From 77cf796b8084f146467df02474ed14b4915c0093 Mon Sep 17 00:00:00 2001 From: mikolding Date: Wed, 12 Jun 2024 17:07:17 -0700 Subject: [PATCH 01/18] Learn Editor: Update updatemanagedvsupdateunmanageddevices.md --- windows/deployment/TOC.yml | 2 + .../updatemanagedvsupdateunmanageddevices.md | 143 ++++++++++++++++++ 2 files changed, 145 insertions(+) create mode 100644 windows/deployment/update/updatemanagedvsupdateunmanageddevices.md diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml index f9b8d24681..5daf2b7ae1 100644 --- a/windows/deployment/TOC.yml +++ b/windows/deployment/TOC.yml @@ -13,6 +13,8 @@ href: update/release-cycle.md - name: Basics of Windows updates, channels, and tools href: update/get-started-updates-channels-tools.md + - name: Defining Windows Update managed and Windows Update unmanaged devices + href: ./update/updatemanagedvsupdateunmanageddevices.md - name: Prepare servicing strategy for Windows client updates href: update/waas-servicing-strategy-windows-10-updates.md - name: Deployment proof of concept diff --git a/windows/deployment/update/updatemanagedvsupdateunmanageddevices.md b/windows/deployment/update/updatemanagedvsupdateunmanageddevices.md new file mode 100644 index 0000000000..da212512ce --- /dev/null +++ b/windows/deployment/update/updatemanagedvsupdateunmanageddevices.md @@ -0,0 +1,143 @@ +--- +# Required metadata +# For more information, see https://review.learn.microsoft.com/en-us/help/platform/learn-editor-add-metadata?branch=main +# For valid values of ms.service, ms.prod, and ms.topic, see https://review.learn.microsoft.com/en-us/help/platform/metadata-taxonomies?branch=main + +title: # Add a title for the browser tab +description: # Add a meaningful description for search results +author: mikolding # GitHub alias +ms.author: v-mikolding # Microsoft alias +ms.service: # Add the ms.service or ms.prod value +# ms.prod: # To use ms.prod, uncomment it and delete ms.service +ms.topic: # Add the ms.topic value +ms.date: 06/12/2024 +--- + +# Update-managed vs Update-unmanaged devices + +--- +title: "Managing Windows Updates: IT Managed vs. Unmanaged Devices" +--- + +**Request title**: Defining Windows Update managed and Windows Update unmanaged devices + +**Generated text**: + +------------------------------------------------------------------------ + +--- +title: "Defining Windows Update managed and Windows Update unmanaged devices" +description: +author: +ms.author: v-mikolding +manager: +ms.date: 06/05/2024 +ms.topic: +ms.service: windows-client +ms.subservice: +ms.localizationpriority: +ms.collection: +ms.custom: QuickDraft +ms.reviewer: thtrombl;arcarley;royork;sumitav;kerick;maferr;v-fvalentyna +search.appverid: MET150 +f1.keywords: +audience: +ai-usage: +- ai-assisted +--- + +\`\`\`html + +# Managing Windows Updates: IT Managed vs. Unmanaged Devices + +For IT administrators, understanding the differences between managed and unmanaged devices is crucial for effective Windows update management. This article provides clarity on the terminology and practices involved in managing Windows updates for both types of devices. + +## What are Update-Managed Windows Devices? + +Update-managed devices are those where an IT administrator or organization controls Windows updates through a management tool (such as Microsoft Intune) or by directly setting policies (for example, Group Policy (GPO), Configuration Service Provider (CSP) policy, or Graph). + +**Note:** This is true even if you directly set registry keys, although this is not recommended as registry keys can be easily overwritten. + +Managed devices can include desktops, laptops, tablets, servers, and manufacturing equipment. These devices are secured and configured according to your organization's standards and policies. + +### IT-Managed: Windows Update Offering + +Devices are considered Windows update-managed if you manage the update offering in the following ways: + +- Configuring policies to manage which updates are offered to the specific device. +- Setting when your organization should receive feature, quality, and driver updates, among others. +- Using Group Policy (GP), Cloud Solution Provider (CSP), or Graph to configure these offerings. + +### IT-Managed: Windows Update Experience + +Devices are considered Windows update-managed if you use policies (GP, CSP, or Graph) to manage device behavior when taking Windows updates. + +Examples of controllable device behavior include active hours, update grace periods and deadlines, update notifications, update scheduling, and more. Consult the complete list at [Update Policy CSP - Windows Client Management](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update). + +## Examples of Update-Managed Windows Devices + +Here are a few examples of update-managed devices: + +- **Company-owned devices:** Devices provisioned by your IT department with corporate credentials, configurations, and policies. +- **Employee-owned devices in BYOD programs:** Personally owned devices enrolled in the company's device management system to securely access corporate resources. +- **Devices managed through Windows Autopilot:** Devices set up and preconfigured to be business-ready right out of the box. +- **Mandated security settings:** Devices with health requirements such as device encryption, PIN or strong password, specific inactivity timeout periods, and up-to-date operating systems. +- **Intune-enrolled devices:** Devices enrolled in Microsoft Intune for network access and enforced security policies. +- **Third-party managed devices:** Devices enrolled in third-party management tools with configured Windows update policies via GPO, CSP, or registry key. + +## What are Update-Unmanaged Windows Devices? + +Unlike update-managed devices, unmanaged devices are not controlled through policies, management tools, or software. These devices aren't enrolled in tools like Microsoft Intune or Configuration Manager. If you only configure the Settings page to control overall device behavior when taking updates, it is considered an unmanaged device. + +**Note:** The term "Microsoft managed devices" used to refer to what we now call "update unmanaged Windows devices." Based on feedback, we have updated our terminology for clarity. + +## Examples of Update-Unmanaged Windows Devices + +Examples of update-unmanaged devices include: + +- **Personal devices:** Devices owned by individuals at your organization that are not enrolled in any corporate management system. +- **BYOD devices not enrolled in management programs:** Devices used for work but not part of an organizational BYOD program. +- **Peripheral devices:** Devices like printers, IP phones, and uninterruptible power supplies (UPS) that cannot accept centrally managed administrative credentials. + +For more information on managed and unmanaged devices, check out [Secure managed and unmanaged devices](https://docs.microsoft.com/mem/intune/protect/protect-devices). + +## Recommendations + +| SEO Keywords | Suggested Additions | Links to Update | Issues/Concerns | +|-----------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------| +| Windows update management, IT managed devices, unmanaged devices, Windows updates, Intune managed devices | Add detailed steps for configuring GPO, CSP, and Graph policies for managing updates | [Update Policy CSP - Windows Client Management](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update), [Secure managed and unmanaged devices](https://docs.microsoft.com/mem/intune/protect/protect-devices) | Ensure all links are up to date and point to the correct resources | + +\`\`\` +\*\*Customer Intent for this Article:\*\* Understand the differences between IT-managed and unmanaged Windows devices to better manage Windows updates. + +------------------------------------------------------------------------ + +**Acrolinx score**: **82** + +**Acrolinx correctness score**: 89 + +**Acrolinx scorecard** (Acrolinx account required): https://microsoft-ce-csi-qa.acrolinx.cloud/api/v1/checking/scorecards/d9ad0ab8-ffa3-4af1-a7c7-00cbb71a4d52 + +------------------------------------------------------------------------ + +**Reviewers**: thtrombl;arcarley;royork;sumitav;kerick;maferr;v-fvalentyna + +**Key dates**: + +------------------------------------------------------------------------ + +**Audience**: Admin + +**Product**: Windows 10/11 + +**Article should cover the following**: Windows Update IT Managed = there are policies (GP, CSP, or Graph) configured on the device to manage update offering and/or experience. \nWindows Update Offering IT Managed = there are policies configured (GP, CSP, or Graph) to manage when/which feature, quality, driver, etc. updates are offered to the device. \nWindows Update Experience IT Managed = there are policies configured (GP, CSP, or Graph) to manage device behavior when taking Windows updates. \nWindows Update Non-IT Managed (Unmanaged) = no policies configured to control which updates are offered or the device behavior when taking updates outside of configuring the Settings page. + +**How this article will help customers**: It’s all about managing Windows updates. Get clarity on terminology for managed and unmanaged Windows devices. + +**Submitted by**: v-mikolding@microsoft.com + +**Spec**: Update managed Windows devices \n\n \n\nAll organizational devices fall into two categories: they are either considered managed or unmanaged. The distinction is especially important when it comes to Windows features, updates, and rollouts. \n\n  \n\nFirst, let’s define managed and unmanaged devices in terms of Windows update management. A few examples of these device categories will help you identify your scenarios. These will serve as the basis for future communications as we update existing content in the coming weeks. \n\n \n\nNote: Windows updates are those that affect the Windows operating system and its components: Windows quality updates, Windows feature updates, and .NET updates. See Windows monthly updates explained. Office and other applications have different management mechanisms. \n\n \n\nWhat are update-managed Windows devices? \n\nWe define an update managed device based on Windows Update management. Windows devices are update managed if an IT administrator or an organization controls the updates for Windows via a management tool (such as Microsoft Intune) or by directly setting policies (for example, Group Policy (GPO), Configuration Service Provider (CSP) policy, or Graph). \n\n \n\nNote: This is true even if you directly set registry keys. However, this is not recommended given that registry keys can be easily overwritten. \n\n \n\n \n\nManaged devices can range from desktops, laptops, and tablets, to servers and manufacturing equipment. You secure and configure them according to your organization’s standards and policies. \n\n \n\nFurther, there are two categories of Windows update managed devices, based on whether you manage the offering or the experience of Windows updates. \n\n  \n\nIT-managed: Windows update offering \n\nYour devices are Windows update-managed if you manage update offering in all the following ways: \n\nYou configure policies to manage which updates are offered to the specific device. \n\nYou set when your organization should receive feature, quality, and driver updates, among others. \n\nYou use Group Policy (GP), Cloud Solution Provider (CSP), or Graph to configure these offerings. \n\n \n\nIT-managed: Windows update experience \n\nYour devices are Windows update-managed if you use policies (GP, CSP, or Graph) to manage device behavior when taking Windows updates.  \n\n \n\nExamples of controllable device behavior include active hours, update grace periods and deadlines, update notifications, update scheduling, and more. Consult the complete list at Update Policy CSP - Windows Client Management. \n\n \n\nInserting image... \n\n  \n\nExamples of update managed Windows devices \n\nHere are a few examples of an update managed device: \n\n  \n\nCompany-owned devices: If your IT department provisions devices, they are typically managed devices. You’d often provision these with specific corporate credentials, configurations, and policies for security and manageability. \n\nEmployee-owned devices enrolled in Bring-Your-Own-Device (BYOD) programs: Do you enroll any personally owned devices in the company’s device management system? You’d do this to help these employees access corporate resources securely. The device must adhere to Terms of Use for corporate and personally owned devices connecting to corporate resources. In that scenario, these devices are considered managed. \n\nDevices managed through Windows Autopilot: This tool allows you to set up and preconfigure new devices, making them business-ready right out of the box. If you use Autopilot for any devices, they’re managed. \n\nMandated security settings: Managed devices might include health requirements, such as device encryption, a PIN or strong password, a specific inactivity timeout period, and up-to-date operating systems with enabled auto-updates. \n\nIntune enrolled devices: Devices enrolled in Microsoft Intune are considered managed. Intune allows them to access the company network and enforces device encryption, PIN/password requirements, and specific inactivity timeout periods. \n\nThird-party managed devices: Devices enrolled into third-party management tooling are considered managed if you configure Windows update policies via GPO, CSP, or registry key. Specifically, you configure these devices to point them to a local Windows Server Update Services (WSUS), disable access to Windows Update (WU), or manage which Windows updates are offered. \n\nWhat are update-unmanaged Windows devices? \n\nUnlike update-managed devices, you don’t control unmanaged Windows devices through policies, management tools, or software. \n\nThese devices aren’t enrolled in tools like Microsoft Intune or Configuration Manager. \n\nYou don’t configure policies to control Windows update offerings or experience for these devices. \n\nIf all you do is configure the Settings page to control overall device behavior when taking updates, it’s an unmanaged device. \n\n \n\nNote: If you’ve seen the term “Microsoft managed devices,” it used to refer to what we now call “update unmanaged Windows devices.” Based on your feedback, we’ll update existing content with these more informative definitions to drive clarity. \n\nExamples of Windows update unmanaged devices \n\nExamples of update unmanaged devices include: \n\n  \n\nPersonal devices: If some individuals at your organization own a device that is not enrolled in any corporate management system, it’s an unmanaged device. It wouldn’t have any security configurations and policies that you typically apply for your organization. \n\nBYOD devices not enrolled in management programs: BYOD programs are characterized by management policies. So, if there are devices that aren’t part of an organizational BYOD program, they remain unmanaged even if used for work. \n\nPeripheral devices: Printers, IP phones, and uninterruptible power supplies (UPS) often don’t accept centrally managed administrative credentials. Therefore, they cannot have management agents installed on them, leaving them unmanaged. \n\n \n\nThank you for your feedback in helping us drive clarity into content and definitions. We’ll be updating existing content across Microsoft pages to reflect these definitions. For more information on managed and unmanaged devices, check out Secure managed and unmanaged devices. + +**Run ID**: 3557dc16-a3ef-4007-8f20-8d929b2c29f1 + +**Session ID**: e46f3c4d-8c88-4605-9d63-4f325db41925 From 9a105c29542aab6d9f3ae1a09c68c969af6e2e9a Mon Sep 17 00:00:00 2001 From: mikolding Date: Thu, 20 Jun 2024 10:37:31 -0700 Subject: [PATCH 03/18] Update updatemanagedvsupdateunmanageddevices.md --- .../updatemanagedvsupdateunmanageddevices.md | 83 ------------------- 1 file changed, 83 deletions(-) diff --git a/windows/deployment/update/updatemanagedvsupdateunmanageddevices.md b/windows/deployment/update/updatemanagedvsupdateunmanageddevices.md index da212512ce..9bc4dee63b 100644 --- a/windows/deployment/update/updatemanagedvsupdateunmanageddevices.md +++ b/windows/deployment/update/updatemanagedvsupdateunmanageddevices.md @@ -1,52 +1,4 @@ ---- -# Required metadata -# For more information, see https://review.learn.microsoft.com/en-us/help/platform/learn-editor-add-metadata?branch=main -# For valid values of ms.service, ms.prod, and ms.topic, see https://review.learn.microsoft.com/en-us/help/platform/metadata-taxonomies?branch=main -title: # Add a title for the browser tab -description: # Add a meaningful description for search results -author: mikolding # GitHub alias -ms.author: v-mikolding # Microsoft alias -ms.service: # Add the ms.service or ms.prod value -# ms.prod: # To use ms.prod, uncomment it and delete ms.service -ms.topic: # Add the ms.topic value -ms.date: 06/12/2024 ---- - -# Update-managed vs Update-unmanaged devices - ---- -title: "Managing Windows Updates: IT Managed vs. Unmanaged Devices" ---- - -**Request title**: Defining Windows Update managed and Windows Update unmanaged devices - -**Generated text**: - ------------------------------------------------------------------------- - ---- -title: "Defining Windows Update managed and Windows Update unmanaged devices" -description: -author: -ms.author: v-mikolding -manager: -ms.date: 06/05/2024 -ms.topic: -ms.service: windows-client -ms.subservice: -ms.localizationpriority: -ms.collection: -ms.custom: QuickDraft -ms.reviewer: thtrombl;arcarley;royork;sumitav;kerick;maferr;v-fvalentyna -search.appverid: MET150 -f1.keywords: -audience: -ai-usage: -- ai-assisted ---- - -\`\`\`html # Managing Windows Updates: IT Managed vs. Unmanaged Devices @@ -106,38 +58,3 @@ For more information on managed and unmanaged devices, check out [Secure managed | SEO Keywords | Suggested Additions | Links to Update | Issues/Concerns | |-----------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------| | Windows update management, IT managed devices, unmanaged devices, Windows updates, Intune managed devices | Add detailed steps for configuring GPO, CSP, and Graph policies for managing updates | [Update Policy CSP - Windows Client Management](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update), [Secure managed and unmanaged devices](https://docs.microsoft.com/mem/intune/protect/protect-devices) | Ensure all links are up to date and point to the correct resources | - -\`\`\` -\*\*Customer Intent for this Article:\*\* Understand the differences between IT-managed and unmanaged Windows devices to better manage Windows updates. - ------------------------------------------------------------------------- - -**Acrolinx score**: **82** - -**Acrolinx correctness score**: 89 - -**Acrolinx scorecard** (Acrolinx account required): https://microsoft-ce-csi-qa.acrolinx.cloud/api/v1/checking/scorecards/d9ad0ab8-ffa3-4af1-a7c7-00cbb71a4d52 - ------------------------------------------------------------------------- - -**Reviewers**: thtrombl;arcarley;royork;sumitav;kerick;maferr;v-fvalentyna - -**Key dates**: - ------------------------------------------------------------------------- - -**Audience**: Admin - -**Product**: Windows 10/11 - -**Article should cover the following**: Windows Update IT Managed = there are policies (GP, CSP, or Graph) configured on the device to manage update offering and/or experience. \nWindows Update Offering IT Managed = there are policies configured (GP, CSP, or Graph) to manage when/which feature, quality, driver, etc. updates are offered to the device. \nWindows Update Experience IT Managed = there are policies configured (GP, CSP, or Graph) to manage device behavior when taking Windows updates. \nWindows Update Non-IT Managed (Unmanaged) = no policies configured to control which updates are offered or the device behavior when taking updates outside of configuring the Settings page. - -**How this article will help customers**: It’s all about managing Windows updates. Get clarity on terminology for managed and unmanaged Windows devices. - -**Submitted by**: v-mikolding@microsoft.com - -**Spec**: Update managed Windows devices \n\n \n\nAll organizational devices fall into two categories: they are either considered managed or unmanaged. The distinction is especially important when it comes to Windows features, updates, and rollouts. \n\n  \n\nFirst, let’s define managed and unmanaged devices in terms of Windows update management. A few examples of these device categories will help you identify your scenarios. These will serve as the basis for future communications as we update existing content in the coming weeks. \n\n \n\nNote: Windows updates are those that affect the Windows operating system and its components: Windows quality updates, Windows feature updates, and .NET updates. See Windows monthly updates explained. Office and other applications have different management mechanisms. \n\n \n\nWhat are update-managed Windows devices? \n\nWe define an update managed device based on Windows Update management. Windows devices are update managed if an IT administrator or an organization controls the updates for Windows via a management tool (such as Microsoft Intune) or by directly setting policies (for example, Group Policy (GPO), Configuration Service Provider (CSP) policy, or Graph). \n\n \n\nNote: This is true even if you directly set registry keys. However, this is not recommended given that registry keys can be easily overwritten. \n\n \n\n \n\nManaged devices can range from desktops, laptops, and tablets, to servers and manufacturing equipment. You secure and configure them according to your organization’s standards and policies. \n\n \n\nFurther, there are two categories of Windows update managed devices, based on whether you manage the offering or the experience of Windows updates. \n\n  \n\nIT-managed: Windows update offering \n\nYour devices are Windows update-managed if you manage update offering in all the following ways: \n\nYou configure policies to manage which updates are offered to the specific device. \n\nYou set when your organization should receive feature, quality, and driver updates, among others. \n\nYou use Group Policy (GP), Cloud Solution Provider (CSP), or Graph to configure these offerings. \n\n \n\nIT-managed: Windows update experience \n\nYour devices are Windows update-managed if you use policies (GP, CSP, or Graph) to manage device behavior when taking Windows updates.  \n\n \n\nExamples of controllable device behavior include active hours, update grace periods and deadlines, update notifications, update scheduling, and more. Consult the complete list at Update Policy CSP - Windows Client Management. \n\n \n\nInserting image... \n\n  \n\nExamples of update managed Windows devices \n\nHere are a few examples of an update managed device: \n\n  \n\nCompany-owned devices: If your IT department provisions devices, they are typically managed devices. You’d often provision these with specific corporate credentials, configurations, and policies for security and manageability. \n\nEmployee-owned devices enrolled in Bring-Your-Own-Device (BYOD) programs: Do you enroll any personally owned devices in the company’s device management system? You’d do this to help these employees access corporate resources securely. The device must adhere to Terms of Use for corporate and personally owned devices connecting to corporate resources. In that scenario, these devices are considered managed. \n\nDevices managed through Windows Autopilot: This tool allows you to set up and preconfigure new devices, making them business-ready right out of the box. If you use Autopilot for any devices, they’re managed. \n\nMandated security settings: Managed devices might include health requirements, such as device encryption, a PIN or strong password, a specific inactivity timeout period, and up-to-date operating systems with enabled auto-updates. \n\nIntune enrolled devices: Devices enrolled in Microsoft Intune are considered managed. Intune allows them to access the company network and enforces device encryption, PIN/password requirements, and specific inactivity timeout periods. \n\nThird-party managed devices: Devices enrolled into third-party management tooling are considered managed if you configure Windows update policies via GPO, CSP, or registry key. Specifically, you configure these devices to point them to a local Windows Server Update Services (WSUS), disable access to Windows Update (WU), or manage which Windows updates are offered. \n\nWhat are update-unmanaged Windows devices? \n\nUnlike update-managed devices, you don’t control unmanaged Windows devices through policies, management tools, or software. \n\nThese devices aren’t enrolled in tools like Microsoft Intune or Configuration Manager. \n\nYou don’t configure policies to control Windows update offerings or experience for these devices. \n\nIf all you do is configure the Settings page to control overall device behavior when taking updates, it’s an unmanaged device. \n\n \n\nNote: If you’ve seen the term “Microsoft managed devices,” it used to refer to what we now call “update unmanaged Windows devices.” Based on your feedback, we’ll update existing content with these more informative definitions to drive clarity. \n\nExamples of Windows update unmanaged devices \n\nExamples of update unmanaged devices include: \n\n  \n\nPersonal devices: If some individuals at your organization own a device that is not enrolled in any corporate management system, it’s an unmanaged device. It wouldn’t have any security configurations and policies that you typically apply for your organization. \n\nBYOD devices not enrolled in management programs: BYOD programs are characterized by management policies. So, if there are devices that aren’t part of an organizational BYOD program, they remain unmanaged even if used for work. \n\nPeripheral devices: Printers, IP phones, and uninterruptible power supplies (UPS) often don’t accept centrally managed administrative credentials. Therefore, they cannot have management agents installed on them, leaving them unmanaged. \n\n \n\nThank you for your feedback in helping us drive clarity into content and definitions. We’ll be updating existing content across Microsoft pages to reflect these definitions. For more information on managed and unmanaged devices, check out Secure managed and unmanaged devices. - -**Run ID**: 3557dc16-a3ef-4007-8f20-8d929b2c29f1 - -**Session ID**: e46f3c4d-8c88-4605-9d63-4f325db41925 From 01b62375fdfc78b81492ad7208c3bdcef238ee06 Mon Sep 17 00:00:00 2001 From: Valentyna Filimonova Date: Mon, 24 Jun 2024 17:05:00 -0600 Subject: [PATCH 04/18] Update updatemanagedvsupdateunmanageddevices.md I've incorporated some straight-forward feedback we've received from Richard Lian (CAT), plus MS-Style headers, and some of our best practices for more readable sentences. --- .../updatemanagedvsupdateunmanageddevices.md | 36 ++++++++++--------- 1 file changed, 19 insertions(+), 17 deletions(-) diff --git a/windows/deployment/update/updatemanagedvsupdateunmanageddevices.md b/windows/deployment/update/updatemanagedvsupdateunmanageddevices.md index 9bc4dee63b..42bf6847bb 100644 --- a/windows/deployment/update/updatemanagedvsupdateunmanageddevices.md +++ b/windows/deployment/update/updatemanagedvsupdateunmanageddevices.md @@ -1,49 +1,51 @@ -# Managing Windows Updates: IT Managed vs. Unmanaged Devices +# Managing Windows updates: IT managed vs. unmanaged devices -For IT administrators, understanding the differences between managed and unmanaged devices is crucial for effective Windows update management. This article provides clarity on the terminology and practices involved in managing Windows updates for both types of devices. +As an IT administrator, understanding the differences between managed and unmanaged devices is crucial for effective Windows update management. This article provides clarity on the terminology and practices involved in managing Windows updates for both types of devices. -## What are Update-Managed Windows Devices? +## What are update-managed Windows devices? -Update-managed devices are those where an IT administrator or organization controls Windows updates through a management tool (such as Microsoft Intune) or by directly setting policies (for example, Group Policy (GPO), Configuration Service Provider (CSP) policy, or Graph). +Update-managed devices are those where an IT administrator or organization controls Windows updates through a management tool (such as Microsoft Intune) or by directly setting policies. This includes group policy (GPO), Configuration Service Provider (CSP) policy, or Microsoft Graph. -**Note:** This is true even if you directly set registry keys, although this is not recommended as registry keys can be easily overwritten. +> [!NOTE] +> This is true even if you directly set registry keys. However, we don't recommended doing this because registry keys can be easily overwritten. Managed devices can include desktops, laptops, tablets, servers, and manufacturing equipment. These devices are secured and configured according to your organization's standards and policies. -### IT-Managed: Windows Update Offering +### IT-managed: Windows update offering Devices are considered Windows update-managed if you manage the update offering in the following ways: -- Configuring policies to manage which updates are offered to the specific device. -- Setting when your organization should receive feature, quality, and driver updates, among others. -- Using Group Policy (GP), Cloud Solution Provider (CSP), or Graph to configure these offerings. +- You configure policies to manage which updates are offered to the specific device. +- You set when your organization should receive feature, quality, and driver updates, among others. +- You use [Group Policy (GPO)](https://learn.microsoft.com/windows/deployment/update/waas-wufb-group-policy), [Cloud Solution Provider (CSP)](https://learn.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowupdateservice), or [Microsoft Graph](https://learn.microsoft.com/windows/deployment/update/deployment-service-overview) to configure these offerings. -### IT-Managed: Windows Update Experience +### IT-managed: Windows update experience -Devices are considered Windows update-managed if you use policies (GP, CSP, or Graph) to manage device behavior when taking Windows updates. +Devices are considered Windows update-managed if you use policies (GP, CSP, or Microsoft Graph) to manage device behavior when taking Windows updates. Examples of controllable device behavior include active hours, update grace periods and deadlines, update notifications, update scheduling, and more. Consult the complete list at [Update Policy CSP - Windows Client Management](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update). -## Examples of Update-Managed Windows Devices +## Examples of update-managed Windows devices Here are a few examples of update-managed devices: - **Company-owned devices:** Devices provisioned by your IT department with corporate credentials, configurations, and policies. -- **Employee-owned devices in BYOD programs:** Personally owned devices enrolled in the company's device management system to securely access corporate resources. -- **Devices managed through Windows Autopilot:** Devices set up and preconfigured to be business-ready right out of the box. +- **Employee-owned devices in BYOD programs:** Personally owned devices that are enrolled in the company's device management system to securely access corporate resources. +- **Devices provisioned through Windows Autopilot:** Devices that are set up and preconfigured to be business-ready right out of the box. - **Mandated security settings:** Devices with health requirements such as device encryption, PIN or strong password, specific inactivity timeout periods, and up-to-date operating systems. - **Intune-enrolled devices:** Devices enrolled in Microsoft Intune for network access and enforced security policies. - **Third-party managed devices:** Devices enrolled in third-party management tools with configured Windows update policies via GPO, CSP, or registry key. -## What are Update-Unmanaged Windows Devices? +## What are update-unmanaged Windows devices? Unlike update-managed devices, unmanaged devices are not controlled through policies, management tools, or software. These devices aren't enrolled in tools like Microsoft Intune or Configuration Manager. If you only configure the Settings page to control overall device behavior when taking updates, it is considered an unmanaged device. -**Note:** The term "Microsoft managed devices" used to refer to what we now call "update unmanaged Windows devices." Based on feedback, we have updated our terminology for clarity. +> [!Note] +> The term "Microsoft managed devices" used to refer to what we now call "update unmanaged Windows devices." Based on feedback, we have updated our terminology for clarity. -## Examples of Update-Unmanaged Windows Devices +## Examples of update-unmanaged Windows devices Examples of update-unmanaged devices include: From f28eeac168e39d13a6801e6c2b72704c9d2b59ec Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Tue, 25 Jun 2024 12:23:06 -0400 Subject: [PATCH 05/18] [BitLocker] Recovery screen and MSA hint --- ...tlocker-recovery-screen-msa-backup-24h2.png | Bin 0 -> 105432 bytes .../bitlocker/preboot-recovery-screen.md | 10 ++++++++++ 2 files changed, 10 insertions(+) create mode 100644 windows/security/operating-system-security/data-protection/bitlocker/images/bitlocker-recovery-screen-msa-backup-24h2.png diff --git a/windows/security/operating-system-security/data-protection/bitlocker/images/bitlocker-recovery-screen-msa-backup-24h2.png b/windows/security/operating-system-security/data-protection/bitlocker/images/bitlocker-recovery-screen-msa-backup-24h2.png new file mode 100644 index 0000000000000000000000000000000000000000..415996c485eaff27b708dd28cde5e50c5442755e GIT binary patch literal 105432 zcmeFZcT`h(8wQAqA{KB!R760>f}((e5PAg1Mpb$*A|N#ssUZX_GZql(1PG{f2nd88 zf--`X5CuaZfkX@tAcW9DNl3Cc&V1kQ-+T7#IlJe(=Wx8a$-Vbi-ugW6>tDAmZtUN4 zbdQLL$o^Y5|F9Af5lave5v|$13%GLhqWv21k9f#U$8Zsmz0$(JZ6Z0jM}Ujl!mVx? zi=YOM%>o}peT~eGL_|I$@7?m;DY6X_bn6czo9J!xJoidhLY`Wz#o3#Es-M#?&Yk+C z`ZQO$8pg=V4vy@s8|mrSZd zS?J;1@Ryh9k<(H9F71k(4iIb05^lw_B;?N}5AYi?YSrcK`V0iYk$|)TCLla6P%;Vd zS?^lN8lM)zp2BWLVPk%(@v*6G%*s39%Ewe`U+OpLXx?`Be}139UY>%)7B0Hm`wIH3 zu`%;%@f!2CS9kn?@VSBqzP7w?f~$*r|M_jroz+J_;G3BOB7_fyFA*Qd>s}P$PX`IG zf+$z^zd!2eTA9jB-kSbP&`)&U|CWXg_Cy zzDk`2pa19SB3j966#}aup1UdscM`tjo>81&$elLX_|GIZb8UIIB7V;6aRrXvOe&UF zASJTnpL+u>Ol>=S;VV=@3EWv6{_l9Ts%^FjfHkkHs2kve|2vjo_=7d9LF?h2?oR)i zSToGgH6oHFV3z$mmXXN;&h#kT+?c61&#!Z1OIvPgC`E^yNB*cqeVQ6;}+4`o=2#cXxrjHXW?3Q zg*>7G@BP;s)eNU;*A}`w;KCI)SInN~qC=(E+^BnF*Ck3fa4ny1fORerR&mK&KgZ`P zFh8^c1i|Dmi-;dZlI6e(f4=s$%PU>16$j*lAR!3+2v$Z0*w?sQ07%M+?*WPON zruNnM|8qmgncqZ)WD_ae=uslMA>Y|@=l*}b@ZGcRV&2k(lG48sfOe|*e|_Z7+&#J% z0(R7C+q<-3NEk0?G?X4gXi%Yl9|}BtBT2qG2^RPE*XHYC1a9YBW4U#WjqZA?BTh_h zcwa3{cde&q?#nkz1`LX6bVqz^sG_eXEw#<%7`U_0F~yqHusL5H)G_xY=EzZ-4qx{* zcMiLV4{p?rUtZB1=WEL%*$yM^XiDSDZbweM140q}joS~-tt>&n=`%~V;OSb$#{%X1?SBwb*0j3>wJDJz2=#OVmy@F5CxX(vG}nTJTJZk|~axCHGICrCXRtBIo5hM-lt zUEcHZ<7RntpF6Sc>92n;{Gvh?*hK`e@TIVFCfQMtzBv7q!q?}#h_W}(ZZ2%Zi9slJ z^HA~M;Twz9bG)p-Pj!z3t_a0ub3`h~5Jp_jfDMmZVsw_;>)o;Uap8Vno3nW>w3ZiQ z3*^%9W)&lR8FQ+|=+pkh6rG zn-C>mqhL!#vbJksiz^0PSCOa#wzEPnIr#Zw@DGIHyuO+hx%JBQRDC93qbg$s!vhw=^+ zD!X>3Y|eYZwJ${??W`N3Sg)wAYnUgu%eL}PUARS{K88n(e*J2Iykp$p*_~<9QP2Hd zIjjymwChg5ECtc77qx-#ifaQ6Cq6}$jVXYN4}F`~NqU)ghwh@`krx$b2{pXthFCjV z&uZqcb#Klb*!U5Eb&afQpB}8XUtc#2&kyLF`?Tt(G^Qy>Py$j12ftxt)s z?