From 9e853367fc203703a61370ee6e0d8089260d8f2f Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Fri, 7 Dec 2018 11:02:07 -0800 Subject: [PATCH 01/54] added new images --- .../control-usb-devices-using-intune.md | 8 ++++++-- .../images/device-manager-disk-drives.png | Bin 0 -> 13955 bytes .../images/disk-drive-hardware-id.png | Bin 0 -> 38361 bytes 3 files changed, 6 insertions(+), 2 deletions(-) create mode 100644 windows/security/threat-protection/device-control/images/device-manager-disk-drives.png create mode 100644 windows/security/threat-protection/device-control/images/disk-drive-hardware-id.png diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index 58984dac70..1e8abf7236 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -63,9 +63,13 @@ There are two types of device identification strings: hardware IDs and compatibl Hardware IDs are the identifiers that provide the most exact match between a device and a driver package. The first string in the list of hardware IDs is referred to as the device ID, because it matches the exact make, model, and revision of the device. The other hardware IDs in the list match the details of the device less exactly. For example, a hardware ID might identify the make and model of the device but not the specific revision. This scheme allows Windows to use a driver for a different revision of the device, if the driver for the correct revision is not available. -You can get the hardware ID of a device in Device Manager. Right-click the name of the device, click **Properties** > **Details** and select **Hardware Ids** as the **Property**. +You can get the hardware ID of a USB device in Device Manager. Locate the USB under Disk drives: -![Hardware IDs](images/hardware-ids.png) +![Disk drives](images/device-manager-disk-drives.png) + +Right-click the name of the device, click **Properties** > **Details** and select **Hardware Ids** as the **Property**: + +![Hardware IDs](images/disk-drivehardware-id.png) Windows uses compatible IDs to select a device driver if the operating system cannot find a match with the device ID or any of the other hardware IDs. Compatible IDs are listed in the order of decreasing suitability. These strings are optional, and, when provided, they are very generic, such as Disk. When a match is made using a compatible ID, you can typically use only the most basic functions of the device. diff --git a/windows/security/threat-protection/device-control/images/device-manager-disk-drives.png b/windows/security/threat-protection/device-control/images/device-manager-disk-drives.png new file mode 100644 index 0000000000000000000000000000000000000000..44be977537e35a677728093b3d6360792d0bf0c3 GIT binary patch literal 13955 zcma*OWmFtZ*ftmf!QI^@xVt+9cMUMO1a}Ya?hZqMpus&j4DRmk?#@o0_x;Z9kKJ?j zM|V&6bXRv*SKW1AQW46E(n#?5@Si??LXwq{Q2q1?0tNhg78V-34lF1(2X7#pRi(u~ zRgDuKfp?%RL={9oeX5B=cm;d`@54FB=s17+gxvFQfx!Cu?dPXYT)46lqUs(7XE_Ky zm~%@X{w?9F>X^)rS|^Mu5fEsSW)#5N3o0X4x&b}Tt4h0NFWK3B+qw3R%9yjxnB~4k zP1VW>#@T^XDLNf2Nf8WXsFn%{SqbI%tX0U}#-$I>@$99XwH)yBqZUrUP$;Y=$9ezM zblg7oV04sS_ES4KD`Kxi2xc4*NNyVez#V|z+uO_ZfUW05>}BDS`Swk$Hq!z(Gy)zQ zB@|#B*dGK)PdB;8_j4;#s2~^AYac?a0AI09OFs-xtr1xvsFvD5x9EaqpL~K#h zjQq9|)9@-6mC}Gr-E(YYp4B4i&s$AhLaI>Zot9ES-pM+$om>hqCInI3HH z0hzp_$6IBRMKf?Ex~A#98R>l{d&4Onn*lJ&SF838-CuAvUvDPTtX7*H>B3qh(G%)v z2VK>Hnp!AFk%x8)0jMeF>ZVj=T|AChq_pK?KgisB4;3vvUDF1&sDCLsvqj1UQ>mLT zG9A;q7Pj+9Gukx6zrI}RDU>l{0d1|brl{DNDOlq$95eex%78R&4~^RAm6C?>bzb_L43yDTMn$QNjbvepmH$c=SM%UkjvK?l#9i zr{VLf`y#&OwTA0Aq&TEvl27W9ZOKS0*d;kdw5R7PoQxeKUMXNM4Lah7{6LnFm4|bR zsx2vRl`tFsR#-ms6F5NFKth9$C}wI9x~v&I%4e(Bu&7rwst|1B4!MdqXZ+^UFv{{b z$o49o1wbwp*CA5Gs*A1(Iz*6qS(vF!H*lS!WEGZ5iN=Ouo9_SR$+$WTF*7&k=0t^$ zpCvIdf<~n1Zma*>HLXw^J_zFY5J@o^3gxHvoRz4XBk!tM&F`$%VF?g28ZCs5&@_Jf zkHgboac$Z%z^r-AL4%h+H@^P|65GJk8n^1ErtL?3TQ$EHM1yI48pSlAEDw6?vJ zrWPRP`6_Jz5g&uOtFDM$a`mVEW;$hSI@O+(bVLn9jA0^cUmjyxiU{Bu;tawfcHDR@ zGNJFR5#eH|VR2y`F<~MyA?k_*-~J)l;i07#)fq7BY$ikic6wa2xS1)d1AC8uwSkZYpI4d~NW(Mp+%3@x3BJT(Ror8kQ}*@~l0m*%!hnJ(9mGmL~c&he`7 z>ey)IK8C!v@v+u}?}oc_(fHbSFD#>!wlH$}yDT$vetUqR#2P{VHr_jFJskZ{Z69ti ziYN}tN-B(Cq@w*;CUx9mF-?XNrG0dh4IUiQaT!o{wAR~ymt6WdzUk^=hAV0wyY*N-yK=J!DjrKT=*8#kAV#b*2~#8_+f)#MXh?q+!l;E9mNW!K2uY|S!x3u!#G z3Z0FmwW7;>CVcY667DvPF65eaS5==hJ35AH;LoodV4f-U!8ZIE6|wneXGlrs7$T>) zL5@Fk_dd9OB3)Qhi%FOK-B)8p|J`Rz$W1R>66y6Vz}i(`CE3ES0Pu{pMtlSNa#rxQ za}paVa|Gxw7s3bRq46aVta&un=P}hovJ=-O`<9J#$;~|qzEz(+E2l~2;albD21JN5EEXCZ`I#hud#Cd7hQMeI1kk@$Uc z8y`eTE|G+*(jC?I1RFRc?)SyWV+bJ4u$)z8nY!&M zHAB9_D+p=c%xId*SC>M3apfI2l`}1HRRB)llkXot71yR$bjV0+6N^{=P{@5BQqXlP zY^<1St@1E=xmejGnbg!ILqUA-_gcI@%wW!$di+W8E6CCWcA4kr9nOwZ@DRh;X}p`I zt!p`RBbBUS$APe~NL7^hYn>Z=MO=Z4cW`%6T9KK1kpsYM?6msj!IiX*Rf$Nemqs$f z56Ryv;0SPNhv54yIZux_IUhlkIogv2(fMo7b~lT>eDz8Xi~Q_=>(Oct7DNmT25?{L z3nskrxEbSapb7=x66pKC-DP^z6Q0h_vmo{^8Xe}Vcl^8T_HqpyJlOBYqsLj~`D%{c z35A_>c%usy`(}v`+ZG5v7RCvcrF!A;zr1@4skYyZw^Xo(+K-H=&l|&gHWoy?yPxoI^tOz zOKNM;DWqfjg5fY`@x5>FlFmv?{DXR6NaAVK(*$ZHfV4S32FzTyQ~qiPz1-M$RV*0x zCMmtD&!I=IZTNQkSE@UAJundm%+6B&f?r{$;+6ennh;D&xBqv$9#x@hW4~gcZMR#hRHujIUw3VM#$11UW{lWAA7By583;1*>svD_<^^{kT*otG>CB*oQ5o zsj88x&8L%joOZ^7{0~UN%9#lQw|Z5#u0GikZ4XaRm3_OnW$L6Q(OS)pgEKyEW+h46 z-8DI#^@)Br5bAIrqm&o2_)2I&66I)-7hbL?jK0G>+NGl9V;EjvMvCmw_l1;`bB@C` z4C~<)7v{nfb)Lg_0=0sa^#1-ou);iE-9jWyT<8suVyvC5T;T3&b&TY4!sFsb|gC z*Hb(W)sUUut{BU0vHkw*I?-ky9hxcC)Cr(uhB*3?y^->KmQ>Pccv#!y88x>miGx@q zo`=MbsPSac#SOR&u1bUGUw>CFw{Y4n*O_lj1-m6|JS#Suzif2cX4VT#uPgP2ZEu8^ zb2x82?SwhJFmew+S&~Kt1@D+nDLlaQAFaIVId0K2|E|QRBm}Ad4J9L=Fi)^pr1$UA z;bMq?Soc;^?0i|f7%o+;#y%Xm*&j=q56#_Z+`GD8v6tH-4I%IR&7J=?8T3^U5b(NT zQ)gQ=!QBKSztf-HBm^siG$O>Ua78^db1XNs9oOkw0yFbbgUqZx-bZlZ7t?~!*|jMu zP1<7n1-U-bXPrxfjcs5Do9V8Pm9y+t~X!{t;zdyG`8NCOrc4x~(m4AOXm96_89QQ^6d5cvMow1kfA zr1tfTVRD@CyGOSBx~Eh2&Z0@&T|-u}j*d=;6CWBQO6&7PI;(glvtE;3ir+*cmE7mo zJfo_Xef*3H(g%zE(G2S$LOLaCk|(`7i-|_FfW-!Zj#VFJMoCZx4N7Fxo@ii#_l>L5 z_p#3Pp5&AI4avYQTyMKUpLT}08t&&ppEa-EqHPrBQClULWt3C#;rty(i+km4Uu!zz z*QJp|LMJ#OgBCbB!-ZwMSP5daT7f}ZS!@fo7P4eMN&Jo);*xAPXlP=0_gK=kKY<9>KT0S{F0 zzNhI(kUkcAY?gfo-b$lwQlKbNruyM_6!XAhjfo=|aSZ0<`aK`1wp2B5!;j_(8_pRa z!+~5EzK5w4N^Jq7n0n08zK7EPX-5ZlC&ps=4Du2pBBI4k|4zc{0=^xqfY-pDFV*X64U=@x0gVw(jGG$KEqcW_pf9$~Vy-NRmqjfD@3E^#*^ zE-KyEDUqsSWI#Z?OuRNC1`w^>0o8PFX7hI}6KYOQjw+7~>F*D`kRYD3`kBuHC~{Ym zARZZ>!R<*H|HP!EqGMEBTieCI-rSA$8%$$(W$AqFME7SaG$S*lh*WeNp{8taEDLoZ#IMwn*KJ6yU<- z$@7H#p<-}BaQ11xCxbEi`vJSWM;=b=ea?V5d*^y3&(j(hb(;ottVTH+k=)V@ zbH#P*=|qWMfyuu#4XrW4p7Rg&D}me!g#4&-nzrKoQJlCAF8HwmZisw+8?3ZL{>G9$ zryh7obB?hvlu(qYXXI12`7+M2`SrdYOC-(_Z*;^3kq7W-{x{#RA%#v*l zj*az`5EzQt9(P_|%<6a;ug_T9{FpQdRI5unKSet&!f9c$g10@U;Ks9V7S~A^?U;nra#UE(|JIo-{uy zsV4UdEg$3`#YAXd-yZaZW=#Ab9@#@8Gv!%Hfa`)bWkjeus4y8i>Z!nZ4HPP>&Ohk^ zBM1_mY=(&uMW01+Z3=m2-792O!q3d#kPiJ^Ia7lfC!0jQ<-PGjY~cUqn(eutvDoJR z2NMy0BfkcInKs5Vo}bn4)q|JGaZW>P2qyQG<;Nn6PAd9bN=8P6^Ms&Q@$IdPRmLF` z5*$njQhu9Y{hxC&TLyQ7(9EzmB_(SVYgfR^d(2n;3c<<3KQn6WQ;g9@<>H1U_K9ux zkE%BOaCKVEjNd)ZFZin+rYuB`jR=2Wq~`Ld@Ts-4<$aF^4J93S+iM9$ORlUV@w##R zA@SaM)-HfheaO;qm?-VBFn$gxhi616bMVW-{l}=6u)UDW@0+krVpQD>Gm>^miASLx zZntJwhtN8u=h1z6DxaW%3+znJY7#~N7msX{#7nA=IF^eLPI8~j`L}IV;x7X`$=TU~ z2}e4QH^(L7u|#7hp!H@UO>BXjxDaw*(&@0yVd=jzDBr!%tItiM1wZsLSKTN&viu0A zYv3%RINohhdcBGj&aIMMPwAh2ThkR_$tXSROs{5z2A zkq!qF;~0%$m8T>U9HnyS?qjMZa;V9$7M|Zx@qr{2N6eVF0Ti;MCQMFy=1!T5czh&q z)h&ysqhOr^QTg4KFT(iC==Z>l?!*Z*J&4aEo~1G5d%(en!tAtoGbh~Wxt*q{y^#vB zpOc7**rnV&x90w|o4V(6v6l>!=-rV;*YZa>@APceW+yDq;_iNPEn&InA385;V+&Bi z4DI!(2!@ROGhf;F_dpQM2{8uLK@)p%;=JCi`hd?P+`S%4M6 z>dD<2k0BpK@^y+)?|9~UBLFJ+nShZXBnbWc;hhs7fDwhriJ+?E+1iS1k!a?SX?H%p zAI*Mi(sQ>c&QY(Qtzq||nL=s6Iqg-B@ec7;KaACrDUVX^I9Rs%xh-uASaa~Csx-BA zB<3wmqsuSQW4jcYWm(tw^V+j(&OJ=QSD zmPa@rL1uXj-68Z$-KBC9iATwv_nkhH7iBK+-T5@qmFH#gKM4mriS#6MO<7|o3HeMh zCvz}ruY(xljiQ3uA)U+u^Xh7;h@oiJ-P{`0^VfgoTA$HwkscmD=x%8@U=CJ8&}=fN zF{{g6g&BCU7l$<=#vg&Q8X(%|Y~~+T1+K{Z)0UU{cM*(D0Su3(B<6EbNn7di9*J>b zB{LL#A>aDAsIRtz-5s}TkQ*?+HJgwy`g@x|9IqQja_e6J-WCX^_7n!<3l+N(vBpxZ zrfMh5@aPDb36Wt!QAmgr50M8*9t4A8a4M6mW_}%ZtjGt7#$|`K5qXy`x&a5Bbl1n5tNkUY)Y0v>H_>`E9DRarLf zEEZlt5C6PZ(drg6&}Lx;bt5NgbD8z}*xS)}Dqq0fSaSR?dL zP!S-qZuSX*!hNs2Ue^slIFgwTgd?fhRG3~CL>*#Pfk9IMZfFfc3%jboVT1}8nYT@@ zDX+Ne;f4aD{~y>LDhhl7YxjTfez1-4R)VINCHngzoO7Os&uxM*3vw@uJkR@WiSU<5 z5CXFV4nhJTy%%ExqxelhK;K5Qpm4;X8XsQ%#LBi`0Y|TMZ-_HX zXDMhVAWudmbEk8O%);Y@@{~f1=5ALD#=% zj{^A{M27iYvkR!dvN!K{gpGgh!)03Mc;8Mx%Fb0D=2mXoxdiylHUk1l zHnD1QC8(&uL@f2H_K22FXbmOVwy2i-^C4o0pkA{BVD@vOL~lV)1JCjA0uQlpXdNQX zy7jISdd=;HiR37CGKpQsc24(PIy9;(U3EUWSq-j1{P_L02=BrJ=clHb#{EbJ!*zy2 zSu|x79bR=mHoB>wK$jXt&5Ai4Wf9jy&*)THcDmYIzGz!kqeUgne%%IDv}x$dj-Ouo zUu1^MQ1yPC^Z!z8VRPco@RJtn3sNL~uK3(96RjZ<4i`J3e6^i-H5qr_8-f#^cyiuy z;->F@NBO$n0{?oO5XQmXmwE!^W6ar13TQoAvi^%U6)+tYuVdk2A5HXaRs~*trjd_^ zj)sN|Wlqs0em=9x4El7V&p$zgH{WRf5*cLVwLVk^I94QT!oUrZ82G@MNX7LCxrT)(YI@^>1lW}E9a1zn{$PzqWAHu? zDiQ*o!Obftpg2jShg5dl& zo?(@Wjsfb64 zpKHMkQv((Htw&@v^17eay4h1cpoZ{bvE7V-31@zA-gc$v=a02Uh1@=sB(5(l$c0~T zp%iCJ>1*WSS_rcm$O!uP?5tQhw32&r_^Aeu!-HjWoT^h8@&uk9jGFc)!L3^~Rm#`* z?`t)p4k?(xQr9Cd(81_@mxMETIze1@+EG`3vkk2l3pE;%`#VAHN!5MOlE%|tGe0}d1ruZ0NnQFHK zLq6f3ul#l?FPW@O$PXJ%VRU2QkX3*nD#n1a%<3D-jJ-vQ+<2M>6w&M-qEPHHd{-x1 zP3x2!G3g7(xGJsYD_(Q>o2qjONeAh3VsvA?{{Q zE=rYF3s_#>{=!g_IQkF>Ef}~$PKX1fKPI9!6}7d$=IL0TT>3j}=#n|n(FBUSCgiMs`0=Ie+6cKd)gqsaY?0 zTpjuPAxKQv5IhCqNTZviJ5Wjp93HRd$Qbv93N9xH1D>z}jX?C3ssD7uYUL<~HJlL)rOD-6eEnXga02GBEE|B8`_lcr=1gciTCaF>N3 z8~&pZd&O1B8XluTS>q6nY)8+ByH^(}W!}KJ!Zw`F>Xad@ir0H90OzcCn3L)OC*xC% zCd)wRRv0wogFQ9aW6Ms(z-S<`_^6b~scS3@D)lM;cQ=!CA*p}eh+Fg2lXy8dw6i?T+ymeb`_3TEayLz)7ibIdQ9HT1|6{aTYT<902AQYzVhx4-uS zDmKC6gGN%QELUv@2YK6lfwJ&$+O8R_);CR-CsUwqLbqwK7X> z>fz=2TDY5>bT#lF!hayXY z2q+x_Z@y$nUF_R)3?lkz$?)diJ)b#8WDB?=1@)MjW_CZoaaTs*o0t zA^~ZsYFXSGA=)Ia_X>YqXHqc43NXe>bwyQMg?!yjo5meT4i1O;KG%jJ8x0jW!1Z~6 zUjpbDTUj~0t-K;5@|A>2PF%V}l3?phW8~0qn9kw<4BiI*!G9*($yR*kLptPVWTpmh zJ<4@60zWUiw;NZpMf1X;q3~_BVZh2DN5Yd?;;0EWMAkbBS2ul+h*&(Av(}NXa5N>| zMe-p5s_9C7kV}BLByNFCb~nnEdq@$NW`pz_J!4UuvFVa%h4)a>j5G9BKly|1D?4LG zSOmp;R7!XzHqc4Kg9M+2)>Mi5`j(}^hyAd4wUr=-ve-#3c;f+~<&vuX>z@QCz~rN$VG zj z+H&b%&AJz3bO%@j5d|st-=^aHD4C4@hJkjjIzHZC)-%{GhG`ky(?a*k%_1|3o&Jck zE7$LSec&op2v{LpciIT$`{SVYgURMbv81;NrG$mVXO`FZWXlD5R_$PRq5N~VZOTc| z!x)PoWRCMKk49%SW%12xxqTV0GjZ#S7v};_ej8cQAPbV?Aj=yJ?>u!eoTore?oIwm z!x~!bJ4_Uevt_*U73tvT0x5~!alw~rXL|&8Mxs;xF8yyymzS-B|3bk_uM+VA{P*f;!j#}$k zsJ~A3*bwp|@GMaHj{mYpvF_mCLP?g!fEDmF6l(QTP*Hv9eBEPqJSs|ihT7fi4iehR zzbh&#Vl$*{yjZp6zg|ou;3{jebR?zV;R1MtI#^J{ApfSbzMfV|S}|P*&_1UX682l` z=>p)gmn(Y6KjTW0-?S((&9-U~X-@U^)W-p~W&gA>N)tK;W5RwHadLKs45r}Z)Yz*x zzvy_gw6Rr_OIV`0_HQ#O(XEX@oK1>w4t%L29Hkr~V;*F*L>&Ua!r(I3s_37mYDzjw z(yq3s)uV=@gWnH^V`jeCp79zBL=be~NlvYDQCF??#1r&Srg zHzJOJgIdW*no0jKmNxjyWOlrMOKA)`H`azhQ>3quR%?N@Gjvb|@TxBqB4ca$M!wG} z2eZv($igyEgnUWhqS8v|H2YdUBoX0fDeda}VZbRLQ{p;s6GCD084kqznCX;$*p8nMQvvuk}hjjregD!|>M0Sf0^UNE8;PTrZf~Ad3(v{L3WuFZ4FV*YVtL^sTo5{-{ zXvB99mPjz_dnLV4)PU?|SqsqL4sK@rE4nbv#L(uB7s`MK1P>P&O3y`mHFi6i6)!-z z@81nP+FB>~&d}9tC#&USV%(w!0mW9 zFxEcO`TsPKY$N|w%rm|I*72VCH=Q0fQeA4Y{Ju6?!!u?d-pf{a_^XLJ_Z)4~`*8<} zb)2Vnp=H>S&}-*XoMX=B0HMw;+MLmSeX}CxknSKg6Ehm7>TlxAHh%b;rGk(7w?CzL+a8O zJp3x$f-CbICHf6TrG#IHXM!1i@Lmzj?;pMt%D8%VaB*>RO=f+u&ie4BLyw(~rf%rC zkW4kXIwW(F8{T5#Y~zF9wYeGiYWB~cvc=E+B_l&*EIWVtAI_DO){1Jh{Lhlq0onoE z>MR$PZnE*G7L74y+T6QeFcz()gMB5)Piug@UqQe{XEBK(Dl#2CUY zk|$L<&HgzaucA+0rDzt4q2dBmL0qr#&V@X zd_!6sK2H44iUF@yw`uc8lq7uw2j=_l)PZ?s$HaKQ%aNP-o%j2wfgb{SW5#u?3q^a~^yAxvgya z++;={03;_SRDQ|!KH>!BzoQOYmu%|x(F@x7Oa;hZH$eWQGf`|RS{Hx#eRyj+8Egp) z*Jp{yrfe?T^vBT++eQb}(8mDG#Dc^r3~ji3=8%EUDeGAKWrri;L7DHUp#kX<7UsB#&O3s|_pV`(?n!`A_ht<4RVqH}KJq5K-=4Zr8S2Ao$*dYk3L+0H zrGGPZ+(Uq6v<&`C8dYASkqbN3M+v-nE zPv(@HL|Zj|YzHN(DH62z7_d|WWQpG9DawjI2&NLtD)LC20+=VDy1fgTYbPfKl)j|~ z)AoeWRf651(cjBAIDxDLHVd=~lnja5hWQr2M7+YERvan(?c0%9%?47R5yow>B}Z}5 z7%ba#IBGt9^*_Alqmg7su>K{|sJ0(bOtk+psjM=2YYTxkANWuJ@T&Ms{wt$NFq3QM zf_wfzZlH1H`6b;*Rq;h3;APrRe6t2Yz$LWPwkxzx+?MauaOmK-DI$j8?*8@9QY0Qa zyxw4^MLlA|lxP4@8o4%#77WvHsp%GN0l3uW$Y9vJq{-RK0%vq8Yh6sz`;UEO?foCG z(Es{_1iRZm>vNFH7JZ%_NnsLD80p_f(eeMDL3M2o*!R)}wtMkX)Ei6`V$?IOb|4)c zc{+)s7CfDoatJ*W&oYhp;;k%3XDmdWk#+L(kf7C9N&CwsSN!P`Bs&vq2V8}7yCkkb z2z2&G6(wU^7zJJIx*6Rbt0rMghG^wQvx%kSq20e78vFY4W?ryh(DcOH%MnfI%5&qi zSHE1V8D__}sAW~xGYmhldEGQEZbgf=*A@}GXBVX6VaGMsRiV){k9WDxlIOU%%d6f5 z)+cnWx(8PMys>6IVWP29jbgz*sq$i1(FSa^<3eGeScfasHAR-vrJ()Z@#@ znRgpAA#maUNLDm^>b=ckrO3-)ArU_NZ&cgx+U7g~Avzz~1aa&3#CvpfHVSywsD&NwPe!#Ngz=*bBFcF*Egnm zo=$f`kD+={fDjc%y0j8uqRYK?_+|*O9PvV2Z$pN3_Ya_O=h_Ol7nUAwlf$UWWt2DFk=>&p0Mk+e0S87*POM~1`wq>%+?z`yv$6{3A{9By;BYIb z6Olzs+h=91aC>`ek7n$kgH$!YmYLBdm(oQP$HO|Z=Wcua-Mlj>SiHq#xYA2ZSJK>7 z3boS@F)GZ+;lPg4^Gp)`WZ8@+Q5*l)2S)*Qze+LrnXeJ&cmlF2H{34ZRgy` zJp$?jgXSE`4ODR~Ai;auZ<22z4DGTMM;Y4qc1c`~CoBJWq$Icp+ngvn=p%(Bl&%$! zHmay7H|@CJZ>=evTb;opxad@~%uP1-0PWMF$QUN>hMDvnlYVwmA=b{uuI55XKl7LQ z6}!Y=BsH<#sMhg84NS@TeAkKGFI59#y4CTaC?I=ZS#DtXQq}}*gho(OLv*AjYi82Ay;~wUBEqyXQN;)MDu9U`P!j;-pTE z9_hYGou1lEyUa$$KE@NW!%}y5N+Q>5X0~FLd{06cW$G=jV;8SP5R1tPPDWBYC>R9C zPyR;x-c$e1SpT`vK4J6rNW3}b!sDVNkE4EJ<7b44osf+WWdE=J*qz@WF^BV>ko+D- zKY9;h@=B+v<@sO?kIhfQT?F{2x9xg=84GyTL>v(WRMb)nM3V0gJ||tqSL^!(B?2C7 zSxSlw?Oa!;;_W49$1%?X_9tKfH}1Ln6`&gmNpA%x%9>8ewwKSXzUB89Z87wWz28Rh zOM@ApoJwXZ4K*~KOM7NLVVxE`ahpzV7Re*Ndk}$xi*b-)G=KCam^Hu{2H1NN&UIiB z%uC|Pp5E4thr09pJ7Y(=Mt~<5ruUZZv=MAh)b3@K#|w?XZ~QlR0PjDmE^woTG3i^` ztiFqfMy6pVa~k;n96!&dkiMPktm^~@T}5{lL2_5sNYFxcvV ztr_#}EiqBm&9L7@dkXJ=GPt!!>Hk8vDBNuctN(zX`yLscK0F|1e-Xz^DEpWm<`YT| zttwfr7UJ4d2qkdrNZ7i=JxEnf)Hb`c!M~buj!2a& zaXV2~eWoR?z0nY#8w-}rm-z|KJF#0cLR)4E?m6I*3pDmOg+N8#ZRTF5CLZ}qgt?8)#197V1 zM$EMJ43$_pJbz&`T$dZcKrebNJ&kO1nVx}ZxTMYD8l>{Zv0ivw3i-`9g`+D+g>ha< zx^d4DfUJSO-$+SA17aX`QdSQaZA(`L?!8Hmi-5ZDaNSN3v%Pu{eGdBYc;0^D@u>Z( zll*4wr=AiE4Z{{_2#}pXJs&m27!h-6ww~LXfmhl7AyTM=N?S{}JGaCll9fZj*LY6e zqI|+6U88frPQTKQZ5Jl&51uY?_zFEbEc2r=?RbF^t<0jfTFwWLXfOvzIey*D5=Qrr zMT4TGr$>N_{j&Y!yp!@UW4_;AKcxrTkJD`eHq- ztO@xsw;HaoRPP+W^bc0*$olwTOQpXpSu=~?Md80yee)2DLva3`2xeHfNVP&3kii~5 zz#w`A6jEgCMn#~vB9;)w470w*VyE_PGs~-KMGi9%SKj$4J2+(H+!-=4-XJ*wedA3J zhK-=1+%7TY(iEqVP*SEuz%yo$L-+G8pQ$F0t*-Aiwc2dyhx{LBpi}L9@jv|_)#0V? zhdq~5Fv1QA%iOs@1Xjle5sP-Yi6^*Pu)N5D3nb_iGii1+QuKsd&AxUSE=n?AM=N3~ zPdW#Zv_5eD*+(0wb0>4c&V|z@-KDIZy-ccEh0e^74G+l^P)CB?1biMZn_)pWe>!N@ zZo)=>iC|8Y#m{Wc9#~b0l+KCJ_TGwun`AUTCp-p?;%Q_5)#Td3Nc}F3Kgc_+wdT3e zUA(ybgH5ZrBf?84&@SxQT^P5RBpzH*gP$X4Dq&*#&h6unGwua$eIzQFMDXEHj+mtE tTT$1nn0qY;Sy60L!LzWKx;|ijek|@>)5~6gCysrRl~k0d5;F??zW|aZ2GIZj literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/device-control/images/disk-drive-hardware-id.png b/windows/security/threat-protection/device-control/images/disk-drive-hardware-id.png new file mode 100644 index 0000000000000000000000000000000000000000..cf8399acf4f7eeaa994ea7133dd2062d28f73ec0 GIT binary patch literal 38361 zcmbrlbx@o^*Dn|+1PiVKg1fth;O_43?mEF8g1fs1clW{FAvnX}ZZquU-EZ$#x9aY# zTf2Wu^>jbo{dAvx`pEB`6Rsd9j`RiZ%bPcEkR&BUl-|5~8xH%8fBpn(A(l`vf)#I_ zmBfF(sh%VN!73ljg=B@^ys3>vcrpA4tHV1;Xga@ngWUJ;_ZE{%>erh$Np_MVLMk45 zCmV1c7z?XCmw>uQO7$kcf5YnOHSk7Db)0K*IG7dAPi*?IRC~C&+ht3bdu8M{!HtO}J>>EQS#rJ4Auhl)$hsruE zr)_6rs#4iws-AGqG(j^-ra?oP_3%!`QICu+^eU-*Cm2){P^z%^|A0B^- ze;5=*BzZ_%n|%}Ydcgt+%6Ql*VuEzP5f)xmmB8yGzK{5x9S1rU&lMPUPO7%v@Ieciex?IW>Hv1Mt> zO^N|HQw@^4x99)a_qB@<=u~jY=muv{m;bQtX*T^f7PxwWku80`Gq7++JlTr+oR6=^ z&3RIABZe0`#BgjwC9Kz(m<%PaI&=ZWyx@pSz`<6K6?b(!0WVU95VD_w6|0Nnf#-Y#Y?Yqk>BPQg{h>M#~>8=kL{( z=FfN}#p`_tm!&O7qT6Q>(@kK2CIJ`KKLLrFS)#7hY0s~rxs@pgESIO)kKlIK&U;an zuHo&qQ*e*jw2n>lCPtbH`(+p-PI!p))SRnp$|A+fLvPr{B`q(C^OP91v)K z*u6G!at>+Cuez?3i>*@q96O6D%UrbKZDEbv*QgZ2MSxq;DOa=KetmTQeL2z7(+0DR z*|&_YzvQpcusxqPlR;S7kT3w`Kd7MV;ns>p9XK@5Fc-jlHwp$RMK~y5ObKek>HD3= z|5e@8tLy-1#}jit9E#l-@hTzzG8y~K<{Dhbp{JDx!CZ3Gk535erdkf;aP5P?+z%rh zfBar1TN#rxR47gRll)Jp?B1z#JL5#vwL8Q3?qj?lzHo-$D}O6kXJER@o@93_>HLz! zULJ9`k7m$OBUir(WUjs*LjmrNKUmxbiBGkXz5=k{O3Vr_=OCha?Vz~#He_Qr%D5&P zqRar6|5)-6=~bgyB~$wG-@fvR-w&U}E)@apCz7hBk=og+Y^r~#f7dgE$m&+pO<}`t z95K?Q9fauEh4`j=J*cfg(g#nsCq|6&#+Y zZ|4WUG?o4k?+UV5)DT3Ly@|1Be>fYylW*QpEC${lXy8CZr5w!c9p6ce1!>{=SbMZ0dXvtlG zgCbIFaGio5VP;kkfEv{0UhsUPWiw1v*}preaJg|u292%3`CX{pS9D0sz%PDTLM<6u zZByVzLbU?M(?=K8K6$yx)|v^J=grGnbk0xplAD`K0&qeqsZCocz~|huGTet!rkrVh zGj43R;@9jO)wD^jmrnSU5mSt-lg`jdUsO4nxroW}V9&{vyshf%bIg>pr9p7_9}8zN z-{I^nn`_z>gVt8j{{6gM=JK_VCN`$)%IO2-$#qNCIY-~_8$P9;$JU9xO1vGtqN1W! zbZz+AYf9U!d5Y3b;J6Is2ARmz$Y0?Xxshi)GSI6uE)S+q?n=VElzhH)3PYRW5^Y=> z2*$gi{)xa>DRpM*9EjpCF7f|n;GFRL0%+XxWRjft|63*>FZ2_}>#dUiXZcX%O*ag9 zeb$F){}UuuH@8dr1;<<6uipG#H`DU4ruag!?d@%+mj67?{+|c`w{R&GR8dwIc6Gg_ zzbvn)n6qyrlUxcoLt9SK_tSj6GlEIJCxGOunW?F%hPF1iPIqHG@ePa`{%L7xe!vM~ zZa2>7%Y;H{*({!0piq8cp-4*Sk=m1E4uVZcNV6NIWZA{MRU>p`OZpM1rLArAru%&n zWn5gG;~YV=bK-8vjD;QWFS(@pRY^claPT0#>b9DiTE0>l6AR0%eCzG}(h~SinEQ?s zHfpBMbWEE>V(;+K*v_sx$H}?0s%imgWy5BTToNDxk9L*${|L;&ZaSmUXTIATWxnT= z`kh<69G|QAaOf;IIUJ0R*YZB?YynP?=dCgZvtfI|Isv+vr23M27Mi3d!IXO4_(E%$ zdySaizrRA(BB?jrO_vX54L{kcqB3vC4GetSz5%fv&tolXr5SnzhLSb}mvDK|p}_DxCf*B z952*H_^P$W;f2*-NC*cBhl`P$*~mNhMXw#WhasTJZ_Q8XUv@~FP(2@7xb%R`);?L1 z6+>mw=tHkl@8=Y>C5>bV7LwgGa5({lBHZ%DHfvRUA7~)FkfLEHjGS=8gTt*q40QfV zik^wsnPwX&@*1s=fBa(bDetE#1TyMlGOZv%W_v_yqlviPzxB#J8 za-70njD0vE-pGdwN0cuR5;ghV=i8aY$Xz{UWvSJf==itw_OhEe=PW(P+F5%6;? z&EhL#bQvacObi!KQ{LJLrH4r>W;dOtxR5PBCO5TB<|S?o-!q9l;7^z_2vem{tlrC< zDoz_<;J=(QJMMusnGSS@sV$L=UE?*p#-*5Vz2+DNYsndew*oD4NuEDPc6p~9=6Hvs z2xbY}oDuneewuDtn#n(BjwJHw=34tKL^S&MvU4#t4ua@jtSAi2J_7TS3ju`{V9EKt z%Q4QJ-=`e$*hJstQ-}dC?|5b>ThocKZE{sppbdXi6q8)jFCg0k-===pZvUz(LLE$# zB#@)dWdUO-D%S4JTRXTlh+3Yjn`M)bG&uT22N&2uI}%9=rf9dvXFimVpE6VN$XZxn zzz@g7Y3c+P)blr*7ia()vbXzx{#j(R+u8R*D_#_{fp~J?=|1o5+xYuGB*?*Q56S0g zQ3we7Cl_1I#)_a~d4|nrN>z$X4K%O>E@T+Pm9q)J8@ao}S29vRu;p+|3L5-T!d4p%w)yK7PKK=2vm(-AfBxJsl(^rl7R@uOwv z3V=9bU@o7e!D(PqhI=x4ZB0jhM`S?jN;~$j6;2%OFIX53Km^=fs^gjYP1wso7JfR) zz)10(L7KoFb2a3PT-Hd>kYYpn!l%UIAxEkrL^y9+mK|g#;wL7MClVL;N?u+fDJt+v zv~B-XCyQxDy>Q}|4DIe^2=|&0@pLDq`kQTTpH#;1j%nx-UmdM=37>R}kh`9T7s0J~ z%H={^0wNwOUP4s=UNgZUfbdxEX_H=L$@5}h_x`Jm>eM)B%mVdDcpRud>W(bp&4Sl| z_cl|HC7LS(wS!@?NKSG`C78S`Th6GRv891hQ8|6=u9F$j`$Sai?l>T)hOujBf7?#} ztQJQOqs-FKoWYMxl^`;@P{KCU)RwvSSvXvhOSaJ;NzSc!Ud_bmNP$Jwv~@sC#Ia7} zMnsE8F&zWAquO3t?_AjF?JZL=g+_=awq84jfv54;#MobofMq4&x1Fl`MnWkScW>OT z>&^KFrnYl*sSV~QF0b3&QSsrwM%CnumV!B*ukePU%2ZQ)<0&}+=@yGo@^k&ZHAbHS z;E2c*#(%Q*cz=My9<(P@LuUFCb#i$^^_H-7(UK%NGtlQ+NgWV)q zCBDNI^ITqE($Um+w{Nd@yB%c1ms#Si?#K~u-}MxnSWdU-17Rkb(2|u>L$>b984A^> zqo8Jwyil#zK=X=Uou%`GJn1IehZj{|Akub067}ygbNA-uy3%=a3MI^(0I zHG#L^bAV;NT6~uJkNLL84o>g)`@y5*&o}%Bl?Wx3YBxVr0JdQh>wRB@Z9j^RDxOHP z6oN0hG}gFg&2PR|PM(o+NJl2MGFwG+b6_>O5Zr&LSzp8FHO6#1<#%KqIaDz$t8N5j zTNGE!hY+l^CAhXvPJ7;D@v#k{C_{$T=M{t%g}w)W{D^U+zrUcGx!j)0cvx9f+U37< zW6|~Gfd>~mz;d3zsoBk&4eV2X;oGH67B7zXw&En>d**QFBqVFj|3x2ZR!hT^rG+}u zxaw6t7+Ws%Vml7GqIDzNQ;bg-nAJoG=SyJp#+ju*FSiOUS3BpCDk{y?{&>IR&wIWzdFei#N2AH+^;pnWspjPEW_7 zS&kTNc7sGpX&PuGG;_+RyrXng#Wb%U42LUlcnfJM_J=jPIFft3v-k77DK8!d@>GUx z$XGg+x?QeSC=Oh{v4uRJ<3xA+vZpucwm_=IaZb;BdZ#_)C~eGkC6&)S&NR>b{xY8( z84n&bYD>!S49=*KYI(UGG(G1WW~B_xN!^e^zwmlvt2B!4C9@gWSjnD4(Q)`IN!3UK zw0WOrXIe8$gAk9e2#3|6;&Tk4-b_35Jxssnd;B5Ka$iNvQ-Ou9jQ@n#lAtIY zSliJucTuu`Xr^Ru6C2$0yS{Ar;WPuqV>g;JmCyM-9;drZqimqz`&MyeCdk~B2N=TX zA+9nH7o&TijoEwArM_wEBaYx!lRY?hAG14_(OrgzK>O=HsOW<0L> zgT*W?y}$tp%lF2GiptumqGIW(f@Z8lofYG+%y4q1aY^548rwdxi47f1;&RR_XQq$W z1?OC?S|_A-@g>&nlt*f3s2BD%UcU*jMqkFvnE?H{&0O$8ot_L%573#FvT?lsvw(zz z!_%0X<%nxOD?0y-&SrK{iZn=Arcx>^GaYuSYIiWJwiHhpBYFiY7=M1^hjM~c59|eG zgxtP_R0-ppsJp-z|lXK6icieg44h2DCdI z-r}KzzDw0~Pdd^XlYk4d(Pzn0*UuVA?t z-fb=yhnGuTMrZ5XKG$c;AG|)!%qmvu-zeeXiQu=l{aO&5B%7(kCIWDzfQUM!7>Rfx zPwCSf3buQF==QQ^GgH?O=elo$&QZuqe!f0pmY%%#IH*EN3<9y>y3poV%=Sk9rAfEJH(jzQ;Y4jg$f9HxgA7lL^ zIQ63b*tPk0LVasb5G7`C@HqDTFUQx;EJgY5ftv0KLtuRY75r9%>|WE0uOY&DHU zsz%Gz^hThh#x<$+-N0{E4T)rn?HYZ)(5%b-HfikkoAbzn2fujbD;Hq`X>9sE39oRL zAgDLVhzocN?zXm*EC==akfL@kC78@4QOD)c#8#9&X^1BCbV4*ZZZJ-mvaI7cx%us; z@32y*x{bFKLdgBy+%3VMYa<17XSb?V5hpVS@utu?OLQ6RduO3OWOo3iT$U^aId5cX zmbS#y6S}NM?_@itztz5p83~f=;E4`|)|zyVN@8{R#1l;Q6-icG&^~jW$I$wI7&C6x zrHY0&?+3wsU!P4pNphXXF78k)Ziq5#3J9<5!%Vv?-k1^X=P!1lwbF26uI?00);Q$* zs+r-dBYn}R^Lh)6d5X=BQ_k`=Zu9DDN}6SPy7%55*PVwKj_7ZPe~8BNzV-voz-7FK zV9p20P47!Pfo`|O^``8LuJgZ1dV(os?G* z*|4mjHroXzokZ}GYn{Y848I|27;II+Z!B~+&{jcO*fTRT2II;s*>yUoW7it)(=fkU z28i+X+4}OA(vJ-FEGGP@!Af0e>?yyY!e6qZ;Q0Ox&YY8g|J~8_VnDu^cANXvkdFSa z-q~@nGaE&6o3y@ddz7J1?43oTBW6;q#i@HfhaEQUl0E4}F4DcAC)~Fa#1Xpk{u*a@ zo==UGp08p}p%JE#)$P6MbcRl!vN7u3JYj6UZz_9c`v%*a{>asCi3f)Yh6iG?db&r8 zn{mS0i*;uAe)FfH7XuJsOH*4Rvj+|}yY-(IPUOC4zKKEtF{QVmt*sRqU*^!cJeWcP z^PX4gd1LzUyk|&TVynBVOB<3*_7itEnS&OwT=z^44CVyBcB{ptX3Q&F?)H{;>DIEb z7i2XPnbxjpGS=Ae}c;Yq+$`oGOWakkz3m*7I^z)^)`N4U=+x^$UY|-~aKxx7z?qIKkTnzBtx0 z6*P2w&VlZNW)=yRc{yLSHNR4Lv4ihK4e;4whR;r-Ep3?}O^aPlj$>Qn-VSo7S)6tb zocCeEsebbQ8Edp!%}Xy8Q|~lL<3=PP4E}!4oR<>2Ecf2iHNj;}soE}n%B~GQtKwv@ zKBGFu$1QGixfK+Oo37NPy`s1O2x+DR0t%V^#LfqYj9d^m*%JB^1+*J;iohvp1@cSa#o}R4? z_-SO+g4x=Je312XwfMq{f|t|8wuPVSJQ8Tjx)4(7; z%Kw$0<9`i-{WpsBzj2ZL9}dkcttl#ON$uk@zPj6S0#7DYEGVgw0Kd*9sVgd?sxG)b zp=3O4_!OzAEF1}{Sd>xG7CgN`f5@5+K0b~CX)LGh4Rlqx2a~XY(~GK#WKC6P>xcnr zYsAUa_Uq@@iMxt26RpwM&l-AKUWV<~43+i8FMUnNK*nwbKjj7N3HAK7$)~Z22e{)3 z+R~PF#{@Evyz=e&)@$c~z$-B=#Yd{N2s%2t8)ay3dF1D3TSB5KNc4m@N1gql8rme* zOnE0!`jv-X7E=(4TH&0#iD0J8LO#dDemnNrZg1?;OqaQS$MLS`**-|a{Zw8XjPPhU zhw?H2Fh9xF?mpA7R%x>=TB&_GpI~&j0Ebstl0O5U_0-Rj=`%!H*SM1P#H>+>qG*-U zu1;{ew4HxXZ}2YDH-Q{}QY72@IMlKn=#+yZUgkRP$8pSR_$5+P?U$-Gc6MWws@!@y z8^47ld5)*Od@{T}1s!Zl2;ZUly&Ui!&}sMI(SyUeaU|o0(weGHC3T*;?W-h>O~M4N z-qSncm#~7?*gf37ZycFx_Y(1@Cp$64(gjzlQQw}L9C@jIV;CH+XCJELhI#3fj$c@2 zay!@reLOr`P9*n;Hh}Z&GwY8}-s8`Pg!(>rXs+QEkEX+lRw5a#t-z!Fb^f?uWarm4A}0OB z=f{#MWz^;xbPDtzW9Z@R# zwd&ci@kGc<4ys$7%)O_rCp>u)5U=q>{|eKaR_pQ-b_~Qop9f?>@U%}4r}nfq>$l0}ZT+e~G>%#t-If{1)RSx(=TRyl(5gV=}fOQ`qYro#+e zqU|D{f%TjvMY80wD$YW%?yGUr!$~Mn*J1VdyBD@=bEQbDTd-B(_!8vom05h8696sg zxX@sX=bYR*q=%30q(^;2BQ5R1pHvqy zj>)FrV8fc@)13oHls@3wxqdtMnhA_Bnmv~J^A%rHSvPuUIT)VNZ|smUrhm1xmebY$ zyO-pV}rm8KOrlaj*@#@_ zOE~xenbsN2<1k#@^ZfMn^2D5Wl$zFXIKRg8Fj%tV;$*DjapEV76uv~X#u%l%;27W* ztm#a=U)Qf6e`9~gh=OLd-WIj(r;nsB=aps-y=JSC&zZHB~$`_s#hHYmRV9U+1vx`bM??l)k5=`WgO~kNkR>m14D|acfb@qw6t-o*#%j z`+16%?z1X$sXk?tDnP*&A7^J_GO(dgIZCJqv5HO+m{d znli*eL-I*Lz{ijURm>0ZeCzE5QIab>Ev0=n&P*0RYstk+z5I1wBDKvI>E4lfrIT6( zZK(mEeHz&vXb@Z9;40-A9*+l4U7K{{N`1CG8pTz!tk9H<84R|cM)pb9yf(iu>E`Lm zxJ58K?c_%9%0ef1-OJ{YFiK+=n54i6+tl$I_wv)q=!2Y37)(}5TEy6!O=NeDr}Loq zf1hI3t~|UHVE5rY<(0$GpCwN$1hfJm4hciW?DySw+;e6fQ&|w7Qh_>u6ulReEqk8c zR-v!b;`Xb&3utY=2qlqpM<;7q4Su&oP*JfaJHD626qzh2A^MYt0&08my}nmAQFE3J z-BMpPGm79C*uJ9|zov77e?wNI&49lZup?6GZ;`eXc{W-Uy_5Vc^!oB8C-voc_r|S^ z)M*qk`}tgjgq6nS`hbYfA7UGerqUg0`aBuox46K})|7h>Nl3keAZB-YzoD0kz1&!1 zyckl?pjHX-U`uwv^Ak)+^z|}knd0XPC|FBDPtdw*x9v>K%geJ{Z=j&}7xpYBkvOb( zJ|vvAic&BiRNPrd65M6mkxz2E8!@yAc-lTQh;fP`CB6LIXzM-Q)JR>-vDxwZC}Zb5 zy8XwFzx706QQ10(hBYL}h5Lj|QWgRZ6p+!Cwq z>QYEsW9>-6);^dhE}wYgqbq|i*z(R9L0d%>Gm(QkR6$=kOsEmpY)DKc(y2n#tfdjb z;K8?s#rFL*ybbd4~ zmMs1el4~L+cBF4@Z}*%5VJ2IGC#&FKg^OT&Y~fM$q!UtW^kKGd%xg4wd}_;YEbqn% z(ic5%g_L|NhM_jEQ##*hnuujlTmJ_`R7Fv7?w4;QM-ZZK7^i@CPptBgv)7bXya%KY<{k0umHj1)bks326sQdF&5ymHT2o!c#%CI*=Z%iM; z>~wsfuU98p-m{Z@p{1mj(JAv0Uv4xW1n>y>9h-ut^#yirsRbSKbFX|_En6|Unrx_P zm^Nq_ra2rA_Lvb*w6-n$K+DjNTDBi8nQ52fEc$Foe||kZLZF$vn1h>QHHV;n8T>@; z>SXH5Y#OrI(9}GC8#T{xrx6MI_DOKupqbIn_T^RA{klhjJuGpOtk93agAw$VxE@=( zQD5w2RTr6)8MS0>udtf++wVG=7uI^KE!EBiQ3@!J&&y~ z%)Fwh^3yD4@TWbGIuXxzWBs9M%N^NMm#YuNlOmOdmrwmB zYRP$JHF-*v!;}sNC1``Yp_{I-aSD#qym5+p^U+HHLn<3+!xH+eLqjpdS^) z1O~K9k6&c;{Br7)@P$B$2>WRMHHR`VhyH#7%mZK5}Gdt8qPg z>f_s!n0qJJ=8Rz)Lf(MT6?%Av7nBq(@L<_k`C`F0M>2kUon~NLILO~Zgg%7QJ1Zl5 z+#5Zf(V2{9EWDAV{dPC|0CcGFuv`+WXs>K)X;5;X>{Boeh|a2*AhIj#gESu|rTo}jTN_uZgD5(t3Eh^8C(~tA|AL0ixefg!#Z+2V zQP7be?=wR(H91j|n;Z7-@|@uEye}V(hNi;hn(7+XUy^fj3ymxh*d-@YeRU|2p&gxAA@~n%dOu^1 zm@(MZo`5&BGxXYP%WDt1D8e!++pu^G&{Ipb(2f&-2;U6t!|Tnb$&XPx@k+C-brRg( z$v~hKq~xFV+~}ek5OmekV6!h)^3qpv%&ZfRMv$0SdVEYHB`r-gGDS+s8`&_gLNnM# z4hzVzK5zRFPOsg>WP8lk^>~0!Qb0mYO}(gkpQ#U#>iq#p#9~g>uBaUF$Twz%i5GxcVN-$ z4782Ag5&O0U}n7Tx1vdV2GF!CJX)yej}ahnwkSu1#+ICzim@nQYGQQemZc9RDBJ)| zwCM8}x27hN&nlqz!r|2=xgR2Fm}NoKY@a^ui`)nIp!)%y`8f7 zeEj^E7Z$ONpD|c|z-EE4bMi@0HM`LUb8~S`x4ByD=<2%C`$mfuAbiy-nzctM7obsr zr|DSriZrcEhxysZsQr5;CXfX6^>qy#oSbHDbI{oSK@Ht!A#m`tw6v>X$$pVo^bRgA z^QsqjcXtg|3sNaWy_1W`vU#6&L~={9g!;y$Ij35CazCIoN<|kXk=v2pTaqBzSJ(O9Z2$#Ji^=y;83t@ri z#O5`AMmr3N-)sE@TRj*oCA1T=)FV|?^Wl?eSebf_UKAmJIu!CelNXqCrleMM|2-5& z^LRUCfHkWwh?+`BC|nQd2^&iWIv^Q#`u~r%{C~!Hbmxc_)srUjYc@@03ne?Ajw?E# zPvDmZ3xwc>C*11#@j%+tZnh{Ei1)w6z8A?4B8`fVQMzdwvxxhtZ)M8x1WVuqFY+bM*CNgM)+pfH}(QNn;1m z?Vs`7h&DR3jO-6TTRy`}*O!=@B7*bL!&kd9NUqg1)Qjuwpgw-OjadmR3k^3e{VjK7 zk!FnK&~e9P`lqC2bj_AW4`b89;v<)L72P>wH5Kj-EWjPdD2gCN>6d2A`=%V-9yYDdX(E4J5=O7ZKY~5J5XK`YLx{*q%Ad3EEh#PBcPX z?