From a70188b625a202ea1278655d6108d17e2ea056f9 Mon Sep 17 00:00:00 2001 From: Chuck Kim Date: Mon, 20 May 2019 14:14:51 -0700 Subject: [PATCH 01/19] Added "Win10 & Priv. compliance" article Added new article "Windows 10 & Priv. Compliance" and edited TOC. --- windows/privacy/TOC.md | 1 + .../windows-10-and-privacy-compliance.md | 208 ++++++++++++++++++ 2 files changed, 209 insertions(+) create mode 100644 windows/privacy/windows-10-and-privacy-compliance.md diff --git a/windows/privacy/TOC.md b/windows/privacy/TOC.md index 35561d07af..0ce986219f 100644 --- a/windows/privacy/TOC.md +++ b/windows/privacy/TOC.md @@ -1,6 +1,7 @@ # [Privacy](index.yml) ## [Beginning your General Data Protection Regulation (GDPR) journey for Windows 10](gdpr-win10-whitepaper.md) ## [Windows and the GDPR: Information for IT Administrators and Decision Makers](gdpr-it-guidance.md) +## [Windows 10 & Privacy Compliance: A Guide for IT and Compliance Professionals](Windows-10-and-privacy-compliance.md) ## [Windows 10 personal data services configuration](windows-personal-data-services-configuration.md) ## [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) ## Diagnostic Data Viewer diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md new file mode 100644 index 0000000000..ceedc90f13 --- /dev/null +++ b/windows/privacy/windows-10-and-privacy-compliance.md @@ -0,0 +1,208 @@ +--- +description: This article provides information to help IT and compliance professionals understand the personal data policies as related to Windows 10. +title: Windows 10 & Privacy Compliance - A Guide for IT and Compliance Professionals +keywords: privacy, GDPR, compliance +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +ms.pagetype: security +ms.localizationpriority: high +audience: ITPro +author: brianlic-msft +ms.author: brianlic +manager: dansimp +ms.collection: M365-security-compliance +ms.topic: article +ms.date: 05/21/2019 +--- + +# Windows 10 & Privacy Compliance:
A Guide for IT and Compliance Professionals + +Applies to: +- Windows 10, version 1809 +- Windows 10, version 1803 +- Windows 10, version 1709 +- Windows 10, version 1703 +- Windows 10 Team Edition, version 1703 for Surface Hub +- Windows Server 2019 +- Windows Server 2016 +- Windows Analytics + +For more information about the GDPR, see: +* [Windows and the GDPR: Information for IT Administrators and Decision Makers](gdpr-it-guidance.md) +* [Microsoft GDPR Overview](https://aka.ms/GDPROverview) +* [Microsoft Trust Center FAQs about the GDPR](https://aka.ms/gdpr-faq) +* [Microsoft Service Trust Portal (STP)](https://aka.ms/stp) +* [Get Started: Support for GDPR Accountability](https://servicetrust.microsoft.com/ViewPage/GDPRGetStarted) + +## Overview + +At Microsoft, we are deeply committed to data privacy across all our products and services. With this guide, we provide IT and compliance professionals with data privacy considerations for Windows 10. + +Microsoft collects data through multiple interactions with users of Windows 10 devices. This information can contain personal data that may be used to provide, secure, and improve Windows 10 services. To help users and organizations control the collection of personal data, Windows 10 provides comprehensive transparency features, settings choices, controls and support for data subject requests, all of which are detailed in this guide. + +This information allows IT and compliance professionals work together to better manage personal data privacy considerations and related regulations, such as the General Data Protection Regulation (GDPR). + + +## 1. Windows 10 data collection transparency + +Transparency is an important part of the data collection process in Windows 10. Comprehensive information about the features and processes used to collect data is available to users and administrators directly within Windows, both during and after device set up. + +If interested in understanding how to manage settings related to data collection skip to the next section [Windows 10 data collection management](#12-data-collection-monitoring). + + +### 1.1 Device set up experience and support for layered transparency + +When setting up a device, a user can configure their privacy settings. Those privacy settings are key in determining the amount of personal data collected. For each privacy setting, the user is provided information about the setting along with the links to supporting information. This information explains what data is collected, how the data is used and how to manage the setting after the device setup is complete. The user can also review the privacy statement when connected to the network during this portion of setup. A brief overview of the set up experience for privacy settings are described in [this blog](https://blogs.windows.com/windowsexperience/2018/03/06/windows-insiders-get-first-look-new-privacy-screen-settings-layout-coming-windows-10/#uCC2bKYP8M5BqrDP.97). + +The following table provides an overview of the Windows 10 privacy settings presented during the device setup experience that involve processing personal data and where to find additional information. + +> [!NOTE] +> This table is limited to the privacy settings that are available as part of setting up a Windows 10 device (Window 10, version 1809 and later). For the full list of settings that involve data collection, see: [Manage connections from Windows operating system components to Microsoft services](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services). + +> [!div class="mx-tdBreakAll"] +> | Feature/Setting | Description | Supporting Content | Privacy Statement | +> |---|---|---|---| +> | Diagnostic Data |

Microsoft uses diagnostic data to: keep Windows secure and up to date, troubleshoot problems, and make product improvements as described in more detail below. Regardless of level selected, the device will be just as secure and will operate normally. This data is collected by Microsoft and stored with one or more unique identifiers that can help us recognize an individual user on an individual device, and understand the device's service issues and use patterns.

Diagnostic data is categorized into four levels:

| [Learn more](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy)

[Configuring diagnostic data in your organization](https://docs.microsoft.com/windows/privacy/configure-windows-diagnostic-data-in-your-organization) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#maindiagnosticsmodule) | +> | Inking and typing diagnostics | Microsoft collects inking and typing data to improve the language recognition and suggestion capabilities of apps and services running on Windows. | [Learn more](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#maindiagnosticsmodule) | +> | Speech | Use your voice for dictation and to talk to Cortana and other apps that use Windows cloud-based speech recognition. Microsoft collects voice data to help improve speech services. | [Learn more](https://support.microsoft.com/help/4468250/speech-inking-typing-and-privacy-microsoft-privacy) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#mainspeechinkingtypingmodule) | +> | Location | Get location-based experiences like directions and weather. Let Windows and apps request your location and allow Microsoft to use your location data to improve location services. | [Learn more](https://support.microsoft.com/help/4468240/windows-10-location-service-and-privacy-microsoft-privacy) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#mainlocationservicesmotionsensingmodule) | +> | Find my device | Use your device’s location data to help you find your device if you lose it. | [Learn more](https://support.microsoft.com/help/11579/microsoft-account-find-and-lock-lost-windows-device) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#mainlocationservicesmotionsensingmodule) | +> | Tailored Experiences | Let Microsoft offer you tailored experiences based on the diagnostic data you have chosen (Security, Basic, Enhanced, or Full). Tailored experiences mean personalized tips, ads, and recommendations to enhance Microsoft products and services for your needs. | [Learn more](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#maindiagnosticsmodule) | +> | Advertising Id | Apps can use advertising ID to provide more personalized advertising in accordance with the privacy policy of the app provider. | [Learn more](https://support.microsoft.com/help/4459081/general-privacy-settings-in-windows-10-microsoft-privacy) | [Privacy statement](https://privacy.microsoft.com/privacystatement#mainadvertisingidmodule) | +> | Activity History/Timeline – Cloud Sync | If you want timeline and other Windows features to help you continue what you were doing, even when you switch devices, send Microsoft your activity history, which includes info about websites you browse and how you use apps and services. | [Learn more](https://support.microsoft.com/help/4468227/windows-10-activity-history-and-your-privacy-microsoft-privacy) | [Privacy statement](https://privacy.microsoft.com/en-us/privacystatement#mainactivityhistorymodule) | +> | Cortana |

Cortana is Microsoft’s personal digital assistant, which helps busy people get things done, even while they’re at work. Cortana on Windows is available in [certain regions and languages](https://support.microsoft.com/instantanswers/557b5e0e-0eb0-44db-87d6-5e5db6f9c5b0/cortana-s-regions-and-languages). Cortana learns from certain data about the user, such as location, searches, calendar, contacts, voice input, speech patterns, email, content and communication history from text messages. In Microsoft Edge, Cortana uses browsing history. The user is in control of how much data is shared.

Cortana has powerful configuration options, specifically optimized for a business. By signing in with an Azure Active Directory (Azure AD) account, enterprise users can give Cortana access to their enterprise/work identity, while getting all the functionality Cortana provides to them outside of work.

| [Learn more](https://support.microsoft.com/help/4468233/cortana-and-privacy-microsoft-privacy)

[Cortana integration in your business or enterprise](https://docs.microsoft.com/windows/configuration/cortana-at-work/cortana-at-work-overview) | [Privacy statement](https://privacy.microsoft.com/privacystatement#maincortanamodule) | + +### 1.2 Data collection monitoring + +The Diagnostic Data Viewer (DDV) is a Windows app (available in Windows 10, version 1803 or later) that lets a user review the Windows diagnostic data that is being collected on their Windows 10 device and sent to Microsoft. DDV groups the information into simple categories based on how it is used by Microsoft. The [DDV Overview](https://docs.microsoft.com/windows/privacy/diagnostic-data-viewer-overview) provides information on how users can get started on using this tool. + +An administrator can also use the Diagnostic Data Viewer for PowerShell module to view the diagnostic data collected from the device instead of using the Diagnostic Data Viewer UI. The [Diagnostic Data Viewer for PowerShell Overview](https://docs.microsoft.com/windows/privacy/microsoft-diagnosticdataviewer) provides further information. + + +## 2. Windows 10 data collection management + +Windows 10 provides the ability to manage privacy settings through several different methods. Users can change their privacy settings using the Windows 10 settings (**Start** > **Settings** > **Privacy**). The organization can also manage the privacy settings using group policy or mobile device management (MDM). The following sections provide an overview on how to manage the privacy settings previously discussed in this article. + +### 2.1 Privacy setting options for users + +Once a Windows 10 device is set up, a user can manage data collection settings by going to **Start** > **Settings** > **Privacy**. IT administrators can control privacy settings via setting policy on the device (see Section 2.2 below). If this is the case, the user will see an alert that says ‘Some settings are hidden or managed by your organization’ when they navigate to **Start** > **Settings** > **Privacy**. Meaning the user can only change settings in accordance with the policies that the administrator has applied to the device. + +### 2.2 Privacy setting controls for administrators + +The IT department can configure and control privacy settings across their organization by using Group Policy, registry, or Mobile Device Management (MDM) settings. + +The following table provides an overview of the privacy settings discussed earlier in this document with details on how to configure these via policy. The table also provides information on what the default value would be for each of these privacy settings if you do not manage the setting via policy and suppress the Out-of-box Experience (OOBE) during device setup. For an IT administrator interested in minimizing data, we also provide the recommended value to set. + +> [!NOTE] +> This is not a complete list of settings that involve connecting to Microsoft services. To see a more detailed list, please refer to Manage connections from Windows operating system components to Microsoft services. + +> [!div class="mx-tdBreakAll"] +> | Feature/Setting | GP/MDM Documentation | Default State if the Setup experience is suppressed | State to stop/minimize data collection | +> |---|---|---|---| +> | [Speech](https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-priv-speech) | Group Policy:
**Computer Configuration** > **Control Panel** > **Regional and Language Options** > **Allow users to enable online speech recognition services**

MDM: [Privacy/AllowInputPersonalization](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | Off | Off | +> | [Location](https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-priv-location) | Group Policy:
**Computer Configuration** > **Windows Components** > **App Privacy** > **Let Windows apps access location**

MDM: [Privacy/LetAppsAccessLocation](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesslocation) | Off (Windows 10, version 1903 and later) | Off | +> | [Find my device](https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#find-my-device) | Group Policy:
**Computer Configuration** > **Windows Components** > **Find My Device** > **Turn On/Off Find My Device**

MDM: [Experience/AllFindMyDevice](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowfindmydevice) | Off | Off | +> | [Diagnostic Data](https://docs.microsoft.com/en-us/windows/privacy/configure-windows-diagnostic-data-in-your-organization#enterprise-management) | Group Policy:
**Computer Configuration** > **Windows Components** > **Data Collection and Preview Builds** > **Allow Telemetry**

MDM: [System/AllowTelemetry](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) | Desktop SKUs:
Basic (Windows 10, version 1903 and later)

Server SKUs:
Enhanced | Security and block endpoints | +> | [Inking and typing diagnostics](https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-priv-speech) | Group Policy:
**Computer Configuration** > **Windows Components** > **Text Input** > **Improve inking and typing recognition**

MDM: [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) | Off (Windows 10, version 1809 and later) | Off | +> | Tailored Experiences | Group Policy:
**User Configuration** > **Windows Components** > **Cloud Content** > **Do not use diagnostic data for tailored experiences**

MDM: Link TBD | Off | Off | +> | Advertising ID | Group Policy:
**Configuration** > **System** > **User Profile** > **Turn off the advertising Id**

MDM: [Privacy/DisableAdvertisingId](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-disableadvertisingid) | Off | Off | +> | Activity History/Timeline – Cloud Sync | Group Policy:
**Computer Configuration** > **System** > **OS Policies** > **Allow upload of User Activities**

MDM: [Privacy/EnableActivityFeed](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-enableactivityfeed) | Off | Off | +> | [Cortana](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-cortana) | Group Policy:
**Computer Configuration** > **Windows Components** > **Search** > **Allow Cortana**

MDM: [Experience/AllowCortana](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowcortana) | Off | Off | + +### 2.3 Guidance for configuration options + +This section provides general details and links to more detailed information as well as instructions for IT administrators and compliance professional. These instructions allow IT admins and compliance pros to manage the device compliance. This information includes details about setting up a device, to configuring the device’s settings after setup is completed to minimize data collected and drive privacy related user experiences. + +#### 2.3.1 Managing the device setup experience + +Windows deployment can be configured using several different methods, which provide an administrator with options to control: how a device is set up, what’s enabled by default, and what the user is able to change on the system after they log on. + +The [Deploy and update Windows 10](https://docs.microsoft.com/windows/deployment/) section of the Windows IT Pro Center provides an overview of the different options. + +#### 2.3.2 Managing connections from Windows components to Microsoft services + +IT administrators can manage the data sent from their organization to Microsoft by configuring settings associated with the functionality provided by these Windows components. + +See [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services) for more details, including the different methods available on how to configure each setting, the impact to functionality and which versions of Windows that are applicable. + +#### 2.3.3 Managing Windows 10 connections + +Some Windows components, apps, and related services transfer data to Microsoft network endpoints. An administrator may want to block these endpoints as an additional measure of ensuring privacy compliance within their organization. + +[Manage connection endpoints for Windows 10, version 1809](https://docs.microsoft.com/windows/privacy/manage-windows-1809-endpoints) provides a list of endpoints for the latest Windows 10 release, along with the functionality that would be impacted. Details for additional Windows versions can be found on the [Windows Privacy site](https://docs.microsoft.com/windows/privacy/) under the “Manage Windows 10 connection endpoints” section of the left-hand navigation menu. + +#### 2.3.4 Limited functionality baseline + +An organization may want to further minimize the amount of data shared with Microsoft or apps by managing the connections and configuring additional settings on their devices. Similar to [Security baselines](https://docs.microsoft.com/windows/security/threat-protection/windows-security-baselines), we have a limited functionality baseline-focused configuring settings to minimize the data shared, however this comes with some potential impact to functionality on the device. The [Manage connections from Windows operating system components to Microsoft services](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services) article provides details on how to apply the baseline, along with the full list of settings covered in the baseline and the functionality that would be impacted. Administrators who don’t want to apply the baseline can still find details on how to configure each setting individually to find the right balance between data sharing and impact to functionality for their organization. + +#### 2.3.5 Diagnostic data: Managing notifications for change of level at logon + +Windows 10, version 1803, and later provides users with a notification during sign in about changes to the diagnostic data level on the device so they are aware of any changes where additional data may be collected. For instance, if the diagnostic level on the device is set to Basic and an administrator changes it to Full, users will be notified when they next sign in. The IT administrator can disable these notifications by setting Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Data Collection and Preview Builds** > **Configure telemetry opt-in change notifications** or the MDM policy `ConfigureTelemetryOptInChangeNotification`. + +#### 2.3.6 Diagnostic data: Managing end user choice for changing the setting + +Windows 10, version 1803 and later, allows users to change their diagnostic data level to a lower setting than what their IT administrator has set. For instance, if the administrator has set the diagnostic data level to Enhanced or Full, a user can change the setting to Basic by going into **Settings** > **Privacy** > **Diagnostic & feedback**. The administrator can disable the user ability to change the setting via **Setting** > **Privacy** by setting the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Data Collection and Preview Builds** > **Configure telemetry opt-in setting user interface** or the MDM policy `ConfigureTelemetryOptInSettingsUx`. + +#### 2.3.7 Diagnostic data: Managing device-based data delete + +Windows 10, version 1809 and later, allows a user to delete diagnostic data collected from their device by going into **Settings** > **Privacy** > **Diagnostic & feedback** and clicking the **Delete** button. An IT administrator can also delete diagnostic data for a device using the [`Clear-WindowsDiagnosticData`](https://docs.microsoft.com/powershell/module/windowsdiagnosticdata/Clear-WindowsDiagnosticData?view=win10-ps) PowerShell cmdlet script. + +An administrator can disable a user’s ability to delete their device’s diagnostic data by setting the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Data Collection and Preview Builds** > **Disable deleting diagnostic data** or the MDM policy `DisableDeviceDelete`. + + +## 3. The process for exercising data subject rights + +This section discusses the different methods Microsoft provides for users and IT administrators to exercise data subject rights for data collected from a Windows 10 device. + +### 3.1 Delete + +Users can delete their device-based data by going to **Settings** > **Privacy** > **Diagnostic & feedback** and clicking the **Delete** button. Administrators can also use the [`Clear-WindowsDiagnosticData`](https://docs.microsoft.com/powershell/module/windowsdiagnosticdata/Clear-WindowsDiagnosticData?view=win10-ps) PowerShell cmdlet script. + +### 3.2 View + +The [Diagnostic Data Viewer (DDV)](https://docs.microsoft.com/en-us/windows/privacy/diagnostic-data-viewer-overview) provides a view into the diagnostic data being collected from the Windows 10 device. IT administrators can also use the [`Get-DiagnosticData`](https://docs.microsoft.com/en-us/windows/privacy/microsoft-diagnosticdataviewer#install-and-use-the-diagnostic-data-viewer-for-powershell) PowerShell cmdlet script. + +### 3.3 Export + +The [Diagnostic Data Viewer (DDV)](https://docs.microsoft.com/en-us/windows/privacy/diagnostic-data-viewer-overview) provides the ability to export the diagnostic data captured while the app is running, by clicking the Export data button in the top menu. IT administrators can also use the [`Get-DiagnosticData`](https://docs.microsoft.com/en-us/windows/privacy/microsoft-diagnosticdataviewer#install-and-use-the-diagnostic-data-viewer-for-powershell) PowerShell cmdlet script. + +### 3.4 Devices connected to a Microsoft account + +If a user signs in to a Windows experience or app on their device with their Microsoft account (MSA), they can view, delete, and export data associated with their MSA on the [Privacy dashboard](https://account.microsoft.com/privacy). + + +## 4. Cross-border data transfers + +Microsoft complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom, and Switzerland to the United States. + +Microsoft’s [Privacy Statement](https://privacy.microsoft.com/privacystatement#mainwherewestoreandprocessdatamodule) provides details on how we store and process personal data. + + +## 5. Related Windows product considerations + +The following sections provide details about how privacy data is collected and managed across related Windows products. + +### 5.1 Windows Server 2016 and 2019 + +Windows Server follows the same mechanisms as Windows 10 for handling of personal data. There are some differences regarding [diagnostic default settings for Windows Server](https://microsoft-my.sharepoint.com/personal/v-colinm_microsoft_com/Documents/WINDOWS%20PRIVACY/Windows%20diagnostic%20data%20and%20Windows%20Server). + +### 5.2 Surface Hub + +Surface Hub is a shared device used within an organization. The device identifier collected as part of diagnostic data is not connected to an individual user. For removing Windows diagnostic data sent to Microsoft for a Surface Hub, Microsoft created the Surface Hub Delete Diagnostic Data tool available in the Microsoft Store. + +For more details, see [Windows 10 Team Edition, Version 1703 for Surface Hub](https://docs.microsoft.com/en-us/windows/privacy/gdpr-it-guidance#windows-10-team-edition-version-1703-for-surface-hub). + +### 5.3 Windows 10 Analytics + +[Windows Analytics](https://docs.microsoft.com/windows/deployment/update/windows-analytics-overview) is a set of solutions for Azure Portal that provide you with extensive data about the state of devices in your deployment. There are currently three solutions which you can use singly or in any combination: Device Health, Update Compliance, and Upgrade Readiness. Windows Analytics is a separate offering from Windows 10 and is dependent on enabling a minimum set of data collection on the device to function. + +For more details, see the [Windows Analytics overview page](https://docs.microsoft.com/windows/deployment/update/windows-analytics-overview). + + +## Additional Resources + +[Microsoft Trust Center: GDPR Overview](https://www.microsoft.com/trustcenter/privacy/gdpr/gdpr-overview) +[Microsoft Trust Center: Privacy at Microsoft](https://www.microsoft.com/en-us/TrustCenter/Privacy/privacy-overview) +[Windows IT Pro Docs](https://docs.microsoft.com/windows/#pivot=it-pro) + From 616492a42db7788b20b9bb3c13a57ec5614bb823 Mon Sep 17 00:00:00 2001 From: Chuck Kim Date: Mon, 20 May 2019 14:43:53 -0700 Subject: [PATCH 02/19] Update windows-10-and-privacy-compliance.md Addressed initial feedback from Brian --- .../privacy/windows-10-and-privacy-compliance.md | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md index ceedc90f13..0340891fac 100644 --- a/windows/privacy/windows-10-and-privacy-compliance.md +++ b/windows/privacy/windows-10-and-privacy-compliance.md @@ -19,6 +19,7 @@ ms.date: 05/21/2019 # Windows 10 & Privacy Compliance:
A Guide for IT and Compliance Professionals Applies to: +- Windows 10, version 1903 - Windows 10, version 1809 - Windows 10, version 1803 - Windows 10, version 1709 @@ -58,12 +59,12 @@ When setting up a device, a user can configure their privacy settings. Those pri The following table provides an overview of the Windows 10 privacy settings presented during the device setup experience that involve processing personal data and where to find additional information. > [!NOTE] -> This table is limited to the privacy settings that are available as part of setting up a Windows 10 device (Window 10, version 1809 and later). For the full list of settings that involve data collection, see: [Manage connections from Windows operating system components to Microsoft services](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services). +> This table is limited to the privacy settings that are available as part of setting up a Windows 10 device (Windows 10, version 1809 and later). For the full list of settings that involve data collection, see: [Manage connections from Windows operating system components to Microsoft services](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services). > [!div class="mx-tdBreakAll"] > | Feature/Setting | Description | Supporting Content | Privacy Statement | > |---|---|---|---| -> | Diagnostic Data |

Microsoft uses diagnostic data to: keep Windows secure and up to date, troubleshoot problems, and make product improvements as described in more detail below. Regardless of level selected, the device will be just as secure and will operate normally. This data is collected by Microsoft and stored with one or more unique identifiers that can help us recognize an individual user on an individual device, and understand the device's service issues and use patterns.

Diagnostic data is categorized into four levels:

| [Learn more](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy)

[Configuring diagnostic data in your organization](https://docs.microsoft.com/windows/privacy/configure-windows-diagnostic-data-in-your-organization) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#maindiagnosticsmodule) | +> | Diagnostic Data |

Microsoft uses diagnostic data to: keep Windows secure and up to date, troubleshoot problems, and make product improvements as described in more detail below. Regardless of level selected, the device will be just as secure and will operate normally. This data is collected by Microsoft and stored with one or more unique identifiers that can help us recognize an individual user on an individual device, and understand the device's service issues and use patterns.

Diagnostic data is categorized into four levels:

| [Learn more](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy)

[Configure Windows diagnostic data in your organization](https://docs.microsoft.com/windows/privacy/configure-windows-diagnostic-data-in-your-organization) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#maindiagnosticsmodule) | > | Inking and typing diagnostics | Microsoft collects inking and typing data to improve the language recognition and suggestion capabilities of apps and services running on Windows. | [Learn more](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#maindiagnosticsmodule) | > | Speech | Use your voice for dictation and to talk to Cortana and other apps that use Windows cloud-based speech recognition. Microsoft collects voice data to help improve speech services. | [Learn more](https://support.microsoft.com/help/4468250/speech-inking-typing-and-privacy-microsoft-privacy) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#mainspeechinkingtypingmodule) | > | Location | Get location-based experiences like directions and weather. Let Windows and apps request your location and allow Microsoft to use your location data to improve location services. | [Learn more](https://support.microsoft.com/help/4468240/windows-10-location-service-and-privacy-microsoft-privacy) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#mainlocationservicesmotionsensingmodule) | @@ -95,7 +96,7 @@ The IT department can configure and control privacy settings across their organi The following table provides an overview of the privacy settings discussed earlier in this document with details on how to configure these via policy. The table also provides information on what the default value would be for each of these privacy settings if you do not manage the setting via policy and suppress the Out-of-box Experience (OOBE) during device setup. For an IT administrator interested in minimizing data, we also provide the recommended value to set. > [!NOTE] -> This is not a complete list of settings that involve connecting to Microsoft services. To see a more detailed list, please refer to Manage connections from Windows operating system components to Microsoft services. +> This is not a complete list of settings that involve connecting to Microsoft services. To see a more detailed list, please refer to Manage connections from [Windows operating system components to Microsoft services](https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services). > [!div class="mx-tdBreakAll"] > | Feature/Setting | GP/MDM Documentation | Default State if the Setup experience is suppressed | State to stop/minimize data collection | @@ -202,7 +203,7 @@ For more details, see the [Windows Analytics overview page](https://docs.microso ## Additional Resources -[Microsoft Trust Center: GDPR Overview](https://www.microsoft.com/trustcenter/privacy/gdpr/gdpr-overview) -[Microsoft Trust Center: Privacy at Microsoft](https://www.microsoft.com/en-us/TrustCenter/Privacy/privacy-overview) -[Windows IT Pro Docs](https://docs.microsoft.com/windows/#pivot=it-pro) +* [Microsoft Trust Center: GDPR Overview](https://www.microsoft.com/trustcenter/privacy/gdpr/gdpr-overview) +* [Microsoft Trust Center: Privacy at Microsoft](https://www.microsoft.com/en-us/TrustCenter/Privacy/privacy-overview) +* [Windows IT Pro Docs](https://docs.microsoft.com/windows/#pivot=it-pro) From 54d8bdded1b48ef7b6ee730566d8e5c071b4e58c Mon Sep 17 00:00:00 2001 From: Chuck Kim Date: Mon, 20 May 2019 15:17:56 -0700 Subject: [PATCH 03/19] Update windows-10-and-privacy-compliance.md Removed locale from target URLs. Woops. (;<_<) --- .../windows-10-and-privacy-compliance.md | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md index 0340891fac..1d1af4f5c7 100644 --- a/windows/privacy/windows-10-and-privacy-compliance.md +++ b/windows/privacy/windows-10-and-privacy-compliance.md @@ -71,7 +71,7 @@ The following table provides an overview of the Windows 10 privacy settings pres > | Find my device | Use your device’s location data to help you find your device if you lose it. | [Learn more](https://support.microsoft.com/help/11579/microsoft-account-find-and-lock-lost-windows-device) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#mainlocationservicesmotionsensingmodule) | > | Tailored Experiences | Let Microsoft offer you tailored experiences based on the diagnostic data you have chosen (Security, Basic, Enhanced, or Full). Tailored experiences mean personalized tips, ads, and recommendations to enhance Microsoft products and services for your needs. | [Learn more](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#maindiagnosticsmodule) | > | Advertising Id | Apps can use advertising ID to provide more personalized advertising in accordance with the privacy policy of the app provider. | [Learn more](https://support.microsoft.com/help/4459081/general-privacy-settings-in-windows-10-microsoft-privacy) | [Privacy statement](https://privacy.microsoft.com/privacystatement#mainadvertisingidmodule) | -> | Activity History/Timeline – Cloud Sync | If you want timeline and other Windows features to help you continue what you were doing, even when you switch devices, send Microsoft your activity history, which includes info about websites you browse and how you use apps and services. | [Learn more](https://support.microsoft.com/help/4468227/windows-10-activity-history-and-your-privacy-microsoft-privacy) | [Privacy statement](https://privacy.microsoft.com/en-us/privacystatement#mainactivityhistorymodule) | +> | Activity History/Timeline – Cloud Sync | If you want timeline and other Windows features to help you continue what you were doing, even when you switch devices, send Microsoft your activity history, which includes info about websites you browse and how you use apps and services. | [Learn more](https://support.microsoft.com/help/4468227/windows-10-activity-history-and-your-privacy-microsoft-privacy) | [Privacy statement](https://privacy.microsoft.com/privacystatement#mainactivityhistorymodule) | > | Cortana |

Cortana is Microsoft’s personal digital assistant, which helps busy people get things done, even while they’re at work. Cortana on Windows is available in [certain regions and languages](https://support.microsoft.com/instantanswers/557b5e0e-0eb0-44db-87d6-5e5db6f9c5b0/cortana-s-regions-and-languages). Cortana learns from certain data about the user, such as location, searches, calendar, contacts, voice input, speech patterns, email, content and communication history from text messages. In Microsoft Edge, Cortana uses browsing history. The user is in control of how much data is shared.

Cortana has powerful configuration options, specifically optimized for a business. By signing in with an Azure Active Directory (Azure AD) account, enterprise users can give Cortana access to their enterprise/work identity, while getting all the functionality Cortana provides to them outside of work.

| [Learn more](https://support.microsoft.com/help/4468233/cortana-and-privacy-microsoft-privacy)

[Cortana integration in your business or enterprise](https://docs.microsoft.com/windows/configuration/cortana-at-work/cortana-at-work-overview) | [Privacy statement](https://privacy.microsoft.com/privacystatement#maincortanamodule) | ### 1.2 Data collection monitoring @@ -96,16 +96,16 @@ The IT department can configure and control privacy settings across their organi The following table provides an overview of the privacy settings discussed earlier in this document with details on how to configure these via policy. The table also provides information on what the default value would be for each of these privacy settings if you do not manage the setting via policy and suppress the Out-of-box Experience (OOBE) during device setup. For an IT administrator interested in minimizing data, we also provide the recommended value to set. > [!NOTE] -> This is not a complete list of settings that involve connecting to Microsoft services. To see a more detailed list, please refer to Manage connections from [Windows operating system components to Microsoft services](https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services). +> This is not a complete list of settings that involve connecting to Microsoft services. To see a more detailed list, please refer to Manage connections from [Windows operating system components to Microsoft services](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services). > [!div class="mx-tdBreakAll"] > | Feature/Setting | GP/MDM Documentation | Default State if the Setup experience is suppressed | State to stop/minimize data collection | > |---|---|---|---| -> | [Speech](https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-priv-speech) | Group Policy:
**Computer Configuration** > **Control Panel** > **Regional and Language Options** > **Allow users to enable online speech recognition services**

MDM: [Privacy/AllowInputPersonalization](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | Off | Off | -> | [Location](https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-priv-location) | Group Policy:
**Computer Configuration** > **Windows Components** > **App Privacy** > **Let Windows apps access location**

MDM: [Privacy/LetAppsAccessLocation](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesslocation) | Off (Windows 10, version 1903 and later) | Off | -> | [Find my device](https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#find-my-device) | Group Policy:
**Computer Configuration** > **Windows Components** > **Find My Device** > **Turn On/Off Find My Device**

MDM: [Experience/AllFindMyDevice](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowfindmydevice) | Off | Off | -> | [Diagnostic Data](https://docs.microsoft.com/en-us/windows/privacy/configure-windows-diagnostic-data-in-your-organization#enterprise-management) | Group Policy:
**Computer Configuration** > **Windows Components** > **Data Collection and Preview Builds** > **Allow Telemetry**

MDM: [System/AllowTelemetry](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) | Desktop SKUs:
Basic (Windows 10, version 1903 and later)

Server SKUs:
Enhanced | Security and block endpoints | -> | [Inking and typing diagnostics](https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-priv-speech) | Group Policy:
**Computer Configuration** > **Windows Components** > **Text Input** > **Improve inking and typing recognition**

MDM: [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) | Off (Windows 10, version 1809 and later) | Off | +> | [Speech](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-priv-speech) | Group Policy:
**Computer Configuration** > **Control Panel** > **Regional and Language Options** > **Allow users to enable online speech recognition services**

MDM: [Privacy/AllowInputPersonalization](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | Off | Off | +> | [Location](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-priv-location) | Group Policy:
**Computer Configuration** > **Windows Components** > **App Privacy** > **Let Windows apps access location**

MDM: [Privacy/LetAppsAccessLocation](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesslocation) | Off (Windows 10, version 1903 and later) | Off | +> | [Find my device](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#find-my-device) | Group Policy:
**Computer Configuration** > **Windows Components** > **Find My Device** > **Turn On/Off Find My Device**

MDM: [Experience/AllFindMyDevice](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowfindmydevice) | Off | Off | +> | [Diagnostic Data](https://docs.microsoft.com/windows/privacy/configure-windows-diagnostic-data-in-your-organization#enterprise-management) | Group Policy:
**Computer Configuration** > **Windows Components** > **Data Collection and Preview Builds** > **Allow Telemetry**

MDM: [System/AllowTelemetry](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) | Desktop SKUs:
Basic (Windows 10, version 1903 and later)

Server SKUs:
Enhanced | Security and block endpoints | +> | [Inking and typing diagnostics](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-priv-speech) | Group Policy:
**Computer Configuration** > **Windows Components** > **Text Input** > **Improve inking and typing recognition**

MDM: [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) | Off (Windows 10, version 1809 and later) | Off | > | Tailored Experiences | Group Policy:
**User Configuration** > **Windows Components** > **Cloud Content** > **Do not use diagnostic data for tailored experiences**

MDM: Link TBD | Off | Off | > | Advertising ID | Group Policy:
**Configuration** > **System** > **User Profile** > **Turn off the advertising Id**

MDM: [Privacy/DisableAdvertisingId](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-disableadvertisingid) | Off | Off | > | Activity History/Timeline – Cloud Sync | Group Policy:
**Computer Configuration** > **System** > **OS Policies** > **Allow upload of User Activities**

MDM: [Privacy/EnableActivityFeed](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-enableactivityfeed) | Off | Off | @@ -162,11 +162,11 @@ Users can delete their device-based data by going to **Settings** > **Privacy** ### 3.2 View -The [Diagnostic Data Viewer (DDV)](https://docs.microsoft.com/en-us/windows/privacy/diagnostic-data-viewer-overview) provides a view into the diagnostic data being collected from the Windows 10 device. IT administrators can also use the [`Get-DiagnosticData`](https://docs.microsoft.com/en-us/windows/privacy/microsoft-diagnosticdataviewer#install-and-use-the-diagnostic-data-viewer-for-powershell) PowerShell cmdlet script. +The [Diagnostic Data Viewer (DDV)](https://docs.microsoft.com/windows/privacy/diagnostic-data-viewer-overview) provides a view into the diagnostic data being collected from the Windows 10 device. IT administrators can also use the [`Get-DiagnosticData`](https://docs.microsoft.com/windows/privacy/microsoft-diagnosticdataviewer#install-and-use-the-diagnostic-data-viewer-for-powershell) PowerShell cmdlet script. ### 3.3 Export -The [Diagnostic Data Viewer (DDV)](https://docs.microsoft.com/en-us/windows/privacy/diagnostic-data-viewer-overview) provides the ability to export the diagnostic data captured while the app is running, by clicking the Export data button in the top menu. IT administrators can also use the [`Get-DiagnosticData`](https://docs.microsoft.com/en-us/windows/privacy/microsoft-diagnosticdataviewer#install-and-use-the-diagnostic-data-viewer-for-powershell) PowerShell cmdlet script. +The [Diagnostic Data Viewer (DDV)](https://docs.microsoft.com/windows/privacy/diagnostic-data-viewer-overview) provides the ability to export the diagnostic data captured while the app is running, by clicking the Export data button in the top menu. IT administrators can also use the [`Get-DiagnosticData`](https://docs.microsoft.com/windows/privacy/microsoft-diagnosticdataviewer#install-and-use-the-diagnostic-data-viewer-for-powershell) PowerShell cmdlet script. ### 3.4 Devices connected to a Microsoft account @@ -192,7 +192,7 @@ Windows Server follows the same mechanisms as Windows 10 for handling of persona Surface Hub is a shared device used within an organization. The device identifier collected as part of diagnostic data is not connected to an individual user. For removing Windows diagnostic data sent to Microsoft for a Surface Hub, Microsoft created the Surface Hub Delete Diagnostic Data tool available in the Microsoft Store. -For more details, see [Windows 10 Team Edition, Version 1703 for Surface Hub](https://docs.microsoft.com/en-us/windows/privacy/gdpr-it-guidance#windows-10-team-edition-version-1703-for-surface-hub). +For more details, see [Windows 10 Team Edition, Version 1703 for Surface Hub](https://docs.microsoft.com/windows/privacy/gdpr-it-guidance#windows-10-team-edition-version-1703-for-surface-hub). ### 5.3 Windows 10 Analytics @@ -204,6 +204,6 @@ For more details, see the [Windows Analytics overview page](https://docs.microso ## Additional Resources * [Microsoft Trust Center: GDPR Overview](https://www.microsoft.com/trustcenter/privacy/gdpr/gdpr-overview) -* [Microsoft Trust Center: Privacy at Microsoft](https://www.microsoft.com/en-us/TrustCenter/Privacy/privacy-overview) +* [Microsoft Trust Center: Privacy at Microsoft](https://www.microsoft.com/TrustCenter/Privacy/privacy-overview) * [Windows IT Pro Docs](https://docs.microsoft.com/windows/#pivot=it-pro) From 3c091ade9db52942a737910992c9b5449137ac46 Mon Sep 17 00:00:00 2001 From: Chuck Kim Date: Mon, 20 May 2019 15:25:03 -0700 Subject: [PATCH 04/19] Update windows-10-and-privacy-compliance.md More work on table formatting. Hopefully, this will fix the ugly line breaks. --- windows/privacy/windows-10-and-privacy-compliance.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md index 1d1af4f5c7..005045c2fa 100644 --- a/windows/privacy/windows-10-and-privacy-compliance.md +++ b/windows/privacy/windows-10-and-privacy-compliance.md @@ -61,7 +61,7 @@ The following table provides an overview of the Windows 10 privacy settings pres > [!NOTE] > This table is limited to the privacy settings that are available as part of setting up a Windows 10 device (Windows 10, version 1809 and later). For the full list of settings that involve data collection, see: [Manage connections from Windows operating system components to Microsoft services](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services). -> [!div class="mx-tdBreakAll"] +> [!div class="mx-tdCol2BreakAll"] > | Feature/Setting | Description | Supporting Content | Privacy Statement | > |---|---|---|---| > | Diagnostic Data |

Microsoft uses diagnostic data to: keep Windows secure and up to date, troubleshoot problems, and make product improvements as described in more detail below. Regardless of level selected, the device will be just as secure and will operate normally. This data is collected by Microsoft and stored with one or more unique identifiers that can help us recognize an individual user on an individual device, and understand the device's service issues and use patterns.