%&=SFqtLMwi@qx2UHm(ZRmovks+oXzuUc&>YTGZhEw3{aP|#e_bY>8gMCFV5!J`B z%?_)0x~zS`>{_}!0ijSOCZ*=|H$4`7Jpaq+T3`$y3oO603p|m=D#g5N@6_d}N+KwUveO)#j*3L=Q!x|DyI*qtl z{=JT!)SHV#62G(H)65iRzL({JR50_vr6GtSCovgX`1J~~JcdQ5>)HG7kJbN3VwPk)JGT{8ZTN@hYtzh-zO|hkiL-yy?MoBfg!0zzY z>$__YNv#!O`W&)OKe31&t;|tDYMLW__ce5HT-{MlPb?#jw)<_SO^B0yb&6NQtHgc4KCQh#wO8RUG5$^Qd;kHL6}7B>vfn zSZm|i81(rH5UtZ(=pI6fe-o)IJf(kR&6k)I6fuM7m|X0HQ(C{Zx5b`+cuN_tWpx{! zy>HJmDdYFg!|cRwl8lC7n2`H}HS~dP+y`VYI9AoRm`r85hL};96P;0 zDs`_ud8kh5?>wcirXr;LHEr?{!Y*9-)>~I^-B(7|2a{vJdc9i}EW_q3tMXu$XkO(Z zc@#ZrVVPQ|$d&(Qn4D35s;7xpS!Ny)EB8EzyoZfANP_DXZR}^+^wJ zk|Kr=)T(%1*E^nlD(zUkrJVQNH=FO?E%Py*RQ)d@xFV{<8YU+BQhGA31D3z1|8ye*;rr(p5MrkpNSX{^AU|@8VYR@x=8x@pGm3`6LB1T3 z`zI~gPSp{*UIz#gvKoXnV^W)KM03R@Lz22oICtV9L4sTjd7A%Xf$DeOQVczM!M0<_ z;!fLd9C+3>+c6~<2v~GbLZI{w#WyGailY&afsHOQ`>Zo#8T_4ohMVHmE!GYKHPva| z|J2Nbw%c9GHcEf^BHu@+@H!NRyHj`%iqx{28pVLzYF{scP@{EioTxiP6$&~nZBg=4MTF_@QcI}_kft!Ya0|G`qPY4w0riUA}B|B)DhGE`&W#|B!es&F{az8 z+cA`XRjyEw7y~mRjvGlnJaran$2E|Px&CYUJeo(R&pxqL$ECd&zif3Y^V|c3Emm9t z*~G(_BlTD8B7RIsDqkm$0|u|E7yl#@7j!!9*rDNhh`D3S9c8>iTMWK-5%mPiT=cbq zVln#11H>BZ{MV^TD<#!@=kM*6&tkf+>g{&@-YGHkWPus)&P9@-s;nQZyzUE!tjf)WEbUi+ms(-fj*ZLYphyN&A&qSMlV*70$ zTf3_L-x-{i=?HXcc8nKB>Oi>IHwS33o7R-~Sk%yIjp}nTXPSTN^^xy8JY~0$w)K?W zu9Y`wB-Xn~X8XsbOh7(;m|n$~k(_PF@R7Zra(uG+5$LXuzxTI5m{-(;+MNoAfuP#1 zbFFZkRjt>@#k|H&xIMW9a_c$$+{WXxd~1g z&v6e?iIA@zcM`w**IHM;-=1X=y$-SVE}ZcUqsJ&K zRBHC2w*?-xpJ)*-FyV-pI1v$q2!Xvx+;8PL9yj8B()^>OaNuUwf#`g47bhs02b14^ zxcM9$rgrM^To}j=vJ5K>gx`Vr!{W^~5{5J|=hUEcG7Tw=c`* z@YAeIPz^wEV4_V3K@8b92Dka<+iAR1ArZ>tf>elW2U(!{Vnv0?3>G|Kl$dG;XfPM+ z@JbA#UiDyQ-4oT^8u`*4u`yhc*~q*cAodGGm3zF$LzfOjga)?ehsqXBuI2a@WM2c4 z8e4>TiTbO#w^x6>#1nEPqDdW)lgRVp=tJv{6~t+|nEg|)rhgQg?cn8Er+22h)FFr) zjwNRer8(fCDA*!~OD`ntA+qjQRp{UH))ek} z%~IC(oB>&zs`>zW!}E`%iQ9Umt|~)jF)cyzCBf#}=?9uzzhxeXepBY37{AanwapBg z<93KOG)(FOB(2B^5^!lMhU@u)Fy;e22G^Q+tibduxM4mH$K^vVaAOD0JqO(tR5wVW z4vPz%kLGnAk^@xNCp@&#`eQ=yLS=mpT~m`5jv}A=M>M&NlMqU&#b% zTJGNRWN3p(q;A($&kDgX?c*b%9o!{ZQaLg$%IFxld)s^Iz4eI_EA%GGYzOSx$(I+F z6M8i><1tI^Jtb!;yLniJGy93_>+N9E|4evy!fdY5iN7xsihXk;qidtC%+&5?D$k1= z5}t4$d{$--U9Pn(6LquM9T#}*NCZmxhppC(XChi+8`W>;+kg*}%%C$5++GD~mE1}` zd7}goiIumJXgP$g-Z>>c(uv$g$yP$zK=?gi_E)ltBJ9w#QLwhlB_Yp&SX{i9~dB3T2?Q*$peVB->_4k!s% zzGuwq!OB|aCz0sUCc~Je#T)01XPt+SpF-Fe|ELrnqjZ9waznq*l_OAi+u+_1MZP{ z6}2KJ$y@tQoUQPgfzl(WI&A8Y-Tyf%iyrg&HQjPX=t(F!quK`1^Dxuy+1184!CU{| zq}0t@8}8{<{%Lb7_nUWWQDR`W!hBu zeRb&jKJ{XdU-`J2*8sq2V8}@8ip>>r?)CWLf49p>QsEE1He^xlQK4##H~{F;b>l8Q zr=gtb>uaTD&kj#*^h^cpgES})JW*vvL~%ViTir_=$*S&a5!*L!JwohIgVp?A>Uhrs za2F3D(0NuS3_=1FH#x?s zo%JBQ+h%6nq|4tkGaz2e2R3>rmm0e9SAmrNJ43v2D))EaK&Uon;3W8t44E3A({=y5r*SO6IFS1T6?&DUDDYfeOmS5adA(R#O> zk1>v3F~6k~gv0IV`d!3lsP`2^RI-}CD%Llwc3}a&R;AgRl2=~4)^JGk>9SJ~zwx}N z^j$C-?=Yp|4*M}z)|vA%bAAYQ{W#{V_&eY^ zOm8aU@)i6@Gq=pWI-0ctZuc*~ltwe-j`=Ci7S3r25Zi(bI~|hSlvtRE=Mm*~lFW$r zC%4_zyDeX$FS@b{KccwNsJQy)la6)D#(3F4ndd{_PlT9~aR~nA>xfu{ z1nlK|jKUl}D9z`;^Qs-O($2Ep-f|}_HJ+TYL_mw{36Pez4*lQIK_IjU9XRTj~xfa`8ic zZ-ZOo%9uB}59)ru%1Gz0dTYI#<^n9ILvqe=0O>gtr}Ul#_k;V7+eofg4XhS-l2p0* z=tqfY$5Znr-VgLPOfP1JrZqs97FqV9QJ+!rSGi>r&AYx(ghm zKYb~vLnj!7jNb2obul>izyHvs%57t*G2GmewHBFpEbDl5@8 zcH>rw+e$1eM8!8#c|EVzeO_NO7ioji@0QysH8&%FoFsYPThp7knMOM|cdi;w)xEg; zR>GUt0mB}JqIQm^O$I7q#3Qcf3XKn1CoAB{N})O zzpBGJ|Lpbab1mxv#2I%cQ02W$JJvn zT)8_>Oy8$$LGd(k2#D>2KewyIKL7dZs~|vyn-$=x=i>gyzpnPu?u5~_uuenI?hoMH z(vm&nXF=n2ibVb@YtEl=hvA31@pQRn1d}=Nrdx|7I~Q{k9f9af?KU#H&!v zt8(YJzw`{dAf9AZ6djko<3|=?a1rT|iib@0zqz7B^VcL{80y8n^-T=IwCuZVjE4%o zF;GMDep=b<5}lITDi^4AS*sJ>Mq$oxS4V~BwNL{ldxA=w;AV#n$j`X$MG#A_{cHXi ztV#%Ftx(S+CVmASFM**-ZXu%)cZN9QjS!u>dbqs zX(HFSu0+OnZo82b?}Xt~6tyC1QoQ;?-J(BccoY8A=`xdd>9Q%#cddwIwO~xW{Ouua zAUqWvxDp8Broiso7ow&&wdP0aFvp;W2g*W$%%ZxXQg3`8apib|>@ROwpeN+iegCx4 z7HXdbEU$O2Usq_?L>_dH0uZt96SMH~v{~e@NF(?+fRxWYL1LKt?!PbmO@Z^TyAuHL z*`WayS`Ke*%hwQokz4l97tYoE;o52>lONK$FR-z*SyU5 zptnQ?Aj4$;L@3&tLAuwf2!LReN?_J+?UVyf8;M@%3aKO^-!sRcEJ?e6r+Z~4feIrz zixn6e!uAoN8~z}s8fI7>44r?~lBbn(?d8xh-$#=#p9*D8?WUpQFHx^NwC!SmKRF}3 zA~Co<@GY@;&_rZkpq;pu^oGImi>Qhl@Flm;CPWt5QLN{~I{C1T+A%(iaIG~m-yWPM zt>Z)c^%MtlVBF@$DR-=XYsf)0MMGUj(WAkCLxy?JGr=d0K-~f;_m-+lj`{|` z`c>f0e2hS8h}b;E@zL;Ctw?Ocog*9S~X_kU`9hCcxoq~ohHVsz^v{rkEIS90q6w;_{Ph3wz0}?%j$g)%+vxd=!}1Fx$67>8Y&t{XNWCF0 z{SN7z?Oy;beJMf@oh-=nLJlMA?)$xS1vE|o9Wl%x&X2TvPt(r9z8%v`UAq=)_@2F#+0z`80Nwg*j0q^`^b3%SAmip#VGV0kBDNE+d={1wQf zmJg*48LPs~^1tKBGjyA6fDE#p4*cIbrxofvP!tupG?< zc6OnoqYQ&>j2Ac)iP$O3CSSX5A?h0?IE5%=g3C{OZO^G+$-}Hm>hghD6&t&{ z8RZN3@p(3NKR412z6p?!1#?M^c54Qq)ovV_yrGlg*Tk;)OPkHHAkEddc~GM~A)%xFyS- z;;=WEnUeY?Z)5oBEWpGIY!qn)3>W7WUGp$};@$_h6ErzbPs-*U0#L((hh3hj|7R_I(ELw$| zU871n%S-#4g4>!g+U;{SEMD35OAulpbJ~)7T7St z!hCQ|ES4U^IUfX46`{aqiF4RGBy+KG70S)Yp!I!7^N4;UmLycv1e_%R>!-<$62~^! z)-n+D=FL3i$|v?^<=lzR>O9V<<P^*BA}IggVdf-t?ce{y0pQru9=EvcoM zQu!4zT+emAhwU{NL~3VVEK)=TRwNgWT3j<`JlP}e&Po4N^0?Bb>vXhQ;e9udUm6FXWWtL?IQI7o=T8KaPSH+r$^4gbYF;H( z$9zBiU4Kn4p@*J+#h@@cp0e+V^t8p%@?!b7t}t!Z(&1TRxo*I@4VGf}JHl+cUi8d; z`S>&XCNuiV^$4v~d4ITu!o9!;Chq-0U z37!;oqV`S|zV__S=3@ofjSS+cvkHgbt|@wq=!Bn+99{RZT{uO|mQroNkI%z(l$N8E zV@jH@zlWJ@kiiRh`!=6pk*5Bc*Z2i7hEfJI3czI}d=1+1N4YV6>-x99>6e^IiSO0M z{9?P4b%@I$CZpJ5_2ESMzISA51@|~NYvn=ybH86^G+ev&QN)|)J$K+z`ukHo&J3+e z?3G^NBS4vMAjne(xGs^4gazC`?E?Oj`&Ln8-za@-49_LT?irAJy?@VRsp2s~zcU-I zbWgUP6{Y$V%2V!5FAU5!*5z2&5Ae-yQIL@ehxljqnaC+k-t5pkyRR2&edlnQD8w|u ziF9fkz5xHH&83D$*GHw19fN5sD(`zWLtsJHB+~$*nm{|{6?Xe+Xt;BX`&wah-nC=! zlm>-}V-cU1!K*vQo!h}%;de=|ALQ1XyXLjA#|n+6)t1(&sL~QpI+MN!&a3Qde>?Bj$(K8-`O-71(_J0XLOc0@0vYryKes#cWA* zZs#ZJv{r9~AIVU-v?5wc+b%Mu>6q8P-;p-fuhf-8l&u%KfC?IS-0vW=bkqBCh)uzp zAbI`o$nvO>{aa&W?u^@Kr1re@FR8y{{CXZ>UNXg|#E+SN(Ng|?f7g-L;;i5X=0=a& z^@ckd`;Jca6p5@pvvW@?$E&B$UpBd&nc(Yiz&6eA*^mOR2Bl-MCRut>)xv&LUVek; zn2bGVG~QHD{v?u#EwBuP~G+A7x%MRpp0Yb$=@Kr^PRKaKQj&AL3MN_MF7?+J@P z?V$?OGU;*~)4hw7wn5#9@J%YjPykAIJ&Wy`TOI5=fA4gWzX8o_tVxAwIG}G`fNfgs z=+Qh0NcY2}$Rb$XcKG)XX#u=8$!ottA|Zzsk&2jl$KU5Xq$Smx)Eep@Z-_gZWZpUK zDc=U>^)^<@>)bRhAu73;hNmPQ<2~34$S7ZHZ;6P}OaD6m*-mr56n{kKP?CoKo(U^n zMx@!)`q>zBPP+tJ&gh1?Yh7OGiQpk1xXKvb%a8k+Q1UW65}MXLA$Qo@0%qKotWK{1l5;BC>(me;H2AqrmP>v!+^iTOC%9pPsyX1HcYixS6Xqv z+P?g0Xx8eDS)!-RWQAjues9xK+9k(gt^6}_7l`S1>dyDSHTz)L^Z0lw>Y>Z9LH_4c zwzIOy-{NNqUrwkOD~)zLDn8%-OC%%%fN1V|Ri@s+sT190BGHV%Z6V^ykuEh6ez@-w zVYGHZzRC``VW1O@poNc&QnOuIn0x9=Q(iP-FY2dzzxy<|+*~H5KsyjyLaeM44k zD!O?8s;UcV?Q)Rgqi$fjb3ZVqL%EHLd(M8e;TApybjG?Eo%cs^DvGGYd`f4+f}Xvn z8PA6HI*~hvSA&!v+HbE54Z1VHGva;S*GTTR+s?X%3K+999=oM5cy z?^-XJSgARlCKg+~KeVnmV&JdUp_O$P+vHa<=W|ysUV*zZ@JbSWD=neK1|l_&w+*ST zcST{JY`sNT_N%w@iy+12FIgk#aPk*s8gYPg`=D?|YGQ;4LJ~5!?NPYh>3&Q^|IyOa zvjhm@mUuw#YIjAD4brXY`{CJCAQrF8xi*W(TbO|&BUPW0yU*-ywhIpTzMrQ2LtQ>X zFS-o?o9D3P6U5(>uzrJD(P8IA1|AG%ziBRe@;=q(OY+JFljny-0+nSShIBI*m6;&_ z-my@VCQQ^7k+|4i7Qwl$Rd&v@+y*7NcQFa+z+?P8jzkTzwLN`@(JJW^vfNoj%%dNJ zk#)KFcm3pD&8m}8=3TURRY+IxJ>BJL?X2mRi;SyxgwyJnJ|Xh#lGJv2-X!u&EVJf7 zxXN}0;mr@$&~HPbAei=zQuSNMQ~BVk*Hc$6$c!<|SD&EE9w}(b#|#W1^|{0E5#}O{S zgNpCxMLj3u&VIaCo)A9Ikbjc5=K@wgV4=g8oH45kJ-wChL;7xIU{E@q@wA*ual=G! zyyI|*$qtrLDc#^I(b`d>XvpcboKuzg*Tp^RUfDp4=T=6(F2>Hb%|D%3ssCIP0(C%7 zy){>_3UQ9%CGJJJjqmFvEzVX$AuW?O2jc8lg5vC9%uA$S@jF%P^6CbgZSr5yAI?svw%5d6ng{7rhK3=gQf8qBexScm=8j+b-_A zW84@sEIZ!s7FXw<-2&fn3@)x~HLDer;M~R!#=Z?E@%tZ(36V}jXw zPRJ|=rZ*?zI}+Ohn? zMA2Ye{FhaHg$g16(rokvTcY3k^2N^VO3}BnnL|&IviQ?i)MznjXnm@QZLAJngFnQ2 zS9}t@D#`nh^WhiNb9;A!j@PS-++L@u)9;-bUxU)nv{)X#-(z>i6*QDu%Ts6ZhME! zpzXthQ6+rnC(Yg$Vfo(j6L)AQy{aoCFm@(_;efmDx*Vf7+BNlOqK9kq?>$REm;3yx zL>tZ&$I0zLSPxx0`O?H zVIPA#)ScgYW~j@eh5F)+$rn+}GJhERq2fz@zSN=W3{f8;t*bkE6aId`RZ%W2+2*{D z?)W@}+N(UU>g$&2FJ6Fsvxjt&NWYw!H zkaX8YJ6d;aK`gIACQwp+HoAW^{fd52t(_GnpLdG@UDM#ERRcxB0R*R>wLvV7VL>|2 z%lVMsjuEn3^<8fPBks(n?FO_8tJJ?t6rEscm+9s97n0cZ}f_?RVpKP$X~ zi;QXg<4%in6qHzZ;OtMrgnJF+FUj>Abx# zUV9^W-1qT&-k|R+KAz3odEW4yEdNl9*jP!)mV)5; z4ITU52+!Y$XN02W5w6ETH1e34GPxh6{$No?-DwSA-t^+@(?&+dv(>>mC7k)m!-SM~ z-Ne(!|MXjf-U-_}tZII#<+mj8P+kTvhCbs<0LX-_a(Sr>3r!xTfa(GP2poKUSL7c_K=?ll%5eOh)FVjtWYz`IQjd)Z3H}2HXHzm=w<^0TH=EGmc zLc}4h?!3qmFN5JPu6xV)<{OCF_fN6Hn?)Wx6giTRVsbO*+?&=zZzwe^O9r;}P~a~t zKV%x{*1Kpk{2n7L`xcC&%a9Nrzj3a2x-uX)MDEx9EkAPih#W;ZIWfsKW-_HN`i&m{k*<%abQ87?8DEy6x_NFUWtsjccmj9 zsQ)SxHd{UuXO{we_LxC=CTTBq)kDVsb8G9Wsy zc@qb!?bO;g@9Z=?^Uxk><^l;DA^kOO-efzfUGYy0@3xHpw%6Ta;27yrv&;I>fH+x9 zCw>{32^-%hB8gcK)x<{*b*IK(f7Ao?!fAxHT2k2<|L#q=i`erR^MSvfyu=GO%I8SP zc6D}iuU2>^&;c`Dya#@go8J&Sful<9vlD}B9VOPPp7|llx zsQhWkq+lr~Uy<>_N!|0#kCuTt2|JjpiVQa9i;tkly;@QA2q<3YzO=)0UAKt@{vL69 zayT6Nam$pw+8@w7{^Y5!)a80GsM<7vC~U+>9-00lPkK^Kva*@MPv*W8(!APM zS_Cj&2LUbFrhfUg3Uf&j$zeZ7o<4xPdQ5y4^v*eU8)V-cBTmh>J!a8!bDdh144Swk zj1!;i@z5%A)oaMhIkXJ$tP*)^7a26yX#Ow<-MqvfP_~@NVKU2!I~6eQkJnh8mKNWw zU!$hh=%W^+EF|<^?+bR1U1}PX_6DS*5FFYG4#ZZ3Kw?H>Q6iYyg!^CBql; z>#>lL^%C}j4qCZy$t4`xUxjlyEH0D6rsh%>GCmH0GtadqqTS1zxdCd(y2X{Y`p$YR zb#NG&w-pyi_TJjZV9?kH*+@I03y1A3dHg%!BZg)c-IgKwhj8vSp+EtmjZl{&sIM|} zb5I|S)aU;!VDAXOstH{*pk7Lhtg z#`5>i4RJG{f3R6Liw(zMcTKIeSpDK=;glw3=KA}v;Metz++1y@A-ElMw*Ywb|xDN7M{n)w*;rEG4Mwpv~Nw0HXc%+iZj%+eK=|nPWo|c z06-jOPr+OVit4Y0=N@F11-7DI)_DeOo%!1o%A~|l{y-Al!BNn0aFF+f{RoTL5xkh| z-dam0b?@wu5#5=y%BN_%R%`l3vBtC>ng zU$&{YQb`ebo6Oa-3*g|(Q<}11@q|PLXI7L6&_FUa;53wN==|$H2Dt)Yzn891Z|a5+yalBkU34hCb7 znU>962&gn{JeZLLJ@9Vx;+0RCgQ(3h{e5BGXiOw;U@f-ghY`sO-2EoPT#-}JS00eu zu5O?1odmtTp|`Mg%lW;lbx~~hpzprc_*L>2&6;imw93%xpCEO_inHgM_NulOxZ@1w zwxzyoUE3kvIq$URxg@W%oACQ(I9RLNme^QqHn5@ay@Yt73WQ+H)MG0Soel!|V<=YH z2*%fx-)vjnq3m&sAbJe2`6 z%b7@Q_=63@%n-eRQ=n?1&f%fz(dpmMe-_%}k=)8{{l%fY^~moa*YL*;V`KfVNKfQ& za&65id5D6T@skm@UIKKpV=khx*)P_#BFFD_Tf13B7Bi!|4>vJHZY|))L$S400N5nq zS@wt7NCph=OSi5rsyA03kX)|1kWc>AGI`Fo~K$WyE*cH(EGwu3s~jUBV37Q2g~qW~s4FGyB; z)IwIW$h{;TPr=YEGmI04Xvb~uiNpJ{&Ub_F_fJj3+K~smU&q-!%9N6D|8O}kP`SsX zHFN1rkooV(?9dTIrC$1b%eq%a^lRdQrWfCU-+g*I*nYYrnmbbRDtvauU*YuPfP)%6 zE_`1@#li3~@3wnp`~9)g&EsQ&E!o3w$2dH=EwXPkzRqdi`t{-RamHvm_rU8aRj@z=Y(%i{VUYj1LTGWkn3?sQ9KS$zHT zzjHNcT^3!8f=KyOL3xWIcL)tSYJ+Ob0NYj*JxP&ClC6TiA0O2_k{>BgyLQgD?;T1h zwSiE|uuVx+PXb^zN4-CI(8$?ijOtsMT5z~|FSj>sAhApTr7fxvnSTsk)m9^OCNtot zkTMl+JkV=t?lsu^ajf2A%4PfC4Py!B-rjm?dG^Y)q+TZ&Q@MI9PA&aW(CG&)K*&-) z+aTa~FzF6TRqBX8>PXeic~Z|L%I~Xe`;OX{PHHYQtlZNOht;WyoFyBv&ONkEYJ{C^ zm$ktue{@g|Cr?1$e>%Sn_ugyav)hr^v+iO~l{PDV^dMw)!5{mJtir$YuO*d8jAah@ z2bzow?)!~Mu4%W7xChlrsGq7?s@*N#&y_6Lm;by$^wwh(Xq3L=YL}^@nhdY*>;%M^ z7>PB9^6%vq3)Us09ZnG5ZdR^o0VJ5(q+0iDzYa3|S7%txpk)Ah+)w#3H+`-S=Wy|+ z@%V@8SvC|U)*QK?>ze)=jhX+boqZ_gww$H(sZ99Ze(sf?Q_I{I{RE9bXm-)t`1@WR zJ1)}{vi!Jn!=t`8&sx8*)X)$Wde?F9J@>U<5i=j9RTgFbxHqy|T9$G2(1UA&U9$r+ z3_7p~)Ec=q@44CO_NnRl7Z8c+KTT!ulykw))_081t~O$W7;)AMTBrXw){sY2YA`oo zPL^sOvmEaa7WGW6OJWA3d>(R^~eX zr14NI702Q$kQ^$vs71-zBuO2I;}do(`CRIY z-&c`)VXzVR{Cg~pPC?qdeD$X65+X?366||)F0fALX^3^%b<@RkFu;puWN&ZPF$gZ^ z1=-t9qoV}4YKA5VXju?rJmQOy!BW1GshC>wzT)FmDFGchwhBUj~y6d1mybbgHVOQaET^_sb~ zkk;#%Rub{SnOo(l&vyj}+bG%GJf5mcy;s_`-5%C^E z^|M{WNxvzny>y~O#+0#JGWB_1D51bSCP=~R3q9kavP|XU?ddju_<%VKXLyOiI-BzW z-|k&mS!d?e{@cB{$-)fLkJ%?YN1DDk00qJ`{)^L_siAocCL6Hl<%fbSt=%RW=UJQH z28J3Ib*exULsn53?6+Dl5B-X0hXQTNYx!sVWy4i;EJ~E_DpORBnZt2(bNpVIf_d+w z3}TjW$r%_eYsKW)=z9hz;I2QhM>ZjU`3(=crd_MQreoQzdlxnnHYPVaaZIR{S^zN^ zP!5(^$oNoQQE?zy0y(S=s+Q*X=+5XdB2>8P&ZlSk{tx!vJ&@`Dj~`XSr;GIIj!=C{ zxkauamim-R?)Uqx5i{h@+Ljb0mrAa~NV(74Hg_Y1$R%uJ!$__(bKAydbLR6szw_7m z@BDlI*&iFbyxy<(>-Bm*Zcj>_W_K;d__Ey(p8q%Q+q)*>dUWjZX3e4(N?N1DYTEIT z%X!e%IXwokZ!wb!^*wN8c-b~MYT_9zQ@YvN+Wzs+bI)l1O6?T-DtiLvhs0!H;6Gsx z^8%+cHY%)&!Y^B8Y}R{Q->$NfNcOFNDJx?0c&Qd!MbIdVPfwX%w5^mInOoS5dHo209jZCZ>Xq;zX5)ZTI{=X%YfgyCEVSO#nqu&dL@ojuuF zT$C$qlbDMX<*>~A2Ykw^_x6K@!Wsp;I}Kym2rT)YP2J}H*Z^0R_RY4IwwWreCBzqg zU6II!TrSTDbN-6?fLI)(D730=OW@wx5dJzx5Gn94RVEd~&bFGKWe`bPnF^*Tv zlaw!Xo*yoU>-p=ZoMV*_nQZTHJ@o<5kCk3Z@|T1A9<4UZ@m@+4#R{@8C6`bIxc$Bl>3)#Z>OMU?b@i z!)@mq5w6$@QY~w5j_n0D5v&Tce~SLJdL^3j{DM{}c~~d;P$EJV@qO`{t1TVu%^y+nlQl~|b{h@D2mUJgD?0==Drn@sR*5x1 zFp5%nV9e>Ip7{&=x|BQ#E4iKZ{1^~BbswQ;Bz+`uK>GAiAd0W+oGEm2`TWw*UQH+3 zO7}o6W9I=pwNkfBz4&Y3s76`BFCW4~%5qQ4{mkD`v!=&{_y;n~*H$ORAWyEiyTUY| z963tnwLx97e&m&Bl5fVk6G!lk1d~rYF7-2{RBDBH!ZrDKdVEQr9+SVCHQgbvCq%)})isaKA0yvzxRekS6A zgLts%IL}+K%ZVLDeEzWcrJ}fNLkXa~RF(UoYWyal)?8lugvp~uN?clDRXkl@S}#@pAim9(j~vJ3CG38(ngsGaTr;JO8{3O@SE4vM10Wa- zn;xu)w(kv=ukH_!Ckz+vRp&*ml$&spr|zD0_sw1odjbrag`7#h<}* zf(udB6Ud94a`w1y@|qKc4qICNh72wJv_)1>;31tH=-c@=Wbd7cAV!^V|L3(mAb>Mr z$*#~7yrmuMjw=iDqh8+C@4oRfWNUW(ny3H!dFP5>b$U!zsN`$}+Ab^e;yPt%#YLmK!y8f*Bg=2)<2H&EU@dn!@q!R=#92 zUH+f+UdUd~Q#3k&ve2hq41`YY__XR9bbhuBxF-)*{l0kuutW#R*L9+rbRPPTd+i2w zKnK@u>in5oxd`MivXWb9>Co=Pneq!dq6IV&s>Nt958`ZeTv6C^BPNk@OZb{ zl`mg+6&=T2Ayz)rmu(cNS8aRUT29z|u4?ie%s5Dq+e7VLdhR{~GU6!ywmY+J zzwrcX4L6>^laqZagl3(PbJ=!(FkVWJAiO_148C%{Sn!W|YHA;d?aNy9s(MZJvxo2W zKw#SHKS8;~8LS$Op3C4lYxFp{7!n$#dYGL#1rTbcTC3J7>%RU!md|w0?5!OAiu>K3 zhi-;An=@yftY<4p$Mp-pYVEs3o!ORgwML8FES1kuvn-6LD63EWFC-z&PVlT-&SUVR zl|PDEi&sguI$yY-!Ot;3*#Y=yx6OpuaJjoFi&69w0GcTJv&Ue&dGftn8j z;_&OFEQ>P)GCz{UBH2<*z8q~8u@@`Fh^hl-f&2Y3c{-pwl-*@VNnZ#5y`d%`SOoYjAaX8y;7ywv!A!tnk-b3@tf{@c8} z_&u!NV}^ufWU~iC=-PEre6H0m<->3RwgFR(fZE|oRG#GGEt!M zgYdElwe%l1a)G)vS+fpilUjYS{>B`9^?N1|gPM(SP?7}ioGin*f}S>S_A zmCyD+e}x!?D0I&VAmcDkotvrKwPom^+l!Ucpiwq3>}SvRQccc?!E1ld&pN!Qi-q3{ z&b#;Euct=z3_c#QyFQ8BtS~I#Ys1JlD{cfW5A)fanHK6ILSZrmJpKz}8VPklV5RGl zJ6PQDD8C~gm|1^D=`Cv?*o{cg*ZKiJ$Y)lr`)*-3?#?>>J-_b5+I`kty57*j<{JsD z3z)$1v*$F^gnf2f{d&SyT71G8eBqMof;L%yx0-vdD|&KUYa!fQ`c{+I08s>H)49MO z&6eMs$SGik0r6EWjh_Kn*62>}f0anRIuGQDT73O}E}$ZY29sn2q+;jJieu>_@X(M? zFfs*1c7%X$_Gz3SN*<$tu5tM=;_Mb*uUyNIxSPC*N5+uyoyhl`?}#`PgHZkYqEQ2t zyEHStRG!ShaY$Xi&LyWT^M%>N(jBwxVf7z4gE;P_cu{L-PN+>Nd0=wS;OHj3cTDqt zAv^UW@%^Wl)(!7JAcA82*-z(sjB#Fh!EBBrl|C;Uwtr}j6)?&vVi-4@Ytd!jBccyR z9dFePaGUS^?cIWSLz7G@o92tgV<*eUi-Us0;q*TA&s&cGKBkAmH0n z*7WgvH~E-!=qNU8{u{JKMaA>+;8y*frWSeS`F64?w^7}Ig<7{m~gDt z>QiYmpS$!GcM`J|w3!J7cZJ%-b;a+{HZFGMzGIP)yoq?$pZRU)_rV2VJ4&huLRiX` zqqjJ7C5reZn*wy|Vzg-XZ1sBg9p_!Ce8$U#LzkKr=Z%u)*)Dbn3a}4k$OJjzzT{-h zj}}95eD%&!94nRv;YgTC7sm&QcHi*9;cf=LM*=Bg(rmEQRvK&8p#GUxQqwud&OuQQ zua?!sTPO+ZW*v8`>k6>!+)3Kl-5Lo+C2a38VlYzuTFt|g{^69TR&?|0K(C^Nld>J1FGBm==!_}e& z6U*4bn|Q9IY?P*{lZiv)%?jj6vZ6$ zO9J|@_;quTx*?k*#=9>sY2#`rk**th+X)B$7Vn}_@7?~f)4ZK~Ja7^+6HZ02VmhIv z@5uP#%OS=KgGbLC@BA3Q_3~67XfXe8Yt*cs0{QnQthVS*pT0LB$c2BX!47j0=Hbt* zp-$S$-l7l0TAAci;13kW_V|Ijebn~Fo>@SN0%Pc&af579RNfWvI|1r1LTHoH%mo9} zuRk2qUeNLHE}tIq?G^B5`EpQ>{$$zI(wNoz{HvN ztnC#KEx&h?5`Otz5fjRm9zc%Z8}^EYJMiR>ho&El+YX!y4Ei3K3cB3{zer2Fo;~Bg z65vB$4(34y?ZmOB+ggJ${F_LG=|g`Y?XM)3P|on%vyX?QYdjxQ2^zkvrDtI*u+h`k z2!gX8LhmSRH3kbtNi@hIBwIEfo%r#mwejS;`n3k_S=orv{EA`)%;~c6Y=FwekKHj6 z9kwn-0qHl`_5nQIa{u9?TXV| z_4cv)TQ%88;IgsKm(8o&KNH>?aIH&2Mf!ffpUEohsjBVpMqwpnhYiFIr}whrj1BZ2 zGPQ|`GlI;5U6r3jp{d-@4;cY9N?sEzd-Oh_#Lj`O;q36PxXrtfcJ6}>sZZg7B_8!$ zd*IK34ag<6>m&0lquqLs-G?_OT1_ZbRF6MQfJfkprK#qKUURZfFj{ zL_Z+H4{9wP`YOl7R2T|p#BPq4e8&s@j6Q*8MJ@si#R?ph9 z!=S_zklSkzZ9xjiUHfq8>-fLOP~TNmjb&R&s=Zfy-%G)ce!3On@(77TJDk>Xh4{fe zbvIKrG^_0z8Ninzh_tr8yp-Ysf0%KjVjY75@TCGeisF9;hjf-=_BTi3Q>z^N`2nv7 za0fS%P0y}tXq3SXf7Dhib{+V_7d>#IbSCa11HOEq-%?(XZaf_j(4^f@jMJ|ll%c1* zq%ZDn&eZ#o4w#FR8S8(wtdU%0!dfZQWNZQqPKp}TBtZc%T_cbiGJE+#zPV>{HfMOH z<5H{?{XBPxQe(48R^;dpXyoysfUG2ljW&+VF_&(Qc-kG-lR;^DPBH5HV$cZ%Pb?vi@ij>8>ZwD0h`|{`xRNEv zpWL`3YhMb^vd#fc)W9&rhJOIK^1su1hTJdQvWK9wl_u3W6!%Pt>w@Is7*L3EnuNI`e~lQfFtA4z)21P4bBTH*SjPH!15)Y1== z##^suSHiKM$R~B71f;_7In7kLBSrSZEPfm2bQC zF6c{y`RpOjKM%p{w`hrpzl{~w=c|w zk~IitHz@2HmP@m%=qaWPsPB5$x!|7-o#C)9Gi-NSCSH$b!>~`26W5JB?g)1j>>(Lq z?&io$Z=Y;6WT?#uS@bt=)~rwho-HS@;Mhm-iCl8P%rr#(Sm{6lisHLm?+0Ilo~cZ( zV#sM|_%3a6IKDA$cjp$BFl=F*VhOF-crhXtYWAz5HMnaOpb4Bsc`!;7uEEU!1Z7{i z6`W9nFHwdhy1Mq%T1%CJ*_q>6JvN+H|9PBN|0*F&U23($*2D{JKSdlkH-eEpb^e&H zVZiEs;!+pb_~%(pj%uQ*b8)V;3(bge9P4=a!xq={RPS#v2}!c51P+f4X7k zUzb$iY;^MF@b;HbkcfTQ9dWYiiA(*FSp}GADkqL?S>EmvLX}Y#7 zluQ#&?RAZujAD{#28T)&wSbui-W7cFUBXKuklo*66KyTT&3$m>Uwc_ga>?6M&9w-R})y2)ESm9t-*mBYW zWEIPL$aj@b;Jj*o>A)dX|h0P5V9F8q~bSaN4M6@AaD`eYo)o2^OhrClilR3 z>h-V7XAl+U?U`23zgBNsw7XWFPu2&7?!49DwJsgxIXL_5?zFm7TeObWVngD4irLnc zmgL>$_L%+pm{3|-&zuMx1!i+UF}>-^#3rZ`A*;ns;cB7IUuuP$&*K+%7WJfi@a-z+M$+VOM3gEDOImDa8Wr5!@wRCpMp5Z1ies58%6>DNh}t}P(M z$%I3@PF)imVd`Ozeqktsr33@gWFcgzM65|Xh>o?R=3U(=qx_W=f z37utOW^Le=V+tGzFFk5uaJe@N-D8n6u%qY-C+~-z-oav;df7yskZUETzhJoO7lU^l ztK+C1;Bi~6VlOez1q?W*tMkQrN2^E`XHnxX!gnsRCnbZJ< zFk_6!y?dC`+I!P+YW=Rj*|#r*^Ic&(@P_EGfdb#eawSBq79VU&>I^HkPQOt5o|hop zrGBh@3IRB4^O(js8aS3`^!HZAZcZ+9mjRj|A5ee&n7TA(6)3TgAUd)|rDBwDPt42& zyJ4rRs>-E=gggY}{Fi>8pcP&tOpOHN>L+LcH=dVp2S?uCy~VZ|fIZ>b@O3Qp6?sPT zGuXw=!k8?vCH&#@;Ci67x?10h$xr**J>UCX5nX>J-X4WcdgFo?sN5ftd=st?GHTb# zQJdC*Uvne<$V#M@VOW9A=D_vRzLMpDddzlIjIG3ZW^xm+3~B{o4G2kIvNp46Pt=K_ zGNpCHzp{#3%33uqRriKe;LNVig77gX($;7)HCE0g&I{v%ZdFTVzI}a-g|^PKYyf28 z6RjbC!>sGl&k9qFF)f*CZqGSHxcY=n0_nTu9E!J(_05ivHj18-MX{c$Rb}e1x!y+%*<6sx5OrEuY=3(Cj_d|ytDhNnO zgSajRw!8bjG}N4N@~Q$x$zS#F`o8}xaO{Vi4WX1t(A>Jl^AlvAPa`$ynW-KLt$`~U z4N)qb(ZYQ%Pf4jUY<09smulq&>sEBCNkuxuXOR1C0Hk$n_0MmOe1+H_WLc(OyxZ@) zwnbs|6KQ>3=PT{iKQDy0EJ52-zXmh110{IC#+<-5-r5jNnU>E z9|~5%WbY!@-@?)yx(2Jmc6@>pg}f%8T+i@s7Z$xA+kTwmWb7Q2J&cowlp=4NTBLS+7lvx%5B&06E$hkm`P&pa*5 z9G@#Pr{aaWxjH5cV~ey<6jH1}@5n#@Jfw9`$otisl`K(Diq`luwQfqcxWJv>am(J04U3&o1C7{++s^(vA}v3o;vH}d(F$Oi89vbmHNkf0 z()FCK5DFUtq9`6v#(A-s1{i@#4oOD0J@YGFF(5eENLt_0+9?pZcAFr5*Z|^0AxooO z%yEy5U8qKSHy(>6s4)Hu-g2|*7U&%HIaZi)bn~HBOQA5^L%irybYGyniz};y-Cyfl z^0PK$d&)fWyhUapq9yM=z-~ERL6hM+ydFn3t}4$7T>7RnJl#3k7V3wx9~%)rXF`js z#>Wq2itUVMd6%dj)!ise07~LTAD;vfp{W{QW}J^K6^X3-=`4*{J-7B4E6pE0Ux{H^ z#l8aubgEie&@=TMmy1-#3^gKrENeTfSL!ApmNdU`go#6Yv5K41xw`EcaAvsmn3X$4 z<@LsU#X?!dt+G~SX5cGkl`of6V&Z1OSOk2V_AaA3S#X!(99#j?@)7=~o!dZl2AA=Q z{4CZuT&hXBxD}k}0|5QXaV0vCaXh~R$s627jda!sm9|3YUJAY(( zG5=Cd0J+&y!`FTAUKgvqTkw9+6wQ>ge|kELc<9(7yQD2A%^|~eE-yzk2cun9eeIN4 z>L_(n;N_CKrc@P7x_3!`a?vuO8gR-l-nani0bU)n3^ydZUEjFZC`#&3uqJ*`dPA+~ z^PBcEj8M|&!V^{u%5l{kkqPnyV+0x1FP;;p)BoFByG#0`g=>W-YQQ4TQmtmI>$bsN zxYyBC$N4zO`HNz${>DFldc@zFWe+J1j#LrC#E@I6?1s}B7|+xF(#I{eKu!K*N@~_X z?OY8l%qOUuP1mm^U{&sl6)ZW}F+?{06JPHpq@N#iK<@R&Mt!V>I*Ip_0uLjHVMm zi1+a@tJJC$ox~2Wv44YI6E*EDuGEZ?yvX}(bx+rb3IYg|r=DCT%G@_2zuunv`b72U z9nHIC0OOJumvnGUZWXVs#P|wLB+`TG?I4in!