}od0*4u`S#a+?vC~ zv}Jj{JbId)*p#0xGv~B@!N1E@qVr5_xD*n1&o}g+z#scgptgPI&mRc1kkDwUt1p&J z_Tj;vyWXU5ymUY(YWnsE#OB)0PCG9zsV|f0m60RkCOQGx z>?7`6+gvv8V5xRB4Q0 z`qFU2^-VmsDC@`}F*D43H~*uJes|^y0y>DxitbxGvYE%46PA3&V3X_EouYonL6InzMGs7M&pf}Y8Tgp-o4R;M#k=!IzOd?kdRNX07geg#~JxnW~sX7>zzOZ52r~R zucn2ZKMxhh*2~Ob**mSRQC<``ae8?z*lpKMo~0fcA0L>VRT3F zj5~SN%v(}VsRxCQ(nYGU+Wip6C5C-S(EJP<2@Rgxy+BQ(>9V9UKcIdA3roTMgL&%9 z0=|nA`>cEttXuV>EG8KuV$>h|g?H!^ug>*|h<{vM3W5t7{Q~}dj_M=zt*}G;AF=+f zvNd)z3=GA^#bU2=um?}PnwpxBv%1Bx*4YKwB{m5W5s@QUlEEnN(!WK>VPax7STDsa zR%wGv*v>;fhL@I7ot&H~R4}$;!VXEYEiWP>!sYhzl~ZEG`G3kPaNP(9YU)akDA!6f zuhYw2Kr)7?uCCIQTZ3=U?S4Jsm0KU**fXdpt4<)Tqy3X~gRTf@p5ber_j8(=w(+F- z<$Dtd31jy~zLZKuRRI@gByjc9WwB7hP=$;6-z0V0&Qyx|1z0GmzPzewlAWfl zFuf{}Z^zeFlv#6SP$lBt6)D;`arKynx%(`KEfZ`>HKw9=yr@mB_0q;I>Iw9+8hE0m zv2vNiv$A#pmzRDu1uZQlHnl}nX8u%6KKpiS1OdM6CoLpmA1IM{Nku=;w4h+Bvg??! z!^rh&4;(e!ccnJf(%sk>=c^93ek#3)ib9luiQ-WJus*h)pCZ98@Y%q6-lGxb#S!p! z3z_L!Gsv_?e{?%|r)IM%vz+~ntWfnY=oGk}G?&_CCMb?fP`o*lv@?+O!eh@3bL7O~ zxCa;+!{NnLeQ#QiCRRsZ9QVrd6psR7@5#+RS&pyi2Z(OJH5=ESh{;+L@$??$u=LN- zrQQN?rBzYNIqw8sZXzA#x14mH>x2GlTA)(x5bvT`iZE_V)6MXevv{?qmTyR<0uFiD@7xAr-O3t#oUhPRX*>B0g zlo%#f);U?_W03FjU0h~nrS#3>&0QeP%xCpu<9)qwL8l_|VEv`GN*>k_qOLTcd5&+f zw=cUZVJ&EXCxM5i0_hUWnJwS-5O5E@Cm_$$Uh(3Ry?GNsRqnK%hpk`OzK@$sA5l2w zYkvh=W1OwZLb6JtuhNwb59bjRQe}_~HHKgF{=IX|w^Iq3zvL)--cT=nSeKt$ zCJ&yZ%nrO2emNByW~-8Tv&{w;FRO5b9O3u5aUy$0?Wpm}%R4*&ytfU=pL@$M=s@tH zRJBLFZz^=jMg(FJfLmm`yCg~0f*+KgvS~!n`8~J{N5Z#u17+ucr z#6o@%R6xL;Buxwcf`&e&P*Nz@sUjPkDwv?Q5m4LA)H77Xe!3y*!ogH13Qo@4XbFn# zdP&*~;OSW7y&S&h{AXc(+lSVlZL}NP+fO~+f>)YsGwg26##5P>!-g(zopb|({D%UP ztE*d%^{cd-dz7$Gj=9l0lWMx4Nm+2aT-ljF1A_5C?a?NM@P-qj# z?oQXmv$lvoxm6l3#XwBBpXbVKk=72UjP7c*xn0=e3Y9GrRdxCFO4jK#)RpCg>?q*F z!wGmDv7B>+5RZ03;*Re}De)SBFRnOxZQre&e^R`Ja#C(YHVc2uIP9D{bXJd3FMHL2 zi61;gFJ#~!g;yxVa;`YKnv>aPnaRf1)>S>4CPxll1~iISx^|(gjFz>%u(2I@q93+AKNL4`FyCo985rqAk|W1G ziHa)medYDI$rHy}p?m|DjyJ@&in_SE>scuKW^CUbDt?9&Vd#hVaX|}DK1Y9C!C2<` zj>BYtOi63zhbz=__L_EpQp<_8{?GNvK%l(9L;(s)2?=ND71$ja##8~+rd*Pq)cg^8 zonFj-FCMzT6ei!&&LJUI%eytgSS6yW)p!)6FJGw8Za8Wq^S8DS#_=7&+{%K7?dN{m z8d^v|YV5|iT8jzJNn6lj@a6Z#%G5_{)-FiQQKC&$)I1JO+H_tO+@hSH%f0(hn=i2* z*1-qwXM?@Ja@}2L1J$Wh>N&pSvq|k`m8=8PKZ0x1aNA-6fKihLL`Ch6U#`1e0#F2> z(@lic+q~L!G6&^MgKEW20#m!^j@mD)W6V~U^dt0uR!TrTg$30F*S$A_04T1$-zE1} zDAu&;1C4WBeLag_CndPi5J zZaQg3Xe;}AN0EhVH}f+I*o-={NSGE>QzA?w6h8ftiJmC6XX;s8Ne900Ay#G9&Qn%Y zRD8YOr@h8CU`TGnBw~w3MKa=F5q0I_S&8_YSJc+9~;h|92_5l=WY!71fUp2~I{&UfCjX|Acg^ z6P#;>T9sY3Ga5{ow;?6`YxI-)1~n(Fap@2Em#g3cj-#yphYNIz{C8FeOdd`AANs8S zKU-1%7b>@$*dt`aW4Rq39?o}Y?81hg~X zQ|+mL33aDkL2t`R+VbheXI)fMa3AYsgJ6!CD}J*|7dfC zZL`*vv1R5vkx}2oruk3tYSV))ULiwk)_m`)oR|$|dtpR+AM1%==2+@XClhO3;qK|{ zc75#DUZZ4!$7wL{$Z}W4UIZRwc7jTBXPAi7fd5IbekQ53|uTQ5&>z0!f1IYE~v)otQj zeqG0voi;V|p7y~2`0N82bCZ&qI0@>OBe{v0m)u$?K-6#;;C4 z7*8Std9@x0{nRuK_1`U97Dx%6!HObW{T8hxrOBK&_~_w+*wY@3pem|~fvwKTkZ&Aa z(TrrdV!4-`{FSIJvNBT&@f#n`Rt*w0yrsq}kI`@Ru@~|+YMT}Zp!Pqq3aCJy?*WWt zWFoIkacUJsU0s9-2ndkGiUQ{PVxDW_#;yWS9}nUon)gh#{e#7svVx3eyG`FzRB*y1 zVYc6%w4oTY06*Mxr?U4>Q?)`8<8~c(IFWBPC-ohlPj=JE&|w*johX8R5sC`CzP)o zt7oz>@-G4S#=Wd;&PdVg%lp$;L5UH^e;nX{Bm=j7@0SI^0rov~iG964O?y=9N(){2 zxe?Tu@BQ6Oh2^G13XWv^8YZf$8Xf)>ijCWKbgj#!qmQ_)SW?hgXekU2XBT=;@%MZU zuko`Z(!S@w$;#li@vuUCdJ_VU#C;b(mGtUh41Hc=_?eol>^D4PV?>2*JgxwLVcxml zIphA*?3q#w{XLt(c93E8E>k?)H(~-$zBX3hr&u#IY2y z{Mc*S$&Q)2+V1gjIiY1`-@d_Z_}8e@HY8b|Jh&3#7H_ofo_*KA4^Oh94b#4VpJyJ0 zFNREeF#P1{BSr2*xT3=#n4ZTUS#G;FeTEDxJYX;eG3H5;zN>zqD+;Qa& z&w5i!$HF%{0=#0kU2a`|t|^Rx-j8wV*o^%Z68^&mbykmD&uo}qm{-vBN}sOswwSq= z3s_y&W%GSa?rb<=&vR^3lXg5XysKLKDVD|z6&^-In?`=WaU*=9+ngk`apP#@r46~K z+d#By-7daqi9U(q5~_lBmabAuMw&gJy*Juz*gMJUjTNlv$y+lBi6IJ2Fh$$)y+s{% zwkjKuGtqa!dmA{+YV-1e=VL~l+p#u*1jE-xMQZQEF5u)IA5U~k)>~m=33y1l<@KU5 z8BMa^?zx!;qkW7xVQ=0TRqacb3r5l>P4P!if+bl}Q{HQ7`)3Ch)7^RbWpvMwPnU4N zy)0NqRp~)Bbc}lMLvM&*d)&vNw%AF*;@n@oQ+Y1Q=T)(s9Hx-ReV>>`((FCnxKgHE z^_R?zFqHQ$ucW-`zDw1)b8I9hSm}s=kdCKZ$lmCGnG(or31)mh2>tYIt-*io*)(jX zsG2@>w!c+t+1pHJa_sDnP4UNSJC+XW$!vZlm3M>K&S^tdzjHqJUXL}fGpzkG8mO)y?XYBHX6b9O$peS3ZZvG*>mw*RY=xa`-Mvi#bP%VWoO zT-Q0C2EqTRI-#$p8}Ib%!g$|>$hYKSa%iTpApM9uC$a}sG>Z!ZDR|UIzdbEeiXN#5 zWb<%Lo{x~Xl-ho@v6Pa^ZhzT-rC@bD#$D%39V!=zlJv&W0kuBmtY@T&-%PCe!8z1g zwBKYO(F}0IK88KMtC0+CrYsh(nwEd{Bpj~C?{4Nn)xe&}l-J_pj*O{^0qm3}>%{GJAMvL8&cg&|6*JnZ<$v3wD9AkuyJ>MRur$>JUf6 z-9_(4!Fwpb_>Nub)acwt6?HRbChm;C0tN7QxBdM9Vst{^Xggba=B5UFonl+<@rg0q9m2AsLUTb+eE6B23mV>_?*6Yv0jzATUH<&>mI=aS!2KAr--P^lA9YR z!&2?eSr6B6Pk57q!vuGy!W{~@>pQll(cd=C(*_Dh zYvx7^s{Hbai|-=xVuY= zyIb*M!Ci{G1$URp^M2pRnl4ou$kKM zi3!@NafvXA(7aTjm@Jt{KQ2xnN$3tbCWcH?amJVL_>)tu3_%#5?vI=Lh=JHr5^-Nw zB!qsL%Va>cN^5x?@4lR~83o$v4mmy{e{>SAsLgM$LtgTG3bz$#{0#9(B$N>fj>Hdb zE=|+J(yMOY2&?~e;AQk-U?P>fLyzq{It5*mB{?O)7N?o7S(BGP&+#lb;DNX3Q^tJ) zt5dIn%c;CrU#us4=I9byyqg7|v){+Q_I~`929BN3{lYy}uA4GKE9v>`%Mcr0)u4(f zK(rl+16`QmWZNkpeoYKk5r^ZU7g4)F%i*PY>O`fp{YPWbK^BbmxczC52lrl)lm*zF zp^aHgh%FbFNLi{@+B@E#D@-Icn1i$!3MD zoN3@s_g}8@B<8{y+bwKuXBtkzhR~&8US5GXh*x?WM^T@Pd1N9Ck)F8ks%@rjMi-wx z_C?t4XL{d{n}C;|Ve~cm>k?L6ziTpJCTASPcTq%Ne2aMJzJwTUMNV~JKbn-Td!{-) z{fS+5Glc)<-X4ExG=M_K&v@(+{rvpUzQ)b{BiGRAT8fIkn7k*I+YQY{Y_5_Q+z-cIaH?{(;JGd~r29JYKN$>b$VA zR`*?`tUTr3#Q{j%TjSQ+vJs z@+zNauET&wb+7ITZ1_4IfL- zDqL)T_7Ff<*oRJzUfvyax}S9kK;rdOW%R_^-c!Nw!&k-Z95?Q_Kx7jkt@`QR`QyGj zdAGpcJS&>vWV;+yp@6U~h84lguscT#RBphzLtS&TcFU%Knl);PwS|{{el$M@=j;JA zVH`SkjQ=#x(00}Z2Ht^zTTjxOkH<}!YF?UFpW2WF|A=lrs&`z5u>fR8H@E_6OgRbA z9zYGVYKe*5>xQ?Fk8ZNs9_-s;Qf+rRw6ArZkvGhS*Y0&vD%yArX76Ia;ZmnO7zx2s`OgigQKzJ!nr#13Wo# zK{21fnc}0B_31WxmRm3xopE^-PZLbNDC7Bhfn<0;RVu#+NDU)se?(VA#;1Aznivpa zUL>D-7*m-O#snY(hq3tGB{k`LM~2_c_U5bS)i@aqY^||7mJ1yEJtUQHI!y*>4OJpY z%~;On?(9ZJD6sr&xmQxB{W;%EIQ1tJ4e%^A82+b2$KGa!M}wz(zW1%1)NlLF%fafux-scO#Q_s074U z3r4mB-=~Z}!u4vBbvsQ-z2f4Zn=PqYu}Wc!oppB<4PDg_j10c%<$;0p<;-@;@EePf?pvULN+>m(OmRJK^=C6$OnZH9xazko@aRG>% zK526x3JO6aV3_w9&{y*ep~kqGgrU>SS?s<0nk$kUwDYx~Y_wv3KJOEa+i^~LAug6u zO$igH$u6yiW|AZKR|y_pQoN3!>oq@#u$2$c+uKQllTV(KjqJAxRmh({QLzaisX!*{ zU1!}nP-M>t9E2*I+^c=p*f@ht16f{!X9e7_80H8X%;^M-FZa2M$++dXN4u@D6FT(< z??~+)=y=dYKOuRcpNc(1L-?wBBJTpc=P!oIhuRP^jw}mWx39Lx?w=Z6a4;q@i2197 zlFAwn<1ILOLb_hc#YFt`o`~F-?oX~SV@_*RWrnH)O+%jhFa!^ z#l9;gNHTim%&F|fLE}CG8Vu(mRvkiL8Yyj9IzJM?cCVwRDjqo_x-gx3iHvU@dqFBr1 z{|V3Iv2~j5=HQJGLObJ9(m=V0IlIJJgXPniQ~|8{$(Znbe9Qy|MNLcLQvtHPj7}me z1RSQPhjk;3epnA%CZFq1dS?ZRl}FaqigH#(OV)A*a*iEF0&|4~J>7uQVo3smO(yMB zx4T>7K+8b_Otk*^xU>-0bxk`mp3e+e&)oQg#*8iSRwbXBx!3U7UAK3^@A8M!a4I{7xsUg}`yDzoHJ^^V`ciKL zi}cnpr!SR*&6`uc0ak8@XUjP$lk=GpwnTbnzUVC;H1-Y51iR^XXr@N!rz9~AnLchF zPBjcH-M=?vD6}rmv^d?0DwtfG>0wpe+FuFchT;$lV2es?<3gDp9hRP(Hf$<|K`;@; zasAk=k(#?6@_F2isV!1FB7&bK(9fc_Os4PoOu|6vabCgNNCwc=*Uz@cER{zrwFHG}gc8hWR zS?qAqdR&@k*83z{*A8|kkWIOL+W}mcFl^5A44T!5b$jCNn{D9n5Y!7$@fISkNX)>i zs%Qzfk*CTkkO&KxE9RX0?dfe)*&Hogqkn}TL#5<3*xaBKg2B}GRL#@r%AAz^(qiq& z0cTuaRc9BD4BEp@CZ#)TlG3TNB-Z2%mmuCnr}D8F%M5){o-+`SaQ7Ywd8ZxqPw#H!^Qf)3D-F}5=yUYn0Uj;zgPIqi0744X zU_`4$cj7Ty5P#07z+keT^><$VVE=?q0U^;vt*r@mhw<*?=7SwG5f@VPcka8DUjx{9 zvHA(rWcWR~b`$2GmUzUnN@i^{a&oZr-@HK~oX7E&p%{wqnRn3b3(Z-%_n{9YzhTr3 zQ@TA5^q?ER`l~`(o}An}$O&Ab>vJk~g-rlg)*RbYS@@Cj>-V#y`X_Q4FqY((N zt@@{y3?u6`#cNk>pqx2k8%UD$-!ReC{|QE>Kms|->?Op$F#XG%Oe+y-cJP!8<^>Yb zeh)K-?Xn&a*5{wz1uK}b^zh{iH7VfBeTo3JJ-_r5k5v{hQusF*(YX+C2P0$I<(bn^ z_}-n#HIlF>T2XMzdPnUb^IZ`GlG!L);;Jths7L32)ad+^M=fh8a(W|n8r4^_bOzlC zSP?G2tZOR5P?--`0@)Wu1h5JDogp8hXU+l)PsFw*&{Fs~w6*lxpppC150&<5Pg{0F z7n=*j7?QSG$&2A4jrI%SY4$8ND_HnEi!ld*Yj@wv1uCi$vG7=05aIW}_SOK$+3?zl zTt4Msji;2aJtSuJIaC)<0V)p{Bz+U@c)j9F7B^E;iXSS4bee87afHd+gSpjweBU~o zkDDL3cgCkO&8cN}51A5ur+a)nL91jMHtiXr%2dowani?$(@Cz`^B_evU0{4zH*GXk z=kR#4MIqbne=)Vc?D`2%o#S!fbOF$yF0x4wPYayj`x~8;u0DE&G2@9je-!(+3eHb_ zvt@_1wm|#f#%}l*9TNTrqry8=N>rF#CfSa>LPSPXivN@NeXG*}fz#tL3dw$7HkJLw zV3m>T-y~x7tV*T^ZxCgerJH1iE(XtUr7C-F*?Gq7ySKR9o zydHVQpI9ZvB9atLGHqJ|nHoivrPQ{u*y@e)R$mdx^WSd!#VpJ9fAgD^ZV!<}(m7i} zj~J{dpIz~^+E@>csgxDscO&h_%0oXi`;FpNRmvZ;>Wz7R zI2Cod07$w@@?T;7j=ZHfw{sz-nvkaVqagtcDzERNLAIx<&w-O%gQfSjofrHiIT3_( z=c@OPh9ZT-bPg!!75&T4n?fYThFT9wX#%(KGu_1mQ^MaZ5Kr0sPQ+PdUO! z0yEU<>Q3X(?6k&X>yKx1Jnd=EYvI|gQ}k*v7ro!^@#KwuW{E+$P$#uvkb0Ho5gs-E z{%2tC&S{f(2=kWpy1mGAvm^}svcg?^t?;l13q z=J24+XUZwtyF6h)znJk`-Q7Djx8T11X8E{Dj7%dA?BUAR^A&bx-j`8;K@ahq0q|bFy zKD9)xbL&M`NJ6qvV9ke_*(8k=h3t8_=AkXK3^8PoH@d#BIlbue=={Z@i@uLi z;_DN(dWbm>u%VGWB*_^!PE$=@Tb9+;m zy>So}t%3k>?g@PMLKE`2U4*>2qc`G z4*BCad!E+_q~5Kud}k>yC~QkDf2y-6lOAAZ1{%aP>@UaQtv<)X>U@nh%vJUkJF>Js zH7e#qx@K0R{Po9d9^EjmxdF%))@4F`;Dm|2gkoC@uOA1+IIazGK-dpU8T1qIh94N{ zLkc&x$PRh>nD%<#M9BbPYE?wHUhnC|Sk&7ycAm5)K_ z9sJ{jq-IJ(mY%~~0{G0%pz++Dc}tc<>Gj@QUIS#Z)xE+pW_*!ltI7JPF@~!aTWw8X zeM1$oUJUJ?3*z?o*v`2|yDiBxS(Biqt~{LP^~ z%JeCEQFXeI0S;%%Uj;qlLRUXkknU{n-9DD0^tK#Z!WQCQdXNk?b)=h}N(Z5YopxP! z9@pz}0zWmm-EqVCUTeXa@%iqeKLbHU!gs~FcgIDuV#JZgw~Mpo(PjB-6Y{CyLo2^F zvFpr7%_mO~h$F*|j}L-~D;$l!OQO4=-;|F~1G&>_&lfuMhPA5qPy)mXHjCN5TK12F z@1K<$CB!f>8YAAzz+s#Dm#*m1m1|qL+fSH>*~v~GpAg(|ELN?Pu05Ik<#K|AH{NSwV;W`D@T0n2Sr z`Fus&>y4`0QN+5U9T4{=@7&QIOj+gcPnRXJtdJ3T%(xsEy7((_^i$zw04;;;!Wzl2 zCPCcr8HSHI>jYCS=$I${{*%U;*c$i0JU~(bLLSs@d%F;_(8!TljPR(%ZjT`jMA$#J z4$6@hT@G#@(fl2pg+#$u?I&=FYu{zRZV2vk1o+8|9Qm1;P!6lVhy`Z}J%hD%&yjRg z;-Oz_WK~spjdbuXE_1U`vd$>|nNxNX6tS9onb)3LqVX+-Gvl*GcE`{2sNVB_x~~>B87AZv^k=d)_tG-~y1i5NCt(DIpthb!;Y6dG3~N zjDw$$!3y$(-7})0dZLJlDoT-xb2Tz)kIF4d?};uDd6I#((e2Opnue@(`9GY=Zh=>* z`M}rEV#R1Bb6@hy4Yeh!MXi};MP4Q0T7!IHq{H@eWXdonH!zflY zJcqVo7e3cgQ)2Oqh`4EC`7it6*8O7W_0q~qmzm()8;801uYRhA~8S4d5b`_NBkFb-uheL|syt$g2o zZ{_OBrEOO@_sr#8M9NYAes0|Wq9(tG^AbYS@~(PW9*7`244c)8^l5#auTi zEvG>Krk3BBu`g-=?Q-tQ6wsSAhVZXy{?+NfP0jx=^^@H|*kK|wowh|NA197{iG z|H4fmr2j~GDMf4xcKPWCN7BSIN#s7jFlAeW23OQ#E~_1BPdJQ*-c4pr;AR>hjx|sc zvj89pxjICWdIU7LPXklWB{MKmDSFy_%C{{Je}DNq+Yi?82@Lh={V`MI*5=}ELMrh(P;HEYJAIVku z>Xc8YNd)Eh=SX_MFd9<)(5yJ8QC}(~4Q9hjItpq*51I}MzNZ%IWYR6@i|sw!6aK+_ z#fhd;LA=s@A$tpNCt*N=Z@@m|Mn$KJ3be-qzF5ILYP~T!x-;TUr`*4g>NWkVobH%7 z`zVhoXz^~VKPJcfSNc5}{7F74T}atvzVHuka=^I3`Nfd}jwX*OZ4aY}k=pKtcX#KJ z=#DhT8rW_mND({zQ-D7t>{$1k6_#SVd>l42y!?xnnyfom++z6$Z{?=Cu6wbUc$iuA zDMDPxUHfIJU+XjeCFY}f%i($apEmO+4bA+=4# zdfR$>f3XC&v`T_MX1Qj|i~T5^y_pi~{}0BS>G}X)QGrKS8rok(6!w0>t==9J4)6<- z1_0&;k$(OxTh*0!KDGNfC9`UnriSTjz^W*e{g(=BRtwrriTR5RnY)UtO%`Fw`E~DN zcQALy&;^Ob8Z`2(U@i6tyF0)CBuB>K3k7tohXP^r&TiG%>FS=6kz@t-i-F_E*h=tu z?|^V-bkv{jm5lhrBWgIbbhJIq%U~&X79s`T+X|xI)EK(67ijhK;=9KWEz-+NR2nYs zk+JTS*)L?KIy(ZxN-^D-UxTuwfnkBP#xweYtWN)A^}XB>yznZlc+;3I4*mP1$bb}u z&51W3SL`a_FK5aXe!HJvaxic_Xlid>huk|E_ttYn^HcEIo=!rLfhh{P>>+s}ps=to zll~SpV($HKG0|hiGs$Jv$dooe0}Xow}^*3pL%vtWHVue`&~KJ_+!MMKpTq=7+=)cP3K4# z-N@+QriQmi@WiPv{095T(H-vk^eW^~&1*8;Q-UqEu*aI}d`%QQc#-Lv?`|^wq@Fy0 zF%hHgDQkN~2bq~S*8QjNklfn}E~LK0b(6o5t#C!(N&v?9VqyyS2jn|E%*kT_TyZSB zHbU?VOGy*7qSILIdC7efWC}7?l+iPKPx#54)Z3OH-No7TG`zX(`r=ve8se_?n*wJi zY&=CxdthNoI+MjSJ1hwvVp@QZ-pLi2yQ={7yKil)o{z4(B*lBe@L+-F3+<(cF=cG5 zuNT9irXw>%OpC23ddJ~Omf*N`WzhQ+ex<~QJ1fJVWjc-LvX!&FVQl=3>K9Uxn*kcH zA)+ukTv_jkqHN#T*LJ>)`5E}`3APyOktoQ51w$@MVfYg_a7+U~z!h7;@4|+66N+1T zA!6(Ej~|f8zQJysT6+7?A&B6{Hk0j9} zxV(x0bGxDmjXZ=EwRDY>`HFy*obM@*&f8>xVVk)>;bh=%*Znbkc!ySwM|#=7K-n*G z1{#-p%C;6ow8X$$M`7<|eEhna-{I{*(0*jSkAX;^f5(a&{;AX+Ntq%k$FZTkyrn)f zmDYK=W}`nb2Di}9%|l}oluK7`S?=0!JxdAgGhC*G z^aeR&t~Bp8Yrv|)%qAN};l~O%pClgVlLp2_-606LebC@x-{2TAq^$c738`HhK3|~wa ztm)|dz|G~dTe*~fhe!BD6Jb&k^P@s_a0cy#s%8OG-fO`P@C^CanjsY=kSmdj!+KZH zcZocw#vm!q8xChT<&Y5_BXOblxZGX5^%7C(L&zx);_lFoxg#BxmH0>}{3X3Nu3x z8bV--^%t4k#FWujLr=P^IWsvt+cxMHmi#V*-?hBg!Qx$r_fVdCe6dj zf9>$zZ^wH|es3jWvc9goFq7m|*3B15f~gWzLMk;2MY1QGvM?e1zR6xOX}P8IKY1|| zHBnK;V&VmQN#iB?)08wc3GoKP{pT@f-~5F1)N4+B9*vY^ySoNxn14it@occ! z9WJ0H-RW~e)$bl$Cw3C58|wO1iLG`Xr|@;Q@UTM@g2LuI;k(fYtqu7q^(w&*3B2k* zV36X=ernoIuzI&in709LhuZ@HNNN4n|2;RWSNIGPZmIXB^=PgCFR8b zQ=R&6+?Sd{{rdl$8*><(`5TD!0?!P42UdOIFV4&l=B^@uTQu}8k?B8aziH=e&h}hKFmHV{uTazHx%>t?QlDOI2u=);wujs}dydwbGXFDJT6IY!8AsJC{lQ-X1 z(_WH!5#=PjEyVXmH;>)`Dww-nGuB@k^hyxy1cbMjz)RA#8TBY8zWi->%>LeF&bVA4 zh}CMu@F*(!Y%Vc|FJ48`(o2xR9rESZt0FWsyhH}+&Uc8&M#gG{rp6OW#K@N^QPd?$ z03V>T+34F<#=&DeGnDcb1Z6F>w(f3}G$i5u)&%~GW@k|seLlOSf;`@6J~5&6ZV~@t zD^X$Ig|&hWB6i15erZdXf>)J;fFQL13~={b6xDJg&ge#mT}UbFjkHu5fW$>`^+M3h z&;Ietxhp)$?hNOSTyT7l#Yt#k6WDJ%|HY7EQPi7N0bc>reb#5U1N8$ zN?$oi(>g`FS53=fWQAYPoQ0nZqmK+HZ!8Y_g0nPVsUT1FZ&K{q2>@naO5*`f_CuWV z*mEi#?1>FX@O;%JkXN1J!v!s97fFRTc5bAuF7P0pc&>6Syuct-6T;hpusi@@jTr}~ zEBH3^DsoXB>9j^Z(>RHT{&fOh?}1w!I4ZoZOt1FeaBkc0B++s3s;P=TY*a9=I(~QO zQ1sk20%kwFM{*u@;lWv*68rHzV&M;wLi^|p3lKEe*rN&~8-`oy{->NEYSR0rv@O{2 z_D8l0%0XB062wR(#cf873)m`Ud-B6T@w2dS);@;|qdw|FZx%fJui3HS_X&wIclbNz z0s}_EQ-U!4N@(hQ3n%k*7kog3&Z3)QGJ0>%N@i%mn!|F3Ko!teXocV1WXAUP%)t-t zPt}yF3xAXB^J(%mQGC-d`@G^6xjq<&z=wks9n_lgZ)##of@7Ly156fu-Pj_SD8SO| z1CI+{zg^L`vS7t-=x8Q+?!O}E;*QTv=P#9>;>%PMPWi=cVV8z$#D#<=VYK2(?0$7D z?4YP%*Llk)fz+6v)2Pf70-bvQYPh56TDUe)Q%}z?-VHNeF&~}MoLKEQa0d&xl68X; zR(lH#u{w{0rYSX%7o|neCAKEExa|(7v)0%3mpxxUMc%k$ROFXl-u{3OgV;%7>HM-} z_3jklOyf3GvERf#$>4e{m_Bai*X0LAnNUc~CpxA60QVyU^T#*aV>shhP|`C;M>=6i ztloYgS+OB9FBzdaA232A2{-!-9jznBO(K_|rHN38ScQlEyO|}RvvIlhKVbNU7E@!nAwbD!1D%60sB<8Bt zdQaL3@QLOo6?N$d^Oyx+7CBE2m&5gB%+DVpZZBq>PcIHD>vu1u60tdV6CA7rUmc>8 zl9;S)8{ru;lcYP#P93_?w&=OnZPwp={XrVXev5KBu`1|z==}CuPW1|pgD6Yc4-UqU zoAw@R8ZRcvp|*mzz3NF7JnaESr(GW8w`6|`omsR~*QEWfg0EU0QK{EvLlUdGWId0K zNWBmE%oqi~`2+jJ9ifhmw)0;)Afrd9OuZxXv5UF8q&-V0N=pKK{K|v9c;I=nzg6z9niGqn{f;D zijjOI&>x`LmOs2%@bT%es6|8dm-1d5IBH_Ku=I2REg?IhoLz^&E%x1=}VJS6si6o2}4`mX?PCDKm`%Qix!iNIJVSnR<{|i>8XK3KGr;+B?hQB~sOnpWp&X+oZTfVZ`s&=8x;>|gM znnfg&6=%hjJM4*pDNh}NhWZ13j?=Ge#dXG2sDRkM=YeLZLET73Y%ZLf^ z!SKao?vL(u)CA*p_;CrH%ICbEy_qkI;%hMl8h|@9v)DpH!%%kqnjTuL)UDxMO1+E9 z{Qg+42j+DDiUcxVs0Jf;9x-piknH<+obD;hZD31HSZo=$%DLMKtaZX5%Yl*+_D$}w zow9p|1*V~x=;iV5fyCE)}-IF#B|FxiSpnz#dh)T*qis&R`inc zkF2^{&&OH~{dmd!3o;hfvf?%HyQC;X7jym&Mza3OivzKNZ_ZhS%S2Y0^h~J zZ!P;IP&D8W&CVNM(ynsFal}9h6Y@$l#&SRLyTagag`XjmN%iem@DsL_lvL&r6OF}F zk09$W1hd@h)e3u|$V+)F3{qibX~g6=6rKmGUGNM#G`SEug|_wwjw=$MFu(fnD<(LH zo}GDol+$r~1YyB;rg<}GejqN*b+llOz`xIHoP)VUcoa~e9n`#tf}~*}5ltA$zel-Y zyrhtCVzlIlf^|yzBa7C++9J}~+fPuhoE2xuuwuIbcPUTS-IDA_Oc^SD&6qlAN4<0H zOwzMEYlAaIZzm2x4U+3U(23qA6+Xb`>fAPLQ87RRK52-9o}BvWizF6SasBn)VE<`P zQ-RYd(oEuR_$iIn?Qx%P{g%L1h}L4{*VH%TO|GCH>H<$k7n9V1<`UHkI(b+?@($gD)l?y z7GM^{OB;56m)DDx`k<77QgQFMi>>=7sPXwiM7vQS@aC#nN-ABC&~Fv^-OLYuDKOxDyX% zu<>8q^ysgS@ZO22^0ka_&PB?V=%^J4+QJ2kHsbN!6NplW2 zjYz3;yEHR4#$>Iv4oIlrTZEI%Ole*5uC4P;_GCszNVFx~MM>5X3_#SI-fT!}lLvzL z%?Z|UUp$zejDg1dh>?f|g;r{@{~&;`-g4<92!UxwYmiZ|KGIdE@iS3IXjp(ibfejf znn|_QGg`Usat*thih)}9$*ho5{Zzagv-E0+&ON`(PLsBb@Plx2WmtD*JKmf`?J>o3 ztKRS&4%ViV)qns&m;2hN@l6{}{vp|`mV*g` zf$tsNwC}2{k{*J%6nQM;l4#eO2LLpvg+ZxqpZ9yv*}qg;S?hesINq7Q7(fK2vF{wG z8Bzi=k^1(6B#eq0i$%XgX8}WS0BKt;POe^cPT@vOwA%zn08Zwp<{<#Tmzv<2C%$ zG2yw`$xn@uiBHmOAOfOf`K_`jDNXG~80PizP`znU>T4JFs`s8sp>I=a9iET~+}ZrK zi0Ct=RjA-+>7YH<6Qbn|<}5GvgPWq}c4s0h1|oa6+5`UhZ(CTsSz|^1R%l^!jh=g} z^)*(yJ)>3riCb~Ry#bO?)FR2EN)-HSUWH{JBk~r}$$c0jX{|pdifQAOKb?^|@N9`*(Fq?8@%bFlN^Wk3qO6TUMUz~R&wIW* z;~4laX8x!I&_)Z%TDeXOq>0~G0(o~r&R1?fAxA{x?%-hxZtFu`oc{{BHl~AG{kE?8 zYL;)8hp#Sc9+yZFoNVd%@MbJHOZ^63zE6$rAihI})55_1B6M^b9xo2E&KFvAA-=e( z&b0z>ud--p;yUR|CJ<9z#O57Le$~a=d)S5I9fFNOq~Xx3epkzvFi(Rv=$69j`0Hx= zXb$HyU}p9`@yC^}bS~@p`uopRJJd58b4o?|!tEcqxzUOVr3V=7S~B0<_=E1(lknKa z`Gzvbsn73vkvy(f?t4x5$s{wdMk7zT<4Q(p+GP_NAcag)QxFHyF{xr%#(j^afVRs) zjghpvR2B$<9mzj#!ZifSwLuBF>Q=j1FD;Pimxl;?`!;S1{I(YwCPjo>x=bo)2f}N_e+GsEN<(o zJVmUxL2r&S1QPZ$p)=L+P^jVb47cV53gC{@Jh;$FNZ`&lUHo!>opeF3r|A4G=KfaQ z$l^#EqHks+BU2#yYrHQeq62wepaEK6AA5Bvh4+j86=jiMXJuBR|F+6V)Z^o|MYWSd zU)k_yMAVC-F9I@QOn6G!Hizp+C`ko)J6U%Wiw{=OPzewowpa$-FDNHC5WukDa>j^? zD4{73e$k3%s^}+l;p8*{0F6&4tdg|vv!8u^XfEUct@3{y-w}uZXDjG6+{#*pFdXyV zY*#QjSlsz;0He`HdnE3oH{yG5;~5j;1@jRiM#%M7y(QhJr`QaC$BgJmnC(!@dl}x( zu7MO7k6LXuWK4)C1r-U%64##P8ISLU>`z+=j)vz_|U#yp$=f-IilDP}bU}^^RnX~=Cjd>nGiqWs`V&;%p=g!Td zW28{^Av|GgITJL|;2X@#1GA~;5KEa8@B#9CV=S3Fl|xb<+*adxSoigjQtbUM=?oFs zurwN3=oe;Swn!AwE%4%l-r|CxpmP87 z-=ELRY|pLP;U(-nJiH(3W+;e5fxVLn&GqO6A~qZl{lm@K9|r0&xyTgNrJVycG}K2qES@7 zB>aY;!bt$>a$XYKdslUrD^<+f95X$FI&)%0(Gq`b?iSh;W z9YlkF{v>kiA6K{S@>p8Zjmc9m?M(?{BBn02Occ(#4qQ%%`KZ02Q7}_v`Z-$ho$4*5 zRg!3AhMo4ivWn^JoMcc+A(`1^H|q8bce~{J14o_Z_+7|JZu>PCP(|55YV#$k{85h- z8P(4Jx!KkPy?l&nz7_4G3b|Ij1;cxd7L6@xvz`6nWAs)3Lvg7ZxKGI6|JZrJV)TZ; zI6f=r{%b7Q#P~mX+J7bF|9g-(&vx(iLcnln*`>Lrg28joZvA$a;J{+9*9qwqi8ICb zs2JnxMn&neQU|wl0zZWwU)7?_37E=B3tMbXa%v*Ix^a70 z*{M-0pqa0QQ352a1H9ndX7&Gd+0_59Rw4iqadYCEYsMxHCqQM9zeocR~mLtSTlSK6DejgA0FYk z=Q`jddAQ2+BNH;__JNkwap&Rs7p_g@prAS#j~Du+-d)WwksVDF+TI`+c3g5jDl@@W z{8&58Tt_mVkahCd73~Okaa+Qx895&4ha)sz^?{VO*+bj!z3B!8dkYb2W)AGs=HlHP zsO;tMvxyUMukbG2uA3-ax+I@|U;Q!g3e}&4eMml)f_9Goqjd96i<^bvX$)D7q4+yj z@_~kP*pH%!9n(_??I_<+{Cn#GMNHX$JvbX(c;L3ay|FJ(;zymt*NUssD zC@GJq|r6rB=?E3nxQ{1Ncj z9-KVVZi@XqLXRO?zfHQ>-^K#mi>UJ5JqshRk-UbFY#OR%dR%C~(CBzL`jku>y0x5_ z$f?fsVJc}QDpvURY(Bxg+I|#FK8Eec&z7BEu6#gWJKySs3-NnEHek{1AKaw&7bdPB z8p(Tlxcn&3lf?`-KuP+y#toenh>d)XxHp1nqtQ^t>X`QZMj|Up0It1L^UVA%yS_ik zdt5TyfZ9)(VM6`GAE~YDO3&gxs zUXq=lA9~h)%e0g?cgP}tnM@^ZFp2hj$Es>jua5A3s+kd&argcri^~&yq~!oYq-}C= z=BWRk+X=!eKj-l0H~PL_jCZ&1-(?aS?mSe6ez~5Yz&_JB6EjO!y3n1PZdc?*-|?I z50f2&F?l7;QCdgLIc)6RUC_{@CnpyL%95(D3``L-3F3)!e2%AeuRB2kt-rjd)L*0u zea_!V;R4dG?hGsMp1#3dT7(?ndPE7(&&Ec59v2sRQ9S_k0IFU&G!xH^MQU_Gqmst) zr~&kI;tY%EG;!QV*6Tn%Yy^00L^XNbuDGXNoIeUqjsLjsJjwl5KG9pi)Fkw30EF;o zcuwzK7=FXKr1p~qPc}zNq*T}T^h^c*e2UOHrs~U`;&JH{uYXDEnVRAV6%Ih+@Ni(! zCYT9bSCS*TRi_>Ac0N0hb=+jLvdL0XOH$Eaz#m0Hne}i#l3TNTL%h(Cnwqd+VwUyQ zxJU4XVDe4^%-O_8MO+2`3R(L($g38fYgPpP$hWXPPQ>JeA|qyY4p} zZJC;3u=;9O@oB}8=suy(-i0U>ll1Nu$KrpxKrmcGQGKN_J8(OlXcQZhUODa1ST5xw zt+j?dRp-!W4jD;ZpB7f|lSTPV5;k|raDOQYD8v;m<_x~vb0<3B^`%6NGXFrLLl`EK z=!~iFauS39`2~yu*)xbLZM;43`V@x{(G-it=_c zE%t6uNQNyprg4QtzyQS*W@gDVIK3P`P{HI7vdw|XJe#HZz&mMg#CHvnc{2rS_YcmP zl3~E=?4VZpDf90_N2-Kq6&a&@YgH!px`L8uB->3%hn5R@=)!2D0HLAO=sfDF-4Qfk z<|6}}qvU+;t`4roaF>_SuWQd1iN>ot^*l|8=f8^fy1tyjfPJ^+Lx}QCP~?z|i&XX}_BulJo`H zf}cOamu5Vt)wBZc*v&(pb-$3-H&)kb?8ZI^i+(a!XpIz$C`jbt(fpnrs-x+9bA2kE zi*I zT0TmeFFGuva?`n6UyFLnBcda8E&mSP+Rjyw&Zw+Z^Hnm54)Kr(1`-Fk4@OmsE8XUd z!d15SQ<_fMokoA_1n$JPS|cpdgfkowE84(g+0c{q3H$<|Kc`(xs6NAT9DD7<4xC-1 zikZ?(cGVH@&rXvz4uis`56)@`&g#-Rfmv7a#d{an9~)R)z7qOD zeq5_Iy@5~Ry98>H!S8#%HQR6gV>9Vm`qQJpHu}K90NprCgRzC2Afjw*Je#CUl(DUC zvR?R&L}mY7Z*I|H0~TQn(fdnC!_rpH$n0aIWarnquH*6t*>dnQ zQywMAI5$8o+w#43i$W@7ENt^46Vnm0)P3cxvg4q#@Xpu3fO66xPL6IGV)e-2HDw^Z zKoFi*B9Q3|8~b7LBp6F+ZF@MWs5vw#*Os3;UtxwJxGYIzw(&L=x!pTH5>|5!?T*PV ze(D}JACiz4wt02p81i~qcAM@Hm+%-X*R3X`&^F67@)yCrMavJU; zfWhChdL1@6WIC;6p?yU_aF*N*4$bVU$XnZ|`%e$6_O?JZ%f<>1@53(yNfSbDtlAuX zER^lHC;;iv#n29ZVD++C=D}C@W3K*3)piR5NVj;hrY-ZppF9vPs^RY#H7`3|rUkE{ zC@O+24m{b(K-~Qm>i)g((u~w?A0>+G$Q!{e)*sg?2Uuy~F5Q97s=U@DQD{{RM-Ayfw z*V1(j+;LrHD%m|Jt?%W&f3FWq5wogs5sjRv;$5YASv_umlxVF}=%zG$XuHaqxAG#M zT&)!Rj}Ozi!z-DR-Vg)GkrdSAMY0RbQ14_DkDrW*jee>d4ztI%&zce?o@7UI(TO4O z!a~SCVXf&H15)1MBLndkODM8ewK61p0qjs|JLjtrqK4kxG2s`5vNRZ3=^9eR1&FX_ zZQT+0SO9dmGRgRpZw0fktmt0$6$K|1EN?2nlt-~x?Q;O{@+fgm_u^CbiDebFo|X|V zqB%bn%Z24H>)elN^;Ob;ZJw1hjIPH9B5IvUSb{3{AhDbIg%HVee7>)goV-X!sxMC* zyK$h8r0pDuo|&v}9xK_=GR@;6!@Ap}-5;TA8}ifO8E%lDOY`tTbJ3d=xwj`?NmIMx zLSH5a{d_BIR`+Pc!C=eHMB$uX03h1h^aNl~>itPT`+I%X^8bVX zlS#05F1rx5fDg%@D=EVIg7z2lu>H;^MbLnNfXL|Rt>{DA%lhYuxIBrc)#G=s0$x$( zeQ7M8a)C>H1#3M9{cjg$ywxnMt&7{+?~(MYmqv=<-}U*$B$eU=gipNInqqCoVv&f0HjHY0K6TvPXHXXuK@tM{}FUb zR<=u)H&aU5f~{^e++}w)546LxSP2Y|Ed0_xPBAetSQ%oc)2ExaZyP%}I26_GeLVSx zuQIRl{?!qqQ7UOx=rd0;xk0HuFOD)Lv@E1<2NkKRs^S-(*krmo*G-aH$^jG_olU*Y z+irRfdd<_?0=J`EXZ`^AU?{<*&2=!sb_I3ylNSvfusqtM_$KAo++2xWou`Y=8$Z?# z?GF|Fv+gsLj(*ZSD#82nf6tfWs2MbORVa#)x^Tm7mM?Cls{ju(vs`KYQc!g$nz85H z=wer@fia76)+`EW@-_8>3yDZ+R6+ZkTUbn}BLgTrP-l|oWBsC)boTzXV#_u~NXSQZPOd78ZF-D88%Ue6~D z4TO0v`;n9VILznbja$G^;zt*PAZfdLOea^pmh7WK1-i7H+s)IFFI=rZY;q&VQ5J#5E-!Ac!OU#JET4)|(&Gx0Df|c~+H1uuAmRG7rf&Re zFcvNASI&jBX)t7Lek${N}_g$7h(f>OXaM z;(HS_HpaN6q$+j}*$8j-0cxpem**bGDgu)@@~uvi;!RWyqC(7vZ9m8=r8ILJR<3|_ zP_nBCrWT(TYlfa@vl^@^CO_*1+n08>-qN6}d*S2SbU}YYF{+KJrCh$r&>@o-Ow1dx zJ%(s6yy>Czv=4zOPWiG@i*JN#PVY3Kf9(h5QM~%0)B#3D+tcvjwLt5gDXNxu3s4XK zdmOI{$C$i3&#r_yRMSa94o00(DQy(cR5Q5-_}Itft!=Hc;BLiiRwr_@pAI%Pz)uoJGZ$3ffHuG?7F%hfSJgekWvfI=$!C2)?z92F> zt4bZ-8duy}UhyL$tX?mm2j={hN~^Y#4&T1{wN}~O%%1d;agPIUs~0CWT7{}WbVm!> z*3Z1c@jiL#S4*`s(LT}MaN8jgveyvA@x6x8ZmvG1cR{vD>zQ6P5lAaJ3P$&kf?qw3 ziL!j?n$x(|rh|wNSN5U`XO+`-4;U1RLUJO^YI@lVAWqBDa_CgZr#w>cqz+0GxZcrG`m z^zFXWKW+r;D*a5wxFAe9hXXQ6DKKf)ZQHef7-lQ)^}6*d-g3d=YJlJIIYKtb2%jQD z$uv4Dl%k#E$h^_i@}oJ7`;v;Jj7)zu=Z}X_>$%Y;8|6lP6C{^#m(N4rqxoS|Snmu5 z<<8)=T&_`FY9#XS1={>t70ln2eG~w*KaH{>Y`O~)I)4Rn5Th)N(IF%+S5a|spW{H%Zyzc@tSI-((cFR#xLP94Je}1n-&3)#Qa_F5VD3n zSCrv!jp|t_DM>pZI>J1)Q@cy2&M%yTdme9YXl!WaVeBILVjb6A%2gBdyAV#@G?ENG zE!Fyk#DD%W**Z9BYF#5nC|xS#*s<&R8m_Zm9tCet-JhGAbAbq8)6;uySGE_deY;&L z9)ry5d@jOLeQ!huiIzBB_#Pry-F^aq;g?_o$V>1709XGV%yue!N4RVFfZQHOV8m7m zRLa^ZxRx%H0K|GQm2Yf(d_0nc0gBF%{1Ph)TYwqxsal8VxQp$gBO14quUwfqFmjCe_uI_Kkqxk*^B|W2XQB literal 0 HcmV?d00001 From ab089109b5b86548b5921dd115e76171b8ffae5d Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Fri, 7 Dec 2018 12:14:23 -0800 Subject: [PATCH 02/54] fixed image --- .../device-control/control-usb-devices-using-intune.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index 1e8abf7236..3af094003d 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -69,7 +69,7 @@ You can get the hardware ID of a USB device in Device Manager. Locate the USB un Right-click the name of the device, click **Properties** > **Details** and select **Hardware Ids** as the **Property**: -![Hardware IDs](images/disk-drivehardware-id.png) +![Hardware IDs](images/disk-drive-hardware-id.png) Windows uses compatible IDs to select a device driver if the operating system cannot find a match with the device ID or any of the other hardware IDs. Compatible IDs are listed in the order of decreasing suitability. These strings are optional, and, when provided, they are very generic, such as Disk. When a match is made using a compatible ID, you can typically use only the most basic functions of the device. From 4862629762e4896b1d6d39e6ba209779ab50e7cc Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Fri, 7 Dec 2018 17:06:35 -0800 Subject: [PATCH 03/54] edits --- .../device-control/control-usb-devices-using-intune.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index 3af094003d..1adf3e03e5 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -8,14 +8,14 @@ ms.pagetype: security ms.localizationpriority: medium ms.author: justinha author: justinha -ms.date: 12/05/2018 +ms.date: 12/08/2018 --- # How to control USB devices and other removable media using Intune **Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) -Intune can help reduce threats from removable storage such as USB devices. The following table describes different scenarios for controlling installation and usage of removeable storage and other devices. +Intune can help reduce threats from removable storage such as USB devices. The following table describes different scenarios for controlling installation and usage of removeable storage and other devices. For more information about controlling USB devices, see the [Microsoft Secure blog](https://cloudblogs.microsoft.com/microsoftsecure/). | Control | Description | |----------|-------------| From bccc22a1469d299523995c845beaf296970e206c Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Mon, 10 Dec 2018 15:55:32 -0800 Subject: [PATCH 04/54] spelling --- .../control-usb-devices-using-intune.