Diagnostic data is categorized into four levels:

  • **Security**
    Information that’s required to help keep Windows, Windows Server, and System Center secure, including data about the Connected User Experiences and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender.
  • **Basic**
    Basic device info, including: quality-related data, app compatibility, and data from the Security level.
  • **Enhanced**
    Additional insights, including: how Windows, Windows Server, System Center, and apps are used; how they perform; advanced reliability data; and data from both the Basic and the Security levels.
  • **Full**
    Information about the websites you browse, how you use apps and features; plus additional information about device health, device activity, enhanced error reporting, and data from Enhanced, Basic and the Security levels.
    At Full, Microsoft also collects the memory state of your device when a system or app crash occurs (which may unintentionally include parts of a file you were using when a problem occurred).

| [Learn more](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy)

[Configure Windows diagnostic data in your organization](https://docs.microsoft.com/windows/privacy/configure-windows-diagnostic-data-in-your-organization) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#maindiagnosticsmodule) | @@ -98,7 +98,7 @@ The following table provides an overview of the privacy settings discussed earli > [!NOTE] > This is not a complete list of settings that involve connecting to Microsoft services. To see a more detailed list, please refer to Manage connections from [Windows operating system components to Microsoft services](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services). -> [!div class="mx-tdBreakAll"] +> [!div class="mx-tdCol2BreakAll"] > | Feature/Setting | GP/MDM Documentation | Default State if the Setup experience is suppressed | State to stop/minimize data collection | > |---|---|---|---| > | [Speech](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-priv-speech) | Group Policy:
**Computer Configuration** > **Control Panel** > **Regional and Language Options** > **Allow users to enable online speech recognition services**

MDM: [Privacy/AllowInputPersonalization](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | Off | Off | From 3e82cc6837837a75c70e89fdec48f073515714ff Mon Sep 17 00:00:00 2001 From: Chuck Kim Date: Mon, 20 May 2019 15:46:41 -0700 Subject: [PATCH 05/19] Update windows-10-and-privacy-compliance.md Changed links with absolute URLs to relative URLs where they seemed appropriate. Still trying to get the tables fixed, too. (;<_<) --- .../windows-10-and-privacy-compliance.md | 36 +++++++++---------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md index 005045c2fa..eb3cff64f6 100644 --- a/windows/privacy/windows-10-and-privacy-compliance.md +++ b/windows/privacy/windows-10-and-privacy-compliance.md @@ -59,12 +59,12 @@ When setting up a device, a user can configure their privacy settings. Those pri The following table provides an overview of the Windows 10 privacy settings presented during the device setup experience that involve processing personal data and where to find additional information. > [!NOTE] -> This table is limited to the privacy settings that are available as part of setting up a Windows 10 device (Windows 10, version 1809 and later). For the full list of settings that involve data collection, see: [Manage connections from Windows operating system components to Microsoft services](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services). +> This table is limited to the privacy settings that are available as part of setting up a Windows 10 device (Windows 10, version 1809 and later). For the full list of settings that involve data collection, see: [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). -> [!div class="mx-tdCol2BreakAll"] +> [!div class="mx-tdBreakAll"] > | Feature/Setting | Description | Supporting Content | Privacy Statement | > |---|---|---|---| -> | Diagnostic Data |

Microsoft uses diagnostic data to: keep Windows secure and up to date, troubleshoot problems, and make product improvements as described in more detail below. Regardless of level selected, the device will be just as secure and will operate normally. This data is collected by Microsoft and stored with one or more unique identifiers that can help us recognize an individual user on an individual device, and understand the device's service issues and use patterns.

Diagnostic data is categorized into four levels:

  • **Security**
    Information that’s required to help keep Windows, Windows Server, and System Center secure, including data about the Connected User Experiences and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender.
  • **Basic**
    Basic device info, including: quality-related data, app compatibility, and data from the Security level.
  • **Enhanced**
    Additional insights, including: how Windows, Windows Server, System Center, and apps are used; how they perform; advanced reliability data; and data from both the Basic and the Security levels.
  • **Full**
    Information about the websites you browse, how you use apps and features; plus additional information about device health, device activity, enhanced error reporting, and data from Enhanced, Basic and the Security levels.
    At Full, Microsoft also collects the memory state of your device when a system or app crash occurs (which may unintentionally include parts of a file you were using when a problem occurred).

| [Learn more](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy)

[Configure Windows diagnostic data in your organization](https://docs.microsoft.com/windows/privacy/configure-windows-diagnostic-data-in-your-organization) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#maindiagnosticsmodule) | +> | Diagnostic Data |

Microsoft uses diagnostic data to: keep Windows secure and up to date, troubleshoot problems, and make product improvements as described in more detail below. Regardless of level selected, the device will be just as secure and will operate normally. This data is collected by Microsoft and stored with one or more unique identifiers that can help us recognize an individual user on an individual device, and understand the device's service issues and use patterns.

Diagnostic data is categorized into four levels:

  • **Security**
    Information that’s required to help keep Windows, Windows Server, and System Center secure, including data about the Connected User Experiences and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender.
  • **Basic**
    Basic device info, including: quality-related data, app compatibility, and data from the Security level.
  • **Enhanced**
    Additional insights, including: how Windows, Windows Server, System Center, and apps are used; how they perform; advanced reliability data; and data from both the Basic and the Security levels.
  • **Full**
    Information about the websites you browse, how you use apps and features; plus additional information about device health, device activity, enhanced error reporting, and data from Enhanced, Basic and the Security levels.
    At Full, Microsoft also collects the memory state of your device when a system or app crash occurs (which may unintentionally include parts of a file you were using when a problem occurred).

| [Learn more](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy)

[Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#maindiagnosticsmodule) | > | Inking and typing diagnostics | Microsoft collects inking and typing data to improve the language recognition and suggestion capabilities of apps and services running on Windows. | [Learn more](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#maindiagnosticsmodule) | > | Speech | Use your voice for dictation and to talk to Cortana and other apps that use Windows cloud-based speech recognition. Microsoft collects voice data to help improve speech services. | [Learn more](https://support.microsoft.com/help/4468250/speech-inking-typing-and-privacy-microsoft-privacy) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#mainspeechinkingtypingmodule) | > | Location | Get location-based experiences like directions and weather. Let Windows and apps request your location and allow Microsoft to use your location data to improve location services. | [Learn more](https://support.microsoft.com/help/4468240/windows-10-location-service-and-privacy-microsoft-privacy) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#mainlocationservicesmotionsensingmodule) | @@ -76,9 +76,9 @@ The following table provides an overview of the Windows 10 privacy settings pres ### 1.2 Data collection monitoring -The Diagnostic Data Viewer (DDV) is a Windows app (available in Windows 10, version 1803 or later) that lets a user review the Windows diagnostic data that is being collected on their Windows 10 device and sent to Microsoft. DDV groups the information into simple categories based on how it is used by Microsoft. The [DDV Overview](https://docs.microsoft.com/windows/privacy/diagnostic-data-viewer-overview) provides information on how users can get started on using this tool. +The Diagnostic Data Viewer (DDV) is a Windows app (available in Windows 10, version 1803 or later) that lets a user review the Windows diagnostic data that is being collected on their Windows 10 device and sent to Microsoft. DDV groups the information into simple categories based on how it is used by Microsoft. The [DDV Overview](diagnostic-data-viewer-overview.md) provides information on how users can get started on using this tool. -An administrator can also use the Diagnostic Data Viewer for PowerShell module to view the diagnostic data collected from the device instead of using the Diagnostic Data Viewer UI. The [Diagnostic Data Viewer for PowerShell Overview](https://docs.microsoft.com/windows/privacy/microsoft-diagnosticdataviewer) provides further information. +An administrator can also use the Diagnostic Data Viewer for PowerShell module to view the diagnostic data collected from the device instead of using the Diagnostic Data Viewer UI. The [Diagnostic Data Viewer for PowerShell Overview](microsoft-diagnosticdataviewer.md) provides further information. ## 2. Windows 10 data collection management @@ -96,20 +96,20 @@ The IT department can configure and control privacy settings across their organi The following table provides an overview of the privacy settings discussed earlier in this document with details on how to configure these via policy. The table also provides information on what the default value would be for each of these privacy settings if you do not manage the setting via policy and suppress the Out-of-box Experience (OOBE) during device setup. For an IT administrator interested in minimizing data, we also provide the recommended value to set. > [!NOTE] -> This is not a complete list of settings that involve connecting to Microsoft services. To see a more detailed list, please refer to Manage connections from [Windows operating system components to Microsoft services](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services). +> This is not a complete list of settings that involve connecting to Microsoft services. To see a more detailed list, please refer to Manage connections from [Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). -> [!div class="mx-tdCol2BreakAll"] +> [!div class="mx-tdBreakAll"] > | Feature/Setting | GP/MDM Documentation | Default State if the Setup experience is suppressed | State to stop/minimize data collection | > |---|---|---|---| -> | [Speech](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-priv-speech) | Group Policy:
**Computer Configuration** > **Control Panel** > **Regional and Language Options** > **Allow users to enable online speech recognition services**

MDM: [Privacy/AllowInputPersonalization](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | Off | Off | -> | [Location](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-priv-location) | Group Policy:
**Computer Configuration** > **Windows Components** > **App Privacy** > **Let Windows apps access location**

MDM: [Privacy/LetAppsAccessLocation](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesslocation) | Off (Windows 10, version 1903 and later) | Off | -> | [Find my device](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#find-my-device) | Group Policy:
**Computer Configuration** > **Windows Components** > **Find My Device** > **Turn On/Off Find My Device**

MDM: [Experience/AllFindMyDevice](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowfindmydevice) | Off | Off | -> | [Diagnostic Data](https://docs.microsoft.com/windows/privacy/configure-windows-diagnostic-data-in-your-organization#enterprise-management) | Group Policy:
**Computer Configuration** > **Windows Components** > **Data Collection and Preview Builds** > **Allow Telemetry**

MDM: [System/AllowTelemetry](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) | Desktop SKUs:
Basic (Windows 10, version 1903 and later)

Server SKUs:
Enhanced | Security and block endpoints | -> | [Inking and typing diagnostics](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-priv-speech) | Group Policy:
**Computer Configuration** > **Windows Components** > **Text Input** > **Improve inking and typing recognition**

MDM: [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) | Off (Windows 10, version 1809 and later) | Off | +> | [Speech](manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-priv-speech.md) | Group Policy:
**Computer Configuration** > **Control Panel** > **Regional and Language Options** > **Allow users to enable online speech recognition services**

MDM: [Privacy/AllowInputPersonalization](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | Off | Off | +> | [Location](manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-priv-location.md) | Group Policy:
**Computer Configuration** > **Windows Components** > **App Privacy** > **Let Windows apps access location**

MDM: [Privacy/LetAppsAccessLocation](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesslocation) | Off (Windows 10, version 1903 and later) | Off | +> | [Find my device](manage-connections-from-windows-operating-system-components-to-microsoft-services#find-my-device.md) | Group Policy:
**Computer Configuration** > **Windows Components** > **Find My Device** > **Turn On/Off Find My Device**

MDM: [Experience/AllFindMyDevice](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowfindmydevice) | Off | Off | +> | [Diagnostic Data](configure-windows-diagnostic-data-in-your-organization#enterprise-management.md) | Group Policy:
**Computer Configuration** > **Windows Components** > **Data Collection and Preview Builds** > **Allow Telemetry**

MDM: [System/AllowTelemetry](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) | Desktop SKUs:
Basic (Windows 10, version 1903 and later)

Server SKUs:
Enhanced | Security and block endpoints | +> | [Inking and typing diagnostics](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-speech) | Group Policy:
**Computer Configuration** > **Windows Components** > **Text Input** > **Improve inking and typing recognition**

MDM: [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) | Off (Windows 10, version 1809 and later) | Off | > | Tailored Experiences | Group Policy:
**User Configuration** > **Windows Components** > **Cloud Content** > **Do not use diagnostic data for tailored experiences**

MDM: Link TBD | Off | Off | > | Advertising ID | Group Policy:
**Configuration** > **System** > **User Profile** > **Turn off the advertising Id**

MDM: [Privacy/DisableAdvertisingId](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-disableadvertisingid) | Off | Off | > | Activity History/Timeline – Cloud Sync | Group Policy:
**Computer Configuration** > **System** > **OS Policies** > **Allow upload of User Activities**

MDM: [Privacy/EnableActivityFeed](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-enableactivityfeed) | Off | Off | -> | [Cortana](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-cortana) | Group Policy:
**Computer Configuration** > **Windows Components** > **Search** > **Allow Cortana**

MDM: [Experience/AllowCortana](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowcortana) | Off | Off | +> | [Cortana](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana) | Group Policy:
**Computer Configuration** > **Windows Components** > **Search** > **Allow Cortana**

MDM: [Experience/AllowCortana](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowcortana) | Off | Off | ### 2.3 Guidance for configuration options @@ -131,11 +131,11 @@ See [Manage connections from Windows operating system components to Microsoft se Some Windows components, apps, and related services transfer data to Microsoft network endpoints. An administrator may want to block these endpoints as an additional measure of ensuring privacy compliance within their organization. -[Manage connection endpoints for Windows 10, version 1809](https://docs.microsoft.com/windows/privacy/manage-windows-1809-endpoints) provides a list of endpoints for the latest Windows 10 release, along with the functionality that would be impacted. Details for additional Windows versions can be found on the [Windows Privacy site](https://docs.microsoft.com/windows/privacy/) under the “Manage Windows 10 connection endpoints” section of the left-hand navigation menu. +[Manage connection endpoints for Windows 10, version 1809](manage-windows-1809-endpoints.md) provides a list of endpoints for the latest Windows 10 release, along with the functionality that would be impacted. Details for additional Windows versions can be found on the [Windows Privacy site](https://docs.microsoft.com/windows/privacy/) under the “Manage Windows 10 connection endpoints” section of the left-hand navigation menu. #### 2.3.4 Limited functionality baseline -An organization may want to further minimize the amount of data shared with Microsoft or apps by managing the connections and configuring additional settings on their devices. Similar to [Security baselines](https://docs.microsoft.com/windows/security/threat-protection/windows-security-baselines), we have a limited functionality baseline-focused configuring settings to minimize the data shared, however this comes with some potential impact to functionality on the device. The [Manage connections from Windows operating system components to Microsoft services](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services) article provides details on how to apply the baseline, along with the full list of settings covered in the baseline and the functionality that would be impacted. Administrators who don’t want to apply the baseline can still find details on how to configure each setting individually to find the right balance between data sharing and impact to functionality for their organization. +An organization may want to further minimize the amount of data shared with Microsoft or apps by managing the connections and configuring additional settings on their devices. Similar to [Security baselines](https://docs.microsoft.com/windows/security/threat-protection/windows-security-baselines), we have a limited functionality baseline-focused configuring settings to minimize the data shared, however this comes with some potential impact to functionality on the device. The [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) article provides details on how to apply the baseline, along with the full list of settings covered in the baseline and the functionality that would be impacted. Administrators who don’t want to apply the baseline can still find details on how to configure each setting individually to find the right balance between data sharing and impact to functionality for their organization. #### 2.3.5 Diagnostic data: Managing notifications for change of level at logon @@ -162,11 +162,11 @@ Users can delete their device-based data by going to **Settings** > **Privacy** ### 3.2 View -The [Diagnostic Data Viewer (DDV)](https://docs.microsoft.com/windows/privacy/diagnostic-data-viewer-overview) provides a view into the diagnostic data being collected from the Windows 10 device. IT administrators can also use the [`Get-DiagnosticData`](https://docs.microsoft.com/windows/privacy/microsoft-diagnosticdataviewer#install-and-use-the-diagnostic-data-viewer-for-powershell) PowerShell cmdlet script. +The [Diagnostic Data Viewer (DDV)](diagnostic-data-viewer-overview.md) provides a view into the diagnostic data being collected from the Windows 10 device. IT administrators can also use the [`Get-DiagnosticData`](microsoft-diagnosticdataviewer.md#install-and-use-the-diagnostic-data-viewer-for-powershell) PowerShell cmdlet script. ### 3.3 Export -The [Diagnostic Data Viewer (DDV)](https://docs.microsoft.com/windows/privacy/diagnostic-data-viewer-overview) provides the ability to export the diagnostic data captured while the app is running, by clicking the Export data button in the top menu. IT administrators can also use the [`Get-DiagnosticData`](https://docs.microsoft.com/windows/privacy/microsoft-diagnosticdataviewer#install-and-use-the-diagnostic-data-viewer-for-powershell) PowerShell cmdlet script. +The [Diagnostic Data Viewer (DDV)](diagnostic-data-viewer-overview.md) provides the ability to export the diagnostic data captured while the app is running, by clicking the Export data button in the top menu. IT administrators can also use the [`Get-DiagnosticData`](microsoft-diagnosticdataviewer.md#install-and-use-the-diagnostic-data-viewer-for-powershell) PowerShell cmdlet script. ### 3.4 Devices connected to a Microsoft account @@ -192,7 +192,7 @@ Windows Server follows the same mechanisms as Windows 10 for handling of persona Surface Hub is a shared device used within an organization. The device identifier collected as part of diagnostic data is not connected to an individual user. For removing Windows diagnostic data sent to Microsoft for a Surface Hub, Microsoft created the Surface Hub Delete Diagnostic Data tool available in the Microsoft Store. -For more details, see [Windows 10 Team Edition, Version 1703 for Surface Hub](https://docs.microsoft.com/windows/privacy/gdpr-it-guidance#windows-10-team-edition-version-1703-for-surface-hub). +For more details, see [Windows 10 Team Edition, Version 1703 for Surface Hub](gdpr-it-guidance.md#windows-10-team-edition-version-1703-for-surface-hub). ### 5.3 Windows 10 Analytics From 7fbb9952ef22eddd97d8a3963ab3c69bab8df471 Mon Sep 17 00:00:00 2001 From: Chuck Kim Date: Mon, 20 May 2019 16:00:56 -0700 Subject: [PATCH 06/19] Update windows-10-and-privacy-compliance.md Fixed some broken URLs. --- windows/privacy/windows-10-and-privacy-compliance.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md index eb3cff64f6..6204a5117d 100644 --- a/windows/privacy/windows-10-and-privacy-compliance.md +++ b/windows/privacy/windows-10-and-privacy-compliance.md @@ -101,10 +101,10 @@ The following table provides an overview of the privacy settings discussed earli > [!div class="mx-tdBreakAll"] > | Feature/Setting | GP/MDM Documentation | Default State if the Setup experience is suppressed | State to stop/minimize data collection | > |---|---|---|---| -> | [Speech](manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-priv-speech.md) | Group Policy:
**Computer Configuration** > **Control Panel** > **Regional and Language Options** > **Allow users to enable online speech recognition services**

MDM: [Privacy/AllowInputPersonalization](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | Off | Off | -> | [Location](manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-priv-location.md) | Group Policy:
**Computer Configuration** > **Windows Components** > **App Privacy** > **Let Windows apps access location**

MDM: [Privacy/LetAppsAccessLocation](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesslocation) | Off (Windows 10, version 1903 and later) | Off | -> | [Find my device](manage-connections-from-windows-operating-system-components-to-microsoft-services#find-my-device.md) | Group Policy:
**Computer Configuration** > **Windows Components** > **Find My Device** > **Turn On/Off Find My Device**

MDM: [Experience/AllFindMyDevice](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowfindmydevice) | Off | Off | -> | [Diagnostic Data](configure-windows-diagnostic-data-in-your-organization#enterprise-management.md) | Group Policy:
**Computer Configuration** > **Windows Components** > **Data Collection and Preview Builds** > **Allow Telemetry**

MDM: [System/AllowTelemetry](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) | Desktop SKUs:
Basic (Windows 10, version 1903 and later)

Server SKUs:
Enhanced | Security and block endpoints | +> | [Speech](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-speech) | Group Policy:
**Computer Configuration** > **Control Panel** > **Regional and Language Options** > **Allow users to enable online speech recognition services**

MDM: [Privacy/AllowInputPersonalization](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | Off | Off | +> | [Location](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-location) | Group Policy:
**Computer Configuration** > **Windows Components** > **App Privacy** > **Let Windows apps access location**

MDM: [Privacy/LetAppsAccessLocation](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesslocation) | Off (Windows 10, version 1903 and later) | Off | +> | [Find my device](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#find-my-device) | Group Policy:
**Computer Configuration** > **Windows Components** > **Find My Device** > **Turn On/Off Find My Device**

MDM: [Experience/AllFindMyDevice](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowfindmydevice) | Off | Off | +> | [Diagnostic Data](configure-windows-diagnostic-data-in-your-organization.md#enterprise-management) | Group Policy:
**Computer Configuration** > **Windows Components** > **Data Collection and Preview Builds** > **Allow Telemetry**

MDM: [System/AllowTelemetry](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) | Desktop SKUs:
Basic (Windows 10, version 1903 and later)

Server SKUs:
Enhanced | Security and block endpoints | > | [Inking and typing diagnostics](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-speech) | Group Policy:
**Computer Configuration** > **Windows Components** > **Text Input** > **Improve inking and typing recognition**

MDM: [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) | Off (Windows 10, version 1809 and later) | Off | > | Tailored Experiences | Group Policy:
**User Configuration** > **Windows Components** > **Cloud Content** > **Do not use diagnostic data for tailored experiences**

MDM: Link TBD | Off | Off | > | Advertising ID | Group Policy:
**Configuration** > **System** > **User Profile** > **Turn off the advertising Id**

MDM: [Privacy/DisableAdvertisingId](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-disableadvertisingid) | Off | Off | From 7d331a563334c84d664e5a50317af272d9c7ed5d Mon Sep 17 00:00:00 2001 From: Chuck Kim Date: Mon, 20 May 2019 16:12:02 -0700 Subject: [PATCH 07/19] Update windows-10-and-privacy-compliance.md Working on some link issues and still working on table formatting. --- windows/privacy/windows-10-and-privacy-compliance.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md index 6204a5117d..55699a05dc 100644 --- a/windows/privacy/windows-10-and-privacy-compliance.md +++ b/windows/privacy/windows-10-and-privacy-compliance.md @@ -63,7 +63,7 @@ The following table provides an overview of the Windows 10 privacy settings pres > [!div class="mx-tdBreakAll"] > | Feature/Setting | Description | Supporting Content | Privacy Statement | -> |---|---|---|---| +> | --- | --- | --- | --- | > | Diagnostic Data |

Microsoft uses diagnostic data to: keep Windows secure and up to date, troubleshoot problems, and make product improvements as described in more detail below. Regardless of level selected, the device will be just as secure and will operate normally. This data is collected by Microsoft and stored with one or more unique identifiers that can help us recognize an individual user on an individual device, and understand the device's service issues and use patterns.

Diagnostic data is categorized into four levels:

  • **Security**
    Information that’s required to help keep Windows, Windows Server, and System Center secure, including data about the Connected User Experiences and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender.
  • **Basic**
    Basic device info, including: quality-related data, app compatibility, and data from the Security level.
  • **Enhanced**
    Additional insights, including: how Windows, Windows Server, System Center, and apps are used; how they perform; advanced reliability data; and data from both the Basic and the Security levels.
  • **Full**
    Information about the websites you browse, how you use apps and features; plus additional information about device health, device activity, enhanced error reporting, and data from Enhanced, Basic and the Security levels.
    At Full, Microsoft also collects the memory state of your device when a system or app crash occurs (which may unintentionally include parts of a file you were using when a problem occurred).

| [Learn more](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy)

[Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#maindiagnosticsmodule) | > | Inking and typing diagnostics | Microsoft collects inking and typing data to improve the language recognition and suggestion capabilities of apps and services running on Windows. | [Learn more](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#maindiagnosticsmodule) | > | Speech | Use your voice for dictation and to talk to Cortana and other apps that use Windows cloud-based speech recognition. Microsoft collects voice data to help improve speech services. | [Learn more](https://support.microsoft.com/help/4468250/speech-inking-typing-and-privacy-microsoft-privacy) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#mainspeechinkingtypingmodule) | @@ -147,7 +147,7 @@ Windows 10, version 1803 and later, allows users to change their diagnostic data #### 2.3.7 Diagnostic data: Managing device-based data delete -Windows 10, version 1809 and later, allows a user to delete diagnostic data collected from their device by going into **Settings** > **Privacy** > **Diagnostic & feedback** and clicking the **Delete** button. An IT administrator can also delete diagnostic data for a device using the [`Clear-WindowsDiagnosticData`](https://docs.microsoft.com/powershell/module/windowsdiagnosticdata/Clear-WindowsDiagnosticData?view=win10-ps) PowerShell cmdlet script. +Windows 10, version 1809 and later, allows a user to delete diagnostic data collected from their device by going into **Settings** > **Privacy** > **Diagnostic & feedback** and clicking the **Delete** button. An IT administrator can also delete diagnostic data for a device using the `[Clear-WindowsDiagnosticData](https://docs.microsoft.com/powershell/module/windowsdiagnosticdata/Clear-WindowsDiagnosticData?view=win10-ps)` PowerShell cmdlet script. An administrator can disable a user’s ability to delete their device’s diagnostic data by setting the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Data Collection and Preview Builds** > **Disable deleting diagnostic data** or the MDM policy `DisableDeviceDelete`. From d850e91f80f1983e5b42fbcdb04ac7a9a9dd3dcb Mon Sep 17 00:00:00 2001 From: Chuck Kim Date: Mon, 20 May 2019 16:31:26 -0700 Subject: [PATCH 08/19] Update windows-10-and-privacy-compliance.md Another attempt to fix the table formatting. --- .../windows-10-and-privacy-compliance.md | 54 +++++++++---------- 1 file changed, 26 insertions(+), 28 deletions(-) diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md index 55699a05dc..96a3b54258 100644 --- a/windows/privacy/windows-10-and-privacy-compliance.md +++ b/windows/privacy/windows-10-and-privacy-compliance.md @@ -61,18 +61,17 @@ The following table provides an overview of the Windows 10 privacy settings pres > [!NOTE] > This table is limited to the privacy settings that are available as part of setting up a Windows 10 device (Windows 10, version 1809 and later). For the full list of settings that involve data collection, see: [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). -> [!div class="mx-tdBreakAll"] -> | Feature/Setting | Description | Supporting Content | Privacy Statement | -> | --- | --- | --- | --- | -> | Diagnostic Data |

Microsoft uses diagnostic data to: keep Windows secure and up to date, troubleshoot problems, and make product improvements as described in more detail below. Regardless of level selected, the device will be just as secure and will operate normally. This data is collected by Microsoft and stored with one or more unique identifiers that can help us recognize an individual user on an individual device, and understand the device's service issues and use patterns.

Diagnostic data is categorized into four levels:

  • **Security**
    Information that’s required to help keep Windows, Windows Server, and System Center secure, including data about the Connected User Experiences and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender.
  • **Basic**
    Basic device info, including: quality-related data, app compatibility, and data from the Security level.
  • **Enhanced**
    Additional insights, including: how Windows, Windows Server, System Center, and apps are used; how they perform; advanced reliability data; and data from both the Basic and the Security levels.
  • **Full**
    Information about the websites you browse, how you use apps and features; plus additional information about device health, device activity, enhanced error reporting, and data from Enhanced, Basic and the Security levels.
    At Full, Microsoft also collects the memory state of your device when a system or app crash occurs (which may unintentionally include parts of a file you were using when a problem occurred).

| [Learn more](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy)

[Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#maindiagnosticsmodule) | -> | Inking and typing diagnostics | Microsoft collects inking and typing data to improve the language recognition and suggestion capabilities of apps and services running on Windows. | [Learn more](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#maindiagnosticsmodule) | -> | Speech | Use your voice for dictation and to talk to Cortana and other apps that use Windows cloud-based speech recognition. Microsoft collects voice data to help improve speech services. | [Learn more](https://support.microsoft.com/help/4468250/speech-inking-typing-and-privacy-microsoft-privacy) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#mainspeechinkingtypingmodule) | -> | Location | Get location-based experiences like directions and weather. Let Windows and apps request your location and allow Microsoft to use your location data to improve location services. | [Learn more](https://support.microsoft.com/help/4468240/windows-10-location-service-and-privacy-microsoft-privacy) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#mainlocationservicesmotionsensingmodule) | -> | Find my device | Use your device’s location data to help you find your device if you lose it. | [Learn more](https://support.microsoft.com/help/11579/microsoft-account-find-and-lock-lost-windows-device) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#mainlocationservicesmotionsensingmodule) | -> | Tailored Experiences | Let Microsoft offer you tailored experiences based on the diagnostic data you have chosen (Security, Basic, Enhanced, or Full). Tailored experiences mean personalized tips, ads, and recommendations to enhance Microsoft products and services for your needs. | [Learn more](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#maindiagnosticsmodule) | -> | Advertising Id | Apps can use advertising ID to provide more personalized advertising in accordance with the privacy policy of the app provider. | [Learn more](https://support.microsoft.com/help/4459081/general-privacy-settings-in-windows-10-microsoft-privacy) | [Privacy statement](https://privacy.microsoft.com/privacystatement#mainadvertisingidmodule) | -> | Activity History/Timeline – Cloud Sync | If you want timeline and other Windows features to help you continue what you were doing, even when you switch devices, send Microsoft your activity history, which includes info about websites you browse and how you use apps and services. | [Learn more](https://support.microsoft.com/help/4468227/windows-10-activity-history-and-your-privacy-microsoft-privacy) | [Privacy statement](https://privacy.microsoft.com/privacystatement#mainactivityhistorymodule) | -> | Cortana |

Cortana is Microsoft’s personal digital assistant, which helps busy people get things done, even while they’re at work. Cortana on Windows is available in [certain regions and languages](https://support.microsoft.com/instantanswers/557b5e0e-0eb0-44db-87d6-5e5db6f9c5b0/cortana-s-regions-and-languages). Cortana learns from certain data about the user, such as location, searches, calendar, contacts, voice input, speech patterns, email, content and communication history from text messages. In Microsoft Edge, Cortana uses browsing history. The user is in control of how much data is shared.

Cortana has powerful configuration options, specifically optimized for a business. By signing in with an Azure Active Directory (Azure AD) account, enterprise users can give Cortana access to their enterprise/work identity, while getting all the functionality Cortana provides to them outside of work.

| [Learn more](https://support.microsoft.com/help/4468233/cortana-and-privacy-microsoft-privacy)

[Cortana integration in your business or enterprise](https://docs.microsoft.com/windows/configuration/cortana-at-work/cortana-at-work-overview) | [Privacy statement](https://privacy.microsoft.com/privacystatement#maincortanamodule) | +| Feature/Setting | Description | Supporting Content | Privacy Statement | +| --- | --- | --- | --- | +| Diagnostic Data |

Microsoft uses diagnostic data to: keep Windows secure and up to date, troubleshoot problems, and make product improvements as described in more detail below. Regardless of level selected, the device will be just as secure and will operate normally. This data is collected by Microsoft and stored with one or more unique identifiers that can help us recognize an individual user on an individual device, and understand the device's service issues and use patterns.

Diagnostic data is categorized into four levels:

  • **Security**
    Information that’s required to help keep Windows, Windows Server, and System Center secure, including data about the Connected User Experiences and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender.
  • **Basic**
    Basic device info, including: quality-related data, app compatibility, and data from the Security level.
  • **Enhanced**
    Additional insights, including: how Windows, Windows Server, System Center, and apps are used; how they perform; advanced reliability data; and data from both the Basic and the Security levels.
  • **Full**
    Information about the websites you browse, how you use apps and features; plus additional information about device health, device activity, enhanced error reporting, and data from Enhanced, Basic and the Security levels.
    At Full, Microsoft also collects the memory state of your device when a system or app crash occurs (which may unintentionally include parts of a file you were using when a problem occurred).

| [Learn more](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy)

[Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#maindiagnosticsmodule) | +| Inking and typing diagnostics | Microsoft collects inking and typing data to improve the language recognition and suggestion capabilities of apps and services running on Windows. | [Learn more](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#maindiagnosticsmodule) | +| Speech | Use your voice for dictation and to talk to Cortana and other apps that use Windows cloud-based speech recognition. Microsoft collects voice data to help improve speech services. | [Learn more](https://support.microsoft.com/help/4468250/speech-inking-typing-and-privacy-microsoft-privacy) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#mainspeechinkingtypingmodule) | +| Location | Get location-based experiences like directions and weather. Let Windows and apps request your location and allow Microsoft to use your location data to improve location services. | [Learn more](https://support.microsoft.com/help/4468240/windows-10-location-service-and-privacy-microsoft-privacy) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#mainlocationservicesmotionsensingmodule) | +| Find my device | Use your device’s location data to help you find your device if you lose it. | [Learn more](https://support.microsoft.com/help/11579/microsoft-account-find-and-lock-lost-windows-device) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#mainlocationservicesmotionsensingmodule) | +| Tailored Experiences | Let Microsoft offer you tailored experiences based on the diagnostic data you have chosen (Security, Basic, Enhanced, or Full). Tailored experiences mean personalized tips, ads, and recommendations to enhance Microsoft products and services for your needs. | [Learn more](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#maindiagnosticsmodule) | +| Advertising Id | Apps can use advertising ID to provide more personalized advertising in accordance with the privacy policy of the app provider. | [Learn more](https://support.microsoft.com/help/4459081/general-privacy-settings-in-windows-10-microsoft-privacy) | [Privacy statement](https://privacy.microsoft.com/privacystatement#mainadvertisingidmodule) | +| Activity History/Timeline – Cloud Sync | If you want timeline and other Windows features to help you continue what you were doing, even when you switch devices, send Microsoft your activity history, which includes info about websites you browse and how you use apps and services. | [Learn more](https://support.microsoft.com/help/4468227/windows-10-activity-history-and-your-privacy-microsoft-privacy) | [Privacy statement](https://privacy.microsoft.com/privacystatement#mainactivityhistorymodule) | +| Cortana |

Cortana is Microsoft’s personal digital assistant, which helps busy people get things done, even while they’re at work. Cortana on Windows is available in [certain regions and languages](https://support.microsoft.com/instantanswers/557b5e0e-0eb0-44db-87d6-5e5db6f9c5b0/cortana-s-regions-and-languages). Cortana learns from certain data about the user, such as location, searches, calendar, contacts, voice input, speech patterns, email, content and communication history from text messages. In Microsoft Edge, Cortana uses browsing history. The user is in control of how much data is shared.

