From fb93600724fd210f446846f332a000efe769f73f Mon Sep 17 00:00:00 2001
From: he3als <65787561+he3als@users.noreply.github.com>
Date: Sat, 5 Aug 2023 13:55:07 +0100
Subject: [PATCH 1/5] feat(vscode): yaml tags (credit to Revi for idea)
---
.vscode/settings.json | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
create mode 100644 .vscode/settings.json
diff --git a/.vscode/settings.json b/.vscode/settings.json
new file mode 100644
index 0000000000..15a6b6a3e6
--- /dev/null
+++ b/.vscode/settings.json
@@ -0,0 +1,16 @@
+{
+ "yaml.customTags": [
+ "!run: mapping",
+ "!registryKey: mapping",
+ "!registryValue: mapping",
+ "!appx: mapping",
+ "!file: mapping",
+ "!service: mapping",
+ "!scheduledTask: mapping",
+ "!taskKill: mapping",
+ "!systemPackage: mapping",
+ "!cmd: mapping",
+ "!powerShell: mapping",
+ "!writeStatus: mapping"
+ ],
+}
\ No newline at end of file
From 685bedd40056bcfa803a65bb774955e9e9295c8a Mon Sep 17 00:00:00 2001
From: he3als <65787561+he3als@users.noreply.github.com>
Date: Sat, 5 Aug 2023 14:13:04 +0100
Subject: [PATCH 2/5] refactor(core isolation): remove mem integrity regs
It should be configured through Windows Security instead.
---
.../Disable Memory Integrity.reg | Bin 352 -> 0 bytes
.../Enable Memory Integrity.reg | Bin 356 -> 0 bytes
2 files changed, 0 insertions(+), 0 deletions(-)
delete mode 100644 src/playbook/Executables/Atlas/3. Configuration/5. Security/Core Isolation (VBS)/Memory Integrity (HVCI)/Disable Memory Integrity.reg
delete mode 100644 src/playbook/Executables/Atlas/3. Configuration/5. Security/Core Isolation (VBS)/Memory Integrity (HVCI)/Enable Memory Integrity.reg
diff --git a/src/playbook/Executables/Atlas/3. Configuration/5. Security/Core Isolation (VBS)/Memory Integrity (HVCI)/Disable Memory Integrity.reg b/src/playbook/Executables/Atlas/3. Configuration/5. Security/Core Isolation (VBS)/Memory Integrity (HVCI)/Disable Memory Integrity.reg
deleted file mode 100644
index 552e2927f1b12d4fb47f8ef20b204431cb46b6ba..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 352
zcmXw#%}N7N428e7;5(E)fVgoZxR6n7(JEL`#7e2&Dg!bjchu6CSHA?xWhTkV$;r>(
z?*lCzg`N!qBW_vqE;jH*Wh-)Swl(UFN8FpQW?SRV_=p1zef#X?_r!!tYaUs0#SIOo
z+9fk>V{Xc|*#&bMbMEwKMh)MpR<%1jHK`r_dp=~X#ex$Zcj$sM@gL`S)m~V?l3!9e
zkS^nxauA!i$){+|ib1s6x#KOp;Fr`ddeiI@SE#x7mgn4ToE0lxoGJKYPW*3Dp>Uj6
Kh)e8VT;w0eUOt`x
diff --git a/src/playbook/Executables/Atlas/3. Configuration/5. Security/Core Isolation (VBS)/Memory Integrity (HVCI)/Enable Memory Integrity.reg b/src/playbook/Executables/Atlas/3. Configuration/5. Security/Core Isolation (VBS)/Memory Integrity (HVCI)/Enable Memory Integrity.reg
deleted file mode 100644
index cab62d713b41c02af7f5e81192be8b7d4574daeb..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 356
zcmX|-%Sr=55Jk^g@E<}xKy=|oa3Q0ZpiwZQh>;M}i3~`O^r#^}ubwVZnwhG)b?esS
z`|F;TOrm2$&wv|NyomL@Q`m}}nQe_a;{kW(i`mvV8y~XAzHgVE_#PQ?Va)?`F1e=R
zL_24qZOo0iGCN}`W6G`m#Hisz)uMK`Qxn>?f5)q=m00D}j(_NkQ}IvdSZdF$U&v3P
zT#+1cow64jxyhSoiHcsd*g3NfukusqC%tiWsaGhm_m-#FY#0>_o}H=khaCIgghJvd
Nu23)W`wspu@&m#*KDGb=
From 1b8eb71d5134476ae643f38b667f8cab784723cf Mon Sep 17 00:00:00 2001