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index 1adf3e03e5..4af21ce3fe 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -8,27 +8,27 @@ ms.pagetype: security ms.localizationpriority: medium ms.author: justinha author: justinha -ms.date: 12/08/2018 +ms.date: 12/11/2018 --- # How to control USB devices and other removable media using Intune **Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) -Intune can help reduce threats from removable storage such as USB devices. The following table describes different scenarios for controlling installation and usage of removeable storage and other devices. For more information about controlling USB devices, see the [Microsoft Secure blog](https://cloudblogs.microsoft.com/microsoftsecure/). +Intune can help reduce threats from removable storage such as USB devices. The following table describes different scenarios for controlling installation and usage of removable storage and other devices. For more information about controlling USB devices, see the [Microsoft Secure blog](https://cloudblogs.microsoft.com/microsoftsecure/). | Control | Description | |----------|-------------| -| [Block installation of any removeable storage device](#block-installation-of-any-removeable-storage-device) | Users cannot install any removeable storage device. | +| [Block installation of any removable storage device](#block-installation-of-any-removable-storage-device) | Users cannot install any removable storage device. | | [Allow installation of specific device IDs](#allow-installation-of-specific-device-ids) | Users can install only specfically approved devices. | -| [Protect authorized removeable storage devices](#protect-authorized-removable-storage) | Identify and block malicious files on authorized removeable storage devices. | +| [Protect authorized removable storage devices](#protect-authorized-removable-storage) | Identify and block malicious files on authorized removable storage devices. | -To make sure removeable storage is blocked or allowed as expected, we recommend trying these settings with a pilot group of users and devices, and refining the settings as needed before applying them in production. +To make sure removable storage is blocked or allowed as expected, we recommend trying these settings with a pilot group of users and devices, and refining the settings as needed before applying them in production. > [!NOTE] -> These threat reduction measures help prevent malware from coming into your environment. To protect enterprise data from leaving your environment, you can also configure data loss prevention measures. For example, on Windows 10 devices you can configure [BitLocker](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview) and [Windows Information Protection](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure), which will encrypt company data even if it is stored on a personal device, or use the [Storage/RemovableDiskDenyWriteAccess CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-storage#storage-removablediskdenywriteaccess) to deny write access to removeable disks. +> These threat reduction measures help prevent malware from coming into your environment. To protect enterprise data from leaving your environment, you can also configure data loss prevention measures. For example, on Windows 10 devices you can configure [BitLocker](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview) and [Windows Information Protection](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure), which will encrypt company data even if it is stored on a personal device, or use the [Storage/RemovableDiskDenyWriteAccess CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-storage#storage-removablediskdenywriteaccess) to deny write access to removable disks. -## Block installation of any removeable storage device +## Block installation of any removable storage device 1. Sign in to the [Microsoft Azure portal](https://portal.azure.com/). 2. Click **Intune** > **Device configuration** > **Profiles** > **Create profile**. @@ -87,7 +87,7 @@ If removable devices are allowed on devices (either fully or partially), you can ### Enable Windows Defender Antivirus Scanning -Protecting authorized removeable storage with Windows Defender Antivirus requires [enabling real-time protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus). +Protecting authorized removable storage with Windows Defender Antivirus requires [enabling real-time protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus). If real-time protection is enabled, files are scanned before they are accessed and executed. The scanning scope includes all files, including those on mounted removable devices such as USB drives. You can optionally [run a PowerShell script to perform a custom scan](https://aka.ms/scanusb) of a USB drive after it is mounted. @@ -132,7 +132,7 @@ These settings require [enabling real-time protection](https://docs.microsoft.co - [Configure real-time protection for Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus) - [DeviceInstallation CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation) -- [Perform a custom scan of a removeable device](https://aka.ms/scanusb) +- [Perform a custom scan of a removable device](https://aka.ms/scanusb) - [BitLocker](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview) - [Windows Information Protection](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure) From fd4d176f1b37ee8cb4491648f0b03650191ce1f3 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Mon, 10 Dec 2018 16:53:43 -0800 Subject: [PATCH 05/54] spelling --- .../device-control/control-usb-devices-using-intune.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index 4af21ce3fe..e0bfb8f533 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -20,7 +20,7 @@ Intune can help reduce threats from removable storage such as USB devices. The f | Control | Description | |----------|-------------| | [Block installation of any removable storage device](#block-installation-of-any-removable-storage-device) | Users cannot install any removable storage device. | -| [Allow installation of specific device IDs](#allow-installation-of-specific-device-ids) | Users can install only specfically approved devices. | +| [Allow installation of specific device IDs](#allow-installation-of-specific-device-ids) | Users can install only specifically approved devices. | | [Protect authorized removable storage devices](#protect-authorized-removable-storage) | Identify and block malicious files on authorized removable storage devices. | To make sure removable storage is blocked or allowed as expected, we recommend trying these settings with a pilot group of users and devices, and refining the settings as needed before applying them in production. @@ -46,7 +46,7 @@ To make sure removable storage is blocked or allowed as expected, we recommend t 4. Click **Configure** > **General**. -5. For **Removable storage** and **USB connection (mobile only)**, choose **Block**. **Removable storage** includes USB drives, where **USB connection (mobile only)** excludes USB charging but inludes other USB connections on mobile devices only. +5. For **Removable storage** and **USB connection (mobile only)**, choose **Block**. **Removable storage** includes USB drives, where **USB connection (mobile only)** excludes USB charging but includes other USB connections on mobile devices only. ![General settings](images/general-settings.png) @@ -61,7 +61,7 @@ Alternatively, you can create a custom profile in Intune and configure [DeviceIn Windows can use device identification strings to control device installation and configuration. There are two types of device identification strings: hardware IDs and compatible IDs. -Hardware IDs are the identifiers that provide the most exact match between a device and a driver package. The first string in the list of hardware IDs is referred to as the device ID, because it matches the exact make, model, and revision of the device. The other hardware IDs in the list match the details of the device less exactly. For example, a hardware ID might identify the make and model of the device but not the specific revision. This scheme allows Windows to use a driver for a different revision of the device, if the driver for the correct revision is not available. +Hardware IDs are the identifiers that provide the most exact match between a device and a driver package. The first string in the list of hardware IDs is referred to as the device ID, because it matches the exact make, model, and revision of the device. The other hardware IDs in the list match the details of the device less exactly. For example, a hardware ID might identify the make and model of the device but not the specific revision. This scheme allows Windows to use a driver for a different revision of the device if the driver for the correct revision is not available. You can get the hardware ID of a USB device in Device Manager. Locate the USB under Disk drives: @@ -116,7 +116,7 @@ These settings require [enabling real-time protection](https://docs.microsoft.co - Platform: Windows 10 or later - Profile type: Endpoint protection - ![Create enpoint protection profile](images/create-endpoint-protection-profile.png) + ![Create endpoint protection profile](images/create-endpoint-protection-profile.png) 4. Click **Configure** > **Windows Defender Exploit Guard** > **Attack Surface Reduction**. From eaf20de0a2a1902ef0f1f0bec23e4cf1f45a974e Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Mon, 10 Dec 2018 17:10:48 -0800 Subject: [PATCH 06/54] edits from Jody --- .../device-control/control-usb-devices-using-intune.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index e0bfb8f533..baa218aa3e 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -11,12 +11,11 @@ author: justinha ms.date: 12/11/2018 --- -# How to control USB devices and other removable media using Intune +# How to control USB devices and other removable media using Windows Defender ATP **Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) -Intune can help reduce threats from removable storage such as USB devices. The following table describes different scenarios for controlling installation and usage of removable storage and other devices. For more information about controlling USB devices, see the [Microsoft Secure blog](https://cloudblogs.microsoft.com/microsoftsecure/). - +Windows Defender ATP enables security administrators to view, prevent, and protect against unauthorized peripherals, such as cameras, removeable storage devices, and so on, from being used to compromise devices (i.e. Threat Infections) or being used to exfiltrate sensitive information (i.e. Data Loss Prevention). | Control | Description | |----------|-------------| | [Block installation of any removable storage device](#block-installation-of-any-removable-storage-device) | Users cannot install any removable storage device. | @@ -28,6 +27,8 @@ To make sure removable storage is blocked or allowed as expected, we recommend t > [!NOTE] > These threat reduction measures help prevent malware from coming into your environment. To protect enterprise data from leaving your environment, you can also configure data loss prevention measures. For example, on Windows 10 devices you can configure [BitLocker](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview) and [Windows Information Protection](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure), which will encrypt company data even if it is stored on a personal device, or use the [Storage/RemovableDiskDenyWriteAccess CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-storage#storage-removablediskdenywriteaccess) to deny write access to removable disks. +For more information about controlling USB and other removable media, see the [Microsoft Secure blog](https://cloudblogs.microsoft.com/microsoftsecure/). + ## Block installation of any removable storage device 1. Sign in to the [Microsoft Azure portal](https://portal.azure.com/). From 7e462a58e3b9459fa52971630a4173eb185f0896 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 11 Dec 2018 05:38:32 -0800 Subject: [PATCH 07/54] feedback from Jody --- .../control-usb-devices-using-intune.md | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index baa218aa3e..94f5f0f980 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -16,18 +16,21 @@ ms.date: 12/11/2018 **Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) Windows Defender ATP enables security administrators to view, prevent, and protect against unauthorized peripherals, such as cameras, removeable storage devices, and so on, from being used to compromise devices (i.e. Threat Infections) or being used to exfiltrate sensitive information (i.e. Data Loss Prevention). + | Control | Description | |----------|-------------| | [Block installation of any removable storage device](#block-installation-of-any-removable-storage-device) | Users cannot install any removable storage device. | | [Allow installation of specific device IDs](#allow-installation-of-specific-device-ids) | Users can install only specifically approved devices. | | [Protect authorized removable storage devices](#protect-authorized-removable-storage) | Identify and block malicious files on authorized removable storage devices. | -To make sure removable storage is blocked or allowed as expected, we recommend trying these settings with a pilot group of users and devices, and refining the settings as needed before applying them in production. +To make sure removable storage is blocked or allowed as expected, we recommend trying these settings with a pilot group of users and devices, and refining the settings as needed before applying them in production. +You should block everything and allow only the removable storage properties of approved devices (such as vendor ID, and product ID) and limit users who need access because it is possible to spoof removable device properties. +For more information about controlling USB and other removable media, see the [Microsoft Secure blog](https://cloudblogs.microsoft.com/microsoftsecure/). + > [!NOTE] > These threat reduction measures help prevent malware from coming into your environment. To protect enterprise data from leaving your environment, you can also configure data loss prevention measures. For example, on Windows 10 devices you can configure [BitLocker](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview) and [Windows Information Protection](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure), which will encrypt company data even if it is stored on a personal device, or use the [Storage/RemovableDiskDenyWriteAccess CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-storage#storage-removablediskdenywriteaccess) to deny write access to removable disks. -For more information about controlling USB and other removable media, see the [Microsoft Secure blog](https://cloudblogs.microsoft.com/microsoftsecure/). ## Block installation of any removable storage device @@ -57,7 +60,7 @@ For more information about controlling USB and other removable media, see the [M ## Allow installation of specific device IDs -Alternatively, you can create a custom profile in Intune and configure [DeviceInstallation](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation) policies to allow or prevent the installation of specific types of devices. +Alternatively, you can create a custom profile in Intune and configure [DeviceInstallation](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation) policies to allow or prevent the installation of specific types of removable devices. Windows can use device identification strings to control device installation and configuration. There are two types of device identification strings: hardware IDs and compatible IDs. @@ -74,11 +77,10 @@ Right-click the name of the device, click **Properties** > **Details** and selec Windows uses compatible IDs to select a device driver if the operating system cannot find a match with the device ID or any of the other hardware IDs. Compatible IDs are listed in the order of decreasing suitability. These strings are optional, and, when provided, they are very generic, such as Disk. When a match is made using a compatible ID, you can typically use only the most basic functions of the device. -When you install a device, such as a printer, a USB storage device, or a keyboard, Windows searches for driver packages that match the device you are attempting to install. During this search, Windows assigns a "rank" to each driver package it discovers with at least one match to a hardware or compatible ID. The rank indicates how well the driver matches the device. Lower rank numbers indicate better matches between the driver and the device. A rank of zero represents the best possible match. A match with the device ID to one in the driver package results in a lower (better) rank than a match to one of the other hardware IDs. Similarly, a match to a hardware ID results in a better rank than a match to any of the compatible IDs. After Windows ranks all of the driver packages, it installs the one with the lowest overall rank. - -Some physical devices create one or more logical devices when they are installed. Each logical device might handle part of the functionality of the physical device. For example, a multi-function device, such as an all-in-one scanner/fax/printer, might have a different device identification string for each function. - -You must allow or prevent all of the device identification strings for that device. For example, if a user attempts to install a multifunction device and you did not allow or prevent all of the identification strings for both physical and logical devices, you could get unexpected results from the installation attempt. +Some physical devices create one or more logical devices when they are installed. +Each logical device might handle part of the functionality of the physical device. +For example, a multi-function device, such as an all-in-one scanner/fax/printer, might have a different device identification string for each function. +You must allow or prevent all of the device identification strings for that device. For a SyncML example that allows installation of specific device IDs, see [DeviceInstallation/AllowInstallationOfMatchingDeviceIDs CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-allowinstallationofmatchingdeviceids). From 013ed0ab4407a293ff26ddbee26114748a4f11f8 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 11 Dec 2018 07:24:06 -0800 Subject: [PATCH 08/54] feedback from Jody --- .../control-usb-devices-using-intune.md | 21 ++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index 94f5f0f980..d75d949ac6 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -17,6 +17,20 @@ ms.date: 12/11/2018 Windows Defender ATP enables security administrators to view, prevent, and protect against unauthorized peripherals, such as cameras, removeable storage devices, and so on, from being used to compromise devices (i.e. Threat Infections) or being used to exfiltrate sensitive information (i.e. Data Loss Prevention). +- [View plug-and-play connected events in Windows Defender ATP advanced hunting](#view-plug-and-play-connected-events) to identify or investigate suspicious usage activity. Based on any WDATP event, you can customize alerts using a custom detection rule. +- [Prevent or limit peripherals](#prevent-or-limit-peripherals) from being seen by or interacted with devices. Device installation restrictions can also be set to handle an active incident, such as immediately blocking a user or machine’s access to all removable storage. The following policy and configurations let you do this: + - Granular configuration to deny write access to removable disks and approve or deny devices by USB vendor code, product code, device IDs, or a combination. + - Flexible policy assignment of device installation settings based on an individual or group of Azure Active Directory (Azure AD) users and devices. +- [Protect against threats](#protect-against-threats) introduced through removable storage devices through enabling: + - Windows Defender Anti-Virus real-time protection (RTP) to scan removable storage for malware. + - Exploit Guard’s Attack Surface Reduction (ASR) USB Rule to block untrusted and unsigned processes that run from USB. + - Direct Memory Access Protection Settings including Kernel DMA Protection for Thunderbolt and Blocking Direct Memory Access until a user logs-on to protect devices against Direct Memory Access (DMA) attacks. + + + + + + | Control | Description | |----------|-------------| | [Block installation of any removable storage device](#block-installation-of-any-removable-storage-device) | Users cannot install any removable storage device. | @@ -25,12 +39,17 @@ Windows Defender ATP enables security administrators to view, prevent, and prote To make sure removable storage is blocked or allowed as expected, we recommend trying these settings with a pilot group of users and devices, and refining the settings as needed before applying them in production. You should block everything and allow only the removable storage properties of approved devices (such as vendor ID, and product ID) and limit users who need access because it is possible to spoof removable device properties. -For more information about controlling USB and other removable media, see the [Microsoft Secure blog](https://cloudblogs.microsoft.com/microsoftsecure/). +For more information about controlling USB devices and other removable media, see the [Microsoft Secure blog](https://cloudblogs.microsoft.com/microsoftsecure/). > [!NOTE] > These threat reduction measures help prevent malware from coming into your environment. To protect enterprise data from leaving your environment, you can also configure data loss prevention measures. For example, on Windows 10 devices you can configure [BitLocker](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview) and [Windows Information Protection](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure), which will encrypt company data even if it is stored on a personal device, or use the [Storage/RemovableDiskDenyWriteAccess CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-storage#storage-removablediskdenywriteaccess) to deny write access to removable disks. +## View plug-and-play connected events + +## Prevent or limit peripherals + +## Protect against threats ## Block installation of any removable storage device From 73cb53caab4f7982047ef125b8cdb4e7e2d5db70 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 11 Dec 2018 08:13:31 -0800 Subject: [PATCH 09/54] added feedback from Jody --- .../control-usb-devices-using-intune.md | 46 +++++++++++-------- 1 file changed, 26 insertions(+), 20 deletions(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index d75d949ac6..4bd7a295d7 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -17,41 +17,47 @@ ms.date: 12/11/2018 Windows Defender ATP enables security administrators to view, prevent, and protect against unauthorized peripherals, such as cameras, removeable storage devices, and so on, from being used to compromise devices (i.e. Threat Infections) or being used to exfiltrate sensitive information (i.e. Data Loss Prevention). -- [View plug-and-play connected events in Windows Defender ATP advanced hunting](#view-plug-and-play-connected-events) to identify or investigate suspicious usage activity. Based on any WDATP event, you can customize alerts using a custom detection rule. +- [View plug and play connected events in Windows Defender ATP advanced hunting](#view-plug-and-play-connected-events) to identify or investigate suspicious usage activity. Based on any WDATP event, you can customize alerts using a [custom detection rule](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/custom-detection-rules). - [Prevent or limit peripherals](#prevent-or-limit-peripherals) from being seen by or interacted with devices. Device installation restrictions can also be set to handle an active incident, such as immediately blocking a user or machine’s access to all removable storage. The following policy and configurations let you do this: - Granular configuration to deny write access to removable disks and approve or deny devices by USB vendor code, product code, device IDs, or a combination. - Flexible policy assignment of device installation settings based on an individual or group of Azure Active Directory (Azure AD) users and devices. -- [Protect against threats](#protect-against-threats) introduced through removable storage devices through enabling: - - Windows Defender Anti-Virus real-time protection (RTP) to scan removable storage for malware. - - Exploit Guard’s Attack Surface Reduction (ASR) USB Rule to block untrusted and unsigned processes that run from USB. - - Direct Memory Access Protection Settings including Kernel DMA Protection for Thunderbolt and Blocking Direct Memory Access until a user logs-on to protect devices against Direct Memory Access (DMA) attacks. +- [Protect against threats](#protect-against-threats) introduced by removable storage devices by enabling: + - [Windows Defender Antivirus real-time protection (RTP)](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus) to scan removable storage for malware. + - [Exploit Guard Attack Surface Reduction (ASR) USB