=EQQ1~DgdEH#I3$)7O85s|Xr3?SwdY}mDal^9Ih)&u3a_38WlkSj-wKV0!q$m? z1XhmGmmW`#2_8K3*HyFQh=(_=yP}?y*a=THdQ31(%-r8CH#clE z;eDcZxn?n~Sd_$DsQ+By$W*z9*T8kZYn{Y5pk%0)kzkvYO3}ikn%zbze`mbHM9jtM zRKx2r|~7Udhhd!Q!Lz; zNgrf@O+7$V;w<)KN_}JoTV(9@v#A++W_jX=L;RaUBTRWH$T&4uvTE5KqEgZmlS6f1 z-gglp;SlO8RyIn)DS$@W=asx-|85dtps%F$P5g=eU&p1aivkHk#J(pMnv@^PpTy;} zq$?lYn94n5C;ApOF)wBoYyWbhx>g>Jm+<+19#LKFH{~SQ6k46f)>ojUAtdNovnvB7 z-vpe8xvx{NWBRGZW9OOEDXv~d6QY7%wy~Cmv2zYb1CuNisgtUdtjA3tlB;$pw&X zbpctz7W0C)C`MR>%CH?7y=1slx#7SKCJO{kh#2^V9a|&jh<<TM5zqU! zzZ|4HT(V*zoMa%hnEjq|Gt5wP zV+I6b5W4`{WVryYy=pB~x3fh|!D+hCDBMyFl(l$bmWN8&c|rxZd7x4W+oyq`#A>#)K zvHb+8t;#m^q@{+Lr?`~$@DtzjvOgUvmz5OIqBq(0FTp*Om!cK+g#Po<;s{?0c)Z*Z zh)A}^lOne}!(20!rP*gw#HEOj?FAn_8iy9|8MNxeeEh|7-oo;0M73hdC8M9=Bt)2+ z2Hw+8-T_3HSaynUH|f2HDTm|)izLGc3u^H`X#=4mKP)rtjM=fdand?s{-2YKb2Q}1 zgZd?6jDcyD4DVh4prdhOPwk-Go$XDBveFtXxXG@lDuSN&?PSL%x1=1y(-CV$Rkru6 z$*O1h;S==3D1d1?$a)e=uxp6n8wI6e3l_%+QwtD54 zbHKj*HpiHazE;2;qHdb~8(%$V-CFu+^(-s*LmXi_`gNIY0#Cs(L)&2-?qto0e%IJT za72G{1LfSR-%o7p9FgOkhdx(A4%JTBzDaFQyI=;8pkA?N{?3nO?weZ7GP3vyxE0)v ziNuHc5`^&7lCdx&_0iB_oQO5Hisy3kNo^_4FA|v_RjGf6b?LzW7*6nxrLf|DiDrxE zhB1n1sEb+G`U+*sJA~2diLR$m3i4G6Qb^%akC@P&{Wg&r_Y2x*?VeZpY$GxTavkte zZoWFleEjqt2@Rh5_aJe#)}X17;|^3T9Fr|(K<5)T%7whPLVXAGey8wJPA0RfnO_ga4_hR)_-k2@e$*Qv8{r45lEsX zXmS)i@k{h=;v~;O`f5$waB1NjHglhP&239-Dr`Wx&zydP>VCjy{roGvgc%uE2E~_H z!hn&7TGLQ0L~P^2WzY%U=2#e|pnUr* zbwfB4^&M59*HT^W#0%+Px>H+j^r)(0t*0kgi8rb6iIvCy%>_gHcZR(<#15`TAwguX zSU4XmpmJJN@@3Rl1arg9yRZJri;`PVUR!~2Sy6O0=2ZJ>p>6dol$?xZOnT4yRaFS5 zh*eYV(`F^uS>+d;LC43zXMb{~VoubaUdfrVC%rzt;*?y9t)o=>J5DTB(eOSh)x_Gc}L=SBZcyOH?TILm>;Ev|=U zBkQ2dq*`g$6$vK}qSYk?ZTlF{L(R`O5)wV4;1dB45P8|vjbD}`YVEUbAxl&j*#(&J z-YuFV&4qfuY&Tv{z^-r^Qw5Y*J~xcf2ul);f?x90S}L*>3mUEMnHE$pVcFShIKxkT z*IUS0iCAcC{+OP*cZmfQogeK>yxURzT;oQK4>#05{$H*iB|mw>Ev;~Uc*^E_eekQ^ z10!yU!g)JB1sdEU;eYrD#?dody5m3CzoycJ7gPIu$Alz4R{2mYT1D{#}I6HeMfkulBNN8#QOD7eO}lNc&@* zqLcG8FU8Z!dHBY=~gKGsL z!blj2j>dJEZ1VvqDoeGpxl(A3D?7683l3RXNTX+riVF-5~#sma&^ z&0;q6Q_a06%k@W678vsFos`>w)WwXJb$p|{5w)`)xE&o7)55@1HAfbnzOXm zN=wtc3(M6QND7G>(^+;ulEVSolaV6PHnd^GZS5%*(6k;Sj-ywXba;aHofb;ld=~?> zUfR;n5m7_Ilg*E{y|_#;JtgklTkVYF=6s#Le?SBZV!hOR`0&C@Bk5(pcq2U5sCzFJ(kR!*=l@@@^o2!#s<) z4SgY9F&t{n`4ra~l8sT;2O9#1KwQvg7j#>AIg}cGjbT2mH-Rc0zDy8?1INp8-bRKRBvXh z+?gPI#rydQjt&veZu12@r5 z1;_~C+9$4gAo|^uV$1vwx;83Q%=he3A^{V09MYc&iavS**XXM?#1<{7~UP6 zGQl8OgrL~=o0yMx9UEzNAG0#dx^NqO(WXc~PS<4{GsqS7XbB#2WMud1s7!S= zlecV9H^AZu9d@bB86p?=acC~ULGM!Mqd~?CCP-%s{odmhy4Gm+Q!1zHZ-Hx|7+|O; z=tEkL>7hq*=WVsxN_48*+*5d%b_jLA*M@bJ|)SKTus({{bD_oBk&7jMD%Bwxd-->I96fs9H10> zak0a5gzZKNUyg9|7}a2JWh-G;yxfDg1|Fhb=|aj`%~&PL=2AzV z&PQkO=o0au~K zsqH4nO4&0N&r#%XVZbUyt(+@!8s`^E>U-oZ-)ncP<0HQ0#jl96FREbTUrfjhPKtpbuGsq=bgjO&W&VTC{CoEC-p?|#p`jMFi-HL(bA&I=q-bPwIHb{H)8@%lZ%xU9m}sb2%axz*ww`3agp@;Kwq z`)J{}8XBKf7gnOyO~p(3^wZLRfp`49<8(5-M?leDEQ}!I@-rHb5+%4gJ@T9IG@kGk zH?*_s>8Z$yt&iu!2e1u_s#OhJ9#QHN9oaJXejfq&zhD{xfg@u3+}z$&YmkKP??jB8 zygAXl!oKU=sp=qRO1#t_Ma=6=W1Wh8% zPM>hCRTvIck|E0-hETkl*_gZ<9)5Omy+~%N!5D~kDO%m{Mb=betZ}# zt2|I;s(R#&@Vn~erXzOcBi?=E&%j};3x2U{j>Y=vt*tGZ+(zLa$cU-5Wn1*KcP&pt zt~ox@nNNnUhsLfAa{nalYz4T4w?Gy;v$J&5X>8iT@PIelkl%ybhtsR;_lL2&|LY;4^60UEXZhxr zuqeFswLuWP+Rq+K%SBX&v&PfGWA%-6J&875cokr^%;2Rlb!IG7;-u3d!P^3r??#e8 zRK5PPgxHz9B^C<}uA1y{&p6k(J1qF3k*K@M6lWcK&TC$s>&jeFAeQI$m{meNaumYo zC>+|E%Uy0T3>Y}7#~AjzZkDI>^T_vE1ImVn*uMX=x`glWX&wI+D$cvfMf=x=nqK?v zQoruRN2h?C9Y@nbI`a%A8P?yM%)K;xVm!|DS>`^0EHZZxywaZiC3|0NFOl~Tp9!jO zzM8ikG8x{N(~_aLz5}_Ig0G|ZnMSF;FdyZwq+@I6?>LKZ_IxJF;K{dtv7S@rDS{`z zT?yu_f7)PGT-p8j-x3y^e8f%hP*$P6MB~X6IJCk9H@2&ri!gvjf+tlbxe+M+C+kW{P;xb+6nUV@#NW80*Y zzHaaE9LZN_=d$AEl&i5kll_%|7p zHI&XovBv-GA>^VrBSJJGa}2Qp!81U5)9zTfd{I?R39HsC2f)ZB7(lL30^k4)9M|9b zw@DTiA#Dss&(PW$EgzVh|ifOnO1yDz(haX^r+bwk3Br{WyyeS<@|DZ z$rojfsw-Mw(71pJmKs?k4V-rnGi{W{2Y46H+aa0ijpJPzQT`&~i;Y z0t%-I91}m|{SUC~vTWEp8dh9U&^E_+MDHghs77dWDoZG0!$SU@ueD$jZsmOQ!(14fN2e zRuyZ*!o~2E3@h#4B%fi>g}n`@_J5%7RgKlWl7&)X3%|fN;ojUx)Y*))m&)4qtBS1C zsE3<+@}krFs2lC?I2+Muyk$=4++5wXNYD<;=iMVT`okffui1UUE2VGwr>hWvC7Rpk z33zbyr|+!?G2i%0+oG_mK3Y34pZjckO?SMlOt|{wpqcn)BnhWtS1>>r7;xPo;NJ-Q zZHh-FGat|atIW*uI+)fRXBDcI7qmL+7cMEGV$a#K(zn~4e==d0*G`GW>V-3JQ#O;B z(sVWGK8H%hND95Bkzq+NcqdniG?t?6QvepyTRbu?E?30}nq^T$HU zH5S10Ws~T2-&^V$3*`d@2#Kks3QeUzRKl}5`5r5PCmFSp#&?BAadJKUtI19 zHd^+g18E*}U1gsP!gYx?ewpO7oF+o2b)4^vu}B2 zmdY5bKo3wc3)Ey`^0g&*-)+_>dYOgRmIC37UItR6s`U==0pl)KddY+Kwp{uv2+?D= z`6a!2q_#!piq>o>nCRZ3+1by3IIW(DM@qT2w618N64*DOxulW`emk(j{!FWhg?2^V zU9Q_piY%8}I$1N@KMAv&ukUxqfr}?rxZi2NK+h~;0Cz@_&Y<2z^$uKLXd*_G(nN!wCRM(|j?KYmlYv;ktvJTW+ z+vKns)3)a;d(ga#%`U#8J}uV>r$-8Ruz8-JLA5=F18W>&p_8i`nL;ei_AQvcj%T!C zo#%B8%5%#6Q2-<7nzvL+PcD0y2kzyF)jcxp(;uWGM!d=csyUfDl;i|b#)|ij=V$7K zFnwBM>?86-RL;ckHg`Ta5)i(-tosZ5ISNm$9e_y=vh-86!gkMAa}Lqat|lxqLl@rY zbyVZ&rJB8)?>|&yc~3zjZ27O?-%+=n;OdnXZck1f=ACry!BGziW85=EHP3o(zH%}x zqdo|RUJw(!rmI7@Tpg-5{};~M%^`X5dGhG}qWWWQ1-qFNd1l%lwTET$>g9Er4BH8o z`j2~qZiZ(w1}UL_>Nlz{bXTs4M1dF;C7kkxs|x3AIv-4_pl1)JNW|POJ&uCo7&&0woO@y82rh~VD(2pr+mA`dmbB8HVA_?@mDA*!67t7;Bi zCPaI@kGv(xF6We*{5Q_uaN+01IdQi=h?P3?LC%eUcs?&UslLqGfn1qDoYUV1+N85j zLEP@N>pL5Uz>gE&)HcK#{XOV15w548x};n`HJ@JuBefKcX@mBKHg#%z0cFBnJ?1M( z;pKo)-fuWF=Zx>+sFo&?RniMmI=gVSbv&Re^d;*lOgnV9JcvDCASKvxg_$$Omp`ze zS4OGTMG*QghHI17QF6mm)}jH|2jLsz`!-atZDso9j$JIxrppS6*0hY%izo@=&@P0z z!go??en8glnDRz2iK|;6xV4CTCyMmE2L*|)7NPBMQ97nvPv3S<>HqevBfS7%TZYfA zj>3rHwjANlwY*VLe~Cu6ePYL__R^Rf#o@D(eyg~5W!Yq%eO;vjx4H|t@y6c^uZ(Ie zyq5?xd;TcqwENtfp5UqOB6~@Rk$6$Br4r~`(HlGk0~Q+a5L}aZVzbRqZ~fI~UYZ-P zm>aA&{LMbiyY#5~4YhcUKjr=%Klhuj8ZaKm=pqPb#sCA&On24u?z8BWXeV1l$^E;6 zrB&w>MSVMya4rD`Pd)by(v*2$RFBmZq-3UM4Gjaqvt2{zV8GU?YV3SE#%CK^vhSJR z>rb@Lq-bGu+5W`q5+jI#$J%GOPVmZciWqQ%J$$zm<-6Ky;t1|lz5Lea*bH)3y1RSe z`_m&f>}WU=sDm!)mbbuJ;k_NrJZp$>d`aBLkr;hz3vRO=f+h1}kgAUNU&^+c!!hC1 zcS$KPfK^zBd)(;##wAf#_Zuw2xTq8GvgP1}es@|xO6yI=YNl7-pf~DZAx^2l?b#SC zo}!$JPwY!L<`RcDB!E+XFeiUpmD+4IQad@6(@4ICgmdlhGmK13`y;l(5vOMtodYHu7p(q&Bdk>#4pAAPr zRGl)NW;_hOlrE-*bIt1fA!R{LAMb5)lT7Z|G$K9XsrH{y?VK%txn%E z<`}Q-4K3U^YHTGdrpz{sr#m|tFueW!>gufN!6KZkP^E`pI6HI6cI+GY-16gySAzNy zHwXhe2D)4_us!<`-S+9Deg+Cbv>6r=eO6VjgYizKp{hMkd~|I;A?k$p0hRtE`Prn3 zy)m#obL|NPOmQpNzsTFn1NQ)M6Pugenr>%=^HEagBAT{iPMd}hV#&NAS9Vf?agn`E zVW7Y;$+t8il=w@rzzt(p7#QEO$fpx=qzdTuJ1oU@Q>8BWlGJaCe@Wv+COdQnp+A0 zxf-t+S=j$Pu6x=#w1Dz`1yEWTnQY!fn13QaR|&;@Ibwxp1;3dps}gaxAif;V@ob)+ z169k0BrUc}2)X-Z{zXF$^v_gtq{5waSl0;33Rm@f`Tb8;jE(3y>ug^VOWuf#+a>t@ z^_{d-*EAJr7h6aSY?_CZeL`Z+Q&s3J%P!{lclcxL5SQ{Fy`O@=lHyJOFZTXCD#<+l z|Hd^_o62ma(#l+#nKm`Gaw*MinpXGRS2T0QEe*{DF)f?Y)XB`$5Y0pd6h*-uG*e4+ z7Z6afF;hX@frNnja=zdB-2eQ}`JMASzx%KId;P&V7wfgWc`vWmr-QnNn?n<%P%@_iDc zry$g1&u&6BoR`Pbl&>*rS^`1Wsd%inWNoX zVW#br?|+oGpTInYkWfeYv|J$%WaHq`qyA{b;%3p}Ap_N7IlXY>8w$IPetP7NBojV5 zF^_6+yklYlq80k4hkg)75`qHc3a%Lw)EX4pP{hrOeG2!TWp~=Vu2%8yg@$$~A)i!# zS+r{pa(^wppAp^{*?0aYz&eKCe#zYCtsLiB39P;(gZ`GD(Wj>3i;wx!@}E=2v=vBS zWWZ*{<4K^12s9jDjW&@UMw!|64x1;Jy)b670w2?_TyQ>;J7rj)c$7V%RX>q>1u}3S zx&JJi-QRS^K_YPG5G!q&CDgs(fl)(674o8DAFkNesHvxX@QahEO61}lQ`E4=GNiQb zYh@t^Atr@J<&pY0 zRtWEyus#e~8F>=UHMlBS-`fAm^k=*cd`QRN)Z7KdABVQvm_}UKeF)rLAyehdxhnE- zCPnfOk>ado@8St_%VpO$;s0vx?`#JZR%N0Dsh6|P)Us^7E6=DVPE(_YZ>5=c)3XpK zy-PIs+Sie`i{{f6(YQ-96;iEm?x!bxZQ9Rs`8C^O@@t@sNArE=`#JVgz%H**-! z5K-BhIA3BP-D9s~GhFK@7p)nOyh9=S!4Jg$1T%`OZZ(lJ{ys0d8gcqS~GHg;mJUK{ZBJg{4%ot1i^->WG42s|ib z@%AA%)V{wcvq)>sPHgP`)VuTwVEtR0xO87M3{8;?-}nsJOUj z@-FL%`IrU6tmYH{^4U&%rA>mrG3H6__CLGiryU(`PGR=rIPA3nIh*&H^c+)ig!>Hy z%)p!zJZ0(LZ$DC!D}E$%_^m~n+|6tSKdFd=URy2))0!Yz*|N4TExqFqas$C577gNs ziGu|ead+cPxfLFBXDPp%F;#csxySkK@eSBa2vSE|PQbRCi{(CBQz-Oc6bV^>aQw?= z-Q$kZq6Djl`?L0?9Y4A>UROVpkKCs~bptz!Tf)xX*`qOW|BZZB8}pxfVzkhA3@mW} z{ExhH(bAJV2br>76R>J8J=Bx=K;~7z{N2BwUwqT~)gkZ~&l%VGaGLo3h2KpIt{9sM z+;gA2z+heX1Ev~C>IK+Qe^rnt+X$E*gOw^Oe;B*6j>dwVD$M_qy~el&@2VmKJl+jw z6Bl(BHaj%DEY>{f%WckHGg*H;6ELWHH-a}f)S=}m?}UJ@F33_{wJs8brJhsmd9r?x zaQNU#`86o)fTz*aGL1Fe>V}BzN@4$2gnX#pYJ?Aox_*}E1Kt2Xm`bQ;!s?|Ib3aal zYT~GmP!=IKE|j<-n{oArcDb~gnZ5IWw=w4gqHM)IUqP@58-7IyOaG>>J%;F%nkR)J z7F4p3-!{v0;4d0pvCgI0p^yzO=1|lfIjL6cu;@12|6mdK-@MMX=LRWtl@kf+X>!u+ zQQth3yV;nnxiP7!5ux&c9l{Yh6y@DHe;Ro%CQKLa}uD&M_X>)Q1B zfWl6~fVCsd;9`|!UlhE1%fPb8?oe`D?wRlajE70N=|@(uk_pI(10 z{PUV^5k1N(o>{v18{V8k^+YsQeQ6GXiZ%^gn~6jlL`}i3Ezl8x`k&cYWMwr&S(QgQ zMe#~z9K4c+pLaEK-!|=$er?IOjn^uN0q?&;+NF$ znlBKx4d)MGlYKqypw;sa)Hog^>=}2Zo6S})LnV4PF4t4-z?7d`6|2fj7@gT@zTd&6 z&c`+z@D=IlTXm0b$OBZFz4C3D?JkIXMO#hq zjqqFGW5V&C2K6FJulnhmoa=vIZNjt?gK`b9&j*b6vv~LT?}SajQ2rP~Z9cmP>0xf7 zNl32eogynQ#%ZR3vLix=+e9ItBEks;HN{_c5{Ngr>c>-L#Yw#v$44g!3#>iXT*PdQaz1-4xy7k-5A?P2;qAKHW zCk?<|PC=$)_Rdl(Pt$up4J{C)Y-l2zsTQ3??=?Nkm9#UE!P(XMSSaoGZ@%RnRrI(e z52wx2fo11v(x`zR9-HRHd_PndyU70;g8lMk>6kMY>F;R$vzlUu?Q=gtFn({fZG>+cNO>6*ve9luWG_Tpd+T@&pdz`Nd=;~E!nU&fxG z=BjEq6PR|U?(;!~H$n!^Ts(u3qv5@64q=9Hx@&^4JR9@I#oi!sU8C*Sb6K;VGNy3MON1*f1Q9op1ts%=b%@@_OYAitZLnqzoQ_m)z7w zcaXcZ+PO24{JFM);Hc|tb%9Kojz%%8SXNrZubl2NGa9!tO33M-Ge)>8U0`i=Cl>s@!jX$?LCwQjbZO`}F(wC&4%zZ1*9Om*Z+jCZ) zu>K71SKKkgw=`c2*>Dz?o=53A9B~ZCKSMU$m-!4||1Nrkdu1?jly^@ve-P4sUFc-Q zo{+0R49d5ht#A4`I9`~+_RJ&wgf|Fh@=h(W@pi^aewP{uO@h;^PinJA68ln3A_m6V z)a^kd`n$Xub?Ly8<^}Zcnj=-j8;YPzv@XuDCV7f9=mD#unWwkgxWZtfK90Y;CkcRaPc{j=Ylae3?dX2q!zEB+sWz$fe-MDS5E^ zIE*&`2>Ry~_`!prVw4eD5ytUGm?qWE4U(ryXq9RY#<^aQQsY{S7LFqZVb54HmuqZV zH;i9JEeuJnGux{LYK?(OQKn=znb0>_pjSq~!R7f2U4e=XkC;Di&iLnoGkAWH^GWMi zJ3I6H;GruId3w*0T!Nr3@g?qr_T=Y1Y}l|PHhei8X!@I%Q1X(?+@b7ogI@{WaW&td z(|?%l+}4ZuhTKu`&4d$|%=p2Pa-|CT?K!(PKLp$VDWiT=AHt5BllH6rY0fd-I+N(7 zZsuU^UeW0U%m94g&{rcfS#nqW=SF895-N1p>O@sX58^sfrdO~BLI7fR%kD3BT!P({ z)K+D1NrKR7r8Vp^Q(opKeT8UXYr;i8%&9HLBzJXY{j(7Xd8lYUdxPNu2iI!9lYTvM zZ#!;fSgb?^X1w(ce+a^=(Ur5xXn9UdSV{kmVllBwjn`~h8iTL5OD`R)yQI2v$N*n4 zUC}uNOJpqwHjAwT3gvhB|owTHJ>osvjEntx3gHVLtg) zh3Y0$2El$GV+ayVKm5Y>4{M(}h%T$eV!N^;Y4{N!JB7UoYGB75Z6ZR#pnqr8vCP^A zQG?E}+(>4p1I{5+ji)$?P!EilXV9ekGkHoSe#Vh{17^6U9HK9V4Odph9jWm01r**cFXqt=U_9x>QVDGfXvA2$S@ z;$+_`3^t)8gTB^;Z1J!@$yb@go@HH5QbhFLFz5sB&E)nbu@N=0hMMCG(H2p2U47^?} z>|2(-(>LgtxKO@gV*3eikIl|=SKK|3rnAQYVhpt7l=2W-HbL?QU>4qo9c=^zrU^)u zuq$@ej4`rORCU?++dg}jLo|Zi*im$+5Y2u)UgX3N{HJG&rTzWXhT#y9VTk2X;qBh`QgY^=Vod4^M`^NuRQ#8MH0e?P3JL&yP3nW6T@Uut+Ks$=B*?B851D zMmML+Z^FK;P-_K*dwi2~;X}`ny|hSl8PV`N6htN{bs5x#cpHY#cNu1~lX9W8f{+$$ z7mHt1Twzo5IH4MO9rTy*#P&F5r2_CtyN)HWD&U#LWk+;C-A->^c>~(DuMdu0O1|z1 zw=Z0GsP{ab`yaN&0{-+;tEbZ}Xi_#5NY_^fmvs93hlOKOI*;(^3a=v}=-d!wJz-Jh zHy@QF+rI$lSic?zocC1=ci6HYgs=!{JH2&0L*+e`BhEF-xc2la#T^+bW-8;ong6|i zj{R(}lunFCP)vUh8P0u|f0lIycFwqn0z!nh&i7oM+82z@9WW=(>n0a%qYwZ4b5i<1 zQnMpqWdp0*V%<86cmtumi~)f@Ms02VK)+Q5m=c8Q#ppl>f(#g)(VQ7Pw35LiiK;v^ z{K(wI#PSo0gxJmkN*>2JLQs>)4NZ&u;?xn zJJp2s<*?ALJes$i=!^;M3j?!HHuL_}1h?;IT)SKF|D2!L4mdyN;Cc^ZBr%z^VM~1? zV&y5~^7={naMJheus2R}-0BwHb@ppaIkJ!~BM7ttX0 zFwfE7Vt4*?U;Ul<=6rKx)wJSv;5S3zNXKC;-1CHZC}V_@ z7}+O8TG0R&D6W$#iiCLxE%W>w)SF`k!sXKZ^MZCkw+*|-j(BbUwa-TUyx%dZbJ0jH3t33#u5{u347>Xf%9D>^=T!5|s8Ki}IuYIDQzKt~AIX7zh zYS}?K8YvA`v_ImcB+I)!|3s~0WaZ$DO~7tO+J#=Rz?om~&pc zk1^``F0$vYzAsYW(A$QVQm#JT>+AdZWmU0X&l$j#M<{ZcJ0l-%QU@C-O^IS{d;}9Tmaqlhp~=f z1^D9IY^s}zo4cIh@O@*&^OPgnIKET+G%nGA6Qn{PREXbiiP+epDu-6X*re;7b7Q|f z_ycMa#HybNV#k%yW8uE>3=y9JEMe3hfd<`7Lg`sRkd7`o&2O|(QR5MH|4aG z1M34mCciRFyE;gz2&u&rj0deemE^JBst#dLM@LuBE>>f8WFyB_40m1sIE5=*8yjsv0y_Ysprs-%pqghA z{Hm*v8(NcmpmVbts<(&pP|;OMeu*|*Wk|W1(dFdiOU#daYy`8s)4(SFFa_-+VYm78 zBY)0P&3+qU9-*I88Nvb53+C5*4Gf#yTuybpKq+%O3q#E*$>W6VIgYy!8;c`ckSb)U zvvIQzj9+st9Vfu3prZH5IpW_>I4i#O{Ybo`eo8*Yky|nA1hK6g8a_wi-VE>m@jk(E&>JW$!2}1%0N$en4Y+w%2AlCMIStOaezW5`CB1bEb z2)jvlpV%q&j*&pmZcYU))Fb-Yx^KR8Nx}jkD0n52_=yo1hUlx|LxdJ2g@t*)=G)Mg zcdQo8!v)5!xB2z~)b*1hSCsmw2uYf}h8eiYI(qwMxO1$eI1ZPu-dg54h}*a|K3@s4 zoibuyU>a{-HL|~a;3uh}A59Z3-(%PtqAH;ypO0KJGj}=F5;u-FDaT+TkVWnYW!e#< z#88g`hO7bhV&oK)e2H`ivlqG4`g)MFEuWy8zl6r!d^1UXMr$$4JHtUHNU*h)!Hkt}#H&IbDEVO` zQ{GiCP$75DWo2Z(D$`m2b(wUCLQ1(@(3PVPCeCkMG0Lmtc?!!cU$<{5$L4v;gnkhR zPu+yUmP{2BWPVQ@y*I4!ms}On#I7_$L5#-q^$km<%4u%aGrtPGPo>yj?Y$;*s7`mQ zO5}QkFr8SYvS6?BlYH=I!O=f~wHD}_LPBMYqA4V9sG}|1v-f&f6z*nVO4g^(0}|J1 zTV@;spKx21#XMRvHuDXzrfNyp%uZyKL2C-3LGw>c1i zT8!(b1lIPMxpJ%-o7o6@&{B-EZMfsyUZD;=($6$RG<;SCwm>M2{U_gB(Rb2ZMK_VQ zR%BD=jQPsk14PT$|}!N`1ZWv&AmJ9IG>Ryb!tVX=vek!()TZKS)Nn(@$jmSY*;i!6fsP6 z7M5v$Y=NSuR`${xSuqW~@~pbSLng&6Pg3(mx7arlnsEBE#}*B}vA*(P^ILIpJwx$Z zualztR=9)DRP#C50N=azcITD$id|V>ALjK|2nI9WdTFhfEJ^P3BSKBy@)wG2`TP73 zcc^v10;LT4F7?Q{0KPp+xmtahd8KlV1 zZM}&jRm_w84AgI?pF>5BQ2zK30D~kxBcl^LPGPCUl`|)}DA90pj$p8*EGCO46oKC+ zBPFO}$mebWaYH$hEz}9@Ty-NUv$fd6_q0;S*0>#bn5N|6Z!1CDL;Sa&|20PW(@w7U zWkB1+OqMLtcAz*$k~NY)s<&|i^on~#umfH4RB{4_O-z8g&s(jPFZ1+M&g%Si;M2>| z8Jwipc+;toIHL>_RNSg}{9tN{P}F=Z^tZfa%E2s2!*V)OY28wj<;DDCDz|ynEVnc- z!~MQ#(MK!mI$lH;MCCf(# zB8IzCr6}K=A{6en&8Zz-P`y0NcFGrc$tr~Tj;9n4T5M-g%X-*s*p2Wmx!X`fsfq*zMy;GM ztYkzt1GuSgXZh(W4Or#isI>QR3k=l7fp9+&GEc4N6FJcC1Kh?3xe<}}$CKeufXp`)y=1w=Hr*jO%_k#> z@A|{lvj-??0qU%yDF3^PXAZl<;w|1juqbVmSXX;T{+Nk;t$?0YG2yWyxlzw?kKb=t zbAzOJY9)Fb=NIy-Th}$hCL(~+NX{JkiYJq`^Hvy0j^jxl)GxuNlwdKDTx@o-JMcyp z>4W-r?ASHda1ffvN+t}>Pi#e4?(t@b*oCt9-}5&qjOWmYQDmD5CUOb<; zKg{S%+e(&ND2F9ZtQEyezKm?vJ+G>wD&rGI5pi*~KJW3acC-U^f?^uJNLt8^v$NOSrtZ}fdro^T

t{Bg2P{cNpv!ah!vySj2N$2qMU?0GB_e+nA0bgXW+^~7k!yXn~= z@g`CH$L8h6ncEi!N^jz0WGnT9jdCB{=&i79auag<*><1YT&Q>E=QPH38f@~k3|@!J z414}sf4q{|r}pto8S&#v#W<-FF)9@@VfQ>u72#w$(L7I0>#Kr+3;#i;)mP16wX9CL zy+$#NrmaBAh1NHh96fc|o>nVA%Po1Ht!K3!r9Dp@PF@ml8#)=fmJ0uobwi;KYxXEbd5^{Q8ob zW^B!eeo4NGQgj@y!(_XtD;0OqvujN=Se`&1pHVBhomiI%2}wvc zaE4U7syMhi*C-e)8>C;Iw_~*+*?+K-t2lA(# zbyw(;j|L~8@6O!fE-GFN_mRjLt)9m~Vsjbr=dfm1i}s~6-)UIMvRGxG(#sL40?G`| zyzkYp#Ur^(lbi9=7VnYVxn4&vlZ!%rvE?7+QaQzbx$7-sugS0F@HI}RgF)4BJF$*e zB6f{1H9o;?347=uSLwtIu>1NXjgw%}HRSRWZ8O0pRlh2MlH$OMCEj^+jV{s`obosc?ic8x*FIJWRy96^Y;O(bu`pWbv&o zSf2Eiu-Wn*)z6oJq~#Un^*w)5MN2r|Q8PU}#q=WK?WWpI&LHTduXujVFhE*z5^}aq zJiT0cn=`%RbZpHd_u6v-qKE^rb_uJ&@fI|s@VV)YoECHJThSPy8jCwa776|L9E@xV zF#8_Be`M2GWE^3P^pn_Qu6QL69Wk49YRq;~SrZ1gMsBE&7RD+bsg4q2qrdYjl@4z- zj&1%3MX@||m2zsvsBR$f`m6+8Id@iV;SI~|{_EXR+3P|lRPj>bg8VJAk(2DbeimNy zO1$A(bNA-rS~MLe>zeO%fgD?193;2*yH*D}5ha!fE&;S-TRCN+i%jX6pdDx{o4)4F zdkh+D$y-b730w|qeHelWC<|Fl@;qhLhuc`%(}w%B&0uAHhNNQ3Uee- zm5^oj)-s$RC?g|Tf>B;gR<10^%G{rq#FQ#bb~(wD>MUVlR7^GL>ZVDhA)3so7=%i& zHYG-QUImGQ?j54u$>I0)8IJ#cBll<<&XR-*pPCs&@0qHC`iG^E1qW@I%0;}93XN)} z3u9-iekD@sO&;2faaQ$4b>X)C?^&gxut5m@Y3j`ioi{6kStECMU*(qRfWLpN_>`$@bH>yFdUcll zzC>}S_CdBMH{}Jly8Gzg99(}cql(r@zhBg~ zipwZX(loqBt$H+v&q8FFA~0%o6aM>OBzA!poZqR}OH0 zl{BPBWS76O!!-Y}d23fC5Knqf|GqvPO@@xlUojR(2;+s6xC`)%*sKo})rdZXLWemY zpH)v^yC|>(8j5cf5EH-ui0zktM@FGb@U}{K>FDHe$Gg-HkJ--(FCoO!%9hOuN8AOO zD2s1;FJ+%T>nzW*QxMOM1Zx zV>rtz?BC=EDv#wmY)TvEHL1z%q9Tvs$7iB%6+Q8Mwh>jJlH(j}yXjFNZ$3`VoNcLf zTe!R_bQxGL&78Rdr>ya+m6C1?)dHEQ%t&s`RgFb@Sbs73llCeyolC1Co+4Z;k325( z6L9C0814P1kxB&LY}w?4Zkp#0BntOVkrv))rP?x^OWd23*6xfpWGg|{hh?tDnmW9y zN1jnapBjiNOL;vAcautbIlp{*q6;U;dRI{7XS~P1w}{Re|)AUme3kwZnsxIUQes z^-&&u{50P(jcDw1bTZ2(-s_Ew=;6b0{U_IY%g(D1F9eHhd|(h>-ST(~pjToOFkVJZ zNm&6c`!38jey*e_T5nAjooo+NuRiORK9=O-BC^1ncD%Fn7B$0$OrG+SjR@@bcW}c{ zG(t6$6Ez`%XOZYHcq6H&{WPiux)jAhT3zg?gMy}niS9<+*G}1@o87qEXWdXsdDej2g7(s`QyE9B4XayqR;a*? zt&CZP%6*H4>pt;Dvv?!Pa&<(l(^43Vg?o*6yHF814A#vtUuEeT=W_5G1fLx4Y9-oSZE{NUqTsb7$Vfw2Td(g2&4c{}D-yua<53`D*atZmta`>HR_-FZ$ zW!ZGtN}0UIrUe|=Octwu#+tMQnHpFs=4^+DyFMK4Xj-C;t%H^Hf|ckn;^-c#Pxut3i9&TRF@QlZIIg?kTZsq@sH z6jbJ`6PNqsp{&V@Ucq0p@TxFi1Q}IGpC^qqAFIi$Nf;$E5~vWQf{qEP5GO?84BL<~ zJ`DG2a?}Fi=r||y=a6X&QUCP$y@IzMJohgaUpNDv7Xr zi7wsePuxk%QTjdnmg98GDb5P%#8#mnx#GOkWCLhgSz_E90}iU5lezw_{@Bt=Rl-=% znHVdC>OM@9_SfS96Afh5P3xT#FSmxj*58f@j$gXX@$2tVZ)xFPxcGAFZRg;rTYZ-? zhVMcQ&tACunlTz*vJuNRHQL9Gf$~ajXxH8ezg+$aSordg+L`0YkD$47Go4?jdBU7vg@g4&AqLLd?j29RGHx)`}cI5r;2rdF4cM zdD%=_iAYc^7dGMiQ5&$=ikFY7ZyO4uj(GoP$UjccI1OIG>zxZMH!NYX|;8+PMAGO{)T&bIbCTN#+JRFneN(7 zH(tnHK28Up|5+9ie!_|3Y7@%%GFDy`BzA2`f zN2e7DtQqR$TrqLmXM`FHl%4h^ne`KEBNs3ulApr@>T3tb(PM~C7+_-Qx z?FvdOk4b+jhu>V8@XhH1hdYFUre-)JwBm;b5&E&40Kpkk+e}t?#yXrH z?t`VaL>#q$-uQ)!mq~TTw1*B`&#f`ggZ+ja=dkvcZCfi&nW`eRh9w$yG*`X2XGpG# zFUFC4Ad`*-20A7coohEn^q=kaS)5!Qx&VD;Ha``#!v5(lO4re3JXS=s=Gr&V9w1+w z=N9fAWL@U<&+!X1^LdT|mmb`2l76;I4-~y5xMCLFBg3zZ?JC7Ec_$8=9ZPH#~44dd7-@QNA z#4Q?nVH70swA7=F?148S{?-JO05a753 za&tw(6kwwfcDzcV%KY|Jx@fHy>94D%=l(6LV)=2Gy!7-`3|3fwFi3TKd`o}cdM6Vu zcTvCc=Q8Q%{sxpD2A6RlVrH3H+`fWcoX|IzeD#gkyq}pui{Hj4I6wc zNxAl#`}Sds>bm$UVQBGGl0-O4<_z^}P*+5f;7d^HMjt4{pYC|mMDWI{n)R{eDP z0J%|i995%g{NxVTo(vOQIQ3z|z;T6|g6;F=)?gqUhF;B{+3|)*e3erd(HT)De=sST z8H(_3j64K)+&!Jy8Yw!di1CmpMHq#xgeq$Kv&_0+QJrQckma7ia)}Xh=y^P}myRZ= z@~${TKS(PNt0d8V_q3&lPcL6N_$VVJL2*vqk)+y`$Y{fY>IJN@*O(+acD1mo#j#a| z+%mtL7hLqj4w?VYMM{B>dne+a^X4ORgyOP9WwPVp zW3Q0&uFnQR5^H5 zKGjt765zj8#nkP~^MB2}+5eIZMv+vE^43^~TsM!&uvZ|kx`17ZiS86^k@!*qtm*Sq z?xJP!y|eAxtykNnKe<7q$PDQC#p&{v8CmtNx)Kcj{*G$*$lg0!jH=da1)P{%{zR;k zU7yn}j@{qS+uGJ4HtsXA69~_IPQJeTo*EmITJ7$~6LtuuE$d}_gv!t8Ap)CaK%;1^ zgmhsW{UWq}O#1O$dj{)~P)aR}uo(Z1M8tgV+q~`4?`@|RLZ0q%;FrAxR2;Dr1T{Jj z;jAQR8K&G>_GEZ<$(u@w2`vb#NsB3qs#=Wj7M4S1)a zIfsx$UDIVSxt8EM-#Ssde4((xfDwpMU+uquNl+uljh>%vF^T{?F}0qjE_>`a!Rx3d zcw7IR9M8YLJD9i?2o3Fd8I-NH~$uq3qFkHVJ)_E10n zZ-1$dxApuHE{#rhjNtfJbJ~F1{dwSZDf0g!mfUWCBNAtD9cB^%pniDmRS`7QDj}{- zdl4iYyMLEQ-2V@@S8afy*#Es9c=-Pi8TJ1&QuTj6_&;~&|Bs;B|GBFFFSx3;9e`vD zye-PQ(6H?^`>)H`e;DDSI4QLI5bfgSrhD{oNi>05tWuw^PWtVCTE?DiDZQT1l`=M1 z)}+G4YcVx+cg!1et=*A=f)j8ypVH);=Op1Qhk;q@n(Xn^pnOq$v@^|R+p zoB{=9419x7=jQ|{O0rkPO9;Azy$!3)*3JeQ&G&w}!~3|g!u|1Mb8>6x$K%NQp$+DC zzxnUxWeaqN3TOTbFF-DEas54_h%mr(+qu8qv3_2VOq6`ASXTV+y&ZGuXG$K*9gG@( zNy<2PVJrHb_1cEAZoq%9OP$V<&OBi?rofCE*xl%}Iu8OxIZ9KZLq_q#dP(h)_<3Eg z=&@Z-^xM~}Xd5Go2&%PRGrw=KIVNKFKZZ_O24h+((7{@QsgBqT$x1kenP$DR?3Adu zoQ;El{z_1rzen)b@8f*u#wYDkbe_1>X3zPL&`s%1k*$8QsBhTx43 z_VSZR&Y4CZEQeg~zX_;e0svQ@SEd{E>m$_4WMJluV8~1A{W)X2IFL`IUjaG`Xw561 z^_?4GZR(R3;imir&hmpQGrTF|8m&&ZY-nU{A0rB*>IS8=8?b=hIzLRpKu`d`+pYM@ zaModJxYd6*+4|^qq~hR3dfT#myvBy3^0C`9x7q8<18J_i!=^~{aAM|FS;4`>x1$yT zv!}aYS33x-!lE?QTi{Kef6N}Jf%_DQzSSX`_yCvOBU`t5L9)S4*s3$}>Tr|3D16gS z@>=Pu@b!6pysD(yrz~3QdpSSY+&NbEy_1}*zBBJq{&8rhY<`ziZECRK7^g9HIC+Zp zk_uSHIeEnH*{^v+Q>k{3IeR!aE(k!S*?r|uvLT*R&7WRK%`P0hq*StRQS_EjGEr^fb&uh9O64Q^#fKC*_1YC^Uv4JfZy z(^iM^z=PK+4!goNrIs4c$zBf^UNCXJ%1H9uy)&|p@e~gy05&zzPdY((8FCq+6pG() z?7hl;XE?*slE7J709Pu`Am;~&lVk4P3+njq->r9RTU_PXPnt*G*10fMpk(-N=H-s7 zN*B*xCCtj}*z0Sm9K0s`;U`IvYHJ5MoXK<%8e6g(ex~)5y zyOEDAePmVfXQ9Q&AKXU&-kT5m&&O&%8xrZXT*LL1%|!l;X&bLc?A8FEWdcj@vnFry z>os%OFd`5CsqizZRfrJ944u0@rM0VyPy*$#JNmqL{;A7tyFT_%Yd?tk5U}s-;H0Z# z`}iCEM5fmMh|VMjp%X)aQPEdQ4Iz=Q9cqgxDpwi3vV#FiGB+NG_wIY`vT77I_7An9 zZf}&0JSTOdH_+Sjc8M2OG5hIA*S=&ZXNc_z`>$a(y%9OeWfq)w1f(30KJjT4{cD}a zWiR_nn~SVr@6WuvDt&d2SU?E-Q7VM1dlkWk9$yX?G%jzxKiB7``pPYbhPxJ&n$o-@ z4JB{>on7BzzdC$u5QP5h;F(B0&DfYptk=;vN`bTHfeu&UjW;U%bce@XqR%s84^Pth zLZBu`cGtFubkxy$5aP5FFh`j`UF(yd^^_G2)Pd)U1_|T~+!