From: he3als <65787561+he3als@users.noreply.github.com>
Date: Sat, 5 Aug 2023 19:09:45 +0100
Subject: [PATCH 3/5] feat(playbook.conf): new links for BottomLines
---
src/playbook/playbook.conf | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/playbook/playbook.conf b/src/playbook/playbook.conf
index 21b86bb691..b734ef93b8 100644
--- a/src/playbook/playbook.conf
+++ b/src/playbook/playbook.conf
@@ -37,7 +37,7 @@
defender-disable
-
+
-->
@@ -51,7 +51,7 @@
mitigations-disable
-
+
@@ -65,7 +65,7 @@
vbs-default
-
+
@@ -110,7 +110,7 @@
#E38A84
-
+
From eebcfd72ede5af1e06fc28b6e5b2299cc2ed2d53 Mon Sep 17 00:00:00 2001
From: he3als <65787561+he3als@users.noreply.github.com>
Date: Sat, 5 Aug 2023 20:19:59 +0100
Subject: [PATCH 4/5] fix(mitigations): remove DEP & HVCI & move FTH
HVCI is separate, disabling DEP doesn't have any gains as it's built into every CPU. Renaming Windows microcode can cause issues, and Spectre and Meltdown is disabled above anyways.
Resets FTH entries. https://devblogs.microsoft.com/oldnewthing/20120125-00/?p=8463
---
src/playbook/Configuration/tweaks.yml | 1 +
.../tweaks/performance/disable-fth.yml | 17 ++++++
.../Data Execution Prevention.cmd | 56 -------------------
.../Mitigations/Disable All Mitigations.cmd | 29 +++-------
.../Mitigations/Enable All Mitigations.cmd | 15 +----
.../Fault Tolerant Heap/Disable FTH.reg | 4 ++
.../Fault Tolerant Heap/Enable FTH.reg | 4 ++
.../Set Windows Default Mitigations.cmd | 13 +----
8 files changed, 36 insertions(+), 103 deletions(-)
create mode 100644 src/playbook/Configuration/tweaks/performance/disable-fth.yml
delete mode 100644 src/playbook/Executables/Atlas/3. Configuration/1. General Configuration/Mitigations/Anti-Cheat Support/Data Execution Prevention.cmd
create mode 100644 src/playbook/Executables/Atlas/3. Configuration/1. General Configuration/Mitigations/Fault Tolerant Heap/Disable FTH.reg
create mode 100644 src/playbook/Executables/Atlas/3. Configuration/1. General Configuration/Mitigations/Fault Tolerant Heap/Enable FTH.reg
diff --git a/src/playbook/Configuration/tweaks.yml b/src/playbook/Configuration/tweaks.yml
index 0d3cef504f..5e08c2beaf 100644
--- a/src/playbook/Configuration/tweaks.yml
+++ b/src/playbook/Configuration/tweaks.yml
@@ -61,6 +61,7 @@ features:
- tweaks\performance\disable-background-apps.yml
- tweaks\performance\extend-cache.yml
- tweaks\performance\no-search-invalid-shortcuts.yml
+ - tweaks\performance\disable-fth.yml
# -------------------------------------------------------------------------- #
# performance\system #
diff --git a/src/playbook/Configuration/tweaks/performance/disable-fth.yml b/src/playbook/Configuration/tweaks/performance/disable-fth.yml
new file mode 100644
index 0000000000..e82b0e931d
--- /dev/null
+++ b/src/playbook/Configuration/tweaks/performance/disable-fth.yml
@@ -0,0 +1,17 @@
+---
+title: Disable Fault Tolerant Heap (FTH)
+description: FTH is a feature in Windows 7+ that applies mitigations (non-CPU related) to applications that repeatedly crash to prevent further crashes, but when the FTH is active for a certain application, there's a performance hit.
