk^r*#fH_Q@P$72^R6wgSv^vaOqs2Lr5t3^Ni%SsIz#PO?I;d$Sun3GP zE1A=VfN!rQX)-32j#2D=uCn-x`rJoO(FD`n96J^0LHG~^-KwQ@gGF#Q6M&^?+fwOX zycbo|*UKgc`eqC(-}j?bA|@||Lqg!>A~hBXq}0sUBcM(gZyeF930|IExWUC__{~&u zL$)Y%zy48$s6yZ<+^yob?%qR9j`HKq-RP}XX>B>^{@EEv+f6%NtBq*0D|0?KeZ;g) zdl;;|rkec4V!jdfw>aiTC_B#djtarDsL8VbR5KGiC;vsS$J3b69#mqvJs?K#1qPi| zO>`Wlk7XOJDmmLv)MT<-!ms)TT(PNS9ENhO*E>B2cm$FL<|H2KDHCJA`hX+M#CMg?ECf2=w_4cg#ik`^GUiezKoWjtd$Wh$__-mRzTG zN6L_1P*I5soM+7^i)M=Jx(zIy7wasmFAKi${V}s(orBHdBvO?S|he*-K$`Q zrH-0B!sNS9gWNjnXW-Hn&o#XyBasdILL?@xhtY$F0a`=!yqW^9Sta{fI1X2+B19mz&kpl-6wJg-S&)jj9vYDM{zi*Gx3ubgk%+y|TEg6{ zR_|A7qkB@`fYG*T9dWm6Af?Fw&7ED;5{FDTdx)B1L>kr8n5kmtNQ|$l@ zR7OEW{c#3+-G}d5>N0MbzpmFE8L{MspJr+XB4)bY4n6agNLdzf$B7b*Lm5<;@JtM? zooI+4u>Hp4{9n7ou-p-0zzwQSbo|UBDHtR&nmeJGv#lr6tZM0USEX}Ib-%-DI0rmG z$c+%u4;SVXVWVGsR>u{IY#I&M-Z@KwIPJ4Nt_~;fg=`lDeP&^D1F^aPh-MG8hv35M z!7K=B_-r{SX`C5G27xlH8fvyMf;9+Lv9+aiIFm1AAn@5q3U&(}cxb2!A3HvB5ORhk zK4co(SPx10rYre4ssUg45qnZw*Ii#VnpMxrhZy^ae(0YkEFiYpfwVdK+#RLYbn;3W z=s<0tpC-&WgVKHh5AA%bgQvuoAvPK_ZOkA?E3E3mcky{(jKDM3kT9;Sl9Pe=*lK02 z5Vr#1ROqx8MpoST@{I-uTg?NDpEu-<)~61+(D3?FF2*4MMs3~fz!z0x)! zBYPGvR%kmPlcA;HEhztbRJStA-MYc`s9{+jje`~EP$y6=plJc|RCY29PIcb_3q#QC zx50HupsXe}mNc^8zHy~6X&D@d8p{s84_2?Cr*s>4D&HIHt_mF2OfE^xJ)`5+`GENw z!%u#H+*Td(M>)wX3Y_Y&puht0D_QlGOx&21281I}^xei(0H2NU9B;m}xR@0PeGI$O zeg;N##>;PPLx|%p+gY^vCGwI_Z_Ws0de zco}bl3#$aMFr?WfWL66RaOq>+oKpipNwHmQ0K(;U7P-Fy^ly>f`XNFt;hkFe6MMJ7xZ^tnouiide_P!r6YI^S@UnZs7-2ISCvX;Y}2QM zu8dwCp&_mRI|;OzCSxIWkD|+>rVwZ~yxj!kHb->ycVSbaV?8SLAKF4`;^P;=gS@f9wWz8BEa z4C>mSU?U^v%;f}3i6*sqp*2DwB|*y=9uk?b;nAtoZ&lBVUW3rTyE8!R-fLO0@GJ}b zGSLP~HZtm*TooSxd_4dOaubtb7PYox48`j23;kK3cqe|_pRfJ?!v7Omk_;fdz>oH$ zpd$uxx;u3=UXMMVopq4SV-y*ObU?7Q#aU7pYx;t%wwcJY=O=4qzRNut68UKJxr*aA