%3-lklMOsyVMYt~jW`x7P4exF$hM1&O#+UufO+uR zm>bpf>uRtx2(7pWxn=2-7mv*KUQC^5C&+XNrt~Pc@lvtwwYI{Lf{$e{L(N?zV&m2# zV~DfMa+JraW?_rh5vE_!?HSKbpZ@#Kmz9+4JnBvcAzk(btpuRT=FlGxoP=K4L zmU)vuw4bCzKkMHPysh$^pmZd;a-t1*Z zHsUAah50i#%ELZD(PsA^`c^w*5DNZ+ul7@!c15>niaXU;cE%ryN}8Q`(=R7(Hku+J z`+Qnk9w3U;gddnVKl@>GLNw+;I z^y>dSb zB|GaG;$Pu-LCCu>xi7dxkW=gm&Nijhh}~*y^4BGR7$;LHi4oC`kCef`4F&#puqEo! zzS?Kxr^Vy4leeXR57@=B^WI&!xY3td<+opJa{7--l)Nnd&|xQJ$PG(x+2KuLlxDar z{a^`DEyD)dIct3I!Fa+aDC07qBWasg^G0CmRdv9Ef8G{Ss5`Rl07KhN{_YvVPe@IB zlz(MxkPvzq$1GfT>x~EE>(|VCDeuYp-^}>FSJX~F$4{ZSHS*;p+~0K2ZRWc$vGy*A zU$p93?3ubDFK?|~Z&3gGWN#lj5I45U+~K`j{No!imaYz@J}tcEYKgmIHw~}8dDpBb zxY|ed693!7n>JHnofXUTfKTgaSof6T6lLI_gL%D3lxb4*MOytilzg6$AD=Ry+ekpe zv{sROKe@enCmVlADk}i4`JgEv5Q2uh$~%YdC{rymfG>qYmupy^0J#@j#fJrXj)xu`{G7`#QtelWoQr z+YDyR_+5SO?$7u8`{#LH&p(fUnDM%d^SX}nIFI9f9LM{e0#G=7<=GOdW-R)X(!afD zLxi3WsnwIPzb7b{dx|=NNIwymxhY8*gpUM6?)l&pp_4rmxS2vVEn3m~6`0K0Bx*{+ zc!ff0|HxZ*IF2V2hyx^Tk6Y36*JRdj5Dq_R9#^BobuaeTU)h!X*A^2oU@a0SlBVEv z=z$2PXcE)ZpOKWsnZHz>gL|U4-RNBA{zBA)B^9p+PErrdl)rwdJqTCW>wLP-rxYn+ zkp%QfVEG=)d>?(p0>e{~Jr4_A4Q>}NP1dqZa~n63qNe|y0^@SZ1hAP9o{XkK1s61D zC$P}f_E`?x;_;3D`abO&0OfZGPYJ*uX=fqV+=&E^QmOy>tpLFC?bKP3Km#(7i^RIy z@nKZ0ABR})70AD6H$xim&-c(0M6+DkzcydkvbOQP<{v)#JjCt&SN1@1Eg#oOI@q%4zlBS6 z0|j9pyMf3*wE_M!YN=_|)dO$T-2I#Ty4!I_Wt8)iH4bPlqEU<#psbT##s0im-tpsi zFu#kot^_cxvfrG#+2^kentfvrDx z1n5uMdm@pC=Yp3NPD35!4>K_ku6>M@NwM((MgsFX2o;CTidAE}Yn4%yM|-q@>9KL# zNo6Wb%z*4-aIuczcP`MvbgekaVUbg;KQ|zJvJ%M_AQpO$7OyjXB&rk;`YG>Q&^_}3 zCBemy41U(8(}?M(C0pKiAcFL)cR7dxa>0^f1;RaLlS$WFQiBd49`3kEvOZp5^=9jn zT`CL%t}EWMs?49Ayw3>CDs+vMv|0EP~K&*J7Kjr`o z(HvTrrty>e1GCPpcD&^xzHAPT zyL6~oWY~allPB36VnBn0<|=ry5@!#coUC-fvIWYMfH8^K6vxR*+T7duNy^gwX@F|n zADz8)A`(0SXjBz+y?hSUgIW(r0^I5-M|Qs9mmc$gA&U-@ zQ(>x5Ti`zvJO8Hh{iqd6U`MO)xQowH9QNL5>0Mmb%5}>10=rTwxjqg!La7WE$8|Da zdC0#2Ee&b8hTQ!f9D(`<1Av(@Hp&A|gl4awASG>vJztARrqvjm?_ zC(GD_1t_ChySi$3n5QY0(YSQ4H5Z|@zYN+R(-Up*wu7|AF`VXiuUvpHS8sEj&5#(a zbgUdiR1kbp*RK%}LK|ZMzd4GU;jvpNxy~BCFuRGpNlK_(#4~=a?voHM@c+ zGo|VnGrMdh-J+m@@aP~cw{xo+T*}K)D|0HS#BC;0#w#m~M820XEqd=@Cle2R%wE1h zx8nfya@=1gY?edkSG;oRl?|7$uBk>It{(Fi zxg;Z;GfzeV>E&g}Ie@wt0U$7=eb+ii*}?v85+ zC^3WH*>l^4>bAVJ9mY4yV$=3%V1}D{dWu7a&DGqh!v3+=RVz4QA$ye$7>6EiIC$eecN{j?uJHqi2r`+MhY?OPWORwd51jYhm@w^^U55v+%82F=A)YRxvIoaQXi zF*JK7XGWTFrnxi&YBlv0Dvzd??l-NFd3x+|%_5DL;U37luyykUUvPM{_U4&eZ$SAW zQ4SbpuaA6SQJ5aDN;tUGCHF}|qd6X~*xixW_~nW};Aw16vUznzZk$N7H6UA7;D<+v6{HPB+L4noUlJc?91uSCy~dc9e4=(By~o3b131^F8A|W$QBE z9-kiGe5~PXHm^NUcFC&Hces5{OFH|&!7p5&nHup@8X~pJ3(iOA?wM!T(bgA_AoJ_6 z1-qDa?ObM(>RMAFw4)o4C@K!?mWjm!9+v5HvYn})8f(sSg$J!Hyd=!37MRjggHsX; znlKE6mds0f({qT!O&qaiuE5UbZYTfi=Zic6E$PXO(*5t0z0-OBwl3+L_rSo zj?dTwKaB@_jt;q8$6+OmrOTW!&qNc<7Z2z^^kkd!448sVn#}M~sV>lOjGOdKHY4|; zgjoTo05%vQv?U=tWPL)qJiV@P9b$2A5;KJj^Ha-xAo%D#F7>Kd{p<9T9%eAyOEcg% zmGJ|1@S5C zvD++17)Y$dJq6zH#2fx}%~aP?mxoKWGwHElRxZC6bd;M8Fi`plylQCU#+Le8qFx6( zFjihLRY2ND_M>k@e*qIGZjL!>4{Q%obgXB@&VuugzxWSV8z6Kf2B;W|b=-Q*e#s*e znd#YnM_@}POKA+@;iT2t^NBb7S*uD&aQ#`azWuW)`&`rm=0)*ZAXXkdF=IgcBy@Cp!B+3pF{*|jNH$7pHy%L z*L@9Lbf0ZcE$$xtT$v6pgA@J8CFJ47)4Y58q1IeV^g0t0F&xvpBMKu1eYHOue?oAwzR$ebff&r+^{1nH>a}cA=$2?%z8JQJ$P;8w<@9xW5j&kWi{jL zjY*?QQ_= z9Txm*H-6|!r^P-@H(X&F<_%dsEHQkl)phuN7O7`1O!nI+2W0{8lqJVf{kj2xGPJ36 z*f-`^bWcHNDm&2V&5!h2vrtbqtD5gsC$`kX`iprR6rf~fIg3{*ctDJPL5YG}BBOSM zbv4XP8Q1HY%;Wq?MJ5Q=SkGm`C-b_}jI9UlX{KT(Tm|2eMnqbk^cf7}gv8|8^=iDt z&>aBVI&iKa3=b=q*Z5$!k9(AsQZ%C`%_9ZCBLpop5CNv&sSt}Kz6x= zoP9AoJW>4197+t2n33i#*7_vHtJd@@(aO@EVtjvS+l?JUdK+)TI2`zDmE+d@@nT2o?0~7%tw%rOM5O}e#V5e^IOm#I?@SsGDrU4nO7_T#9IYyx)7sd z-gI|wqYC?1V|P#ceunAJVm6dZT_hVAf0g;ocOrWyxz&`Fcj-OOFb}-j*n5`cKddw* znewpWumI!o_pDB@A|nrojg44d3U#|He0ty40_lv*kZ964)^WGj0E2P*$Z*ucime?-f7tCcN8{$vN{0wQ!1h+BuUmfz3*1kqBMApl2u<> z?@ze+EEgG~o36D~sVHqA%CWfEThO$T0K$y-2%R`w!$H1A#ek$AvD4fTk!p~yk!C$M zd{v!xw~wek26tWh;ew5#rgInOUuulB59X_ftxJ4OPKT*Aww8Av;t3JXljH03m^`dn zJ^uo*Kav0LX+`d)>cUHJGBREXY*mU66PrqN+)z1jw?FS$^6uU8yU2HMPx8$9bX;wD zt7}~6uu1V<56@Iv9+a@OvHjiA{A)!qxSYj&z9DNESg3HFxU8SlI9ISVbrBdSAvIp& z%5?XO()KRpfX8PZn=S-ToDCUxUi6o}YqBF>>!3BIdO27m-Ig|dsl{whTABXN3Y`zS z*-};GR6r0Gum}BI>#ANFOBpMT=Ba#jrHgYwKlx#TM+GP06fT;09xbdmt?ZmTW7Gv*Cl zy&AQf?7gcbT+b|X#54M|XT8qy*OQ$;mMQzw)f-?yopl`F!dP<6Rdv72QC@yJKV4Gx z-^k-b>He#7kV?5iaJMjot(;EoBYZa(8OjMd({MtGlRdA@`@LFuzdGeb&H|f3+TL{d zyI2S5yMj0Kp(8wq>V85V4#9UmZ&=$2-DbS&GryPUW zkG%(y9vg^k+pyVpH5l)k_u{JJ=@(1~x?Q)5@^;g@b@!BRN}rMBz!n6zEz~11ako>{ z{HZ~&c`S-N36Wo!r7E*tI(r@$;p^PT={Vw;EFp^Xm2Ryb*67H}uN?(&lZ8N>U@2Rg zi2=(Uak%)uot4kXz?rf#f8}uBlu*=6naes?xI&QWv({5~1npYxJW`s#2Z)oy-eG1< z`|-oUlGh(RI&nF#JV&t!yD9CIvm2wRyBKYV68P)5(Mh{xm?aBLk&hbE8|Rnf(M}6s z>#9!eE~f?7?KzH`*k1*swCSdMuOlJ%lB+dq*4V|OHg2zX*tmaex`6P=V{lLCEDwyu}5cvw}|r1+x`Q+rCK% z-QzLAECfx`>jdp=wE#6W6zY9H2D=NTiK-!irp5=W9wDFLI2VT$c{Pyog}mc9)LrH1j#-zvjyi~vZ}TfVTJQ9!?8 z2M}$d%|9E_>T12s0$M*tBY-)HW*MG~70bm&&sGd#BHOcSEk}YS_nkE}B6a6G*@JoX zACAfrjH&h)O|?wV+zgGlSYHSbm{`mv5j8vaUaazu&F6u1NUs!VN3}!2L=K?n_Ty2d zt@ViT^;oK_l{~VDTe~&Jo{R%T6ikd5*b!{x$ppv6iFqS~B0#x{x1K+WTNf$aM79k5 ztd}P5*kd}Mv^Aegts}eY5z@iMQ$x@EizImoH*M~@Xl9K444nwy&I?@W-w(AdHkE3E-3mix{Aq{8lDo}s|6=p#jB1MY7p4Pc zbR&4zCWTyXbdhNT>ioQ(-Q{`apZLG&Vd;|I=ulRq`WF-6D3fv{J zjGQw}pkdOP{YO>viuJw_pOKVBeVW=rljgHluB$-?5``y)4SWhc*TVUAj1)kgtIKJu zv1<+s?umNB|DNBiFO`Ao0s)jUQCP{%BC*K+?-fz52;HPAa(ap(pN75)503D#&CQKU z|5h?rOd8GTxcSe`U8pTd;2f?xiEK4sG#B&&XDqZtd~jr5-l6^Q=^MHk ze~KB$L;0P6<-H!#DW)u$GD0ZcoLY!nDbPY^fg zTnUx9fy?%erNFTKAD08jP_F95gdFXiY6y$^4XYoxfL-G30F41)fCDwD3x#TC+u{Q^ zM*_=#_eTM>qjR?UBEBO*(2g5%2f(qYchTQ~>Orxr(&|*};(v4#9iFbw0IgsyGSVWc zK$5gTdTK8AAKA+>OVP5uUg?)msS-g?DL{=DKya_1Qp4W-_8-4NcNJcw^h1C%a9LwR z((k&mznr>qpr$$?x2MkeK^&3J=O0~exb(Y@@EJQ$leg|qynOMVBk`BjZ?!Z4oG+&N zBj4N}ttHjL{ydSUhq_!R62*Cxg&rlbn4kDsJA>K&o4!0ZfP#-RLRW&nf~({seyb>u z`mo|d$DHX6VI|)DZs8!1%1`Zg(%t~W9=$KaP%M3(9t@~vF5|6E@E!pw1pVK`GT{1- zb!Ss-9K`v}Y_-x8araiIS}c_vRFltSck9t(A-VW;aSev`@4hW~k3DsM1J^MgkR2&G zx7KKSlW0P}$x9&osIafu2`nBn|4ptpWU^`X$9kF`0!)aB!aRo%0KY4P@KU~vDo=Nf zzogjNbI{_*)Nl1i**j4+o{eQsWTH%(Cw=yXR89DrGQRGu;+N$rRKSjI(@u(X)BGnE z6-wH~xg6pSoHz2XJh`7YcYNumbU4wTg=Ki~o2S6=1Q5eiG!&L(8+BmG#I-hpZq(*Qg3(NiaPP1{BT!!{i zZR)OxKB{rvLGs7j!C zy9rNOL+=75;#zE+GRE>TpcHp$6p%DtnkuzcJ@04B`$Xmgrm?j9{Ty$C49jxhJpLoG z?XMoZ>iaW`0Osu*>IQOhPHIc8wWenl&Zp0h_6-h@a>zDVQ){6U49DC^#f@^cwtFmx z`G1zPvRm%Id(FmfJ9wV2jWPb1&?WE&Ctlm&Vzi&zYR@}LX6Y};q5TR+)3gwKARqsp z;S;l8(z38h7};qKv1r{n{ujZMQv&M$0?v+>ZE7bwu;%vfzb}F1e~o?gx97pm7?ZIs zQXJnorE3k>&P^~sA{zzg^EK&|?LMsnfCBHp!hC*#X|CbWx;~2haW7Ys-%YO9C%?^= zEzOlQ@Op}Lrc$}nJA96qoZr`17IomA^WB~{sb`a;P?`5$GJU1Cy(i{yMBi9MR`Fzdrel>V=b6iaP^|QZs zQEfdz!bRv=%ViWL0kjZPKG%kt&zfFHy?$i5LbQRtV-Sfa>G5>3QT}yAxQ5Et>HG$x z%<}d^=d385eg&#Q!^^nZJXD>PMeeOgN&h+Xn6M1F4Ho=q3Crk1;jW!6?v?!?3YwCsGSJs5H=YdD%JfZ2bK z{^U5%U%UeS(-E*dh?O(_$a+3P*WyW;WPr(Kz5dyHSIn+b3alH2?^LZQ4K$`fhcZsP|gIY+~PPIUX`1iZd1E zLek7r^9}pKCZiU0B@W5%*6_#ByVTjPc?mK9LYz2-F2lJts7cW)WLw>+D2(wr$-6U{ zqKq1=i1DLYgg^4=k-KV(=xA{L)o$RwoSQfl`$eCA*1RNe?Pt6X+=XVkl?Qh#Cb_uc zPm4N0#F-|>AM3IBSrnqXK-9~^Ybv{nB4`h?PL=sJR64Q?qtp~ik)U!;@wD(<4&t!aKmobue|yn7psH(FY-=Kf72)#CqQ}Gg6b_eREFy zdR|PS>nA#A0O5#2+^*Qnz5I#ZA}JIhL^7hkF~i;tFQ}wG3M`U}ChJY7IJ(;0!B?G8 zhz-}ya;X|ec#6xE>wHkK>**evjOt(ql-qB&8SWZJf|v~smMghwpGd`DBzUS8sWxYp zt86dNM3;`vFm8t?1k&=Ii5L7lg*)9-)HKO=M`TG3YZ*-=bKBXO!RB+*TayTf;cJ5| zoFGj}M+d^Embvl!?5k+vKx}2_wkOdtzG$iC_@7`P zC#~+R)BZjISY0MoY?3^!(tAR#ikDt#wuNy(kne(3cZSsE7wO633~Rxz1ZSu5({XnX zzFQU^ljBL_{XpaQP3|1YM|)YD!o+gzxilujg*EAB727u=8@145kawbui^_OA2F=g= z)73BZV;Vcw>$r1gcE0j_6su2buoil-lCLvBtU`&^6s?h`w&H4UUwb4&vja!fmTxjo0b zH}{QxbJ9=>_Y=_9X;U$CZFhJPd*B9kN|CK8-olRFY?zaH@j)1Bi_e=y-Hlxe@9WUx zM6;@5LXitHrsa%;B3#GJGGZWPvpv#EIvv`x~B>WPZbv>#0NcN{h=bi1gb z$KGoEprkGpN)f{w>U0j)d`49q5UhaFj}ho<<8|XYfuoY*mwA@l5rs+*wc}krv-Kr0 z6^JjBk0j%2`xF*?j!Ucl5cxjINeCocJuD4D@1Exe&Rv zyvm{xRIG*3Zg@6trvGa|a-790$kT`1WbBPysBiRpcHWs_{1`Y@%+-GL~+o3ja zV9(XZSHgKt{d}PM9r}F;*FlrFGgR#o)_5F#>K&1#EI(B~ZBlpB`N<39*L&!fCH-L* z=-|JpczP#j`~-}Un<0mV6`ZJH!n+|ZpLLdG3Ss>b*z;`|ygWKkpam+8sXV{LbIkKVUHoe2M1*PeVnPh!@3KHP!ADDBRI<`?^c zj2j|{KbBsg)B}!m_b^WYcrvlE@_Df``49&2wpfwpxtiCG)Vrco2L_T}kP7CB^YG2g z{CvBCNGr_Ja`$pwAGIa42rn`Z#$QD7w>M%3T)-Ps#zQNXg|1NPAcOMt%U=8T#P@;D z9lb7E-tDYzvFKd#jd30%f9=niv-k`!z+{1)u+CGlOq$JOsSV>;+4O0>w%G@R=o*VW^cZj?}?7TQ{ZF8eWl*1<8G%DS-jjw zaTf*rF~)hRX|s3Wh0{NJmRTnCY07=+yGuXjKGtbMqB4(Mgx<_L4Gt?{ooaUOL*j~I z;kPm!J|DkJwa^vBGy+!~Sng@iV%HVxvHY?mCSWi8Xw&?7%PM(4(7h_fbb{g&Xpq>0 zsi5F3!$9la>I?j$6{>;N4{s()eE1+;m*zkw`vS5(mJ-ya;zV$_Z9`Qjlm6z`!gOX~ zPYNuU@MrUVKpqSUl|EGFd3YjqH5xVM4B99pCVz1fJ4K2}v9G(bcmq1^o#d2NJjk+! z-d*=#>b_2-HWy@ULc6w45-A;ensC938ard@HCpTdo6&gTCq0jNl>udxY%!8u3ooR4 z8Z6Jby|XTF-=sQTJ^gFOcOYH$1_TBRH2#WSxt-}Ot#1apv|tb!$(V}7FMpa?8yKIx z{G;U(_)hePgByfDZCg`+aqT}P#9epeDc@W?PQrY1b{`U6dlGxqQmW5bkt?_aeEosI zUeB9x+&!@8?*~#z?~u+Uy8-g0YAE~Dm)SwsAfGuMllC?FxGHut9rsP4;kE3RtRi+k z`i``f(&?HAUPhq1XuRv$NT1?|wpsqTut0HDfn12xyqT=;QGvZh>wWFmnoqjx&7_s@ zoYQT{1>Lq_u*cuisVNe0DKBK6Gid6K!{&CY?wQ+AU+?9mR@Qo?Sh@!%wmKLNql897 zL$?#w--Ga9>1DLb9F4xf+H17matOdz2=WZqewhbTpS1_)?h2Gjl)|Tw$6K4Lb<)pm zZC8R{xC$IC>a}bB)Ftp*U5Qvh{#(lXD4%ON`Koxm`>-Xj7D}Z{*XGCq=vI?Ur{itD^x=+BuOid70+evG?}>yce$?SSd!s)rG( z*x+H@UV*#Cnd!>UE5g9xX^cRDbnMkZSK^OPmH7-eS}M#BR&|_vblZH+S7*LRi(B_a z47ONcJULMOpH(z%=>3k|u&T**FFEXOIsPA6+8Yb`@^)CFvDZC%wdon-i*4OOi#q87 zJ|E(WCHbUPG&F}lianJnbMTKF$|~;+Y9%~V87!`>KI0V>dy}%5BzmL<-bS_9)7P5W z{KX+jgbU{WJW|SIMkZEr=aM#DQ17X(U~b~#1t?ZuzWuDVu7uINZ%sg|4I_jy{m~!h zF$_s<;SG#NX4D-Jl|W0A%H{(5Ru%ESEy)=B;gvZidohami5{qVLNpD+x(zkOTWHy<4#x!oziQ>5ZSC7`jBfBCR76_aQ~8Y4*j7p&h( z)ow#}{S@%s?kMx-HUG01wp$&L0Oj?m<35C$V4e{av?k~ZM(0v7r*i6~9}QhI z8(rCZH4SmpC z4%>d#SDY&;zL^}BMvXK~sC`+yDa~avT(vnO+%<_2B?Qa!=kf6cD0k*XJTo-y%_hcJ zo(?mUdcplhYj-4Wd6GBmol`c;ELdDL9K(Ej5%F<>+*_VFqy1#2Akqd9B_e(O_CQeN z1u35Vi`u&PkOhK0A=tNExSJ4Y5Q-svoLsJ;Qt?~a+g^|=o7hPhwZV3B3%9*%XUkgrjcyYL z22-neZdQ`DZ`P91xDC3r#`A%#B=H4nFf)PI#NCGIKAdMY?PwB3;QWk08gct`+5iwm z^_8ws90jq%foRT{U~7XVTq9M|?4K>h)r%@`tfL#@qeI-u{pp^kHtQmH7yh1pQY+=v zz$1Li4c1ZU;CXw{<$mTzyhIV8EbpMX<9_;y-K#f7(=W(9$VJ9Gae2DF=jI2|lOBu- z2p(!JI4eVc2O|b_Y}3q*Nc9IK3+h!X^yMiwI#j(jYh88Ak>dE80mv7#Pe%pcMcTH5 ztehLHhEg0uYmuMRV`I~OvM%sX%+G0SJw3ZPZF?ua(puFcJzze>J}!G-yKer6*n+g?kFC{_ch*3pSQR4nu!# zRme*{F8&JV*)IXbu6D>Y{qS?6X*R!*-EpWTfucQe% zgzJP`%g2$;TY>5JN2#QZyp)aypqT`IMqSzy6Q#=})Rv+u`U01Jc9nzO&<8JnL%%6@ zPtDJVr4~HrfAr5k?KCIFwV#w7pfJ>Om@9`jTJz8QTpvc3U;X$3W$@N6(p0Dc{;=cG-wl z38E}U@}-C%LvK_t^<{4$uWh7AcU0Q2&)Hih zpMU0Shs^{a58lS^=wB~CGbI`V>LBz+aMxdQD`Tjwa1${3>u@ZS94uI9G*VB+Hr7u@bO^Q%0-suS+2DG zgB^~0ra1nKLz>4IrHcES_WnDoP)jL3$i?Nv?P*6h_FL+-d`?$1Lr;R1rR4ssu;I3# zQ|F1O1I#SW$YwP@U9x65LQYP%VMwHt5@lF*?NL5-{mE&B+x5v_$L9&93KrI`=H{Eqv5tb~#9UN-A-hxEL1oapEXaqox><7%P;ic`U6{M( z?r(qGM6a=o$TfrsEASJ`tBoG8mzb-zrO#HS7@x%09WQu)cOCB`M=HXiPYcIW@0>ms z(S7r>|HA1mTgN2!>gMMqCT1af=Sgr_U>9Qjl*w&%y3)~fmw%ShVn6Es$HWodxyMgmlmPYk9t{Md`7ZQw1QJ#lA*RctZ3b5GwmNw zcSOy!&nN264p!cxXUvwx;N09O<9hFEUifP^3=SpY4WLG&^!(Q;Gn=1BQ*>VLrJ*OT zxJ+n5QdPdz#A|_m1xz69?CbrV?T#c?VM*zU09sj zg7~hJ0(%R$)7Z1O*0nG}U~b7G7h3t{V7D$-9(a-xjF<{wVX z4|nHEM*DREt@;1higxNzt}Ma?Yecd(g(*Tzt{V_lxap z<}v7sF{lx|-<_rkb)-DdZlFiw{bn7icJ^4(yfk;M$|sah=W$=?W0@2DPc^@cZzgAI z9mXDR1y{P{D?n07l2CaF%e(1k*Qd+Vh@V8hmgPS3lwSIK5nY2ky)mqwS;U%o0kwc|jG0+}Cjs zSy!qT&B*c=C9*@(Km0Keq#b~z7s4vAGS7n3g*B{4O>2ZtyWbdEtpy8K`z|+#8zp$4 zbLAa;N9|A3D8XCONePkec2HV8l~0sH^f>=eola}EziR2~6K-=bVclA~H%_W2)(&1c*+3?POV%vLcE z+T(FMDx&YYJNQHB$+-9{%ftJ>IMxw7(Cl>^nx%dIl1vlXX zvqJjhNnR_Vhvd1c@hL;()8L=n?{Gc`=gL%Md;8DWC zr^4^I+8%%rET3PBmNc?(a*mTp+i1c7a=`iR7e~Iw8(Et&2Tgmkdha#-C=Bu^UwY!4 z+e3dG)zat}XqxvKY9m;!!1@Tb&C31Mex!g8C(A=nYn_SxvGaJvqhp)u^^B-1A4}GU zjtHWmT7$ke`1_mu!ttY|wAAAkk}`=2rf#`Sr7wm?wx@q-Ft1FYF}e^h55WRJ!b>~I zPL~*R5wX+HelPyey1|tmjFZ}ZsziZH;~mUfjkhS|$4i82gcnf=ZxEkJvB{H#fJEjn z#f2QZ5)oP)DH^RI{PS*qAibMIX6GvC{J?cA`)9fnC~8DAkrc_{iFssH8}`z52KGFG z;RiC1)UsC{iZSyF4lJR}r7{;Fng?AntL^u0_=|S7QcR3JVpNN>tlP|H=`BP=ySz2g z>+)zqlR|OY4CGymIns~Y@fb|r>ty^Hd;i6Co7rA9dO+5UG#P{idhK^gQN3_8Dg_8` z)amMod8Vr%^o6D>wbrTaCNXYrw2IrP@b0ktNtOn#Y#B}aSuHXCulWE+p}U@Hm2%Ld zg|=L=U#A|Ls=mHXc>GmOLsH z{DG{2jm#G4`G{EROoWZ>y%?+xtFyV&=IaEbXu75Ag1R^A-a;JxPyd~#;ejpS)4J|1 zyJ=Y*quXXYdr;h;FRdfN3!DXwAe9x#3vDcBzAmi1DD$jaJsfm@KQqhld_!?Lc8`dS zO>8#;EY1g^Z~{_u(gt~F$|8Ib(2H5)7+0{gThFmt6>HmsUItFUy2cx}?w>4a-C>@u zC>~YsYXv^okaP67*>W#VpGJIw{JTZk+dS3n>+??&>5Pmh3A00YCH8Mu6@zTPyF=Ce zx^NIgM{kdC2fD4W^N6ba(;;Q!c`FN=Q>vv3S-W<=IJ~W(?g)Kq2mzJzgG^>pii=mmW3be0uz*Pr3FZ2g6%~9ZX(mz3Ai!$?%omfkS0xXMf zyI<3e^=MiY=*HhB>F}L>>tju*TM`2{;N8?wSXT z_8#fvG|pL%9qd^{R=oVOV;qts{5_?xw>e^`Tg`!2^cAUyY`n*@UopT!Pb$kw8d;xV z4@nnR%c)AlVL$ced2SPaS535Nrw!rw3=L{iJHF(yvaw2a&>DKVNCSzVdbh>#W{7*9}xV?0oVZm8iDt3DvO z<8)m; zOA8)kzc={|EzlGc3Stb?$0SRqfK-pT*L=QKysr0j8}xujci9w zu^D$3|8W^ykGX#vC_PMu9Ia~p+JYaFD@M;jjvHSR|Q*K#-v>u>lYZI0MRnp_UlVzszAE&JO^Cu%NBE?XbBYbCk& zt5?b^YT#5pL*_ets-H4{;?gSe3p@>n&+SW-gpMhmSo-0qTWu+@7sbnrN!(dl0FNrE ztc67!u3~qk%v9go?kJmr&u-2u2VN2tC@-SiaR@Z+EkF$feGk|HLt&2ME_@-DD#&A_ zE7RaSeH!(t!l@dSxd=F-rQfk`k&vZux&BXwm9fO0s~(Gn@?RPk{JL45->1Ythxtj< z5zo_5v3$a7NS_NJhmOrBIC!eewOeE}C+9o0iHKzKJ?G{}U97yy9PK;n9udeKI4R5g z%9c5Hp}y9Qkw!5&u^bV#T&KDT3YNb)GZ!qEcR=j$=95TJm0tY>JHXRw1cBWHlb+jB zTZ=KP zbS*X3LNOw{{A%y&Ct?(!ifiqTN*h)5pXMinPIcRW%yDR-D9P-tUcsfVC4!qVb0;jg zf?PS%-s*j>pGZ~?f#p;69@fGzS`gBGz5E_kdk;JwvWn>`_9j-*u|dXUHtZnhouL08 zdr&;;%axTdxYtPaMO4HMhZ;ABX}g@bZ(p(nbVpbj-a6B!@im9(6TKgsP2=gX%jCs8 zRC1^B=$uSr3qB-E^|OYPnN_8j^KK-ce+X*X`AyI4~n=}!69FZg!G{NdrcY6|2C zl}e{Euo&0zPK)YKV&9W>ePkXqIf3fSzVOr42D)}X-MEE1#k5x4Rz^QcsMmh3 zTo6-EkqUq^vbztBOePLm=S5<4O6nb6W=@nzsT3A4RE0{~6Yd-|RWd?c^t?U_rHJx4 z5;+m%oAb$(q2$t!FC@;x=>)%+L^;%pH(h?H$Q3_6p+!1=iKcCk~0 z8!cqf!Xou#DXG+Tux7^^DW%A0-N5yb{WG||8j{Rs8KJNaigc?8>#Z#h8~fCAt?T?B zo`TLt`+$fvJhb)@8xa&|+mc7>0*`wV@$hxqn-=Q2afU+l0#on2G8z5S4DHNU5o3eF zZWCQH&Pfc*P%?nR!aHnZJF-PbwCjt^`$(4vx>hZn9#4CXL2i;}q6Luyal?D9K=Jk~ zLW$qLNW`1&T1dZBmdr`fQatSKcY1^K$pHd%<;;D#fZ>A>gYEOEn`QQxPEv$~VXsC7 zA)?UU1FZ{sN>>jLU7W3$yqvNg)LkHS!lpMHS|De(A0p{-9BDs#uL{n#^^GCZHyBD@ z*x>ekz9JF$?J>b*iltYpYInjJ@aEK1)(2T^SsRtwGF)owrmnEaG_$_)94}E zs%|Wgz+e=)8iHpZ5ZnlPH7B?HNE2Yl7;5gBVVVukSNXGT+q`{Tq|tqq47`6cy>{r@ z3Psl41(QsZ^@z2pBF!*#T@^bXxA?h+W6e7p!+EfbrrX=jWi3)Agxp$Fry}G%Vk-G> zEh&PSH4*y^s`0|*W(~Pt$EWVXbH-)%jmIpfSu<%Z`@RZBkLnSnZ8^ zAgLQOSX0N2BUJMpQ$97Iqa$j7oOZ9jZXl5Pw>DJLqhsxx9>kMxhengnnaQgxt(iH8 zh6BO`5@vIS0sa@?;i^>A(VZYaCm|iH5nVHc?E1V`U_W~_Ecz2wA7SsNuKJUje>zyu z77g5T=29pRJ;q?ObExt18_cm2wY@S9cSg%I5$x@!%DH)@rv&9Q_Li^->O0@>ccR(m z(%5M)>WNnb%#((y8NvHSZKS8j7z>uYMan&5X_z)^aj2J}+6r^61O=`%Az>GE4_Ebg z(Rf)KGhU``D?uJwf*-fWWOG&Kh$-1UMfHrlP4aYHA;T@}xSLja_XwihF+9wYz8_11 zXkr?KhwLqSi-?00`{x*7&82sG^BrNW2e}YwwJPvmrj`U_`Ct@>I;O<&)d%;@=YXF7 zL0vm<{fmm9Y(iR)bJl>=Z27{b-zTSbBz^G?>S6;~hho-XmURDVnSP{#tu5xs#|r%+ z_Wxn;&EwhJ-u6))?6wr0R7=tB?pA9qtq=`uwNwW~O*MsX)R<_^Vn~OL-2rVCHH4z3 zAgLhm6EzDH3%K8&>dCk5@e_Ri_wrXyO}H8uh^2hi8;h2 z9=(@?x9D40?s|?0GAN%&wIoypN|g3|BMvGUAs$M&)NX8})(#+Navah9afmEOuMu_q z#FArAO9M5ITK*W)9X2@n?~Q9qY||8Z&ph;-_ii_CPh(r&1XiKTD*SH&xa;X*F`wF_ zRRklWCna{(h+!UjI^1UGr~g_*@0#BMHnm+g&BI?R^Cmn?q|6g$%^_u!#$>&_5jPpL>~KwuiwWkB%h^+rl*mj}#}2XM zw*rN5d%;J!6}{*8Yu-my)N#kr-!^IkbEzYwPdol)VShSw1%RoG`~+E2PFQmCqWKoE z8Jfqn)TauF^l~sMdm{e->8;TDwJ#L$>P)3G%n&k z+6!NofaF@8URD&{8XEWTlLG)N6YSTa?<%RZ(KnCvAZn>CKdE+>HCMSC40F3`-c(ub zbz+^*uBMLY}?>eV@WcTiz1~qkdL;oi4{`+;94cN;+wYnn@>x zx1Us_ns(Pzak=CmR@7ri%Lv$IJ-M~ zE)ronwGP~&J`5X`!&Y6NPqi^$$K-mTqc^|5@#77(!C+9%18pyLWx1_6dv5@6X>(%7 z<&ublg|4T6ejDf`>J3T|bBg7N;X%FEL0no+2Fbq(WQmI}^N*Z^|6b-ObgeoiDFgJs z2=dA=;2n}}0<&YpsQH96_$6g`K0uZE8)z}kR%@!ywkHjDQ6&86LH!a+qMwa4Is!rO zdqMc19k-aAR`LnSuhvQqw%efT@DI$`6#TtOTFtB_A6$ez+fK5mi9W#Q&tB5+S{!03ynM%Mp{T21w;xo&_7}65b>gf%fLe*8K@p0l z4qf?+_7{F}q%&*pe4Y!B*o@`m+^DhsO@+FZ%nYemsq5DRMMe*5h<*RA_z zoWa9M2Q6JC8a~=`qVA|-${F{5Fl7bo0lUV!Ih3jw#WQ{}0V_GC9iI>f|4UJyV{;xH z(kd{U9(>a<8cNkB9VQ;WbsmKUjjz1pel$7?o(BtwhZ(ZqNUkq00%y-+KB-o}?;uh- zp+9b*!j1%4M9nx^UB^5sO#-ujLv4bE;ZmHRdZ0+Ub1QI`5=95R$77D>O_g@02DLlM zQOB(FcDYt{0+6+9Pa?~`OUR7u1XG9B=H`OKLt%)j$;ZiPcDLS#K<6>H?=u6S?x43^ zln0PE44=D+^z7cDar3um!>v4#chq&1I^39~ukfG=@3@WZf}ij-^gWw#Wg>0m<3GL6 zw(~$Y@4?B%_W9xmCy}``#(q$dQn~v*@I=L!I0y1}6=VjnxM=K0l`sT;2B^G`^^`9) zdW)VXo-NL}!OoP0*KDh47mcfwy^N*z-CEfMs1d_VVL4U8jIP=TmcFz;X}9}B#wHD~ zsEl@67tA+i*JOQg@|IdcU@7M3~D@Gc|wYsMcqLoW18 z_O$bZYN}o`ZZ^$6lUGV712Oh-n4v-lXd7k1C?`b88cNr^^`zCYJ*rRW!_SH8yL~y? z#>0%Amw**!jhNu}z#9E~*K0ppbHO(aAGm@(CS_12Tl3|<2-$)F(m_R;&8Z?T(SEZ9 zTenYu);CtHUox^IUC7gR z-R=lZjp9|tJt|zpX<2Ur%~vJ&tTeh34dO7U+!Ym>M}!RUdmwER;Zbzoi%0o4 zug}dTw=eSE1~2lGABT@VqTWu>^9YSJ~V-FWW***7@-Of7B#lf zNN91uS=GLFtoy)^#Yr*xhpK>l=7ka`u`p}(GXKfX`jdAoq5vde=2^Btt6IaRs0rPV z1ZaXyqBmAVt`O^nWJ!@g_&+pk(k~~mg`7*1H+b(uCJ|&(z#11@c9PW-w$OuGVM6%`^s6LwN4es3-@i(h9u=xaB;cJ zcVv_@^&%Ngj4HcTsY97}DqIP-&M#&4-=t{8^s`b4Ez=lm+l3zg2^)iqApx`tHY7U+ zt0moI-TMfQBik?r4OdW+E{uKzA_uiXs@T86&%=MPe~>D@Z^+ZLKeI>pknzEpNpxIx z&Tor&Nh^|Abg{u=-B>-L`ykifZ8|d=9+ErXMD|Z2O^Og@t^dYB;gRjKRl;(nhYAmyIsGiQ;5JXe%D*8M$VcHb+Vr+= zVwI$*tE|CoklV)CBLMEl?~%aWz1HJ4{Q@6xNO^Z_y1D&%cl6#ilsu}|p7pJQ;W^Ru zzP39>QVMp&aPvOyvzNHfl@2K-HbvrQNnlKYSaGG-QTiFmLkdC$G-cdQG@ZvISWNF$53W8sMlWXLa1;I%rLy#vfxd)d3PNovNuBp<(lLDWkzJ6t;Jr>)9wL?oTU- z;xxAY{Pxg^r|2Pd0lg%70bWJ4AXygLbG@2I*fqK2X`H#}Y(>D>u-DI@?e~wAjxfU~ zmm&-XSNxp4m6KZ7oh2n6OH+;t^&ypu^}=sUbdn`{B0pHFx(3?1>oLv0R)KC$ZEst% z6y%ijwt9t`3cRVcrF!V#i$N&L$0p$p$>y$+QKD~dY)KWaGne; z%-FXMczX3$?G4Ekj9s@0VUZJXm`=3GqTxwc{oGIOpJsvrCVnrf795-7Yi>(AgsUuN zi#p8bhbe9ZUJm|g_#u~lY6XhCyBSh!K>3z6&@JpcvcA#I&tzIdA%)E2OwxK}pXP|p zW=%8N-1+2%jfj54>7?6huhbn8w7<`zWYQ(aahE!w+5DHX3hfuo=Qw8BYqP${8Dc>k zDQErze_)IQ%Hwvs5_EZ%1~?J@$l1AqV~21p-<6&cK$9QQ3@5;pK$$3 z1~NQTF~=T|CZ*&YR&@m`K5l(F8Ts?Z%Iz*@{6zI9Q4dgFgYhGTfu}yvn?cy0+)6Wo z*8Dcr2~Sb6@8o_C;POtTS}M^fbS zZAa=>BGzs!rKi~NT{MxAGlrOBZUl!X2T(7j1K{eka1Y3zWlrHk9|P=HF#+D29Jn$w zM}#c%mU%6!yYj|d>`WAd;o&Y-I-_*-4sjKnd%SbXufN9o9)GLlUZ#|0zR-cFBCkgU z%xP3B(9lY1m5Ylj(;8;I!Pe6P0IPAtkceh8>*ya12y^B;Z^c6j=(4wIH*KhYqvF@f zj2e?2Ni(!fGqeirYY!R-o)qd6ixXuC67w6I5n`G?&U_Q(weNuQ2l+jm|Q){fzRI z+}1ZL@r9k8Q@eM^yDd!xCMIW%-r*NbE{7-G=l;q0aQft>KVVKAzYPllq19O=KPJya2o906#BC5ih)7j%K3f9QZoaM)?iPa^G`y{I8}0%IRduwHSV01 zJcD$S`pscP|7X0&dmU_`4Xla1he<6|fOehV6EeTnRAiTT#5xC`?>3d%{#lO_ZmU`B zdo#__r6oF~pwk2A8|B~Iw@at3&RC&4gcX?U$imB;O8xl8EBw?Llf(137eEMx!eE-h z=RUIjnk2m#2zo(#RnMpgCNL2)h=FEufp3ch%!=8k_ck*Sq+M7wz??c%&(SMd$!C5P z(&sZLwn~pjvyVlN95e&PRKkD6JQ;9TsCvEMNU#v-hvkWw#IuVmFaX@YFAn3 zmFwbS{y+U1TY_EkWMaABzN^?_2X#V3!