+privilege: TrustedInstaller
+actions:
+ # https://devblogs.microsoft.com/oldnewthing/20120125-00/?p=8463
+ # Document listed as only affected in Windows 7, is also in 7+
+ # https://docs.microsoft.com/en-us/windows/win32/win7appqual/fault-tolerant-heap
+ # https://www.3dcadworld.com/windows-7-fault-tolerant-heap-prevents-crashing/
+
+ - !registryValue:
+ path: 'HKLM\SOFTWARE\Microsoft\FTH'
+ value: 'Enabled'
+ data: '0'
+ type: REG_DWORD
+ # Reset FTH entries
+ - !run: {exe: 'rundll32.exe', args: 'fthsvc.dll,FthSysprepSpecialize'}
diff --git a/src/playbook/Executables/Atlas/3. Configuration/1. General Configuration/Mitigations/Anti-Cheat Support/Data Execution Prevention.cmd b/src/playbook/Executables/Atlas/3. Configuration/1. General Configuration/Mitigations/Anti-Cheat Support/Data Execution Prevention.cmd
deleted file mode 100644
index f476aa0212..0000000000
--- a/src/playbook/Executables/Atlas/3. Configuration/1. General Configuration/Mitigations/Anti-Cheat Support/Data Execution Prevention.cmd
+++ /dev/null
@@ -1,56 +0,0 @@
-@echo off
-setlocal EnableDelayedExpansion
-
-whoami /user | find /i "S-1-5-18" > nul 2>&1 || (
- call RunAsTI.cmd "%~f0" "%*"
- exit /b
-)
-
-:: https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/bcdedit--set
-
-echo Data Execution Prevention (DEP). It is a set of hardware and software technologies designed to
-echo prevent harmful code from running in protected memory locations.
-echo]
-echo What would you like to do?
-echo [1] OptIn - Anti-cheat compatibility, protects OS components only (default)
-echo [2] OptOut - Disable DEP everywhere, but it can be enabled per process
-echo [3] AlwaysOn - Enables DEP everywhere, no matter what, anti-cheat compatibility
-echo [4] AlwaysOff - Disables DEP everywhere, no matter what
-echo]
-choice /c 1234 /n /m "Type 1 or 2 or 3 or 4: "
-if !errorlevel! == 1 (goto optin)
-if !errorlevel! == 2 (goto optout)
-if !errorlevel! == 3 (goto alwayson)
-if !errorlevel! == 4 (goto alwaysoff)
-
-:optin
-echo]
-bcdedit /set nx OptIn > nul
-if !errorlevel! == 0 (goto success) else (goto fail)
-
-:optout
-echo]
-bcdedit /set nx OptOut > nul
-if !errorlevel! == 0 (goto success) else (goto fail)
-
-:alwayson
-echo]
-bcdedit /set nx AlwaysOn > nul
-PowerShell -NoP -C "Set-ProcessMitigation -System -Enable DEP, EmulateAtlThunks" > nul
-if !errorlevel! == 0 (goto success) else (goto fail)
-
-:alwaysoff
-echo]
-bcdedit /set nx AlwaysOff > nul
-if !errorlevel! == 0 (goto success) else (goto fail)
-
-:success
-echo Finished, please restart to see the changes.
-pause
-exit /b
-
-:fail
-echo Something went wrong doing the BCDEDIT command!
-echo Look at the error above, if there is one.