rule](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard) to block untrusted and unsigned processes that run from USB. + - Direct Memory Access (DMA) protection settings to mitigate DMA attacks, including [Kernel DMA Protection for Thunderbolt](https://docs.microsoft.com/windows/security/information-protection/kernel-dma-protection-for-thunderbolt) and blocking DMA until a user signs in. - - - -| Control | Description | -|----------|-------------| -| [Block installation of any removable storage device](#block-installation-of-any-removable-storage-device) | Users cannot install any removable storage device. | -| [Allow installation of specific device IDs](#allow-installation-of-specific-device-ids) | Users can install only specifically approved devices. | | [Protect authorized removable storage devices](#protect-authorized-removable-storage) | Identify and block malicious files on authorized removable storage devices. | -To make sure removable storage is blocked or allowed as expected, we recommend trying these settings with a pilot group of users and devices, and refining the settings as needed before applying them in production. -You should block everything and allow only the removable storage properties of approved devices (such as vendor ID, and product ID) and limit users who need access because it is possible to spoof removable device properties. + For more information about controlling USB devices and other removable media, see the [Microsoft Secure blog](https://cloudblogs.microsoft.com/microsoftsecure/). > [!NOTE] > These threat reduction measures help prevent malware from coming into your environment. To protect enterprise data from leaving your environment, you can also configure data loss prevention measures. For example, on Windows 10 devices you can configure [BitLocker](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview) and [Windows Information Protection](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure), which will encrypt company data even if it is stored on a personal device, or use the [Storage/RemovableDiskDenyWriteAccess CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-storage#storage-removablediskdenywriteaccess) to deny write access to removable disks. -## View plug-and-play connected events +## View plug and play connected events + +You can view plug and play connected events in Windows Defender ATP advanced hunting to identify suspicious usage activity or perform internal investigations. +For examples of Windows Defender ATP advanced hunting queries, see the [Windows Defender ATP hunting queries GitHub repo](https://github.com/Microsoft/WindowsDefenderATP-Hunting-Queries). +Based on any Windows Defender ATP event, including the plug and play events, you can create custom alerts using the Windows Defender ATP [custom detection rule feature](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/custom-detection-rules). ## Prevent or limit peripherals -## Protect against threats +WDATP can help reduce threats from removable storage such as USB devices. +The following table describes different scenarios for controlling installation and usage of removeable storage and other devices. +For more information about controlling USB devices, see the [Microsoft Secure blog](https://cloudblogs.microsoft.com/microsoftsecure/). -## Block installation of any removable storage device +| Control | Description | +|----------|-------------| +| [Block installation of any removable storage device](#block-installation-of-any-removable-storage-device) | Users can't install any removable storage device. | +| [Allow installation of specific device IDs](#allow-installation-of-specific-device-ids) | Users can install only specifically approved devices. | + +To make sure removable storage is blocked or allowed as expected, we recommend trying these settings with a pilot group of users and devices, and refining the settings as needed before applying them in production. +You should block everything and allow only the removable storage properties of approved devices (such as vendor ID, and product ID) and limit users who need access because it is possible to spoof removable device properties. + +### Block installation of any removable storage device 1. Sign in to the [Microsoft Azure portal](https://portal.azure.com/). 2. Click **Intune** > **Device configuration** > **Profiles** > **Create profile**. @@ -77,7 +83,7 @@ For more information about controlling USB devices and other removable media, se 7. Click **Create** to save the profile. -## Allow installation of specific device IDs +### Allow installation of specific device IDs Alternatively, you can create a custom profile in Intune and configure [DeviceInstallation](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation) policies to allow or prevent the installation of specific types of removable devices. @@ -103,9 +109,9 @@ You must allow or prevent all of the device identification strings for that devi For a SyncML example that allows installation of specific device IDs, see [DeviceInstallation/AllowInstallationOfMatchingDeviceIDs CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-allowinstallationofmatchingdeviceids). -## Protect authorized removable storage +## Protect against threats -If removable devices are allowed on devices (either fully or partially), you can add protection to identify and block malicious files. +If removable devices are fully or even partially allowed, you can add protection to identify and block malicious files. ### Enable Windows Defender Antivirus Scanning From b53cd9c2a2a0e27dd9ce9d460fb7060f793fea0d Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 11 Dec 2018 08:18:18 -0800 Subject: [PATCH 10/54] added feedback from Jody --- .../device-control/control-usb-devices-using-intune.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index 4bd7a295d7..62248c869e 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -156,6 +156,15 @@ These settings require [enabling real-time protection](https://docs.microsoft.co 7. Click **Create** to save the profile. +### Protect DMA + +Drive-by DMA attacks can lead to disclosure of sensitive information residing on a PC, or even injection of malware that allows attackers to bypass the lock screen or control PCs remotely. + +1. [DMA Guard CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-dmaguard#dmaguard-deviceenumerationpolicy). For more information about Kernel DMA Protection, see [Kernel DMA Protection for Thunderbolt](https://docs.microsoft.com/windows/security/information-protection/kernel-dma-protection-for-thunderbolt). + +2. Blocking DMA until a user signs in. For more information, see the +[Allow Direct Memory Access CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-dataprotection#dataprotection-allowdirectmemoryaccess). + ## Related topics - [Configure real-time protection for Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus) From 62c3300128fa3dd20fbea98921a47ac91c1cb0a7 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 11 Dec 2018 08:22:04 -0800 Subject: [PATCH 11/54] date --- .../device-control/control-usb-devices-using-intune.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index 62248c869e..ec90e9a929 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -8,7 +8,7 @@ ms.pagetype: security ms.localizationpriority: medium ms.author: justinha author: justinha -ms.date: 12/11/2018 +ms.date: 12/12/2018 --- # How to control USB devices and other removable media using Windows Defender ATP From 239652f14329881f2e0cf9b35da041b077eea2d1 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 11 Dec 2018 10:52:25 -0800 Subject: [PATCH 12/54] edits from Jody --- .../control-usb-devices-using-intune.md | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index ec90e9a929..85bdf47692 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -25,15 +25,7 @@ Windows Defender ATP enables security administrators to view, prevent, and prote - [Windows Defender Antivirus real-time protection (RTP)](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus) to scan removable storage for malware. - [Exploit Guard Attack Surface Reduction (ASR) USB rule](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard) to block untrusted and unsigned processes that run from USB. - Direct Memory Access (DMA) protection settings to mitigate DMA attacks, including [Kernel DMA Protection for Thunderbolt](https://docs.microsoft.com/windows/security/information-protection/kernel-dma-protection-for-thunderbolt) and blocking DMA until a user signs in. - - - -| [Protect authorized removable storage devices](#protect-authorized-removable-storage) | Identify and block malicious files on authorized removable storage devices. | - - -For more information about controlling USB devices and other removable media, see the [Microsoft Secure blog](https://cloudblogs.microsoft.com/microsoftsecure/). - > [!NOTE] > These threat reduction measures help prevent malware from coming into your environment. To protect enterprise data from leaving your environment, you can also configure data loss prevention measures. For example, on Windows 10 devices you can configure [BitLocker](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview) and [Windows Information Protection](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure), which will encrypt company data even if it is stored on a personal device, or use the [Storage/RemovableDiskDenyWriteAccess CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-storage#storage-removablediskdenywriteaccess) to deny write access to removable disks. @@ -158,9 +150,10 @@ These settings require [enabling real-time protection](https://docs.microsoft.co ### Protect DMA -Drive-by DMA attacks can lead to disclosure of sensitive information residing on a PC, or even injection of malware that allows attackers to bypass the lock screen or control PCs remotely. +DMA attacks can lead to disclosure of sensitive information residing on a PC, or even injection of malware that allows attackers to bypass the lock screen or control PCs remotely. -1. [DMA Guard CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-dmaguard#dmaguard-deviceenumerationpolicy). For more information about Kernel DMA Protection, see [Kernel DMA Protection for Thunderbolt](https://docs.microsoft.com/windows/security/information-protection/kernel-dma-protection-for-thunderbolt). + +1. Beginning with Windows 10 version 1803, Microsoft introduced [Kernel DMA Protection for Thunderbolt](https://docs.microsoft.com/windows/security/information-protection/kernel-dma-protection-for-thunderbolt) to provide built-in protection against DMS attacks via Thunderbolt ports. [DMA Guard CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-dmaguard#dmaguard-deviceenumerationpolicy). 2. Blocking DMA until a user signs in. For more information, see the [Allow Direct Memory Access CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-dataprotection#dataprotection-allowdirectmemoryaccess). From 73a6587afc0cf7572ce64bcc90027a8c383b651c Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 11 Dec 2018 11:03:15 -0800 Subject: [PATCH 13/54] edit --- .../device-control/control-usb-devices-using-intune.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index 85bdf47692..71038a776a 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -150,10 +150,11 @@ These settings require [enabling real-time protection](https://docs.microsoft.co ### Protect DMA -DMA attacks can lead to disclosure of sensitive information residing on a PC, or even injection of malware that allows attackers to bypass the lock screen or control PCs remotely. +DMA attacks can lead to disclosure of sensitive information residing on a PC, or even injection of malware that allows attackers to bypass the lock screen or control PCs remotely. The following settings help to prevent DMA attacks: +1. Beginning with Windows 10 version 1803, Microsoft introduced [Kernel DMA Protection for Thunderbolt](https://docs.microsoft.com/windows/security/information-protection/kernel-dma-protection-for-thunderbolt) to provide native protection against DMA attacks via Thunderbolt ports. Kernel DMA Protection for Thunderbolt is built in to Windows 10 devices by equipment manufacturers and it can't be turned off. -1. Beginning with Windows 10 version 1803, Microsoft introduced [Kernel DMA Protection for Thunderbolt](https://docs.microsoft.com/windows/security/information-protection/kernel-dma-protection-for-thunderbolt) to provide built-in protection against DMS attacks via Thunderbolt ports. [DMA Guard CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-dmaguard#dmaguard-deviceenumerationpolicy). + You can provide additional protection by configuring the [DMA Guard CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-dmaguard#dmaguard-deviceenumerationpolicy). This policy controls whether devices that don't support memory isolation 2. Blocking DMA until a user signs in. For more information, see the [Allow Direct Memory Access CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-dataprotection#dataprotection-allowdirectmemoryaccess). From f271def8391f2c0a3cdcc7dbda47649c7e9c3fa1 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 11 Dec 2018 11:34:13 -0800 Subject: [PATCH 14/54] edited DMA section --- .../device-control/control-usb-devices-using-intune.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index 71038a776a..1f87882825 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -24,7 +24,7 @@ Windows Defender ATP enables security administrators to view, prevent, and prote - [Protect against threats](#protect-against-threats) introduced by removable storage devices by enabling: - [Windows Defender Antivirus real-time protection (RTP)](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus) to scan removable storage for malware. - [Exploit Guard Attack Surface Reduction (ASR) USB rule](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard) to block untrusted and unsigned processes that run from USB. - - Direct Memory Access (DMA) protection settings to mitigate DMA attacks, including [Kernel DMA Protection for Thunderbolt](https://docs.microsoft.com/windows/security/information-protection/kernel-dma-protection-for-thunderbolt) and blocking DMA until a user signs in. + - [Direct Memory Access (DMA) protection settings](#protect-dma) to mitigate DMA attacks, including [Kernel DMA Protection for Thunderbolt](https://docs.microsoft.com/windows/security/information-protection/kernel-dma-protection-for-thunderbolt) and blocking DMA until a user signs in. > [!NOTE] > These threat reduction measures help prevent malware from coming into your environment. To protect enterprise data from leaving your environment, you can also configure data loss prevention measures. For example, on Windows 10 devices you can configure [BitLocker](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview) and [Windows Information Protection](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure), which will encrypt company data even if it is stored on a personal device, or use the [Storage/RemovableDiskDenyWriteAccess CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-storage#storage-removablediskdenywriteaccess) to deny write access to removable disks. @@ -154,9 +154,9 @@ DMA attacks can lead to disclosure of sensitive information residing on a PC, or 1. Beginning with Windows 10 version 1803, Microsoft introduced [Kernel DMA Protection for Thunderbolt](https://docs.microsoft.com/windows/security/information-protection/kernel-dma-protection-for-thunderbolt) to provide native protection against DMA attacks via Thunderbolt ports. Kernel DMA Protection for Thunderbolt is built in to Windows 10 devices by equipment manufacturers and it can't be turned off. - You can provide additional protection by configuring the [DMA Guard CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-dmaguard#dmaguard-deviceenumerationpolicy). This policy controls whether devices that don't support memory isolation + You can add protection by configuring the [DMA Guard CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-dmaguard#dmaguard-deviceenumerationpolicy). This is an additional control for devices that don't support memory isolation such as DMA-remapping. These devices can be blocked, allowed, or allowed only after the user signs in. -2. Blocking DMA until a user signs in. For more information, see the +2. On other Windows 10 devices, you can also block DMA until a user signs in. For more information, see the [Allow Direct Memory Access CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-dataprotection#dataprotection-allowdirectmemoryaccess). ## Related topics From 8f08a69ab0ed2e339430b662bb6db4256dc907b1 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 11 Dec 2018 15:27:37 -0800 Subject: [PATCH 15/54] added links to csp docs --- .../device-control/control-usb-devices-using-intune.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index 1f87882825..687b06a3b0 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -47,7 +47,7 @@ For more information about controlling USB devices, see the [Microsoft Secure bl | [Allow installation of specific device IDs](#allow-installation-of-specific-device-ids) | Users can install only specifically approved devices. | To make sure removable storage is blocked or allowed as expected, we recommend trying these settings with a pilot group of users and devices, and refining the settings as needed before applying them in production. -You should block everything and allow only the removable storage properties of approved devices (such as vendor ID, and product ID) and limit users who need access because it is possible to spoof removable device properties. +We recommend to block everything and allow only the removable storage properties of approved devices (such as vendor ID, and product ID) and limit users who need access because it is possible to spoof removable device properties. ### Block installation of any removable storage device @@ -99,7 +99,10 @@ Each logical device might handle part of the functionality of the physical devic For example, a multi-function device, such as an all-in-one scanner/fax/printer, might have a different device identification string for each function. You must allow or prevent all of the device identification strings for that device. -For a SyncML example that allows installation of specific device IDs, see [DeviceInstallation/AllowInstallationOfMatchingDeviceIDs CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-allowinstallationofmatchingdeviceids). +For a SyncML example that allows installation of specific device IDs, see [DeviceInstallation/AllowInstallationOfMatchingDeviceIDs CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-allowinstallationofmatchingdeviceids). To allow specific device classes, see [DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-allowinstallationofmatchingdevicesetupclasses). +Allowing installation of specific devices requires also enabling [DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventinstallationofdevicesnotdescribedbyotherpolicysettings). + +For a SyncML example that prevents installation of specific device IDs, see [DeviceInstallation/PreventInstallationOfMatchingDeviceIDs CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventinstallationofmatchingdeviceids). To prevent specific device classes, see [DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventinstallationofmatchingdevicesetupclasses). ## Protect against threats @@ -154,7 +157,7 @@ DMA attacks can lead to disclosure of sensitive information residing on a PC, or 1. Beginning with Windows 10 version 1803, Microsoft introduced [Kernel DMA Protection for Thunderbolt](https://docs.microsoft.com/windows/security/information-protection/kernel-dma-protection-for-thunderbolt) to provide native protection against DMA attacks via Thunderbolt ports. Kernel DMA Protection for Thunderbolt is built in to Windows 10 devices by equipment manufacturers and it can't be turned off. - You can add protection by configuring the [DMA Guard CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-dmaguard#dmaguard-deviceenumerationpolicy). This is an additional control for devices that don't support memory isolation such as DMA-remapping. These devices can be blocked, allowed, or allowed only after the user signs in. + You can add protection by configuring the [DMA Guard CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-dmaguard#dmaguard-deviceenumerationpolicy). This is an additional control for devices that don't support memory isolation such as DMA-remapping. These devices can be blocked, allowed, or allowed only after the user signs in. Devices that do support memory isolation can always connect. 2. On other Windows 10 devices, you can also block DMA until a user signs in. For more information, see the [Allow Direct Memory Access CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-dataprotection#dataprotection-allowdirectmemoryaccess). From fd27b5f3d81c1bdf5c735df1eed44eaa27b93027 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 12 Dec 2018 10:44:23 -0800 Subject: [PATCH 16/54] edits from Luke's team --- .../device-control/control-usb-devices-using-intune.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index 687b06a3b0..bc6290b561 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -82,7 +82,7 @@ Alternatively, you can create a custom profile in Intune and configure [DeviceIn Windows can use device identification strings to control device installation and configuration. There are two types of device identification strings: hardware IDs and compatible IDs. -Hardware IDs are the identifiers that provide the most exact match between a device and a driver package. The first string in the list of hardware IDs is referred to as the device ID, because it matches the exact make, model, and revision of the device. The other hardware IDs in the list match the details of the device less exactly. For example, a hardware ID might identify the make and model of the device but not the specific revision. This scheme allows Windows to use a driver for a different revision of the device if the driver for the correct revision is not available. +Hardware IDs are the identifiers that provide the most exact match between a device and a driver package. The first string in the list of hardware IDs generally matches the make, model, and revision of the device. The other hardware IDs in the list match fewer details of the device. For example, a hardware ID might identify the make and model of the device but not the specific revision. This scheme allows Windows to use a driver for a different revision of the device if the driver for the correct revision is not available. You can get the hardware ID of a USB device in Device Manager. Locate the USB under Disk drives: @@ -92,7 +92,7 @@ Right-click the name of the device, click **Properties** > **Details** and selec ![Hardware IDs](images/disk-drive-hardware-id.png) -Windows uses compatible IDs to select a device driver if the operating system cannot find a match with the device ID or any of the other hardware IDs. Compatible IDs are listed in the order of decreasing suitability. These strings are optional, and, when provided, they are very generic, such as Disk. When a match is made using a compatible ID, you can typically use only the most basic functions of the device. +Windows uses compatible IDs to select a device driver if the operating system cannot find a match with the device ID or any of the other hardware IDs. Compatible IDs are listed in the order of decreasing suitability. These strings are often generic. When a match is made using a compatible ID, you might only the most basic functions of the device. Some physical devices create one or more logical devices when they are installed. Each logical device might handle part of the functionality of the physical device. From 69cc6124fa3c9f49d356ae7068b2fba50d42cf0c Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 12 Dec 2018 11:10:37 -0800 Subject: [PATCH 17/54] edited intro --- .../device-control/control-usb-devices-using-intune.