Cortana has powerful configuration options, specifically optimized for a business. By signing in with an Azure Active Directory (Azure AD) account, enterprise users can give Cortana access to their enterprise/work identity, while getting all the functionality Cortana provides to them outside of work.

| [Learn more](https://support.microsoft.com/help/4468233/cortana-and-privacy-microsoft-privacy)

[Cortana integration in your business or enterprise](https://docs.microsoft.com/windows/configuration/cortana-at-work/cortana-at-work-overview) | [Privacy statement](https://privacy.microsoft.com/privacystatement#maincortanamodule) | ### 1.2 Data collection monitoring @@ -98,18 +97,17 @@ The following table provides an overview of the privacy settings discussed earli > [!NOTE] > This is not a complete list of settings that involve connecting to Microsoft services. To see a more detailed list, please refer to Manage connections from [Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). -> [!div class="mx-tdBreakAll"] -> | Feature/Setting | GP/MDM Documentation | Default State if the Setup experience is suppressed | State to stop/minimize data collection | -> |---|---|---|---| -> | [Speech](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-speech) | Group Policy:
**Computer Configuration** > **Control Panel** > **Regional and Language Options** > **Allow users to enable online speech recognition services**

MDM: [Privacy/AllowInputPersonalization](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | Off | Off | -> | [Location](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-location) | Group Policy:
**Computer Configuration** > **Windows Components** > **App Privacy** > **Let Windows apps access location**

MDM: [Privacy/LetAppsAccessLocation](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesslocation) | Off (Windows 10, version 1903 and later) | Off | -> | [Find my device](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#find-my-device) | Group Policy:
**Computer Configuration** > **Windows Components** > **Find My Device** > **Turn On/Off Find My Device**

MDM: [Experience/AllFindMyDevice](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowfindmydevice) | Off | Off | -> | [Diagnostic Data](configure-windows-diagnostic-data-in-your-organization.md#enterprise-management) | Group Policy:
**Computer Configuration** > **Windows Components** > **Data Collection and Preview Builds** > **Allow Telemetry**

MDM: [System/AllowTelemetry](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) | Desktop SKUs:
Basic (Windows 10, version 1903 and later)

Server SKUs:
Enhanced | Security and block endpoints | -> | [Inking and typing diagnostics](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-speech) | Group Policy:
**Computer Configuration** > **Windows Components** > **Text Input** > **Improve inking and typing recognition**

MDM: [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) | Off (Windows 10, version 1809 and later) | Off | -> | Tailored Experiences | Group Policy:
**User Configuration** > **Windows Components** > **Cloud Content** > **Do not use diagnostic data for tailored experiences**

MDM: Link TBD | Off | Off | -> | Advertising ID | Group Policy:
**Configuration** > **System** > **User Profile** > **Turn off the advertising Id**

MDM: [Privacy/DisableAdvertisingId](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-disableadvertisingid) | Off | Off | -> | Activity History/Timeline – Cloud Sync | Group Policy:
**Computer Configuration** > **System** > **OS Policies** > **Allow upload of User Activities**

MDM: [Privacy/EnableActivityFeed](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-enableactivityfeed) | Off | Off | -> | [Cortana](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana) | Group Policy:
**Computer Configuration** > **Windows Components** > **Search** > **Allow Cortana**

MDM: [Experience/AllowCortana](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowcortana) | Off | Off | +| Feature/Setting | GP/MDM Documentation | Default State if the Setup experience is suppressed | State to stop/minimize data collection | +|---|---|---|---| +| [Speech](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-speech) | Group Policy:
**Computer Configuration** > **Control Panel** > **Regional and Language Options** > **Allow users to enable online speech recognition services**

MDM: [Privacy/AllowInputPersonalization](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | Off | Off | +| [Location](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-location) | Group Policy:
**Computer Configuration** > **Windows Components** > **App Privacy** > **Let Windows apps access location**

MDM: [Privacy/LetAppsAccessLocation](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesslocation) | Off (Windows 10, version 1903 and later) | Off | +| [Find my device](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#find-my-device) | Group Policy:
**Computer Configuration** > **Windows Components** > **Find My Device** > **Turn On/Off Find My Device**

MDM: [Experience/AllFindMyDevice](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowfindmydevice) | Off | Off | +| [Diagnostic Data](configure-windows-diagnostic-data-in-your-organization.md#enterprise-management) | Group Policy:
**Computer Configuration** > **Windows Components** > **Data Collection and Preview Builds** > **Allow Telemetry**

MDM: [System/AllowTelemetry](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) | Desktop SKUs:
Basic (Windows 10, version 1903 and later)

Server SKUs:
Enhanced | Security and block endpoints | +| [Inking and typing diagnostics](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-speech) | Group Policy:
**Computer Configuration** > **Windows Components** > **Text Input** > **Improve inking and typing recognition**

MDM: [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) | Off (Windows 10, version 1809 and later) | Off | +| Tailored Experiences | Group Policy:
**User Configuration** > **Windows Components** > **Cloud Content** > **Do not use diagnostic data for tailored experiences**

MDM: Link TBD | Off | Off | +| Advertising ID | Group Policy:
**Configuration** > **System** > **User Profile** > **Turn off the advertising Id**

MDM: [Privacy/DisableAdvertisingId](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-disableadvertisingid) | Off | Off | +| Activity History/Timeline – Cloud Sync | Group Policy:
**Computer Configuration** > **System** > **OS Policies** > **Allow upload of User Activities**

MDM: [Privacy/EnableActivityFeed](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-enableactivityfeed) | Off | Off | +| [Cortana](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana) | Group Policy:
**Computer Configuration** > **Windows Components** > **Search** > **Allow Cortana**

MDM: [Experience/AllowCortana](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowcortana) | Off | Off | ### 2.3 Guidance for configuration options @@ -147,7 +145,7 @@ Windows 10, version 1803 and later, allows users to change their diagnostic data #### 2.3.7 Diagnostic data: Managing device-based data delete -Windows 10, version 1809 and later, allows a user to delete diagnostic data collected from their device by going into **Settings** > **Privacy** > **Diagnostic & feedback** and clicking the **Delete** button. An IT administrator can also delete diagnostic data for a device using the `[Clear-WindowsDiagnosticData](https://docs.microsoft.com/powershell/module/windowsdiagnosticdata/Clear-WindowsDiagnosticData?view=win10-ps)` PowerShell cmdlet script. +Windows 10, version 1809 and later, allows a user to delete diagnostic data collected from their device by going into **Settings** > **Privacy** > **Diagnostic & feedback** and clicking the **Delete** button. An IT administrator can also delete diagnostic data for a device using the [Clear-WindowsDiagnosticData](https://docs.microsoft.com/powershell/module/windowsdiagnosticdata/Clear-WindowsDiagnosticData?view=win10-ps) PowerShell cmdlet script. An administrator can disable a user’s ability to delete their device’s diagnostic data by setting the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Data Collection and Preview Builds** > **Disable deleting diagnostic data** or the MDM policy `DisableDeviceDelete`. @@ -158,15 +156,15 @@ This section discusses the different methods Microsoft provides for users and IT ### 3.1 Delete -Users can delete their device-based data by going to **Settings** > **Privacy** > **Diagnostic & feedback** and clicking the **Delete** button. Administrators can also use the [`Clear-WindowsDiagnosticData`](https://docs.microsoft.com/powershell/module/windowsdiagnosticdata/Clear-WindowsDiagnosticData?view=win10-ps) PowerShell cmdlet script. +Users can delete their device-based data by going to **Settings** > **Privacy** > **Diagnostic & feedback** and clicking the **Delete** button. Administrators can also use the [Clear-WindowsDiagnosticData](https://docs.microsoft.com/powershell/module/windowsdiagnosticdata/Clear-WindowsDiagnosticData?view=win10-ps) PowerShell cmdlet script. ### 3.2 View -The [Diagnostic Data Viewer (DDV)](diagnostic-data-viewer-overview.md) provides a view into the diagnostic data being collected from the Windows 10 device. IT administrators can also use the [`Get-DiagnosticData`](microsoft-diagnosticdataviewer.md#install-and-use-the-diagnostic-data-viewer-for-powershell) PowerShell cmdlet script. +The [Diagnostic Data Viewer (DDV)](diagnostic-data-viewer-overview.md) provides a view into the diagnostic data being collected from the Windows 10 device. IT administrators can also use the [Get-DiagnosticData](microsoft-diagnosticdataviewer.md#install-and-use-the-diagnostic-data-viewer-for-powershell) PowerShell cmdlet script. ### 3.3 Export -The [Diagnostic Data Viewer (DDV)](diagnostic-data-viewer-overview.md) provides the ability to export the diagnostic data captured while the app is running, by clicking the Export data button in the top menu. IT administrators can also use the [`Get-DiagnosticData`](microsoft-diagnosticdataviewer.md#install-and-use-the-diagnostic-data-viewer-for-powershell) PowerShell cmdlet script. +The [Diagnostic Data Viewer (DDV)](diagnostic-data-viewer-overview.md) provides the ability to export the diagnostic data captured while the app is running, by clicking the Export data button in the top menu. IT administrators can also use the [Get-DiagnosticData](microsoft-diagnosticdataviewer.md#install-and-use-the-diagnostic-data-viewer-for-powershell) PowerShell cmdlet script. ### 3.4 Devices connected to a Microsoft account From fd182b03c474f94d7c4e4532c113b1ac170e1c69 Mon Sep 17 00:00:00 2001 From: Chuck Kim Date: Tue, 21 May 2019 09:02:27 -0700 Subject: [PATCH 09/19] Update windows-10-and-privacy-compliance.md Trying to fix some broken links --- windows/privacy/windows-10-and-privacy-compliance.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md index 96a3b54258..e584b41c27 100644 --- a/windows/privacy/windows-10-and-privacy-compliance.md +++ b/windows/privacy/windows-10-and-privacy-compliance.md @@ -99,15 +99,15 @@ The following table provides an overview of the privacy settings discussed earli | Feature/Setting | GP/MDM Documentation | Default State if the Setup experience is suppressed | State to stop/minimize data collection | |---|---|---|---| -| [Speech](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-speech) | Group Policy:
**Computer Configuration** > **Control Panel** > **Regional and Language Options** > **Allow users to enable online speech recognition services**

MDM: [Privacy/AllowInputPersonalization](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | Off | Off | -| [Location](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-location) | Group Policy:
**Computer Configuration** > **Windows Components** > **App Privacy** > **Let Windows apps access location**

MDM: [Privacy/LetAppsAccessLocation](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesslocation) | Off (Windows 10, version 1903 and later) | Off | +| [Speech](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#186-speech) | Group Policy:
**Computer Configuration** > **Control Panel** > **Regional and Language Options** > **Allow users to enable online speech recognition services**

MDM: [Privacy/AllowInputPersonalization](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | Off | Off | +| [Location](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#182-location) | Group Policy:
**Computer Configuration** > **Windows Components** > **App Privacy** > **Let Windows apps access location**

MDM: [Privacy/LetAppsAccessLocation](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesslocation) | Off (Windows 10, version 1903 and later) | Off | | [Find my device](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#find-my-device) | Group Policy:
**Computer Configuration** > **Windows Components** > **Find My Device** > **Turn On/Off Find My Device**

MDM: [Experience/AllFindMyDevice](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowfindmydevice) | Off | Off | | [Diagnostic Data](configure-windows-diagnostic-data-in-your-organization.md#enterprise-management) | Group Policy:
**Computer Configuration** > **Windows Components** > **Data Collection and Preview Builds** > **Allow Telemetry**

MDM: [System/AllowTelemetry](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) | Desktop SKUs:
Basic (Windows 10, version 1903 and later)

Server SKUs:
Enhanced | Security and block endpoints | -| [Inking and typing diagnostics](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-speech) | Group Policy:
**Computer Configuration** > **Windows Components** > **Text Input** > **Improve inking and typing recognition**

MDM: [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) | Off (Windows 10, version 1809 and later) | Off | +| [Inking and typing diagnostics](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#1821-inking-&-typing) | Group Policy:
**Computer Configuration** > **Windows Components** > **Text Input** > **Improve inking and typing recognition**

MDM: [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) | Off (Windows 10, version 1809 and later) | Off | | Tailored Experiences | Group Policy:
**User Configuration** > **Windows Components** > **Cloud Content** > **Do not use diagnostic data for tailored experiences**

MDM: Link TBD | Off | Off | | Advertising ID | Group Policy:
**Configuration** > **System** > **User Profile** > **Turn off the advertising Id**

MDM: [Privacy/DisableAdvertisingId](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-disableadvertisingid) | Off | Off | | Activity History/Timeline – Cloud Sync | Group Policy:
**Computer Configuration** > **System** > **OS Policies** > **Allow upload of User Activities**

MDM: [Privacy/EnableActivityFeed](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-enableactivityfeed) | Off | Off | -| [Cortana](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana) | Group Policy:
**Computer Configuration** > **Windows Components** > **Search** > **Allow Cortana**

MDM: [Experience/AllowCortana](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowcortana) | Off | Off | +| [Cortana](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#2-cortana-and-search) | Group Policy:
**Computer Configuration** > **Windows Components** > **Search** > **Allow Cortana**

MDM: [Experience/AllowCortana](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowcortana) | Off | Off | ### 2.3 Guidance for configuration options From e7512c79c55982879ba83b9b90f510bedaaef475 Mon Sep 17 00:00:00 2001 From: Chuck Kim Date: Tue, 21 May 2019 09:40:56 -0700 Subject: [PATCH 10/19] Update windows-10-and-privacy-compliance.md More work on fixing broken links. --- windows/privacy/windows-10-and-privacy-compliance.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md index e584b41c27..2583fffda5 100644 --- a/windows/privacy/windows-10-and-privacy-compliance.md +++ b/windows/privacy/windows-10-and-privacy-compliance.md @@ -99,11 +99,11 @@ The following table provides an overview of the privacy settings discussed earli | Feature/Setting | GP/MDM Documentation | Default State if the Setup experience is suppressed | State to stop/minimize data collection | |---|---|---|---| -| [Speech](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#186-speech) | Group Policy:
**Computer Configuration** > **Control Panel** > **Regional and Language Options** > **Allow users to enable online speech recognition services**

MDM: [Privacy/AllowInputPersonalization](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | Off | Off | -| [Location](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#182-location) | Group Policy:
**Computer Configuration** > **Windows Components** > **App Privacy** > **Let Windows apps access location**

MDM: [Privacy/LetAppsAccessLocation](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesslocation) | Off (Windows 10, version 1903 and later) | Off | +| [Speech](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-speech) | Group Policy:
**Computer Configuration** > **Control Panel** > **Regional and Language Options** > **Allow users to enable online speech recognition services**

MDM: [Privacy/AllowInputPersonalization](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | Off | Off | +| [Location](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-location) | Group Policy:
**Computer Configuration** > **Windows Components** > **App Privacy** > **Let Windows apps access location**

MDM: [Privacy/LetAppsAccessLocation](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesslocation) | Off (Windows 10, version 1903 and later) | Off | | [Find my device](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#find-my-device) | Group Policy:
**Computer Configuration** > **Windows Components** > **Find My Device** > **Turn On/Off Find My Device**

MDM: [Experience/AllFindMyDevice](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowfindmydevice) | Off | Off | | [Diagnostic Data](configure-windows-diagnostic-data-in-your-organization.md#enterprise-management) | Group Policy:
**Computer Configuration** > **Windows Components** > **Data Collection and Preview Builds** > **Allow Telemetry**

MDM: [System/AllowTelemetry](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) | Desktop SKUs:
Basic (Windows 10, version 1903 and later)

Server SKUs:
Enhanced | Security and block endpoints | -| [Inking and typing diagnostics](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#1821-inking-&-typing) | Group Policy:
**Computer Configuration** > **Windows Components** > **Text Input** > **Improve inking and typing recognition**

MDM: [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) | Off (Windows 10, version 1809 and later) | Off | +| [Inking and typing diagnostics](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-ink) | Group Policy:
**Computer Configuration** > **Windows Components** > **Text Input** > **Improve inking and typing recognition**

MDM: [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) | Off (Windows 10, version 1809 and later) | Off | | Tailored Experiences | Group Policy:
**User Configuration** > **Windows Components** > **Cloud Content** > **Do not use diagnostic data for tailored experiences**

MDM: Link TBD | Off | Off | | Advertising ID | Group Policy:
**Configuration** > **System** > **User Profile** > **Turn off the advertising Id**

MDM: [Privacy/DisableAdvertisingId](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-disableadvertisingid) | Off | Off | | Activity History/Timeline – Cloud Sync | Group Policy:
**Computer Configuration** > **System** > **OS Policies** > **Allow upload of User Activities**