-pause
-exit /b 1
\ No newline at end of file
diff --git a/src/playbook/Executables/Atlas/3. Configuration/1. General Configuration/Mitigations/Disable All Mitigations.cmd b/src/playbook/Executables/Atlas/3. Configuration/1. General Configuration/Mitigations/Disable All Mitigations.cmd
index c95dc7a62e..ec0226c75f 100644
--- a/src/playbook/Executables/Atlas/3. Configuration/1. General Configuration/Mitigations/Disable All Mitigations.cmd
+++ b/src/playbook/Executables/Atlas/3. Configuration/1. General Configuration/Mitigations/Disable All Mitigations.cmd
@@ -13,15 +13,6 @@ whoami /user | find /i "S-1-5-18" > nul 2>&1 || (
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "FeatureSettingsOverride" /t REG_DWORD /d "3" /f > nul
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "FeatureSettingsOverrideMask" /t REG_DWORD /d "3" /f > nul
-:: Rename Spectre and Meltdown updates
-ren !windir!\System32\mcupdate_GenuineIntel.dll mcupdate_GenuineIntel.old
-ren !windir!\System32\mcupdate_AuthenticAMD.dll mcupdate_AuthenticAMD.old
-
-:: Disable Fault Tolerant Heap (FTH)
-:: https://docs.microsoft.com/en-us/windows/win32/win7appqual/fault-tolerant-heap
-:: Document listed as only affected in Windows 7, is also in 7+
-reg add "HKLM\SOFTWARE\Microsoft\FTH" /v "Enabled" /t REG_DWORD /d "0" /f > nul
-
:: Disable Structured Exception Handling Overwrite Protection (SEHOP)
:: Exists in ntoskrnl strings, keep for now
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel" /v "DisableExceptionChainValidation" /t REG_DWORD /d "1" /f > nul
@@ -42,24 +33,18 @@ for /l %%a in (0,1,9) do (
)
:: Fix Valorant with mitigations disabled - enable CFG
-for %%a in (valorant valorant-win64-shipping vgtray vgc) do (
- PowerShell -NoP -C "Set-ProcessMitigation -Name %%a.exe -Enable CFG" > nul
-)
+set "enableCFGApps=valorant valorant-win64-shipping vgtray vgc"
+PowerShell -NoP -C "foreach ($a in $($env:enableCFGApps -split ' ')) {Set-ProcessMitigation -Name $a`.exe -Enable CFG}" > nul
+
+:: Set Data Execution Prevention (DEP) only for operating system components
+:: https://docs.microsoft.com/en-us/windows/win32/memory/data-execution-prevention
+:: https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/bcdedit--set#verification-settings
+bcdedit /set nx OptIn > nul
:: Apply mask to kernel
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel" /v "MitigationAuditOptions" /t REG_BINARY /d "!mitigation_mask!" /f > nul
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel" /v "MitigationOptions" /t REG_BINARY /d "!mitigation_mask!" /f > nul
-:: Disable virtualization-based protection of code integrity
-:: https://docs.microsoft.com/en-us/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity
-reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Enabled" /t REG_DWORD /d "0" /f > nul
-
-:: Disable Data Execution Prevention (DEP)
-:: It may be needed to enable it for FACEIT, Valorant and other anti-cheats
-:: https://docs.microsoft.com/en-us/windows/win32/memory/data-execution-prevention
-PowerShell -NoP -C "Set-ProcessMitigation -System -Disable DEP, EmulateAtlThunks"
-bcdedit /set nx AlwaysOff > nul
-
:: Disable file system mitigations
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager" /v "ProtectionMode" /t REG_DWORD /d "0" /f > nul