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index bc6290b561..755978b83f 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -8,14 +8,14 @@ ms.pagetype: security ms.localizationpriority: medium ms.author: justinha author: justinha -ms.date: 12/12/2018 +ms.date: 12/13/2018 --- # How to control USB devices and other removable media using Windows Defender ATP **Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) -Windows Defender ATP enables security administrators to view, prevent, and protect against unauthorized peripherals, such as cameras, removeable storage devices, and so on, from being used to compromise devices (i.e. Threat Infections) or being used to exfiltrate sensitive information (i.e. Data Loss Prevention). +Windows Defender ATP enables security administrators to view, prevent, and protect unauthorized peripherals such as cameras and removeable storage devices from threat infections that compromise devices or from being used to exfiltrate sensitive information (data loss prevention). - [View plug and play connected events in Windows Defender ATP advanced hunting](#view-plug-and-play-connected-events) to identify or investigate suspicious usage activity. Based on any WDATP event, you can customize alerts using a [custom detection rule](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/custom-detection-rules). - [Prevent or limit peripherals](#prevent-or-limit-peripherals) from being seen by or interacted with devices. Device installation restrictions can also be set to handle an active incident, such as immediately blocking a user or machine’s access to all removable storage. The following policy and configurations let you do this: From 3a6f5a6d02d69e8c30aebbcd4d82f7b918a482a6 Mon Sep 17 00:00:00 2001 From: Anthony Chen Date: Wed, 12 Dec 2018 19:52:07 -0800 Subject: [PATCH 18/54] Updated docs to read better --- .../control-usb-devices-using-intune.md | 52 +++++++++---------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index 755978b83f..92feeff8f2 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -15,12 +15,10 @@ ms.date: 12/13/2018 **Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) -Windows Defender ATP enables security administrators to view, prevent, and protect unauthorized peripherals such as cameras and removeable storage devices from threat infections that compromise devices or from being used to exfiltrate sensitive information (data loss prevention). +Windows Defender ATP provides multiple monitoring and control features for USB peripherals to help prevent threats in unauthorized peripherals from compromising your devices: -- [View plug and play connected events in Windows Defender ATP advanced hunting](#view-plug-and-play-connected-events) to identify or investigate suspicious usage activity. Based on any WDATP event, you can customize alerts using a [custom detection rule](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/custom-detection-rules). -- [Prevent or limit peripherals](#prevent-or-limit-peripherals) from being seen by or interacted with devices. Device installation restrictions can also be set to handle an active incident, such as immediately blocking a user or machine’s access to all removable storage. The following policy and configurations let you do this: - - Granular configuration to deny write access to removable disks and approve or deny devices by USB vendor code, product code, device IDs, or a combination. - - Flexible policy assignment of device installation settings based on an individual or group of Azure Active Directory (Azure AD) users and devices. +- [View plug and play events for USB peripherals in Windows Defender ATP advanced hunting](#view-plug-and-play-connected-events) to identify or investigate suspicious usage activity. Create customized alerts based on these PnP events or any other WDATP events with [custom detection rules](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/custom-detection-rules). +- [Prevent USB peripherals from being used on devices](#prevent-usb-peripheral-from-being-used-on-devices) in real-time based on properties reported by the USB peripheral. - [Protect against threats](#protect-against-threats) introduced by removable storage devices by enabling: - [Windows Defender Antivirus real-time protection (RTP)](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus) to scan removable storage for malware. - [Exploit Guard Attack Surface Reduction (ASR) USB rule](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard) to block untrusted and unsigned processes that run from USB. @@ -35,21 +33,23 @@ You can view plug and play connected events in Windows Defender ATP advanced hun For examples of Windows Defender ATP advanced hunting queries, see the [Windows Defender ATP hunting queries GitHub repo](https://github.com/Microsoft/WindowsDefenderATP-Hunting-Queries). Based on any Windows Defender ATP event, including the plug and play events, you can create custom alerts using the Windows Defender ATP [custom detection rule feature](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/custom-detection-rules). -## Prevent or limit peripherals +## Prevent USB peripherals from being used on devices -WDATP can help reduce threats from removable storage such as USB devices. -The following table describes different scenarios for controlling installation and usage of removeable storage and other devices. +WDATP can prevent USB peripherals from being used on devices to help prevent external threats from compromizing your devices. It does this by using the properties reported by USB peripherals to determine whether or not they can be installed and hence used on the device. + +The following table describes the two ways WDATP can help prevent installation and usage of USB peripherals. For more information about controlling USB devices, see the [Microsoft Secure blog](https://cloudblogs.microsoft.com/microsoftsecure/). | Control | Description | |----------|-------------| -| [Block installation of any removable storage device](#block-installation-of-any-removable-storage-device) | Users can't install any removable storage device. | -| [Allow installation of specific device IDs](#allow-installation-of-specific-device-ids) | Users can install only specifically approved devices. | +| [Block installation and usage of removable USB storage](#block-installation-and-usage-of-removable-USB-storage) | Users cannot install and cannot use removable USB storage | +| [Only allow installation and usage of specific approved USB peripherals](#allow-installation-of-specific-device-ids) | Users can only install and use approved peripherals that report specific USB properties in their firmware | -To make sure removable storage is blocked or allowed as expected, we recommend trying these settings with a pilot group of users and devices, and refining the settings as needed before applying them in production. -We recommend to block everything and allow only the removable storage properties of approved devices (such as vendor ID, and product ID) and limit users who need access because it is possible to spoof removable device properties. +[!Note] Always test and refine these settings with a pilot group of users and devices first before applying them in production. -### Block installation of any removable storage device +[!Note] Because unauthorized USB peripherals can have firmware that spoofs its USB properties, we recommend only allowing specific approved USB peripherals and limiting the users that can access these peripherals + +### Block installation and usage of removable USB storage 1. Sign in to the [Microsoft Azure portal](https://portal.azure.com/). 2. Click **Intune** > **Device configuration** > **Profiles** > **Create profile**. @@ -75,12 +75,11 @@ We recommend to block everything and allow only the removable storage properties 7. Click **Create** to save the profile. -### Allow installation of specific device IDs +### Only allow installation and usage of specific approved USB peripherals -Alternatively, you can create a custom profile in Intune and configure [DeviceInstallation](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation) policies to allow or prevent the installation of specific types of removable devices. +WDATP also allows you to only allow installation and usage of specific approved USB peripherals by creating a custom profile in Intune and configuring [DeviceInstallation policies](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation). -Windows can use device identification strings to control device installation and configuration. -There are two types of device identification strings: hardware IDs and compatible IDs. +Peripherals that are allowed to be installed can be specified by their hardware ID or their compatible ID. Hardware IDs are the identifiers that provide the most exact match between a device and a driver package. The first string in the list of hardware IDs generally matches the make, model, and revision of the device. The other hardware IDs in the list match fewer details of the device. For example, a hardware ID might identify the make and model of the device but not the specific revision. This scheme allows Windows to use a driver for a different revision of the device if the driver for the correct revision is not available. @@ -92,8 +91,9 @@ Right-click the name of the device, click **Properties** > **Details** and selec ![Hardware IDs](images/disk-drive-hardware-id.png) -Windows uses compatible IDs to select a device driver if the operating system cannot find a match with the device ID or any of the other hardware IDs. Compatible IDs are listed in the order of decreasing suitability. These strings are often generic. When a match is made using a compatible ID, you might only the most basic functions of the device. +Compatible IDs are identifiers that Windows uses to select a device driver if the operating system cannot find a match with the device ID or any of the other hardware IDs. Compatible IDs are listed in the order of decreasing suitability. These strings are often generic. When a match is made using a compatible ID, you might only the most basic functions of the device. +[!Note] Some physical devices create one or more logical devices when they are installed. Each logical device might handle part of the functionality of the physical device. For example, a multi-function device, such as an all-in-one scanner/fax/printer, might have a different device identification string for each function. @@ -104,23 +104,23 @@ Allowing installation of specific devices requires also enabling [DeviceInstalla For a SyncML example that prevents installation of specific device IDs, see [DeviceInstallation/PreventInstallationOfMatchingDeviceIDs CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventinstallationofmatchingdeviceids). To prevent specific device classes, see [DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventinstallationofmatchingdevicesetupclasses). -## Protect against threats +## Protect against threats on removable USB storage -If removable devices are fully or even partially allowed, you can add protection to identify and block malicious files. +WDATP can help identify and block malicious files on allowed removeable USB storage peripherals. ### Enable Windows Defender Antivirus Scanning -Protecting authorized removable storage with Windows Defender Antivirus requires [enabling real-time protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus). +Protecting allowed removable storage with Windows Defender Antivirus requires [enabling real-time protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus). If real-time protection is enabled, files are scanned before they are accessed and executed. The scanning scope includes all files, including those on mounted removable devices such as USB drives. You can optionally [run a PowerShell script to perform a custom scan](https://aka.ms/scanusb) of a USB drive after it is mounted. However, we recommend enabling real-time protection for improved scanning performance, especially for large storage devices. -### Block untrusted and unsigned processes that run from USB attack surface reduction rule +### Block untrusted and unsigned processes on USB peripherals End-users might plug in removable devices that are infected with malware. -In order to prevent infections, a company can block files that are not signed or are untrusted from USB devices. -Alternatively, companies can leverage the audit feature of attack surface reduction rules to monitor the activity of untrusted and unsigned processes that execute on a USB device. +In order to prevent infections, a company can block files that are not signed or are untrusted from USB peripherals. +Alternatively, companies can leverage the audit feature of attack surface reduction rules to monitor the activity of untrusted and unsigned processes that execute on a USB peripheral. This can be done by setting **Untrusted and unsigned processes that run from USB** to either **Block** or **Audit only**, respectively. With this rule, admins can prevent or audit unsigned or untrusted executable files from running from USB removable drives, including SD cards. Affected file types include executable files (such as .exe, .dll, or .scr) and script files such as a PowerShell (.ps), VisualBasic (.vbs), or JavaScript (.js) files. @@ -151,9 +151,9 @@ These settings require [enabling real-time protection](https://docs.microsoft.co 7. Click **Create** to save the profile. -### Protect DMA +### Protect against DMA attacks -DMA attacks can lead to disclosure of sensitive information residing on a PC, or even injection of malware that allows attackers to bypass the lock screen or control PCs remotely. The following settings help to prevent DMA attacks: +DMA attacks can lead to disclosure of sensitive information residing on a PC, or even injection of malware that allows attackers to bypass the lock screen or control PCs remotely. The following settings help to protect against DMA attacks: 1. Beginning with Windows 10 version 1803, Microsoft introduced [Kernel DMA Protection for Thunderbolt](https://docs.microsoft.com/windows/security/information-protection/kernel-dma-protection-for-thunderbolt) to provide native protection against DMA attacks via Thunderbolt ports. Kernel DMA Protection for Thunderbolt is built in to Windows 10 devices by equipment manufacturers and it can't be turned off. From 363d5b76b1307b6cbc4c50a4ba5d018b600b5a76 Mon Sep 17 00:00:00 2001 From: Aacer Daken Date: Thu, 13 Dec 2018 17:01:00 +0000 Subject: [PATCH 19/54] Updated control-usb-devices-using-intune.md with few suggestions for the DMA section --- .../control-usb-devices-using-intune.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index 755978b83f..07c9b5b919 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -151,16 +151,17 @@ These settings require [enabling real-time protection](https://docs.microsoft.co 7. Click **Create** to save the profile. -### Protect DMA +### Protect against Direct Memory Access (DMA) attacks DMA attacks can lead to disclosure of sensitive information residing on a PC, or even injection of malware that allows attackers to bypass the lock screen or control PCs remotely. The following settings help to prevent DMA attacks: -1. Beginning with Windows 10 version 1803, Microsoft introduced [Kernel DMA Protection for Thunderbolt](https://docs.microsoft.com/windows/security/information-protection/kernel-dma-protection-for-thunderbolt) to provide native protection against DMA attacks via Thunderbolt ports. Kernel DMA Protection for Thunderbolt is built in to Windows 10 devices by equipment manufacturers and it can't be turned off. +1. Beginning with Windows 10 version 1803, Microsoft introduced [Kernel DMA Protection for Thunderbolt](https://docs.microsoft.com/windows/security/information-protection/kernel-dma-protection-for-thunderbolt) to provide native protection against DMA attacks via Thunderbolt ports. Kernel DMA Protection for Thunderbolt is enabled by system manufacturer, and cannot be enabled/disabled by end users. - You can add protection by configuring the [DMA Guard CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-dmaguard#dmaguard-deviceenumerationpolicy). This is an additional control for devices that don't support memory isolation such as DMA-remapping. These devices can be blocked, allowed, or allowed only after the user signs in. Devices that do support memory isolation can always connect. + You can adjust the level of protection of Kernel DMA Protection by configuring the [DMA Guard CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-dmaguard#dmaguard-deviceenumerationpolicy)(only available in Windows 1809 and later releases). This is an additional control for devices that don't support device memory isolation (a.k.a. DMA-remapping). These devices can be blocked, allowed, or allowed only after the user signs in. Devices that do support device memory isolation can always connect. -2. On other Windows 10 devices, you can also block DMA until a user signs in. For more information, see the -[Allow Direct Memory Access CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-dataprotection#dataprotection-allowdirectmemoryaccess). +2. On Windows 10 systems that do not support Kernel DMA Protection, you can + - Block DMA until a user signs in. For more information, see the [Allow Direct Memory Access CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-dataprotection#dataprotection-allowdirectmemoryaccess). + - Block all connections via the Thunderbolt ports (including USB devices), see [Blocking the SBP-2 driver and Thunderbolt controllers to reduce 1394 DMA and Thunderbolt DMA threats to BitLocker](https://support.microsoft.com/en-us/help/2516445/blocking-the-sbp-2-driver-and-thunderbolt-controllers-to-reduce-1394-d). ## Related topics From 9517713e22ef1a6a4cd62cb2272fc3506625c2ca Mon Sep 17 00:00:00 2001 From: Aacer Daken Date: Thu, 13 Dec 2018 17:15:23 +0000 Subject: [PATCH 20/54] Updated control-usb-devices-using-intune.md --- .../device-control/control-usb-devices-using-intune.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index 07c9b5b919..4d64f62d23 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -160,8 +160,8 @@ DMA attacks can lead to disclosure of sensitive information residing on a PC, or You can adjust the level of protection of Kernel DMA Protection by configuring the [DMA Guard CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-dmaguard#dmaguard-deviceenumerationpolicy)(only available in Windows 1809 and later releases). This is an additional control for devices that don't support device memory isolation (a.k.a. DMA-remapping). These devices can be blocked, allowed, or allowed only after the user signs in. Devices that do support device memory isolation can always connect. 2. On Windows 10 systems that do not support Kernel DMA Protection, you can - - Block DMA until a user signs in. For more information, see the [Allow Direct Memory Access CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-dataprotection#dataprotection-allowdirectmemoryaccess). - - Block all connections via the Thunderbolt ports (including USB devices), see [Blocking the SBP-2 driver and Thunderbolt controllers to reduce 1394 DMA and Thunderbolt DMA threats to BitLocker](https://support.microsoft.com/en-us/help/2516445/blocking-the-sbp-2-driver-and-thunderbolt-controllers-to-reduce-1394-d). + - Block DMA until a user signs in. For more information, see the [Allow Direct Memory Access CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-dataprotection#dataprotection-allowdirectmemoryaccess). + - Block all connections via the Thunderbolt ports (including USB devices), see [Blocking the SBP-2 driver and Thunderbolt controllers to reduce 1394 DMA and Thunderbolt DMA threats to BitLocker](https://support.microsoft.com/en-us/help/2516445/blocking-the-sbp-2-driver-and-thunderbolt-controllers-to-reduce-1394-d). ## Related topics From 09f91b9b7cea3390c35946ac252ee60a0a158c7a Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 13 Dec 2018 11:30:38 -0800 Subject: [PATCH 21/54] Added changes from Aacer --- .../control-usb-devices-using-intune.md | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index 755978b83f..972b5095c0 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -8,7 +8,7 @@ ms.pagetype: security ms.localizationpriority: medium ms.author: justinha author: justinha -ms.date: 12/13/2018 +ms.date: 12/14/2018 --- # How to control USB devices and other removable media using Windows Defender ATP @@ -24,7 +24,7 @@ Windows Defender ATP enables security administrators to view, prevent, and prote - [Protect against threats](#protect-against-threats) introduced by removable storage devices by enabling: - [Windows Defender Antivirus real-time protection (RTP)](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus) to scan removable storage for malware. - [Exploit Guard Attack Surface Reduction (ASR) USB rule](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard) to block untrusted and unsigned processes that run from USB. - - [Direct Memory Access (DMA) protection settings](#protect-dma) to mitigate DMA attacks, including [Kernel DMA Protection for Thunderbolt](https://docs.microsoft.com/windows/security/information-protection/kernel-dma-protection-for-thunderbolt) and blocking DMA until a user signs in. + - [Direct Memory Access (DMA) protection settings](#protect-against-direct-memory-access--dma--attacks) to mitigate DMA attacks, including [Kernel DMA Protection for Thunderbolt](https://docs.microsoft.com/windows/security/information-protection/kernel-dma-protection-for-thunderbolt) and blocking DMA until a user signs in. > [!NOTE] > These threat reduction measures help prevent malware from coming into your environment. To protect enterprise data from leaving your environment, you can also configure data loss prevention measures. For example, on Windows 10 devices you can configure [BitLocker](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview) and [Windows Information Protection](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure), which will encrypt company data even if it is stored on a personal device, or use the [Storage/RemovableDiskDenyWriteAccess CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-storage#storage-removablediskdenywriteaccess) to deny write access to removable disks. @@ -151,16 +151,18 @@ These settings require [enabling real-time protection](https://docs.microsoft.co 7. Click **Create** to save the profile. -### Protect DMA +### Protect against Direct Memory Access (DMA) attacks DMA attacks can lead to disclosure of sensitive information residing on a PC, or even injection of malware that allows attackers to bypass the lock screen or control PCs remotely. The following settings help to prevent DMA attacks: -1. Beginning with Windows 10 version 1803, Microsoft introduced [Kernel DMA Protection for Thunderbolt](https://docs.microsoft.com/windows/security/information-protection/kernel-dma-protection-for-thunderbolt) to provide native protection against DMA attacks via Thunderbolt ports. Kernel DMA Protection for Thunderbolt is built in to Windows 10 devices by equipment manufacturers and it can't be turned off. +1. Beginning with Windows 10 version 1803, Microsoft introduced [Kernel DMA Protection for Thunderbolt](https://docs.microsoft.com/windows/security/information-protection/kernel-dma-protection-for-thunderbolt) to provide native protection against DMA attacks via Thunderbolt ports. Kernel DMA Protection for Thunderbolt is enabled by system manufacturers and cannot be turned on or off by users. - You can add protection by configuring the [DMA Guard CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-dmaguard#dmaguard-deviceenumerationpolicy). This is an additional control for devices that don't support memory isolation such as DMA-remapping. These devices can be blocked, allowed, or allowed only after the user signs in. Devices that do support memory isolation can always connect. + Beginning with Windows 10 version 1809, you can adjust the level of Kernel DMA Protection by configuring the [DMA Guard CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-dmaguard#dmaguard-deviceenumerationpolicy). This is an additional control for devices that don't support device memory isolation (also known as DMA-remapping). These devices can be blocked, allowed, or allowed only after the user signs in. Devices that do support device memory isolation can always connect. -2. On other Windows 10 devices, you can also block DMA until a user signs in. For more information, see the -[Allow Direct Memory Access CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-dataprotection#dataprotection-allowdirectmemoryaccess). +2. On Windows 10 systems that do not suppprt Kernel DMA Protection, you can: + + - [Block DMA until a user signs in](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-dataprotection#dataprotection-allowdirectmemoryaccess) + - [Block all connections via the Thunderbolt ports (including USB devices)](https://support.microsoft.com/help/2516445/blocking-the-sbp-2-driver-and-thunderbolt-controllers-to-reduce-1394-d) ## Related topics From 02cf0d0907770ce39d6ec39b07c2c71f920e11f6 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 13 Dec 2018 11:32:19 -0800 Subject: [PATCH 22/54] Aacer changes --- .../device-control/control-usb-devices-using-intune.