MDM: [Privacy/EnableActivityFeed](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-enableactivityfeed) | Off | Off | From 306ba61ecb6c5564c465eaa3b88afaae9ee67182 Mon Sep 17 00:00:00 2001 From: Chuck Kim Date: Tue, 21 May 2019 12:43:28 -0700 Subject: [PATCH 11/19] Update windows-10-and-privacy-compliance.md Adjusted the list of applicable versions of Windows. --- windows/privacy/windows-10-and-privacy-compliance.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md index 2583fffda5..47ce5b00ee 100644 --- a/windows/privacy/windows-10-and-privacy-compliance.md +++ b/windows/privacy/windows-10-and-privacy-compliance.md @@ -21,9 +21,6 @@ ms.date: 05/21/2019 Applies to: - Windows 10, version 1903 - Windows 10, version 1809 -- Windows 10, version 1803 -- Windows 10, version 1709 -- Windows 10, version 1703 - Windows 10 Team Edition, version 1703 for Surface Hub - Windows Server 2019 - Windows Server 2016 From c3fd2b05d96eeb7d69d3677f74097fa78f66ba2f Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Tue, 28 May 2019 11:15:35 -0700 Subject: [PATCH 12/19] updating links --- .../top-scoring-industry-antivirus-tests.md | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md index c035c41d1f..61676599dc 100644 --- a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md +++ b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md @@ -17,33 +17,37 @@ search.appverid: met150 # Top scoring in industry tests -Windows Defender Advanced Threat Protection ([Windows Defender ATP](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=cx-docs-avreports)) technologies consistently achieve high scores in independent tests, demonstrating the strength of its enterprise threat protection capabilities. Microsoft aims to be transparent about these test scores. This page summarizes the results and provides analysis. +Microsoft Defender Advanced Threat Protection ([Microsoft Defender ATP](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=cx-docs-avreports)) technologies consistently achieve high scores in independent tests, demonstrating the strength of its enterprise threat protection capabilities. Microsoft aims to be transparent about these test scores. This page summarizes the results and provides analysis. ## Endpoint detection & response -Windows Defender ATP [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response) capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats. +Microsoft Defender ATP [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats. ### MITRE: Industry-leading optics and detection capabilities MITRE tested the ability of products to detect techniques commonly used by the targeted attack group APT3 (also known as Boron or UPS). To isolate detection capabilities, all protection and prevention features were turned off. Microsoft is happy to be one of the first EDR vendors to sign up for the MITRE evaluation based on the ATT&CK framework, widely regarded today as the most comprehensive catalog of attacker techniques and tactics. -- ATT&CK-based evaluation: [Leading optics and detection capabilities](https://attackevals.mitre.org/) | [Analysis](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/) +- ATT&CK-based evaluation: [Leading optics and detection capabilities](https://www.microsoft.com/security/blog/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/) | [Analysis](https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/MITRE-evaluation-highlights-industry-leading-EDR-capabilities-in/ba-p/369831) - Windows Defender ATP delivered comprehensive coverage of attacker techniques across the entire attack chain. Highlights included the breadth of telemetry, the strength of threat intelligence, and the advanced, automatic detection through machine learning, heuristics, and behavior monitoring. + Microsoft Defender ATP delivered comprehensive coverage of attacker techniques across the entire attack chain. Highlights included the breadth of telemetry, the strength of threat intelligence, and the advanced, automatic detection through machine learning, heuristics, and behavior monitoring. ## Next generation protection [Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10?ocid=cx-docs-avreports) consistently performs highly in independent tests, displaying how it is a top choice in the antivirus market. Note that these tests only provide results for antivirus and do not test for additional security protections. -Windows Defender Antivirus is part of the [next generation](https://www.youtube.com/watch?v=Xy3MOxkX_o4) Window Defender ATP security stack which addresses the latest and most sophisticated threats today. In some cases, customers might not even know they were protected because a cyberattack is stopped [milliseconds after a campaign starts](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/07/behavior-monitoring-combined-with-machine-learning-spoils-a-massive-dofoil-coin-mining-campaign?ocid=cx-docs-avreports). That's because Windows Defender Antivirus detects and stops malware at first sight by using [machine learning](https://cloudblogs.microsoft.com/microsoftsecure/2018/06/07/machine-learning-vs-social-engineering?ocid=cx-docs-avreports), [artificial intelligence](https://cloudblogs.microsoft.com/microsoftsecure/2018/02/14/how-artificial-intelligence-stopped-an-emotet-outbreak?ocid=cx-docs-avreports), behavioral analysis, and other advanced technologies. +Windows Defender Antivirus is part of the [next generation](https://www.youtube.com/watch?v=Xy3MOxkX_o4) Microsoft Defender ATP security stack which addresses the latest and most sophisticated threats today. In some cases, customers might not even know they were protected because a cyberattack is stopped [milliseconds after a campaign starts](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/07/behavior-monitoring-combined-with-machine-learning-spoils-a-massive-dofoil-coin-mining-campaign?ocid=cx-docs-avreports). That's because Windows Defender Antivirus detects and stops malware at first sight by using [machine learning](https://cloudblogs.microsoft.com/microsoftsecure/2018/06/07/machine-learning-vs-social-engineering?ocid=cx-docs-avreports), [artificial intelligence](https://cloudblogs.microsoft.com/microsoftsecure/2018/02/14/how-artificial-intelligence-stopped-an-emotet-outbreak?ocid=cx-docs-avreports), behavioral analysis, and other advanced technologies. ### AV-TEST: Protection score of 6.0/6.0 in the latest test The AV-TEST Product Review and Certification Report tests on three categories: protection, performance, and usability. The scores listed below are for the Protection category which has two scores: Real-World Testing and the AV-TEST reference set (known as "Prevalent Malware"). -- January - February 2019 AV-TEST Business User test: [Protection score 6.0/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/february-2019/microsoft-windows-defender-antivirus-4.18-190611/) **Latest** +- March - April 2019 AV-TEST Business User test: [Protection score 6.0/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/april-2019/microsoft-windows-defender-antivirus-4.18-191517/) **Latest** - Windows Defender Antivirus achieved an overall Protection score of 6.0/6.0, with 19,956 malware samples used. This is the fifth consecutive cycle that Windows Defender Antivirus achieved a perfect score. + Windows Defender Antivirus achieved an overall Protection score of 6.0/6.0, with 6,849 malware samples used. This is the sixth consecutive cycle that Windows Defender Antivirus achieved a perfect Protection score. + +- January - February 2019 AV-TEST Business User test: [Protection score 6.0/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/february-2019/microsoft-windows-defender-antivirus-4.18-190611/) + + Windows Defender Antivirus achieved an overall Protection score of 6.0/6.0, with 19,956 malware samples used. - November - December 2018 AV-TEST Business User test: [Protection score 6.0/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/december-2018/microsoft-windows-defender-antivirus-4.18-185074/) | [Analysis](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWusR9) From 129e08bc2684bd2a58576387c9b5d3c5309a96bd Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Tue, 28 May 2019 11:52:26 -0700 Subject: [PATCH 13/19] images --- .../intelligence/images/PrevalentMalware18.png | Bin 27841 -> 0 bytes .../intelligence/images/RealWorld18.png | Bin 25967 -> 0 bytes .../images/prevalent-malware-small.png | Bin 0 -> 24488 bytes .../intelligence/images/real-world-small.png | Bin 0 -> 23507 bytes .../top-scoring-industry-antivirus-tests.md | 10 +--------- 5 files changed, 1 insertion(+), 9 deletions(-) delete mode 100644 windows/security/threat-protection/intelligence/images/PrevalentMalware18.png delete mode 100644 windows/security/threat-protection/intelligence/images/RealWorld18.png create mode 100644 windows/security/threat-protection/intelligence/images/prevalent-malware-small.png create mode 100644 windows/security/threat-protection/intelligence/images/real-world-small.png diff --git a/windows/security/threat-protection/intelligence/images/PrevalentMalware18.png b/windows/security/threat-protection/intelligence/images/PrevalentMalware18.png deleted file mode 100644 index b3a4456f19431fb08822de67ebb1942cc06f3bb6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 27841 zcma&O2{@K}`!%e#N+n4OC4`VfAt6J`5Xo4kgv|3ikCldPO2(2YBniosWJ;2`JIRzO z37O}4de^o0^ZeiAJ>Ks-zVCjHXK(xFzV7S#4d=PewbuCyP*IZGv+K|{h- z@>gVb^lxFLJ-~WL^|c({VsMtxa=vJ1V`F0LOm@-Hs6)PXn>$Z9eOXN!Hj<_Z z-`T;Gm>qacEoF7gskO%{tF*Ppj4vrGYn3R4`LSh7`b*+Pb&2?U85x)J+{EkEUuvrVypB8y zBwi!8uKxSl@jRJ$iL(6j=>z}!;{zFT(I$pD^ux|8$}1Ah!-7rbwA#^|&rKLYWaU%U z^gTM0xo85UAF&UUY$+AOrP*n2Iy%lMzxTUVb|_zRxmJ1OLG!S5M$4;jTI6>sSdJVy zLN+%)-#6|4Brfjvx75o^>%MEgl5A{j?xlLpqTR_ompLN({xqe~hsc)bO)?ux8*9r_ z-<2sMB_uE@C5Y9&x|UIv>kw0G{LXJvV!QwC!9i0;N5=$r2}9BN!STXg*^Cx76_u&0 z9$Wk#l}M{fr!0Gy35$x>W&5pLX=G~Mt~Fjs3AR$D-ACTHTReiNUQkfbe(sOz$G%gS zAM;*I7_JYlc=(WNqNnt-nHi^S%DxAcN%_rfZPi)V3;&FcvYkCkm(nCWUbw!#e)q!B zIHk0i*o_U}Lx&Fi85#L#m}5|&LuV7bnaUQ(nxt|mj5+F4W7 zWu~et1{|l?W=Sc{!+*=Btc{sT8W|eiiHl=YOQ#i$e|VMqUZbgcunI?nR7w+uW}i%$ zH0$juLsio-?Gy|Cm`fZH>=E*0!Lt4N3_q{Z1dyj+-6ci+MvKS1Kxg2`c7LfN(*?UG z^T>$_+g-bN$Hc{bvMk^pug_Iv4LhIG^hhZ!jD2TB?OlzGYr$pHh(o&i-+RQdG4qSv@#8*0_j&3iZuNzZq*uJh&K5(Eqo|syDDvy zWx*3g4*r;6!$%41u|7}So(NjKews00ba)*UQo@UxzH$Wkm|BI3<#;w*^Z8)@uwOEnk zBJMrAEkYsnjZRkJ+KYv~=ecN;^YS7B0(Rn)2ZLlRPMjDTnB8PER zNS#_;j}vy-`nbNTzdCezSlLfOU!U2Glu$L`xQ~Loz1&YyA~95deMHlH(yO;}Xf~|Y zcxkCWH2u}9C>kc0)vG;o>qv}(KLh=g= za(q@@h43BAvqQt9qZhN=Qrbp62BI|IbXbpd73~kLt}OFe#VqEr=B_SII!$zmV38s& zi}|i;Ew2&-haou~qljtB^Ii9}w6ZF489j(dr(5b7_39NjuC0j2NmEYLSaF){DaEkt zQl+&pH~%>^P#+l?`ACtY10#Lbw#&fVJ1&ThFV}n7(OZIfvUHJ2a;Db1u5|4aAOh1{Iz_()4S{H>luz5G4b|hOe9rXWtYAXj^Oe4_g|ZED^Gd( z^6!NO*NtiB&9K42LG5*QUEPMp*t3XILkP*=zkh#&8`ja$5%${_=(7|Pq{&o95$%dQ@s=RbAoJpOofVfzvNF?jXY%Is&;yyL3D^#e}@WSToV0(k0$8L1GxySux`x{DtV z)IZ)IAWhtN@7my5ha%nJkdWyN{q;cR&82F@zHe=9a(a3RGsPDlP$e~)3%gITU@2qB zusT9|C(VYxr8a-#!cret9!gBZ7P`t^MeYI5y7HxM zCp0n*Fz&?ay?XW2=a9o@SxuM1@3K&o%+#Gg;Fwb0oKq%l%+6=@I{DTuzRUIcxvt|n zVoZCPLLZcGjFw{|Hh=qe!N*4&skg2Gt8?47ZIo10$YSTcyowEZ>g(%=Cng359_!0e zlfSj;l)ZWLXfoGKlN@u?_wS$X?>QXl?I&d7GTM3)freNZ`^axMrztz(jfIKsjC^rT zODkvRNRq^A@TAYAm%A7f^6=&wX){w=0*lX-lps#5woB}^+7s9h`h`3EK z+LcUi$NU?dswv-GEmv1nm9n$rE41q!wA);;%hBS&lPaYdElzYhJ3CK(+|6f@*Fn#~ zpql&!%V1=5ba`X3Tv%L5duee16N9fBg8N zRcPCtY39AQbo!j@*iRyBd6xQq*;vM6ttUc)g+<@jq>D&YRTaLA#l2Owg#vU-C_dyhAzRvF$TZo|dJ;pc}fGcz;hR#quRMKR3lf8?}y4kEP@8SnV<<48oOBqY8> zpS-^GqpfV=6W1APim%<>jR+)vSNH#M7ClzCpZs=7iCB0odoE8(llfpAxu+OYi5?#j zR*}HYShXrTxdTY8@X07E?*RYM6DUw1{8746!V~j?QC{ z0Ei;L8~FN4>}3)&aCd)FQ6XiR)1L3bEJgh?GxK>yMvzH;^l1zOh8CfomX;PV|4rvO zz9U$cjgD8Bg?3j{YwHVPFDdHwe2e|Ih1Ua4Nvj&$+p9S6V3q!zy!7czKwsZYtYV48 zy;9UQwY5q4`Lwsp1r>~pQXE69MY&JZr_UTB)us{j(L5E_Lh9=3{!Ql6Y0at{8lQjv{vAhp zl9)&eJa7Wxxh7Z4ZnL2z5!mbf`}a$KQbHrYn{!90#p%Cg&gHLpnDq9oQ0wa(LEW~R z-z@LlyN4LuKkbenl&M$h*%NXwoV}^JxiVcnZE2;gTnS6G!a${iUErFMa_5-+WREyd zg5*k5=p&ODr=c&zHv3Uvb^%-d;05+SZY4vO6j&ik|Ym1?k+iw=s&c0V^*y)-87b z%H<)g9+3}6=3*3cx7WE&^}r~)OGeeWHvAZ)gtzgR4%9HPx%b)e~<^5iU#uM z+X4G9az00zHA$?TryilauC8t{$_hCBOZ+)}w@Sx>Lc^+Ez}oegRV>|C6*}zSZ`k{> zBM9Q&5tYPFmm;QMX9AmvF@@%i0-qQN#U4L#q92&2CRb5jerGOEGbRY3SG&~n3}UA= zYnb-Ax;f9%@WI*_m6;l&caDT`1^RuRRaR7F31q$g);j6ct6lQpgC#Gj3@Z?drur@_ zT)te}*m$iq6hB})Bb>dlY~gOr)V}E8FdavVJrlURysW6C^vkt)+FcBbk*DTEyS31T zBx(ZYvE&uM4wg*`pNY8~9nOAyJFsN9BFE`NAUeRxK_$H~Tb%3W-3 zVS)SbDL^$OHU;T?t#yHUUko}bE7VESyd9@SnLEl*P^k4>zRXTT?q9KOeBv-8I-2HC1qv?6It+k zYwOI?v=PDwg6sK=mRu~Ejd}gesIxupfB9ED6Hd-EBcX=-GdvvQwEGQ0>Cl(>lJ$j7 zY*!$=zol8RE|vlou|=z@s=OCE%#gpaASJA%yppJd4+c35HZWi{`xMH92cM$>*|=Apv!^^-0xF6=Zr0pK4{9l4O* zrmm*;u{MG;JtM;iS^TPo#tin3+V$&~u}}K!-#85^wPx#+V(rRmy(UZLu3bB@fB$~5 z#V#j2OqcCh;)WZao(a5tko@-3r-u$5KJ2kNUZ`E>EfUHkzV+Gr_bYon`u? zNJGDCBQo{N6LNF;AinLcX@tNPU-FFk<*#2qjC-jwL!k)xhxG^O<18A2UC=-MwWZ}==lJIV$D{Hz_&x+o zBtNd>$1BENPb_L`YX_h{-=HiTw9(aqJ7*IcpV7yli_Kk#Gw)@@3Q-%&GIpgrhqEHpG0|NZ!X$fbb{GpYGo#@ZSWOR`_S zR8d%<+Oww#g=x2~SykWx)biM(Nd8zXSFVIOvin5a3oAM~31GefgA9dYQ4k28Ju4t0 zB9CZ}Jc>ZyA0_odwS&G)g~|U zKLl#9@r=xd+@+b5e8{T6zs$5-#$!-M+*2>wWV>8H<#t2!Gh6RTobcdnPOj64G+w!H zME=>3eojYWm-V|NL0%(XqHIk9v?e@}9}HVn%Rb$2%zby@%>LtHuPfv^SdWhh{dM4; zkmCKSlh1`1>c5H$$_qw+jxu`g9k8cVX*Oy&pv~rmU~k~yiLVi5)vCtw9KBXaUsv^Y zl__-;W^LXv>R)lWyG`U7cBsVan83>F>hfy&rWc?VxRn!{uix19O4#<6U11F~=zj0w zy)vApuxCYCV)?F}?`*6>`U7*pI>fb(9HSjZMn-YsUeR>=-eJXVliUR+5*tfKdcMmh zfY4k#JnZpGL@IpmGHPyau44I#=U|ij{m~FM!Tft)Ey*pd;;gj?Dhzeve)!z*k67zm z_0`#KXv|)7+G1&CcDW=skKSJ|k4s_xEA#JOi9g9^JOMlxUtgvifQpYj~_lNuHZl}9N<<)vz}G7mC_Gh3aP*SXg{X zo-^SI>uWdj@%BD>p8fdE?>jSj-cI%EXB!5z<#O5FXFc8{*3o!xNB^g08q?DIjb}vG z8Z!>OWBe>*F*~gl=ePMXqBE40U4UOG<-^82Q<={@>!!KqPAnhGOMB%-n9+GxHrF-IjaTmE zPgax-4`7!*bdFO?+mw@J<2h&}F%mRY?z{MRlFHLy_K1BZcTR`BO`s@fQF62<`Mz~Y zbBWtrG(TIRwOut_K8XKzfZ+N?RUuxto4%j#tA(3LSkVvCrEUM4T}E1-BPxu6UU^^4 zCAH#)`G!3vqHNO@W~C)=XU>bAJgV@hp~iVnb&~>XMn)W|OXYI}YxznIsc6U1aE6_@ z=QI5YI1{-^{B~#oRU=j4iBf{)qVE?K?x8L2|Wi0aX?3({rL^9 z#UK9O-bRu6ORK%lWn$FbKELagc*tH$n(O^)9vpppDRcFbDfFiYT!fZeRB-IJc_ z-0Jcz7jqscsrX);<@`XpF89PU)XE>oMgx z=`g%OUmGlVxz;XUnK~pj(IYm%`2LA2N2TQx`Y8K;`LopKFEw;hUSYSGk~1BS!gehY zxL~^P^Oy>Y!st&%&+zDX8wRuv`#xKHk;r|V{>TgSe*4a(ODkT~ELxaAN!~n1C4Epv z`Sq7H&c7T!Uks4R$E8fXQEXd14 ziXvSWyORcnZ4|;keKL+?EH;tK>ppj6-{7G{jOFkI#YMK9G(9%9Kac~wr$d8!FR#)TMu*WKzp9&x334cdYqm!HuM!Q68QMRes0(^ zd|$w4n%}}an-&fUJP~huin3!iNCBTN0Cj^tQqj^{Y7u6MS9;Jn&cU>)+XqS%qC_G| z4n#~Y4_iGyQGdjdOF;+V=jTrrKBY<<^?o#&i?yD=$^2?SG74D$ZHha$8ckDjbHhQ8 zInDf*2U7qRbN8P|4R=cOI-bk1QT#1Xmfb?(ZF8L|R&!`$Lm=Mu%fyw`Z^6M->KZzC zSQ?oAY%i7VFgPW6Fpcx8!sL=OTk<}GNm)KSMy`umA6Orrt1~Ey8Jyqk$w-9N+>qJ<;UliHS+Z2WPxGZ~zDXv^7FV6q| zrLA!Jlv2mfXU!C2y2HRAM*a~m9T!FEKB3(*Ve5Xv^q6H$H_!YPxiK7yVboi=Jt_ck51X!lt+ez zQaj&n+p>$%Q?K{N-%^YC%|JV)w~^*i+gK$Fb+!*`i2<6fJlbEMHq+fWs`Km2Y)Jg& zH;2xs&q*6p`i;~Ys@xd)Y1KJ%YUBmrz%?bIEL}$Nj&~m$E9PyT)#pAvJK*jR@nGaz zRa3-`0uSpfSH-sd{`cDw7Q+&)Ommt}u9@DmNY5M@vBX3$`>mZu$pq3HoEs|CK5!7` zf`>o{WsN;)HW!S1{8$|t2Eba5PS)6ug59NhBv2hi1U)|4llt~;^uHxicD8cI8-pAz zLS_+l3B>gjUzn9sXvNtLRA)y|GpDWmVOsBMy5=6@y=ZW{%7fHnZXvjJRfz7VOU%1Y zep%6Dzvi{t)gOn}mkFPHGN-erw_Q^qiF6@W@-CNrBu`GBk-weP@nk;#j+X;=dRfn3 z)yR_0lW%$X+CJB$!0joU_lx`AY=3SpE%3K?(f@K_2~FP>zq&M{8ZXXnrA0jnUFY`zf^tO zAAkSsf*;fILO0*noT>MyT)z+AydfywG<{Y-Bl(s4lb#KVJ7i}LC<$dR@YX%lB1@~R zk@QZx?{t<)U@g%z*H?zuD*Aom@{0_SYW08X;kVD;%#rpW_aGo;W?EP5i{Pm==aLfJ z@OWo;`mp`EkljKowZ`Ea8ynkF0~5A&(CUKV(QJL7FIX_ev&4G*ommx~e1-UlvP-)r zw5Mg%>`8%z?^FE$>jikt_vnt7hUW}^;rIHVe~|)F%?LBTc>dhDq8x%asN9r`CasjD zQT_^6>%6Ok+8#sG{fZT#4X^)yy8BwkOlsjx2%W-=9894`{4oHc5HL9+ZdzMYYDYuX z$ot}ZIaLkfMpBCSLGD{;v*NYq2##}J4$^6r}D{6k|^6ZRM;CgHeA%{te#+w=&lS5Oj z?w3MQuE+s3@qDz&0FyurC9Y7|8NxzQliRSgB#ast^i`K8${25N?;rEILp&YULg1po zqN;G+tu_8=ov>L|9+Ml+9sorNx(?NYiz1)7R&}@gZ$XVO=Erl8jgxZ+z}j4BWuN=6 zbF|a$!~<1MFQ1-B=0bkE!!D1)9w9uJN8t473WP+C2zifTcWdk5tK6wI8niN>tE(|O zvt^Z0N@;}dss38q!({RVJ!Nu><+Nuhb}O<7aw`gMMydz=8axN<_vbqirngvCKt{QVc}9* zbKdU}*W$z_TLpF+=(Wd6_S4vE7lR4sgo$!;rs_zERuv(=Yw^4YZpv)L2%JxA7N7QcRWxUe zOALrhNIX&<^e%3{u0AY#! zFg!j!00|XStQ03KWnpm~3=^0&$hSz2CK%uBw)z+WGx!V${d8u=5uu$^IpH}dv*VQX zyY4~Fz)}Z-YRlFi`kt=t?CP59Id4fW^$d#A=g+cpp5kB&U%Ys6Uz)W-j@jpKW#3Qe z0{~gI#=r2zs1j|v-^+mGLcOm0-Z=nd6Fw8pzHiq(T7MwsAyOhiAR;3ZgwiTKJv~d5 zg2VjCHE=zjv6FE1&%@4+3uD@#w*rvI%l(+44BOhifFKDVWwHiR1^XxL68Yo$dn^?A zePRTsvSa_}Jwi4=;D<qf z$@u{Eg~2KMufxvY+X#I;YC0k-{o0KiS@a*Yc$iFwdyM@Ln9jE;_i z`9xH6T3>Mi4y7R98h6g^A&P0J7$Kw~!a(xk1qb*=8yg!etyyRZkWtcFS^}k6VRpji zNBqXq5&~%7>~c+gJzKnz6BuYHcA?CY1pf#X3A7p^Q{yrBb1D&!36lmYI#hWOr@6Se zeqx;k2M4QMz54u*HW%$j%L2nw^oR@IYtz+?=UjscW~#6gtRG=K07(eG3SkoLE>|Y`VDX>Vgf10=0gfF(I7Sr76Y3jAW173k(Xvgc4(*rgjJH zAqOYO(ZGbRVz*HBG$jXU#6q@Re`Cb}c8<1XpYRNCX$zHDp#WQHWW*MB$v8RzOge6q z_%eb#mOdJzh%68_q({-=NU6`g718{`US?v0z{mjx6NV~-!cIc54msO{OaXn4;z1?C z75C>Gv@)$(*X0Bc4XiKrnt^R6_8*;|`_?xH3ozAVcc~;)q@V~ z`#W*UaD_qQ;n6RP13Qn^LHG@Fb7`=ZF_y=9c?Tso`X#lBU9*05U%!4`yTI}QBm*qJ zhs=^n*om=c?POD$R3OEauho~ILh_iJI+b0za0puzm>Pba7{&Y8rzWmE6kE@^P5j2b z4;DL{)Od>DG!bhvj!9@HK;A+m#3hpj_wlIQY2 zP9x$%0Dyr!uXT$)>aVxx6M^gNSL(n1`ioe65G+PoGLU9;OWgO#hl5u#X?b-G;f98C zdy&U12RW~{w(&Eb%Yz6fd70VSL+5&z zsX+5Xjzxm_Gd`Z0oP6h6hQ`gjj(5K6q5;x(uqCnC0eGQwA~>cpYM$wBXc?OAb1eG1 z$}rI15(@tg$)zm_Hcd?xSPYu4bs^$LW3r`HA$)CvGY8hcn#RU~%Ds~8^pxMax*G6Y zLm}Mi>9i=70;T*(%4TpEL92R#!sxnPsf;iq;fyL-`W3X~EdkR5hkr7^#R{_>Vk-_$`!{1-t{-$Y5h^Ox)Uf`tagpFJUABZ`5xu{4zVcdT4eU zL9J|aeG>IMRFt{JMZ&WJD+)vuX!VFth-#Pv^B!}oqqlawO2Uj962+eL+yw;%JlEd> z0$NyDNJX1)aB_MKr#=P>Ap8||($-i5V9)PAcmQ)B{6v;L`*~iB)TSl+zVddR{v|`j zETITn03sQ(NWRWVd>?!xs#;n#@cjK<*#{OO*Kt5$`;Hw9hYzRZIDzCHPe<&TX1 zUxCsR*}IXuP>hC!?K_rF`oe_!q`kRg>lWCapqWA*0c(bp4W6iBkaW5GAT2FXs@4xA zXJv(8W2Cy@SWx+P?*&EP{Zm%YFdf6rPwj;>BX0w7UM&+ibKul`(YN9JWU-F@WhW2r z77-E2fBW`ZYwP`P+aYX1Xk=HGU(2T4#52}ev#+k&3kO&Bou?*OP*8w$V+tto?VB38 z6bq1)d^kJ;m|fWRU@aq1a+7(2yI?TPDqz@~DJ=lhsL3Is{*o?!|DK+a@#;gBMbFYY z>#XA9Sh-N9qxJky{gR(OJ1@`Hc(2yjkoXki_wREtN@*$oDp9a0VDsNXM!d4YlVuH!!}(jQ`@0%wWFQz6%ohEo3Z(wQV{!k`4Y00k^;fe;M90Cl~03Hry- z!Ycp@6v0*3VNJXABrmVVT&raPp`D2_p_n*Iu@$_YLhO|*R}_o^7fD##Lvfdk!Gpp* z%%x2)ACAqSw$eE49IliG_*G@hej9_1R{aS-H zH#3jadZ~WoqMzSp{%LqgqQ1MpR5ZB=PtbG572O**#O-1MR{7fr4+b@Ui+KI| zwZ#Hw2L9t7)W|j8a<$1u!yNDQ+})(_TPy?*A-gI-AZ7NM+Xs^}M&2Y^=-MCk%SVA^ zWvJEn%zRHN$xF=E&fA{W3`{0PE0fCAjl7OZ)6+6w8%lk|ks_Fqs~;XoDJ&!$kR~R_ z;1Go;cWO8-k(J_OzSoa;4s5UvGm1FgMR0%CvQajnj3~7<-EZCf{ymR2^v4P2hs)$TQn}hXtliIiv)*A_?3AWY7@4 z7}08)+obh&6M2$I_ghU@>xP}Vk7tD(K1)n0lu0b|0U(y=&BNOY;N(sd4`QLHTdDm{ zVwX>bM2oNsK_7|-^hls%BGm!J>wHz66c~5~&A*Qg!(geCa#hnjW4g@%T_wET? zD2^~f(gb`Gcx;8#fp~?|6y7HWdioER1&(l9BNg(S`DAg{y1Xg_0{%63o{b4;cI|0biCDkF02X!a@;GeWq>^O(H2RGYWR6ADx{d zo^vnxi}h=MJG`LGBT39BksVJtY2P%1>^TD5t6^IEOX1nYQuf-v4AS2w)0iPz5h7OdKW$9bs@| z5_3Ow(lRC#AJy|1IH2bc&xCF=SN2Sl!p$5l zL^ySYE5=rA!_J}*)*);|vL$S-gnQ@Vk#legBo!5TNclvCyv0v4{)Ae0*Q0SOY#s-P(=cx7 z!WfTL3+&}FT}6k=!PMP-DScc!O9O@*);44QfELTD(Rrna46I*PE5dOK&l?<>1ozop z>_*s0E?=&{>a|Fu;AAe|c9r+= z7yD`-aVpXUf~*Q?j2sO=cKIFLyI9Y2b8}PQF7q|@_Ldu56j8qq+z3{Wa(ktqhgnJl z3?Zo5EbQ#kfPjDkFwLK^PRtnQmO0)rh00k7tm^7zYv!EP_Aoo!kLU@13t?@wAER6B6e0STXp+@b<+)ue33-2ZZ4FI&0R0IcF z5;A(RVI>lkJr=C9jv(+O?cxspHH8pmFUB3-x2NzIo~$Xlo~2=O;a|T# z%H1yqLwjOkXoociO#q-fP@V$U6Le@`z+#1LE>M%Fs@!nh@uj(jN=%iu$Ze7d!KzLa zEC*4sB$6If7#M&$kY<%aJ#Sioy6>u{CORmXy{ES5Z?3e#R{m5dMTwn8x7amgD8cI? zT=cFNtFNYs3h>uAHkyDFQ>6tKJqpDCdtjicvoqs43@F99FVBjJDWWcV|Ng1F*z4zf zbUNlFWB#PJ(E|*HZ{HF&C^)C1?sb0oqJ%mr%2^qPP1sv#4<6(m{xJ5i>K@@elTCq3 z0}cjMCq%M4t|1?eIt>;w1&?U>zVl2Q4}s%C;{K--r}EAZL3&CAr8^Zr1&d6B*aMSm zkaT$;UzQ)=Lq!D^3XBSS*d>JT@<+OP#~ab2fG7lZ1$`5Zn` zL`B?UmZE(TYOW`dH0O?X+M#^`8Vnw|zrX)d`19u&!5*O80Y{2b@+8U%c>ailR<*BmZKj@#$gqeLhJuIEv$N3`g^6!3^EnrG z=`ILOT>LrZo0Hey0;Ik3T6~>L{j$Zb17DojAIQiq`|V*It+r_1k8^uBaOkO{4RS!uGdd z@P-o&QCIaFd!o+*!(`biFCY&>4R{1pLC~ii{(L=(e1%yas0m{OZ;Dtiuo060943R#STg(N9Pj}8A|ij?CkmzyxBtSnK>jBl1H9VJ z-ZCHMD8y>KyMRwaDmfrGIPVE~7$@nMfX)%kfFEZL?ZNUuRc?Z9J{zxg+u4~_>@HeI~V&Mi!iw0I@I*_l~E32 zDa_i=)J%M6I5Y{y5EW9CZzsAlO!H!VRu`s;-WF`_^mN$eP}C7Q2v7noZ3xOl`bYhe zd81gvVZ#ZzG*SqySs8P&8W{ulQe+rFPoftLMHGshJsB;5T!BR1yAmsOv#^t(GMIgr zjta#Ru}`U^NTkil)aEt|g>`RPJoq?(3=lg>uU`Z1lK|<`I=1>(oac}E4OW7<913S* z8DXjc@fBYAmYufB(V|^-0*pWjpEh?La|b#d=sYX5K<6azB9e-FQv|{YU(E(jB;Sp_ zT(O=t5(W!>Ln~s3RgGsqb(Aa5cXd2+87X+N!MnPd%cH#drP(nP<+X7l-)gM&^$x09 z-{|$pv2~M8V6imUkp{DR-kJHuMdhH#-15XxkF=i32;+$L&6wVpY$g>UlT$82LW#k7 z_bo^d=oG03Q%})DJ7J$^h{Px<~A4f)M4U+rF#(j=C=%VS6LVv@!# zTx_gp4MvRh(?u;Njy$zI#pGtcxZa-@_<3d~P^98*0i8gJX$S~j-(+0=5qZO2L9j(*-339OGwl@`3z zLsS1zo|bpJoCk2f6Ql;qXmdgEObCnME6@0Cawm$-0@%I- zE?E5fMOxYe6)tHxxgEe1YVn~cjO+As|Kf)2jgboc32sAS+h=PATXY1rjSiqP`!G2g zh)N2IK-8fF$b*RG+&h-9UA_9Xw-*WyNF?rK1(Utyq?P&6M0o}+z?=h7l14isPgeNA zuMdoa79D$GvGL63F*|0q5f=S;$A^yqG%enD^de!RC1U(X0Rk0qL3oLxO;9Vr=?DX8 zhB$Io^33Bux4?fR#Ukerz#Z*7pFu5~+E6|5_?lSRr$W_U&*W&9*YV;=OoBMeH~5sT z+ISH!2^k+AGawWAr_oQ^2 zJ&UG_>WML>0eB$xphp)S1<7S)OfV*(wV==5er?GCbq2y5uzn0ERsPebQJSAbXaYtj zfHaKMIa-S8^*x=Pm*GYQ0<{+=8tAa#+O6MiYx%eRc$shT78z(8SmANoxFRAG(gxVG z$auRBOP`Kkma-{fSZ@1*sz7rp+Pm`BLKMpk6_8#v6qQGq84qXE%Ek* z&DAfRib5irLs)K*v@y`zeCzMb|L!Ab$)&nF4G3 ztO{X1MBZH`o@IcqVara!2?YMg2%TDtjK<9`t^nPFMAj~HJci{Tm{L2lv}rear8rsf zo7jZ@gz*KAn4R*u7jq|h-~GIk8d;E@dSgVfO|da69ncQ8M zRjId09qW)H?{K?xsm7-$k#7FCPyTpXnvTFQZ%D6*%R{x8yKd55)1mKv=^Uh!S5hK4 z19&SA($RHvb$uFk&h=WfMg4@{bpuPwUH>*efusxx*)upa6d;>|A*a|vLqUFLahaUf z$i;<_Q$R!b_#DaW2v$pv6kz?N!1-xpOUJk??XGQ}rA!4nja^-g;p}KjP~oCQ%Laf| zZ9~Iz@O)6&4AF<=dH#Yo`PSP%yMJb>O@r%6knmAJVa^>Dc%EhIhZ(zk_$DI-x!#Em zYRc^aJC1#p|F0K7nl;-e8=k7HtdnE}2UuI%hnNM_3ZffrRQZG0_z7@=_&a|MHS%B-*xW}dIk`P0X-j=_MlY@ci~=vo2Hl&#cN9{8p-mrA5LgJz158K3&`-)%C(eb3hYLIWB8LhM z4dE6l&V8s?(c}dpQJx0K4n=p}7b?(TVqOcu*yW|s$FH*xV--MloOTz$=Hd?$svgjR z5t~$m@U=_=6NUPybY?S4j2(&)|0RbK!9_n59VCsJU{P|rJV`w5kd+h#yo?tSA?BvOlr^UpG(29b9%-YV5 z=!dKdqT8|ralPZmkB`?3;lINP*-R@e*Uw(4n9M1iu8kW0?k|D5fL5j?I7`BJHS>#fXOK-3GT3#4QJQT z&_GX&T>4cMMylLV4ULT${7drkQt4OG-$TL%L^v-h5VtyNp zscHxbM@2+paBaevaN-2pi4&KD6L8tJK#%_LE>uJio`^yN;jsaaj% zv9Vn|c>5Cj9h~K0Ed($4*J!P&CEkeHuAIDz>gFDIu0LG6D$HA9L>6@=uw=YKaTJmoTC4YK3Sw5Lg@jU4QEZ3#$^o+G(4U@efqXuHs{&1 zkH^PtYaQw|DGe9+b?KAmY!r})9r?2@Kvww0EGd}(DgJEy}MK~==Av!Q_!CE6o_qiBsQW5r~$p@Dmg{nFG;#2xG!FqF`c z;CUc4u!4d!K%wYDA*%n(Odg1C1N?jZ7%mgR>Z>akg|gMK2wLGKMC&I|xN<`)nsaveW3J39-RY8pBL&8~ZdA>`Px zdtgdX%-&rhmc%OWdA>yJNQG2gTj1)NotNq8=%9LUH}LRacu;v;Bjeb~lY8XDwY0Q8 zKwgTDz7KK@5qWsn;wpDk+^4JQSBV~b8=EX1Q$N1b>Nk@E3i8y)OS>i{e=+n9_^!)^ z46M$?ofGlf2%D^xd}Y^bu_Z9|dl4i@h176FE!4xm*KBv)+ln(7PSHo6Gq$nW0}om6 zCRdaKQYuDgrt~51f{}`FKmurDS%5Rd=>qVEC@L$XtqR83<*L6N%&hP>9zz+>12Do3^%E0I5jWcMhicgm6Z3fDpTsV@^QU_*Z zdUc&RvjF_&)ZDN-n&kkp2jIiW9*A4D!if1p-KNDmYVX7|h3?31E6&?WyFaj99?CF|J819f0%-xu z1s391PwDjq&pe$hERLh{;kuigt*R9U)bUEyzkab|>U zWGPL5w^*iTXYa-CuQCJ)8wDeYx{Asz!~|qDw231uzI^rSqcJ~D_>e=>Jjj}X0TUcf zu=@iZBLkfx{~k7iW%D~QJ(=li#_l{KhL5yngI7y`^JZ$Y=K#EPz%{>ff5@h&YE(u= z9l-O#LIwzc^#{by&dJ$7@2Rb?PaI*Aknm6;m6ayo&HMKX!i=90=YOGfSHB}B>-B5E zN9=62Zl5XDZ2I5U-x<^`DN6c}mTX^(3$7d+?5PmSF|@`7K(uk5gwIsr`)%&z>s^U;fMP7d>OarrCP5ZYCY;wqDDT{*Z1qM88~ax3=d3zv}^kqD%n|0YoQqwvj2ja_kdmhF`=aXRQ zAJ14{E*(O43qb+$FR~FzjC;H3XrBJyfV;(66h;(;N035tK(HU_23lJ+fVv^_64V^j z^tQ%5vyQ7lV)CS?ne+s9X&m!IKc#~fh8%28M#JWyb(1&zJll$*5Zl2 zyITtL4#Wg66d1!A)U``%*eExBeB!Zd2>+6=ukXhp5-tWiD=bYCn`^Uo)8cgW^@l)Y zfiA?eEkoM!bC{?-JAhD{Usy=!AX!Ei4T4bX>`9PCG|yp6Zu7+?~i8$ z=U`!J`3qJM1S_Cm%+bzH25d{h2800sZb(T>lcTzzNPGD*aUfOM+RSA{-X{qO9Mlx- z*44-4X~6!Y_Lw5hy?FlOMK0P}G}6!crq?9Ewb;9{P>7O0ub?36Yjzat8D7AMUx$LlYsP{0dJiNS)n;SmZoW%JFTwp$H_DRwN z0RJFX5q$=dlFB!39D(U;XGhNE@VoT`hF)H=EiKm)#60da55q1Q4$yU1I#rH!-`lru zAF&6Z^zdC7=0psHQvfKR<2QrR@^_TOhYufKTPFE&u(A1rvIYL!&+3UV2Bz~u5=@m0 z<-IWcqQ_eF==z}`_t13@c--(sz@D&yUAkmY1mlL2Q^dV{+rR?F#K!h7mT!uqn1b5P z{`?9)eIbbjOL*G-9mFN%8N$`{@#Dw4W9=~TzytfiTo8G-a%P4fhlKS1tRUDg&Z9Q> zFC0be!1)_MtkXC<3~p&*myxR%2Cc`O89J#ShKA0IOd)EBYMfqBMW>IXR0{$IMQ3o32ygTZyHGTEX>8vKkXyI^+9B*Q!wx3~Towex zLi;xF*kOE@wNl+W5!3|KHQrFcl)GTyd}fAT;I{OUa?&EUB^4 zVW92+3P02na7|86S2IUEe*6GLifLY-y)cH+!OF?iHCl3gSQ%*wAC!B@*cYKJfucPk zE>2NFVb{T+W40XJ^5HP@<7laUR1e_pi4$?UkCYc46?G559JZwp+5Lt6zGx-@y9SRi zn>-B^aPQ@T$6ycDaB_~LBR`-%!h2O?aBgWSQPqJx03w5!hbgMYnJGFtf#~#l`&L7* z{a3}v2=`;&8y{ioS4$W6oFk4k!pS-HXL5;UFcOIkPJ$_*5l{sn56ZQ~^6&isvp5e8 z`a4#guJSf4SAtW5Zx-#!iGCX*IFt#^@3pKin}>f{-nX){>W9gYlbQmoGI4Yjl&0*= zZKCnKw$TBg{)o#%qX7AfGc%^JRMF7(ccUqiZvb@kcTf9J)?#`#E62uo$Z)s>VZOl3 z@f-{ii#|6@JKvLV3-bhX(S=mCoHuXI`}&r3?U3A9Vgmq!wv9INepm8|(NQA^RjH}R ziuf}TP(WWkf6lI~{IAiAkd^u2Juwww2qdUEEr~o`r*k1@*!uCJU>xQc$b)uEG za%ALHNrW1A6iP(&V}~fDVy9BaHp;?etE*>@W3-5q{0<%ZXqtDkKu0yBCG+)boF@e< z0U;YAVZ3XRk9qnu8J2Yv&PDprvCt5VoC8QnIFoTG5-(kQ4yz0BC1L;6(&FO#8=w{S zBJq$63`xjjww(3YNT5)N;|LIwUtbav5+Y3DNKMG|5cQJYWfJ%kDfDe&A%FrWAK%_6 z1sN=4_%^T`K@p);tn9P@B(sF!g_&t4fGExibVAtW!NKo`?1}IV`}*42+Pi!a1V-48 zJ*IzcgINiK4`heqDG06r$NAvgH_W($lhPraC58$dOavk+PBjBm1jB(A&&vL3;zXsS ziw|h@Y*<{kdfIKPnOuxWNcgg`zDj7jwzd!97yu20x*qmRoD0>jL3Wan3NZEKaC4gW zjTFy(B47eN(BMP+8~0mQpdKq)CU7 zR703wOmwhH2VW)Wq={HctyH!tlEU3Oe4p>x@2@>PR`-4P`Mf{Z^*UYGeRJzf{uJ`G z0BRbDPog&uG}N9H|2~VmPXNu19oQLC!U(q&`yEJwFH=8M9^YpPMzS}-CCBD;I(~M7~D>M`SN6N zu*gN++j%Z0$L5zABvY4oI?th9kpPExum*+?AdyNxLmuhr`35D3tfR}&;DFEOOwJ5d z4A1f^>>sz6vkOULdnaP@c{-(Md;M=;|AIcsG`xipD$2II#>-w7KSGV2qv!lUO@Kf|J$n$oDZ zv?CH~B9!9SZYqiNU43>VG61}c`$KdZ5$<4qoY{j`i&QJluV+KfzB>1x=rE20R5^Qf zS4YQvIM2cuCFUGEKf8wJW>C#FWGd(P#W!STMWs4MkTwFNXjGnS<|Z)B%Q*xTifAqk zCbZg?*5NgK#k=1RD5bueKJK6hLPDv}D34h1`V5MYlhZ-3LRpwdYjGh%!zaK?K&&$A zvry4;b941y>`|%+8<6TN--3{`=xRPgM2yl>ZIwr)V8B+?lHlZb+Tu2(NYj4v<7q`u zB_ctl-NMf9ONd(+SJRr))sP9!E)VCU?p_fNUag-EfQ z+ZJa{h=hGzW0fj?+Y8YFqfz7WPfXs8*0H{~1bT#V!ZwoFt0j86QeK)=#_pgX9s@N4 z1B2#k!P_RTrCCFpI9PJJF59a`8Dqo*80_=yOxflTw}pyj<>f8!U8NTR`>NkIj%0s{ zcdor}gv&KMGa_fsnR<>TNj&{p@#6^&nVcuo$8hLZ6!jvh^OZ*$LFY>HJ$NRK&Mt7= z{+VCEp<`~^nwo~GRB^%;8>^}uy@35@b}>S3#L?0Nob#p%{$9ef z{&~xlw@<6cnw0nXf94*eJ4DCCPyvjM6Omi}jSfd_z?XKtw$$+i3OX&W&=!ITAZ zagf@l3RmAg9QnT zxIa59>sDud_Lc>UXQ`=eq*uqMe?RJZSh1ttrw`dHL4m%qEDvb$^mOmTA=9bi) zt5q*nvHWNLR6uihU7f9%VB)5;kjT-aZ(xsbk{CO}E`>mUmb_j)@w{AZyD;_4&0Tza zVgS2@aE||~B%{3#4Kxi^L8?WPwV^4(-y2Ivj|1_+s13-Xk+N!o{PF;R) z*Ur7wv$~UaNupK9@?`Tyh>)`k3{Ei%5_9a>YB;?87R~b(Ywhe5q3vStS7G5@fIbl3 zDKIc0HFXZ5H+kpcD5qsRahutRhM-s9Dc>vMGExLlCMv6|nOTsVyCU66jROie5KHWU zLz05$@J7Ha^ULGN4soGE>)fM)y4orB|cYc7+>sb<};iVxY&;wqNep&V>s1drA!k5nL5GOWgRM(dB#8BA(>kYEeVN@FV&T zBs8(f!y|_#5^j)?>ZUVsZ$CO!9X}}sISv3~>ELjL4+b?I7R=r;Uui)A3kyk59uJO3 zzvEz3yS-I;wQc+M12_VHcyQd`9Pj4goLs@-9zHxCU5G^K&Ie_`TH2NyTKX~h!AGaO zOt+Uxok4D#YiWLfa?=O`3P9;D^K7FVaq6cT*sN%am6yEf?In2+&&&w_L2~Ah+u>fD zDi)!9#q1OuKm|GahaV;*p4hMoY~A|Y_}6710%WB5iB)K&-BpX5u7aT`HLdyod8Iq= z*0vMeA`&HH{D2+UU~opHVhS=^WENG`)qc!^V&OBVCP}rTdMK}H-o%#25EoG^@xOa} zd!dWaBpMxeJQlWfb8CQ`*J31Ydwb$4X8?pruDD5DRA4Z(5U11AH?HU{d7Y)cRu06* z&dgCD_U`VC8S*W?yU{y9>n+|(TAZ(Aej${=Y$*~#=})W*v%Aa|ak)#iC!;gukTq4+ z)Y8de{9_^i$N{3sh)(cP0YnDf2vvv2Ywr8Cb1b1P!{K5ePVT*UR-NoGm~-&lX47E%r?H@CR^ zr7y_{lKk4ot3Xw-`VU8D*8>FuyMEv2es{A}`cqn36oWj}V>SyP*POV!U`5(^Ylr|z z8u2k7JTQbZ;x>sn59UEd(!xg5tH6dTU1u+1iZ~CXh_^dChe0}`X6O~sVGy63y}jov z`%GAn$x#q%9^a3oaW4)>Ui#KOjSK#zu5MUy^Hz={Xr_Fcj<7LUZwg=+noxr!mBSBl z3F}Q%TvmBj-o4x6n=7_N^YK3*N9~iahCx01!r%m050a7u(;bG;&(2sEXXnvKDDcjv z-GdNnkQXfkId`j0LYFL9>_vg+LeF@6I`s;KgdFEf!>A|Ixbtix{Q>KQvnuxIA=ATG znY)vJEBmW=H;Qp{q;}y}504|9XMXc5>KN%&q|2>qbY|qo56{ZV3MCav?ZIcE+2;nl zQsEwPogqd%J6OAV)%WYQW?0Nt>m4?1!YJ__0ov01mFF!8834j2z?YhfMhRtUchl0))%yilPQ-k6&;=ci^#9+N{Cghm04ss(RQ=VDZdgsOB-Uo+s zOK-Oi_4Qp((#vP6gZU&dJj{SD7M+}|lUIyO63;?HVmXm|y?kRD@R=Xl9=xNk>?yKr3Z+&R?IxyjyM z^U?2tn;$*HMSH*d{$FQ{TC|EgPELvHS5eYW>f>q4oBW)dJG>}35uq5&B(zNi!O#+! zTRDJmuxQbzXYWmouZnDX8NY50&nfSWJP`ZL)V^g%$Vb|@@)ap z1Ox$P;fU26xWhd-qUY%X!6;pf{Q{-|mzq_Vdh~6n(USKQ3cs zL1$>>yvp=ZZanRrN}gXq>6O(pg%ts%8EI(!>NK7n+ame#8=q=M@B^hCN9&0)m z$p#jq@6hofQwRJbUE=QU4w04+7(x~xt`ib6Fg;mQZEXwH1WqHYWS(uJJlt)L`7NGh zt_YbvxryOzmE&l2fAsb(md-DbY70#d`JsFFPZp^-G41>)KDdRIl_4Q9`+})x=6w8C zA`_~7-32>9+}tz}BJl`cqu=IMR@A4BB2L-;buR%RVmVm4C4>nm7ZmyOGH-*vKhB26 zhfNvYQ=<}l@?