diff --git a/src/playbook/Executables/Atlas/3. Configuration/1. General Configuration/Mitigations/Enable All Mitigations.cmd b/src/playbook/Executables/Atlas/3. Configuration/1. General Configuration/Mitigations/Enable All Mitigations.cmd
index 51039f1d2d..ac062a6f1f 100644
--- a/src/playbook/Executables/Atlas/3. Configuration/1. General Configuration/Mitigations/Enable All Mitigations.cmd
+++ b/src/playbook/Executables/Atlas/3. Configuration/1. General Configuration/Mitigations/Enable All Mitigations.cmd
@@ -24,15 +24,6 @@ wmic cpu get name | findstr "AMD" > nul && (
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "FeatureSettingsOverride" /t REG_DWORD /d "64" /f > nul
)
-:: Rename Spectre and Meltdown updates
-ren !windir!\System32\mcupdate_GenuineIntel.old mcupdate_GenuineIntel.dll > nul 2>&1
-ren !windir!\System32\mcupdate_AuthenticAMD.old mcupdate_AuthenticAMD.dll > nul 2>&1
-
-:: Enable Fault Tolerant Heap (FTH)
-:: https://docs.microsoft.com/en-us/windows/win32/win7appqual/fault-tolerant-heap
-:: Document listed as only affected in Windows 7, is also in 7+
-reg add "HKLM\SOFTWARE\Microsoft\FTH" /v "Enabled" /t REG_DWORD /d "1" /f > nul
-
:: Enable Structured Exception Handling Overwrite Protection (SEHOP)
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel" /v "DisableExceptionChainValidation" /t REG_DWORD /d "0" /f > nul
@@ -53,11 +44,7 @@ for /l %%a in (0,1,9) do (
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel" /v "MitigationAuditOptions" /t REG_BINARY /d "!mitigation_mask!" /f > nul
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel" /v "MitigationOptions" /t REG_BINARY /d "!mitigation_mask!" /f > nul
-:: Set Virtualization Based Protection Of Code Integrity to default
-:: https://docs.microsoft.com/en-us/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity
-reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Enabled" /t REG_DWORD /d "1" /f > nul
-
-:: Enable Data Execution Prevention (DEP)
+:: Enable Data Execution Prevention (DEP) always
:: https://docs.microsoft.com/en-us/windows/win32/memory/data-execution-prevention
bcdedit /set nx AlwaysOn > nul
diff --git a/src/playbook/Executables/Atlas/3. Configuration/1. General Configuration/Mitigations/Fault Tolerant Heap/Disable FTH.reg b/src/playbook/Executables/Atlas/3. Configuration/1. General Configuration/Mitigations/Fault Tolerant Heap/Disable FTH.reg
new file mode 100644
index 0000000000..26c641986b
--- /dev/null
+++ b/src/playbook/Executables/Atlas/3. Configuration/1. General Configuration/Mitigations/Fault Tolerant Heap/Disable FTH.reg
@@ -0,0 +1,4 @@
+Windows Registry Editor Version 5.00
+
+[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FTH]
+"Enabled"=dword:00000000
\ No newline at end of file
diff --git a/src/playbook/Executables/Atlas/3. Configuration/1. General Configuration/Mitigations/Fault Tolerant Heap/Enable FTH.reg b/src/playbook/Executables/Atlas/3. Configuration/1. General Configuration/Mitigations/Fault Tolerant Heap/Enable FTH.reg
new file mode 100644
index 0000000000..728ead0330
--- /dev/null
+++ b/src/playbook/Executables/Atlas/3. Configuration/1. General Configuration/Mitigations/Fault Tolerant Heap/Enable FTH.reg
@@ -0,0 +1,4 @@
+Windows Registry Editor Version 5.00
+
+[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FTH]
+"Enabled"=dword:00000001
\ No newline at end of file
diff --git a/src/playbook/Executables/Atlas/3. Configuration/1. General Configuration/Mitigations/Set Windows Default Mitigations.cmd b/src/playbook/Executables/Atlas/3. Configuration/1. General Configuration/Mitigations/Set Windows Default Mitigations.cmd