z0QaljS~ZDW+{ipJ${0=zBL#X$R2F=sBb0CASG{}sR$N>lR+s-owtk|kakL-*+g+dJ z%ga1^5^Ep#`m2tm02;&GrwvZE*zORhQWS+DNKvfu_>Lo6n$II#8qXhy;x)p*h+;hS zBd&yX(2jqoMp7^+3P*j~B2q2kAuf99kQM%!0bl8m755vuvnE_wv JkQMmA004sjk`@5aloV6eQ05`c{g-B40AxeZr$OaH2*u0f$x{{5kdrNh z^=xAxSlI5kRPwe_GJ9DIi?P4kN+4cz1$;igSiX4QL+tjRPJR+Bd_L$WgTSDV&c4qA z->T2gOW<4g%j4(g8}Y;En_!~w*o&I)CK&MfdEx&C_4%pmD=%F5!Qy)Ij&y7B3M%ly z5cqtxyRa)`xhIBsZvWuUBN_Q<^Im#&ePVg`UGD^aGQ4Zvkj!p*`7ZhxctQBczIDF| zKhzMB+zPk&WIeH280>c&zXu4~KKs4^FG)It_upDpd}S!_rK&JzSinq8r<5}4w2xjz|4D@Jz_}SB!Qs}0t6`~v|k(sq{x3sb7M1y zLP!&m*rzp!MU>^7ZG1`KBpR!%)$MIdI@!$%jxu9hf0hl}xWy7?`hVJpiLOZ~5mJOc?&j^B zaDbm6vxr-%#L=J^KmWL3jt@J-TfaS?Ura}2+Z2YNO(>5>SqqFGp(nCOQ~3@-x^i7HU4Az7rsdm zPGUaPhEs)n1!8AADxLob;D2T@9>)8kChz06CDOE^-Ou1|Q4X;IC#L=O?|}RhXILe^ zk=^AO09-9Sp=f(qo!O`9~x&9nr@+B(a6++Yj&ENJdqgImW#~?wDCN zKk8LTnEzlStm2~yb_RtvR=!msXu;t&z$wmcxH~l5+o`SvGG$tTWb@x)`KMM@W8C!* za+tCqFwY)*snHi?^1Pt$tPvsT%6;^>67L5Jr%uXf3>^@^Tm)hqiDS;@p8Wwx zD6-*y_26?d?n1 z`x^0O0+v!0u4=7!IUDB)UEQqc-@R|~CL)8vtdL!Q+Dg_2BOE=diJ73%_VL*j<1-}v z8wCIGAkXY~uj3v=e6{ue?~pjB{aWOFc*uGFRKs5Qqv$guX2=N4{M&zJVnW1e4P_m+ zVCy7)vt#}znE$J{Ifwv0K3lWlfTpQaO^~fPA_J&gL}y|0HO8=8Ilk;VXaKT1gBAz} zMgRbwBt2C|tmb>)J3M5?8kL}e2*hvtEAIOCh0Y2=+p1031km7N_L~YqsdG%9_v0y+ z(IBhLBKvK(b-e8ivwj0HDaAvUi|<_!icG$@Z%nRdMAO^X@4>y%e*&RZq`y9K`|GDD zG^UbA1n&uKSA-0`7eQI&*1GkhZ*B`IcyTRhKlc?&EHL4Z zN@tZ(sT9E_zuaF`i(pe%XW0xg4e+#q@oV@Q3k{7LCp%JBIt26rQK6+scSMRkWQx=3 zJ|s~H zWH4g0!)fbMF(07xd#?`67noV3qUyT8#2c(3MaSP|K(uS?ssQ zm=uc$&bp$KFic7RvTf}-rMY~^%CthWJ~(Bad7dC|!_puL0R88HS8 z7>SGC-{Q4UU$w&ok=OTvCAKo$6;8>^{G!pl)Dc!_>k6m~LEk9o1RZOHgAn}E1RT>a zsCRlO5_=FnXUEqd);^csEwB~RtSC@y%zW%qA5o@nk8?