<%4cqk< z^z|c2p%TW(I5>0BqTb7)Gp!XIF4fWlTNM|g;?hP~^eM{iv=1>(K{uD4?B=T=U=k>a zoAw-~z0n3EOXRXm)fr?Xu!*ouBYN<_$~JV{^l<*j+=e}pC;0VEu%_$VTG=!kS%a=_m#b&z!LE2;c2{q!$3-=)x# zUcR-owl;!%uwOptsbLH#$UfJ1)XIs$BoffDKk#n7^9k^{Eo-%I;=C6(ztN8T6-I3g zd4q4I;4ZN_AoO;BekC$C0D|2fC7si@ZyzJJQ2?*tG|}=cjGs*>{m5IiIA7!jaGAs^ zO{QolVNell3&Lq_zol;%zrS2L4WtJchLdgjE69Tr&FE#0o-Y#CVE;1%zqc?*^a|Os=GR}oUYmZ+0oI;hv-gY{DQ%amNyo2j+ua#A#VjzbC&;e$d>Ky zIfSP~$z<#%qfYgc_n{u9fa zUV@tcU8tHuh;1l$6@`IqR2t0*!vrl%)w$urZLGL8=pw98S`tCqsnwe#oe7#Kl38= zn2?ZQ&j3V2Lqlle$3nGRzI@)ZWtSMQ*p@zXtwn=rre58qG92dvRK= z+|ZEWPS!U;%JF6>%296DZr$ij;?>Y4$ScQ8+W6>sF9H}tLrQf~O0UB*>fH6)C5m}h zucW07UMR>9xxawPGe+ip0iT?djk70bVePrul76#mjZHZc122-X4`k zc}hF~M6F_MwBqZKEISX$h!vlX8wEWTJd)mn=?(<5l0+)cGWpJM^@Am38vIp@_>T}? z-bc^$-vr010tEKgx|;pbl8(rL#IeM`!$y)BcH=1iJ46TSunp@~|8X{oAoA z{{Cfr5zFyQT`yWyRuDyH4}Vel9o54&Iu^<+Z|Gnn$Ep^@Y5SUnLT80?vFBUu+AC+g z!o$MAXw$M=e|+&(fovMpP-?32HA@#>Z> zTVwHk`tF_h|JSZ@C-9%0`U-Lvw`>ysdsUhojGyeWxuj{gWeXR6%XMO_Q=+5;ez?nC zUP)$G|5gSn8m1A-zgzGlT6-A{dueM+OCu}$Ez-6|x9yD#nH|mSO_}B7m9E^lPeHR~ z3-cEFi&EE}eod4*+UUr|43nG}zTAi-J0JJ=13{Kce^WD$lwL|b)ux=3Tz~KDe8b|` ziJM=$Cwm0x3$pKeaQAT;8|dfDi8mX+w(`B|cgI;y7t+o`(apFe4kBmP}M+P$6lXH+2GW%t9m z1ONO}h>3X9-NPsFif#98B>t~|@Vic~nLoaXz1?E*bd#=z26M>eu9@jt!ypaL#q(|I zY9W_cF0clZzSo7+8a}>w+%#fwR~zH^QT~s&o?SeCOvLB+Ug?dF^7W3*>lzx5IqTvD zJQ`KiLZ+syYzrCO-Q8c-8(Rp_M@L6TNqWX~ck8;iy4D)(&uTOeL;=uX3@hgtK{_b ziTh(0)zns2SA`v?7)nb^kNC?zdGh2L%O0iXBTP)gEh*Q?_w7^F(Ro^LtZhGi=+L3% zb&vHzvxw@SKaWgKPR=ha8RTi*E!3f0E7`7RrA_WrsXsL5BXEM2mi8C}MRQwQO-04F zEnZ$;pZf29sjEB1#Wgfg8|=0=Qxj|c!o8s9a?r)&&wuw-`K>tSv~%Jeqr{wpbhwh~ zBO4l&udA(Byt7^}?wK}ma0vDF-Lvif2O5WUdy#qt?$Xz7(_Z_@caj#eJTn>@$H&J> zO@SWsAr`;WQaP+kW_C6=H!rPsq@V(8F@&yk8*dyn+K9^Eb{tQPYzrBdbj8A@87Qm92J$-)}}{5tEp)s;v(zy z`RNu8#3z}t9Ncp?g(`@p*GA~A2Io=>-w|?te*QlVqSMbVvDgSPaB_0~URqsvt8Qj? zs@)25oQi(;@s!`JYtj9}BsBJ5S5H`Dso6>#L^>HOs6` zlGw?bOy>j2oB92n#FRy%t8elAwk_Q9GB(!4(D0(8>5d&c{HA&g`Bbl5c}3rc5aXwl zY36?_dxF}}yS-gADLEMd=AwBm<;6xZe#=QMt)_>ynfXFcwNp$)V`g6;YFWw6nTyqnwmZytP3+J=vbib!{&!8?)3WjcgJLzWl~hF z;qIMYF70Qi_ZsJh+lwfPG2$?AQtzek`Aa_N5^FG`(@>K&vcAuuctM1NgQE`{#ENxP zYQ_mCr=+~5saaba%+_A)$bI@oCQDcyFCSk8BC)={{;9uzHqHo@jHbOc!jx05EGjgV znqSGl-u?x)7`x^zwZB2`kBkA&k)I{bX9XhtD=I2FF6ayTJiV@lRp3`jNK5l;PFCrk zBfX4@8fcPZN-Qi4zry|r!S=9iylQ&s+V$(7avLR9!?%j*j&OzwEvKLj5W-ekEzOR?!%_#8eKP3Y`+C=f8ewb;%DM zZA7w|F5i?$OiWZ%QEC41qxx5#`RLRXE45!!Q!hTeGO9m|?w#)H>UwzLn8e1iL6=jEu-&6+_i0zti0akp@+|ru z#Gb=cXKm;i?cLrN)+S6O4cc>z4EboQtE)}#-07=ji`5zUTR;1VB&k;AO-f2HE@G{| zXKi1T>5D*#mB*>696NXJBo?|O-?D#YVH}@SR8(|{<>0%#JYF%eue+Gs&TDGYUb}Y9 zqCLl3DN^8!?fG7tmq@I}#>OKP6NckIGCt>gjkGS4=L`QdXv-@uUf))}aSs<%9di1{ zJZ&~--P&@Epwsm zEq;_Tn;TkGBvM^dbL#YIgIl-$PD)~Bk?)%wth4BR{~SjSL5_2;sHAjv=qv3;ANR(C z`1s>NwJhAF^9S3q^pZ0(1MEfo>y7)TH>Rea8HKAzkS;Pgd(Jn>O>~z=o-_aPik*zR zd@aX=+u7@$Ao3WNZh(7pmK!-4sd}TAX+w%>fq1>x+}E=&UcA^JSVQvhT;8Rgp;gro zEjl_jroXwd{=Um9DJhBg+s4hc#_WzsMP=pLv9zqKH*VC_FnKES(+y^Au4FB!mVUf- zt0v$mB5!UaAy8i+lJ>}vZ{ssxLQZerwsm7HYlAGe{p;GA7+$>jCC8}l8H+E8QFz4vGkGDf z1ee&Bc@uwu!y#-tu)9%wiGeZDM}xCka-(1JduL~QLE0L#0WJ&qb#b!8r`=*`vY;m^ zJ^iWs>f&vlBl!B=<=8V=Be}tAV-P*vv$^W2Vq`REnVTo(Q67u3op05Z$`;zm5Wsor z)NK!sjhMzClMYA(%T?SSThAL9^xxcNu&vi^J0)*YPgB!Jq#QdtJ7Puo1qH`>SMT57 zs_Q&>m_`10Wc_jZgDKa^in|(?mxb6=VptCP@<>Q{XoqU@g%7MR^|VP}*+s$d3K;?E zNkl{hhe;pN5-sY8KdcF4V#DhN1gf#1&sls?z3!NsqiFu9bltaa9}(Hw+J05~x4Vk& zX>f+h^oA(1Rt^lXASZF=a3ZsrT38s`*x1yLA4Y|9S+1FM7{48EBlLA)yv@1aUy$br z`HCVhV;~aQ>qh>Q^7?LWQN*=-kc?R5zvmA2%?RDd)am{G(W}7w^qk)+$-Hyov#YDC zX1PZxqdwLq?)B@7v8^OGiPY58XGXNi&GL8e@{ZcCi&rnPyHyMfDBH1}k*` z{NFZ0>1=eJIx$z+FY4(rm9I})^By60iLU9Nk!fJld$i`6n)OJXiAV9 zMY?ECQaV0*UWn;q7;S(nvh2_IcTX4?7_1EmmdC}%U!YVwCm=BU^=#uvG~e`=Zr5pX zz>V>?tQre}9^M`8ck*&PH$A!@<1Vle(kK4<>o1KA^{x-Ya$Nv<6Fudd0+o)rw~I-e zJ!k&nwEi&7zqgo%^sK+Wh}1Z{S&po4?YY`f6c^00C%L)s^S9wj7bPVnx4Fn3o$HK| z^|D-H#nTgcYwlfI4Qr*fIVB^SU1!XjZt;x#O1b`oM$hf}(2%i!<*$dSsU<68X^uzJ z0W@MfR?OCyNIBez%F~9Ob4wnA$#JP1G~BvGg*AzF4-E=B$Rb~1$QQ@{B<9Vw{r<8u zPGXMtjsrMkW^yq)4;)yJ!EV+fznNKDmKy9<|Kn;}aPjck%)SASn&x33werlPt6^xHA{qw)k-m|so~pK`Q_ zjJvzIaV~8_)90dlr^c^eUzyPr z>R8q0GRg$zNMw*TU%Q)eWwPeEI-{%{_*!nDC9WM`{)I(T)XC# zn(AkqP0G0w@u;#FAS|Ap%-h@BW!o2%#G$$z#e4V80hSh>Alts}r$xRf>yyr}6BC?( z;e#p3G4Y7=tkZr~70A?pvQo|b$jJz&B@24e>u@(dY!nV7U`o~L6Z%6ZmN`tMGBPsk z9US<0cs?NQ5fza@<|twYIAhh-viTP66;BSIcACsMOTG268*am*Jxy}2?%lh`sh$5+Z>^6eT`TVi?jOAdu#O`++aS`UMNe6@ zv=2r0?aH0UpYMKt$*?wiePzYvS4Rh_HOqt8A6#*f9kJH94x%o-PE7Q+5qerT*!SW7 zUs&1Hv@~J2WgdD#E5pGrAumEgW{3=&ezQ2VsYz8mOSit-pT51!U6iOsfH_FP!HTTy z1=dW;$%ni?e(10+uSaR8>AC^9>qBw0&znZ~6)Ki_TV}R#Jza_Jw0q*y9<3X?Sz)+N zRW-G$mX;S*B}SUYK+7c?E8`QLg~2%OId}VIJ!bs$zJ33GfqDOj{+YMdJ!P(R)|#Qj zXJwVllJ)oZQ&CfYZ*Hz^D_hKKw3oo0J$?H0&kt?u(bz&AE(%7m&w$-R_9OeT|L2*{ z-@JKLO-*fyK?7$umPXgt|~K9li()<35!itDL;BBt7dlj<*tuR;H4{J!~Gq?v6JAWBlBkG z=EkWDzMS~-<;xEi0@u{k65GsCyiNJ9>gtw_R5ggrIO&utck{|5sIGZPMkJ{c1;+3~ z-2Pg_*?>l45098zJWd^3@WwkeL(yYw_mWa%J%k!w7c< znMXOgXl(Gm&HV%J9@1msRHE50v;R-`|G%~SL}~tC{J?+F1^?j({y+X8HuhxfaB$rq z(I{b+QJGQ7!xe3T$#Cw|)HCAC${3ZJN2aHf%gbYd&;+czpR&jk=l$&2N*n=f`>|+c zyO};2q|OED8pfTesn4(R|E?Z=E=#Iww_Q*BzRvND|MRI-k1vU;0)LDqEH;yq(%9*q zL`Y6vzaZcyY&rHQlkAe`!6LmKsY!9{q-IC!cPWy_T_;6j5rp*CB~r(qf9SP&>#^>_ zuhfseyrs3Zca9{4;|nZ=0&8u}4PfzmjWnlIWWOi2(WlAOaJsvcLEPm9dQyOKf-(@} z9-0eMJpIm-uP!B%Is0`*D&4MK1)Gh#V$5BJr_`22dNrj}qLRN+HoLK`7}bu{~}wO7~=)<)@j z^QozKErq`N(5#U+vZl;x{A?RaG#adIjiyXq{?o~S^e@$~vVTRY7qyocGKBT_GSZ6E zT%PGAnQ<-1@kWwcSlQ-U&naJ5K{Z$s`*A=jPIwX;e(y?#PI}cYkg;HH5YCzZW?&v`Jdna@31= zC_(d)aj;GaV^aL*i%Nz4aST(5X5Ym3_iZ|x{jDG!JJ!Hb`14Rw>d%Y*)4ih(3qH%- z<&3ZFoTS>;mt9_t9X#7=M48+yOOvzKc4NhPu0rf=9Qn16{9!8w52fV=_-Q2h*_bpx z|IyPM9nRQ0_w}J<>(R#t_OY2+x;Pc}YCJ0UEDS7=EQ=GRRcvlzGCCF%f6u5%x;c6e z3(2~i_IK5ZV7G6)jfI)c{Axy;YFlTe=`;qY`~_8%|MYaz8JM#AN(LpGh$%0ff0=*S zN=JE4x_N!l_pZn6qL6g1pnaBqO`*t3g$J;`dYdgbB<&XW3KSRW|bY*Cmz* zO{Nz^fkrDv?fHrTXFpPtN8c_*OHa*4t_Zt%B|M`lA#?SFCyuAz45}K zW964vhYyz6c?8%iuSd^pSuqJJX_ly3qWCe(6Vd!xG0Kr^S$_DPOp*Ip`EE(UN=n8w z*Ec6pxX*Tm)pC?{Nz@yf&dhXVzo~! z=&J8CEf=e4@7A_g^FMT>a>8t1wo7|uleoKcz}$Lvhkc-?du*+a~7WR^0rP)lWAwjjo(~*Z7!vgu+^) zR@=lx-nd1khc-rGuH#zpT4a`>7?tR`bFl-Hb{;|P+V<h_RY;YHiI!j2!ATr6w$U^Nsv%SgV9@^G4 zji)7>kpA=+uF}nLEl3$s`I}xY?LViiNAdd<&(%HwgX|-`;fCqdCzOj16t_O^;yB^{ ztA#HdcqjD1w&9@Zv(LY{(@pI?pwi{}UgaNtw&B4x@*pX}T`5n$T;Qv@Af_Oa@T_6r zv!U&>mzf0PTx!aMgb(S(cPB4ajFy-TOzd@(0JPTO@`+~$2Mauhbc1%bZ-!p5 z{O#LUJuf-yKsW8&wF_{ba=0;e7zobZ-X2h8DZGI#Rsi2Dr;~tfftNS=xb4)vJab!`jSlplm3l<JO4Z7g{%up|c6ni<;Cr6wIq zxXpKoibm5$xL)HanT$iokkKHOh|=er-sVjfMONC}yEEymk=L9TJ|E$ZjXE|rnx5ur zf4}Z8)s6mgP49xwMQ@%b@sYJhJ&AuaK($Xz)%PTy&Qv(FiOoR;_J{hk58|kvkZDfJ zPPTtNXq@n{+2VthU~f+C#e;<%U&c=J&q!|C>~QEX5#*Ior9FByAt{M2VJ4UUu1LbH zo=2n$8)ZQs$7iko?KU!_36ayr1RD_8&@I}7Z=Myl}%no2j)Dp zw@D7jWal_>i1(dJ>3ROR{f(W@w|FID`#vQKcfF-IqBXfs3dl`WWc90mnOGLT91!q9 zKWK(pbH2QO=e4!wNP~yd-+UZ0Z0C9;bKlW^uDB3&i|3-!z1EqT&KrAG8!zru^uo6~L**y3OuEmjHYZ$`;ZD z2(}&QLB$x^===}*UeqXaBhg4Crg7%w#>M?@aHFzQOxmHth_S1$Qtg(e){fJsTB4rT z6~3F!N)K-TcIAVwx!*m%3E7Py?S1@hJtNC|YZ=1RFSDjSQ$Ef9pArn2!c-lDkDJMNo zxS<6#?OgI^ni*YbH#ud$;pVDxF@( zK%&X<>`QH?&z#(@?TIU9I1oUg5n&IJ0|hCg;p2WA2kO`6n~>ePWQc z5azesz{nBfaDLZG(FTO+i_Q zvg@cieWs@NCA!(0#rXd2dpnkTS#(ukgsM~vD0sb4-hS)J<{&AJeC1k! z_Y{TI>}*07w|4v?jaxv;zly$`tmnCA<~?ftp7A^p1X(R|NN1_y;% zw9%#dTj=)ot*bono49^oZRo>L4)@94-(^uMQc_z%i?>voyDm=jqH_hUmfCICHUF)G0NWL{Bx7S-Oy|5*6O(Q^CjthGd|<@BE5hBqxCzm~f<$mq;HlE>fCesox!4r_bxNLGm9 z7@hysn`-`#s@;U7#X<~@JwKWM>{zhs=ht?M-rt|rvmS|3J}BQM{M9K=@IkyOm5Bd! z>d0&=ZB1SCPoq4&Z)xueD>~^=^IwPHm6DZKY0B4qHYSEL#Y$W6GG9o4Yjf^b8NT-x zvN4@H6(5g=P+FGO-g@@4>8dPW;-6omnnUrlIu0jPEV+8kJ2)6qryA6mQr=aVPv(A= z%Y8p78}sXGMS^x6)35kZk%RJV6ISI(T>zN=^3+SNlUB{I}8 z-Pal<%Xq6VXf+*GvGew?DG2K+;ME;#%b*V5oSG5gWc{lq>*1xO!yMx3WyM)hYLvH? z&IHyUpQ~gW&yLs^H9`@rc=~#X25G8{EMlA~W-4A}Y;v*{7?mfoeoX=#=pLU+P#>Lb z)8A>m71gDhtxD)`=h7_*O$W(Z5GPt=pFUb#pYn!op4^+% zSUz#W!SAmi7AKdqu=3?$&ms_uQDWva)_|J3AMb?yNOGbNH9%bt#wrZelUW`@EEQ zM4XrRer50btdHFpMXbS32PN*+fCFb|fA!X8R92~(Ib1j0yfly{i2f{-tnb}ON@iJ=GLyUCAjw77W_EP zO%eIrbJc$*!w=O4oxo?c9&}TpS88)O!rn07KmW(o+eX6k;tSWwHOj_}-!+;$_<24* zq95%DV&Ndv>){hlPHt+qWg%9-XZn=+SA;*JjIlsIAL=qBWNP7F$ris!0Njwi9--9asCc*pr zwr{g{bUd_sJEG}FT}Nwc6_jymza3!Fp&*8F>#-goAM1%kcWz~+%sm}#KNpJv*K1n{ zc>xj)^dN$mxRa+}(9y*252+18&*PeYDjJ%ER1T=xkPcDpv)e5oU_qfr1LxveXFkxO zypaoiZ*6VuuTkA{k7&d{a;17&2&75y)m8=C(+1fZ^~Tc8{79;!^h{^huDMll^~V_ z{<08UDxf5SPOUY>H-rSp7yh)n5${twXzLen*;h6}gOj>crAx^X0u=rb41|n~Ou;BM zHk6+Z?9L#xHa~kgS=lRUYHjt#xu5!Hd}g<;mVP$mgW4c7&7YF`1>!>x%kAt=Ct<;Z zzTdE*ot;s-nP3uH({2D-Ro&vba^=c-zVO#b{g9#7U7ufihyW-Jn35A@py)}81U+<9 zGxV-VbkS7(0waYF&FE0aM7^cOsR744kKf@cTw(nQff5yy4%c*b8wfEE^u+X1b9cA0 zrR5oL=Gf2vrBz&QVopxb;-UlSb_5Vunq3}+YR&v0DV;Y+!_MmqZK^Nmxo_weJNV;X zanhYY`9pujo!EdEg+2xnm_gX~p(+0tLWu&gH{1}7^+w<}f;*gYuD-&&|97(F`YA$+ z1k2?jEdo*mE)z(O0Sv+q;@JsLfg-C{<8c4CIBB5h04B+Rw(-`$*w4nfQ9^gO<+iW6 zhKCF-trC}nH}SZ@Pq%}aifm?OJPTZxchB_jC*MQtPb#tvh%|}1NpV!zz__XS+fMf(|7v3P-{;B1unAO$~$reh6BL57q*pcrfh4U~A^* z=Xpd#F5_5$Z|tuL1Ti-{ItuedkKL{XY*-z4`BxRsm1{-C#rL{S$OV8!hu@=Q_RDFg z{<5;NLeQ9zL8C++l?68tt+95<5DbAxdeSj5`jznN#8qS|y__hq#yAkv`b8Q;Er zKbTF05G2v~FPtfYg~eXG+`pzDCs zO+jiuRoE5MvdXZxL-V7}Mg3(S>qVL1P0M&h7d|wwF$U(oeS2O;W(Qh5Fub_l_qKy% zQ16pozkcXXFGy$!xFLyH%B(iOkGH;2Mwvs$>7V+kkeHqQ910M1SY4tc#OcQGKYqx< zG6JdHz{chossvQSl+@IC(ET9t(H|hM;!U>~bSUv0d0ko>eN@z;v-y}-hB_fKfy_+z z6yWE-2*m)$=H0t@NX!@TLU5fpVOKRZ-suq~t%1ePRd<{Iy7ZEd}N{W=eH|0+M4_P4kHf{Xx})OLO49xMWQ zqYCigI|-FOKR>_G!kPfRuqCvJY8-!l3!M?fai~DjXowIJI`3_6Kew{B&dSu*)m0XV zG_tY^z|sg<{QMJM?tf1MrB3*bt=`peEG6{ zmt{x(nePa9g3yI$&BTN)jO*qFRVw8up^rE(kUa>U)Q{ncK;$48Y3x-)jCft4-7p{k zgt%_^rJD~vG9v@&gW*Pr%+x6)tTUi^T1`4|kXMWo;lcB@b|2TC_?a!eX<=&{giLqm z&K(VG29^*79S#mtGqX4(DwL74h!~cGaY*lDV|PIHLo)^Da32adO}q`{P;jU>H!a-U zbf*2F2pQeEb2;#5x?XwA?5u4>WF(;5aXSC8B4=&&t5;{kMKj$_HPo2$BT>UyvtoL@ zyh_?*Y}la~+6jcIyQq_>8K*co2Oy0@p+Z{98IkIu3}R7LSI>X*@#Mih2Ynw(Y~wg{ z2A}iru+X z@uTY*gJ;;;5hNqB$MkdqYZ54x0~p0GqvcXg4#sjrO>=K_<)QN@)E&CK;Y!sU=+8{_ z^x7@mVvLj!%VA3)>?KIvkaVKNT|;4txy={Oc&QDxFPKFjigDUDTb{STixuAR26gLO5VtWoqWYLrFq#11h7}M4+z9gupo6zKR<0gdHQ>Qff zwIMR0IJ)!PxO%k$83xjx%O;>6;2q3ZqxKPp*py+d+v9x!Mn*S@9`QOCwyx_OGVD~} z9n%{{f0bmi$OD1GRm2IDZ~&0zU%#FtnJuN8 z6nA;3+$`=2V3CJ5ZNL}K6RrqD8?Lt3Mx#yKZipNb3R2M+n}+0@`m&5J$q~w<6uWj& zG7gM1CAcKNFw%@I>#-PtSOf@*w6N1k~YWAK_7!YrQMFUgy&((byB*Ha?hL!`R%$Jv;tDE|4)14w_QeB`)Dk*EDQ7`xD#9%p^0Is>X_d8UR0l zrD4c1IGOPN{Sg_}$8bk}I8E*M{1OX78**s6`ssEHb;{^r!hcEUZwq0Lu=q4a z&8_}X``37foc-Qmk`CJf4F^uBnn(NS=Z~&Rrfs69l4(S<%|+HWxS0>Z4R9be)fQNW zj-H-CtXnnm?i_}su6=cWL|xR$ZndmEd|=g5LBY=|8Q4-89y}jPCfOhsLPAF%mlcJp zY)BDyA-8_|o^PUhXt+|YUuJ58$HY+cha4BMRT5+l@Yl^MlKz#ww~UR4_RhQ}RsC=~ zIeZ95kZJGUy(=TiK`dX5b7R(QdMkEdJuA`oEH^loRi>(?L7FVjqSe?~`NwYg%IEy7 zza(SexL+5P`tlwX6hYWRCOZmn4UONLo9$|L+L{|U4@W!xgqN~sb7Kie-N@elx?cMF zM@o+mID;hkyMUK={&wwIWkh%IuZIUnGnRI-$lQzf2qfa0*JE=yuc@j^iA2k)slmbl zYtfY}e>a)FhIIr14C(=nI3hZUvZ7P!vXH5~qAtc5*u7_NK~qcX^6lGk-Q9gN?>#(T zRNn1ppLDx~lsi*8?M?}I?&`V%m$j~-WMAEQQP-4A5lK_iqcowom@o*TOpvA=%M}D7 zOS!uMIfH6n>vjWG00nV{Dd-t|9;YMUiDnKyYnTQi&Y2@F+?I-aPD0KTEO_U2C_{bR zvdytj2kH2bU)B6#Sl!@Ttqhl|KoD*fQ(eVyR1S?M#~Nds0i-#dA6n#Tfxq~6kA|9h zK5qamdDnri)QS)g>io0?t&=e_U zq==Ni86p(xmLx4<7^0kvGWr^BD;P>}qL5h)NV9`DV%OE+0y&M>|F##APi`Kt6<(L} zJk~6fKzL69Yw$Bj4&Pc@E&{ZoO~BcG^ytx>^z=`o_VH$Ppd)b55v&L`3js(-B_`iL zW>B^c&+!Tgy$O7a^Ng6O($9uppE$8a*F1Rtd{0!c`1w{!uMxI{m6oO4oDG;t;Rn_X zJ;lv!VsB67Q+XfRN!hL5Bxk_nAxH}t)?i*-_~7>lwO>{BBk(3nQ~+K8y)!PQ@G-Gd z9jEr=6%a_ONt~kXIgJ|vx6Bdpm z&D8?y9-sh-Do_?7el4A=YcP2^crQ6A=}ksPVqBb*^|13z)SdCE&cZ|gsKhNDt?MJd zCLP32v%|l4_N-l`Rhj$n*+c?@A-61iyAB5!_f4;lHXRE$GPGoH9`WHTD>uLlc9;AXJ{oZWvTf7C~uTl>9B@;Bk1Muu||^AkL92AduicONgBnW@X9O9zmeKe%4p#x;R|os<*qO(>D+~q?!MkKzA*MzN{N+w^M$QEW-EFaP24acEUIS&V$R^D!?`s41_;^B+)0rH;R2uq;JPb!ahq$ zOIMoERf;BR4a@1nWsENHL>(VGGo3QGaD_0grk0jZh+aT%ly<^`&k;g6TfwCeuEs1~ zBb?-wUMD8EKU;G+31q-o=ct(1K;Ht8JK<2w7$fR1aRjC{!ZMoMj-Vb`p6Q=oT+A_V z;}YkJW;#qmLvu|>=PR(*2=E9cTtoD>WZgQB^$vv;szj@EsJ|u_0+Vw$}TMbDTcSOXm+e*;rc-a=LC74Qep} zK9(G==BMz)G1u|Ibc91&TAJ8wMp*bzs1Rg+S4*sw^BTtQM9AV?vj)rS70?|yatr1W z_=VBq%s&;3ZA|8#f`#u{y|LMyI~DK(DY6Qq{XMOo{*6+g_*&{cU7A-VB@Dr}7oDAj z0UeCchsrTJZ%54F2gns@!0sc1X=!Nz$ijb=z)lAC@sowXp}-np_Z5EFC5xsqQho>~ zmvU+6E9$w@F)$3kh=DPUY^yF27_Nb%L4N=aI>XI;&!@Y+y%uI)_~4Lq2xtTNU-si( z^7Zk^d#I!I0#XbkqIj; z1afT$FJk}*P0S^hc(zLe%`cQ#4}~krs+^v}zV}!AG%vCb=Ic+R=7%~=BJ80`=YWI)T%0nz+|OIcrC0^hnkY3*4@ z7~0(ju%2)Nu)^G?qoW8m3fB|sKS*EY6_qw8liuncQnch6(>OdR)i6go?(}TVt!y{r z0P#6rzmjK_Z-~IAhH}K{I>GzZ_$;mkQ(14{zWvZ2C>a3at+UV$%y6#jl2x};|32{B zO{Uj3U0DwHR#Hl$?^4y!__O`tBMXbCATS)JyZz(Y-Tr*swX%9vMSP(p>{k-w zJU-4#sBu{3nVXZUDi!#uO5jH1p$G|SxSPPdfGb5y0%thLDFVLN3-%BuD9kW{A}aWd zF)~k1P%Vt^^Q!JY!eZMcWva+!0$+h8i7z-t`;nd%ko4ZjiyY)cZUN%o_^sSz<3&HQ7i^ z#gX8ouGG&SndU>a1O!InN16i2J3@X{Lt{Cytm7C8`2)${;en~C#6%Z4IXQ7U;WNi5 z4>F>}^6$T}UPLy4V;Mv{pw$JUhkPCr6H{indiUS)Jv$X-JW$%{nz@fqf!&KEU|%N2 zJdn*7{5QZ}y@3}Qqd1sILcrjsAQs$fi`U@Xy${DX+E7bNOQL>*Kz1L#Q{Iy`{W3~& zBIW)2m*_$;+lIbM2lPJ3MR)E0d}uBUZsefvtvoFx&6Vm{--~_ulQn*RewxJ&XAnX- z(e5>EZF-*3C{ZJFo&SDTtn0zu+leusyu1(yrlZ=~#a&kGPl0y)Y7H-h8WDqj+}v$} z2Z@OTbW$gfUxpiqr9Lkd>k4=0yjLPVcmM8N{B&sY!CZFb_opP80qA90wDY;&0IFc; z>%!}Qt32D4zXryktJraFV|99bQx`o)p-un>l;(b!XJLZuXQ`_oBn9%F1ZCA2BM#sL z^oz#h2c<2JHZc(y>&qff4F8~3j&C-^W_ut3xv$Qwtq@gYb!ob7vlP}_bVAhb|CzJo z^lkhVzc$n;F)m8zRLjlhEwcWZul#>IEI&?5Qbyg$NaYx{cWHXQ8)I9j1_F^MF%nV7 z2QlYw46?+tBS&DvppGafLpE|$Z2M0n7Cpwz9cU}? z9=GR)>M^fqN18Q4tu(W+cnz!aQnza$A{`@vm=HP`K&-;Xc2egIms0b4 zh2_=M4g+p#YWns}*H{%m+CbIEuoQ-|fUi~#bo{I84VOW7BE~fI^l&I3HMsAqxy6GS z9ZYK>J3zc6Ko-o)sOCh^3GAAh`h<-*NEIZ`XecnqG$?7Gb70c`9_^c&itlO-^}$FI z14EdO!jMHBwo|jv_9XNacot_^{td503F%oIB0DdX5)IJRyhBp;+v?jg>m9L3B)afrgF z9gzls5cNz&g%VA7b8a_SM=7|Q*H;$$ErvvL z+sPrCZ3T1kZ4+#Q6_g;^1l3qtEFf_#8ZQRDmI+`}*)VF3#B@ke|JJ(?^Rbg_r%vQk z|M$t>|Etyax5@_+R2HT*o2*6*^Qpd&8Qy#>{_i;oZd`~*3XH=XEhb3eVk0_U+zs&9 znDzt_JD6Ak=?2{mV|?FXL5Hvd&O&TuBmt%3e=cvm6T%3Dh1mLh^XDA$^9Y%Uq#4xD zNbCv*dEUHv^9oGOqenXl`X5XII!I$orBuvdeLluAQ!+Tz4ce|ywEii6`|I=P-GI(G zvC`6i!Fm0`-~IP&jg^YBa(pTW;9%b#VohHnA{1GrF?$7_=~B=`7I_dz#7vEKh5r9m5LKOJzOu=o_d8=O$k?_E!2h&kpS2 z)+;jv>;~q<<$!ZEK`tN^#_@60v{sxOz-MAyz|71HF^^lgD!t$7!sst2^;8g9KcIDL}+cAAHvUztnz%jSu+gh+f0RMP!RfL)2|MyI_zJimbtW zhY)FGPi9G>#=)0ml$9Iw);wipcVd=AbVDV%d2(bJTZq#0g`6E6QWU9MV;r8ug06u6>Ii3(#*n4y!qtnWxoGC-y?{eaW z{oB!daqE_R7_^OR9);Xt4B6#8^WU-wQVC7WySJS_eL6iOqt{*}g!amE1IgHYi77#B zhc{F7;9tZL8L}gaRPviQy8~;yKHl1LKCA5z`A)(`0;v!nF*~*q)I9Vhgxb8zdO;8^ zg^x4jq0772;dJw>>fTf6d+~vjSVN?s_0?Z`qc?-;$-JQuFT0h!$V_>ylhqb!Ti9gE zpV&GM!z#WRTos`9JK%esZ+~CtbAyo||;=vs=vkoTtJ0rgiK^E%eHfg_Rdsr~XkGFBNu9PFlh)dUe0m|=%kgg85TdcJYwD*ca!d^1D!^q})GFDtztNpOp7!t=E?H^g*dVIiSQL%wrxSlk@5quIVSLtOz4 z<>g)Aj@;R7gC}ds+aDc2%y*8?|7Y~#&F7J!p`lj`IYOR*(t4rgEMMqSDlur=dgtDk z@}*)C?lOf!k!Y?#+u+s3&A$AADt)XcGtwsu1BKjWN@3zecsmATdU9eS{c102n3UA9 zh5tH<|HnbR@*?m7@fGh@R)DfkO+%xpqr*b&m#AoU{5dk|>k^L}>{R;q?%{b8L01bw zvtX+Gg@?86(;n916(0y`$Q@@B$B*1HH}^v;^&-Fyh6?m|3oh4+lE76VLiEQjaSUc= zWZ>x+S49fIgh8yGwx=}ncp7<*F>r2q#-O{z87>C{bUYIs1uBa=0k?QQqtOEiPI%`b zFuyQtu(q)Hcg~7gQZg1#mPlqv*2f{o;}#%vW8>m7GnE&418Vxk+*e+J#o5B8SElIT zkU!BwN8v+ET6%aeCO6mO;9cV@=;-Kpm!F@LpN|ncf(A0p(`p~&I&-E8{EAkFY*yRc zT zsCuzlvOHVI?R)X~h`or!+Mmj4mewITGZLgG(2<31BtD|?MfwW~IUL{gCf#;*Wd$rQ zG3qu@A1MgL1#WqQJ{cw#ECZ%7*H92YtgIAG6b#^-1i3(`O^jInsiY*HSAlH2QHtCL z6eh7UasnO?mM$h#9G`-Vv8Yb$N#csNBan!$sG(+>v|TJL}$FL7CT zf<6BJ{ovAc58Dy)*^j%JFzaP#cMTcIkG334Cabu3G;Aex4x%cHs=qor3DRJW1R3`j z95zT`aF!X~bH_+8GMTx#x!Yp92?(@?Sjj*T*)qr(Cm1M#FR^?x`JurJTm||0KRY`O!5e^phh)Z)MkBRHLUmg-xP&>vyeBt!igoG!>}L<%h^Uq6F;OHWUKTUaPBFYo($ z>gDTgNOK@%{HVXdv;*wWS?m}H9D7+ySeS~;*Zqa9t*z6>ns6Yacsv>kz=NQWkSg4r znW^bB3*M7yKkx9{?6zR^#E^O06YwQ+8CQPE|%iXJe7%VD|#M@*QWhrFd_#_LQT45tI?d zhd{|$I{%=ar^Q7@=*eL>3XY7dBRpcDO7LZ9Y>a_q2-88@M;)g+2_q%0srAkvBnNQq z&w_)!noL>P*nIGupOjNaL586+IpR!iu@Q;ZDRnuV)_Pf8of>8=;B1BNWMdRE1T-G~ z0i+Nma_@;B4R=s*u(Yl&Blecik;uGRj`kyEqRoScVPIh3PnzEP6M~h855>xg3!|pU zT=GnQSVd44==u)?)o_aa$Kyb@ic1ymN+Z#WB{mLRLO7B;70o|5Ix!(74d4+|wlACjq zXV0D6L9}4tSV4yaC*H}U1JU4|<_~_PY`JeQ$}Dg&K}rJP!6}Ij8!t>(PkYT(K5%k$ zV|^8L4lV*p1pHpXIPtn!Y%l~3?))5BJ?p$UK?|IP?g}%V!otF){B$^6#4|jcox}6; z&Y@R4*6x3tima)-y8(6sk?4TVPMzxn@_bT0g{Nh%meYE z@i{3esrT+d*~-}Ir?Lqes$%#jUm+g#0~MbzLSW@#la<=9p{aJ;8mD)MztUwi=?4(2`(l>JNn(*Kh=Fj5=NJg zPr;GYb6+6t4hf0Kh#nqghN})JQ}E#c9D zk2h+gSh}0TY^tEJ7j0XzN^Fkfv@V(kL&xHiXJVQBXQ7f|lpFHV8O9IJ&dxY-|GHz* z3}5-aV`7f<^VhFFFt(kgt~b(uSmtRV;1R6P!^4TPf70>V?gxa8$$5U{03O)_bOw#+ zbA7!LCi(#ZVG&~~EzC$yzoM=#3p1#oRp9o5IV=V5(K@C;7J}j$zn}|} z9C3qw5R>ilbneuctI^c#{ThB2#e)X}qfk9SGNAjUrluy=hKM;?eh?oxet66W4Yw^& zo@jOZpsl=z?wa+NVL8oK7n~RFvgHS`-@v(cB9c`l|F&{>ndIi09R-6BbJ;W)ZcU@T z5B`QB6&5dabB{N)3I|wkIw8BRESPVgnBIjqAlvehj;%rVOQ9GTZx9`JDDz*9=K^|I z&Y?BK6C0|lcM=bm0bPNI)65inJ}Jl;m~b@(+fG;panZ!btwyXQ9WQcU6%dJ5Ui>yS zP=KZc5E8DOL7MXADvI&TQ`0wb&$tpi1x4YG(uT^a0G#Z|Jz!nXTKcJ{o#f_L z`QiOytpmpsqBf(r%SDXITNTvNoeW;lD$oPU9uQgrjH4$_06(iSx+)>j zFgBJt5IP|WwCW{wA?_PRTOGPLtqkf?UG9!E)sqeh&7+^#PlKjIN`wlRqa|Luztg(= zyEtQ@MQ=f^_8pdk2f7rISQ8UZwrihds~ilbhrt5LTn4g|gBk~D?G{0g1leH7(x3m;(n5$@qCwNh-~&(C;M+cX z)~jtCH!?R+dk84r@qJX#^nt5&O0v6I(`4PwK2XM@YHFSu@661~nnQFvS zF#{2oSq>7JBp@K*=(r*ppQ&h)o;aQ4MWf(!pBIV(40LpTcwSBpLs<`bj}mJp7dJQj zBm^KNve?3-&=-;9=X7u093;&RGl)7Us?(s~y#<~K4Hu?7@u)J?cTg=8dmWHI0|F?p z+PDl@9#xT_(>if_5J*mk;1v8HZJm2q&H38KlR4OqX>#0B%nGRtJ4DBEZWR^7nljVW z)GFEzi$}G(}>T(V}vwh0&T$lg1d097?pbsYWfL)yez$jz8Y(dau{t zuKN9c-|zE0_jBL(^OT7sm*3#OZ{ZDo*0UEcMhr{9umyFAhkfpAV|ywFx;=~w7)+yC zK(dqDRG7qTL;-;^=IqcyAeV`+8aYkc#+G|C#yW;yL%`#fi8{fsn5YvjXDBn_dYuJd zh!sZUX~~*H-!~kK=x7~RzhNZcy`e!~?zXij{mX4G7wpop<^zaVuUQjFBS{pD860PA zcY(gd>}|&)exTQxJ3@cCb7#dd=dEt=nXUCVRGo1L_GFW7;07>#0Y7*wY3A$RD;s-n znDuUxozXJknw6bRaY#uzypjLFF$%8{X_qRknk=>otyyFBZsvq4kJnSB4z#eD#a1F} zG{u_AL@|>4eTJ?>Ig3MA0-+H1JY$XT3y4>W4^oNPUZV{Kq$6R4a^cF}t*uRQT-)_FTfQnd7*iulD5Dom z-TuJtcVr-_gV|Ub0Ga@@nwQoCa{f03$M{pI_a-Ba)jUZ`4oa-pb|j<9{^a8$(J58d!FXI%I8`Vx84p z>2JC~U-&+k$J3?fAl(31W%Cu&yp^Ko!<1W-c(>UxHOR00k3H^wkz8I99rzczsA{D+!Ef162z$eBcL~c5Pd@ zI7@Bh_Uq>G16FC>KmF};41y!qBmPcDG7 zB3{5JTnw%>5fHCkk!0~{miju)17O*5^5pLkGiVlo(6+X=0T*+Z511M88G6d&mQ4_> zbRhVv1?3wJv>3F^Y8zuq9HQ8zMfdceFya6(4W$|)`1tA5Zn|mzUYN-)lh7BnPDJah z2%UrsBpSfycdS@y7ZmX=?aZdIu&;By@w16Yq8h_wLXe>dGYMcZs?lrGcO_4T4)~5d zN&mY8IEPCdV|~W0)vMR8m5kkAVeFf)R^Mc>i)R1{e8&qAjnG&m3aSJrlvMq*yE<^k zjjt(M(6j<#vvIMydN^GELB|Z;k*3p1$tP2$pzHhuV?d$Aykd)`$$Ge$aErS!=c})d1?anH#GfiE@-39o z#tD;xx?AVICq7>4={drxzw1VWiFQSp7(j;zh@$gg9s(X#OtEOSK~zuqf({(;;?7+6 z_xdFeVjt=qu7WV)+v!LxV_c$-5;>x~1&{*SHB zX6ajBkD7U85S=UM%^||i>~8ON;ysFUtAZff5`pwRaPNcZpyk2ys`H=-%96Vk@V@Jomz_Bv5V z=$Zh$yz@pT$7sSWL2HGDUoKwh6yADVF5AYpjnapf^xZ&)gAw=|MTDM0a9SZDITD2- zRgj!*(DrwJ8{i)*Sj6Zi`!w%hb$-4~6`O>`ryJYpN1qH<)E2VRDHiTd81V5~0k?<> z-fZNkQ5mOCKUc0V$@Sh#Sb$@VcR$*Eg-h|hSuf67cv8WUkjN#9d6XD-+u{D*arEdI zNRKLLQZ6oG575&bvRx(r+t#ov4@u#CXEB{qP=JAb)|OY3-i-{9+wfvzS-xr?YFi_l zmwD?r8={Q#*n^JC&X5y?`<74xR`5z}t1QgB13(dCA)mak&=GD06ot_PZU!AHDsmZ6)M`Qhe zAE5@`H}h62R3^C*ODMx-j6KeqWWu2C2P`irTIN_6S+NSbj`kKB_|~&cLOpSI#^g7Y z7wm4^A0rpt(t>hH#co>O+~vQ(w79yvXJ%)|p~OH~3T#3g0RLU>GoTaGJQgAL2L*}c zW)Ih|;>Ezsgdd;jl>E|I+=6vIe}0QPva7|AOi(;}ovEoQuv}<>5xT4fXFX^PEUGDR zfJ8vqrT7Iw>TaWd)_zdYtk9gLPTRVVi2?x>rS7G5icizYPcGWKXwi( z3yvgAN7yikQjQ45^K&nSmlXDN^uC>-1~_QOID?2|Mc&EOloVk&!Ag}yq1^kR3(j2Z z$b|$G1Tjn@Akku9=X0EdR3gw%enElefbQKqk1-NF%+satw(;B;%A7z}+!#8z zxEteY>LvXQDU(oAEEj|Ryw>;<)>)Wn2|7TXaQ~G({1hAp#zi}NMqN91&ItPnQ&PYX zI4CA-wqb>LFK2CLLFXXSUBKU)`Ht+Q*7LPM#r*W#1!1DI($9!BXQ!*EvxH@Nxf=p9 zi|Eqjig4Zz4H1oo~E6PN;)zjXIs*6FJhe(g5yf6mg)YAzd&UwM6P@p(X;ybqiE_|qa^Hn9KEaqhr$Pk-+QrwCk&z{vWlseVH!79b6ytMQh?Ki0t!H2WJRyj28 zMxXB4w|mwlcL6gP;s*S1j}X+Tc)P1*k&zC7ZhEL#GVs#bMe8DTPc6( zcA%`7`hX=e6ONbLPXbf_(MRsG>)!gZ@*fFq3Sa%3E{&s6j@B`{TbR}e8?>Tv_z|Xu zAx-1SRsF4fOHq`rY~osl0)7h>zLB<*M?){@U{nLV#O1G1oqN(Y3;4`3L9tnt$t=tR z{+l<;tWEAgk3~m2lVTOxxu&>lF}Yxgef6>S2R8$Q_s)yI5wOLHE8)^zKLq}p|2S;@ z!^;{*{WQ~3tB85bB zzOv*oV8L8pD*?FOw_SQZ0&5~mL65_+LK|TbUkHZ-5+C8v<2L(eX7ztK?C0nA$yW=} zgM>BR47aA6@wF58`qp)wt}aXYkw%g7x64MMO(5&KGN<3N`MjdeIrm)PvKnbf1QH`& zT=u$WBI8h>ff+xek76j8!AQx#_T<||IPGp;?QOam3Zb^SF~eS=6O7}|eFasFda2ZJ55&p#KuyhrwDDN&Z_HR!W+p#d}Y$_+2qy~tLnbdkxf zo!i5%Y(0QYeWsnAMayu#i{)`z1>E{~gS@6B1$8>u+jD&$aZzYrac!c!=QnG=NxC}D z$7bc((ZPf}XCX#(VI;@~LNbPVfM#cS*IQYA&}S@|3dxlFy!ncgw#f(QnXj#uob?-P zl;P+pQDV5C;&C2r#WY!UVuH_izxz+!755mdE6}FzrTc4VlGF*iRUskR1gZc>fm6Q(~q zd^x-=pjylLzyz0G1GiqH+5WXIE+3nQw=o35nq)MfA%f2Yuygk;+NcE~oBy z_?=gmN@VtnJ9D=(TLw_#+N0>Z>AW*7Wo6slb2K(PzwFT&O_`#}|`xy%$%@>iYLroQaxV z?lmdPc#e^Y=73@Jq@GJAwZ0}_EdBqyOaE(`_{$sef2~hDu727#X8kE#iu^OTlWxuI pBLgyrCXf5e`s6ya_U(s{44zjXZ&@*izk^~RUEneQ>|FoY{{aQX^3DJN diff --git a/windows/security/threat-protection/intelligence/images/prevalent-malware-small.png b/windows/security/threat-protection/intelligence/images/prevalent-malware-small.png new file mode 100644 index 0000000000000000000000000000000000000000..15a95c2276c84cfccf2dc2b6f7fb073a29a0d9ae GIT binary patch literal 24488 zcmYhicQ{+`|39ww9yLQyo7$s@y|rpnqjphyCM9Zbtyo1-o0hir-V|-@P3=7rGxi?8 z^!@sLuj}^*&bj2=Imx;2$Mb$Z#s^((brM2)LJSNHk{8ca^f53V<)M#D@o~|=Wy7JL z(SII+_0^Ry%7=m5=o4%QMJ+`PjH(2pTN@noIf3VMQ!oYwEycf|NBx{9@)#IavM*E= z4WX9%i+JhmsHG#LssnWq?zOF|DJ^JqO%gYNt&?y_T3gE{io&%BAlaz?*89Jek6 z>$*q&o+3(1?rOuPx{q@gwD5md(FVj%R~nU2xBfSBxYXgWH0rl8MB)G5%0g&!{aLAk zL72;bBPp((E<4zNJw5zvDgxaWd{RfbM^%M7P>}oiD=w zZ}evJ0S`+#F^Z|}9S`?6;Ut#1ep?xy=d=8yyf^MrPUg4isVaKf#;*Gs?(*G%@9OwV!MNti-;ZCO9;Yk& zE?k6>iM;-cXAck&zB`?W2E0wrM>ygKUr*$AMbcW*p&vDX#sV@%5I@V`u<&?T_F}>F z?rgfpi+A@|w(k;PSZcTQ@D~=@?_JGjQ--q3us?wpi?nBuc+eIS^mwhQ_Z9T$4{f(?f-DUj2B5Tjzx@pg3u`;`H6|V4Z!m|Rj;VJO zaAlFFR%SjQ`=j91i9@Sme?a4%61@C=x6E@y_Ttn%O0ud78Ii`74beCJdEey$k`4&< zLu5+;gDzKXzBm}U_;LBr58B(}QR*lCyBGo>}d^na~_@4l1!A2c~oxhv@?f{KkT{W#w0P>se` z&lH(cZPkD$E(o%+m-D+)P&Ch0Pa?-RU!`rb|w{J|)Q=&Vq<90Lsm1Dy$;fl|! zeOh`I`|P{hBy}bNGmo}+Cf%sdyxn7E!tGrfM8YXWu?7O1nZ&&Fqy`YEl%lG2r z=IG11>*w7W?AJbU<-{y|X#*EDc+04;Hwn_ryE-9mVH*?kkNFkwSZv(XV zF!`e)fiRCfPlZi2*R6iG3nn^D7e|Iun5gjM{<23tiY(|byh_Y#E5iZqsO7g>$b9F> zH<9fH2k14Wa7zkK-yJ0c0}DZV3|Ooh%CT!t>)LLQ2UZ1xuU`pvx9zbri-X#t7%yDO^c0gzNwbcV4G_Vo`QLPy9Xp)W-H@VWo1d z7k9j&E&i7Y{1P;Pqm7$jb|FPxvCYSuxi^hv3e_H~aV7jy)#W_-gq9ZcG zEl~87W}Y8wVDH!Exj@N8;zHJUkopCuZq5fpT{Yt?h_(gE)C2e`f{ zC6 z*Fr)O*ES201s?W9Po>DSzh)H@hr*U27eE>dVVaHZ0TWBV%~U-BG@PGbGMI|Wl{Kz? zYzuT91tCklI1~%+5bin z<-0RNS3=8JpT_1A6;5BzO}Eo5KO9EOyHew_whIym?3yiK8I z7Dc4KAa%JC&c>YQ`Q)et8zRt*EXdJWSEry*zo$`?3lf06-+gIyt-ld2zSpoE)aDj~ z3P4C#Jy_o!GJGs$Ic~e1g*r3KB@x{Tbf?pGLl&TyFg$1-xbRD~Wdhwn0>$7wspQx%$$J}0<5UPJ{+9Osy?s!Hea+A)qCBK?uUW7sK2X^L3+r3mwR(8Z z4O2D$ns;lhWNHzNu3iaarcyePSCW~~^6T2?reA+VaPeZ8!f_c~$qOa*s$)!}SlEu* zbt|Dvd2G_37PA75`|@>HE+40UWF_MGm=WiS@ixbAOR`gg^D*J(zTbs=BEU4m(cr7I zh!r~l>xx+>NQ+Nc3J5smGT;j``j+!-=M@J)zMAiNlU@m6h6K)vXMH`)U;Y-L(<`-veb%Xg(5rt zYHd%qjCxnjxCC&2fJUGQlSq1368>eVI#t}nhr2B^z7Vw^S1*HxTnXZ3tXd2055=CVTJ@#4%3KHd+w(6o2&DN4#tm;d`0I9KM3BNj?tyC7Q`c{lkB-!uetY} zmx)PmYP>a@Ft`iG`*unyn9$JQ0<{EeUzaD9ZwDvosW_~*R4YEgTh|}=>hy!@ggvI< zdbBNZpUI^sK7qTLz`9P4AS~KUvy!8yQp>b8XfeKTx;bbm?1b=_6sG8%o+Rhq+L^eN z)vb96PV-ezt zh+` zUv1>40-M3QVsk-4dxrJ}V zRI<1554&2U<~o`%!4l=)0xg5ghX306B*I-bn!A4I8!`WhH61vXiy*I(#9xPK;W zrPm9~;L$Lz=bJ}Ia${8Zc}}ILFCHe|^(O`rexf_578QLfVgiPS)Wd{u1VTD2;gp}u zJyllPyf%f-!m)(m5N!TXdIbCKQ)$`&c7rW$MGWrnB42y?d`rkq-1$#G}bqB^N=WS2k5#V zOGouzaQ@*}I?P$ESqb(2_J^?lS&A;Gmz5xD!mpgGuwaz9VjR%zf++nQ%a_$D863* zAE6ElJ!+R|IVZJh*NF-dveAVeK)f6te&L8}9a2ic zx<2SyxZHZ&2+dPE+I?#5-j9+X4nZPZpy+l^zXQ@+tgjdR3m$Dy?-}VejXOP|zG<3k z(Y+BQvUR!TuU$wiGx>JlX5mr zSe8#PRy}*e`T7ddbOLt_sc^p7GF;A{Z-YtH6J}Ou^ntr=Phf}8^8wcRM;myZ0&qO zZc4mQ1^(8=<1+ZleR-T5wyvtKRGc78M6v&C$)~s$MXF5@`yO3oiwl1(2n-nIg7-V%J|eSobCT=w zf9aZPQX8$8vbjPrhwQ&TRA&G@j?&8oFb)fWRDO|-39YD#Jf#fZUE_TZEAm>~z;?C{ zQa2m(5w(4K=V=mDOroK7X)SX$A&GRL*QpMT4#U(IJbI!!3*DBQt9ZD~w`$m2dZ!QwnSqHTrv80J8*v9(KeQoRi1^gff613n7rQpi6@0G(QntNM% zN?Fzpc)ml_{y7}yj)g2s+VnKo{FebDRq=BwQC?@9y=mr+D?1)+rxgp zZa9JRs2z~Ara8R&l)B)5-SKE119>n0-WOH;|5|aQ-iWp@_A~!Gc|!Ds`1^lNGvR-o z&3`8!YZv6C^8W8~0h80MXM^Lvi?FBv*X-{o{cL>}Oa5Ogz8?ct7-Eh1uMg+?G~#sr z|2q7zl zvu$5W!M0TpHgl3W)&zs zD7!0Wb6I&X5x73&+og4p@DXAK3_qB(IbKCA=AEHNT8(C4h^}n11OjyP&o?Nw-pG8X z`|SScc6arGnB~3Z-SX9c?L>e~ zb+nrwJPr{9U716d;Q1TmqWemYx_UI*Fe3o4@bomYzqD;nb2W2bfTAe7**_r{itID) zT1CK!6KKP-kmc>aiC5=yEky=rIJyU)X9fMCT$Kn8Y$h*If_+@gszRD0X>%}2e3EXXgAzV=^UR=*g(`_*a?jXG#Fq%e#NH1uuoMA;U0 zb4bWgGC|*Hnn0GeyQ6qV=#4DiY?aGNZCyynQ3f5)_jF}On(v|vlXYn7mp$7n7jYi~ z_ufk!Mw{gjaao=^PTE3>xq+kNyF-j}Ek{ZgBWl_WF7=HnWB4TCx>^x7J4{&BAei}H5WTg`3J$n$xQRvYNKN$ zzv8h-Zum%mkj(Mqj5x*Lh-V0@Fet24)hp-9~Ev+$EYkOJ=HUrWz^$8Ca$;fA1jN|K4>CwCVS(tuA~B4K=e9$#PQxN;L6L(OtV zM3JBpccqQ!gVN`aslMIRA@xl0djhokS%x5tIGnT*<*ZMgs>TQW|7do0M2_2qdzf%7U<5! z$l2Z$&*w1Ty~<^mY&NGv978^XhaI#*JLOUim(1yzmnf)PA_b z1y|b~RW?(2cXT##JFRF4+aJe-6j|>`xj^7`qxWa(cB28=CHmFnn#um zPr3s(;~poxgj75gDRgJu$C*B7Yw{}%Czay<*DxL}D3i&GeV&q})ZR+BjsGxGF0p)q zCQ)SW)tZKd6ZY#ihHV3Mr1xw8kwkEZ8n9;0{=vQWc}{$29T8!@KP zCf$H6_b+|jgt7H$kG2_#c?wQ&GvEle!Ngoz)&-6(H#dI_S%KIzwsu&k@yA{;O^2#Gg1nWZ$O9Z}hx5p;xxyWlP>weZut9O0k+vAGoU9M*VbpB;dMc(o+jxyKqs$31tdvE#(=?ygHWIoSZ z%r|X5Tnj1N5IxReJVUXT@P++dYl&HFjafTsRaL88F-L#mJz$%g@B7uKx*unXneZRuzn2_PZwfRnPp`{>Z<}}==fy|=%wop)D3T)l=Kfd=L{kOh5 z|A)b&mExtRoBStfP#&5rmhd_JnymeCxVs<%-Oz)w(CoO)Kc-e$Ez!ZVSe{qOoGPLelK=fHXGY zPKW}E+kU)B>_#7JWp!qEIlGw<{aN8Dfqv+Pmb9N_z=i#scJa_YPu#HBgeF=NfW35w zN&z1-)t9vzkP_eIzmi)IS1_(rg?wF9zl?)gv&BlOOg%KzOM4Mdwezz*=fKV8&>jBx@G$`i+V(F#E~<_8`dgu1HXXJBnarU=%BGKoLsr+le24skcy%u~2ky6AzLrDS>WW3$ zPBzzy&|2$@(2eJ75`UQEQTa&;5jZp^+?q5axuu?T;)SO{r8T-a+K2ZcCUOtUgMrOX z(a~(aX5yN!u)zfIfa*1=vNhDqUs&M7;KTzg^p6a9XU*OTDb;`*D>sEvX5Tl+QSufQj)9Vo!3Kjkl4;P|IL zsOPsI_w#li4+t`o&_*)JHpghkYQ}`W815l#MCAAjh^W6v5bZ40reUcy5YS8yEc($M z&oE4FT$LhhOabs{u=K|wgig2{l5WY!HH^ui^vToD0u7=V#a%rV6cvQ3N^4?0 z1;-PRdg0r#$iQe4L>z9R1w_gBr;=~)9wd-vPqN)s(b&KB;&`cFU2wLZHt38g(;b># z6SIZLnsxd4Jr_*%fZ&#kJstvmoyG)fGyFAOy45FBJZ!hVc^W%JN0a40=bMdsUoLw7 z5WGAhwN7QTwcS(CTVH%?H9r_zbnahfY4?etLgeKtyFYRje6$Rlml~*-_jL)FPvtT3 zS-pr%s1P<|iTy@O>tXylpy)6ubuO0+WmqmJ^gwJ=LN;_S4@rCN2(LVHt~mpyOG;G@ z5X|j73rLVXPe-CL^pA;q+uBE7_(%abV+4oRoIK5%x9)>D^v>#bjaIl|(I%R)Abj;} zIht`z2jtswEK~%Yl?Zun^j6Nk&8+()#xx<5TwjmX)q=c55xu0PxRk~T-{J#~ydD^Q ze7+cTBs4+1FD;uyjB@|+zQx4z0MMloJ4ChgRH(@ikYh=T?T>9Ct^*P0f&)J&Tp? zc6;#fd3Nj12>m|SnmP~jEp9uX?5FntHIB(p{H%J{m?3Y4Vj%ff?^wOl-GJ*UyRtPMz98MFeIQq8>B$ z6F6^pDlF2?5g}6fEzUM<*cBoo5c&4M3#$W}f+hj(%SlN*w{8v2n7jhwFCl-EY2V9? zxEe&q8D)y@)lGHT?EIK3zCjagYO@+Hm~)}8#=QXN=n_ta9`A!3IHZQ{w?@#rE?{WN z>x^pcMjef&DvNFtYBd-gg~7IVL?fXLnoSlqb8k2`re;D*b z<@5vdr)E~0Q@m7uHHR+hD|Xsv8?rBLE8ca&X||sUPPytBxxL5jzwfA#HWwTNk6~{G z{0?-2`5&jdeE!jOtE#r5cA%Z5qeN=D72w@lO=w8koNZ|GxOT#2bPq>81kBC9v_WUc z<3@^fA@!rvfPnj`5=(#qOd7q<+M6KXEF0rk8EniIp_ zxsoSe6^vcHPXq_xVSOqDikq;qx($wLi%kvhs+A8?Eds~P1e!PG@fLw1sdk`fa}tik zA3$ni@2qh5;Eg_yTHkb}hmeX&Q;OP`bT%cUks)D$>NX%GT0eMffZ_*dGw3pl2z31= zwx3u@k7ixZ|+Ti}}n+FIYpqdR5N^vD->|e$A9@`(8 zDdH3Uyn>76EhKJJN$gCmAYmLFO_&QlqmH6q%ol5KLiXE9MgG(e2s|sXiW|Y&(djPp zy;%D_uJ!z{Z%Z_Xo6%E#NO;PP%tGZx4pD6>BW+;4|9bwrEq9fD|J)dVh>!vS-a-TT zV$rvUfno7-OL~8Tvqg-%sd1HJzvZBrcgcKLW^lBfD>tCJA#SB%z1eR>o2;M@(p^;F zloQlq`u8jV)lM&SJR9d!K!q@^NkCn$x06d8eD3KC)EU;f)9?&L6l+->&7U0_v{;Z? zNL)2@HWuSqv}Ek&p09>4&%H0!oHhX@A2+U~-bjweMPM(Yn9z#CbKbZ%hKEt^6U&xE zj6jLM*JVDd>T8UbW#XwQ|6>NTo|NsiZ~msWJbhsdkvGR^fvh~iNoLV^g?_Ug0A5b@ zpcmUhuD#S3xFKJAv{am#Pl<91{RGu9I%q+)Ll=J=+m^LC4IUCFT)Rteq_?v(rSym| zrj*`YCqyr;x1GNiPrG-DK0y)zxD(1wdfq92XTWTGOm_R1%>;=%%Mu>6yTq}c1FtSM zmXj9j)5!3(Z%&*e+YS;9^ewC2OHp*UNDC^K`)2#1;V?D3)4`2pV7mp|%}2W_5Z)s! zwI>OSy?{oHY>KZWfd{;IrJ#oG!lK(>k6u7#$-UK#9(z1S1tKo4lTJTsJ-02k2r^zO z)R%6pm3V~O=8;>+VPAYMq1<9w9Sse&f{1QYXK35L38*a$$bFK1c;g++g?sCj9VFOY zWalHHFbNJO&g(?G0>JAS)^h-dEDAvIY9y_i8hxu>V@1=}m!L5%&pRwq$tM9Pnai+` zc(|y;ZnA`Zp_w_%^BmFdxC5L&r4Cl#r@wtt(SE%%^I86GTW2gkHMPcrf#k3gj~TfA zILI@bEnbrKJX1dlEqWeZGWsr1xHqmwN#;c}`k06rUb|V>F+Z3y2liX2Sv5n8_K}YX zg?xG#ea)%Z!)#8Btq;#46M<+SK$VscE7$XgKPQ>yI`fB4N_TB&8NX|~{k-mQo%um> z97_%P&mA${K*0Z~hql$%A^`Mod$N9mmPAFLB2YmWExpVd>tl?tvk2?KQCYO_VZ9M^ zQxYx1ur5;S$Ou2xTa&#eUNv>drrv(f&D!iJOjqu8wVC#iV6#iqIWXOEe|Gp!m$IZh z+(#>hra<+~?f2!>mjA38Nf&m=V);9#jqC^HTv0!&m(@}We=gP+{E-)jCZe9bqLIHd(&M(4 zFli9n#RrboF;P8SW~WM49VgkS(|G=+afVt8yk+y3%z-^#*OtpLe#92=)(ggX6s)x3 z*>P6pq1p^#M#?WaKd91LP|fd4`6T5JKvWrk(r1$fh06Z~@Iq4d<`>MAFlE!