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index 972b5095c0..cf59d6d65a 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -157,7 +157,7 @@ DMA attacks can lead to disclosure of sensitive information residing on a PC, or 1. Beginning with Windows 10 version 1803, Microsoft introduced [Kernel DMA Protection for Thunderbolt](https://docs.microsoft.com/windows/security/information-protection/kernel-dma-protection-for-thunderbolt) to provide native protection against DMA attacks via Thunderbolt ports. Kernel DMA Protection for Thunderbolt is enabled by system manufacturers and cannot be turned on or off by users. - Beginning with Windows 10 version 1809, you can adjust the level of Kernel DMA Protection by configuring the [DMA Guard CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-dmaguard#dmaguard-deviceenumerationpolicy). This is an additional control for devices that don't support device memory isolation (also known as DMA-remapping). These devices can be blocked, allowed, or allowed only after the user signs in. Devices that do support device memory isolation can always connect. + Beginning with Windows 10 version 1809, you can adjust the level of Kernel DMA Protection by configuring the [DMA Guard CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-dmaguard#dmaguard-deviceenumerationpolicy). This is an additional control for devices that don't support device memory isolation (also known as DMA-remapping). These devices can be blocked, allowed, or allowed only after the user signs in (default). Devices that do support device memory isolation can always connect. 2. On Windows 10 systems that do not suppprt Kernel DMA Protection, you can: From 6bb17b294cbb83ad7af72d51ec644c8fa0bd24b0 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 13 Dec 2018 12:11:14 -0800 Subject: [PATCH 23/54] added links --- .../control-usb-devices-using-intune.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index 4d64f62d23..22d3958ebd 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -24,7 +24,7 @@ Windows Defender ATP enables security administrators to view, prevent, and prote - [Protect against threats](#protect-against-threats) introduced by removable storage devices by enabling: - [Windows Defender Antivirus real-time protection (RTP)](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus) to scan removable storage for malware. - [Exploit Guard Attack Surface Reduction (ASR) USB rule](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard) to block untrusted and unsigned processes that run from USB. - - [Direct Memory Access (DMA) protection settings](#protect-dma) to mitigate DMA attacks, including [Kernel DMA Protection for Thunderbolt](https://docs.microsoft.com/windows/security/information-protection/kernel-dma-protection-for-thunderbolt) and blocking DMA until a user signs in. + - [Direct Memory Access (DMA) protection settings](#protect-against-direct-memory-access--dma--attacks) to mitigate DMA attacks, including [Kernel DMA Protection for Thunderbolt](https://docs.microsoft.com/windows/security/information-protection/kernel-dma-protection-for-thunderbolt) and blocking DMA until a user signs in. > [!NOTE] > These threat reduction measures help prevent malware from coming into your environment. To protect enterprise data from leaving your environment, you can also configure data loss prevention measures. For example, on Windows 10 devices you can configure [BitLocker](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview) and [Windows Information Protection](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure), which will encrypt company data even if it is stored on a personal device, or use the [Storage/RemovableDiskDenyWriteAccess CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-storage#storage-removablediskdenywriteaccess) to deny write access to removable disks. @@ -155,13 +155,15 @@ These settings require [enabling real-time protection](https://docs.microsoft.co DMA attacks can lead to disclosure of sensitive information residing on a PC, or even injection of malware that allows attackers to bypass the lock screen or control PCs remotely. The following settings help to prevent DMA attacks: -1. Beginning with Windows 10 version 1803, Microsoft introduced [Kernel DMA Protection for Thunderbolt](https://docs.microsoft.com/windows/security/information-protection/kernel-dma-protection-for-thunderbolt) to provide native protection against DMA attacks via Thunderbolt ports. Kernel DMA Protection for Thunderbolt is enabled by system manufacturer, and cannot be enabled/disabled by end users. +1. Beginning with Windows 10 version 1803, Microsoft introduced [Kernel DMA Protection for Thunderbolt](https://docs.microsoft.com/windows/security/information-protection/kernel-dma-protection-for-thunderbolt) to provide native protection against DMA attacks via Thunderbolt ports. Kernel DMA Protection for Thunderbolt is enabled by system manufacturers and cannot be turned on or off by users. - You can adjust the level of protection of Kernel DMA Protection by configuring the [DMA Guard CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-dmaguard#dmaguard-deviceenumerationpolicy)(only available in Windows 1809 and later releases). This is an additional control for devices that don't support device memory isolation (a.k.a. DMA-remapping). These devices can be blocked, allowed, or allowed only after the user signs in. Devices that do support device memory isolation can always connect. + Beginning with Windows 10 version 1809, you can adjust the level of Kernel DMA Protection by configuring the [DMA Guard CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-dmaguard#dmaguard-deviceenumerationpolicy). This is an additional control for devices that don't support device memory isolation (also known as DMA-remapping). These devices can be blocked, allowed, or allowed only after the user signs in (default). Devices that do support device memory isolation can always connect. + +2. On Windows 10 systems that do not suppprt Kernel DMA Protection, you can: + + - [Block DMA until a user signs in](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-dataprotection#dataprotection-allowdirectmemoryaccess) + - [Block all connections via the Thunderbolt ports (including USB devices)](https://support.microsoft.com/help/2516445/blocking-the-sbp-2-driver-and-thunderbolt-controllers-to-reduce-1394-d) -2. On Windows 10 systems that do not support Kernel DMA Protection, you can - - Block DMA until a user signs in. For more information, see the [Allow Direct Memory Access CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-dataprotection#dataprotection-allowdirectmemoryaccess). - - Block all connections via the Thunderbolt ports (including USB devices), see [Blocking the SBP-2 driver and Thunderbolt controllers to reduce 1394 DMA and Thunderbolt DMA threats to BitLocker](https://support.microsoft.com/en-us/help/2516445/blocking-the-sbp-2-driver-and-thunderbolt-controllers-to-reduce-1394-d). ## Related topics From 04b1288f82ec11ecb3fefaa29281622d357df16f Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 13 Dec 2018 12:15:04 -0800 Subject: [PATCH 24/54] edits --- .../control-usb-devices-using-intune.md | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index 92feeff8f2..780dab572f 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -8,7 +8,7 @@ ms.pagetype: security ms.localizationpriority: medium ms.author: justinha author: justinha -ms.date: 12/13/2018 +ms.date: 12/14/2018 --- # How to control USB devices and other removable media using Windows Defender ATP @@ -22,7 +22,7 @@ Windows Defender ATP provides multiple monitoring and control features for USB p - [Protect against threats](#protect-against-threats) introduced by removable storage devices by enabling: - [Windows Defender Antivirus real-time protection (RTP)](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus) to scan removable storage for malware. - [Exploit Guard Attack Surface Reduction (ASR) USB rule](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard) to block untrusted and unsigned processes that run from USB. - - [Direct Memory Access (DMA) protection settings](#protect-dma) to mitigate DMA attacks, including [Kernel DMA Protection for Thunderbolt](https://docs.microsoft.com/windows/security/information-protection/kernel-dma-protection-for-thunderbolt) and blocking DMA until a user signs in. + - [Direct Memory Access (DMA) protection settings](#protect-against-direct-memory-access--dma--attacks) to mitigate DMA attacks, including [Kernel DMA Protection for Thunderbolt](https://docs.microsoft.com/windows/security/information-protection/kernel-dma-protection-for-thunderbolt) and blocking DMA until a user signs in. > [!NOTE] > These threat reduction measures help prevent malware from coming into your environment. To protect enterprise data from leaving your environment, you can also configure data loss prevention measures. For example, on Windows 10 devices you can configure [BitLocker](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview) and [Windows Information Protection](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure), which will encrypt company data even if it is stored on a personal device, or use the [Storage/RemovableDiskDenyWriteAccess CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-storage#storage-removablediskdenywriteaccess) to deny write access to removable disks. @@ -151,16 +151,19 @@ These settings require [enabling real-time protection](https://docs.microsoft.co 7. Click **Create** to save the profile. -### Protect against DMA attacks +### Protect against Direct Memory Access (DMA) attacks -DMA attacks can lead to disclosure of sensitive information residing on a PC, or even injection of malware that allows attackers to bypass the lock screen or control PCs remotely. The following settings help to protect against DMA attacks: +DMA attacks can lead to disclosure of sensitive information residing on a PC, or even injection of malware that allows attackers to bypass the lock screen or control PCs remotely. The following settings help to prevent DMA attacks: -1. Beginning with Windows 10 version 1803, Microsoft introduced [Kernel DMA Protection for Thunderbolt](https://docs.microsoft.com/windows/security/information-protection/kernel-dma-protection-for-thunderbolt) to provide native protection against DMA attacks via Thunderbolt ports. Kernel DMA Protection for Thunderbolt is built in to Windows 10 devices by equipment manufacturers and it can't be turned off. +1. Beginning with Windows 10 version 1803, Microsoft introduced [Kernel DMA Protection for Thunderbolt](https://docs.microsoft.com/windows/security/information-protection/kernel-dma-protection-for-thunderbolt) to provide native protection against DMA attacks via Thunderbolt ports. Kernel DMA Protection for Thunderbolt is enabled by system manufacturers and cannot be turned on or off by users. - You can add protection by configuring the [DMA Guard CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-dmaguard#dmaguard-deviceenumerationpolicy). This is an additional control for devices that don't support memory isolation such as DMA-remapping. These devices can be blocked, allowed, or allowed only after the user signs in. Devices that do support memory isolation can always connect. + Beginning with Windows 10 version 1809, you can adjust the level of Kernel DMA Protection by configuring the [DMA Guard CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-dmaguard#dmaguard-deviceenumerationpolicy). This is an additional control for devices that don't support device memory isolation (also known as DMA-remapping). These devices can be blocked, allowed, or allowed only after the user signs in (default). Devices that do support device memory isolation can always connect. + +2. On Windows 10 systems that do not suppprt Kernel DMA Protection, you can: + + - [Block DMA until a user signs in](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-dataprotection#dataprotection-allowdirectmemoryaccess) + - [Block all connections via the Thunderbolt ports (including USB devices)](https://support.microsoft.com/help/2516445/blocking-the-sbp-2-driver-and-thunderbolt-controllers-to-reduce-1394-d) -2. On other Windows 10 devices, you can also block DMA until a user signs in. For more information, see the -[Allow Direct Memory Access CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-dataprotection#dataprotection-allowdirectmemoryaccess). ## Related topics From 67fbb85a070df40c109727d5c663ba42caf55c32 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 13 Dec 2018 12:40:39 -0800 Subject: [PATCH 25/54] added anch edits --- .../control-usb-devices-using-intune.md | 47 ++++++++++++------- 1 file changed, 30 insertions(+), 17 deletions(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index 780dab572f..aec4fcb852 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -17,8 +17,10 @@ ms.date: 12/14/2018 Windows Defender ATP provides multiple monitoring and control features for USB peripherals to help prevent threats in unauthorized peripherals from compromising your devices: -- [View plug and play events for USB peripherals in Windows Defender ATP advanced hunting](#view-plug-and-play-connected-events) to identify or investigate suspicious usage activity. Create customized alerts based on these PnP events or any other WDATP events with [custom detection rules](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/custom-detection-rules). +- [View plug and play events for USB peripherals in Windows Defender ATP advanced hunting](#view-plug-and-play-connected-events) to identify or investigate suspicious usage activity. Create customized alerts based on these PnP events or any other Windows Defender ATP events with [custom detection rules](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/custom-detection-rules). - [Prevent USB peripherals from being used on devices](#prevent-usb-peripheral-from-being-used-on-devices) in real-time based on properties reported by the USB peripheral. + - Granular configuration to deny write access to removable disks and approve or deny devices by USB vendor code, product code, device IDs, or a combination. + - Flexible policy assignment of device installation settings based on an individual or group of Azure Active Directory (Azure AD) users and devices. - [Protect against threats](#protect-against-threats) introduced by removable storage devices by enabling: - [Windows Defender Antivirus real-time protection (RTP)](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus) to scan removable storage for malware. - [Exploit Guard Attack Surface Reduction (ASR) USB rule](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard) to block untrusted and unsigned processes that run from USB. @@ -35,19 +37,21 @@ Based on any Windows Defender ATP event, including the plug and play events, you ## Prevent USB peripherals from being used on devices -WDATP can prevent USB peripherals from being used on devices to help prevent external threats from compromizing your devices. It does this by using the properties reported by USB peripherals to determine whether or not they can be installed and hence used on the device. +Windows Defender ATP can prevent USB peripherals from being used on devices to help prevent external threats. It does this by using the properties reported by USB peripherals to determine whether or not they can be installed and used on the device. -The following table describes the two ways WDATP can help prevent installation and usage of USB peripherals. +> [!Note] +> Always test and refine these settings with a pilot group of users and devices first before applying them in production. + +The following table describes the two ways Windows Defender ATP can help prevent installation and usage of USB peripherals. For more information about controlling USB devices, see the [Microsoft Secure blog](https://cloudblogs.microsoft.com/microsoftsecure/). | Control | Description | |----------|-------------| | [Block installation and usage of removable USB storage](#block-installation-and-usage-of-removable-USB-storage) | Users cannot install and cannot use removable USB storage | -| [Only allow installation and usage of specific approved USB peripherals](#allow-installation-of-specific-device-ids) | Users can only install and use approved peripherals that report specific USB properties in their firmware | +| [Only allow installation and usage of specific approved USB peripherals](#only-allow-installation-and-usage-of-specifically-approved-usb-peripherals) | Users can only install and use approved peripherals that report specific USB properties in their firmware | -[!Note] Always test and refine these settings with a pilot group of users and devices first before applying them in production. - -[!Note] Because unauthorized USB peripherals can have firmware that spoofs its USB properties, we recommend only allowing specific approved USB peripherals and limiting the users that can access these peripherals +> [!Note] +> Because unauthorized USB peripherals can have firmware that spoofs its USB properties, we recommend only allowing specifically approved USB peripherals and limiting the users that can access them. ### Block installation and usage of removable USB storage @@ -75,9 +79,9 @@ For more information about controlling USB devices, see the [Microsoft Secure bl 7. Click **Create** to save the profile. -### Only allow installation and usage of specific approved USB peripherals +### Only allow installation and usage of specifically approved USB peripherals -WDATP also allows you to only allow installation and usage of specific approved USB peripherals by creating a custom profile in Intune and configuring [DeviceInstallation policies](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation). +Windows Defender ATP also allows you to only allow installation and usage of specific approved USB peripherals by creating a custom profile in Intune and configuring [DeviceInstallation policies](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation). Peripherals that are allowed to be installed can be specified by their hardware ID or their compatible ID. @@ -93,11 +97,8 @@ Right-click the name of the device, click **Properties** > **Details** and selec Compatible IDs are identifiers that Windows uses to select a device driver if the operating system cannot find a match with the device ID or any of the other hardware IDs. Compatible IDs are listed in the order of decreasing suitability. These strings are often generic. When a match is made using a compatible ID, you might only the most basic functions of the device. -[!Note] -Some physical devices create one or more logical devices when they are installed. -Each logical device might handle part of the functionality of the physical device. -For example, a multi-function device, such as an all-in-one scanner/fax/printer, might have a different device identification string for each function. -You must allow or prevent all of the device identification strings for that device. +> [!Note] +> Some physical devices create one or more logical devices when they are installed. Each logical device might handle part of the functionality of the physical device. For example, a multi-function device, such as an all-in-one scanner/fax/printer, might have a different device identification string for each function. You must allow or prevent all of the device identification strings for that device. For a SyncML example that allows installation of specific device IDs, see [DeviceInstallation/AllowInstallationOfMatchingDeviceIDs CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-allowinstallationofmatchingdeviceids). To allow specific device classes, see [DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-allowinstallationofmatchingdevicesetupclasses). Allowing installation of specific devices requires also enabling [DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventinstallationofdevicesnotdescribedbyotherpolicysettings). @@ -106,14 +107,26 @@ For a SyncML example that prevents installation of specific device IDs, see [Dev ## Protect against threats on removable USB storage -WDATP can help identify and block malicious files on allowed removeable USB storage peripherals. +Windows Defender ATP can help identify and block malicious files on allowed removeable USB storage peripherals. ### Enable Windows Defender Antivirus Scanning -Protecting allowed removable storage with Windows Defender Antivirus requires [enabling real-time protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus). +Protecting authorized removable storage with Windows Defender Antivirus requires [enabling real-time protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus) or scheduling scans and configuring removable drives for scans. + +- If real-time protection is enabled, files are scanned before they are accessed and executed. The scanning scope includes all files, including those on mounted removable devices such as USB drives. You can optionally [run a PowerShell script to perform a custom scan](https://aka.ms/scanusb) of a USB drive after it is mounted, so that Windows Defender Antivirus starts scanning all files on a removable device once the removable device is attached. However, we recommend enabling real-time protection for improved scanning performance, especially for large storage devices. +- If scheduled scans are used, then you need to disable the DisableRemovableDriveScanning (enabled by default) to scan the removable device during a full scan. Removable devices are scanned during a quick or custom scan regardless of the DisableRemovableDriveScanning setting. + +> [!NOTE] +> We recommend using the real-time protection for scanning (need to build this out.) + +(I haven’t checked if there is an Intune setting or if we need to use the Defender CSP. – Justin can you look into this?). + + + +Protecting allowed removable storage with Windows Defender Antivirus requires . If real-time protection is enabled, files are scanned before they are accessed and executed. The scanning scope includes all files, including those on mounted removable devices such as USB drives. -You can optionally [run a PowerShell script to perform a custom scan](https://aka.ms/scanusb) of a USB drive after it is mounted. +You can optionally of a USB drive after it is mounted. However, we recommend enabling real-time protection for improved scanning performance, especially for large storage