+sUG@IZyQJ`m5zzW)_k69% z1&FPlZ>v-I0f=4`MiJ_tXX2UNvpfbUGQKT>Y7ymbZy8l9dW^vcT@2GaoCh0S;j^eo zghJlB&{>4iB2n!(*EdkS(|fO(vMsOC#T$N_-+P-5!gvgN8Em5~p$|^3XVmQUi+sy-qJ*XcMfpHJ_ zgLoc$mN?L{ zde?cF5jl`}J7_FzD&dsT)h!}~+Z=gDmyTE6y?yysb0NIGF~4AW zv1WDnbWxlQfmN93S19w|6Z^bcfY{<{-)AQ)ri)L+hX3ljB62-T9ruL)F{jhtfXe!p3^myWNga^EX{j&BG9PT@XnCqIwrXJwaR(BXuZPt*)mEl^btU^5;1P+AQf0jplw_tU!nxSuC_oGuaV-o;%)dy zwtp060UQTStR8GkcD%Hd(*;{8jG2cyxV7Rd>K&P>52J6QqKuP||7n9YO!Dpl;GsQ1;MH2xH0JGFHSXDu*%CpGGOr(X!% zR6Av%eM$jH)f#yXc!E{i_$#U|qCgN(*&u9rT<~jM4;43$ zoFt-!tZ8yGxihuFOt=%|S#)cYNc?Z!CA)RGTLqDHP=AkT+e zHLF++w4bpTvDYbr<5c7O>bxb?OF%ye^2$4gs&w3_F`K59LL{GXfn?@N6HfhR(Y6~` ztHyUZ?&N)}S*cqpc%mCabd@5MZ)X-oRBRp9k(Z&x^;dQJaf#-SFrD>)3~LT)<8vg} z+&`=+jq$7LKVJzTpV)EnspZbUlWAh7m$eXI^|0{SV=ENgXDLbXvc!o;-Sf}$@M${5 z?lcjOt-7`8%&8BpZ%~V#PLZ!>G{iB^YwWPazXrfoC8w=1bRXZpgIzC~E*;eU+#N{w z)!+dz*DFSh{0n881pM3KmlwY_!qDK0{cCF5Dj^&KMtrjDR z!RN_#(UXt~r#*Ygh5Z?0iGv0U6&;XH@$09*rpdP^ZV`b6Q{7DhG-+jI(aPft)63+B z-ZDi>(%Rn|?G$OryC49Rms?AF(HvCkSdNI7f`MqJd|w>J#MufpgfL&E1qSAkkHjVr z+o$@x(jo2(^_E$YdnW+@4E%(S7MrmG@Kp}O3+$^wat~EX`3#VnqjEBkP1+91-?)I2 zC40C5L?b9AfkXV-UOd0|bKha}+uGH&HpI95t)GZ$#IhxFyL%VMjP_++%PP6;N55k| zqAjbH^t1DfIg5QDd6x77++zxkTfa^F$_}kUWlE|xG07d{p2@I(^^t>-wb}J6QuSc# zTrk~>^ff+NMyz6I_DW}%GwF>1i5>Rg@A+KfT^vZ49VDOs?%!T;PjzV$f)0n&_&%nM zLkKhPAF}$-hhT+EJ4a)|UX`xA{e+RVznxpM-+dnPrQ>SB7Wiwc=6Mt_sXvHaqM_&_ zDx)aoeEP2OhwEA_$4iq9i57x2R{%!Mmzm%5Fq+rTU@1Saikq!<*ZUKp@F-Z-ahX*Q zZdCVdybj_Uni8zDV-4NFArUO~*o;{vr5f+%?%yIct-JKXB2iMdU)eqF9b?TlWN16H ziFlAHZECuAs+OrvrG~n0NKFhG>3~7CW~5xW-iK72 zKKZOf_$WVR*go6oLH+SNG$2pLMk0fZhw;Bwt;B&hqpkK*q4@1-fnPaTIE9v*!R$p} z)wbns4~9i1GV_9ra)Y|IYSj)+o+bfuIuGq1O>_oqoxTD_{coJI00>cy$ohOub12#ZBy5PfJq?I9OrH1@b=pqYY z;`52)NYi7l6CM+1u0_1A%PaNHD0KO*3ObW_u?