{a{5~YaG^u{@(Yo=*w|`6HsO^6-vTr z-sYkocn+qKj}SU=nD*06ccoqwO}~w~H0xF%q72}Gbp*y5K;1|vkz-1iRID{N*RI{4 z=#&u@GqVupN`b&xSicSA`rcD&d|X0E=_jj5%5nAb0)C1HVTmK(fHa+1Hf7*&1`Y1o zaXds|shMG?LC>8~1gqPUqx~P0cj~huicHcOptQp$YDUgfJ7_KNF;Owb?h8iEL2`Eb zy}_3~78ReLU59=YCQA(?C zlU15ObpnW?4vc$GU*#fn)U6T1^82ey)|hFxfVziL zy=x?>-a8wA9wX-ssE2r3q;K@6c5Z8crpX@rGib1{KUg*B7}xbuE$cn7;eOz*AC7V{ zRrqmK@h4icC;Q%tUhaEGzJA)a2Wf0ooB9dn#%%=$@2E@P>UYe5XF3nUPs;xdm5Q&< zWoAZEyWT1h)n{sRI+3T9LIL>T?cc>kOq{XP_Va9=NSH%1)YxX~GOBm4 z=aBeMu^pc;NsTe3r;1f-HArHIl7e|PId2bE%0jaJYe!2!$^MsP^tQDQ|2UuXs`kbL z495D_K2MF3CV|;eVsp|v&m2eQbX!qAW2<18!rr?Jh_NdqE0-!slDvysuv;XuK{JoO zPdUkXv;x=YCj+||Q0G#IeZ*^A~T^DScw8D2QUnCcZ=E>EaFs9_4$3ltM_^+j}dO(KV zvrB~gJ{j}9o1kOW2^pC77rUB}BLl;u;joK)*#3kz5~izYCgO2_F|U+6b%`y_eL~rB zqfmeM1(s})ph{s7D2m$pv(bSRPko3d%PD&8JNax~N~zzmgODFx%{$C}$PS&>l7$t< z`g_`aHH1bNJuuCfP`|G=0bIRYUxy;U=I=YGjvX=0@3TtM%`U;L4aKyBCHnNRue8+s z9rnkMcek>wJqAKk%#3$vtt=Q9#rsw6KWX+?BmV;-bd@jsG;9z`x&`$Yz^lU+>H!9( zh=_&%vdFi;dT*cE+!K-%%=z8_4Ac~%pFqCs9#}L<_p8kM!|25nK!?RknjkiAg>-&3 zoBhqxwx+h2{Pct$>%KLSmkh5iPVKxZsT3AfD#&Q|C?d39odJ&Ceu#%U%tAvQ`!Dv? zmD8A)ijX0^#)03PZ!e8ss=c9)DiVCG;lByDmZ{13(SNc}0}CISa^B_4-q0d@i7)E=QI7gkIm#Bze7Ej;fZ)Ae(;52eK&XX$~P#A zK(~#a^jX+Tbu8M4v(ndUco-*J0Viq#@n6&s!Jt_OMjZF4po`4cFi(C z4qrH3pXK#dq&?gzWCn&rp_{ZCam$TP9{4keeL?0v!{Cc*dK(DLutbLxm z7m}lJ1Ly0UJ_@{MFE(9c85`4`g5!a*|D;rxAp1nzJ`X-f_n2%~Q3-D>I4mK^P(^Bo z<(1jx@S-7I8a7Avcr85JMUIy?Ey@ zQxLy3=Z1J|y}#-ytSw zhN+?OW7>&!z2XVE3Ha^-1;fnO7YKNUIjHnSiz5)8Zc9!3HjW&QG8op&_5`(_ZWL__ zsXmv@dvd^NDD-ozHYL~^#OMY61nLI~!&yWnd!Ms3#cjD6_ljngzptV^ zzAj_)X`m3JXI5p$PcJ7K7ITur`V(@;n|aPfQ{x~ zvp=it^*dyH*Kmf_wf^f;W$d$(<1b_Dtx0=DrxMC?=Uz>bh(gbDJ*sq2EW)Q?`ieYx z^W$SvZeFnhPLFJ_2FGbwd-DEBug4j3I-(;o*wp?LU^J zF5T+8E}L{4@|OEPwth!(lW=WJZV|^T;7jJ5sN@m#Y7Y*{HsoVQGwcj6!krO!O<1?s zNxkj6p!H|DM}rNxnnvB>Ae)+9M##Xg5Z#}Zak+?YRe1n#+d4 z4VEskhhL!^(Mr9lZQdRGkLA8r?>ktXdeV7o=M*^&u<(6ug02}g-YQrl-EmB1-)8G^ zkLXeI$NGaBPiq9-o)Qpk&U)<^*X1BypK2JYOR4ySbno-FoaEk?o@2!GN_AFjkffRuTqvL)HB#foDBFv^FG^zu->slsz%4ck_r)AVfRjK0kL37Vz zbtzrh(dK$X*sl)-vD0^iSkRoN?8xjdJjB&=1b8BGd)sH#*75+6OE8OcT$Q z=m1IBb)m((*L<^{hj({N+pFzoAxYyruR8`;!O`2ng+|;x&jv zQr2gJV~Pr&^j>bv@3342Z#8X+bft2j#^OFuu}Gbeh72S_d6$|)Qk%H6Ed83m+NnX@ ztYxS{tU}B6M2mBUinC(`WuGt*Dgd;7EHw3!0TJTlNzQSD`$m>I>5g3QjWe?Y;T?qvV{ha;KBPjj)gHDF?DXzx%f2dRMfS{W8-he63y@VLIwDf^w_VA zQ*2qXF89YXc{@XQiSoFMXoHKr#qLF``k*-$(LHdRO!=<6{c0Li=rHc&^oe+_d&QkC z8Nq6PsS%$}E`(Q}m>$de5nQ@RI<8Sv<(r8)Ncyv>SHn^1xj|)*lv=XQq?7u(!JQO? z9dnhD= zR=6w)VD2?gg99zie-t*7p%oe7bVkm-u_-+F#Wzwx&hFqHfLgi`Ek(c8w=emG0|Blx zJC)yUP^|9awbx^&GQ-uxJi2=+Lc+Ub$ya^sJokz9nn2E-I9L$wN67;P?QkJo>uKu! zJXjiVc6W<9wK2anAKGL;*|RT#~s+`(C9arPglJ9%D$VoNl&C5uqa)KT4eHq~TvPoaP69DATimAI z`f(Oj9m-5V+jvwE*u(H>O*hdZ93&gHBBN~O&Z ziz{L<`$NiZBRi5GzCY(*M{{{y$3AH@FzsK+oXxlJ_vIUOOROAC=8;ZCMfI%ZFvDz* z*mLVLu7@P>rA!gExAxIXS=muoIb{pdgC4`c`=h;DsrL>jJGbxcs4^fK_T|}v5&`W~ z2;1`RnqA)JAXlMR;^U;$CU+)VFhQ0P#0%?ZkQ;@Yp{<#Zi0AS$eAE3^eKD6r^ESt` zFOI=KX4Wh#=2bvf7jwfhfM4(3WJdN$oP;CiAM(#2o^SHzYgE=7^N}ZM9I4c6o6~Wd z>g&_w^-xQj&9#1He0`0;B@ekAHyRB3y9y=u(0L-I3+uf|%BdrT;HB1lzfhP|qd!jGaER$dKv)63qhm)?sAc=D70c%ee7uVTzvdxq~ zd{c(n!6Sw*O(m*Su2_=ooHr>mo6`v>z}WHt%_R9Y?Dw?5RiB_!7*Bboop5aQSv~Jl zRJWp_vR94o#rjSwj2-1Np@IFvx$I453ha+Y?aok8m<@(=GH*Up;4+Rt8mJF3H-SPL zXkxJeGh?at00Db*l}%*E$0qJgzR46%zUk4G8EGG6R`k*%g8cy{7!_U);2`=5-E6vm zn!7obMV>+=6lYnVj!_qeGYKZ$ixdMi^i80EUCn%ilV@eqYG`#Gdwdgfqxu$YNDe43 z{$Z!p;2iGh#<0$Z_XfhTpi+|I`MG?&KNXtc*wx|-(>gl7-tn-H>jJyWUnlLVpAeQI z`t@*t7tT07JaoB|APinMjdWgQdf0A^atzlU8(8PD`o$C2s2;sE1EGT%%Y`rSM6PWn z=+`?mr2t+yzfJM3k=N%&eJS0%`AvUE4CvZ&*W(qJXbntgvP+Yh6lHGB1lc69r-b?1 z1uB1&;xTiVp*x3Ix8#M}R3XtPVV>8VKr1!*JcjIo`*4CE-Bt=*c%D$4P>9TA-Svnv zM$6N17FZW}X`|@d#pxzPezq{nF`HaUbJvPoCbYA6fU~6^osyb;$yW2679=Y2Gt`E< zYc`#RPgiZuGT)7OQvcxlamX?=1AE)}9o1~nCBnFGW{Z0^pWz&x|GAv!tq(2)Bxf$y z=&!hG9@Cd+0x>VULLUc3*$ zkWU7^th&mYXNJ#s?0{XIm?2*K^7Q32-b|Q(;PjdrFY1m*uikRxgp&=Ow1^dEPw|7D zDWN3k#0~Bb-0bl6o||Cj&=X?%hQl1AP!tF2VGsM+wR!Pp{lweil3cdx=CVs>qJb`t zox!G_qw*=g8EqPVkG3`e8doqQzM62l3WHj|C}7!bHj}2#Cvjt}uGQk1x~nr%`Y)NiaT940Dd}Ckrn-a-f43{eg|j z(OVDX7mym~FtnwX_0NQFxA%uY+OZ17h%)DJpl7-$_Prm>uR7dh(8bi!ycHE}Ftw zqg1g_87cUxr@2}x`?|D*Yj>*>nY_p!E0&JFW!4Su`Mz>1e_fJc&@r13 zfk73jl=;@#s88F#I-6n2b1-I)(gDj1$W_*QfsVb$yP4kjxC?XX<2NxTN=>Xn-=_J@ zu=8Q6y;RL1aw)T6#U)Z}o-`Yh%VqGeI-eQJbCG=&vz_Z7;$3ztwEnR#lez?TcC13? z+;iooV@z^b0~gMorx}m&oLq?;;bF>cvRsA(D>^^-EVPV0d?+1s6O^11 z#&HfIA`MFP>0NgcKLWlOa%;qM4pYA+!HKiRPRX#c7j%TXD!c8}+ti zuAaA4cXr$*iFVe15OFqw#k6rA(6gJ=#pj`z*2G8~T7c4YsD6_rIyxbrkYqQ4=32y} z8t>ra3BWI8RdGn4rf72>j`M%HOq15tE$-9lVD^x6BI9yS-e$DS&TnJ>#3%wMs$(;f z!JV$7T&8rI%}$0>6G9Al=x9uwJ1%aS?H9p1)*Dh^X-%1*4yvVI-+J>tEgSz&VfVhS zPls|xcKDO3(F;-GMlzm*b?aj(_jXp+MXvVV;V^Ru=RwX#&F6IY-wQ~F5YB(_Oj{E> zM|yziaFTsv6Normyk0|V^?e@Or=}e=ugy2>x%si6#i{a5&TuX0l=#*)Mc#!ii~Lrw z5BWF#B5SYSjMScYp1E-i*WMY*+|RN~(k)ax;L)iT>s+eTK}qv%{*hTk#;)48ptDOz zbp>5e%L0j8-wqxA=bPTw{*vx*eSClV|Gk3!|4547KV$OGAOHWOC;soVZ;inJ&ik)* z@V_JRza#Pg>3w(@y7Sh1Kv;g&H$N<^+C5R`EWFe=YByg6iC$4* z?6>MD=~Pby7^@}#ef%(r7-{c(LF)~T;9Y4YQ}n}{KV^D(jn#S4 zmv+%R0q#L=o>JV&synEcPNXz`R(H97E_60KDzxgJmnImbC5y^3J~0xc#tSOfG6)S8 z&Leq$E(GHS0mBFd*fGQz#Pp%*f4J3K7b9H~d1;y?eV{n?2VmMXA+oxSH(mU~Ze~wr zu1J{HjD0$zvKSvMEHbBU2$MX+c!?Tuhuh7rHYDHxz5lyfbbB(#TQ$vk^zZ3NLoC zefyIVuBGWrP_aP>RU9UyBMHv@nOWxcOGP7cW=k_YTPCBJ7(4!m0T`8Z#9-qCkzZeTQCR ztj>g~KQkHt1URK@mmUe~uPaS<=*KGaA0N#A$0~>MnLNrDu6Cm%Tk2al;wc7CQn~|=Fag-cUQAkrWlwWG46VU2}bznf8{zt}^n9(h)_ejVo+vgk?{r(c1*9kRdwyFF^T$pgF~ zoNiyYSkuAC2Iag%44~(x0_rphWgnwju)$uN8}9`HjJs>WSdYZ)HD#i~O8ihit$M^p zW{Y7R6Fwb)u=0V3AF$(9W|OUnn6xWM8|qiY#t-FrktWl)A$0YQgtypShjw; z`}=lqY9;OQ6K|ZeeB*>CnKAhB$FG%Qy|n{e78}#i+5V&MkqO&0mLL&F7Hcl$d4o4D z$bPfimWa3uhcADws}#l!X9N3Y`q7I81bT;-O>t-;Lc>!qkl8qRzvh9OwLuIHtwCvu z&1ood786su+76DztC2K(9U0EWS@;|gjLadOl8a&r(y{kp+IvI|gOQ{BUTF-$%Z4FZ zCgRkPbEUU5tI|hfR-s3y6h{j#nkIHLZJTCSSiMYpX3vVWS?f1R+Eshol%UlN_12V3 z!R%X%yicg9rXqY-(|8v(hC>V~oprYV^=w5?M2=WJzj8hXEPMDav~^GDSBcrogVFRo z%?9yHb-j1vVmiEexc&3E%3JoezMyAl?ZwQ5^ZN$9LGPL$@zv~ zitwVn>aY(S@Ns5{j(B@PV^u=)<`3!0SPoTwj9k3LC02+8A}{Nk*K%ANlkW>AyVnJ* zm>H)Q$J7-oQXCFTnr|?WZmG!MKU3egJEL-d>-qbWhre#M#dWvWEm?^srWMvkg5VQ~ zQWjAble*v@m~!f=pgkPPnM##LCftqb(z%6+U7^$!h>2eK;+wW+JY-*>%zb%GzE$!; zr_7u`l+?U{`{SkRyy>w5=y#yU-oRQL`%nso+Am!Z!W{-P8}X4p0BvBLY@lg2Mw3^@ z=$~p+11oqlQw(Q>ZL;6Mw^@$-ycLrBd&4k;pAtB@F(yi0Ee)dN@MFqy-ubvofdRt) zaP8sQ6VGzp&@jg%EEoM>5AjYF;47ZDC&8p`S^j$^oPI9H%<)teu5bSe#5zqXQ^5xe_m9+=jLE}Jvgs1CnfbRy=myI74Ho- zi4%DYZN5__w0p;n`mquhf~sTxxG~#D6l-JDcwaBBmHJ}EG`KEI^O#8L9!n+VVO8zE zP>t3Of?5gx8ViVsAOOBul5t?x`k|SZPPO*lSyZMT$yLq5+Pog{ zo&KAaV{vOT60jPhuU9EZsGwvR_{v-KyYv#f(rEAn%Z9w<+8c6pk-?=NgB8C`pJpq1 ztGZmP%ygS%eqAvQR6gl~bXn>y%KBu3k>|A+z<+H#Nr01a(vFDD@} zTY%yRdW~(|cXe>5SGXs*NrXDb;LLF`Xci~T&Cz4p&h}ODO2Ln69}5Wm<@srMb%W@T zxt(OuPiV~xUWos?uG~nO$l6afxFC_h3AhT4p<%?5`5fGJ2Lx93(j9+-; z`W)?+o7cQuwlj292>8o+|5j3{(&1eOllNQRJ<1KjDU6wzOVmEPa~U_4re0CjE##3S zPB3sGu~qY@aU`uV7NBpdk-9ffKKm8-uQ*cV5%hNv<1+b+4~vh!g|+SpICO{v2p}Im zewEV9FfCdz2ZU|o_-)lI zOq_q@bC%c zI4B*PdX~^qc!}3Otr$3l8!3tEj`-@Y-CTaLccqR=mVCml-+?u4A-G5YUlLlnp#f55APlB2*+khGY!j+@IvyWgGYJ83~uWixMPMd=zwo|LT#snk4X^`P{VO)LFKEoym= z)c~x%74v(ePr{=fiiD_v_DWDl+wsj7`NP79{M05bl3GkXgXDPM5$z&j;@4_+U*L0{ z`FPD#?{qDl&%z|R$)HEIsFJ@feOeY!F8}AJ?~C&<2TS1Z-XH#-xZnSIpXL)pT*U^q ztP6q4FZa}rz+p0w4_>L-q`%nD0CY~_-QtUjhQW)cfYGLWOm@FcLGMG*mWVeehU1L-^_oBG0BVCPTps-(3pnCpjGus7)1pQF z)ZU)+79duoNE!onh<`fld@N=u{e*GXu#%m(+L_TEWLco5)G!~@hA&;PYqAdRG8OTI zO(;E-&#M1#MYJ|R#yTAzyUHyN{TRC`@1Uyz_W_&nvMqZwOI$bg- z^VA;GLi1H-t8c5EodnS^=|M!~?hT;y@(MgAQ~-QHe-Qbeqw=sLvO$o%Jt4nt{?dNH z+9thpB!Tg@8lZ!N6ibB{gBQghkF5@gP*3gcTObF(R}tr(CvlSmXymY<1~}RqO*0%obEw{s@xvNvG*dg7N-yxnF4mo^r>CUe+=;Om3y zlJbSEcK&8FU3~fgvYePTv-EG|`eeOTM4NKZl3(vNn6E_r+@1geB+f$K#uO8PLB?W7 zFNnzi4zGXE4s4z|wlEu|ArDTHll4?nNzdQ{a%XuB?fus3?PoLgnp~_`*zy_<+L&WM zX;of`0-QV5xO2S~fPdnlM&A>jP)NdR2jCuw-wY(q9-DZF;OF>v?Cd=QzgzFc#+LIX@gSGt|rt@a>o@C05|Q zrhfwO7ZIUp(@8j87&=CNkEo-3%A z&+nobx*w(+;GvtrnZfN{ixk|I;Dsqp;)O)A0Ll;EvbJQWkXALs8y_T3Z@FS3rJSGs z*Fq9;1s?}i(j@QC);!mLjFzh3XK-)ILU=FXGqt=g4UhVRm-`+BZLR7;Hk3Nyx3#Sh zCaA#SeeyY6UzCIGiIxQlmJXZ~#drR3fRQuYp+%aaKD|;k;aUG2lL(yimAd_%#qK{4 zu<3&Q`CzpObxFES+&?At86f3XWd=BHRqwS7(`|rlgRPY51TV#APn~+_h=LtSl3a`w8+W1;6|e+nL4v=Ez~e>#0U>nmhzKpM!^coZ9&J z+yG4=GP$)>{J3@b)?pckZ}%G3A&TxJrG!V98$Qi9mNmSOCT#fv5BGHf_K*1GeOBhT z!~<{=hVReMY65Bc>CbrM-65)y_E%1%KY1;zUrgP}Ew$D#wiMWZ`m;~}4jFqOrC6!h zQo|r75-@et%0<4cK0;*I*b5z&;32DA9?;`~B4;j=wG=f^twzfkD4uNn;uJP?&obebI zV-MgEV0BkqR6F8~ag*s#H@=sP9v#G4!XD^i?Bq^eW>au?g3($(aWHw`h}Cb39yxM+ ze`{*GuOmz=h(uS!B8$%Xd=Z|>#-GiJd;Du%6M;&i;CRdqoj<&w)$e&TQ_;2$iXMDM zq9m&FvyN33%Zo%*==a*pRqOm$EzyU*Z>8BY zjdsyT0QmGfZnW#wSF0F?-58bu()f$Yh8Z5(8w)sTtuj^QK02(Tq=ly&cWDG6JALG$ zYX{zd$x(>glk>)_Dq?aR+B?Xr*LHTcS?*?2{asFc_&tv^8{GWPcG&zzb(2~iaQOL4 zqK?BL)T^&Dys(^92Tqn~XRgLP^q6tqj5mI6!EYBso;vFM10ONkk{Krz6u&oy^6w~V z(t%)n!_uqp(&fhJ7GJ$FO!Wy=;FHArmkz|0hpV>jZZ|s1YsZY(*P}dIXgKd;IXsx@ zY2<3?cb&!8iVc^vubq2r{3!YqXoGc1KUVD3^X)_KGb1GpnxlmyFX+ccY&@zIaW0~_ zl^efPuz8{nEo2z>5Sue?$pX>o^qFAaU9&p)khLA{3#D>_2gzMC5Lg3pX273=@SRF_ zhJBWhGSn^9QwmH^umeTh9nvw{*yZ#bA70meFw)I9%6GJ6*;bAJAl?*^L@8$ZY%WJo z9PjJOk@4kvZyG7CM`?55a_$i7`eyDiD%apPqs{v| zWQYe|h9sc^--N2K1!2zo?5|(ryK(A5PF}nz#mtnRx5ut%!HgzHfJ5Fg*x(>Ymyskr z^2~8;yuB-$Q|*-@OS?;I>1~+&HZ|NsiB-neU|RhgH^#E0v-niW7&O={T@f5~8<-j4 z{i6a{u-j&o2gVaP94a>k!@7@(!^c}K3x91v?Z6h)Cp$kb?*S z=ii5o!-q`~m2}qBA$*r@L*e#=+-NJTdra6hNdG^j$AnGX8Hxo~M+W^Q0RXViI+uYZe|@Qdr|wkH!rLyx%Y4e@xbIxyv7Bv?5{({xBc3+1rxYsRRCG;r4DL zh%^|q?HZ~1-(>Ee$oIjt^96dr^(U?U2B!krIVW4j44vy5@b)cDsuUX?jE&MTL8B|dqAGB>2{4fg!H>A{ut^-O!_I=S@p2QPZXeHpMf zj2FMOgy>muu;%J<82GZnc{3T<78h$WPkocjx*w2hEbnbX3x zc;X)ODcV&(8DV4BJ&$Wfd?6g%snm2In(r~aOlJ!BcA_FF@(~i@?9Obsk^VGfM!VZ6 zx3=bsdDIwU92;-sIuw%j@fRjlkW~Bo`vP^)l>-@oLCGPnQsm?gYKhf(vad!;+HSGO zl#>IWy}0ArVxFpP_JfmPRc7SL2k3yku=(j?aN=})hE<^n&M@1*DAe=s_7fRdso_6q z)cMX+@$3Gn5;hpTCudvSs!>uXvHe*{;mA-#_2-V;5-*&Bk`QY3CK2 zLCv>qObq9O|JL-A56b@Lu%S28`qzK9a@0P+WU$Zi_K9a#Vxc?V^=p^k*xlQqb+Dl& zd43N9u#K4S%rO;v)G3ju^AuCj^kAzqm~B;TS47GFTv1nZPbvMgo}eh2a6j?!Ji?%H*5M#<|m z%B6Y-Bh8AF*M4pvTO19Y4&PUd1YBl%D$$504bOm#&xGX1Xqg))Rhk&Fx%^|DT7h1}1pT`TX&BVmp<~;FK@c z(-*W(CrXr@2zq5HS$g(a4jA_SMS`sgzt(G!6B6IOe%$BROi9x838q}Z?Hg-uJ1Upj zs7{h<-rRBrqK3|6^fjfz0 zY=k;Wk>+RytMA!tp3;-XZkr~wQy9`J>Vl5Z?uo|wYFN2~$HD6UbPLtkB;?T)rIZ~@ zDVGFGuirQJwq_a-0?+nW^u_0ZDe#ZDo+_t()|!n?HTGvSA^B|LUoz1y2Jd3p?*9o2 zlH>ABVJEUKy}m&n(tZ;(%zv5ORFFU)f2b~W9}q@U*?r^Oss9VaN!ApA^4<-ytJ5yL zp+4&iY&5eL{DJoLI>>lTKx{bDiAsq(uoES(WO@sn^uNq6R?e^UxsnzL<9`PB6;&xS-K)Az+ zcA}z3!&iGJ&*1KjbpUu9L^|4mTf@St*>GmDrTkvrdw;qHotM3cN^hdZ4ZW>x3dNp^ zpGzlbpCv^p)+pxgTQ^dPVcIHA0SZj9y#0etGYWTc8^MUs#w~wKMkdV3%849`0T&^}tDSuEwS)o&tFvU- zL=`7XbZ14u@4OWNb}|=ud^1E)BB0V`>ivb-(}m8D1trCAoqTzDudtxWu(27vdu+Vo znDQ_%`=P`=7LKnQAl7TPZZonHOpI>2{}@uAt>Cli`FBVE2Ip4Rhl!Dg8n5R*mHn(pz$p&#TAKUx(V_SBjz_AGr+}&F$+rFuTr<;cHQ2?;_**Cfcwl0px9cnUxZh^JI`@%Uj<-nQKw+f$HQlZwjQs%W;;)s-o zJ%eT`^BsCp`JpY|j@!LAvh%bRG0-W1aZpvPUWIHh7WSU8 z9pm5sjGr5z-K~IAim6@QL+2_rk;hoJEuH&^yKqj9AP3xQco@Lymn?+YfXL>NB^s~; zI`k(hIR|VCckw+QgHIKjsBFCjCtL`U7&z}r|X}hz@LJ@{y%?u(Qt%MV}u7K z^7Pnwug5bT5_99hDbuJ=L4Z0Vk56;SLgbgfP6FV&W4+YRgF1A}0rBv``dQJ7JYYr6 zh}|HNzA)l<-ZP*#h+b#(956k-#M|rcOz?GecBukFo2WSe?8Gy&m;N~mJif}jnK=*B#y$HZY`cl#~OAipkTbLDZ6FHqGNsv@X zda>LFNdE!$K>VY#(3*mnw6vhA{KsexoTOth@xdk2BXrlJPz!+qNA>A_?u*-}O1j7OKx49x7 zW9aa&ANFw};1laH;9fWinu z8MOxtR>ZeaO(zn3L3|Sfq%Wt9iJ1y=dTi^b4+IH}G86g86aZusOYal7hmEm-mSpat z^?wa@IS@Ih%Y^f}*7LWv2INy78{DXvTKPm8pPJy0!vCZ@;^6#=c%)wk;?jOYSc6Xw znN|m%_}e8HkZ1{iCiSb^x4z*~is)kvk`90+%IlFMP+o8nAGJq>;rdw)rAi1A$4+%` z5c3tc60XSGxvaP z(GJQ~{az&D-0Fp@p+*NL>F2EJxS$$metUpHIDM|BDY}B{DL&1~4#&8_E1sDnn z{FXCqeFM<6t|VgVH$ZrvWzC!_HZxzvIs5oS5yoe6{%a@=PJlAs$eFjg^0YMBg^j#C z#zBLysEnM%>-3$J<2`_wbgg_2{PGcHKAY#8pW|Fi3rt1NkwULtb6H<&UemF)nukkW zY;Pi`T;UTkyDsPgxZs^1_NmV!xyeVq6M8?<44fh^l@tq7E6L>~4T)b}!c`rZ#w=e# z%Dl~Q5*}E_+fa0(SI(kWJGA+1&Xr8b-Q&qXE$CT0Ddf%{NXVl&t6!v0I~*58FaBq$ zr~_>by~SNN+TU>E;3Ss~8p=kc4QwKvBA{Kz*~o1CtfIB}LZ&H!vPc z%UevTr#sR=m7-(x2+`eVRN#MJ^i;vbheXcOjJ|o&$Du$hIB+YkM>d_HU$PyncA)cL zg2kcYWT!6kg-GU^%N7M6xg}u1{>5GKsx#}UC z9>^u?XemC>$QG3*vt5@A(;uQ0In)F+yhrzcgM?ugI-tK7Jzj=*-oL&6g;{hS6%4dI z5xP{qL8Paa8kJ99>~RFwpU(@vj`?gSq4{g@9(|226h)|S!CY)9G6f2ckNunoXZ4aW~eQ-1Qn0gva7N% zBrGBnos(KDOzHcVc-Xa-Na{3h?&kz>$}`4ZjDEMiV6eS1^kffS^k3uHB6+KRrI1_w z*d9~@9XN*gsqWZ?*7J!E>?_!|0#4z>lSAf!!PV)p#;M1xa*D_ycl zcY#lLo~8|LZ?-7wno>z?wXBM`!h%I0P3Fc)K$!;EeN#PuQm(NaZRPSy|1t&Z7maVr z_Vh36Nf!grFV7!6WwwTx^cI2#RA9;Ewx@>2E6Aut%@3r?lfDYkah6_eIBgVR^a!cy zPr#OMKI|8D;yjyc0HAUp@wjZgiImXroUet13|tDaNGKsPhx7Wy*>whPUj>h0ETxc~R&{n#F$ zo1AL7WG_z$kWFUG!KSZ+2EKzv0^En1I{9#XsP=d)jJ~mwJ|lvUZwM%Ay(jSwP^hc>P$E7RZ#9- z+GiByJ7qgI_;itTFK${U-3D2IvPhc4J38_Oz6`lPe60w16bp*LC%AB04bJ;9D53_)9a z6qB!BEf8>su5!`!tr9UxyV0McRMD-ZE5f?6b2K$LB5rIVlK zI$0Qzov-0iBSfi{?`(CBDeoR>9)+T=#$VKf2!eR(y$F5Kqoz%`o@m4j5Ct&$VL)Qo5Fyx=UM)z zoNNPyueeBJ!zxPH+n#PL-4Dcj2(8Gt#1eiRU#1RwKEuNWMmFx)MU?{Jpco;=U@v;27PV`*BieQ!*h%JBq^9I&eft^c+=D0~zJ5?vGtypnx%iz;) z&X1}3h%IowuR3&$xyn=H`F*oxR>DF`bf1>(llrMpF7E)Z%}Uog8nz$9h;_m2-k-y< zNiReT-d=6H?dR6nN^4-zaUU770JUXV>csdB4yihTKmxQRN*|qgUi3Yt@;2Htmp{q+ z2fJ8uqV5&F0LhGS4y6KKD5B}Cj8esiu@LD?Ehkxhlkqv(u6nfdLi|au*X2HnjY(pC zNGTZP#1|4EmsL;qY#(sFw&9K2h5Y;&?GueOf7*QHMO>s)Kh*iegKr_1J#4pvZRf@> z!+-Q0f}Pr;-5E1KunrTy1iI?-H% zf^V>-!$4Q5q%T~`y+PPyf9S8w(fYkYk*OsD$q@mT-=l~<4KI?%Z!{-Jn=73ex_*PO zv5)XWT=;GNKj%Q_K>1PME&C-$<%k2LaBw&j>{0sZzgom6lgR4G*Tk2MOXp&S5rmv-2N=2l<1se%RY1I(6Kp zm|iL=`QJ;v9@whfT!8mUVN&LADiS+@fw zjxy%@B>St*@`Y)|1H>BB>-okU|?jN z=>r@BTCSy^r`Y&f;UV&RlJ!`T@2|5z8hve^(`4G7cWGEm>k>r98gfO>*5uPq#mF00 z?#+uP*|mhu5O>F$d^b(hN`!?SHHav!M@X^4T(w!Xr|R=O(r;ghXU}NzFEkCr(6nHt zC#70csPTZBmZ2z@%Un_!siB=|^FGsj6`63QPC0mV@3SDd0jyK3n{)xExl(kyP{)>YAV2Iy-8}21s(% zjDqofelI)tYlq?xR@JlaBF+tLLC%$*@ZRdT@!(Qrf>{%*gEY@IeX@Onkoplropaje zLK~j0TE!I=O-ye+{qFED$393OB=ynL>}RsT$!E3GcBL>_?`?~>&1g_Y-x~zE+Z&{D zR?72M8w*RH8w-y&;1u0|-dt1u;8M-rlFUOvTX>0x#E3|y18(~B zKis}x?PcbD`MNm@_8K}PE}V@F+RB&Y$P!B+4b$&DPLtr^PKgJYA&CCM{eIH{!_q`0 zgZTrLBtv-rGqRC|Ad<2^4tZug_Jxiw9hA&CRe@kIgsIJbV<8?gUDa8ZAv%%vaj?*l z88xZ;mO51(gGXb9m(y=_q88GiyqG;NkF!>%9M1y)P$}YDd z7^%zw8n<=!TNfYO<5snc&}+u^XQRx;{^Le-%S^t9XodG!4@64V&uCr!Zt~ZH=oja| z3lMXZbRtr`cQw=XJrC;qBln~|aSzy^Pj8QW17%l9jw~AKcGgShY*trUmG1z|VcDpt z)(}$5M6u=~3J$_M!!eqmLuLh1z2U@cHrBQnel(X(F9k{0vsS^tRR$020UB7_x zA^W(Empj~j>!cw;t=0?o&uDK-*3#Rvew?wlF7E!CT=^0?3~e%gyuH;s+zek!uOCtg z3_cCRt)+`^Ytcr>&m8~#&K)pjueOuNts9J3)MLf;k0SOJm zRZ6{Nv7X@K!%7Tp&^jAGt?UPW3Ob&e`j!{Aumm2Dg6f=Iqd)ajmNps=1!T1t8Euy9 z1RcyavBLHq!QG8XP;^#xKAs1m?t{(;_nms=KzZof@9<38;|m`XwYOEr4hf06n#P2F zw}QLq*47uC|1PBsh#}>|i)H@yC>sPhP1o^TNy#t1{v&~WsYl`)5NIn7Lt?%*VfqzE)W257|vzPSy zr4QregbrvkBjY49D&gmE;q*k%5ZgD_QN3@fRdJnaO0VlB3|fL`N>zfFgwvI333f?^ zvKm%)|N1Tdlr`Ni{bXCMDfDT)YDO?MC)GTKjGx`T!}yD)1kU!sr8Su%U?|&pSVOBm zc_n4CNT1*Yy5jkJyI*=bZyRfVu9Mz1bg!#ft>lFrKBOS90E5@6E0|8mzF*bul^ERo z$o`3+rIqR(?)(A7g_`!;M3@s}*k5u4l`d|hf$!ZJqS)*|8~bQwQx2p!Y&n$KQg-*; zH-R#A81iikp4VGuHPp|SKYFOT-SWH}UvMTSQ|d(MWTnE7zn~yf?sb%5>bwr(5#dwv zc5s(NR3`-K%gMkL2l1snVN{xZ`62S|oxLKRp&C{&Q6jM9DYx9uNr7D-tJ!CXC<(+6 z3?-=vo*Q&Ym#NUjXXC*=(COTltp56$%7di!o_8W?z~uIf9} zw3GIh`bKaBXt{9scg8zKkEbm?ju_~m%9^5YYDj}WvGn~)P^KPHwx_u|p`k)l0oU;p zc3}9DL|BM-Lew{mLFgXY`&hpnGZh4(iiPxdcFpZ{cc zTl+KRv+G7xrc|ql+GKP0n9qc8aR9iq7;{SP@wioN^PtSOxr6fBV&5dK?CRu|(xI^8 zc7u5D+jI3%Lo->7Dd~vZ2l=WQ=}3pkE020{9!j_j=sVF8)5(+_ttjE`PI$8-eqw*H z8D8Rjo%teU*OGS9fyIm5SBlFYw%y0ZJ{BplI|RuXq~c6Bxfc`$G}{j_U-PK?Nwo-MQ^ zmd4WpX`MaKXI6e^^7I~G_etu=zh<=tZ`A7 ztt<76CD#af<)R?cmd~BF;}iD|9|?7N>s_P4XIGstTWEP*VrCFeG$5_`33sSb&66^4 zt8$bjx& za_#I&x_CkcI)A_jBZiu**poOiJU(e-4w8=AbF;E}yDw9ZvPX4Q=Oj)pbaBB& zIIJ%x?vt~b-qvU4W4M*FMNx7rvj3ko84GTn!@IP;3RQG`IGtTn)YkEp&uwfa9zhOC zmqo{aB6~|DuQMC_oVy+##bsv9H5;H%6utOMwjZt<#+hh*S=}Umo!^G#&5P7I!;W~! zcSUz8&NGTK8$NC$Yr@6DFK=BefYH($T5OK|^YZGXP#g2FUJMFXoG2tJxRow*Cm*5PI>kT;?xWlq2IoUqlpbUw`OAz}otfTpm z)RV!RUqA~|9kgkpF}kPWTR2HTopm8sJEQzG!cw!wxKikIy~^TH$7kFN_ry>4D^*rD zrs=IGj=tD2L$LCiRZGW2YiDo=U>T*{Es}u(stDKlVtSnslA`&}9Wimw8tYWhdPpJ6 zq*h|y)5tiM^yDY2D~y~?+d`*cM@Qg^#`$uYCI%8L(Nyo*=|+#)K-)CjkECO#LV_2A z5hQ#+j(T{+HhlynIw%r;1Wl=_X4Z6WW>it9x=z#3r9IXM5SR7Fmnbss4Go>>CYop% zb61n%Ls(Qe$$i@YpT2u8EwZ4GcU!h%^N|GnJ9Vqr?SJzY(rYr7AnQm_MT7?HnFUeH z09d95McS(ZrNGCw4f@*a7mIH>S@NwfKT!)%Jtud#JAKk43nq97wnD5S`i2?nGlfLWp_7@&+%R+C zqvVbbPP`F@GH;eBkv_DiyYmJ3`TSYMxe$*-jj_wxd28QLpM$t|yOv*YwTJZ5ml~JC zW{xxXyq^ALwB3E296qFNOK_LE^EhC1*PwLT=ak+9X`h=t8Ma$Gd*1b@BmDznIqN1q z4uLMyOP98N#LYr$o3#$FdD-5mb~(Nit$>_mzQBuR-g|))f*6QsQ zqVp?Kqdy6J|7ox~_dL6EtNf-wK)csDJqSE#Ek>cl<;aBzbayu=?)*xvDUCZ)c;EgG zm54XRSwEEx-lC_l)-L&?pM0!k#*Iig^f>8lexf!P6x$Q43RPmJixT2F@BaptdaJ*7)93LugxYtl{A}inf|? zz@n$4%P0tjH(A@|C)~`=P_Qz-Df+j_C6judUCGV8r|=5>b05VIlE zJszr5LLpW&4OkUk`&Js3nmdUN;Rv&G!degRB{d08lSA~^uG5w*qEK!Qv)sc>Bq%4M zNu=l!O|9Q^St$nS5FZF4c;c%Zqn8L@NP&BgNgZ zJK8<6$~L`=jEe?ayfy`w>@Q=cCj?ESQs+Zz)u7K#8#0 zKAiC%uW?*W-sRge1G7&LtP&ZXH!3AG*Wp!Gp&r2cDcZ6o>25qZ&h*C3VizF(&%WsG5gSXFLaQQ;fY-7Zi~OpHpnTy zcv-j959|vn1(kXw1%G4u$S^N3jXYg+jSAvZaXEdIMg$##zQt9Kf#5Ue?W)%eT--^) zcv^pr$s+gE&q`I4))92vKaF=o5D(U`HXt{tBz-NPi2fQ2D(!p&Re7YE#*39kVgS!U zzK-XDgURapO84;C8Q`CMW!+lJe0-CC>uANTv8bNaDuLA#X)M+aWQUN+#LjI74qMq0 zRL9%KKZf!S@h2-_GjlNO%QT)hL#p<-tz%h8I$+Szpm(ifE)k1PCVtk9`DN9&$}7#dVJx(DNlm` z)sFaI!T&YSpN{muPVv7n^S_zmR}1`aDE!}{kczco-2am^&9`Sb8|$&I*1OAU=O3y%x};c)unc+-7eZPnMXomA&(%GIME|MPPWU#qC^xgENQ0oJ z#mWdFWgvCVc0V_A0b?yMD4_n7`Vn$q3j#?mC<&!(EKI|ibQj!Yu;-pNFLPQ7wQ9B> ziSHq*vnai}p4;~SX}_N)lMOdH{UlMY4fsJArhc{867k8Gb;SEB^T Date: Tue, 25 Jun 2024 12:57:56 -0400 Subject: [PATCH 06/18] Changes to device encryption --- .../data-protection/bitlocker/index.md | 5 +++-- .../data-protection/bitlocker/preboot-recovery-screen.md | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/windows/security/operating-system-security/data-protection/bitlocker/index.md b/windows/security/operating-system-security/data-protection/bitlocker/index.md index e9e9e7bdb7..8279aa6322 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/index.