devices. ### Block untrusted and unsigned processes on USB peripherals From 09caeb11b27bb13f029142cf49e69926ad6dc47b Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 13 Dec 2018 12:48:04 -0800 Subject: [PATCH 26/54] edits from Jody --- .../control-usb-devices-using-intune.md | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index aec4fcb852..8226378386 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -117,17 +117,10 @@ Protecting authorized removable storage with Windows Defender Antivirus requires - If scheduled scans are used, then you need to disable the DisableRemovableDriveScanning (enabled by default) to scan the removable device during a full scan. Removable devices are scanned during a quick or custom scan regardless of the DisableRemovableDriveScanning setting. > [!NOTE] -> We recommend using the real-time protection for scanning (need to build this out.) +> We recommend using the real-time protection for scanning. -(I haven’t checked if there is an Intune setting or if we need to use the Defender CSP. – Justin can you look into this?). - - - -Protecting allowed removable storage with Windows Defender Antivirus requires . -If real-time protection is enabled, files are scanned before they are accessed and executed. -The scanning scope includes all files, including those on mounted removable devices such as USB drives. -You can optionally of a USB drive after it is mounted. -However, we recommend enabling real-time protection for improved scanning performance, especially for large storage devices. + ### Block untrusted and unsigned processes on USB peripherals From 661d08850789b7a23ff90402c6b0c91ff5d69886 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 13 Dec 2018 14:21:55 -0800 Subject: [PATCH 27/54] added custom profile image --- .../control-usb-devices-using-intune.md | 19 ++++-------------- .../custom-profile-prevent-device-ids.png | Bin 0 -> 19503 bytes 2 files changed, 4 insertions(+), 15 deletions(-) create mode 100644 windows/security/threat-protection/device-control/images/custom-profile-prevent-device-ids.png diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index 8226378386..3394754e8d 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -81,24 +81,13 @@ For more information about controlling USB devices, see the [Microsoft Secure bl ### Only allow installation and usage of specifically approved USB peripherals -Windows Defender ATP also allows you to only allow installation and usage of specific approved USB peripherals by creating a custom profile in Intune and configuring [DeviceInstallation policies](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation). +Windows Defender ATP also allows installation and usage of only specifically approved USB peripherals by creating a custom profile in Intune and configuring [DeviceInstallation policies](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation). -Peripherals that are allowed to be installed can be specified by their hardware ID or their compatible ID. +![Custom profile](images/custom-profile-prevent-device-ids.png) -Hardware IDs are the identifiers that provide the most exact match between a device and a driver package. The first string in the list of hardware IDs generally matches the make, model, and revision of the device. The other hardware IDs in the list match fewer details of the device. For example, a hardware ID might identify the make and model of the device but not the specific revision. This scheme allows Windows to use a driver for a different revision of the device if the driver for the correct revision is not available. +Instead of recommending a particular device ID to select, I would recommend we point the reader to the documentation on hardware identity . That has information about how the identities work overall and link to the common identifier structures (https://docs.microsoft.com/en-us/windows-hardware/drivers/install/device-identifier-formats). From there they can make an educated choice. One suggestion we can put, is to ensure to test the configuration prior to rolling it out to ensure it blocks and allows the devices expected. In testing, ideally various instances of the hardware should be used (i.e. two USB keys rather than only one example). -You can get the hardware ID of a USB device in Device Manager. Locate the USB under Disk drives: - -![Disk drives](images/device-manager-disk-drives.png) - -Right-click the name of the device, click **Properties** > **Details** and select **Hardware Ids** as the **Property**: - -![Hardware IDs](images/disk-drive-hardware-id.png) - -Compatible IDs are identifiers that Windows uses to select a device driver if the operating system cannot find a match with the device ID or any of the other hardware IDs. Compatible IDs are listed in the order of decreasing suitability. These strings are often generic. When a match is made using a compatible ID, you might only the most basic functions of the device. - -> [!Note] -> Some physical devices create one or more logical devices when they are installed. Each logical device might handle part of the functionality of the physical device. For example, a multi-function device, such as an all-in-one scanner/fax/printer, might have a different device identification string for each function. You must allow or prevent all of the device identification strings for that device. +Peripherals that are allowed to be installed can be specified by their [hardware identity](https://docs.microsoft.com/windows-hardware/drivers/install/device-identification-strings). For a list of common identifier structures, see [Device Identifier Formats](https://docs.microsoft.com/en-us/windows-hardware/drivers/install/device-identifier-formats). Test the configuration prior to rolling it out to ensure it blocks and allows the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one. For a SyncML example that allows installation of specific device IDs, see [DeviceInstallation/AllowInstallationOfMatchingDeviceIDs CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-allowinstallationofmatchingdeviceids). To allow specific device classes, see [DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-allowinstallationofmatchingdevicesetupclasses). Allowing installation of specific devices requires also enabling [DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventinstallationofdevicesnotdescribedbyotherpolicysettings). diff --git a/windows/security/threat-protection/device-control/images/custom-profile-prevent-device-ids.png b/windows/security/threat-protection/device-control/images/custom-profile-prevent-device-ids.png new file mode 100644 index 0000000000000000000000000000000000000000..f3c3b59fb748c37c2b30c9e9ea9d701e5d6bb5dc GIT binary patch literal 19503 zcmd42cT`ht_a+=3R8$ZY!9o>5kS@K1@(9wT2}tiCB3)YO1e78my?5!-d#}<7y#xpl zklq538X%C&;dy_*cV^bieBZZb)|&PG!C{?1&e``q``*{Juf0#mI~BQmcd71zK%jdH z@^92ZpuZ+SAOh6wzkp9ZM{VX^xr44&r&FF+|-i&!SM1WIRQh?8}{t@ zx6e`~`8aO>@ta+atg^A={z6-rbz?Qiv^%%PtXJJ4TIgq`fA+-R;BQ|#$AULAusfRY=K3YCldG+Pw#~Gq^K@rp zq#Jq^uDPc{PY41%2~41M1B|{Uiy#1jWTpNekGzov z-^1UnlhJZ(J{aWV4Vtb%;>Xj|(^5H0;nYGB$5~{7vXKmf5on(a?uM%0Q-xl>tL*jC zn-m}QAl=V)kHzWFda5(qE_xYGZ-6=$+<*HMb&kK8DL2kkKpaf#J1B_rG#*B!tX`p^ z_?;c=Pnahas0y-6X*liIMA~25WMVZ}IrndYIy#>;qVC7CN3zA@1-bFLYlOLH3DgM^?8lU{D{8{>5zpJ9eu z?BEQ&X1UB=GVjyCQHdW!!9T&bSi!I#^gg(pwm-sGW3gGpAitZA+Az}bQZZ6Z=WqV7 zhJ_B^TfLmR3p6!d5E;f}iB0+_9LE29|p0G-ifYa?W>)a5)kjGl^MR zD!gsqemr38bTjy*4U5MA01K-iqTA;kv3aAo9!z7~Tik=F`T1h|`nt|5*XPPr7atoT<-k|Yd1Bk=MbCe}ck4=Zv7_#8IUHQ(nTk@ju zYAU5%LFjyhA92Vwr5`$f}UN`s;&*KFOCJzT1iWi6fK6^S)5i;SlU!px;0D?Gej( z+x1^W^tQNw?GJ=;w53#x5|_i=6M|6YPLD$dywCS{kOr3KEpPPiUX~M6NehIU*JvjG zgnL2Eo!jaJE9oJf%7ZNT{WW|t9O;V-4ZFK^;|}7dCyr+})}#ig_CtHI6-OpLD*BNsXBJ`fv8JEE{DIJfQ!`beD{E{2kE##Ka zr8Gr{NsfqU=&Ky<67Wh++mWIF*^hEqguU|p!C2`y+MQEHYD}|akBARm_RKW;jFCDV z{mupVjRm(8YTKvz%rrukp(jXEUUHKF)KL;{3{k=vBDUEh5ec+~J7>R*m+nY*BpZ4N zd($&rKDWEne^u1Z%73M7REhc~@cPm<=J%;HJ=r;_F63LQ>P08xRh;$rovUc|qrvv9 zePBg zw}tLm^xmw)jqIS;mcqg<m8^ zoXd$G7SWf)HE6Fb1r3=1$#;#LbgZdEZUWvP@I5nf?NGeDD9te5v}8j5oGw zwKI@7)`nD-Es}6IOE-b`0Q1^&*YC_HOeY~%a{raeQu}hdanvB`l}(S9kD5t~gX`+@ zM;WypR`AeV)}K$f_zyecz}{VX>^AH{u>_Zg3cGYffIz~9A9W$`mxexV`GVJw+8Jjj zf9j(%+cvw}FZESh4(*Td15ViRVrnwqZai`eeSQ<)UWzV$dH3q|Hkw2cI^>KEf9$(i z?<-QWg0nwvzZ7znrsc6ZHw=Ft{zs7m1gaUTLIJpt%SkhyZ6&l?BY}PyW7kOv?8rsiI2*vtwU!jMU}*_PD{HZHFv%bYUj{P2U>aVjx?eEys&ppZI+? z$C&TA3e2#LNSB6v0h|0TGoI!`7Y?FRYEdf|s}$m~pmb7DhXVgIP8hx?u7Xvg9HAjmmtLuMoc944P6+y3_5Bb@ ziXkB-Tbhc%s}QbV@*A*cr-@eY4)Cx-V}o`$l=Z)*a**e7=9$kwb$eHulZ*=N6L`L%Rpz(PM>XDTssbcRIO`=C1nK}1S!~owLhS|IP zGlgzH8kIP&Z$BS)XtTujIb9}}U7GBkI}G}_;5KILy-_>GxU(?smSYFsb61fw7Th1@ zJGj6>hk*k^V~@SV8RJ6&=vA^dzIUc=H4@*x*?vNAbnZ`cDLpTl@S9BHoKXa)4Owis z2!HI;(OA%ql{AL-&_hoVt@yR#rNpo8n`Da#zoEFW`n5AgS!JCp-^S>K+G z#rJXV;+8PM4zPpvll7U*?^t864Y*tzq>COeISR$**yHg(=G$8&ojB0&+6FxSa2t&) zcf@CUK+xKm7a25{hVA%>8~AhXZ5)2#u`3>mrf=cw!yjn3 zAGe(k$8&GLILPAOd2xVgyvjV^!AN2Z8klf>HbS`6VpF`f(d^YsTL~85LBE5;KX6mH z^a36du`wAIdX|jtAEZ|-AQ|uvP^eIfHc#eK@b=3Ur^n#yGXN7D6T34V69a5zBP`5~ z@f$)u9njM$3=U)2g~QkHa^p7-V%%}m+&E&u!nAq(68aSX8*qsG0v`W)FQ`Qgr?c1u zMH)`vbDMMVYQRb{?B!R!Elj?<$=WlkFRr?emM$>mTR1$bZr`}=gA<2wTfqtrzgsLs z-~5Ox1dnYLKhGZYHvo}yJpM{E7|77)6y0BG@X85sX3`k7=5*NSECXs~Z*o7Q# zzlGXITa2uUnKXlWFCXWUMJc||pvCEAFdr&K6MD4CSBTlH>12Qb%T!-LIYwDM^alLJ z8kux5%$zt>Yeew!FwTDZL1hJdWv6HLtanuC6$;tCJD>;0ZbE?fw=IoHE&5dP$0Olx zP~Y?6%+?zG5!h|t;QU~8O~-TbELJj}5Q-vPJ8|gQu*=JM>)POKS1x zq*cjq?2C0mR)LQNQ*Q(X7c)^pxfr+aZCI;W>!fz=vu5 z;+Vjx=K@467EG_8J3>Eri^=^WGB?dnGNCz2DeW>kt~psUV?Hw1z*pjLE_uMr;>cVv z8*e``A7BYa$C0@UahH_~`AqJIa))p?C>@OS4p4nRp}3|6PwxEh9$&?rcu97JJ?1td zKDb+7O7IQ>VvJTjeEnV%WS8P$M*2LF~AIE*H}2TD?OO3g-r5(q4a z{LbYN1RQr@q@bh7DncFdI9kxg(f}7&P-{O;?_OW+9$ce9rPLM``0-h5x`YWAaQP%C zOD$^FsI|IE?Xr3U7NN52SPzRpB9XPVwS2u77Z;`a^_{Q&Mi7`hNSmrMKbcC`IE7zj z1hc;q%sqVx``)Y$v9+^H7x$XhrrsP$KO)MAV`R9^LU(P9oBAMWWqlUBw-=TU-y74o zeKW{+vWtRB22ojGxzfg%txld^(Nv08x)LeVfhlFagUOpdcuS(~i~?u*YletVL(Uyk zzm3BxS8UZd#SQZ6pG&n&mq-Jh%fbX6)B^6t(L1*Z&O~6X0uCejb(o(y}(Z^463=}N$Jg|tO zNrTL+>Xs7c=AD_3QB}!p6otgyL8{S-wgq8fFBnQ{&EyN^QtG^_LT=3YKp2%RG0IlL zFBQPbvw7W=gz3XV)r3d8wQgmSEmuZ`B6QH@Ut=ll{EK2Z>*@{i1SB8SWbM_UFP=5KZ*agk2T3m*^6PtHJv<3C~oKu$C?U&yvOhlY?q}l9@ z^1PTbnQ~$AVxpLMK!SzenIq-~hqBLT>0Q)pCV@Gn(%#ZrcJ@FBtDBdtD zO`()adOHCuW8QF;xsA=B+)6;|fE#!rQ1@W`942^2-SWWiyGu<%_9|uOk!a)7I`xkN zHeNkJ(iyyRmio!V(*q@kvI3SyS)<)dJz9j14fiJak4%;R8e+h+us$wZd_1=yCt3!@ zOKpX|1Ygwb)9;VOdLAivUv=7U%_Mody{vZ8Q?M-Te)JSsB^^rc>;Guc5f*Xm&KKFD zmu9)SD}&;~Y-sR=Pusdsz8@X0JNJ|4a~SoxVLrJwB*L5)QH2N{dM%FRoOM1Jw8 zExZ+)|6yvqrW~sKd;hIW5dLWdwS&=VVE@DB@OGlKDszI__NLX6)yTY!C~~G7%iUmE z1cM<`4icRCB;%`5g#B>pSz7oncz2svmTHhj@1dH(t-!8DT6e)zaZ)`mt6R*mu{B4o z5M4ow7<|b5w33OD!J@umd~mr)5&bqmmmhWEaJY?)d_4QxJXF*dz^7qo=MGUbM3!pJ zMV2L<@aQ>E(oj&54YN7IMuZ&HKwTd8xArytnKlVtZQ zKi|;^K3DW)&QD8Xs+l}}(bPCtR46j&Mw_Il{`m|hZKUoo+g{vtofEqmU=dOnkB^L@ zEVd`J$I*>@L0@NWu%RRF2KoKNTD%XMeYEGcVZD%%WDRQ<$6GJ%DCMwfnoLuCbdhQ! zjCo1@fKRizM5t7Qne*<@J!22~;R7I+g3Cx@q$UbV`Vf;}@`%@P|3JqB1W{Sbh5V-) zAf+mPsmd|FGQ2&0CEIN}i|)BW7=O#VoKP|7UnyCUIZkkjMu#howj<^T3iJy9672Wl zHIQI&YX5wfu;VfZF#X2A)A>1*t+nS&ZkmL!^nf^JKYU#AI0Rf2~ zWWw}+_t+sXK?ov#zEF1yK!@*dBnG(KFAu3fuloLN;Gmo+Kgfh@z%CS6`K@a(qPHNb zU;+xLq4tOR5R_d>8e6G-a2A1WIh`*-eOG*V>(~v_YplVgZ&h_o6SR>$tvXKn@}8w@ z<|!77P2@71TUapA*9Sv!mq2Q`hNdTvfJ*!t_e{4iO#9Z$Jl=@P=4P+`g+@MFFc{46 z7janCKOU`ssbE+bjrNb1C>@moO{5IVWlL>sn|1d7*gd8rJ^CIspL^S9&b;muAxyc< ze$z1d4y};GqL|ldNjYEcSp#Hm?&6}!;jUGXFh_n@94+{<@7|2BolkL*V_yBFP*ZEE zD9!}u zT!PD#T*%x?j~k1_2w84e$T3K4?~dz`#ku-VD!rG)*CMs4l6JC{GKrMFB|e5{IjOY% z`aM@`lhyVu_wXmKV|^k|k%5YM>%K)WJ6#>umK%jsWYR_!SlPmf#trjJ^6}ChK?2S7 zWou7Njhx3#pN;b03{=CUKrFu?6mSl6q1ZuG%0T&0W$ul6IEC(B4Rlrg z1Avr>xw)8;qDRqe-9+XOlno)dn~ii7lv3_nO++rMvtrXWa0<6vvg0R4wB^PP75k~K zI2Qwsj|Hg&>1j!MpArZ6tZ4FrzWzY=6b|sPcLu`4RbP#B3_ndK&~8-PQT6zHJeluvJdYa{ z)p&Dtf0SqaTe|+*Xt*_ELCNb>X~ik@>1Su};uJ#x0+Q7?iL?ov83Pg z)}Gs${!p5yzgQ~O?CIo*R#Z>854p!@xdZ6<#)*3gv;c{lUs}RM>%0N(x6UXccG}f0 z73_0)8p%}Z??idDRsKcUfG0*Va6e#{W9F43v#b?g7$FkT6GT9=(han8lntZ5%NK>d zGi#t{jZZOmcAgX(%@A*HZl+$TNXq8`7s)xfUv3!N6lNTrJ1*c&%JPNRrI96bK6Al^ zGPoj1iy2w`-$_O!->kV`j~8RvH$YErS@g~Bn;{r-4~3z)7H)wUfSjfZIRxG2DA|TZ zTtss$FbYY!)IQDZJ8j_M<2Citf4tz&PAJtNKK(9MCgo#k6-fp4VPA~5_zZK3APw4J zj9y*9W=*NHtX$+$hsSWq&y3X1^d02;9-!_%nq$qLxH}QAS^`^JYpp4$2Mh;Y z=evA%@J74@MtObm>kdfAqu#7tz6 z6f_w4pEUm8nN#u_dj28q{~drZWUeI|`|3(efL_)AI{_1RNZtNd6#?>#2EOxu=g6qr zj^P7Jm6h82<)7!N03W;}{|Cd6soKVyJzG2ss?5#TM+)Je7wTF)VLC`sWCXQ7VwPBW@Lv45+dcp#$36O@^%-nFj@g4| zN$+TjELYb4L01)PL}ja|rA5w}rM98gl*LzSbi(aI-k-N}wP_68l+++=ruFY_6Qq@a z2(_`XvHX5=a-v^vA85+KdtFDNa}#Kb3-;5h%J(s1dVnZmqU!o}`mf?*BuguC%wIXE zM5AP@onVPzHZU_OoXfDuuTJEVIpqiv6QAIO}%jsoww`; z(%G3TW4zdtc(9a)vHW)9hn!$!Zue$+nCtO9*S08)qQy+zNw?ktA>+wynv?Gzmw_ET zf1yn3GdlS?3vYcV(M1AA8{sg06s8+n-lgTIn=@o^1LL4qQeGZR-qpAf5LDgR_*AMg zDZ&VnyE|y`DZ(2n5)vqtv_<)M#qM7#L3Do~kUaU%6ORTI+FjXaj#pqk9BcCy!rHo1KCsvBbS0fqX z)YtYIK-LBajehzYX}T^wnSd`KJ4)*K4+x#3#1OQlkR=g}{RaK!&XVh@p{i$}XZt6j zOijEBDQme{b=PnJq|naq#-J+L#;3^DaYkBu$w&;iU-I`7H!}=j{F=T ztMBjz>yBHM&5ji&X0@Ws{#E9=#=h7vo0bOK&Xbu^{F zK0+lrnD~%9+APm`d1!siEsUtMcjsQ@IH4IjZxP$c7SF>?Eb|toTvG}j&9;b0_h$+| zl|z-)mM_SSz|XpDg{VA-Otl~z29Ew0O2AEp^p(JTKCBa5n;L5`=C@bO6mHv;K2hI^ z&R4$LsG*vaHqIzU#idE!*sJwjHxn&yb-r5O!@M0nI3p$t;(|pO9YRutB>Aq8T?^*r zf_wY@#%Mhrfme!@U31?E_mUNUa?r4XbNg_%!JCYgKO(dsQ;F7X8QC;y1`eLO&HFCD zb1CZdBagc8xlO4&%H=5f#$TF2GM6rC2C)(%PdqRkrhUXI&LzZ>%O_*={3$6uRH~Yk z!+ys|`Meu8A%l&+Ffd^*8~X0BP%XSb4_J|;yP$J&>bSe27`p8es}ruf17 zf$aWRhwyx_hfGSuJ`AXq9tk#3u^}>9fG&L7!?0a>3ptN*mvYT$t{H27<=V%l5d*Em z#MRu%lTW_y(aa{kCQ~Xi`?6in==s4Ju_jtfQ=Fh;W$Pfu^*nGstpYnnNdlfqMz4hz zKY!!g6F8_eTrCh>8b9=z)&w(_LPg1%Mo}vLF;Xx`T#$7qmaX$mWwhs*B5RRy!KY?f z;8vwIt=I~}l+Kdb?*oSu0uPP%izpo?<5(vb_NQomzAmky6I&VO8x!^=OBCSn8bwFzIpNt?-WmoPn6pm0b>Vu}N96)I-LsmDL>+`6xm zk`fE9)6G>Sga@zYU`>oHb>bujK3;^AgA_h>}OC^$@DFE^&9y^A@ey9*I*J>-U%VGCX3)>`AIpm*R)xvD8>ASCYa5f;*7QER_GDR zyOnFw@`tmbihMrb?%5N2r<0FAZ>diXojA#1TEZ%=!El_?;^$AEP057ecNklFvU!;K z!pb&Wssms4B*bqsOS;kV zVUN}URJ!O2>2ct;i+W_t?Qz7NQy`+&?*^wI7zj8TvMRv zup~H)*pQyojd_D3Vo=*ePsj7y}TE*URo6q-9z_(u}ZY?>@W?k|{Zf;GB zrPiBZ-YKI7A6|SAw%{1eCAk~yK?E^F?0i3K^stU2)EJ}SLYL;jx@KtLkuE?5%rXKf z4crpBfY7iC)XUzP<|0bEkTtM^2erCpH3LJBWRRF?z2 zZ12Z03x=Hbsh(+n4K}0=`rcgcw^!T#p&3csTy8cyT+31zy*`pNtIuHxUUf`GU?d&LKnl@-Mgess$Aox03@U|No$w=t6FI5{oX}vmog)bRtErUm?@E z^*knyT$Xdwhq12C*#>}6$6hW$PQ`i6Z-w6j`idh3OXW_KbH-#5Bl>%hdDb;OUirMV z2O|AJ8I)8&)TBj)xP%WU-TF^;;eWxA|1GjeNeqm7TWd>9T(eYxdhSMLfTmpw>i->U z{XY@%|M$N8zmWfDpqTalN}c~hPB~Oah;;b`>M)3z2bvBQB-g6Se_c0AGip|+(b-yn zW~NSCHC{{bwDbO}$bXcVSUres`Jyi3B~CZCD(5A?!BeNt+khbNWbF#(&(|pDuK=pf z($Z3Z2On*YI@sIqqfh|^9K!zt8>Z^ZrFz-UU*} zKkWwvKn!0D(xRqjcbn6cs(wZsI2qqcysG{ylzgC!Tj9Z z-N4>tzSPuIK<&934#*#mvJS6{CZLlM!U?WBNu{~?u0lkqZ_0GxN2YqY2S3~5w!Zl= z>r_x{_1iQ_cxR45VSjwEl&Puq_i!^=G}Zp7778O`zu3Z>zPq~%G!}-=k2Zan9!&ug zNk&Wxqj2@liK&fj1i!ab{c6#x}L@TD}DBW zpQ&nb>{ee4Yy#dl@_jSEKK-`GAqdgP4>SM?dK3ytQLW6YV{P9%j|s)p34b?1sW znLv17YXT)RM<%fNcT_HAT`ShkkK(2eV?nv_{3-Hv_@C;0J?zTj4i>W6k_pB+(x#IG@iM-s@b zeiHwkzVPqd`Q=}7DkveqJEk4i%snWV0<=QdhSf^Kt3_;897Wm0fDw$|AIyA!NKg*J(7y0Y-VN_Jbxn` zk2Z#ZB$z1<2x~QMZCvT5Pe6WopMn2`Yq+T(v^Txzki2G2raZe)W0i#ZDLp2=y@+{_JV8*HPUihRHM-g#{5FZ*ItIMyVIOlWm2ns zGp<>BG%}zTweG-TwwYET-4u-;?*h`_@9T27()27oK8y|mirvV&oZ-0NT zYIUK}nE@Duy6MK-Ht+aMpDAhX7Yr%VP>&k(Pf|Tuqd1Lxe-ZEw1bRec5uB(PQY1Cz z|LFn<*-+c3F+jUd#OoB*X5K!}AoUUiB95qH{8sy>h(^k|=+WWdB;r3%pAw(ezS9*} zw>wh-P@qFS8}-dQFDi^!|I^O}UICe>F~w0$blaBrs61Urt_pA)S_`@Cyf6LmFQv3K zQ{V1sKpI3&8k@-mf6XX#mi0tj#_CLILg5QRky!S6M`zn?|^;1v5TA63D?n_?dN zU>wWB1xWte)O0`>jP&fL9;jpD2dV*^TTu}oTq<(5+X(^<22`0F0o`W+tj@nkla6Fc zwzs#__X2*u`+v6;@_*WVVQE6?{D)?CEsyO`(!~-AZ(H>JH+_GA%Op9A>D)YblxWWHP3&xxPEqWWwB8~xC^hu#ZTN@LUq=_3Q((5P>_IzV5Ss3^Mb3;vF zj>CdsxLlG%_k6t7>7Tabu3OFFh!#$_y;WUKvFWN{r>SBYmYq8TiJ!PeiRJ$6t1jJ@ z1IA+fKB_|~=*2N=5@%hX94e0NI=@Pdo_uCeYu7J=yV*{*wDTFbUvOJ~kL&3Q@GPr~ z)bOO~ImVVNA2C~>-v2;KjS}49w8H*zP;3>qiqs&CBi^kdDis|Dd)QX%GJS~V9{2<9 zy`8(^zNUzVnz;$ou!3(1V5_8++G;&dlwEz5g{fPU>GqkZ(9^c|0ku|(OHa$ht`hlV zVJoImHv7v0)&V4)Usgg?sJh zB+AwiVWSd%D!J1<-Lb7%fG^+4v4KNX^^crw!Rx|zeLRWZN*N2mqQ|-xKJH@u22v)r zcF5y`hHf-hF1kBorrH*GtGxs(n>hP=lBkEp=ZoQ6A9!clz#fF`)bmaTX;KuTNBM8+ z%Ukc=`;_ibyTD+TF|trKi5ha-sX&_BYG2KLSFcmyHBCISOfJ~4o6=C`3lh-gZ{`iY z2cbR{u1qgI+KT$I?<7-@Poi!)YoW(L5@7#$g}>Sh{?1Vl`C{@dtj8)6+tM9jre{g5 zHtxV8A2ITL+xybYG~w0WzER}|pq^3~W+;EWG@P~)-f>sxHzB4aXWeR$R zB8*G7tPe~DkPVK_9=2IO}H!Kwv7sC z=W}4wxO}UUmUP`|XC4+AH8=cj!rt5?L=5G(R312~#pqA+ixCE<81J4D{r;*Tb4m z(3pFg|9~f!JQ<509{Q*>t=Buq_)&YK;uqI=bK0(5Bt)P-QBW;BKiAV_VzXyL2@c(n z5=u#`XnV2yAU!j+r%A=@AgxT?2$EXTWFWRop|SqTtLLvnXpGb9@L-nD<_MsR9{f4= z%F_rsi=H@8(u8dFm3qUT3`e>h5S&bYot;0wEtJFN>9DnM+cVqHw&&&!O>B=)9I z9`E;lG4-cgl}~qn;Au)pPNiakVU&WvvLX&VrMrfgQ#FwyX0>0tv zVTcJvZj@G~r6#fCy4H!^(Dq;gTLO1g)8hV(a-BB?Jz5!2Qp_meQC$mbccpho@Zw~J zd|U>ts-AS`6WHPu>30y4PdjMHRzcNy7P~~>Yn*Visy)q&YzyV=D(>e{V9hjoUbij$ zJ%4P-h;rgfm4O1yp80$E0-`*xN60B?d5Z-U8e3~l%h?5F4>SInTz2Yt-R$qlN91$Q zfO$sTs!`fzL|HNKYlQIV$c#CZyk|hBb-*@)?Po@gopUSYZUav&%l9=yL|4$odsNd1 z0T7RMk8{P3?enQ#ro^bZjV)xTairBFn?JO|#bn~m*-FcatX`c!SlnfxmC3>}jMuA^ zwcw9 zX99x{lRqB~NT0tsQp?KFuNk~a82)l3M|p;QG0u~)XByV9amxiM)^7VkW+G!?13qR>)jgdALNa$>mz{+@N|x>%z3% z%wn?UN>o6wW{HW{YYzps)0e$;95?(JGr(%a4~^4mz#T2TKaBPa)cRch>B#*c97Pa{hz9W_YeTTV5;^Si?a5Z8Io-LByH=mq;Gd& zC!dH664&C&Limetoa)ECZcbyar7cTmnIEhRr6%;%r2CbAf@ud7 z<&_iBvlR3tsoJYNWSGVtIteG*Dih<=c0-CV6zDy3-KcTm{AyamHk*<~g^{o`-t ziJtkJQEwC61HDvllh;&|bu}b~_U)B; z{ge2F%CM=;^`fh6C?uS2;<(2LZGKU|snSaeiOWE+*Um zE#0_gV}Ke!2#n-_I{vxL|AMjn0A9ej0AF@p*%4fXd3gn6=O@S*aE4S>?|?V3XxSV(DR$M*H_b|3zPaBIlqBC#rc=-?CitgSF{!pr7s!k!4vQz_E+I&>oG((x}TOl<1MBcdht z7aF8!;}C}-*AcxA`9ICH>zqpZI3sf$e$|uZuFwx}ou!MRz2R=RPSTz=ij?VvJ9}); z(JcnmcXxRoith=VL>!v-G{$4^Dd8^haIQL?y&o*FS67}%%+0;Oz-To)#{SI@O9M58 z)$wC{(n=Ncni)xW{BimRL4PvVj2hGKfC3jtrpl4BExq8@&vg38>V~x8SfNQxyV1eI zu)Q^mZ1a)!d#um92aB;{pTgI-1=Y}AcR1()?n|o!dGD4n%{jdgbUZTCpcYD@vDqK% znwwK;puUK6*(Eu*xkLsD}QLkVX}*_oYw#n@RD1VXY6R2V zd|XQSF~w@5D=AmbW|>XZfYZwUkq$FpTuL@dUWm(!Fcz%Zw!JwY1;H9Q?>ea~k&4u{ zlogR{57(S~nm<(dY+SP8kP*T)M#qZTUEgc)a5SLi`6|92$y+lY=+f)Otdu7r)H(>C zx9j%k@dlS4WgN3qixmCvjHnwvs?w30J) z7WvxQtG7Ea#~NEI(xHBhko*>M4Xy){UiM;*d6v$^uc*TY6FT-VXy~100w#9h_kA)Xf`E!N2m}lQ_TWXLEmN3J#8o$#C zxiKHAKA!%dwP^Xw$7h*S#yx&?kI`+5ZjW^Gja^>F;>#|ju|H<^&Ykc1i~keh1dX+x zvT@PV(`-CCLPf?2#vsI#DA)vsXR7t`;0{Y~j{d30?s=8)*BcJdq~KCW=GGU=lz?u> z0FO=W^?;-{Y}i$k7%VbMfqqf(9Y|aJ7Kr72{+_)7Q2tpc-}n(5-&JJytO>wthiOTFDqfp zO=$fGY8*LUFIQ@FoPF731g=qw)oD_Nf3W2xhlVlduUVN`v>VP=R){#Jj__pIBo^ew`?kl%Yy&?dD>ro3zKC{|dZI8@w zqe8lO;aze~7E6eTVYs}AZCBe1pDTsv7q4t~vy$WR?JUc~2kIaBs(%nbem}wMr!AkP zzmYqUI2n%S5n{rZEp4l-k{`KFev9i8M9tKdOGf)mX@8)Y6AW|RxWyBA>197sC`@KC zJuS_*{bRQQHNxLfMtfAFmHEJ#T((&VrFV;^g|a$o0`5_ZJlk2n^=jEbm_k!WjbLIVAv_|i|asuP@Wx9rO=IA`t32exNh1Wdg#g{wMeetTD z)|jB!?fq6--wz^&?2f(^|E0aLFhOI_b8^9@Bq29HZ=Dfm#!9Odu&G?MkVQ{q!~mC}pvuPi zuQQfamBr|RdA;n($ExFLMGpzF7s%H}Ro@;!XvOW3ly=r4g4m)*wF9CCr~KCXJxxu2 zBSP8FDxB&CrP=F|`=_!aR2D4myh8Yf#3q~IE3qQ zgK%C)eu8;5H(3AuaEzfiz8tGuu1s6jD66gLg$!vfgga#FHys#F8R)n@O)YCBdpPbb z1f$7jd8^zw^WtxSR}v0JtiX29-Pen?%HPtzGp=CGABkq!m6tPb)N|A3iv4i%bX73d z!i|X?n~(aDM0dCz?pn8TA+7UBby4L#)lXWVE7_dl>WI4dy~(_4PiRH4Qz^+WPS zIL`tzs$t0+y3cFqMK7bYi`=p=daAjNa&5e>u0yLB4Tny%Au|S;BDnoh@vqYqB_5Fv zTBx=+ZvJNsY@T_1c0U&*GfnD@IhXS^?wU1|M(nlu7LTx|*s#;y{spgb3bjiXsqGbI zwG$~7@?r6!VYd`sPY`$p4gA0n_*i4l557lsXV7T-*ygQwdavrwx+&e_1y}o-UzNxi z!*@ure$(LMGxo~bc;uH-STNu8RNSy zF2Z@4qW4v7&D#PR>7EwJdVl80YxIRD*H6}C+I*$K#j$Lbx<2d>^?6f~eXiZSp273s za6t%s>urjNr)Tq=qbD~9{2v4P^Mh#FAOG2_&x!?E2* zRiCf-*t$!%8Q3(bEAHrdHY3Sp$&baCazZC1HSSoKcg|$?sn0%Zj|s&U_ANZm+1*(b zw>th;*G)^e8!wMG%njx<*=AM9DV%@b!q{35pWpJL|KQa-YQ37@A4fgg<5js(D>uSt%IB!Rm!7AK-{uRt(KIi3LUPO8IG!7p zPaTq1f90Gae5ix%=n~BX@zd=Noq2Vn^j@RWZ{9bx(cD6&nqL!5FTJ!|bFS!Yx$}|E ztG9z)=W2kO)Z5-1C`hZZ&YB#3@v#Jet&f&CBLSRN>&xu@Y$|`<;<-uK-HHDu+go4T6e8Q*3hr^wkOhwNpKgHk zzKQE)S~Vwz<%EXWCq%Jlg^udLg16toxzI31>6c`|t-c-HF^m>aie zRd|ID-vi**2H>og4=9Z3z4eKHHiD Date: Thu, 13 Dec 2018 14:46:34 -0800 Subject: [PATCH 28/54] feedback from Luke and Jody --- .../device-control/control-usb-devices-using-intune.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index 3394754e8d..ced5704771 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -48,10 +48,11 @@ For more information about controlling USB devices, see the [Microsoft Secure bl | Control | Description | |----------|-------------| | [Block installation and usage of removable USB storage](#block-installation-and-usage-of-removable-USB-storage) | Users cannot install and cannot use removable USB storage | -| [Only allow installation and usage of specific approved USB peripherals](#only-allow-installation-and-usage-of-specifically-approved-usb-peripherals) | Users can only install and use approved peripherals that report specific USB properties in their firmware | +| [Only allow installation and usage of specifically approved USB peripherals](#only-allow-installation-and-usage-of-specifically-approved-usb-peripherals) | Users can only install and use approved peripherals that report specific USB properties in their firmware | +| [Prevent installation of specifically prohibited USB peripherals](#prevent-installation-of-specifically-prohibited-usb-peripherals) | Users can't install or use prohibited peripherals that report specific USB properties in their firmware | > [!Note] -> Because unauthorized USB peripherals can have firmware that spoofs its USB properties, we recommend only allowing specifically approved USB peripherals and limiting the users that can access them. +> Because an unauthorized USB peripheral can have firmware that spoofs its USB properties, we recommend only allowing specifically approved USB peripherals and limiting the users that can access them. ### Block installation and usage of removable USB storage @@ -92,6 +93,8 @@ Peripherals that are allowed to be installed can be specified by their [hardware For a SyncML example that allows installation of specific device IDs, see [DeviceInstallation/AllowInstallationOfMatchingDeviceIDs CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-allowinstallationofmatchingdeviceids). To allow specific device classes, see [DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-allowinstallationofmatchingdevicesetupclasses). Allowing installation of specific devices requires also enabling [DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventinstallationofdevicesnotdescribedbyotherpolicysettings). +### Prevent installation of specifically prohibited USB peripherals + For a SyncML example that prevents installation of specific device IDs, see [DeviceInstallation/PreventInstallationOfMatchingDeviceIDs CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventinstallationofmatchingdeviceids). To prevent specific device classes, see [DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventinstallationofmatchingdevicesetupclasses). ## Protect against threats on removable USB storage From a322c4264868c8830652102e4ab27f4508c60eb7 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 13 Dec 2018 15:23:37 -0800 Subject: [PATCH 29/54] edits --- .../device-control/control-usb-devices-using-intune.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index ced5704771..e83c6f10e6 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -47,7 +47,7 @@ For more information about controlling USB devices, see the [Microsoft Secure bl | Control | Description | |----------|-------------| -| [Block installation and usage of removable USB storage](#block-installation-and-usage-of-removable-USB-storage) | Users cannot install and cannot use removable USB storage | +| [Block installation and usage of removable USB storage](#block-installation-and-usage-of-removable-USB-storage) | Users can't install or use removable USB storage | | [Only allow installation and usage of specifically approved USB peripherals](#only-allow-installation-and-usage-of-specifically-approved-usb-peripherals) | Users can only install and use approved peripherals that report specific USB properties in their firmware | | [Prevent installation of specifically prohibited USB peripherals](#prevent-installation-of-specifically-prohibited-usb-peripherals) | Users can't install or use prohibited peripherals that report specific USB properties in their firmware | From 6311d86f893ae180d7e981a9192e69f352cdd8ea Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 13 Dec 2018 15:25:29 -0800 Subject: [PATCH 30/54] edits --- .../device-control/control-usb-devices-using-intune.