@DAt7ue3*KyV|8ezNtJm15HpEG1b z4vb5i80Xc21v5ohp49gx@C&|O9Cxi<&>JY;T%D2U6D=EFzFtY#ha5ImTb86AInumV zJRzFIG55^lkzSI#u}@y$;FQN0Co#^7jG9aVvVHl?SN|o4>iSIv8hA-LuDNAx<7v(m z%hGkv0|VF{#&T(VVvsdFFl?oK!c2zc(iUm5vcK?R>QlxiCv8^sUL96iK`k*UhuIJK z>UHwtF17s&J+Uqu8;S2pLP~tJZ|7cJ%DddwxFpQ&w5CyGF%SDaSQNdjvjILr*8L4;Qd|!r4wU1g?wC>{eBH|Gm=5ET=m?{pz zUDg3qr%rQm>{lNX*n28%zJhCEW~|Au`zaklo1An{=IC#m(Xm$8nwKKKr;c@O9Bty- zD(~BI@6IXOiaydFWmVkRW~d>#DqN0=WJwSCX#Pk}_XU}|YsF57k(o%94V4_@)Vvah zWInC53k^1VR4lkQ59ZQ9@yQn75R8`FdYlwlhi(66AsKh5h4Sm9Rf)Wguo~*gp}dlW zw(evHhQYE!(sotcMTB1fdkYLWdrJ9buNou5RdZCir%;jlx8x3oK`&Yr{56xTgZIo zty)yG3Fj}#mtPkU`b&|l<}8(AIwtk@*+SfC2xDB;yQm*!SUC{E*e!NbT5mlFrb3$YB!Rh1m93a$e8LBYqzHPEQGRdRmQ#k_(T<@I%ZGUR2hp;{MKC$hMOdZrrv?cC0vuP%0H|?LX zxjZ-4#-51LD^_?!|4ln0`m=8HO*%o(!XUnztQ6E%vTemD8}KMqzMhLk3V2!{Tq?1T zUp8^^3f*()Q3$QPsUYh>vXXy(tbgde>}%@GHu2?)q4~DmQP?H?DSQd#^@^S)7iaxX zGX%KhnD#N!6J}AcFbtNpAY;~v4y%fdBdGeoGoFSPBSW%zEMsdClM*u_m0Ai;&U-AQ z7TS;vUE48sDdmN=J|JN2Tz-N81>G{)2d}?=%ozayD4naoMj4CY zXkeKdZFjyiuW`GavyM}5zJWi`?qpv}Gyuhtuq*-wZoT|Hnu2H~#W)CF2!Oz?i|pZv z8L7wk>R{$M+1-oS={`9s3*oFgZgzR%l{yf0_K;l5B1tky?9Mf1LT1S9xH-X8SSwO7 zFgusV91a)M-D#0@@RACh4$vo8I#&L4PeznuCqyoYmz-vPCHbnp+**EQE^sT(a&&Z> zDXMZl#A_%2Oip@*F6>P}oQKU(1Kr|^BOE0-X~{NZwxm|9iW5t6=F8 zxq>0~bDb|SCP)G85e+c|>xNa!-C6Bkr|BBY5wOu`rYYySEM~2L`|}S`GkxVIp{vE@ z=4}<%cjKv8UZ3m$!l}}xpd~96TXnNE;=h+y5R2TvE9tZb?5v|&ikmu(z3;==p9oOh zW@uNs{WJ?QVF*ml+7&iPD44shS*9NxYn*CALjvWh1C%wahVHh`EIGALEnCp3pYzKaE_rBU0DR5{DEc*Cy$2c>Mf6L0XboT5f8LG-`z2?r; zQynMeb%=h@K-dr)^=x769>pE2BKzx0#^Vsn(I{c1X*w=P7ZrQ*T~*pmY)pG->m~3p zW&bYatT@=Q(sWQ#bL>7JJTN#d8`7PZnO+&j!#lfwXh9_m`&Go9l9d2N3T5n&+g|zp z)AnkQ-waztKGgaJc}XIJq@$K<{5l7g-xqI3Rh*y98OEowz7`9Mo|Z^<1E!2JO#RC8 z4NP)y!r_vEaq$Dk!KW8kf_dD&weg`#Crv#NdoQq@Qcp^Gm4`(*EMPn?