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/index.md @@ -85,10 +85,11 @@ BitLocker has the following requirements: ## Device encryption -*Device encryption* is a Windows feature that provides a simple way for some devices to enable BitLocker encryption automatically. Device encryption is available on all Windows versions, and it requires a device to meet either [Modern Standby][WIN-3] or HSTI security requirements. Device encryption can't have externally accessible ports that allow DMA access. +*Device encryption* is a Windows feature that provides a simple way for some devices to enable BitLocker encryption automatically. Device encryption is available on all Windows versions, and it requires a device to meet either [Modern Standby][WIN-3] or HSTI security requirements. Device encryption can't have externally accessible ports that allow DMA access. Device encryption encrypts only the OS drive and fixed drives, it doesn't encrypt external/USB drives. > [!IMPORTANT] -> Device encryption encrypts only the OS drive and fixed drives, it doesn't encrypt external/USB drives. +> Starting in Windows 11, version 24H2, the prerequisites of DMA and HSTI/Modern Standby are removed. As a result, more devices are eligible for device encryption. +> For more information, see [BitLocker drive encryption in Windows 11 for OEMs](/windows-hardware/design/device-experiences/oem-bitlocker). Unlike a standard BitLocker implementation, device encryption is enabled automatically so that the device is always protected. When a clean installation of Windows is completed and the out-of-box experience is finished, the device is prepared for first use. As part of this preparation, device encryption is initialized on the OS drive and fixed data drives on the computer with a clear key that is the equivalent of standard BitLocker suspended state. In this state, the drive is shown with a warning icon in Windows Explorer. The yellow warning icon is removed after the TPM protector is created and the recovery key is backed up. diff --git a/windows/security/operating-system-security/data-protection/bitlocker/preboot-recovery-screen.md b/windows/security/operating-system-security/data-protection/bitlocker/preboot-recovery-screen.md index 19322dea8b..30c8682448 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/preboot-recovery-screen.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/preboot-recovery-screen.md @@ -103,7 +103,7 @@ There are rules governing which hint is shown during the recovery (in the order :::row-end::: :::row::: :::column span="2"::: - Starting in Windows 11, version 24H2, the BitLocker preboot recovery screen includes the Microsoft account hint if the recovery password is saved to a Microsoft account. + Starting in Windows 11, version 24H2, the BitLocker preboot recovery screen includes the Microsoft account (MSA) hint, if the recovery password is saved to a MSA. This hint helps the user to understand which MSA account was used to store recovery key information. :::column-end::: :::column span="2"::: :::image type="content" source="images/bitlocker-recovery-screen-msa-backup-24h2.png" alt-text="Screenshot of the BitLocker recovery screen showing a Microsoft account hint where the BitLocker recovery key was saved." lightbox="images/bitlocker-recovery-screen-msa-backup-24h2.png" border="false"::: From 3caf2b137afc8be1615b51296263eb67aa356168 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Tue, 25 Jun 2024 13:01:21 -0400 Subject: [PATCH 07/18] fixed typo --- .../data-protection/bitlocker/preboot-recovery-screen.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/operating-system-security/data-protection/bitlocker/preboot-recovery-screen.md b/windows/security/operating-system-security/data-protection/bitlocker/preboot-recovery-screen.md index 30c8682448..d6543ba40d 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/preboot-recovery-screen.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/preboot-recovery-screen.md @@ -103,7 +103,7 @@ There are rules governing which hint is shown during the recovery (in the order :::row-end::: :::row::: :::column span="2"::: - Starting in Windows 11, version 24H2, the BitLocker preboot recovery screen includes the Microsoft account (MSA) hint, if the recovery password is saved to a MSA. This hint helps the user to understand which MSA account was used to store recovery key information. + Starting in Windows 11, version 24H2, the BitLocker preboot recovery screen includes the Microsoft account (MSA) hint, if the recovery password is saved to an MSA. This hint helps the user to understand which MSA account was used to store recovery key information. :::column-end::: :::column span="2"::: :::image type="content" source="images/bitlocker-recovery-screen-msa-backup-24h2.png" alt-text="Screenshot of the BitLocker recovery screen showing a Microsoft account hint where the BitLocker recovery key was saved." lightbox="images/bitlocker-recovery-screen-msa-backup-24h2.png" border="false"::: From 41a9d197133c240dbb9ed24898ffed1483c7bee1 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Tue, 25 Jun 2024 13:09:40 -0400 Subject: [PATCH 08/18] removed duplicated paragraph --- .../data-protection/bitlocker/preboot-recovery-screen.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/operating-system-security/data-protection/bitlocker/preboot-recovery-screen.md b/windows/security/operating-system-security/data-protection/bitlocker/preboot-recovery-screen.md index d6543ba40d..f3bf57adf0 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/preboot-recovery-screen.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/preboot-recovery-screen.md @@ -95,7 +95,6 @@ There are rules governing which hint is shown during the recovery (in the order **Result:** the hints for the custom URL and the Microsoft account (**https://aka.ms/myrecoverykey**) are displayed. - Starting in Windows 11, version 24H2, the BitLocker preboot recovery screen includes the Microsoft account hint if the recovery password is saved to a Microsoft account. :::column-end::: :::column span="2"::: :::image type="content" source="images/preboot-recovery-custom-url-single-backup.png" alt-text="Screenshot of the BitLocker recovery screen showing a custom URL and the hint where the BitLocker recovery key was saved." lightbox="images/preboot-recovery-custom-url-single-backup.png" border="false"::: From 557ca67626f9ad401b22011f4c55bd35c28ffdab Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Tue, 25 Jun 2024 13:18:00 -0400 Subject: [PATCH 09/18] updates --- .../data-protection/bitlocker/index.md | 2 +- .../data-protection/bitlocker/preboot-recovery-screen.md | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/operating-system-security/data-protection/bitlocker/index.md b/windows/security/operating-system-security/data-protection/bitlocker/index.md index 8279aa6322..69d9822b91 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/index.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/index.md @@ -88,7 +88,7 @@ BitLocker has the following requirements: *Device encryption* is a Windows feature that provides a simple way for some devices to enable BitLocker encryption automatically. Device encryption is available on all Windows versions, and it requires a device to meet either [Modern Standby][WIN-3] or HSTI security requirements. Device encryption can't have externally accessible ports that allow DMA access. Device encryption encrypts only the OS drive and fixed drives, it doesn't encrypt external/USB drives. > [!IMPORTANT] -> Starting in Windows 11, version 24H2, the prerequisites of DMA and HSTI/Modern Standby are removed. As a result, more devices are eligible for device encryption. +> Starting in Windows 11, version 24H2, the prerequisites of DMA and HSTI/Modern Standby are removed. As a result, more devices are eligible for automatic and manual device encryption. > For more information, see [BitLocker drive encryption in Windows 11 for OEMs](/windows-hardware/design/device-experiences/oem-bitlocker). Unlike a standard BitLocker implementation, device encryption is enabled automatically so that the device is always protected. When a clean installation of Windows is completed and the out-of-box experience is finished, the device is prepared for first use. As part of this preparation, device encryption is initialized on the OS drive and fixed data drives on the computer with a clear key that is the equivalent of standard BitLocker suspended state. In this state, the drive is shown with a warning icon in Windows Explorer. The yellow warning icon is removed after the TPM protector is created and the recovery key is backed up. diff --git a/windows/security/operating-system-security/data-protection/bitlocker/preboot-recovery-screen.md b/windows/security/operating-system-security/data-protection/bitlocker/preboot-recovery-screen.md index f3bf57adf0..aaadd7678e 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/preboot-recovery-screen.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/preboot-recovery-screen.md @@ -94,7 +94,6 @@ There are rules governing which hint is shown during the recovery (in the order - not saved to a file **Result:** the hints for the custom URL and the Microsoft account (**https://aka.ms/myrecoverykey**) are displayed. - :::column-end::: :::column span="2"::: :::image type="content" source="images/preboot-recovery-custom-url-single-backup.png" alt-text="Screenshot of the BitLocker recovery screen showing a custom URL and the hint where the BitLocker recovery key was saved." lightbox="images/preboot-recovery-custom-url-single-backup.png" border="false"::: From 3527da742c6430c49c46880a310e33a50947c812 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Tue, 25 Jun 2024 11:17:18 -0700 Subject: [PATCH 10/18] add metadata block --- .../updatemanagedvsupdateunmanageddevices.md | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/windows/deployment/update/updatemanagedvsupdateunmanageddevices.md b/windows/deployment/update/updatemanagedvsupdateunmanageddevices.md index 9bc4dee63b..1602ebfce6 100644 --- a/windows/deployment/update/updatemanagedvsupdateunmanageddevices.md +++ b/windows/deployment/update/updatemanagedvsupdateunmanageddevices.md @@ -1,4 +1,19 @@ - +--- +title: IT managed versus unmanaged devices +description: This article provides clarity on the terminology and practices involved in managing Windows updates for both managed and unmanaged devices. +ms.service: windows-client +ms.subservice: itpro-updates +ms.topic: overview +author: mikolding +ms.author: v-mikolding +ms.reviewer: mstewart,thtrombl,v-fvalentyna,arcarley +manager: aaroncz +ms.localizationpriority: medium +appliesto: +- ✅ Windows 11 +- ✅ Windows 10 +- ms.date: 06/25/2024 +--- # Managing Windows Updates: IT Managed vs. Unmanaged Devices From a56816ad644bfba1b7934af992409da9ff9aee00 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Tue, 25 Jun 2024 11:28:05 -0700 Subject: [PATCH 11/18] review revisions --- windows/deployment/TOC.yml | 8 ++++---- ...es.md => update-managed-unmanaged-devices.md} | 16 +++++----------- 2 files changed, 9 insertions(+), 15 deletions(-) rename windows/deployment/update/{updatemanagedvsupdateunmanageddevices.md => update-managed-unmanaged-devices.md} (66%) diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml index 5daf2b7ae1..f4b74cbd1b 100644 --- a/windows/deployment/TOC.yml +++ b/windows/deployment/TOC.yml @@ -13,8 +13,8 @@ href: update/release-cycle.md - name: Basics of Windows updates, channels, and tools href: update/get-started-updates-channels-tools.md - - name: Defining Windows Update managed and Windows Update unmanaged devices - href: ./update/updatemanagedvsupdateunmanageddevices.md + - name: Defining Windows update managed devices + href: update/update-managed-unmanaged-devices.md - name: Prepare servicing strategy for Windows client updates href: update/waas-servicing-strategy-windows-10-updates.md - name: Deployment proof of concept @@ -115,7 +115,7 @@ - name: Deploy updates with Group Policy href: update/waas-wufb-group-policy.md - name: Deploy updates using CSPs and MDM - href: update/waas-wufb-csp-mdm.md + href: update/waas-wufb-csp-mdm.md - name: Update Windows client media with Dynamic Update href: update/media-dynamic-update.md - name: Migrating and acquiring optional Windows content @@ -379,7 +379,7 @@ - name: Delivery Optimization reference href: do/waas-delivery-optimization-reference.md?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json - name: FoD and language packs for WSUS and Configuration Manager - href: update/fod-and-lang-packs.md + href: update/fod-and-lang-packs.md - name: Windows client in S mode href: s-mode.md - name: Switch to Windows client Pro or Enterprise from S mode diff --git a/windows/deployment/update/updatemanagedvsupdateunmanageddevices.md b/windows/deployment/update/update-managed-unmanaged-devices.md similarity index 66% rename from windows/deployment/update/updatemanagedvsupdateunmanageddevices.md rename to windows/deployment/update/update-managed-unmanaged-devices.md index 997d298f9a..56e94bb220 100644 --- a/windows/deployment/update/updatemanagedvsupdateunmanageddevices.md +++ b/windows/deployment/update/update-managed-unmanaged-devices.md @@ -1,5 +1,5 @@ --- -title: IT managed versus unmanaged devices +title: Defining Windows update managed devices description: This article provides clarity on the terminology and practices involved in managing Windows updates for both managed and unmanaged devices. ms.service: windows-client ms.subservice: itpro-updates @@ -15,7 +15,7 @@ appliesto: - ms.date: 06/25/2024 --- -# Managing Windows updates: IT managed vs. unmanaged devices +# Defining Windows update managed devices As an IT administrator, understanding the differences between managed and unmanaged devices is crucial for effective Windows update management. This article provides clarity on the terminology and practices involved in managing Windows updates for both types of devices. @@ -34,13 +34,13 @@ Devices are considered Windows update-managed if you manage the update offering - You configure policies to manage which updates are offered to the specific device. - You set when your organization should receive feature, quality, and driver updates, among others. -- You use [Group Policy (GPO)](https://learn.microsoft.com/windows/deployment/update/waas-wufb-group-policy), [Cloud Solution Provider (CSP)](https://learn.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowupdateservice), or [Microsoft Graph](https://learn.microsoft.com/windows/deployment/update/deployment-service-overview) to configure these offerings. +- You use [Group Policy (GPO)](/windows/deployment/update/waas-wufb-group-policy), [Cloud Solution Provider (CSP)](/windows/client-management/mdm/policy-csp-update#update-allowupdateservice), or [Microsoft Graph](/windows/deployment/update/deployment-service-overview) to configure these offerings. ### IT-managed: Windows update experience Devices are considered Windows update-managed if you use policies (GP, CSP, or Microsoft Graph) to manage device behavior when taking Windows updates. -Examples of controllable device behavior include active hours, update grace periods and deadlines, update notifications, update scheduling, and more. Consult the complete list at [Update Policy CSP - Windows Client Management](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update). +Examples of controllable device behavior include active hours, update grace periods and deadlines, update notifications, update scheduling, and more. Consult the complete list at [Update Policy CSP - Windows Client Management](/windows/client-management/mdm/policy-csp-update). ## Examples of update-managed Windows devices @@ -68,10 +68,4 @@ Examples of update-unmanaged devices include: - **BYOD devices not enrolled in management programs:** Devices used for work but not part of an organizational BYOD program. - **Peripheral devices:** Devices like printers, IP phones, and uninterruptible power supplies (UPS) that cannot accept centrally managed administrative credentials. -For more information on managed and unmanaged devices, check out [Secure managed and unmanaged devices](https://docs.microsoft.com/mem/intune/protect/protect-devices). - -## Recommendations - -| SEO Keywords | Suggested Additions | Links to Update | Issues/Concerns | -|-----------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------| -| Windows update management, IT managed devices, unmanaged devices, Windows updates, Intune managed devices | Add detailed steps for configuring GPO, CSP, and Graph policies for managing updates | [Update Policy CSP - Windows Client Management](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update), [Secure managed and unmanaged devices](https://docs.microsoft.com/mem/intune/protect/protect-devices) | Ensure all links are up to date and point to the correct resources | +For more information on managed and unmanaged devices, see [Secure managed and unmanaged devices](/microsoft-365/business-premium/m365bp-managed-unmanaged-devices). From ce147ee70031fdc419cee1dd8ae8d05fa94b64b4 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Tue, 25 Jun 2024 11:36:31 -0700 Subject: [PATCH 12/18] fix from review --- windows/deployment/TOC.yml | 2 +- .../deployment/update/update-managed-unmanaged-devices.md | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml index f4b74cbd1b..ce71f48060 100644 --- a/windows/deployment/TOC.yml +++ b/windows/deployment/TOC.yml @@ -13,7 +13,7 @@ href: update/release-cycle.md - name: Basics of Windows updates, channels, and tools href: update/get-started-updates-channels-tools.md - - name: Defining Windows update managed devices + - name: Defining Windows update-managed devices href: update/update-managed-unmanaged-devices.md - name: Prepare servicing strategy for Windows client updates href: update/waas-servicing-strategy-windows-10-updates.md diff --git a/windows/deployment/update/update-managed-unmanaged-devices.md b/windows/deployment/update/update-managed-unmanaged-devices.md index 56e94bb220..cb25564137 100644 --- a/windows/deployment/update/update-managed-unmanaged-devices.md +++ b/windows/deployment/update/update-managed-unmanaged-devices.md @@ -1,9 +1,10 @@ --- -title: Defining Windows update managed devices +title: Defining Windows