=ZLBYr z5DetQ6RXuy!iDHPyCrtrYVeD&NA z7v>OAJH@!d^aUXk)h+t*uciM!l$2$<{-2&NYkVWvkEs>n`t_sFT4pE>OXFWOoyCAR za0YrS9lm=L#o$ht`uS6y%P#B3X!#)2O?!OaEx=;rO?8_drh~vwQ;)W@H!XoaT2V?2 zi+*T9I8(i6q^i92xc>;G8L@04{N!>x&HZBvJ}|Nd>piG>728#1_j=y7MhkLq{Z?XO z%E*lWJo4lZo^QTj-K74JfYW}>yX1C*R*_K+NS)$ur}cU7t-fBj+A+1H1GGj-C(*un zyO)>ua9PO6Q=&Xg3FV>5N$hLaqxaK-JQ6&gb;$KyoN`0>9NPiqAFf8C|5=URszAdp zp#2IivAcyX-8wQ{SV3v5E~6doBAfL8bi0wHD!rfeZk3(5M^~@==+*-1=h0%URKMgL zoQABo`UKWgB`9qU3DjQKiZ-%%H+6{Cn?XUi9bAR*#4KknJb$#xAMwuyGk!PdAV=w! zfLFieO@f;}2qw+F{LKa5MxOOhrtC+dq|DsvUO|e8#WM18?}>VmZ!m)p8eO~99C*0!4%wj>1e+hX@$@jepV*>xutg}e6_5?~ut2P*{R7?xWbEaqi zBC{96CWpQv5%c6pJ#Ev+V?hWLl;UHDa|4y92(IhL@)%mZ5rCXpmuJc$G-?HD#7xmn z+*IWHwRCJ;4 zlYxL0u?ZR^v}^?WD}=pU%Y=@bjO6r*f=*SPY7C5BR=kiHLP?_byQt zsjG6_`}{&RLqJy(m!I)v#;Y~a=5h-;IE7OQEL0$`#I6fJDR}rB@w9+?#a!ITrcYzg zoK}Y76sK)0o|6jzU3i9VQ|Q3!UF2Z>%NbhxX85a7L)_+#ZjZWUXp%>@*_LeKUQMq> z2to!xpl;!Vv`6M1jlK0Gxy2MiQZbEZvOfeRpU&LaxnNfYb%U-*qE#;T^-R?=@HXNf zX$73OR3CV2W^o6;(AMzZ7P>n5G)vfc2zPkoV721q#|P53{TzQ~89Z*JdHKBJaLI43 zbi_5~97C=qe=nix7oy#|xZkHwa`rRV*qLnLio&Cc-s0UPtM|5hz~c2eh4NFtGWN5u z#CGnBIt%s|`i8Y_D*Ef$ksxsq6@X?jH;eKzZMmRxk4a8iCqj=5ZLu@?{3iWpSSUXk z#@72(z}E??FAcP9F)R34;xGJCtyECk61XbCT-X{($mVw1)pPmKN=#+tLvA8^SUo<2 z#jPfU;J#7!fT;O{8olmEGjWj*<%|6Q<9@YtNflfoi!NE=W&%e#1iQrc^|m}a4kRAd zIWr&g*~Z+xY4eSfR$t^ehbFAtWd{|3bY_r~?5X)Vnu^m)f5>Q&KxOmm@!WQWk2b8F z7OEoK%=#`Nn|8CH1#LN0k0y9A#)TcIwf7vP^ zxEF|8(>!+QnXCg>`k{0Nox`>~fF`A1EajU4GaT<$$2K$ZdedYa@!Nl2s2(UYpWj-6 zf}f*}7)vdC>E~MbX!>YC?a}oIhYuH(XoP}$Z9;mh`ShBMiiUkS@-jEXI^XrLk4`hK zQARIc(D~mtjRXqxKjtb4`xR99Bdd3dDq)4iZae1O2yH73&dMYccM`A>vPMz6bZi zK8bShy`UT5o=CO$`uvYIQbO??`wNQEV!QYcns)O2s<$q1u*6~1ZW zJ(jn4Nv?3v8#(wP3%!S8@^^*k!UbNDhP3XtT`YOE>s<{)D|yRR)381JgEZdkC0UCM zDW7eEKk)>3lAI1m6?p5y7aU1^cjti&{z z73n!-b#67(ep)ba`(>3_&X%XOImAMuFZBWX`ScHzUb#M_?Kz~)7q~peakCdmtd*gE zjCN7ovW$mUFVqw5pYB|+Vq<-Ml=ACWEN%)x3O+I2mb1xR#?%#OoN9qo%nzhU@BR}4 zZL1XN5xR`&QLaIy%zTH9p*Y79ab4X}?Gr-cLKhdJBJz8PMb7}?7hSoxx;$CC20lv4 zJUqqUr=Rg-KHpSCn0{AqT6;oOd+R%-GX3Cn)}U$3SxEeod8ennFfk(PxP_A~SHt#l zO_)w2Xj|%o`!&qnSy?ILVt8HXXxalLs;KJy-O({w1lS%zwTwEof)H z%E5a@!m`L2x3EDH)i2>=tIuDN-l|FS(F@VK$OJ}-!2>(fL3kv3b^5#+FCHcP;d+PB zW=USpecDR_5yRyz7;^335VJEBR`cU7o)C=PMrTzDdir{T^NPxnd^P6f{^gOH#c79CTgZ4 zVFsvmd>iDniDSmWfE%9frH0@^?W;dmelSmcqKUg(_yG#3o9*XprOgKz!^35IWk!E{ zY)WXq5GxT>m_7ZrmvU&B@!EQMqd3o&RG2hC|P_jZ>n0aw2 z3Me6$NPWkV3GYpJsZk&$OVRD)$!Ivlx6n=}EfQWMFIAx8OZ0=#IeM$A_x%_g{Ce}x zZ#y#Kz6qr~ffiPj52+;zzW3Pt@qOMwy!+inb_dXs8&1c#Vxz= zTGGki>6?1;-x)p|C6!5xlvFo+%sAXt*DwAURhLl4LW`+d?O4Z{Et;ytxm}T3E&}Sr zmOV3Dk28iZc=Qz#Cf#3?jLQ2&3e*z?vVxPTlPrkXNG`t;$9|tCcR1BM}DJ-=1$42m74GM z?#-wCcnQg*B)EYUgdn?*dbQvhb~>1!a<^2p%r)$qE*{MRUbmYiA+stZ+t9n9(^a-eRcr zsLUtnG(~tO(4Hr7h=SwgDtMF{e=}wnJo>D@soJkPOF1Fxaj#*#KHV1(vYPg@jW6ag z>KROk6gPBmN)77^+t1!tPy6iiCM&>nn?T5sL{9DuC_Ad7h z+J51^O*gGY8@#Pby0PXZAXdE)SP94$ z=+-89-a*SUgWKivxc*0_YQ#Rkb>F&#a)h=D%jf+^W(WHLJhQIGo78oi$q6~5eGFT$ z5Sl!USBOYti<@2sLQb(ApPv^bnd51o4ZO5mfeKgA_Dcft$JvvC8jZi2*8hYjJ zdbp%2V9JEQ7We&57$W7eERZ?nB_>{*{D@{n`gJGYv{yRhV$>|a}i(y>v=X}*_zPaAne5a@v^^9;uM%^ zWbuGzsfkr>_*t|bd>uGOyxFJd%dHxh{h9Y?SkTrQSYQL`@>Fmt&K$zueE`u;wmAFZ zy3w1&PiDW9pwF$PDrj^o?iYw9aIz`{d>PLst0mak7155+#HSH9*;ujBeAmTF^l~tj zVmAU&46Sxp9N9c-r6c3p-B{Is^(*{bX0!~2h1Wtd!t$8vEO5nILXlR+ViId*2b*nG z@#8!B=or1hGnprkDx;gH2*_ycD0hQMlT||@s7MNrWw;Zzc zqf~h9H7{ET$EM)>uQQbW>`^zmOiio zuW8E@Jjxgo2ZV#)UE3m-y?PkE@b*rd(O!i&h7P2i2z0VW3dSTWmE)oA+Vd}!V5#FI zfnDJf`Zib^M2<8djf~rNiV}&t-xBIYFQ&@^Ghd^;+@>tIa!`9d_N#Br_JrQ!`-VAn zH9hcm?i+M=5@TgmaQdUon#_-48H!v~2)Kk?Cjs;Gxa^(!)t!-YI; zcd0>}EHtL@DfLb*o5w%tkzv>{Ig9Q9X?R{|>?%e#C9*+(uji{6|DD=qjaYh|MRw;@ z`=YouZGO>rnNjX~ECH?=ZD0x+Q(Yf^lr>T_BFEr6RDbo|&G(=A@_%89RAbAg^OoBi ztf&I?T6^^*Ex)&p%dEUt2G8PS8ZTD=>SYu?_8KU}J$@yL^vr<*(-e5fif#6t4;>mA z%YdHict0injvO} zt&wOx`T~Nd$)YB=i=MbD#F7&qJexMBl%U1QsYKOf)eMQx{~pqiSc0xMKKh~c0xgjL z@@FxCwj)*Z@U$G-EGFK|?0Kw2IO%rD<&NC1iTQM_sCZ8BTdY>6CfId?D zq*(FDUO^nM?uX;t-iZ6m_9HO;=A3xl28+EKI@gHL;99BJcm!wYPHR8?R*80-N8X@1 zC4|jk|34DZgRSi8yzg>gw?xO)&|I$c z1drq(5THx?=aEuU__?k>t1~IxG|+TQSGgG8__VSFWcM;;X%Ai2s4ND85W0Tc^x^Qhh^fA4s!ekAvrsHL(LV{7EKkk znaJ#h8x(JPQ=PWHVC^KVvqk^I8$|&;Dm;f6I=f%CNrsEPsuI!pA?9E=WfIJrW*c+x z=zc<+rd+X=f9Gb1_?9ErdP=tm`XXHXd2U|5^2U`^9@gI62E^5+zB1|#d+@S3|qn0L!}A@7(kTsAbpg;n@(+iNKYUX*sm<) z&7IJWzDd$A8(aScrd%t0s z$?9JSRR&cMD?mslf9n~*Z82AXNC>{Qg>HXKTf2DyXu_rT9vxoYp!Ak}|3ARY%~Zu- z#LMWf>KCT9@agCfnL-geq6?#N$t*fQ+x^9*9N;TkNtT7U3%FfpPRNXxLkml78KeKm zcxDYQqH4f4I-dsoU&ggW3z(kS{bT?iy;Ow0gZjl-Pk^|91Tf4azDfMl8^+(4sBd^HZ@_Z0opxdQ{=A`buX;d@tB|;OJxgZ}F#k0r4e^MlLH4+pZ56FV#J$tt zkS6^>IqAm!m~I2eJMMiZ5v>@d%_Ur-6mKDLh@L=shfPMtTb~g3YFk*37$j1V)qw0B zik6+JinbN#>)|alK_4UiCKrv5tLPh#jV~I+K=I5u$em;$zsvBPp{0v>zywcm*5jb# zHG%*1u*ND!eZF`+<*ecb__kz`;XhU=l0;%bNbdW=^=?H1 zLWdYcMN?~Przhe4ZNhPj{EbNZ!1F0BiDI_iZ|Y5n%AZ;Aa{JIbF1w});@(E+nLkBX zao*FmtFpnKLOOK5@^kujW05KWy*OI&f}i;Hq8GgAFbU598gE_4lHQ3dCw433XDG+` z7lfl1jbgAgAo(YHX8@~i-^$Cht)7|LL96FX8czmXtrry})Hxn4-eV7p*_``Qbp6X^ zrs*+*2ZfJj<;~oi>>&!wm%s43(0NaQ_CN0*I(Ds&BSD9be)*W767`})0HHhqLdlXtb%=|@1e?EkC z`Mh2(#YApBUPJp8%8^4ee`VY4KF!L^t((CYXlIJ82unE zU#^3DS*|LiPx|e-4}B|<{;zt+j31e!_kut1k$=$(S{J>cv^C2Dignt(A>Bl8H3%)# zSdD!$UrtAVilg`sen(jzy)Tw#sVuR)nWtFVNv!)M08xz&GFM zJ+!JT^DjV3$b5eoz0Npx5RzK|FQ_VO>_XN=?2X>UDjEla={DFC-?2^4Yzd(~Djg)v z3FcDl*875sL4ryvAu6St%kSs5(Ml<^>{0E6HbaACl?{(WVXf%<)BmrBvkZ%}?ZUNm zi_+aWg1~^3bb~Yu-3)@nNS7du#Lz>7bPk=;J#>fC2qGX#NQ2^jc)z{(Kjz>E$ILve zd);fD*SY_x8LkX=2GTe5^OJpME)!2P<)2&sNRS{TyUk*KHuCT}o%)vZ%8j61qURk( zo=yt*sDBhEGD-Pw1bqGmx+S0Ib(I;WRHm&htn{qoGeqq_yvW6W-EWgiFgY53W9l*u$?BCD#eAS#%euqv^ zd07}2CX`AFISYTx(Rn8Mh6iCv+QxUwZkLn?mMcnClIbk?Pn*Y$|k z^AshPIQ2>*7%%r&5`Gx)mv{5g%WjV*+R1bC&9nKoDb)bpyyFay97_fuh}X%uDYok* zcUx*G7TIQi}2PpHXv88bIE>Cj%ktsXFy>0!rd?oQT$ zKmYSCInKW|0o@(}djTr{=u=$l4u1h;w8%05QZ1PHevNp?x5O)E!OMlf`- z&Dz$7vG>rCV}HicQh=m2au;BK5z_LT5+faWi0{)U5+XH6&S!pww?TThCZz6uy2WOR zTVp79WPR?!11;AvJFI8tuaGTxR7o^eKF0+)8yR1r+TlcPB(6(%N~s^`nX#Lmmv{4z z3Aa^~YDxd~6k0oP)l|VhX+4@WWXJjG$Jvru1a+DiZNk?wyiU5`0oLLUe}CFbJCR4W zdjZaYVcUqWFnR#5sqS|hoOT7G>x0u}AN?JX+WkxWvqh$cW^Rhpt)!@DwViWwOYI>? z1H{s6XBATU(cbG^bh3vf=@vh3^cnG$X8_Rmei8T$nc579taVRMk_%D$0c|QiurlmJQbb-@lw}4WDPeJkrW^LD{ z$*YU%&DbY30Fsh1>04Mqxc@*9!*jlB1>NeI-Ehn&Wkm-+Z0z@$fnegz?!W`VU^v=* zSUp~0nfpY?vwg4*UnOX~!rgpi$o_A&ptz(TvOD_x*sy83P+vH;s(Uu47`R0M2- z=PTma{#m4qf)FF(5L^#Y3i4nQB@nrFz}Kfc7scH)$|sXV>^N9sCSNPn!DEd+G%sZ1n8nwlN0f()O{Aq9U@{LSR(Be&-<;I!0RP* z%QBL*y;N9zRlSs~?u$+A;#AdtDJp&;>!}gCnfw)^j{l-lgzw8e2h*F@kpI0BD#s|* z+wQDgG5^nt0=Q4+IuH4Svi_e!g`ncMa5;m@|B_l8FMYN6^4+8__7h^g|6XqUY5Ig7~cKRs5N89R`g6u{|lH-^3P8Im@mt<5*se{r=Q4sYlyxp zMB-oPT>m(>a7_VM3H$@rtQ4(-b@V8Jn6em`#660=y_pVTNT;f4|50fjMkHK5)V3Nb zA0$=)#9Cek+@Iyu+DW(^+DOY>0hM+;*3IzT`|^U8OEmaF<8iu?oDlGh^}%;i6EO|T z@t$wat~k9Nx4d`%d^7Rro#*J^t4&5CfU|HRPc!#k{`j^7=kMKO?R)a$#oj%a)^*{d z)h{kH=BB=Ft%>(j0DJzGH1Ap=!#a}Me`^2n{t=*PVWjW717r<#0NwGqL6Wpf4A2SK z)cv$j6FKh)=~?Yvg$jNd0gMr)OS}Pd7Os~tC-OM1(DeoN7cU)2!ZaCv~>tNXPFf5klrS5!8=`PNZy z%5s-Fu!jEwYxrMJWYoNE`whq^xL_}BOv~gSi?P8D^r=RHH}>Iw4gsq{0mRXe%3){AY3iO7GYz@v zQa&9$J$LKJCcqlO^jmfHP>dDmhfb@GXxGvMe`Tk(d9~tHOOd_iGDEw1Sr_|&>pKBj z7I?cUM zFxGbiGW8!=6C}VAe@+G@H@$JZ>rb?0?P#*2SKc2y5M!BgA|cZ#qXp0%X=y$e9Tts)^R|3nZ zH@x;+r%xc4sm#S(HKQ`*NjBGjN`U4&@M)hsUHp`Hp$bvU^RWBg;ahP5sgq^Lykz{0DIe#fZH7BLO4 zZ6Krp?(c7l8m}Iyc>XG_o*q+#gvdAArRC0aA$nk47fU0C#0WE><+kNclmHYWW|BQL zqL`1-xk9p~D5(t>s5>unlN)r8X`HHbD%1t~M_(r%un@%j{cS`&73}u97`dTAn=lI% zf%6W>$9KIrK;Q)8=b!ed%`pEC7w#A__$sn08-z9OUBr33j=eW9+HFt4%zsN&S^9>5 zaqoXKoJuM8$KjP~R@*=+piQ0Iiq4t{)7}8)PGTT}k`jffY7+P{AjR49HUA5qE>Y5Q zz@uWV-dusOLk;N&hbw~^O8VM3IhFHM!Yc7^T?d~kE7TX9km}SwY5Acbev)C1E%&#Lg-NABM`ERB#giV3^CN$kDIuuMApO{W5rynqm}^Y zjYI7hzK{TV74J9KhTXqYW%JOYsr=mVSpqGA>0A+$9@zoUS8_=(8QcK!n9>}>AGn<> zh4BMLN=Yh4J+%PJjG5DCViV2o{~khgZn!M7koEDn|MaQzUtv|P3`IQ%Hr1HsweM$h zpCRXgX6^~T_ouO<^{OEnTe?-1Oyj?~uAZ_gDX>l~=OY!0J00nG9$WDsbE=d`6XMFE z5M~8V@M+NO%3vv6En@+&_9}n zA3a#8;@nfI6G_s4(*GNwd{ zJ)^io?M2}TaDA@Ry)UI{OMMou^sP1zGXq^P%izP)8qmSE!2KvXLY0e)=9*`obTJBu zO%a5ApnLcq7684#DRBNeR3XR)FBJY7n3}jd3W{SKR#O$j48g+ali6v!H^fs)N)jox z&-F4OWSOxE#-alUAm=a*AaWcw7aaa{&V|oRgj+&+c1&NG2Pk6HUZfM2Ibs=e9Ov+s zX_HeyOX`55K~S9KvFwaOx19n5rF?5@GO~%PXPVG`1z@hb^9dioeDqI!31cu5hjOcI353ahex|RT( zL#dIw^)EKo8SGmI2E-%>1rN088z5BoOR_lh3n27w7W9>?I7Tk}%n`@YBy`1>XFm(| zX4`J77rITKNEVl?-@IaDB_&}m!>ut@$&7Q*r+KSc{$zuyc?s=L8U)1Z>yLH-_USS(popnXtp=M%H4CY3|3sQ%&s5y<~2bmtPr#)Xsm-t}{kuE-W*K#YojA`vKr*nzgAo=D&8j58fc9oh0bor6Sh{(I>}m~NOm6{-|W z$XbxrJ*W0;XnH-gT~tw{*>{&IemW*MBvf7pq@BEvB>Yk4`0e16s(RCWfOc!}G@WxY zC3;o(++=%w{etw1LriuoPq6}6h(Lc(NepI8k&xkTj+UiSlg-a@2}s&2_Ci=6rjVE> zaXO}l<(TWb5K1kG&TP4j#&oz{)zFVv!ynTZcC-{z2b<*${a0T0rkiR6aU+SQ)SCa+ zIWm|7ErHj!UKm_GI_5h@{oyL@ z+)%@iDQw!J66;%~`oJgeftxxl6uEh<9nTkTj06wSJTUezurqR;%BD_ytk`)O%?krA zw-N-$X(e$1s$NZiu5gIe`y-FM*b4Xd=%v4mB5SVlKi{^_d(BFhVH|XmUQt0@aL294 zG$u@*4v8A$mF59f7XzRj8!&1Qp~#!XdaUI){nvCo(m8(KI(%Jk5ZAjSe4Ohce;EI& zM$9ypXRSp$KCuH0rH$I@sZVn=ax}l_60R}#E~V?-QpF~Q<<|W%-db|W0YqE^VP#qr zs%^CutHS9u_-iM@^Q40&!Tc36|8~ZqMI&wTE4HamGEGR-eG67GKoH4;;*`RA@aMD4 z=>U%3RoN)28P-m3_qw@pHS&F7bGdhClOoC`%`8qS8p6>+9h3HVoo?v96E{W&h8K?A zZhdhd(PIG4nolW$&`38~yjKP2ZoLH>k@A#c5+y^x1$@BG?4orQT+-y=gEoGVnlBpc zX$xJn`dOW^1_TaSh}vUICx+Fer&?BRkv#^@nZpe+d}8acgjyNwymbesRLd-e{mW}_ z^mrY9{s7=+B`y=^qwBbK&4lsQ7b?z@?)guql~YAg%c1QcnRy92Dci1ooq{9f7v`6) z7aZZKxeBrC`V7V&@1mhE(`v?rPi6AwG}_a=kr9W;2y%|1b<063PbWAv=4_8ZDg-3& z<_m@Q?Y|DPGlmxt($Fuf(2rZ`mF~XQI+wL9F#T)i3Z;ienT_6x28>^ISieK4F29Ih zazUfma|USXdLF*{)B`UMwAd=$o(UY&Cnb5PwpDN8RPaH;RYOQ2!FvDxhJT91agg>mO11>8Qnv^Y{ z^m!!$efLd`ZDe`neQEZyo|6pO1x94eT%c_ZvAxxOgK5)+4!>gQ%%UZ`L0{aXB1eph z1Sp3Xb6;Wi4@NQ69qgcnDTa{yotyu44T9I`h$5&j17A0F{~$it7#oE*yQ(^h%07gP z6h4mZ+ERGcqEL_zyKOp7!+U{It1+r8yNUW>BGik5z@p2+1&W z!|&Z2)MQ!QUcGQ38<837EnZkRiXT7y^v3XmNQ0Qra*UP)TfWjD*# z`KF&L%8RHE#{QQ&h)D-IHpCqp_9U|$ZQNaKc(Rk(5)Z2VUWLEkPEDtQ#5t&^O`lbL zsg8S88T>Pz)R0K$lB8-GU)_M$>VBb2ihS2}aq#yZOcecdYgqpS9`AyXN$qmoIRRRD z8hY2(@0E8L?v#T0wSm8!Qp~W~0$=3k6e5zhqu6j~0RJOn9H~4{jQew9t^CSJ;U~}4 zikz8ft?CqbwdRVftZ@d$C+Bt!R^@ppTh3 zpOVBs0}0UuhrkeIu@f8j{wUbwpwVwZshwtR$&q(6 zyoYIiuQa2Qo@i&9l5OD@j);h9zPJN1pUIA6x3Sp$Es^)e*m^X91#!tANpcfn9C$*& zHe*Let>CUvTG=A$c~D*yAJgC{l6(%&^(4%@Xa%(cy{fCHH@ZkmR40vmNaR)|!*Y!( zZF{|T%%3dQ*OX8%Zkg|%Scjo;FfBb#eDCb}9JaR#>{SRoUJHF$YXPCf>XL;*g{OpQ zH8zw`ZsskF0WCi&?pad)Wbb$1pC}q0_(H6HQZWYVUDp4Cx8W(xUuT3hY{$%M)mPP@&Y5t>`NciYl9 z`l;%W=nay!;!l)xJGJ^uG`q8Q;@C-{CWVf@+%F1jgsOZfb%-#9CD^JkmBJljJvFub z!cUtSGtruLql@;jd#EmjHbYy)IF&*}^cfD89Qhv)|A|e;wWg>T6*@KNU=!3uFBvJk zxNqsp$-LqD{IpuY2oYI;vK-g5laqS(varYnBbU`G;Fk+(Hi=roTVpDLwT>l*PGAXc zN1jRSAk9vyzs0L86G^44)HnXyd*?YV65V$!dJKG`zr`}HbIGC%@0nxSQ)q$OKt{=w z^MlR}g5m^>8|uQC7qt9K;750$eSC@pKmxaKlq^5b*QxYsH}v$g!W9&8;ar*{w_#R4gko{JZzqBTgLNY(a0fOf~$nPrmjm+HR$@h*myeZ>EBnbR` zXYgc17&@L)(W_`s_@~r=OR@|`=d$sPwhAAm!gx@l9{UHMW0clpCAHxIbnB#^dJPpq z*Gq)Z%8w_`E-)-V^@m`^!|iXxQTj^Noo{wCZ-jO=8Z=r(S1X+(4`C_KCjHgKQ~WkZb&ou~!4b3x6gwS|cV; zsR^i?^Goq(sDb}ooD)se%wQp4bYRkL2yGQ=sLO7pmGk>6O}m(TVF$P z7^rHIJVW*T6Y%C86k`{N1&E18X9d3w7{3Stmw3Mo{RHCjIUsJc&Zm+CyM&rhN4c#4 z0^)7A-})~S#N40ywxbD#sHc>{j_VScMnvy^HnK`C2T!9~9O;uUxRtp(&^Ah?3Nt-h zK~hCm1C00lmx>(8V+*08CG~ILpJmr4|W&I{9 zqND7X#{$L@()Pe}Id2y|&9#CH*g|Slj8wHKdT(5n){|v-hS7}36}aOn?m>p5GL<|X z2eIXO64~==nb^j!nM84BJw(zZIvBcS2i6jjSwDia=<=q$6bJWX7I@KwH`eEvKSLRz z963RLbLO-o{;8hkv2@vdX7JJ_X@E*9+v z%jI4=#jA`scOYM-P07)6h4Q?RWf?XIwVK34e$mGi<`tZEo zwQ=m&OHc=(`mVtUmT#3~;GHmM8E&;YTW9WGAozGNMie3N3jD0mkcC;9E?;H2lMrXI zTKyxloR&1Tk{y+%%s-@=E5E>q#KZ?GL(NaCPs;IMtKaT;iR`M%^kqJ?Bgj$5n_+bS z)d73SC^N1m=RKQqY8CdAS3LjWo_uE@fry+jdc;)HtQ;JN}9)sFEgFuWIjj{ z!}E|stdoi!F1Ue*RKOEnvqScF^z0jeZ#Z6wi8+x~dB4JF;cEa1wBx(;sc+pfH-XB8 zht}ncJn@iNzIfd9HIt(*2U>PuH)Y(vVstfsz}9Bt%dWZM?Hm=UiNTodT+gfe|b=-;c;VRu`#L)a|uV*-#Pd`DB5$VUWe+6mHxjKLM2~4x*&Jz#(xgCzITij zW8_Z!la7u5)3{OUZ*>0ug#tO~twlZNXXyVGxj$F&?~GhdE*=g3pZ{$=gDu@!fc!_lAlva!0D{U&`(2xp~5`#%m7Jy=nqE~19$-Rhm_L5OG(y_XfechRGFB8Z6Id$iSi5=2?6?dsj? ze(U}EeDBBohus-7b7p7GIoDj*vrLS(rZVAE>ZfREXoRm-6m-zg&FT|MAqHKYzeK9{*$i`#Yez``*`kuXeCEX}Vb1i>H0B&KxmSBx&~N zzoY)Z8s|*$6D3Ym5ZUIDRJ}|F3Zb znfjGz8>iHFHP^>ey(!jJNo%eWf%?~T_x#s<0^`eO z7ydh(dpPI4_&jI+*}x~oHU$B~N~)Esn;B*a0lR{j;D41as6!F7XZ?I0&C8yPE*nG1 z=hok5sSY}kD@T{>iG%9{6lMgcV**+dUJxpqa2n?ph9&RycvyK^{!=y1T7_o{4WCaZ zrKRKOrKLEV=08f>+{bcMwJ=H?{lYLWFG=44k@k{mNf1wnA9mC%xsOIr+2r!&`)y^} z^wQrSMb+G%jB1I^5gfGbRvl$@-?IFyg-}0`VoKhf&B6wy@7>YW(}2LoDCyc8wy%@{5HSES$7A1c#1t zQz*p$7S%ctM|FpL>YPQQq_9}l$}huJ7-K9a$qMTBE88%x@=gG+-3DnX@>|I8Pin&Tty62uRpp?E5yKarh>0V(kd0mx+v z{deXOHLysUNFx7L44BEG?;LZM9cJ0ZCQlG(k+xa3zjKI&E0og_X+hZ;D36MJg*h1u$OSFU;hF((+n;~7O8!H34+i zt7I3Mx%OaLTzy0}7)xA^a5?{DkT}Q7N`~qzk@(Muo8knqSFcLPB5FTkQdaa4NlQ?p zC9hd!n2`T9w8^`q$r=EH$EF?dCYWLS%}_ck`GweI#l(;g!IT_Ihq>ShyvP3HtYssm z3pkseuHo1;_FDcljq8eA9?tYH05#@{lc)6Gh=kp>L+`k)nF-q5pE0!^LuiySHdj=o z!Q(;(f-3Qvvn~muYtcg(O34ft;tj{I6($YEQ+;yha0;kwu=Bx4h&+Y_n@5g1=%cRx`an^E4fKlqzQ_p&&FIU50s92aVx1KYC(FKdTXeqD_9C&U( zz@!w1*#4uy+mc}x=ySPi_CP(TrWZ7C9;HaPy~~neOp=Fzv;MwA=)zmcIrVGYVkV!( zni(L>Kg~RDR5+OUB?Uhb6=wE`+2z5#?XZged%F_0V#`rVzeaplopKXPg~jH7_7xB8 z%OQSiE}=IxTKqe7kceA!98D$B*DRWFEOcPH@D7IQXu{C*B(9FlReN!f0GUE1v(Lxh zk)b(sJ)#2EfCtSF>g;7RQD0&ZU+ToG$xd1)1GxQq*2h{PFpWm4bZUgA0B&ZQeK7Rm$ zqDtM%4%MBkv7S_Xk<(YGNxVB9!`HuC)$Z)rY#Y?R-xLeU*1h~)CiT32^f46GZVa}# z>5ORm9d>$M&SZ3vb;F;5Oc(mLa$M-7uBQ`~0%zFodTGEf7>}2|ppqAahxeC*(hyI+ zHt*fQe~@7Q-|@dhSibe^Vm~)2Xp9ngOK$c3INyB52cEaSw0u5iMjzkR)v_`VR?+2{ z&N32oVWLS^gt4r=%+#_=r3zp#=(DhBoRqo=N6j*klLGl1@+krA+(cn_ZlLj#m$;i3 z#rt4taD%9}MDa_=zkn}4{|pgXY$6!PtgI^e0_4AO<`BmS1k*oU4zBw=g}kE!kMX_P zrv2(;7=CPJJSlNHmYK(<{OyF`+p&SY`FCJhzOTK+Bzg?1$)peOKRY?Y-wuJnA**Df zvN&M}_3{loBXDDdUV=vG%a>nl1quT*o-oD&v*Y!bjTE?bUwcq(ViF55rC#eI|3M+4O@e z-qoe#XTObR0-s1eWHI+OwH9<&*&X|uYkrCXpslaWJ%TOK1H!%$>Aun+cowJY^6Xiv z0QnR|Fg-W{*X!X9NrVG*l>w^luVRXBGTT^1#hPt>7X9e2%GUf=`!}Uvh7ZwY|H9MA zxRMv#R@y?PJRWb7PCoq2>?%5QMHEFrzU$aA|Ji0QpNWrt$7S}-g;Aeu>^q&$Msn@g zMGsLRZ~ESdMLt0%Nd#1^X~lQfn^1nxcBl<#e-#&OYh+!Rn?WFrvEky9(C0;9z%Tn(xeua-zUx@WXFCxNdy`)DYs8VYBke02Jc7cMGQOOjMqc(x zv30~EPSGXy842!Z8^P4|v28Squlk2lBPzE1+#4z}11{>BvA*NV(J}!S;!4Dnl8`ss z;~fz!P1l3-eC{Kk$r)UEbuqGYBU=fTOoqo@rhf;4$yGlC(O-W0XIC~5h!8Q&RI|th zvF*UC9+I`epc-oG1?VlSTjHQIPy}7}!{h@B;|Gp=xM*Op#349-kVKSj7ew$yk^;?t>DU(79 zTf*()*K%*UED7iWYu+5Ey4!Y>WONmWbla}-qHJt!SDt%CRz)^)@SFm0#8y> zyz{(yn9v}zUYk)Mbi%o9qLu=Ov$xh9yhojZU%5CwUY?JC^6m+7Q&nw&lo5N!9YPpr z4_N#>T-F`ck5z`N-PDa^yD*Lhz1@8;3kkk2ccQx-V|S09O|vo`gu(0h@WuQMBB8LN z`!dgLMhqJmM~C7Q^`QUnLfLHQ{}!{r}1|U2Pw5KZ)`G)qw2ZJ3u@Cw}xQT zTLzwUv^xCnJmkMeYyMkO?tzQ$P|W;a4cJSv*MeIF2mfCK#P33BDHy)#{l6j-(^BSG z_O~yw-2b*Cm{}#G-}A`*SAl}2$~spaV-Bp|ZToh2UarOV6+GO+Tk7pXy}+VyEQ3{F z9v(1v=TG(P&B_>4mj5mgn@9)G8DZ+TFEmaur%mB1i0E) zLgMiM^QUHN$lSciuwqj9Fc4AV>Mx6I z7^NdzzrRz>464fN1@=`0>|e+7bW=^VZyme-z9NdGIrNe0INn-BHERP9AgJ_=AH6hy z5>OZ;6+}-Gi6VCoe5E>sVU;zAj=o+30lf!%;)a6zNe9@~u}gT7iF|JjRfXB4fbWtT ztRJ5qP-c2<>x~#T==BFrP%4e--*KD|N{C72`cL=4Ho7H&bpE%SyzU89ea5tf;ukR) zedQSv)S4}>#w`!i8GXQd03kRrvs|aGnw;MQM)&|wzB?{*9pIV_&-meyv&UP@Jw zRz3&y7B@bbEbHZ?kRapkyxKl0$XLORoe%+23hSQN-R|tVJg>X;^}ZO0aWTqo#SjG1 zUjz-Ia?G~Q20MGe(12`IGYsYhT9Gr51_wWiB&`Tg66;AY1%Ik6qFpAnF%}Vz4rWgvPsOsKbKpcfIz4Iy| zhD8;#b~QG>a>a})IF<3fzMAXJS(g8(T@M#ldoGcG`LXqt>vG;?gjp^hYsWk4#a1}# zbf*i?dq>nXuB<}uBHZqV*^vTpw9oeSC8)_j3sY+!}A4- zaDnZ;2UrCnCKmVk0{epuWr=th_ov%Oo{8Fgu@&4xewPbX732v#`9Cnb#dbqn-@q$KgO4L^f2!E)TQNrQgMg<4jlYZN zdlm_Ba9txhecVl{3f_797jz`7Sk0+#Rx1;Ecca-7@jN+#gL zHfDrnX4glS6F78!)^eh->UCeKM*7LFBj3wAC`4n+e{~qX5}oz#tv75FPcij+%5owK zQ}VPohmW-4DTV0+A}Eh2hATk?U$$%K0^aL{?B+f8$7S zPdq=*`|A^lo3-$x`d*coAv5o*$|HAT2I$SvC`^1X0iY%M;5+$tf8f$!h0SuOXgD`f zO8RCkN73`>h#6lL-Z%!OsqNH!{jw${1 zLUs@RUm5$)>XPPZC8|H);$FJ`r3R~h@OEE|d3sdsR}ha(yxl9R!1Izma~FNcj?pE5 z8(g{S>Oy-empt4}W$JTY$$Kzt(AQHIPe>$rtUCGjPcSrk@t05vItyEM9txT5ruDO*|J^x}Id$Uk~sE5?}mtsJ?Uo#D=wPrW<{gKcx#`=|I)l zc6DAINbK&$kJW}{pB&6@yZpvXU>afn3SXKihD$jp+Ofhm&lraRGtbF7__5mLKNrzT z{meEX>Ar^;p@0PZP_i=h=1YlFbrbVQ){P&})!7i5hf_ViU7|d zcJg>vp&93G0@r=gX1=vXY6iu>KikO%z_ z&OxgKjBJ6nUzXCcu0#I738Bkwt@&EIgB8_X)Ml|O6yFPngRjq259%=1v;pFKHAiXH z{w!TCdF#o`#sTMl%tyJJ;{cG`NmRh1srDkoaqlNq4o9JAr?4@BNdgoA2sVzcK|yo_ zUK3h`{M=T*R#t4FGzWf`{_{8A#rrA`{~34CN0g$6kR-8W_S?DA{!7#X)FH`Bvx*5mU4eYi)n>>cSn}w|rbIAP7U1xDO zRj%iDF{wZv_9o0xy7jmhwmd3mKzEJoexMD*&+-u9E%WMIo_ruOQEgdy1&&I~P~WUM z7^0bO(1|>}+o+U-7Ka3ErX8)$x0w}kXc^g`g7o!l&&RJb=S%Vyiq|K zL^&Il5Bo1=QY4$LqzkFUu!bv zAhU6(0Yv(9L;MSd&wBh^U*@1G5Adx26=u|c8(^C|6e;In>bqI#txk-PcWZx(-+4FS z%z@0!5&k-OV@u2p@Ec{i03?enXZzK$DdeJc zq2tjx(;;pm*_*9zvIDDYm)%?xgp1A%^Znr2Uzf-0eJNT}3xXyovry1QmFr>O`a{$~ zLJlXH=Ss)xO`fk$F&dWKHIx`4YA<0i#eH0gV#_LCyU1~R&&9UZ3n&VvFo#7@Bxru8 zGWLVl!wR8Lnic=z7oSauta)-*V189V@+=qc$*l6?q&~`Dg1f<~gk4^@%dmL72DwMrUi!X~ft@dTU-3pDuuRH{yBPf=kRuwG07ZJ00=m_yj`O_-Tt}&6@?&6;(im?ancl^hr+Q}yp?h|Mt6%&u1zlak@w{h zOhf#IA>6dPtCO;TE^DV~zo2{GX`p6g2HfhHUD*6eY+UTcDX$-$=S}|y&@|Tz@%w3R zjz}c;T&`wKJ1MJr^xG2aqr~=nyqmj&t|R>)%*~=82VMw6}GK_A4DBdc;lO75b45iSsYq2totzf+YcQVt?>L<%nTG| zak-${R&ak-#y8_^U1+Hlu)UgFKTdgZGp1vH%(w{@lb>E$E7SLKZ22bvW7^eRRACk@ z=Cv9V9wmS+igQvBt`Z=~9}FOdHUr5KvqlZ@A6rvS0Lux}yvDokho1Ay#J=`2=>N+C3{)N>Z1}44pkht)b}}docx9=&vcT{Jt3=CGe=#L zfvvcD9Y2(0Fo|((e~T=ey=OCgfFSo>{bm^ECWe|m)PHxM*AE6v=SnThs*?>JQ^QM$ zI>i4r!uaakWVEZ;!dAyk2Af&TMfkl&%_Z!95Hc9^UeoR>l)HGEQ{l&xP-`_;y!0_C zWN$cI9R8%Z+Pe>yQ1Z;^G35jxRsD9?uX!omsgk2Dd-7brEd*wcqM5)8@0}}yzR3q( z;icnMe5~bXf6aU>FK@|XpKE?^eV!079!xTJYTTZ%SenhGckNo^w#xW@O5m1angwg ziT$@Yy?U_e{u7J=%1J)uPimk2!nzVD`548DG`~K_`E8~xMdaZ1zErgE=CE5@tWf{! zU;Q3*_I=N6?#{Q3+Z9X*9?YM7FW$FYsj7)jea6_~Ih&o&euao7GKY>S1HN~zim`Xh zVz|ev0oov*g+u1zNwI@rc&(N{(l@t$ng8+Y(HNvuU+2#x``hwYY>w);f4)>Qq(seE z;#sO04Y+}H+<0>sI3iEyK0Q7F*BpJTX(-$Tf{5UZiw>KNx^LQ+RC`7w5_(vo`BI`#!|$q{=1}VSeQA&?Eb`q zR7ak+qewWh{Gj6jigl1j<2c9(Yp%UYL@fTuSZ4LlH`nSQNDVwGl$N-Cb-dJHhb+5~1kLtvX%)KeccBu(cDgOD;q0RE3=(Cy`RSu!^ zXFq$6Zcf5Jqj+E=(Vg$by(p%Z7+J8czKle%OHQ}V2GWIAMkr2wOXN+`A&P%u)64HU zGJ4{6wV5&46xL)kd$90qivEe%qy#C_f-%!GNc52<4fMLGWfC;ikmZ$hg&X4EowyiL z^q|;d>Xn-nWF(5}mTc+~cnTnDSzD&{S|Scg38$d_Y#J!F`7K5Bvxk$xx(}O^*F?b2 z^1;ME`bJ#$G?M-U7;p(2Fp8@h=<;(VFmvv@+Pa*PIRvYEP+jkwqdkwO zU0_m%EIZ$rVx{cG9Nvjb>g{J$_gff6w7#UH_eB&XLoau-7$jzeeHEI|G=laVh5;r) zcjw1FYIUE3=sdVw7)tK0bMs3CG%tRg`FZ}3Xu8~fF0z+>LuoVlXNtu$WV}%K2_Db6 zC3xsn4!jlQq~S`~4)cF$?%2o_?<6p#>DjnRpkhPy?~&R(=FN_Zf4yMq#S(+a*-~>o*b3_WioC4Z>0Aq59uHijow=1OZ3%jf-BW1gs8R~ zl5YB~vYKQ_Z>PStu-QAqTg!R4Jb-rpbSU%7^MFAw97BuC?Si=GE|8u0D=M zoEB9Akn7Y5{4-H4kKytU3TD&GAHoQ~5(J>mnt&{ud{j(W+=#MG%uZY*()aPGt!UTw zmMo?fAKF>SUuuXf7jU-_b&|ZhiW{_~Obl58$JIH}@YFxwlckCm#xS|oUD1fB-}t@c zGDzzcXEBNmvzy^4h!^sEUGUc|=+4#w^UFqia{%M9ZZ`{#Wjb(1#OY)agGhomAO37~ zfzKGlUB0>KzT0;hq=@>$URQJ2bpruEFTxB@$Md`MhiJ&oxFcIW_Z8X=iEGw16U3YM5rXq1j0`WsE)c+?h(G3*f` zrYLTD{gYMdRWVO$4FQCbYxOsqP}^lPzc4Y=dnp0?H~|dvLJ&krFhQ;OG~{IVjL}rC zoQpu4zo8C&E+*fKF1I*Z`?uoIC{m5BU=~t$if*AEV`78j;H0LSol0XeQcR0LVR)6b z@z)MPzv|3wG2h48fu8YN+cJl}YM;@vc-e>URB~wF!{*npbBOmsmkmgM~d)>%(+8|?m)=i3qMX<=mt9`jpGk^q9-Nn8wGZ?0DZ&_8tOXE# z?9vBd`Pd&H_h^c1b*}}YHgOi*v!w##z(YT1EMQ1dPYbi(QuhJV%4&+J+s)W#Gp%-V zZ@{bjX8AjX_vXqIuDa#V>#tWufYa!WPeO;kb2uHBeq~3_{QAv{F-FN7h#d?g;UhMM zr@rfe6j7a7v(cD;uqabKlf^`F6hyK}gAL_jE7$PMQ_x0|JZqW&iSPQGR!Qtv%Vt4T zM9IZX-*y`Y0@&DOFC^*K!g}t9wF3FG+)mrA5v7w=iW!A4c_x$O1}S2M-bYK(DVC{O zxh!Xp`>R>SiZMTENgd;W{ww!{Wcdu&3|KomI!~kYvKjqxc8V7EZ=r*be3iL*omUh3 zO84~zcbw_64UGgy=5B&a=occ0skKe6s39CnoIsn304p1k6erOCFH$-1u->uYr^fiU zupD$s(_gDDE^!;!RuzU~D-^?Q9p5sX8QBeU=prn8e|r=B%d0w`n;$ut=4l@A3Z=h; ze*jG}n?ce^5Adfn0zwp;CAMO4F2_XcnfO0Sz@AMB0jyFF7jU7;5p}nsOVvLoW9a$a z6M~si&4+qZr&G@n9#5n+;wKN--)Ra?F$-9>x;fsZEhLLC)Rq&_NImQrbbnq~(;Pjb z@kEzif?i&7;IbqRUo2D&wz`X_!mqBB?eQu@wbOqc;C=wSMS{rT<$ z;XuI}+QYh($^JEE{F{pI(^rgo5S7rqmDe((u29VB_if!hN3`(JX4{Y^NgG~2@j21_qU%h++A#gptum*B$7h4tS>LxyP<+#ldGVtJ+oTL zEnO^w`*i<8gcUb8tZ?h-lUJI%&MR#*6&nio<1LKSH6o3fKXWJX1u%M9<)gRNVOor; zxP{t|Zk%ty)eUJ;g<^|$>pJ&D1hSR$0{8>=|2U5v(EWR# zzQCV5Ycqvok(DcHdP8?O3U9!nx8%CsMSAx}uQoPOLIw3ZhsoaK9ZVj*EM%|mk5%gA zZ@PAL1W9f(N1o(BZ>{$@R$i*dRtdi}d7V@QGuh#3J6QMfNTnNYOErB<)&bP@QQ5-x zPQJ|2-m1M==Tj!K9BHjHMW++z5$~~>a|>04t9ren-1V8a})MU= zG*-F-!cr&r?GYR|(fVvJt)~73!`Kih0X&3+Y-iLvj?W3&eA=xaEH- zwCS+?dysOy*Co@#UI8M5Of|BPzE)9H@l2x=<> zv2OLYR*x{L{*CjtN8trom>w8WO*j;I!peU_K!&ffPQ=KRUL5E5s9L?gwl!7XCM=+Q z?H&hT?dqK7P7IL(XIFt;PJS-`lheBWJHO*aZ4{ET`o);{H{^$#<8n3e=Ao`-7173u z_wd#fUl)QByzd&sOJs!}#&=AEU9V0->YPK|v?*lc;qC7z9iov`nmfcb&?&Sll8DBOhqHBh`piAs6f##KrjlfD zd+t~V3{#%xOP0Mblr+myV*Roe*U zyq*MkJxT_8dgPz$NcRXa)8)Qa5U7gcnSJ({+Wdg`B09W59xBQcnpnjaONte+uR%8g zZ%7tUM4}|ARzR>tVpTN3A?Q}HU<;ZWS^L5Emd50>5~AnMj|R#gm$Ns1*J!e#L42-g zl&U%V^{Iser*R)|mb84zx|YQvu9E=W2MKl&3pjKlwk`$ifO#cXwuG~gDlA~F8hp?* zea@<7#cZ0QoE3Mk6No(VTfZu%zhg@`$J9iuvA`j(?L{z7PYWI-cHX@TlXH>aPUNCv zOPhJV$&wX$LuEvI_D?PW!RJc$MDrAA84T;Uao1l-1A*fCM?B7Dg*Tfw(qWc@+XCXD zRdG7q!EP6ZH%n3K*OfYN>RwK0RdkaNx*i-%N);(nP|kld*z##GD;UbG{U(r`^hGk~ zOQ@QRZcr)qowkqcoH0R8PY8bClu*;zXF}d4aE@jC?@oGOw>0n0 zQ^FU30l70S!(b2^D(|vc-{mnZZLi8o&)XqHK-O0RJBVuNW=!L?rH1vU!UD&aq^E5=nwp{MlX$^wz(Fn}^I)ofJb}lt z)4}|=ad=Flh|JNVjtLGkeuA$a3B5>F(}PLF*5(%q-#9QlXhFguoB|F&BU?wXOGoI+ zHGkzjKl#^yeKw}!s;nD%ro*D!*4oa%LA#Ql<#8TPaxNZz?JrY<78ixiqE4A7tqP~d z?#lYZR=jnj2HD%So>r0kDCMY0DH_JLQnNH{H6(fQJ&862-BVB4VMpPG4Pf`Ek0>#g zOi#_y6L`zrzDJUWfAxu;MOu(^%uPB5lF@Zma+$%IvB=L=<8o%9!a#W(AX6z?sQJ+z z@Lkna23xIk`t>(-dqMKI7OH^n_UgmvZ{s(D6*~E!zu_Lx*w+qyGg3@XmQ$o{O^R1a z@*Rp6mO>B%E%}K%^XY)$Yu*=(A0)c&GH=6bbN_#f=r4KLa}LP9V33Hqy|~wC+J0VR zWtW_}gSWs;`h(e9;r=Z^COy^vi6PPjoxDYa_J{_#8XV_j225%)j1&BD5jwg6A#?H| zxn9gbccPejp7x2l6~VeH1TXB@_Y75~m?-fPEBu{H^bIOH!oTCS$*~CZp|zk-)RJ4>1}X<=%2j<4f3&qQen(Eq@4N>qrtB%`SgWGlPsGXZS zOSu2(bx7o1*;R2o5%Ky8sOeRM}7+lNnI~+KtS}Yk>r?-hPR+8 zRkH<3j4?ht z12$zvGEO#JWk7=>IPOQ3qF2BM@UVMAAuIJ?0uR&@hn42Zs+Su_zW$5#+Vwi8?zF#q zv(_&3ERFrq4FO^Cbe;BdpFEq+S!KlaX_$ldWd$Xf=6(TKe=lgodp&g@7vGfQkP7d@ z-!odlpRo4m$PB3cwIbgnhnzEhHsmb&Emig#AysGIY%gXGpRb5wTcEw|pEpeypsyl# zTutk&mETq@S}LtXd@;2Mj?4%%{EpTI?#%eU z;PlB?sguGOHRRsYIu14BnxlGEC|kb!A~a>d`%R9>?n0oHtmn4|2o+09Q^!s`(@A?n zoi`uWVEnqs_4J4wdp-)Jrv?)ji zVg%ofzmbv=$p{&lh8hoTZlFfv##3(h`FP_d`xn!BdZDKb8T^lmDTp{>82e3#J}@a* z06XtKWfXjY)tbxPhHAniUgL4b`4l#QzMdMpr>Vi+t+GH6eKT-ebuF!W-O}g2bDF_m zAKEbCEqj})m@#9pR%_h43~o3!KSHZ2SRjgX*9EXVZdc)6nAY`07PTvjm*&Pl5}TTR ztPIqQS6{_-ryT4d@88UJps}Uot=`b2tDlt-K#ebVf6xX)M(@_sF88B%X5iFM49c#u zrS8LjK0Gab597P?^4R3x3s9U8-g?G*H(n%x*y2q9*#eX{*1&)}MS-XT_Y=@%?x<4J z$Fid#Vp?sE8sy?5DFzT-4X%L(-V6jSE}&I)UGH38ErBQF3#^{~PgaaX*<2uC&q1k! zmi0BikWw!K){^lE<7E4I>bDKFu&<63cOj9HDKa+$p3NC^{Aqj8a;6T^?rzT-_G6gWgx2}nOy6i^;cUU?kF=|)sW{3_&&b+|o&t|;A@*HYl%!C%wH5BDEW z$3=*c(4e3t@81(Ro&!ztP0imPeJ$pH-Wu$;%7cdnR(qOo8KOe?n?8~2aUF@y<+^Z( z<%ayXV6Uw8@ztSG$hoO zhn)@LFEq~b=QebaWZlY%}vxXe*bRu(^CBy|0r|cS28cul|~SX zEb&g@?|0oCO#4Wp;PB&{as~=81CEm*m}&!v{X@xycYY)nKh5(A8)M< zhdtqWUYbp#=hO~AiMhLPPcnDRQ22&<=lS0pvWR!I%_t;%pp_A76nFGnS4*h#83Tp8 zSa(mTapN_0Ue5>qA^y-FOM&;>6*6r4lGnPVta|*JC>In;%@tj}c=55VI8jPWtn`n8 znPh(R5!#zm*_!RroXAIhzKciYwe$O-WWr#nt-^TcggUG?P%6$i&;v{b0R}`ECrBx8 zrE!oBD~e=rHuEcnC|lN=#Xhs-UqnH&54h(jaP|2G>OR(>+#JYUJoEl&;$x@pF@JT` zxSp%II#jh<-!2ij^JS(?ggj10plsDKE$1(2PXjK)dGqWCV=!hS1|IwBPh_aWlUDuW zP1H1#!NysXu7 zLu4B>t*E$a;kXb7lqIBt&nyFNBe<^;#SRBssim}&`rd5-Gk|xMYUFvc+=Cfv={UOD zDfpG5KGz4fK0GZw;Xu_`>#ABR^#qriqAj=cq&ouE_J5yK2APzP7ei{TC6$>myi**w zS(T{^Mvu2065L;NFQBqMg*=cge9BA^Z1p$nb-GcJ8a6G4J+T}&Hc?aOs=ImN5KIQ^ zZdeGO(?^W3Nq7Np#~K4o{gAj?4mJ!&YbE&oVG*A@N}}J^_8GeqVAbt0Kru~C0uzXq zff5rD`q$Zx>fOjtKa{|4-Fg1PQ?2CHO&x5YVUOGd3G!pxqhHP_6-q%M%#;@9oOkDe z-D>H>8)80Q(vE?3me-A#Gj*jf@pvfjb$ZRv$xqcE zFHoFb6#-jD?NE{%Ft>ygAJlACER9o>cyAJZgz~0Ep*)~bCYShV)#GkT2T~d zk`;d%M|1_>CuXX>kGDp|Lnzyn(8RVY8$Nf-hj)Jajq6`A4l$^u1N}Q7tAk=@u*{zMlrhwAJFgYgjV->+=twE zT*?@dM$+uIWH>w*Tt4Cfir+t10ZZ3W)wGRwOg_?G6u_3NM~h54%9Hh4&J`7w2MxSN zqb;?8q&<$MWT?lSX55b8)Hp*w>Jg>=qzJhAML)HSc4*TP{FcT&j;nK=ud5aDn7Qs* zaCUUivm84^9ZK={3>j`?A@`W)7{rxvTQ|>=D9L(1m8Va0#l?_5&`JHjV^G{oadGhI0{XmvM;3g#3 zwxs(tv|T|Fgz5gGXa&E@mp36y!wvj_mrE|#Sk^efXFVjE8zN*tHc!Evn1#`rYQu}l zC>+*2dC`OZm!P>~TE0@o#>D6;ZNje{BE1*AM&(^)Nfq&kEp0jvu)-VEcRq7co)UNK z$h1L{73%bA>8P@!EQ2X$l4Z0~^ok64=75S-p~e{EnMr*zk23NH+kq(8sn9UgoSu8V z;b;L^|K1Jy%H{zUT{2$JiFK|j#9sbiG7MO@dIv@YM^se2M-@-_+yDPrBq-IB7ghcy zfX>+F>>E(g2Rl^5iQ>OBvNI_`+tBMElh<5sav>&iw)Nx{H&i?$E)Lz@`2~R<>KYzX zWUSmUuISOtOKj@*EBJsalOF+hUyo zMrrt!dfd0HJN`kKU+S+`ail4w?zXj}P?94~zyuIO?mYS&Tk;a>atz#>+m_WxerVE##W(}9 z0lo8!S3eTNSGp=rhGb{abG2QdZ$B}Y&Dpg95c~dV%0FIxx>iB#xBo~GEDgY-16?;# zEInE(iEc`KDtncsucwb52>}1AQL}{V?Z_}9DbYQY7roZlMynB}V!Y$KNv8El&I^cr zboLH9lwk|*?PJEJMXL_#+8>@aOjzjaL?QxWF-kpG4$*={CsCofD^`8)%19HbOG904 zP^#{fHFMsDoNL^4v+H1`oo%yei*on{dbkLRi!zMz(<0HHLso4MVS{~&&jpX z-JY9#DJwV8;ubHL-c|_+VKwJpSYY>Y%Z4$&4L`+fB4S-lgMYhw=b8vYaym~U5j}cnHY4t4nrkEgaw!V zFV~d(`M;ugUrw-=S8GkdzB#DY4ZiD-pz4#aT-fJ-l zE=u;nj#F8lM2BQk4GgwrB23SX$58HCT4>yFNHUpf`U<=D$DCxHf106E)KJY?tNw%T zhkKP~N9_uws&N&pf2$f(d6+jt&fc=NWxq=OXquQyd8GQ6f|lY^UxHKgweM+5X3(;< zsDpc32PWBnytp;B9LyvgL0Qx#T?4oCf(_YZuzl~a_T4Y6t8Pr3WzMZ%8xld z=8QE1IkVy{AX1w~br%aREc0UL!Cf=L*a*k*UKfb1m1 z7A5qa`iH(usrylO=TJ#IXzFu7e}Oj{;6?hX4i~BdKVa!I7c%-NrVM))@{LdkFO<`6 zzQ+8x9(omUm0jL*NSjB#VeEmP_?{}`{sp^M*>hXo8B_ut7Q>y*`_55`yR9;=GMsq= zeHoQaEb}L6(zN~WEe3p|$>a=V3A^2meg9j3Q*1w!{c-De!T)=)fsz@+ag1^hIm3Tm z9qP)DzdDkt{`Z1~4gubB%$J1!nR0~0B3`qI(yzp@h^l2uUS2=G_#oHErjNwSZ|{7w zXvOmvT@Zz-xB1d}M~e4Od08*2I$ECIGwJt4*|Pt?F3vNYt@!QZ_TD>+8nr@=6ctKs zr8c2zm!P#rjoLdj_TFlXRk3Fkjae~kRjW2NTUDcYj{pC;o)^z`qfihQQlhIT*%&<9k$7f%j0uW*(3xa^lY z#gY#Fu>mrDTfp6Z_f{Pc-x=VyJOuEv7SKY$-CJ6x^`K#cbZ{wlKbz(HHsiZ;Y9$g> zox0Sp=3!~o*=T)dn7<}D)H z;oezV{#hS(YrTik$t04#Zp1G!DMF5Ro6V2riw;(5TS&rq*pbMvP@ zct5T^FOe$q)u`^XuJ`&yp^xpJ-vt zruVzMfaq>Z!}ESMX`=rx%-FOHJ%(dpTF$PmmdL@5PmaC8UUN1)@an(El9l8@&sP7CGM zuJMvzwx9fo93QFsE)GgshJlDU%vItV479>e;@tvy)OIxmxO03C0@=F#Y#iBrPVCvb zuhJF#?-TO;(0>23w$;*%5~8f)PD0*6l=^OUTmEl5_S4Yjzu(xzD_4j0q4ou}h#!rk zM=4K5K(|hitf*UJykQS<$QC3U&#>j{{Kr3v(HK#NuNgUrWDE{?a2S2Zb>7%?bAFhD z1579=PA2@H9y^uJlbr!4wMA7EB2Mc*!-SZRx*KY;qh1H&qkW5}2@mQvxurcZ*k@o` zaV_94>VQmwlAtS8W<@5rHdKG9xDhe|E4U>E$8hFYLH}%l&j=*oNAO9?XFalhlX1kq z#rml%))*fpC}YT^!K<{O;eU1==r?F2@%}e$GbxRj3Ha}H?6KtrW>jgv+=W7>fnMHW z)c$p>^EcAb_k!EEsF)*X82{~>ahLGv4GE|u_I#g!r&0}D(s`pJyU#G~r!?>kVhJlf zPE%PFURsNkTK1mK!u%|}F3vB`^-(JS4Jc70z!U;l#5E~;JASoj!BzgJ5HSz;oanen zcOTENSpR~~)>=Vco4=fCOmJ)p+!Tpu$x40Kw7=dMa9d*cKtg#iN+EyDWO4R=?g(Tz z&20n5Yc>*ES*@3|j28i4JqDwI4v5UJuK}OZ*ghOZiK=Yj`%Jny;1KiY zdm9AGQCO1krR@#ZQ>GFooIU-pNQt|9YZqXVSS!OZU1)xsZ z5WGGo+HlxYP4`WWrdkUvPz%*s4O2yV8 z=BbXDa@y>HXN}9}(;=aPU3%hsnnckl$G_;FP<_u+m5oPx@|n`bu9Zlwh_8J*U)m^0 z&9rDutsAqz`GnhEe@+bwkLXX&7R%Zf_VSbf(Ds*Xx~7HgW7a^ct$ApuglE{5b{qXXmI@ybAqIM~wsk4K=BqpiA z6{X8tJJH!+0QdQMi=0eZ*eM-%_Br}6>u?r`MuH2Rn7`JGoh?VDcr#BL`O?m6t-@{E zR(+$UFxY*yAATL=5i=Gl+siRPalW*N@uf?tDT(>NudaZZ=l*ikkvB7@;qnr2>)exB zG*CgiY>6|d^>n%)9e<0t8|?S@R;jZS<{`p;dZ3iGw&jD@-C#S231L=izeMmPY>Oa0 z{+X*JFRu+ICU!YK>?&i)=Tld{qGIW?FPV0a>DO;;N4o5U0q|;{aDEk|m=MdL2v$?xsDe*XCw)J10#7A_Geeu@Ea#^DF zoL}$xRJ7)+O;)h%Tvi9y*$bC#{-{>rDiV(a6N#(EM(M|SiREVv;a@Qh57VRx%QR5P zd<@K#K~E{lJ}9VqCq~zBulx}jFg*EcxyCnADEhqkR+SIJ&J+fsqo zWxxd;e95>^`nVz~rRF*7>YN>Bi)e@KCoFh%vjKyT>z&so*{E0SB5W2l^8$)!5KKfy zK-svev^MaY20K{!T>s0T1k=c*#Y52wI6cG>6e3b#^vAZbigwT|GGTh!mF*DDWaI3qev(!{24sGxr z#OIPMqksD7(mV{0kmT2|qpx^^2GbaOJ>KS%(Fm;$^c(+5d~Nszf;y-V&UO<@gwINZ z{S%9W7rauRO>T#>kaH09k>+oU25?nA@t$mAt=Eju(p{jCiJv2djDz9X7B3!*R5Rz7 zsOQ(@+#^}v_BNS~FlU^K6B281@ca^K1A@ukC8yRh${BCDKKs!_g zfFj$M$BFNkkrYWYvFa^itjjb(1{{+i^c8TK#R-w9S>2Cha3du`UcAw*0HNmQ&JWw* zejL-5-gh3{ZDbs4_ZN%UJOPo-4Rt;$KXIzTp^f!H4H!-)%<;?I+J9I)2PS=2$ZLlh z+K7l*cHFaK93Kql4D-+7pqWqmXuRPr-)lMfV>=YZu?OaKfz#mH`T{eyEu~b`-LC*w zKa*c?@n}akq+?34sdP!fl$3y*_cx7kprlN=Prnx(o2-NAi%D!^(4K9os_Q;c#1oI1 zN)YMDtA$2~AXIomlkn*Py)IHHjD^g$dZvQHNRoirSbMb*mb%G>de&h@1VwMek|JF$@Of%0DeXv#H9fAskI=v}QO~Wi})gNHk-z;Wm-lS=wu+R3nF2+@# zKbhc0S<_mj|E=jTe4b}n6rX_GNsni{E$D5UIP?L<-$yUao-7yz6SB{mq8kCfQ>&H| zHaH24hNI<8*s~%3Hq-2g2tXEPi>M71QUW>p?->(@=458P7Juz&r0?qX2#sbfr6~Gx zOQ-JpB~Z%!GJnlUh?dpK*PjaEedi-`xlfr_KuDxH;}`D(`~ArA3NTzDdHKhOPPM`G z;j9qjW-VOeq4Q_s1wQN((I|X%8QbezufOx897#Jnf|DzOM-B@2m3p74X)FrEnYF8U zjOAka;*PuGhbLWH7Wk;jyVFPvXEmLQC+>aVPgmVQhql} ziDKj)MD-qLQ6CA1BeWl2 za;0<9Cdq{fs$mH(klpPPhfV=r>9-{)pOzrPTqQmtBO*J!vJ5FZiR3NCrc~cT&|TV63-?Yx(>W!CHr9_Q7_bIP zedht&OCYPDw6xA|SQ?j$O3}|d?Zq(0+MX>CovrjAC&_7op^t5YL3wZw~J#e8y2%Kju$#U(TX~x_AvS(|Ipoyn?nP z?W@hinhWF?C5JGW);2YiPK%d#bTUAt{~vcJtnBwsA!