^_}IWGUX5f3y1fK#|GG#25~^20fh{p^kswDN2!?OErLkJH7LI1@O0Ir~9E z1LQtc5ry{-@s(XR!3U7ggCqRMEF{FlqJJ-xV8?>t;}|ju0IS%F*a@&K>0TC>_aqH| z6_J%7t+D4JBYpP0tvCGE(BZHj#(h0saV}&OJnLeybz%%Llix0-s23I{Tt_tVkbaXq zw%)1TG+eIO)fPh0DU@Eg?)m|Ef(vb!tJ+g1s8vr7gru-KLqZ^@V;3aj_Zm&?o$bD^ z(G*Q66n<~){|ImYsgXe zSO4-N?2=UhW6EVKi0_=|7e)hKvJKtlc5Z1N z4KaELhcVMa5s<~Fy@52LLBg0v@(${ymam#@saw}`w8Pj+7dCGD6BUb=wy&QM+#b(fHtSI_$2%&RQaVt6aFp~CAVSW|WC14B`#a*;a6ezS* z?Upuiy0kjXJN_#Bs6JtG(ey&3uXiWj?j*<*pXwtPXN(Kwr2j)YV&i?96vAB+$3oxY z6U!AzqRy<+V;c*Ghu|qqPDfQgshtrn0ruOeyV;OkHUvqZW8B6z& z_c`8S&;Bt_X@m;-3G4YAR4eHqgm?W$u}30B$gEK6GoVSe2pY$cJe|oJ zn#HM)?ryn zwA1M~pjz>}HrPuEy;3al(&|k8EI-%a9Ee2ag07!{j40N5?qWJatetYONyi8ypT#1) zQ=e0<)8Y_D`$f_|?9Q)R9?L%s2P;65!sL^d9Vb48 z&48Qg#$ie_nfzCp7mfs3EyQTjX7oW)*vVok zkYL|cA=fp#g<;u&IePQ!#noU-j0?u^fMBCgyPmiEQ?k>q_o`<_N@OlCF=l)+C&mC@ z8yrq*_M^UP>B$&XC!WhD`izr(ZudoQP634&7i&c0YrDz|%tjJ8(%^vj$XXyxe^2X~4$k$dDp42$aW#8sxjgb`+j>y{uVqZW)F2S?;_j|RhQa_#5m zcUfgEyi}{HsL`nf`PN%jcQ{Jw3$dLVo+tweJHOn+yW1T)^K}Q-?t9u4v-dI-%Ym(v zp=J#om7FNO=2R&ff{Pua&KSsU)jxGE)-z3enY4)QG6BH)Ie@twEdhS zA0*Fir7cn-*uch_PsZa0Df(`nIQYPN3i9_^+$^^|>Gsl-=2D|5+8{?Ocn{^~s@?w} zo{;L2!4 zaRsR$*bla%TD{O4h4j_|#QeD>A1V2H>4cSyIog3rnZ*_dGKDLG-vK5&DjW^{qvO;=95P3cx)^2!z&2l`&6sfmo zbv<+T+`%af0wwDjb5o1U0e!lG%dfAKBN(UphlujFXUGXRhH*X4{(a-_a1dj#lHw2zZWAAxZ( z!;BP6Z7F0a3LGYU`{5N^%TrpspNKk@8y2>I$ZjAE2J4y@Neu;vPfvxH!-Ri18yp52 zr|4bf;xmLO2P+BYn%#|2yjcRoAUtfL?|u4%c7iIe@WzNMRb6>9K#3L7E0s~%$%e)T z*exr+TZyEw>zoY&0r`+oO}x9u;UsBoy3vDmXeYaPJjp&Z!WDVJS0XeoO7*$DF@`NP z61~O!{ZF;LliHdW-;?{`m??C=ZK77`Pv>DN*C=6!oicmNpznP0xm$>2UfYOg3ns3x zO6`lB`+EYvSi_O?^f2I81 z7q>4z9de6+eO(_$u=vBA!IA2md+!