index e0c6bac7b0..0b31a971f8 100644
--- a/src/playbook/Executables/Atlas/3. Configuration/1. General Configuration/Mitigations/Set Windows Default Mitigations.cmd
+++ b/src/playbook/Executables/Atlas/3. Configuration/1. General Configuration/Mitigations/Set Windows Default Mitigations.cmd
@@ -10,15 +10,6 @@ whoami /user | find /i "S-1-5-18" > nul 2>&1 || (
reg delete "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "FeatureSettingsOverride" /f > nul 2>&1
reg delete "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "FeatureSettingsOverrideMask" /f > nul 2>&1
-:: Rename Spectre and Meltdown updates
-ren !windir!\System32\mcupdate_GenuineIntel.old mcupdate_GenuineIntel.dll > nul 2>&1
-ren !windir!\System32\mcupdate_AuthenticAMD.old mcupdate_AuthenticAMD.dll > nul 2>&1
-
-:: Enable Fault Tolerant Heap (FTH)
-:: https://docs.microsoft.com/en-us/windows/win32/win7appqual/fault-tolerant-heap
-:: Document listed as only affected in Windows 7, is also in 7+
-reg add "HKLM\SOFTWARE\Microsoft\FTH" /v "Enabled" /t REG_DWORD /d "1" /f > nul
-
:: Enable Structured Exception Handling Overwrite Protection (SEHOP)
reg delete "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel" /v "DisableExceptionChainValidation" /f > nul 2>&1
@@ -30,9 +21,9 @@ reg delete "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel" /v "Mi
:: https://docs.microsoft.com/en-us/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity
reg delete "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Enabled" /f > nul 2>&1
-:: Enable Data Execution Prevention (DEP) for system components only
+:: Set Data Execution Prevention (DEP) only for operating system components
:: https://docs.microsoft.com/en-us/windows/win32/memory/data-execution-prevention
-:: https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/bcdedit--set
+:: https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/bcdedit--set#verification-settings
bcdedit /set nx OptIn > nul
:: Enable file system mitigations
From 6fa63b33a1776f34373e4c0fa58f5b4234585b8c Mon Sep 17 00:00:00 2001
From: he3als <65787561+he3als@users.noreply.github.com>
Date: Sat, 5 Aug 2023 20:23:07 +0100
Subject: [PATCH 5/5] feat(FTH): reset entries shortcut
---
.../Fault Tolerant Heap/Reset FTH entries.lnk | Bin 0 -> 1465 bytes
1 file changed, 0 insertions(+), 0 deletions(-)
create mode 100644 src/playbook/Executables/Atlas/3. Configuration/1. General Configuration/Mitigations/Fault Tolerant Heap/Reset FTH entries.lnk
diff --git a/src/playbook/Executables/Atlas/3. Configuration/1. General Configuration/Mitigations/Fault Tolerant Heap/Reset FTH entries.lnk b/src/playbook/Executables/Atlas/3. Configuration/1. General Configuration/Mitigations/Fault Tolerant Heap/Reset FTH entries.lnk
new file mode 100644
index 0000000000000000000000000000000000000000..0ba0a57f920f5291212bda2d1fbc20df27f04646
GIT binary patch
literal 1465
zcmb_cTS(JU82`-+*v%%Im{cx9DbqFQB@-;uX-mwEm0GP(wwa5~Ew^&^)
z6bo}$8Tb%BtSj}V(1jifiZb5{iu!&3xz((Qp!4TD-}QXwJHP*TPBj2kQWR(4
zt}>%CpoxQq^3bZDgz=^cRoUpV2QRuNRUsW3l@b}8gNtOYP$eO)_T~05&D&zT`qD%k
z*6MV6V@jx5sv
zEkE;rnj{{ox&k4H^JIf_|Hd&Cbk6ZA;n(+Im4Ewmqjg>_pAnFHCVRII_@bN9Pv*r?JEVPjh++?N-?=jg(B9+l3meo`o$E_%*VKqmv|wU!7>EyjfjT9{7@Y
zCbQf5$Vq#Q1W00OO%rl>O>$5`(koIfbd)ww7QKL)MC8&UwtN(!kX)}=^XV^CEcsYZ
zS+dA_`GRAFObXG>WQ