update-managed devices description: This article provides clarity on the terminology and practices involved in managing Windows updates for both managed and unmanaged devices. ms.service: windows-client ms.subservice: itpro-updates ms.topic: overview +ms.date: 06/25/2024 author: mikolding ms.author: v-mikolding ms.reviewer: mstewart,thtrombl,v-fvalentyna,arcarley @@ -12,10 +13,9 @@ ms.localizationpriority: medium appliesto: - ✅ Windows 11 - ✅ Windows 10 -- ms.date: 06/25/2024 --- -# Defining Windows update managed devices +# Defining Windows update-managed devices As an IT administrator, understanding the differences between managed and unmanaged devices is crucial for effective Windows update management. This article provides clarity on the terminology and practices involved in managing Windows updates for both types of devices. From 73bb50772e7799727094789cd0c031f50062ac22 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Tue, 25 Jun 2024 12:02:44 -0700 Subject: [PATCH 13/18] Acrolinx --- .../update-managed-unmanaged-devices.md | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/windows/deployment/update/update-managed-unmanaged-devices.md b/windows/deployment/update/update-managed-unmanaged-devices.md index cb25564137..3f495f601a 100644 --- a/windows/deployment/update/update-managed-unmanaged-devices.md +++ b/windows/deployment/update/update-managed-unmanaged-devices.md @@ -21,10 +21,10 @@ As an IT administrator, understanding the differences between managed and unmana ## What are update-managed Windows devices? -Update-managed devices are those where an IT administrator or organization controls Windows updates through a management tool (such as Microsoft Intune) or by directly setting policies. This includes group policy (GPO), Configuration Service Provider (CSP) policy, or Microsoft Graph. +Update-managed devices are those where an IT administrator or organization controls Windows updates through a management tool, such as Microsoft Intune, or by directly setting policies. You can directly set policies with group policy objects (GPO), configuration service provider (CSP) policies, or Microsoft Graph. > [!NOTE] -> This is true even if you directly set registry keys. However, we don't recommended doing this because registry keys can be easily overwritten. +> This definition is true even if you directly set registry keys. However, we don't recommended doing this action because registry keys can be easily overwritten. Managed devices can include desktops, laptops, tablets, servers, and manufacturing equipment. These devices are secured and configured according to your organization's standards and policies. @@ -34,13 +34,13 @@ Devices are considered Windows update-managed if you manage the update offering - You configure policies to manage which updates are offered to the specific device. - You set when your organization should receive feature, quality, and driver updates, among others. -- You use [Group Policy (GPO)](/windows/deployment/update/waas-wufb-group-policy), [Cloud Solution Provider (CSP)](/windows/client-management/mdm/policy-csp-update#update-allowupdateservice), or [Microsoft Graph](/windows/deployment/update/deployment-service-overview) to configure these offerings. +- You use [group policy objects (GPO)](/windows/deployment/update/waas-wufb-group-policy), [configuration service provider (CSP)](/windows/client-management/mdm/policy-csp-update#update-allowupdateservice), or [Microsoft Graph](/windows/deployment/update/deployment-service-overview) to configure these offerings. ### IT-managed: Windows update experience -Devices are considered Windows update-managed if you use policies (GP, CSP, or Microsoft Graph) to manage device behavior when taking Windows updates. +Devices are considered Windows update-managed if you use policies (GPO, CSP, or Microsoft Graph) to manage device behavior when taking Windows updates. -Examples of controllable device behavior include active hours, update grace periods and deadlines, update notifications, update scheduling, and more. Consult the complete list at [Update Policy CSP - Windows Client Management](/windows/client-management/mdm/policy-csp-update). +Examples of controllable device behavior include active hours, update grace periods and deadlines, update notifications, update scheduling, and more. Consult the complete list at [Update Policy CSP](/windows/client-management/mdm/policy-csp-update). ## Examples of update-managed Windows devices @@ -51,21 +51,21 @@ Here are a few examples of update-managed devices: - **Devices provisioned through Windows Autopilot:** Devices that are set up and preconfigured to be business-ready right out of the box. - **Mandated security settings:** Devices with health requirements such as device encryption, PIN or strong password, specific inactivity timeout periods, and up-to-date operating systems. - **Intune-enrolled devices:** Devices enrolled in Microsoft Intune for network access and enforced security policies. -- **Third-party managed devices:** Devices enrolled in third-party management tools with configured Windows update policies via GPO, CSP, or registry key. +- **Third-party managed devices:** Devices enrolled in non-Microsoft management tools with configured Windows update policies via GPO, CSP, or registry key. ## What are update-unmanaged Windows devices? -Unlike update-managed devices, unmanaged devices are not controlled through policies, management tools, or software. These devices aren't enrolled in tools like Microsoft Intune or Configuration Manager. If you only configure the Settings page to control overall device behavior when taking updates, it is considered an unmanaged device. +Unlike update-managed devices, unmanaged devices aren't controlled through policies, management tools, or software. These devices aren't enrolled in tools like Microsoft Intune or Configuration Manager. If you only configure the Settings page to control overall device behavior when taking updates, it's considered an unmanaged device. -> [!Note] +> [!NOTE] > The term "Microsoft managed devices" used to refer to what we now call "update unmanaged Windows devices." Based on feedback, we have updated our terminology for clarity. ## Examples of update-unmanaged Windows devices Examples of update-unmanaged devices include: -- **Personal devices:** Devices owned by individuals at your organization that are not enrolled in any corporate management system. -- **BYOD devices not enrolled in management programs:** Devices used for work but not part of an organizational BYOD program. -- **Peripheral devices:** Devices like printers, IP phones, and uninterruptible power supplies (UPS) that cannot accept centrally managed administrative credentials. +- **Personal devices:** Devices owned by individuals at your organization that aren't enrolled in any corporate management system. +- **BYOD devices not enrolled in management programs:** Devices used for work but not part of an organizational bring your own device (BYOD) program. +- **Peripheral devices:** Devices like printers, IP phones, and uninterruptible power supplies (UPS) that can't accept centrally managed administrative credentials. For more information on managed and unmanaged devices, see [Secure managed and unmanaged devices](/microsoft-365/business-premium/m365bp-managed-unmanaged-devices). From 2663184779575abf9fad55f96b7a536d3c55dd96 Mon Sep 17 00:00:00 2001 From: Scott Breen <39719539+scottbreenmsft@users.noreply.github.com> Date: Wed, 26 Jun 2024 15:13:57 +1000 Subject: [PATCH 14/18] Update change-home-to-edu.md Removing references to Kivuto --- education/windows/change-home-to-edu.md | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/education/windows/change-home-to-edu.md b/education/windows/change-home-to-edu.md index 042df87a74..46b42c1194 100644 --- a/education/windows/change-home-to-edu.md +++ b/education/windows/change-home-to-edu.md @@ -21,12 +21,11 @@ Customers with qualifying subscriptions can upgrade student-owned and institutio > [!NOTE] > To be qualified for this process, customers must have a Windows Education subscription that includes the student use benefit and must have access to the Volume Licensing Service Center (VLSC) or the Microsoft 365 Admin Center. -IT admins can upgrade student devices using a multiple activation key (MAK) manually or through Mobile Device Management (MDM). Alternatively, IT admins can set up a portal through [Kivuto OnTheHub](http://onthehub.com) where students can request a *Windows Pro Education* product key. The following table provides the recommended method depending on the scenario. +IT admins can upgrade student devices using a multiple activation key (MAK) manually or through Mobile Device Management (MDM). The following table provides the recommended method depending on the scenario. | Method | Product key source | Device ownership | Best for | |-|-|-|-| | MDM | VLSC | Personal (student-owned) | IT admin initiated via MDM | -| Kivuto | Kivuto | Personal (student-owned) | Initiated on device by student, parent, or guardian | | Provisioning package | VLSC | Personal (student-owned) or Corporate (institution-owned) | IT admin initiated at first boot | These methods apply to devices with *Windows Home* installed; institution-owned devices can be upgraded from *Windows Professional* or *Windows Pro Edu* to *Windows Education* or *Windows Enterprise* using [Windows 10/11 Subscription Activation](/windows/deployment/windows-10-subscription-activation). @@ -80,13 +79,6 @@ For a full list of methods to perform a Windows edition upgrade and more details After upgrading from *Windows Home* to *Windows Education* there are some considerations for what happens during downgrade, reset or reinstall of the operating system. -The following table highlights the differences by upgrade product key type: - -| Product Key Type | Downgrade (in-place) | Reset | Student reinstall | -|-|-|-|-| -| VLSC | No | Yes | No | -| Kivuto OnTheHub | No | Yes | Yes | - ### Downgrade It isn't possible to downgrade to *Windows Home* from *Windows Education* without reinstalling Windows. @@ -99,8 +91,6 @@ If the computer is reset, Windows Education is retained. The Education upgrade doesn't apply to reinstalling Windows. Use the original Windows edition when reinstalling Windows. The original product key or [firmware-embedded product key](#what-is-a-firmware-embedded-activation-key) is used to activate Windows. -If students require a *Windows Pro Education* key that can work on a new install of Windows, they should use [Kivuto OnTheHub](http://onthehub.com) to request a key before graduation. - For details on product keys and reinstalling Windows, see [Find your Windows product key](https://support.microsoft.com/windows/find-your-windows-product-key-aaa2bf69-7b2b-9f13-f581-a806abf0a886). ### Resale From 6e626be2871640ecf3f0ee1859ec7b8804676021 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Wed, 26 Jun 2024 06:17:46 -0400 Subject: [PATCH 15/18] WHFB FAQ update --- windows/security/identity-protection/hello-for-business/faq.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/faq.yml b/windows/security/identity-protection/hello-for-business/faq.yml index 3d8f631c06..217320345b 100644 --- a/windows/security/identity-protection/hello-for-business/faq.yml +++ b/windows/security/identity-protection/hello-for-business/faq.yml @@ -44,7 +44,7 @@ sections: The smart card emulation feature of Windows Hello for Business verifies the PIN and then discards the PIN in exchange for a ticket. The process doesn't receive the PIN, but rather the ticket that grants them private key operations. There isn't a policy setting to adjust the caching. - question: Where is Windows Hello biometrics data stored? answer: | - When you enroll in Windows Hello, a representation of your biometrics, called an enrollment profile, is created more information can be found on [Windows Hello face authentication](/windows-hardware/design/device-experiences/windows-hello-face-authentication). This enrollment profile biometrics data is device specific, is stored locally on the device, and does not leave the device or roam with the user. Some external fingerprint sensors store biometric data on the fingerprint module itself rather than on Windows device. Even in this case, the biometrics data is stored locally on those modules, is device specific, doesn't roam, never leaves the module, and is never sent to Microsoft cloud or external server. For more details, see [Windows Hello biometrics in the enterprise](/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise#where-is-windows-hello-data-stored). + When you enroll in Windows Hello, a representation of your biometrics, called an enrollment profile, is created. The enrollment profile biometrics data is device specific, is stored locally on the device, and does not leave the device or roam with the user. Some external fingerprint sensors store biometric data on the fingerprint module itself rather than on Windows device. Even in this case, the biometrics data is stored locally on those modules, is device specific, doesn't roam, never leaves the module, and is never sent to Microsoft cloud or external server. For more details, see [Windows Hello biometrics in the enterprise](/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise#where-is-windows-hello-data-stored) and [Windows Hello face authentication](/windows-hardware/design/device-experiences/windows-hello-face-authentication). - question: What is the format used to store Windows Hello biometrics data on the device? answer: | Windows Hello biometrics data is stored on the device as an encrypted template database. The data from the biometrics sensor (like face camera or fingerprint reader) creates a data representation—or graph—that is then encrypted before it's stored on the device. Each biometrics sensor on the device which is used by Windows Hello (face or fingerprint) will have its own biometric database file where template data is stored. Each biometrics database file is encrypted with unique, randomly generated key that is encrypted to the system using AES encryption producing an SHA256 hash. From c82bee5f64c9e91afe17d2fd2b84f768f8e481a3 Mon Sep 17 00:00:00 2001 From: Aditi Srivastava <133841950+aditisrivastava07@users.noreply.github.com> Date: Wed, 26 Jun 2024 15:51:37 +0530 Subject: [PATCH 16/18] Pencil edit --- education/windows/change-home-to-edu.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/education/windows/change-home-to-edu.md b/education/windows/change-home-to-edu.md index 46b42c1194..072a760e05 100644 --- a/education/windows/change-home-to-edu.md +++ b/education/windows/change-home-to-edu.md @@ -43,7 +43,7 @@ Some school institutions want to streamline student onboarding for student-owned - [EnterpriseDesktopAppManagement](/windows/client-management/mdm/enterprisemodernappmanagement-csp) - which enables deployment of Windows installer or Win32 applications. - [DeliveryOptimization](/windows/client-management/mdm/policy-csp-deliveryoptimization) - which enables configuration of Delivery Optimization. -A full list of CSPs are available at [Configuration service provider reference](/windows/client-management/mdm/configuration-service-provider-reference). For more information about enrolling devices into Microsoft Intune, see [Deployment guide: Enroll Windows devices in Microsoft Intune](/mem/intune/fundamentals/deployment-guide-enrollment-windows). +A full list of CSPs is available at [Configuration service provider reference](/windows/client-management/mdm/configuration-service-provider-reference). For more information about enrolling devices into Microsoft Intune, see [Deployment guide: Enroll Windows devices in Microsoft Intune](/mem/intune/fundamentals/deployment-guide-enrollment-windows). ## Requirements for using a MAK to upgrade from Windows Home to Windows Education From c80cf09ea53c8883ffd4c5d4b848ad9543025722 Mon Sep 17 00:00:00 2001 From: Jacques Eloff Date: Wed, 26 Jun 2024 09:00:56 -0700 Subject: [PATCH 17/18] Update update-other-microsoft-products.md Add .NET to list of products supported by Microsoft Update --- windows/deployment/update/update-other-microsoft-products.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/deployment/update/update-other-microsoft-products.md b/windows/deployment/update/update-other-microsoft-products.md index f71f77a7f1..f2132aab16 100644 --- a/windows/deployment/update/update-other-microsoft-products.md +++ b/windows/deployment/update/update-other-microsoft-products.md @@ -53,6 +53,7 @@ The following is a list of other Microsoft products that might be updated: - Microsoft StreamInsight - Mobile and IoT - MSRC +- .NET - Office 2016 (MSI versions of Office) - PlayReady - Security intelligence updates for Microsoft Defender Antivirus and other Microsoft antimalware From 7e65ecfffddbae0ccf4dbc4541c7f7eac1b47560 Mon Sep 17 00:00:00 2001 From: Jacques Eloff Date: Wed, 26 Jun 2024 09:09:54 -0700 Subject: [PATCH 18/18] Update windows/deployment/update/update-other-microsoft-products.md Co-authored-by: Jamshed Damkewala --- windows/deployment/update/update-other-microsoft-products.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/update-other-microsoft-products.md b/windows/deployment/update/update-other-microsoft-products.md index f2132aab16..5cfbfcb8cd 100644 --- a/windows/deployment/update/update-other-microsoft-products.md +++ b/windows/deployment/update/update-other-microsoft-products.md @@ -53,7 +53,7 @@ The following is a list of other Microsoft products that might be updated: - Microsoft StreamInsight - Mobile and IoT - MSRC -- .NET +- .NET (also known as .NET Core) - Office 2016 (MSI versions of Office) - PlayReady - Security intelligence updates for Microsoft Defender Antivirus and other Microsoft antimalware