+7G(v;iOgRdbQ@3|KWwl(1QO;yQkOkC00i_`o zo*&@*{cC%MMGBNkxX?Old$aa2d@X#C%1NRgbBn8>>A=J99=Sp9g}YiN0Ud1?qc;11 zeSPnbyH~wn>JV0z_fyB~y+gY|Ez@3dAjz-n=B5*)>4{9!gi#{jk+yf)RIH~s$?$fg zR$X7;Q;(jXRsw|pIJs~!j5JLBYlNc}cV4Gb?z$6Xo|)n!0Q=~tj^`nn#hrVPCPf~p zwUh4V2MIO<&kxzJ@O{Ivg65H-Jv42Y%ImBgLOzsjx5MCiH(GO zH^fR_ANIxk!=XcmAN^;nr8uKL+H*}1jkdy;r#rAqRNI)~(r_aTQW4x_|5{>l^`B5! zF(9WOf_w_HJDmK&#*jrhBS{dC2?t;Sk<`dBU2IFccw@`9%d!HGL00R`HGfb^CYEHg zpt=f-V22=WyNsQEgd25t?$LG*c)}Zw!{n0WQroPYoV-cnE}FKlx(<=*^sn+AqRE6k zY+J*9fvZyz#OJCDGWW1ex3RoO`#=B>cPzP^glH_CK=w0*Q#QSQ?nbkIM{Ctl@i`Mv zVYu`)7=l%$9S40sxrjOBldB9JuFy=SG-Oyt<_V@;bqXRU3yhE?ShqU87^QN{Jy?X+ zuX=n;D#)dD&fc#B_J0&hWTR2iMu&uA7`E%G-`0b1)!+kjek{bX!g=?~z8EYX2@j)P9GmCs+L8z5oTuNGmh$sLJii6jsA6QXCt!F{>Jlu{pgFbXryt z_jkp+Rb_G5A!-%I%K!8Vov$$Vm}z8U zqVvvuKlPB87#0dwwEH9s#wM@xKgyNnP!o3vHh~l!V|}Ky8vZ8r*3A@0jg;p9iZ=Ds z&y?8)=&u?`M)ai<-8ilAd_^FTh<_72Ty$^rnhW&HJk_+AxgR+96Mi+2F5fFc=Fd>W z#qW|A+2rxMszFY3{CMJTS_VLATBDT2nS~UuA^#}UKTHOm2sj2_-b3;kF83fMS5P#% zo_7R7fgo=@ev?zLZy{h(YEyi<_^}g_EQ$YfBph z&rWowvah`7QCgND{(b`(0C07~%6jx>uO7w6GH2J1)ZaqXE&|2c$z{}=)NI8e@8=C1 z^&UzlHq~7zwo#7qSn7fzbPhDDoffOi92G#whckvwpNNJbo@L6c-+CQ;$(i#kR%&u{ z_X^24wIQ?U17bdpXLNhpY|hO~TF^T%pLJq$lA?NgS@@_~6&9KLPLnO-tQ1skO2z@Q z+xBXT!I93EMC>17IuFU+Q0y+vPK##oK3{L}8qQ}tjQC@6PF;IscY@a@l8*y5cR@5Dv7$z?UaZp89K0&nM3FqX_vtlB)8bIte`S&N^hr?yUAX(W*a13B|nZTQL; z^bQMH&R1rSsR?Br4MD-9OTdS7^VaQaNS<|gAcRv{LggXV0R7r6=27CoH7%v+Uzy8n zwRV3B*oqS*?_$QN70TKDpt7d0n^=n=JVjf*_~2nT7RSN>*revhw#8&ypIOBywM?ZV z3$ghmK%L)duA<+sh(hO^y{d>(0re-SySBW)1%OC0DLF&Y+`zoi%gAtXlo z<8KP6@%sgV+by_%E{Jw^N{o30mA zSEk|B3od9TGmQzJzwX0hkjTb_+k#VmE8@5?