$ws@ZlumdHv9Im=rOl%FOpg znio@rBFTOMrbUc=hU&A$Y`iCEvyk-SmFJb3?77bQeH_SCvRyAQ@>~1M{^*&(`l612 z*>=4aHZL@|LQ7#G(#Gz|;<-u(iTJ*BuUKpnJQEpH`E`1=MXd@ops5JWZnBOFqvQSA z=%By&*&&EdL7dKU!ADJF_G=;(?_b?&Hu#MvptVs8F5$gs?MqBezw*E-kbKq3P80S3 zi6^xn(XSOOeHUm+!t97fbl2kwR_n)@ zCV6EwNZ6K^O>iTx$#Uk^HatNh*)2}7P)>-v94}~HEMw&qIP|+B=|7o~PR=@$nzd24NEg<(4Izq+{rU*heI%n%>sA;G1d# z4nB=+? zNiPLh=AKy?j;Or?P%6FjHVLN>x?_~wGc?R;sHZeW13?tu!5@+K&|}jJIThosVMtT5 zrdU&es;&}ccrZxP3E+P_(2!G$X`E!%QJATh<9>)6UU5X~!B{4coWoF{3>Ov-T-n4(LyTN2AC;2x&&43@A5ItTHhx;cmSq--wV?uNi zZR|^z$~rHG7q$!OnmNO}R{x{Yx~#5uY;3%WYEXT8X&9=KfoxDPFYj*{6|rlB*){Lu zEF(Y@x5AI*^c59SWLP^DUPKj9<}Vf_B8pUy;5c51|HXBvVZ+J8+7a5T5}xPH;MgK@ z4z_%fZnEHaKduQhhz3YKdMOCEjApy2D|%_guF*QYbS}MKxhioYF0j6xQ-=p8M9GFW zI0DE^cY+HPA6D#+Z*qx;SPy?;peKbqQlmOaJa_IGjE_sccpx~z^*Ee0IvihEckD0o zMNGzQ>WG}9mox>06)1e^hI<#j^wqj-+D)Lu67-$W{jq#Y> zj2RzI-tm&pv+T6XKF+im;!aJS(_MR|Z27cyhY_?zvGi#Rg1m3(xf%|-GSXp`KyfDh z^y%&iPo1;!lFO^Uey@9`m9SkEN^Fr>ZX{VaZ}q-5*`X6yJA-A!<=_g)cnTFtOV-$S z!D-rN2;v*}lNF%tkNQwmtGK>L!O7z!qC`3tO7E;$V~OQ58Wswgx|^MND!?el!Db`N zncLKwwH@1A?wwz>SYX*yNl8)S{Lz2To#d*@il5)U4D@EjGHos}bL;KV^VoEHsVyGJ zAbE&c899<6!sy%d*p;*qFEoKeG!3z+9}SK$?3ab}(?WAD-ZBv%wlnDTuzL$OgTn#< zAq@DGS@e%p^cGv$R-Uv%>I~AWGqfU{8LllWQ{twzb3cETU`%60S=JlT_~#W3EIfZ3wj;a0?o+TAX( zG-AdGp%1&mYcMeP={0Tw7cMPs&}2lqeq_cG{H5M6CRLw1_dXMQc9l#Er~4Su zpuF?}q)PNWTfzUy!q6it1GbYzam89}IB8koud`(Fk?Q(=GH@DG8bY-KDN9_Z5}t{M z>U_-_IRHV*ihbbbY&oHy5%VwL!G6YWk!-_86wGpmHa2 zTkHG9RVw;~iSc&_!K3Lf%PI@UJQM=<8r1)Nr5b8d*+Ao9V!y5k+7`L3kJN3z(mbF> zYEODgb>SA1Azo(tBY5S6k1{`za~?gquTxo!9nl{Nz9=8d*;Jc|^f4BmXv|Wi*|^?Q zem=&Pdz$jFqaW8q|KO?K2%i}q=vQf^R_jsdbVF7&`_B62KoIUVX;w6on$#s&x=D47 zTQM1RjsprMHPW)LWKoY;CRKk)qkU4w`)$!A$|jGFq&>x~c-d9pz%x+lpJJ)mt-A5GTIXXJ7%GV;z0PGpDtLv_JpVUz&S&G{f2N5dhC4v;Gs;? z0<_6OzrMPz6z(M_2z(k|1t~{Av9}i22-%#vz7s_BOdE!*56E$v67AHeG$@t7 zs9Tm;*5wm)cd|Abbi)hGqmoKv8A*X|_SC$x9mgR!;s8{N@ts=p1Y%5tb zUSIg6J*XhKdY2`LuaBYWhD^bPgq6p(ogy5vSxD(;Mr`+q_y?q85g^?0^yHP$&ksHN zU|}3WVPWm%5`_XqFSo)YUWSE<&kfLkp~l)K@A-Z*sDQS>8(G4jr&xNAgZ0c*xRBl5 ze1U)lYUebC{Cze@z2JnmH07E3G-3vPYA=OfOBJzE_p2aeN%h+e;wZQ(Z0qRqdKj{3 z$Hh<4w69++n1DaPD6j1DKm#XTDlqFv7D4Ps_cNqQg&iq7mHJK1UK*ECcdRo{6K9>Fk~rH>R(3qF@T zPZz5Ec@OFKCfKz|v4wRj;t((ZxblYUq_^fMzL6SOyk?#Kh~lCz8*!6F;q#ZyJe1pc z7S9Uh!ilGHd@~wKr!_#`)Z|$Npc%mM^W=mpOlQsszLP@Emi+gdUPzF7<_#k9zn(3? z>;+w%+<5%@p80>(UW6KnC8IK@|0nWN%iPF*O=R@HKgthIrW^cMuB=}|e?(zu9y#&5 z{eNA~B#%z%|DTpCfeY{nAG9!%yBUcLrn4JX17~AJqFX^aA-QseJ=Iv<^T3O*OXuEH zZ)6X>E|$Lk-s!yfmxj&6Dq4+S=3Pq#$OoAe7XCUvX>a|#!*=5HZR@1{x%%~~03vQ24OJbLIwkAy{{fbFk0<~D literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md index 61676599dc..05d825f6a6 100644 --- a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md +++ b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md @@ -65,17 +65,9 @@ The AV-TEST Product Review and Certification Report tests on three categories: p Windows Defender Antivirus achieved an overall Protection score of 6.0/6.0, detecting 100% of 5,790 malware samples. -- March - April 2018 AV-TEST Business User test: [Protection score 5.5/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/april-2018/microsoft-windows-defender-antivirus-4.12-181574/) | [Analysis](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2ouJA?ocid=cx-docs-avreports) - - Windows Defender Antivirus achieved an overall Protection score of 5.5/6.0, missing 2 out of 5,680 malware samples (0.035% miss rate). - -- January - February 2018 AV-TEST Business User test: [Protection score 6.0/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/february-2018/microsoft-windows-defender-antivirus-4.12-180674/) | [Analysis](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE27O5A?ocid=cx-docs-avreports) - - Windows Defender Antivirus achieved an overall Protection score of 6.0/6.0, with 5,105 malware samples tested. - ||| |---|---| -|![Graph describing Real-World detection rate](./images/RealWorld18.png)|![Graph describing Prevalent Malware](./images/PrevalentMalware18.png)| +|![Graph describing Real-World detection rate](./images/real-world-small.png)|![Graph describing Prevalent Malware](./images/prevalent-malware-small.png)| ### AV-Comparatives: Protection rating of 99.6% in the latest test From d0f840b13716982db2058a5a472a73fe3741bd23 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Tue, 28 May 2019 12:11:38 -0700 Subject: [PATCH 14/19] updated language, added test --- .../top-scoring-industry-antivirus-tests.md | 20 +++++++++---------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md index 05d825f6a6..fc3c2af399 100644 --- a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md +++ b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md @@ -1,6 +1,6 @@ --- title: Top scoring in industry tests -description: Windows Defender ATP consistently achieves high scores in independent tests. View the latest scores and analysis. +description: Microsoft Defender ATP consistently achieves high scores in independent tests. View the latest scores and analysis. keywords: security, malware, av-comparatives, av-test, av, antivirus, windows, defender, scores, endpoint detection and response, next generation protection, MITRE, WDATP ms.prod: w10 ms.mktglfcycl: secure @@ -73,9 +73,13 @@ The AV-TEST Product Review and Certification Report tests on three categories: p AV-Comparatives is an independent organization offering systematic testing for security software such as PC/Mac-based antivirus products and mobile security solutions. -- Real-World Protection Test Enterprise August - November 2018: [Protection Rate 99.6%](https://www.av-comparatives.org/tests/real-world-protection-test-enterprise-august-november-2018-testresult/) **Latest** +- Real-World Protection Test Enterprise March - April 2019: [Protection Rate 99.7%](https://www.av-comparatives.org/tests/real-world-protection-test-enterprise-march-april-2019-testresult/) **Latest** - This test, as defined by AV-Comparatives, attempts to assess the effectiveness of each security program to protect a computer against active malware threats while online. The test set contained 1207 test cases (such as malicious URLs). + This test, as defined by AV-Comparatives, attempts to assess the effectiveness of each security program to protect a computer against active malware threats while online. The test set contained 389 test cases (such as malicious URLs). + +- Real-World Protection Test Enterprise August - November 2018: [Protection Rate 99.6%](https://www.av-comparatives.org/tests/real-world-protection-test-enterprise-august-november-2018-testresult/) + + The test set contained 1,207 test cases (such as malicious URLs). - Malware Protection Test Enterprise August 2018: [Protection Rate 99.9%](https://www.av-comparatives.org/tests/malware-protection-test-enterprise-august-2018-testresult/) @@ -85,12 +89,6 @@ AV-Comparatives is an independent organization offering systematic testing for s The test set contained 1,163 test cases (such as malicious URLs). -- Malware Protection Test Enterprise March 2018: [Protection Rate 99.9%](https://www.av-comparatives.org/tests/malware-protection-test-enterprise-march-2018-testresult/) - - For this test, 1,470 recent malware samples were used. - -[Historical AV-Comparatives Microsoft tests](https://www.av-comparatives.org/vendors/microsoft/) - ### SE Labs: Total accuracy rating of AAA in the latest test SE Labs tests a range of solutions used by products and services to detect and/or protect against attacks, including endpoint software, network appliances, and cloud services. @@ -111,6 +109,6 @@ SE Labs tests a range of solutions used by products and services to detect and/o It is important to remember that Microsoft sees a wider and broader set of threats beyond what’s tested in the evaluations highlighted above. For example, in an average month, we identify over 100 million new threats. Even if an independent tester can acquire and test 1% of those threats, that is a million tests across 20 or 30 products. In other words, the vastness of the malware landscape makes it extremely difficult to evaluate the quality of protection against real world threats. -The capabilities within [Windows Defender ATP](https://www.microsoft.com/en-us/windowsforbusiness?ocid=cx-docs-avreports) provide [additional layers of protection](https://cloudblogs.microsoft.com/microsoftsecure/2017/12/11/detonating-a-bad-rabbit-windows-defender-antivirus-and-layered-machine-learning-defenses?ocid=cx-docs-avreports) that are not factored into industry tests, and address some of the latest and most sophisticated threats. Isolating AV from the rest of Windows Defender ATP creates a partial picture of how our security stack operates in the real world. For example, attack surface reduction and endpoint detection & response capabilities can help prevent malware from getting onto devices in the first place. We have proven that [Windows Defender ATP components catch samples](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2ouJA?ocid=cx-docs-avreports) that Windows Defender Antivirus missed in these industry tests, which is more representative of how effectively our security suite protects customers in the real world. +The capabilities within [Microsoft Defender ATP](https://www.microsoft.com/en-us/windowsforbusiness?ocid=cx-docs-avreports) provide [additional layers of protection](https://cloudblogs.microsoft.com/microsoftsecure/2017/12/11/detonating-a-bad-rabbit-windows-defender-antivirus-and-layered-machine-learning-defenses?ocid=cx-docs-avreports) that are not factored into industry tests, and address some of the latest and most sophisticated threats. Isolating AV from the rest of Microsoft Defender ATP creates a partial picture of how our security stack operates in the real world. For example, attack surface reduction and endpoint detection & response capabilities can help prevent malware from getting onto devices in the first place. We have proven that [Microsoft Defender ATP components catch samples](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2ouJA?ocid=cx-docs-avreports) that Windows Defender Antivirus missed in these industry tests, which is more representative of how effectively our security suite protects customers in the real world. -Using independent tests, customers can view one aspect of their security suite but can't assess the complete protection of all the security features. Microsoft is highly engaged in working with several independent testers to evolve security testing to focus on the end-to-end security stack. In the meantime, customers can evaluate Windows Defender Advanced Threat Protection in their own networks by signing up for a [90-day trial of Windows Defender ATP](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=cx-docs-avreports), or [enabling Preview features on existing tenants](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection?ocid=cx-docs-avreports). \ No newline at end of file +Using independent tests, customers can view one aspect of their security suite but can't assess the complete protection of all the security features. Microsoft is highly engaged in working with several independent testers to evolve security testing to focus on the end-to-end security stack. In the meantime, customers can evaluate Microsoft Defender Advanced Threat Protection in their own networks by signing up for a [90-day trial of Microsoft Defender ATP](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=cx-docs-avreports), or [enabling Preview features on existing tenants](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection?ocid=cx-docs-avreports). \ No newline at end of file From 080dc69c8244411164bfe439af5b272d6e1ab95c Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Tue, 28 May 2019 12:25:19 -0700 Subject: [PATCH 15/19] replacing windows terms --- .../intelligence/cybersecurity-industry-partners.md | 2 +- .../security/threat-protection/intelligence/developer-info.md | 4 +--- .../threat-protection/intelligence/fileless-threats.md | 4 ++-- windows/security/threat-protection/intelligence/index.md | 2 +- 4 files changed, 5 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/intelligence/cybersecurity-industry-partners.md b/windows/security/threat-protection/intelligence/cybersecurity-industry-partners.md index 37903b6e79..e86455f52b 100644 --- a/windows/security/threat-protection/intelligence/cybersecurity-industry-partners.md +++ b/windows/security/threat-protection/intelligence/cybersecurity-industry-partners.md @@ -29,7 +29,7 @@ Go to the [VIA program page](virus-information-alliance-criteria.md) for more in MVI is open to organizations who build and own a Real Time Protection (RTP) antimalware product of their own design, or one developed using a third-party antivirus SDK. -Members get access to Microsoft client APIs for the Windows Defender Security Center, IOAV, AMSI, and Cloud Files, along with health data and other telemetry to help their customers stay protected. Antimalware products are submitted to Microsoft for performance testing on a regular basis. +Members get access to Microsoft client APIs for the Microsoft Defender Security Center, IOAV, AMSI, and Cloud Files, along with health data and other telemetry to help their customers stay protected. Antimalware products are submitted to Microsoft for performance testing on a regular basis. Go to the [MVI program page](virus-initiative-criteria.md) for more information. diff --git a/windows/security/threat-protection/intelligence/developer-info.md b/windows/security/threat-protection/intelligence/developer-info.md index 64dc28a46a..d3c5062599 100644 --- a/windows/security/threat-protection/intelligence/developer-info.md +++ b/windows/security/threat-protection/intelligence/developer-info.md @@ -25,6 +25,4 @@ Learn about the common questions we receive from software developers and get oth Topic | Description :---|:--- [Software developer FAQ](developer-faq.md) | Provides answers to common questions we receive from software developers. -[Developer resources](developer-resources.md) | Provides information about how to submit files, detection criteria, and how to check your software against the latest Security intelligence and cloud protection from Microsoft. - - +[Developer resources](developer-resources.md) | Provides information about how to submit files, detection criteria, and how to check your software against the latest security intelligence and cloud protection from Microsoft. \ No newline at end of file diff --git a/windows/security/threat-protection/intelligence/fileless-threats.md b/windows/security/threat-protection/intelligence/fileless-threats.md index f0d0633fa0..0e74fa7414 100644 --- a/windows/security/threat-protection/intelligence/fileless-threats.md +++ b/windows/security/threat-protection/intelligence/fileless-threats.md @@ -1,7 +1,7 @@ --- title: Fileless threats description: Learn about fileless threats, its categories, and how it runs -keywords: fileless, amsi, behavior monitoring, memory scanning, boot sector protection, security, malware, Windows Defender ATP, antivirus, AV +keywords: fileless, amsi, behavior monitoring, memory scanning, boot sector protection, security, malware, Windows Defender ATP, antivirus, AV, Microsoft Defender ATP ms.prod: w10 ms.mktglfcycl: secure ms.sitesec: library @@ -95,6 +95,6 @@ Having described the broad categories, we can now dig into the details and provi ## Defeating fileless malware -At Microsoft, we actively monitor the security landscape to identify new threat trends and develop solutions that continuously enhance Windows security and mitigate classes of threats. We instrument durable protections that are effective against a wide range of threats. Through AntiMalware Scan Interface (AMSI), behavior monitoring, memory scanning, and boot sector protection, Windows Defender Advanced Threat Protection [(Windows Defender ATP)](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-fileless) can inspect fileless threats even with heavy obfuscation. Machine learning technologies in the cloud allow us to scale these protections against new and emerging threats. +At Microsoft, we actively monitor the security landscape to identify new threat trends and develop solutions that continuously enhance Windows security and mitigate classes of threats. We instrument durable protections that are effective against a wide range of threats. Through AntiMalware Scan Interface (AMSI), behavior monitoring, memory scanning, and boot sector protection, Microsoft Defender Advanced Threat Protection [(Microsoft Defender ATP)](https://www.microsoft.com/en-us/windowsforbusiness?ocid=docs-fileless) can inspect fileless threats even with heavy obfuscation. Machine learning technologies in the cloud allow us to scale these protections against new and emerging threats. To learn more, read: [Out of sight but not invisible: Defeating fileless malware with behavior monitoring, AMSI, and next-gen AV](https://cloudblogs.microsoft.com/microsoftsecure/2018/09/27/out-of-sight-but-not-invisible-defeating-fileless-malware-with-behavior-monitoring-amsi-and-next-gen-av/) \ No newline at end of file diff --git a/windows/security/threat-protection/intelligence/index.md b/windows/security/threat-protection/intelligence/index.md index cde3c3a454..68203c0963 100644 --- a/windows/security/threat-protection/intelligence/index.md +++ b/windows/security/threat-protection/intelligence/index.md @@ -22,6 +22,6 @@ Here you will find information about different types of malware, safety tips on * [Submit files for analysis](submission-guide.md) * [Safety Scanner download](safety-scanner-download.md) -Keep up with the latest malware news and research. Check out our [Windows security blogs](https://cloudblogs.microsoft.com/microsoftsecure/?product=windows,windows-defender-advanced-threat-protection) and follow us on [Twitter](https://twitter.com/wdsecurity) for the latest news, discoveries, and protections. +Keep up with the latest malware news and research. Check out our [Microsoft Security blogs](https://www.microsoft.com/security/blog/product/windows/) and follow us on [Twitter](https://twitter.com/wdsecurity) for the latest news, discoveries, and protections. Learn more about [Windows security](https://docs.microsoft.com/windows/security/index). \ No newline at end of file From 2f183dccc414ccd4a13ff06715055a86a677e207 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Tue, 28 May 2019 13:42:49 -0700 Subject: [PATCH 16/19] update links --- windows/security/threat-protection/intelligence/phishing.md | 2 +- .../intelligence/prevent-malware-infection.md | 4 ++-- .../intelligence/safety-scanner-download.md | 4 ++-- .../threat-protection/intelligence/understanding-malware.md | 6 +++--- .../threat-protection/intelligence/unwanted-software.md | 4 ++-- .../threat-protection/intelligence/worms-malware.md | 2 +- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/windows/security/threat-protection/intelligence/phishing.md b/windows/security/threat-protection/intelligence/phishing.md index 8e7744a439..00b5634d69 100644 --- a/windows/security/threat-protection/intelligence/phishing.md +++ b/windows/security/threat-protection/intelligence/phishing.md @@ -135,7 +135,7 @@ Send an email with the phishing scam to **The Anti-Phishing Working Group**: rep ## Where to find more information about phishing attacks -For information on the latest Phishing attacks, techniques, and trends, you can read these entries on the [Windows Security blog](https://cloudblogs.microsoft.com/microsoftsecure/?product=windows,windows-defender-advanced-threat-protection): +For information on the latest phishing attacks, techniques, and trends, you can read these entries on the [Microsoft Security blog](https://www.microsoft.com/security/blog/product/windows/): * [Phishers unleash simple but effective social engineering techniques using PDF attachments](https://cloudblogs.microsoft.com/microsoftsecure/2017/01/26/phishers-unleash-simple-but-effective-social-engineering-techniques-using-pdf-attachments/?source=mmpc) diff --git a/windows/security/threat-protection/intelligence/prevent-malware-infection.md b/windows/security/threat-protection/intelligence/prevent-malware-infection.md index 58a9dfebdd..02d32eb70d 100644 --- a/windows/security/threat-protection/intelligence/prevent-malware-infection.md +++ b/windows/security/threat-protection/intelligence/prevent-malware-infection.md @@ -104,7 +104,7 @@ Microsoft provides comprehensive security capabilities that help protect against * [OneDrive for Business](https://support.office.com/article/restore-a-previous-version-of-a-file-in-onedrive-159cad6d-d76e-4981-88ef-de6e96c93893?ui=en-US&rs=en-US&ad=US) can back up files, which you would then use to restore files in the event of an infection. -* [Windows Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection) provides comprehensive endpoint protection, detection, and response capabilities to help prevent ransomware. In the event of a breach, Windows Defender ATP alerts security operations teams about suspicious activities and automatically attempts to resolve the problem. This includes alerts for suspicious PowerShell commands, connecting to a TOR website, launching self-replicated copies, and deletion of volume shadow copies. Try Windows Defender ATP free of charge. +* [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection) provides comprehensive endpoint protection, detection, and response capabilities to help prevent ransomware. In the event of a breach, Microsoft Defender ATP alerts security operations teams about suspicious activities and automatically attempts to resolve the problem. This includes alerts for suspicious PowerShell commands, connecting to a TOR website, launching self-replicated copies, and deletion of volume shadow copies. Try Microsoft Defender ATP free of charge. * [Windows Hello for Business](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-identity-verification) replaces passwords with strong two-factor authentication on your devices. This authentication consists of a new type of user credential that is tied to a device and uses a biometric or PIN. It lets user authenticate to an Active Directory or Azure Active Directory account. @@ -114,6 +114,6 @@ Microsoft provides comprehensive security capabilities that help protect against ## What to do with a malware infection -Windows Defender ATP antivirus capabilities helps reduce the chances of infection and will automatically remove threats that it detects. +Microsoft Defender ATP antivirus capabilities helps reduce the chances of infection and will automatically remove threats that it detects. In case threat removal is unsuccessful, read about [troubleshooting malware detection and removal problems](https://support.microsoft.com/help/4466982/windows-10-troubleshoot-problems-with-detecting-and-removing-malware). \ No newline at end of file diff --git a/windows/security/threat-protection/intelligence/safety-scanner-download.md b/windows/security/threat-protection/intelligence/safety-scanner-download.md index 69dfef35ee..fcfb430610 100644 --- a/windows/security/threat-protection/intelligence/safety-scanner-download.md +++ b/windows/security/threat-protection/intelligence/safety-scanner-download.md @@ -26,7 +26,7 @@ Microsoft Safety Scanner is a scan tool designed to find and remove malware from Safety Scanner only scans when manually triggered and is available for use 10 days after being downloaded. We recommend that you always download the latest version of this tool before each scan. -> **NOTE:** This tool does not replace your antimalware product. For real-time protection with automatic updates, use [Windows Defender Antivirus on Windows 10 and Windows 8](https://www.microsoft.com/en-us/windows/windows-defender) or [Microsoft Security Essentials on Windows 7](https://support.microsoft.com/help/14210/security-essentials-download). These antimalware products also provide powerful malware removal capabilities. If you are having difficulties removing malware with these products, you can refer to our help on [removing difficult threats](https://www.microsoft.com/en-us/wdsi/help/troubleshooting-infection). +> **NOTE:** This tool does not replace your antimalware product. For real-time protection with automatic updates, use [Windows Defender Antivirus on Windows 10 and Windows 8](https://www.microsoft.com/windows/comprehensive-security) or [Microsoft Security Essentials on Windows 7](https://support.microsoft.com/help/14210/security-essentials-download). These antimalware products also provide powerful malware removal capabilities. If you are having difficulties removing malware with these products, you can refer to our help on [removing difficult threats](https://www.microsoft.com/en-us/wdsi/help/troubleshooting-infection). > **NOTE:** Safety scanner is a portable executable and does not appear in the Windows Start menu or as an icon on the desktop. Note where you saved this download. @@ -51,4 +51,4 @@ For more information about the Safety Scanner, see the support article on [how t - [Microsoft Security Essentials](https://support.microsoft.com/help/14210/security-essentials-download) - [Removing difficult threats](https://support.microsoft.com/help/4466982/windows-10-troubleshoot-problems-with-detecting-and-removing-malware) - [Submit file for malware analysis](https://www.microsoft.com/wdsi/filesubmission) -- [Microsoft antimalware and threat protection solutions](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection) +- [Microsoft antimalware and threat protection solutions](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection) diff --git a/windows/security/threat-protection/intelligence/understanding-malware.md b/windows/security/threat-protection/intelligence/understanding-malware.md index 28f670b9f3..ef84e9e059 100644 --- a/windows/security/threat-protection/intelligence/understanding-malware.md +++ b/windows/security/threat-protection/intelligence/understanding-malware.md @@ -14,13 +14,13 @@ ms.collection: M365-security-compliance ms.topic: conceptual search.appverid: met150 --- -# Understanding malware & other threats +# Understanding malware & other threats Malware is a term used to describe malicious applications and code that can cause damage and disrupt normal use of devices. Malware can allow unauthorized access, use system resources, steal passwords, lock you out of your computer and ask for ransom, and more. Cybercriminals that distribute malware are often motivated by money and will use infected computers to launch attacks, obtain banking credentials, collect information that can be sold, sell access to computing resources, or extort payment from victims. -As criminals become more sophisticated with their attacks, Microsoft is here to help. Windows 10 is the most secure version of Windows yet and includes many features to help protect you whether you're at home, at work, or on the go. With Windows Defender Advanced Threat Protection ([Windows Defender ATP](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=cx-docs-avreports)), businesses can stay protected with next-generation protection and other security capabilities. +As criminals become more sophisticated with their attacks, Microsoft is here to help. Windows 10 is the most secure version of Windows yet and includes many features