{T`2YaX`L2A1s2p62K(bh(+&X7@35~ zRccl5hVV2(P73^DF0b11-Pk}C@T&18*`i2uZP9M6cYKIAoeZJHr!NZRnG&vbO6h`~ z7?L{vLgEfDVms7!CuAB{oP7Y4cN({Be1azLR`b(xbzLxa&8^i^^Cm;;4Gvcj@(D?Z aQV{__xg61C>HYZE6%Lxge~v!?8UF*uX;VJ{ literal 0 HcmV?d00001 From fc4219023834480a86987b2cba9b412595daedc3 Mon Sep 17 00:00:00 2001 From: Kamalgurna Date: Thu, 11 Jun 2026 16:52:29 -0400 Subject: [PATCH 2/2] Test Error Fix --- docs/ninjaone/custom-fields/cpval-enable-reboot-prompts.md | 2 +- docs/ninjaone/custom-fields/cpval-tls-hardening.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/ninjaone/custom-fields/cpval-enable-reboot-prompts.md b/docs/ninjaone/custom-fields/cpval-enable-reboot-prompts.md index 11d96cfdf..182f338fc 100644 --- a/docs/ninjaone/custom-fields/cpval-enable-reboot-prompts.md +++ b/docs/ninjaone/custom-fields/cpval-enable-reboot-prompts.md @@ -6,7 +6,7 @@ title_meta: 'cPVAL Enable Reboot Prompts' keywords: ['tls','ssl','disable'] description: 'Enables reboot prompts following TLS Hardening. Requires the Reboot Pending Prompt solution to be enabled in the environment.' tags: ['tls','windows'] -draft: true +draft: false unlisted: false last_update: date: 2026-06-10 diff --git a/docs/ninjaone/custom-fields/cpval-tls-hardening.md b/docs/ninjaone/custom-fields/cpval-tls-hardening.md index eadf37706..140656b0b 100644 --- a/docs/ninjaone/custom-fields/cpval-tls-hardening.md +++ b/docs/ninjaone/custom-fields/cpval-tls-hardening.md @@ -6,7 +6,7 @@ title_meta: 'cPVAL TLS Hardening' keywords: ['tls','ssl','disable'] description: 'Enables TLS hardening for workstations and servers. `Validate` identifies devices that require TLS hardening without making changes. `Enforce` applies hardening to devices flagged by Validate. `Validate` must be enabled for Enforce to work properly.' tags: ['tls','windows'] -draft: true +draft: false unlisted: false last_update: date: 2026-06-10