to help protect you whether you're at home, at work, or on the go. With Microsoft Defender Advanced Threat Protection ([Microsoft Defender ATP](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp)), businesses can stay protected with next-generation protection and other security capabilities. For good general tips, check out the [prevent malware infection](prevent-malware-infection.md) topic. @@ -38,6 +38,6 @@ There are many types of malware, including: - [Unwanted software](unwanted-software.md) - [Worms](worms-malware.md) -Keep up with the latest malware news and research. Check out our [Windows security blogs](https://aka.ms/wdsecurityblog) and follow us on [Twitter](https://twitter.com/wdsecurity) for the latest news, discoveries, and protections. +Keep up with the latest malware news and research. Check out our [Microsoft security blogs](https://www.microsoft.com/security/blog/product/windows/) and follow us on [Twitter](https://twitter.com/wdsecurity) for the latest news, discoveries, and protections. Learn more about [Windows security](https://docs.microsoft.com/windows/security/index). \ No newline at end of file diff --git a/windows/security/threat-protection/intelligence/unwanted-software.md b/windows/security/threat-protection/intelligence/unwanted-software.md index ed1811238e..0e21b773e3 100644 --- a/windows/security/threat-protection/intelligence/unwanted-software.md +++ b/windows/security/threat-protection/intelligence/unwanted-software.md @@ -34,7 +34,7 @@ Here are some indications of unwanted software: Some indicators are harder to recognize because they are less disruptive, but are still unwanted. For example, unwanted software can modify web pages to display specific ads, monitor browsing activities, or remove control of the browser. -Microsoft uses an extensive [evaluation criteria](https://docs.microsoft.com/windows/security/threat-protection/intelligence/criteria) to identify unwanted software. +Microsoft uses an extensive [evaluation criteria](criteria.md) to identify unwanted software. ## How to protect against unwanted software @@ -42,7 +42,7 @@ To prevent unwanted software infection, download software only from official web Use [Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/index) when browsing the internet. Microsoft Edge includes additional protections that effectively block browser modifiers that can change your browser settings. Microsoft Edge also blocks known websites hosting unwanted software using [SmartScreen](https://docs.microsoft.com/microsoft-edge/deploy/index) (also used by Internet Explorer). -Enable [Windows Defender AV](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) in Windows 10. It provides real-time protection against threats and detects and removes known unwanted software. +Enable [Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) in Windows 10. It provides real-time protection against threats and detects and removes known unwanted software. Download [Microsoft Security Essentials](https://www.microsoft.com/download/details.aspx?id=5201) for real-time protection in Windows 7 or Windows Vista. diff --git a/windows/security/threat-protection/intelligence/worms-malware.md b/windows/security/threat-protection/intelligence/worms-malware.md index eea3dbea97..dece4574a6 100644 --- a/windows/security/threat-protection/intelligence/worms-malware.md +++ b/windows/security/threat-protection/intelligence/worms-malware.md @@ -43,7 +43,7 @@ This image shows how a worm can quickly spread through a shared USB drive. ## How to protect against worms -Enable [Windows Defender AV](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) in Windows 10. It provides real-time protection against threats and detects and removes known unwanted software. +Enable [Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) in Windows 10. It provides real-time protection against threats and detects and removes known unwanted software. Download [Microsoft Security Essentials](https://www.microsoft.com/download/details.aspx?id=5201) for real-time protection in Windows 7 or Windows Vista. From 85da1523cb545d0391d088707b9b41662d499499 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Tue, 28 May 2019 13:47:36 -0700 Subject: [PATCH 17/19] update title --- .../intelligence/top-scoring-industry-antivirus-tests.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md index fc3c2af399..f2315d8671 100644 --- a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md +++ b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md @@ -69,7 +69,7 @@ The AV-TEST Product Review and Certification Report tests on three categories: p |---|---| |![Graph describing Real-World detection rate](./images/real-world-small.png)|![Graph describing Prevalent Malware](./images/prevalent-malware-small.png)| -### AV-Comparatives: Protection rating of 99.6% in the latest test +### AV-Comparatives: Protection rating of 99.7% in the latest test AV-Comparatives is an independent organization offering systematic testing for security software such as PC/Mac-based antivirus products and mobile security solutions. From 3ecc7388eba917b25beb5e4e3db36f7a4b4b0a08 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Tue, 28 May 2019 13:53:49 -0700 Subject: [PATCH 18/19] updated number --- .../intelligence/top-scoring-industry-antivirus-tests.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md index f2315d8671..849e9ef801 100644 --- a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md +++ b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md @@ -47,7 +47,7 @@ The AV-TEST Product Review and Certification Report tests on three categories: p - January - February 2019 AV-TEST Business User test: [Protection score 6.0/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/february-2019/microsoft-windows-defender-antivirus-4.18-190611/) - Windows Defender Antivirus achieved an overall Protection score of 6.0/6.0, with 19,956 malware samples used. + Windows Defender Antivirus achieved an overall Protection score of 6.0/6.0, with 13,977 malware samples used. - November - December 2018 AV-TEST Business User test: [Protection score 6.0/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/december-2018/microsoft-windows-defender-antivirus-4.18-185074/) | [Analysis](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWusR9) From c784fed145bce31311ed6893d90d7da1344b286a Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Tue, 28 May 2019 14:44:34 -0700 Subject: [PATCH 19/19] grammar updates --- .vscode/settings.json | 7 ++++ .../intelligence/fileless-threats.md | 34 +++++++++---------- 2 files changed, 24 insertions(+), 17 deletions(-) create mode 100644 .vscode/settings.json diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000000..e7f59d08ec --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,7 @@ +{ + "cSpell.words": [ + "kovter", + "kovter's", + "poshspy" + ] +} \ No newline at end of file diff --git a/windows/security/threat-protection/intelligence/fileless-threats.md b/windows/security/threat-protection/intelligence/fileless-threats.md index 0e74fa7414..ba54c66db5 100644 --- a/windows/security/threat-protection/intelligence/fileless-threats.md +++ b/windows/security/threat-protection/intelligence/fileless-threats.md @@ -17,49 +17,49 @@ search.appverid: met150 # Fileless threats -What exactly is a fileless threat? The term "fileless" suggests that a threat that does not come in a file, such as a backdoor that lives only in the memory of a machine. However, there's no generally accepted definition. The terms is used broadly; it's also used to describe malware families that do rely on files in order to operate. +What exactly is a fileless threat? The term "fileless" suggests that a threat that does not come in a file, such as a backdoor that lives only in the memory of a machine. However, there's no generally accepted definition. The term is used broadly; it's also used to describe malware families that do rely on files to operate. -Given that attacks involve [several stages](https://attack.mitre.org/wiki/ATT&CK_Matrix) for functionalities like execution, persistence, information theft, lateral movement, communication with command-and-control, etc., some parts of the attack chain may be fileless, while others may involve the filesystem in some form or another. +Given that attacks involve [several stages](https://attack.mitre.org/wiki/ATT&CK_Matrix) for functionalities like execution, persistence, or information theft, some parts of the attack chain may be fileless, while others may involve the filesystem in some form or another. -To shed light on this loaded term, we grouped fileless threats into different categories. +For clarity, fileless threats are grouped into different categories. ![Comprehensive diagram of fileless malware](images/fileless-malware.png)
*Figure 1. Comprehensive diagram of fileless malware* -We can classify fileless threats by their entry point, which indicates how fileless malware can arrive on a machine: via an exploit; through compromised hardware; or via regular execution of applications and scripts. +Fileless threats can be classified by their entry point, which indicates how fileless malware can arrive on a machine. They can arrive via an exploit, through compromised hardware, or via regular execution of applications and scripts. -Next, we can list the form of entry point: for example, exploits can be based on files or network data; PCI peripherals are a type of hardware vector; and scripts and executables are sub-categories of the execution vector. +Next, list the form of entry point. For example, exploits can be based on files or network data, PCI peripherals are a type of hardware vector, and scripts and executables are sub-categories of the execution vector. -Finally, we can classify the host of the infection: for example, a Flash application that may contain an exploit; a simple executable; a malicious firmware from a hardware device; or an infected MBR, which could bootstrap the execution of a malware before the operating system even loads. +Finally, classify the host of the infection. For example, a Flash application that may contain an exploit, a simple executable, malicious firmware from a hardware device, or an infected MBR, which could bootstrap the execution of a malware before the operating system even loads. -This helps us divide and categorize the various kinds of fileless threats. Clearly, the categories are not all the same: some are more dangerous but also more difficult to implement, while others are more commonly used despite (or precisely because of) not being very advanced. +This helps you divide and categorize the various kinds of fileless threats. Clearly, the categories are not all the same: some are more dangerous but also more difficult to implement, while others are more commonly used despite (or precisely because of) not being very advanced. -From this categorization, we can glean three big types of fileless threats based on how much fingerprint they may leave on infected machines. +From this categorization, you can glean three main types of fileless threats based on how much fingerprint they may leave on infected machines. ## Type I: No file activity performed A completely fileless malware can be considered one that never requires writing a file on the disk. How would such malware infect a machine in the first place? An example scenario could be a target machine receiving malicious network packets that exploit the EternalBlue vulnerability, leading to the installation of the DoublePulsar backdoor, which ends up residing only in the kernel memory. In this case, there is no file or any data written on a file. -Another scenario could involve compromised devices, where malicious code could be hiding in device firmware (such as a BIOS), a USB peripheral (like the BadUSB attack), or even in the firmware of a network card. All these examples do not require a file on the disk in order to run and can theoretically live only in memory, surviving even reboots, disk reformats, and OS reinstalls. +Another scenario could involve compromised devices, where malicious code could be hiding in device firmware (such as a BIOS), a USB peripheral (like the BadUSB attack), or even in the firmware of a network card. All these examples do not require a file on the disk to run and can theoretically live only in memory, surviving even reboots, disk reformats, and OS reinstalls. Infections of this type can be extra difficult to detect and remediate. Antivirus products usually don’t have the capability to access firmware for inspection; even if they did, it would be extremely challenging to detect and remediate threats at this level. Because this type of fileless malware requires high levels of sophistication and often depend on particular hardware or software configuration, it’s not an attack vector that can be exploited easily and reliably. For this reason, while extremely dangerous, threats of this type tend to be very uncommon and not practical for most attacks. ## Type II: Indirect file activity -There are other ways that malware can achieve fileless presence on a machine without requiring significant engineering effort. Fileless malware of this type don’t directly write files on the file system, but they can end up using files indirectly. This is the case for [Poshspy backdoor](https://www.fireeye.com/blog/threat-research/2017/03/dissecting_one_ofap.html). Attackers installed a malicious PowerShell command within the WMI repository and configured a WMI filter to run such command periodically. +There are other ways that malware can achieve fileless presence on a machine without requiring significant engineering effort. Fileless malware of this type doesn't directly write files on the file system, but they can end up using files indirectly. This is the case for [Poshspy backdoor](https://www.fireeye.com/blog/threat-research/2017/03/dissecting_one_ofap.html). Attackers installed a malicious PowerShell command within the WMI repository and configured a WMI filter to run such command periodically. It’s possible to carry out such installation via command line without requiring the presence of the backdoor to be on a file in the first place. The malware can thus be installed and theoretically run without ever touching the file system. However, the WMI repository is stored on a physical file that is a central storage area managed by the CIM Object Manager and usually contains legitimate data. Therefore, while the infection chain does technically use a physical file, for practical purposes it’s considered a fileless attack given that the WMI repository is a multi-purpose data container that cannot be simply detected and removed. ## Type III: Files required to operate -Some malware can have some sort of fileless persistence but not without using files in order to operate. An example for this scenario is Kovter, which creates a shell open verb handler in the registry for a random file extension. This action means that opening a file with such extension will lead to the execution of a script through the legitimate tool mshta.exe. +Some malware can have some sort of fileless persistence but not without using files to operate. An example for this scenario is Kovter, which creates a shell open verb handler in the registry for a random file extension. This action means that opening a file with such extension will lead to the execution of a script through the legitimate tool mshta.exe. ![Image of Kovter's registry key](images/kovter-reg-key.png)
*Figure 2. Kovter’s registry key* When the open verb is invoked, the associated command from the registry is launched, which results in the execution of a small script. This script reads data from a further registry key and executes it, in turn leading to the loading of the final payload. However, to trigger the open verb in the first place, Kovter has to drop a file with the same extension targeted by the verb (in the example above, the extension is .bbf5590fd). It also has to set an auto-run key configured to open such file when the machine starts. -Despite the use of files, and despite the fact that the registry too is stored in physical files, Kovter is considered a fileless threat because the file system is of no practical use: the files with random extension contain junk data that is not usable in verifying the presence of the threat, and the files that store the registry are containers that cannot be detected and deleted if malicious content is present. +Kovter is considered a fileless threat because the file system is of no practical use: the files with random extension contain junk data that is not usable in verifying the presence of the threat, and the files that store the registry are containers that cannot be detected and deleted if malicious content is present. ## Categorizing fileless threats by infection host @@ -67,21 +67,21 @@ Having described the broad categories, we can now dig into the details and provi ### Exploits -**File-based** (Type III: executable, Flash, Java, documents): An initial file may exploit the operating system, the browser, the Java engine, the Flash engine, etc. in order to execute a shellcode and deliver a payload in memory. While the payload is fileless, the initial entry vector is a file. +**File-based** (Type III: executable, Flash, Java, documents): An initial file may exploit the operating system, the browser, the Java engine, the Flash engine, etc. to execute a shellcode and deliver a payload in memory. While the payload is fileless, the initial entry vector is a file. **Network-based** (Type I): A network communication that takes advantage of a vulnerability in the target machine can achieve code execution in the context of an application or the kernel. An example is WannaCry, which exploits a previously fixed vulnerability in the SMB protocol to deliver a backdoor within the kernel memory. ### Hardware -**Device-based** (Type I: network card, hard disk): Devices like hard disks and network cards require chipsets and dedicated software to function. A software residing and running in the chipset of a device is called a firmware. Although a complex task, the firmware can be infected by malware, as the [Equation espionage group has been caught doing](https://www.kaspersky.com/blog/equation-hdd-malware/7623/). +**Device-based** (Type I: network card, hard disk): Devices like hard disks and network cards require chipsets and dedicated software to function. Software residing and running in the chipset of a device is called firmware. Although a complex task, the firmware can be infected by malware, as the [Equation espionage group has been caught doing](https://www.kaspersky.com/blog/equation-hdd-malware/7623/). **CPU-based** (Type I): Modern CPUs are extremely complex and may include subsystems running firmware for management purposes. Such firmware may be vulnerable to hijacking and allow the execution of malicious code that would hence operate from within the CPU. In December 2017, two researchers reported a vulnerability that can allow attackers to execute code inside the [Management Engine (ME)](https://en.wikipedia.org/wiki/Intel_Management_Engine) present in any modern CPU from Intel. Meanwhile, the attacker group PLATINUM has been observed to have the capability to use Intel's [Active Management Technology (AMT)](https://en.wikipedia.org/wiki/Intel_Active_Management_Technology) to perform [invisible network communications](https://cloudblogs.microsoft.com/microsoftsecure/2017/06/07/platinum-continues-to-evolve-find-ways-to-maintain-invisibility/) bypassing the installed operating system. ME and AMT are essentially autonomous micro-computers that live inside the CPU and that operate at a very low level. Because these technologies’ purpose is to provide remote manageability, they have direct access to hardware, are independent of the operating system, and can run even if the computer is turned off. Besides being vulnerable at the firmware level, CPUs could be manufactured with backdoors inserted directly in the hardware circuitry. This attack has been [researched and proved possible](https://www.emsec.rub.de/media/crypto/veroeffentlichungen/2015/03/19/beckerStealthyExtended.pdf) in the past. Just recently it has been reported that certain models of x86 processors contain a secondary embedded RISC-like CPU core that can [effectively provide a backdoor](https://www.theregister.co.uk/2018/08/10/via_c3_x86_processor_backdoor/) through which regular applications can gain privileged execution. -**USB-based** (Type I): USB devices of all kinds can be reprogrammed with a malicious firmware capable of interacting with the operating system in nefarious ways. This is the case of the [BadUSB technique](https://arstechnica.com/information-technology/2014/07/this-thumbdrive-hacks-computers-badusb-exploit-makes-devices-turn-evil/), demonstrated few years ago, which allows a reprogrammed USB stick to act as a keyboard that sends commands to machines via keystrokes, or as a network card that can redirect traffic at will. +**USB-based** (Type I): USB devices of all kinds can be reprogrammed with malicious firmware capable of interacting with the operating system in nefarious ways. This is the case of the [BadUSB technique](https://arstechnica.com/information-technology/2014/07/this-thumbdrive-hacks-computers-badusb-exploit-makes-devices-turn-evil/), demonstrated few years ago, which allows a reprogrammed USB stick to act as a keyboard that sends commands to machines via keystrokes, or as a network card that can redirect traffic at will. **BIOS-based** (Type I): A BIOS is a firmware running inside a chipset. It executes when a machine is powered on, initializes the hardware, and then transfers control to the boot sector. It’s a very important component that operates at a very low level and executes before the boot sector. It’s possible to reprogram the BIOS firmware with malicious code, as has happened in the past with the [Mebromi rootkit](https://www.webroot.com/blog/2011/09/13/mebromi-the-first-bios-rootkit-in-the-wild/). -**Hypervisor-based** (Type I): Modern CPUs provide hardware hypervisor support, allowing the operating system to create robust virtual machines. A virtual machine runs in a confined, simulated environment, and is in theory unaware of the emulation. A malware taking over a machine may implement a small hypervisor in order to hide itself outside of the realm of the running operating system. Malware of this kind has been theorized in the past, and eventually real hypervisor rootkits [have been observed](http://seclists.org/fulldisclosure/2017/Jun/29), although very few are known to date. +**Hypervisor-based** (Type I): Modern CPUs provide hardware hypervisor support, allowing the operating system to create robust virtual machines. A virtual machine runs in a confined, simulated environment, and is in theory unaware of the emulation. A malware taking over a machine may implement a small hypervisor to hide itself outside of the realm of the running operating system. Malware of this kind has been theorized in the past, and eventually real hypervisor rootkits [have been observed](http://seclists.org/fulldisclosure/2017/Jun/29), although very few are known to date. ### Execution and injection @@ -89,7 +89,7 @@ Having described the broad categories, we can now dig into the details and provi **Macro-based** (Type III: Office documents): The [VBA language](https://msdn.microsoft.com/vba/office-shared-vba/articles/getting-started-with-vba-in-office) is a flexible and powerful tool designed to automate editing tasks and add dynamic functionality to documents. As such, it can be abused by attackers to carry out malicious operations like decoding, running, or injecting an executable payload, or even implementing an entire ransomware, like in [the case of qkG](https://blog.trendmicro.com/trendlabs-security-intelligence/qkg-filecoder-self-replicating-document-encrypting-ransomware/). Macros are executed within the context of an Office process (e.g., Winword.exe), and they’re implemented in a scripting language, so there is no binary executable that an antivirus can inspect. While Office apps require explicit consent from the user to execute macros from a document, attackers use social engineering techniques to trick users into allowing macros to execute. -**Script-based** (Type II: file, service, registry, WMI repo, shell): The JavaScript, VBScript, and PowerShell scripting languages are available by default on Windows platforms. Scripts have the same advantages as macros: they’re textual files (not binary executables) and they run within the context of the interpreter (e.g., wscript.exe, powershell.exe, etc.), which is a clean and legitimate component. Scripts are very versatile; they can be run from a file (e.g., by double-clicking them) or, in some cases, executed directly on the command line of an interpreter. Being able to run on the command line can allow malware to encode malicious command-line scripts as auto-start services inside [autorun registry keys](https://www.gdatasoftware.com/blog/2014/07/23947-poweliks-the-persistent-malware-without-a-file) as [WMI event subscriptions](https://www.fireeye.com/blog/threat-research/2017/03/dissecting_one_ofap.html) from the WMI repo. Furthermore, an attacker who has gained access to an infected machine may input the script on the command prompt. +**Script-based** (Type II: file, service, registry, WMI repo, shell): The JavaScript, VBScript, and PowerShell scripting languages are available by default on Windows platforms. Scripts have the same advantages as macros: they are textual files (not binary executables) and run within the context of the interpreter (e.g., wscript.exe, powershell.exe, etc.), which is a clean and legitimate component. Scripts are very versatile; they can be run from a file (e.g., by double-clicking them) or, in some cases, executed directly on the command line of an interpreter. Being able to run on the command line can allow malware to encode malicious command-line scripts as auto-start services inside [autorun registry keys](https://www.gdatasoftware.com/blog/2014/07/23947-poweliks-the-persistent-malware-without-a-file) as [WMI event subscriptions](https://www.fireeye.com/blog/threat-research/2017/03/dissecting_one_ofap.html) from the WMI repo. Furthermore, an attacker who has gained access to an infected machine may input the script on the command prompt. **Disk-based** (Type II: Boot Record): The [Boot Record](https://en.wikipedia.org/wiki/Boot_sector) is the first sector of a disk or volume and contains executable code required to start the boot process of the operating system. Threats like [Petya](https://cloudblogs.microsoft.com/microsoftsecure/2017/06/27/new-ransomware-old-techniques-petya-adds-worm-capabilities/?source=mmpc) are capable of infecting the Boot Record by overwriting it with malicious code, so that when the machine is booted the malware immediately gains control (and in the case of Petya, with disastrous consequences). The Boot Record resides outside the file system, but it’s accessible by the operating system, and modern antivirus products have the capability to scan and restore it.