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index e83c6f10e6..ca7a3d4c1a 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -86,8 +86,6 @@ Windows Defender ATP also allows installation and usage of only specifically app ![Custom profile](images/custom-profile-prevent-device-ids.png) -Instead of recommending a particular device ID to select, I would recommend we point the reader to the documentation on hardware identity . That has information about how the identities work overall and link to the common identifier structures (https://docs.microsoft.com/en-us/windows-hardware/drivers/install/device-identifier-formats). From there they can make an educated choice. One suggestion we can put, is to ensure to test the configuration prior to rolling it out to ensure it blocks and allows the devices expected. In testing, ideally various instances of the hardware should be used (i.e. two USB keys rather than only one example). - Peripherals that are allowed to be installed can be specified by their [hardware identity](https://docs.microsoft.com/windows-hardware/drivers/install/device-identification-strings). For a list of common identifier structures, see [Device Identifier Formats](https://docs.microsoft.com/en-us/windows-hardware/drivers/install/device-identifier-formats). Test the configuration prior to rolling it out to ensure it blocks and allows the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one. For a SyncML example that allows installation of specific device IDs, see [DeviceInstallation/AllowInstallationOfMatchingDeviceIDs CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-allowinstallationofmatchingdeviceids). To allow specific device classes, see [DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-allowinstallationofmatchingdevicesetupclasses). From 4aec6284493d8ae063aa00b6f475b00f93a3882b Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 13 Dec 2018 15:36:09 -0800 Subject: [PATCH 31/54] edits --- .../mdm/policy-csp-deviceinstallation.md | 29 ++++--------------- 1 file changed, 5 insertions(+), 24 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md index 702252a71e..e7358595a0 100644 --- a/windows/client-management/mdm/policy-csp-deviceinstallation.md +++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: MariciaAlforque -ms.date: 12/01/2018 +ms.date: 12/14/2018 --- # Policy CSP - DeviceInstallation @@ -86,11 +86,8 @@ If you enable this policy setting, Windows is allowed to install or update any d If you disable or do not configure this policy setting, and no other policy setting describes the device, the "Prevent installation of devices not described by other policy settings" policy setting determines whether the device can be installed. -For more information about hardware IDs and compatible IDs, see [Device Identification Strings](https://docs.microsoft.com/windows-hardware/drivers/install/device-identification-strings). +Peripherals can be specified by their [hardware identity](https://docs.microsoft.com/windows-hardware/drivers/install/device-identification-strings). For a list of common identifier structures, see [Device Identifier Formats](https://docs.microsoft.com/en-us/windows-hardware/drivers/install/device-identifier-formats). Test the configuration prior to rolling it out to ensure it allows the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one. -To get the hardware ID for a device, open Device Manager, right-click the name of the device and click **Properties**. On the **Details** tab, select **Hardware Ids** from the **Property** menu: - -![Hardware IDs](images/hardware-ids.png) > [!TIP] @@ -200,11 +197,8 @@ This setting allows device installation based on the serial number of a removabl If you disable or do not configure this policy setting, and no other policy setting describes the device, the "Prevent installation of devices not described by other policy settings" policy setting determines whether the device can be installed. -For a list of Class and ClassGUID entries for device setup classes, see [System-Defined Device Setup Classes Available to Vendors](https://docs.microsoft.com/windows-hardware/drivers/install/system-defined-device-setup-classes-available-to-vendors). +Peripherals can be specified by their [hardware identity](https://docs.microsoft.com/windows-hardware/drivers/install/device-identification-strings). For a list of common identifier structures, see [Device Identifier Formats](https://docs.microsoft.com/en-us/windows-hardware/drivers/install/device-identifier-formats). Test the configuration prior to rolling it out to ensure it allows the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one. -To get the ClassGUID for a device, open Device Manager, right-click the name of the device and click **Properties**. On the **Details** tab, select **Class GUID** from the **Property** menu: - -![Class GUIDs](images/class-guids.png) > [!TIP] @@ -461,15 +455,7 @@ If you enable this policy setting, Windows is prevented from installing a device If you disable or do not configure this policy setting, devices can be installed and updated as allowed or prevented by other policy settings. -For more information about hardware IDs and compatible IDs, see [Device Identification Strings](https://docs.microsoft.com/windows-hardware/drivers/install/device-identification-strings). - -You can get the hardware ID in Device Manager. For example, USB drives are listed under Disk drives: - -![Disk drives](images/device-manager-disk-drives.png) - -Right-click the name of the device, click **Properties** > **Details** and select **Hardware Ids** as the **Property**: - -![Hardware IDs](images/disk-drive-hardware-id.png) +Peripherals can be specified by their [hardware identity](https://docs.microsoft.com/windows-hardware/drivers/install/device-identification-strings). For a list of common identifier structures, see [Device Identifier Formats](https://docs.microsoft.com/en-us/windows-hardware/drivers/install/device-identifier-formats). Test the configuration prior to rolling it out to ensure it blocks the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one. > [!TIP] @@ -564,12 +550,7 @@ If you enable this policy setting, Windows is prevented from installing or updat If you disable or do not configure this policy setting, Windows can install and update devices as allowed or prevented by other policy settings. -For a list of Class and ClassGUID entries for device setup classes, see [System-Defined Device Setup Classes Available to Vendors](https://docs.microsoft.com/windows-hardware/drivers/install/system-defined-device-setup-classes-available-to-vendors). - -To get the ClassGUID for a device, open Device Manager, right-click the name of the device and click **Properties**. On the **Details** tab, select **Class GUID** from the **Property** menu: - -![Class GUIDs](images/class-guids.png) - +Peripherals can be specified by their [hardware identity](https://docs.microsoft.com/windows-hardware/drivers/install/device-identification-strings). For a list of common identifier structures, see [Device Identifier Formats](https://docs.microsoft.com/en-us/windows-hardware/drivers/install/device-identifier-formats). Test the configuration prior to rolling it out to ensure it blocks the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one. > [!TIP] From 9c27c9721531f4705e876ea6430999d49848efde Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 13 Dec 2018 15:53:13 -0800 Subject: [PATCH 32/54] added Ui for real-time scanning --- .../device-control/control-usb-devices-using-intune.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index ced5704771..9c27108af5 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -109,9 +109,9 @@ Protecting authorized removable storage with Windows Defender Antivirus requires - If scheduled scans are used, then you need to disable the DisableRemovableDriveScanning (enabled by default) to scan the removable device during a full scan. Removable devices are scanned during a quick or custom scan regardless of the DisableRemovableDriveScanning setting. > [!NOTE] -> We recommend using the real-time protection for scanning. +> We recommend enabling real-time monitoring for scanning. In Intune, you can enable real-time monitoring for Windows 10 in **Device Restrictions** > **Configure** > **Windows Defender Antivirus** > **Real-time monitoring**. - ### Block untrusted and unsigned processes on USB peripherals From b7b114616173d17cc0111926080abba4cb38c359 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 13 Dec 2018 16:33:29 -0800 Subject: [PATCH 33/54] added image --- .../images/custom-profile-allow-device-ids.png | Bin 0 -> 24773 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 windows/security/threat-protection/device-control/images/custom-profile-allow-device-ids.png diff --git a/windows/security/threat-protection/device-control/images/custom-profile-allow-device-ids.png b/windows/security/threat-protection/device-control/images/custom-profile-allow-device-ids.png new file mode 100644 index 0000000000000000000000000000000000000000..0c22517406f09076986a7f30ea98a3a76f3d4446 GIT binary patch literal 24773 zcmd42WmsF$_U@Z1rG?T$jRK_<_u>+y#ob-o;*#KQr4%UcP$W<&QY;h=PLbjS2^vT! z4uRmVXLav=@7>S+pXZ!??}u~F2PSKgurk-moO6u#_l_B+rXovx_xW8A2t+I|C#3-b zT^|I2uHo)n2ma!k%6km_y5^!GD*=KdDc69Ln^td?--1BpG55~j-vZ7F9p&_0Kp;}r zzdzTomeigg&^rTpskd65CU^{qr}h|Z^}_8VD2FNhWsVvo=ZE^E$BKj+q~&94O7I$< zBw_qVm0dAZF~VV2gws#>sCnj(<4V@dihSp=&1|~XJ6rae?-nEC=qD}@!VKQN<+Y|O ze1sFfEd2KIrVDn~zz61ch_%W}NQk9UMV|P-p!eCTyeg?46tlZHG_cDen=UsC1#abw zQb~4ps|s)=^+uMWFNG5U^cfVS&=&d7ofHIm`CN(uXbt}J_JkDDv2G^gH^b5Wt-&Hw z-@!x?VSF9*=Aj^ufQGb=jt&~4(uNx=-l|)90Zy2L8#h=Eq*+*TQ*2l-3{YQ$h28#8 z-gC88De69_rWitJV#b)_w>B+~t~f#|kbyvqX04xYZ7sc9A1`$eN^t38N0b;MIDCH5 zWQR!c$G-+=O}&(*z{CV>If3i8uFjnmUufg0x7IHQTKvrp_Z3^n#I2uR1ATNPV^I3i zwV;3fKI3TYx7_mbVUAvV$L~>8EsbTymox6ukln53tBat6(EfSVKDR5MzUgRz8qpfp z@n`z`PDj1JuTDjXDM6rp8pU73WonW{wpBals#gL|=wH|M1{@RHl_7^(13}!{wgW(!D3C zjtc}=r+WeecK%&h&w1)*=Yz#^Z;{_?D*yyKj-i%SfcCZ0|F6sWcXu`m~fP;Ige_U6e23R~% zXr2aYT$5~ zAAVM(akkN$yE8GeN>j8<+%4m3nq2#0Yi_J*83_(3 zU5K1+eEQ zy$l!-_gc%P??sbfq|@V#&J$kp^5#`p~y|pLOb@RF~FNGsRBT zhTX#e9~^;Yfe`NG&xHqN8KicL;$BPMkzoF=Pk_(f+Ub};K!tDJ=jX!ggICjd-83_$ zkud!h-!!&MPt0uko3;HZQ~m*77`_bs>%&m~&vC=n@ zX|{X~#6;QPj;}u$H%wvEe}$T&jv(ff8}3Y}@Hfx&ZJM`pfxVM#ixM&|911YKG$m;; zZFI6;FB`B;*fj86(62>-UM<*V(d|DcsX7AH03LO^d8G)4z(%p*somh zbI*C9cn9~()BB9UsUtZG@P>nFp8bx#b$^87WrhnrMOkJXG6UTmzBsQ} z$!m5$+7*wh7V|$3);(yGEQ5}gM^e~d1F131ls_-lDeb+~vu6k*gKT*2XDJVeE|fhn zvV3Blm!zn~jz5`?^4mJco|o1x@+>>_dOZcx3YOk*NV}gPuWS6wnz{DRCsw>xi}8-Q z|4G)-j37ICqq#~%{l0?L#_t`~e#eoKbtuKX@2*rV1G&#aZ_9yTR=>p$pXR8+O+oGxX4u+G=1CaAdhiiR(?U1Cm?|&zskY)AeNj6SM`4KA(d+5HoBp# z#)E}#nRDgnLVE`UA|la$;f{Cs<+M92Gnj08NzK#wp>q~eF*}pGyCH6pZK~kEBeT{| zq5OE(Yj)6gcExLZLi{`s=4!;>71^&Pe$u*tWwiFGL0lT@X^j-bN7$vc6f8u=EL3}3 z{_3FUnR^C1x(sMJ;Pc!UxvD%<5=RaMhz%YtBm#Gld|$x7!m0WNO`3hX;L1oid412q z@2u2N(-!x3J}egl&^tqY31Zo+>(L=0Ass!(e{=&%*Wc&Ck5le9bg##dOohrp{a0hW zn-@%#j^{)s>(7RqE{4|3W?9_aX>jO%%R)>VqXo$eWlGWG&dRGCY85v@7#+DQU%KF{ zT8)VyVeA9l65qAj{($XKjf?Ft(N3&n*V4;FLOm|XnkKd2v<>z7dAj#pt~@DwRG}Rz z-LAzD{=Hxw-k@^XWPt~}GXoJ@ndN!mAD8lXt=Ag{a>=2XoxT=uS(sx&4!u}pQf%erM^mk3ifSZ+#mD)0JuOThV<=~(}>(up16;$19z zdU}eHM41adKXu0z8{#pUmv+!F6Apof+cQ z=|uBPjb`?bw~oY|LbrORwYnm_D1ZB!hU##;G!sjBQr-f6B>F(=#Aez&gS-ZOi7bRX zw^z=9(GKFKK?CjZtN%&cjp^JP8~1nk4g>yO=y|TSq;3aXE6V;!f$k8P8nVr)V))>j z=}`-t5C6UXWO#_I$EoSz9z5g3x;dyPdIpBP(s9{CEQ3)%2BjPH0J4fc3B{!k$j@qt zD~%1=;zm6(U9Bi7Cd7A=VXobum~~ArKFD^0UKSS$_%V7dGOLO_64VK&+r#2{Fxre; zeO0eOpl4c)RFDnd{cOg3UzE?F_?6*ooxEr{HsrphB~oh|;bVIUixE3PDhn7xR;r?? zI8BT%OLwn@Qov7^bX%&AAYif&xc=0qQ#~i97ezd&wp*|9dqYO?dB z+kQM9GgO^fZ(OZ$`5G40L#$a!S0Pd-#{gRjytn~U^Ht$TPuBUJ8S17G)Ia4&6LKk{ z5LPTbO4L%D+<^AG43 zRiU|;gBp3J``UyrMoA9R_?KUIspRLEg*DlSK0*d(UZ^nX!!SUrsRsyo45A5Z^r< zLPVK~d^IpLpS(TlgKJjULMUh2&+HbuZ$C9P8S?10cjrhPK_DhEMheKWuyVZXow;If zPG@h;eQPz-_7Hs@?YY^r4#T;JK~UBm>Fa@xGAKNuko)hiar7!i3C}+i9Z;do7v!^Z z2UYT}XEYny0N0XZ#MICPc8rm7P zqcD_(f>JR`+Jz6Zdfu!vpcx&|k z>h+kpPsqc@?RVU99xR{?!)-|q2MLPAgjweo(v<{C2*}oU4Gk+<^L*Znkf$KD9WWI< zk#A^{|BemZT>TnPc^J2W|GATZnwa0Uk*o5+Y9{UhxT3`c$lipbI5Dx|NBN*uX3W2y;yV{3WDYj z%Ju9483n60w?T7*K(U;=%;+x@#a`@1t~EtW2vj!O?&*rG{qWS3*P!UpsAq{$o%7Y@ z#i0eDI2SdmhS79!pNpKY@IU+fSklthcWJQJ5QyKOK!U@KDOwa6ql)Vjh4UTEmcQ<$ zn=<5R~6iI?nroo`G z;+}nGo`=jlVHkfjrO+!BsVy%r?~KQ+A5u{w=fMj7x0ZfsTmu~}V#Fj0nPi`Q|H+YA z9Pc(%es4`^%0yW{rXk|362(VVU6ZKkFU1uGW4?$Y{p_?Nt!3xmVFH^Ztga0UREqVa zGKR*QNd@nqMYg5m5e;dqX+SwI z?)6Vq&mSq4RCZ#{p@dT0iKi+A;gTOBl2~=&2GzYtis>3irRJMWy2&4g<(56Mp%f-b zQKUh|zT}ikDT6jQLP!YtGFM9+(5~4qYErMqko{1?+imkvTI+V&3C8j89N&7F!rCUb z1iduQTv$?rp(r)yHtUQ$+iWNU6g-k*KldHT^{2YAz5(-GXGI2!mV>I~Zsi|*nByt` zjB40c9-Au>wpn;{I;h93i zOc7KJ>HHbRpF65gyCd^WZCqME$+mI;?&fZ@={r#K3ZXOSw9pB2?qznr{p{;zvW4(u ztfFBXv8qK@AlwFHXAC_N&=nfT<^Rcf${(G2SdyKI#Yx zZ?viFmFgZQzx=hdScGFKzpuZfl}h>-I2#^U|XH(RJrjxzo}r*P06Y4f%9_NE+SR!6Q~E1(p5zBXS&Eup zMWt>&N+L@oGsos@@`R5!GQuXTY;ky=uV4A>l7arrN8CESFW?FeZV^|L?aL?SrvM9F z)m!D4*CSJ>F~eo=+IfS_H%#_FQ)IV>EHacfXb4oTK19nea~%Z+ALWP1Am&%Ah=0i5 zW^yIfllxWft%#Gnn%QK~e?=xRV4cBz$znAZOO725c_bKxy(BHDZfB-2EIz{|Xc$z= zlZf%9M_4SicFyHCY}WUw1jp%_&$R`+-|h~EXNqc{(J(>`2 z+wNPnk;A#HyfF`ACLM{&tR)pvs^T8ycQ~b_S#3vl_Ku>xVOr(Ovx?{pR=gU#a!|}? zZ6purYGt*8Xt}_*oHew#SkjNi>Y2~fIw9F&@1ZK@%D(W3EkRb3i4d&q+mXGFX+rau zbY;Vk`(ph@o@x);_D4#FQUa1Ur7;yRcVh3`^cRV(^^lPs)*8ROk*ttzA-3zB5<6XM z@XcCItNc%8pT&o1!(#eBdJT9TtJ)BZL&bUE+P`;}DtLd;4c@2)6NAZ8MMer_YLPlTbHb&V`J)2;HKv++MTv*w+NQ z;U!;cVlP{B`&LZ^LXPc^t8e~o12@Fz5vRmjZfL}@aDkQWU7*Dmg&!kw{%ZE_;l$Sc+Tx`Pvfs&PNk5bRMP6AGxF_YKd4V7k`Z08U-e09eQxxWB~%mBl@=}$jrf9i`bvzq^k zRvZ}r1{k$HspU`tfc0n$U6%$cK0lWX`nMqb?*aK=$Bgd+?*LbK9P@yu`t}s;y9tA0 zgPO{kX5F{$#fe>0thy#8mqQG`1v-iPdm$oSQp^7u6aPEc{U3kofBY)z_|VW#-xFsr z!8wU<}E$8(`Ts0H$e*GBSH z<&JZ0Jqe7{UZ8GqpQBCV7Jt9o;oA#<)Ob_%HS1t{1N81|-+JaFV+3N1Pg{DbEsj7K45sha1JDf5ph%_F zU}mWyLZRw!h(|OvVc^$5zZ{c~7Wi4Vpm1wjw{~LG#hl#lmzgh~sd9!|X;*5M@s-g- z$H(qvcvaTJlpybqN}p=+6&|817P*@`$j&{Z=kzy95*3oHf_Oq zh;^GV=CSN|G%={QO_F+nLeJ6sMC{5Bl5m#+H}izcj)qk_-7N z=yG|aB*MpSt^80y-z9HirbcuMSo)(s!8nA|91{}Iowh{=_R(~lTITjJA?L;JAQCaA zE8$8~tNt`TyUm$8WJ&DDAdaLD!+!6w&KnSw?Yar;c?k@bTMZGyFV~=c8#Znivn7ud zSy+;RY^ut82u#L<+gzOipOi4W-~aVG>1sG+99wQUvDue~L&v-M+YE%)AC5T{d?{th zf?gK&J|~kAEUu>sHZB?~?G{{ZYjIezQ6qfZ(o!Q@9cEwIIdMmGxUo|xekzqXntxH7d)zY%YYcCYLnk87Zr{yR1Ieyq-?!E1N7YdU=5)w{)ATFf-=9J*<4kcBQv# zRJXr30YVm08K4bye|0udOrLJh*uY)rnD){&O>}@OGx=%LPP0{pG6d zX`a}j$W5UUeB-szl229knG{Rf*7)0Cs6+Pd~TizNV+djU(JgfaOU(U_Xv;I>*7sG%uG{@uR z`*`Kq#L5g#kD~&Et;l@hZx0sTsvefbtX=!&ejZF-sNOK?6)xq97+tqH>tc&L#l9w~ z$PKaVG@Oaz-rEp1F&$f^`tuM?LMjNP_wxozpQYM7K6s4n7GmN^DJ%h2-*c*_6v} zK#fl>3XX7zYgz>(@78@ZE>`j<8D0 zfeId`cg@10Q|a?IPaj|n&$R>}{Fu3rFpF74`}R4^uZALhP0l;;Kj1c3 zk9)K8i_tS&uL_U5e2515FOxo1`g>s9QefOSBqqvCTYL}@d2#{h49o+Ys_1Ypq~VRS zy|< zvaG{`tbFQQOb<@P6{>#8zjm7SI}##(MhX#}Wnw|0@|6>O#Ol?Hvnx?nfN|9M#^C8UZ{%@mar-4z6YKo{e(#!o~tAs6&Op8|` zBe=ZNDUzmcuZ#{GjXOXOmI+N2gYO5ru7r9;{wCt!^6^$OrsHyQX19th7Q!JTl1*|O zl_@fTekAA3ihIT-(9ABM20ohQ2ZfaCNlLcwF7@FlKfXQKZYSY1s&(8oUkQwulZnA5 zexoBtn}3@S78GdYx%tcSr^godV0~iN{|xW$|5N_!+v(dMiF_{rPU8=gR|zEonM+h% zdl?i?KPMhGe^R81Dw8a^_KgJaJ5S}WxYHxlZoHZOX9)kV?Qt`p^-09fw=;xXRKR#% zz&|@#X(ti)-K<-Abz}@>jei~F^#9RL{m+fpe}88=0IHYzQl^DK zLAL)32u1tvb+Z=-P7RZ<%LeS$YAQ{Z0X3xHhUo9BYEHrO*A}uVLah(y=k&E(9?g(~ zKIX)$4$Cx}4A`mXRccGu!Bh&0FNy{Rj0ua2yrxr-Qw`@ z!?B&_wy5T@>M1%Q8=UOt{~qfIsq+ozH%O;bQPbXRp>p?9XlyQ$w>?ni%X1H8DV-V} zE3tj*GanURUk@OFHx``lrG2EOgJFszt)20Fthn3sGmc4slGjXcaG72>Jy@sq{1XTe zgzo)Xr-h7Q(g5G1hFOS%g9m^}o{a+t##)Ifj8Y3`3s-Z4unb$LG|ZPOKOXSVMc2_8 z*PR*g^cJUR@v`q#dvt7-X%Da_Pu9_q*=r^1=$s*_g-Ok;YHD5xId`O96a<_W05X0s z^~qm8#ZDtx~I3(zPn~3RoPv;GF3DO7v;Ykc6cK# zTU1Msv+|4s8B)5ZI|FYsp7xu2-X)-C)>jFXw`fs`&Js^S{~`kqHR5>b1bEh*7((M3 zpCcaXT97`PDYe!4kECw#ws6C&iAptje!> zkuG^M&2kX1%GUFYoz+oxKu4{KF2fFV^fWg4daK8uHTtX*G&NM9rwUmS5O+xGQGL>5 z`xeC6tgQkorxl9AsBH%kLK5Pv%Z$oV@dyB0s6OS2VdM&LMrHdp08B``>gJfM8eq zs#oSK#14G~;o&#?vCdO2>S#L+fo|`64U4|->N2ZmBBm-h&x=GN5?Oa}V{XQ*5?Og05!`jV8Ot1ftfF1j(W1{N`3cI9U5M zzw0b5nXWQ%G{=`w$8i2nR16%Zf8MPPQ!W?rPdKCBku*g$xf0jKVjLyAO66;IAl_c^ zI1dXm$5GqOPIC9#((o!*cR-9^FSI`(J$so9Egh#<`}S5P;LZr#g}F*Y)v;QLKEfp5 z{`*hp1EktFer> z9!a{Vz6w)?5xTH6_K+x6K4!apIu%t^eDkOz6}3EiU0Ba)TE^X@iWTv>cXEp&x!cpP zNV3f7AonKh}TJa8&AIP+NHi9~dYq<}}XuJq(@_FS!r z(mwChoAKoEmTlJGh%TItF|+x?$>$KiAN^r+OT4_os4V*|zHtA< zqxZNNnij_|$gR*`1fe|_lk!N+y+zT+e8)iI)x-C_%ZpZhLn+3cGK7A{x59HH^W@P# z#`;eq*%?$atP9j4GipRMHR1Bfnw#uNWtl_~waQOFq#F+Dj&~Ewaw*n4PDX^%u+2#?R`dmvy+Jev4%Pq1>ecv zc*j|$3;DIKF)BgAQ%XV2sjutP@`~ut-lx#dCJ&YqFiB{&fL!hk`LKi=z;dHT8&>V8mu|7*7?%Qzu)}D*l`U zN0G03{0d;eOry1=@`9ppGIhVXT;fN!-_i2M#oye!f23}?zhXrEJB&Ey#;G|6?aF7X zyS=AMzN^0>pE-%|^r@Z7cLxd?v1labtBuu-pYGG8Wq4x*0P21Y;-T^M z+)k*-PUeNPAAYwnuPG2TJ2J0^^EI}DZ7vk;o>c9pQ|)$_xa8gLv)syi*v5Mg=hS^4 z^Cx-jX9X+O>y-x%Yz9?KihG>^peimd#uJ4{l`-Ar?U+);HtpRT&xa3};hj3nHjDTPNI(-++&z4_}^oTejP>Js|PIS5ArKOSXDW}%5NKgcbLLgTdy#6m_H zG!&=n{PVO@?0T*bEI$DBj7GKv99P6%#Zh0BdC}^ye=IL0_kR}r@#AyWdrn6ujdaG zh6bIw!9x~1(q6NQ7UrXveSXqp+!Lru2O~N{O=cJwJxTX{GJ;pg(oQ5T%+ycxK39J( z$a0VKvbtbU|NUu@BP9&tP@4SF3}0gin|rSEhG{audrvux>l2}gALu|6a$~U<_-$oxbra-?e}05LeW?f5WE}3D83; zxJ8f%!8pE&8Txv$^yWTUyuOb{V{qwZ{BxeTM^8*|k!7I-rf)j1p3O$3xii45#1pDR z*KQXUX{#);HE4Ll#alyGl<#OcZR&S>!#`EPDRmNvS37XSti9rCS{z0fkU^miq0=_v zt!3m+(Vd1`)#$oAA~zH&jGHc1t&>TTP?43BB3FxSJ9q3SFe9%B1}iGB#r|ru>5Tmd zd~xO98QAJ~tt3T^+NG=Fo^Ceose}m`7#M6eY&D03+&16~k3kf>>(|YA`Gniot?}JR zF0oiDoCY$cYODIxM7#(lK$~jWa>mP+WhzQ-Tpc5uH_z21Qq41#tdy;}*~e|XKb@_O z{!snOM>V_@-rrj~hUIse_{;|eZhJgk{LvV{LA z3@k}uQ_M3P8xAvr`&U?`I+I{&N+xpax7V-29@lf_+x6fUb!u+Vg%SsgExgCf=sV+D zSR^<%6XvHEK2$R}CgUw2H^sB{#k7QZP=J;86Liu0PCM zrG9JU_mJmp8EfPVqoRgbW1p1-MF2mp5CHhG3Ibx%@_z89C5;@^zMs1<3bL5g`+uWquba3)sx%|q?%Ia#jrQReG zfPMmSaT1G#ngSZ{xDW77tL3XFidc?j?>C54_I66?Ru&nHL>dbI1-R~b143>(bnI6% zpn`Q!WUs$SyBLs*nHOhA(@B6ujr^Ccp!zpmVWn+QnFIH8n+c)Fgg=?)&7S7#wVl@1 zObXD~kV_B6hJ|_c_OE+GOu?a$qn~}6q5Jq=7oyqDx9h}VLgwB8?F2}gbMn?y<;vFO z=GGlS5a`y+vQ9{cwtlH?v*B1t?4LIl#owFqQ*^65Huw{EbjFtV%WIWi0GYhGOeklC ztEO^c$r#m^-iHP=G%l@ZWIn1_=He5+(x!y1)JP*P+-m=A8cVVkj*6Kou1W{ofV0IK zB@qeIjWQYHUzoW=^h5kJkVq9mzKuu?0j%djTkt)r{;zZW3U_w9X=4OYO!k?tg?O*4 znB`2BII)2izh9+i?%KZW_MN!3f6%}ZkkU~Z$JHYV9($sa7Ac(s`$+I zZ3=}?&yKzT3QkM27|sNkutQayqMew5$H-k?JRYx79J27%Y%o*Q-J}q};ArMYY*d0; z^zG(kOkmwylT5DdA@!=LOn~YyX;*PMRw_cu*WKT(ViWpj410&=$Ir2z8M_QOzmkQs6tAZlEKCJOVW?Cl$qf8Hr~UO(C3d)tA=;O3pV72O zNogkWC@?MJAVmfx|k*41T_QEAnFY=X*)(Uvrf1)!YwZ1$kKv1NXn6d)>(I({ zo8)>`3}!ymALrOKf5nMshdgs14sm!R)pgf_TH4~fe@91Sg;sO(}hG&IE;XN ze6s(C>RzN)@|Sk1%tYi>JPJS2G$sD?&YM;R62V=T(Fg6U=%K-U?^}k6m_Azq@aWA4l$2Pww3!FN0{_QP%eN^{p4i^Wi4qg~e(EMG-^m}IpsB9@ z7cpW0|7L7#3~9zpYBl4v0{i@2`YoJObt25a15Gw|cw+H-YSke@zB<92D);8MH-gt> zn}eT!vi`1Gqe{;{I@CwNb@|ujmZBiFmHX9N$s(N#C_URRF@f`?wqH#ko$@f=cS7P}82pl8m2 z2dDnUcJU!-@uT$(CM~2ujKS%d3qkn`3Fs8?9+|WXp^pZRUJHPTnE$cH|8u4P*LweN z#IPEO#R6qtT{^uA(0~0p>c*4dg}zL~`U`ik_#|EbOEl;e-Eau(`p0vbDxlIRgq4uz z83H)Sk^X!7zq!>O8kXr3d0dP@iS3-~m54#DjOG-nrc40Kbn1~c0R46M47Aqlwbh{o ze!vvg(zJW&`31pWSdUWxKWzeF)?cq~_VN&67q0_1V!ns(18UsDuSfCIIa-%#{}Y>O z$klRHwRQpkjJ{?PSgqn{WjmuN1f1rj^e6vWVN``cfY*UqtY>$50SNX3ZkdPEatSW7 z(+rbom`Qp9&HWU$ne0`b8;c~n*lkRPf~`*VL@MjMe)rDoR0LdIj*shv@nlS0orqsq zNlFHFP$D;gFlapo^d(+`>MxtBE;@l~S4!|{GpjnrKDr|y(kjzvCa>FOU2Io`8+=Dh z$XBG5UJ23NTV`=kn_nX4``qy)aC`ppYzv_YxW@s(&mmexQW9f{-VC37=R$5$09-B| znmCfyxrp;l8o=iQ z>#Jyfjkyqk$)UKAX{r$&tK=m(68bgKeyv+!o=Aci^yV7tvNbI^^!O7oCT}E(U5<$z z1}TW#+#GPX_4bmEzTiNTG3h_>1%d9$tIJXp?QSlI=NGZ43WR?q+O&@F^s`nCH_1En zxB4XuxHjm;y&}t88T7fxkOmTeT_YiSF8C z|D$^EElD@jn0Nhwm)qqO4mXHfOP(!CFVk63*4k<=^KaH?FVy%hQ-p8OIs)Uyg}j4j zn{zv()E}p;+DujEmTnlit$sO`Z>Wc4J`V^-pVXimH8EnQWk1)n-8O0sJo7UBH}u_x zwcLJNX$=xqGr)_=G!q8Z0z|&~H)&rSNHn$G!{FEj7C3)|6%?;?jG&6AwU(A}JPBig z?KrE!LI>ZsQBm`XhRQWSpK=Vm)XZae6I zkPaz~Y`MrhMcEzfmzk&~sOVNIcj}539=-O9M+fMYCPZ?onJKza}JE4u1*?H`{~@qf{O&QU%2vIW}g0j z;?_m%oyFOdjh!rpo@AKlj|lmfAj^*DZu{MK?G)D#_mg3-H-Yi%SQ%ApAFLnTbr$pr zC|2scS|GoW$>qKjg7Nj#X7qrSJC|I0EDkLac1)YUm4!}OcpF%qEAU;|S6{^%9Dxr8 zZrLh@;U-JV4#fq?9eng#z^#$gn&SQjWv}P74$eHZ&x*YzckBym+j z7!ko7ib`817~k4&s4;qLk3IG_(20#PIdMI3iovR>EKC&?W6s7BIM-0D{2ql()IT^) zzZWbGtthEYq(%1mI4x+OrpFQwVq`HX}`4c$$rqA~hyV^9$%JClZSy3W`W# z))HQ(bdVR|`VLYj;>iP)sl@V|J(GammSmeLP3C75ibI{7dVIKES#me4 znr29F`*#ZRb(tGs1%+mUS5{S{jCxG7%2cSx`fE2TN6d}H?!~Y7NQMw&^ zR{LamJNs}ifZfIyy~%c&!AEScTQpf>@&(9ag420d9u9(dR{ic5osk-QN}WqC>;;P4 z{>MKq8?U5;RZ4*mvSz0IoN=x0*`m^2X0Ao&q&77yY%G3f%C`4ry3@(Nd>svWoSjBE z?M_F;sis-qbZy#JPpvOJZze%tKF|1ck0TQ|wA6WB6RWVsI8lc@b~+f+tnc_LXkse2 zqwD&RC3Cj$KBb00dZc0<3$=j2!fu>MKu+_ET)}v51?+6f)i?L%ynB%HOL}8uUo~TH zW7Fmbx8XYe1&!05gQW;c&mYRTPO1Zv}Os=4bQs#>&yLyfBK+uI9_HCL`2g)B(R$ zi1`V5!nx43O9|}=7})Z&hJ)X$z@Rj4ZknrRvwTj@HOwqU!dj&aU4D#$>tRPU!-tBt z!g8r2Ld^X|<2qNZEm^{*UFPzR$oLLwl@9Fs7;Bd3s~rVZ$E7_P1~D!ax69J1NowpB zLyVFVRjTLG@fR}7rD3k>GpX0|DT({d4)Lz1UplO0>Fa$ygeu1)pV9Q(d$Gjxos^n! z-!)8Q>AMeokdOEc&^0-rBFHeg^TqG6(+F++rNb zwUY@uVYH-Fbrwb=E>KhQma1G`cUF{2XM^_#XEpt|mZqxU-do>EyOcU*S>2{qu>z_c zhpBX4JRIvy5S>G)=kHalAA@}Su}x-V7OAGge$tLHex?z_$-?z!}9=W&ERFr~hG zJQw5vC&zb$7%QCRmGC_oPF@k5lu46QWC?vrI;*q`TyFaEThyu@i`SDMFOHxy`)eC2 zJkSHRM(~vwg+?@w1e{WzhIip<(*6s6`FN5xX+H~JbhlJY>Y=5PPV5z(e3Rvpy21q) zyL|j*&@vO53>}>*w6iNFcI}V)Vm~DxIW-x|s(;{^&c*u%t4{&F{BCxv4dX)mg-LD+_OiwuMlgS;$9cqRSmlzL$|gi1H_UA>z$8=p0rCAmaz! z?S`8*J&ha-l-s1^Ei@|U8nON!K*(}4K;)%5K+SI1BtjLC;NMRnTBa+!tH5?a&-&QC5f-2cL7>-k;haE`V7r$FkOZ|=u3L-M z%<@3L&(0rkwRo{(4)fZEFx;G)nXcIN1$PF<3hC44{fDQB^atLI{)|n1YRiIiE3`+x zbQ6iF_X5xQ7tSlY!*w@e(} z13~wBKQNyb(1GKlV+(plun8ikj&;s9-PkZ$l9^No^tceHeFl>1Jxn@dA$*{jFz2t; z&f%tMeV!m~GmtO!K{M(^qwOt!>|$u4eIga_{Z7IG?EuveEkxrs>i<{WeB<%tfg6?j zn|DL~Lf>PyykgZB&ISj(b1JcbFFGH=&%z-(3H~9Wt;0?fTC9O17(3 zA8W`eUpPTQW7U%Ro9p&M+!dMs=;2NeR9 z5A6TYg}iVYI#y9MJ&_x3m2tDM$@@&v=Um?{(%^o?-lt(TZjKTy+RCF`#V`sSX8c^F zSmk`VC^3wG>5P#=m4tjs_M7Q+2{=xfID{vJ{YA)%Au>DC6x6=1A(z+Bj8aK|l$c3V zXPvAqJ;qb1ERi{A*U(Qwc8A=QbzOo{QX3nEU~GAZd)F}(V?Kr(H;+ru_U<*8*Tzkz z7mJ+57G+nX8;5izGHpW%<%?;no2NA8S~+f+PuU9GtF-IeU=e(OdU+#b-b>$0_watu$jB6c;d*2y$;XZFL)>Z@`=>NJH6O@W)w|ai z2Sgb#Jns0mODDcDFv@4eQj|mqhaP1phH{1(4=f9eRTz_-C~HTIJ-32|FY+;;xy-6s zd8{#Vp?-_#&7k5lzee^4>#!Hz%cvsSKUm6qp)PNb#5$Z^{s1(Qt-H;* z22FyeACBGD@YOwuyLaCGL2?Xxi~`>36><)OB%P>1=r|lVU6#fRq1HK4eIqIztsj|I z?VzkUD3c7U-WRzP&gO!;O@8awJS(zSf-qO|TVqZ=B?kRBS$Ye=WJ!E=MyNLdM*eB=sR_54or@JqythM8rCMWvYYLB! z+0_p%Opw|5=ZO1{VZ5ZI)3 z?8R$k-E=W^>Rc7om z8+*5%x`CVeJZiHB<_ZxL$^-E6(D*XpLy=|Sf&3WR zT=c6dG4;}O@O9T_^6AEJy_za-*?5K1kUHiW5AAqc zy^+Z}LaThK&Y=~0#s?cctas|jMD$zf)jDY$B3PqdB*qp|UT<*ISWU5`q&@E$+_l7| zq$RWew`#64s>!WO$BrU!MG;YoUP?p+6a=IsK~Rb`0R^c6rAQ4RH3U!r5h)4?NJ~Vj zbU}nrRfG_b-UR|7gbtwvNJ5!6dgp%Y`)1axS+iz-%%A*7PV%0!pS@3ZdG@wU~^`XArn-j8w^nqK0Or=Dca0mCE+6k=n(iO^LfTRpH$y|t21(oJ561$nGHKh>+Cj(8o;~Y~zt7uC zSB)~`7);uCRF><=aPH`USn_ae!w)vbvz~o1j^)Kpaoo>pIS)+Evug00NUkr8DV|F< zvOfgDpxQ=_iZKZn1l>SB)|U`cTuS%AjfuuY&8IO)h}-ix$?G57rB9%$&5=Jb8BM#(X{e>@Go@1xOZ;F$d5#{4i#Ravt5yIrzCwyZAUB--no-XT_k!3%Fz zHqr~(>h;I`H}Wzdl%ZP=6MT%`_v(w<2Zg#{;P+Y+=clb--dw;pM4j}XD^h4}fA|Qf zx%CvD=_;={0Q$s62`C-c9vcW(5R}c1tZ!-087g@gM1C2?j8@t?n9)ixIBVx#pnKp< z5_%Jd=U?n^>MY2z)dJV567;@!yMW)93conQ4Z=-rdZmezA~ zfUjf(@oRjv!|)AOg;4~$4(ygX?aTxM?Umyvx9J!5J_RGu+a0m*d~3_3hy40&j?}Av z(NSq?$gHD%!Hj6P@*#Z!Y$VGM#F#Ic%`DwWc+U5I84)A1rrMs`8!6gxnUq3|Lr}1L z8efIjI+SKd4<*jqq62cg&&Rd~u#Q5SyGw%4?24!EgzyEt4#9j`&XOHkeSmyWYU=

4o92SPPyS|zE_LXt7WX8OJcPH%KrFA_mJNgeVz`|iN!aCflnF? z9jSD!M;)%)4E%v9vvaXyJ@3|1d;HE8QLvfAG#6gtaK^Yozkhq#{PoF$cIIbw_ew13 z2ywQz2p@vyjGT1hi-)ftVz$fX2ggVCInaPmv(YlB3^p^3?44u5w5YsEV=o1m2@hSr z8^-H+%-#gj!{Kai4V`q^7>-ND&^-c!boMHp*3L3!M97UStG~~)nU!YLbni~W7m+EL?<2DU1vBjREzNVd2o7Z*N9Z}k>=XRonxsp zqRvX$iSw8Xa&c&ksZQ2c`9KpFe}9)GZJ_B!1bg)Lr?=)<&F*|ZX(HIRdQ;bcJ33q8 zwc?M-;>S)?K2}tY5Ia)>&f35;^yEhM#s%kZKR7(;fhOjTFE^Yk?xB5}*7~ng?38E; zDc`G{vSVGx)_bAb2-mH;TI1N!cuW1_cknK8Ay^K9E@m%$jH%Bp(=LLKXkll$Lz6|mIA?2d*m%f1XvWeYf3E*z9Qi1lHG*#Eit zX)1+P506W(1uRJTUNLV+f)l)wcr*i2n6T7#M;EpDxisZ&&&Q(I-N!G!mAyASH6>wT zm^G&&nvTkvTw=F%J)IS@$+he>DJZh3|Mk^JtdpnBcBO62!&cA0A08GT>$pdW{Esr+WTTbsjPIm3hSZg$7p+EQal?a$!}<#b&qOUJ$OlZx?rKmdA1W;G2ziK5K^28mRWFw_%WdE%@$>TXb?{wLr>nlUCB2wT72cR7QA*M2BJ*JMbzh z#t%xBU(#&GJ`s5W<3DP&-QWM5p!8C^waiU7&h^e}z{H|UVKzc}#8}(apwV+G`R14e zy$55Pt2`CL@Q$e&ZYxEE-)kFwZAgq?nc&%_U{T51rwzE323DRFkyjvgIjzSi)6ttFr5eV$HC5gJ z%r1UZT70vU@gr))MuYuZ*fg!$(d))sQO@H8(IFqcZXYG zN2tU|TMnLaV_boM%PTcg&w0pkm@J0-7|~FK-L-svKoH^hyh|ke*#MhKU5QG4qptF4 z(_(vq#ml=a= zs``d$HrW!1`Cu)j)}%&CjqnT@v-8QL{1Nwx_u$MZ&6U3`#oJ>=U1~94Y4~ocLBaEW z1yOk;sRw6jr&o}MmG+El@|Dq#vC$CiZmH<|N3l~LHOG&%cpf~g7ms}$(Re!LhQ76f zjQi`wy5;yVV)a_j{NQv@DJCj&!HF8*ujJM8q6W28nx1~6zWkPIA*{EO`Xmjn%^}D+ z#eci!0>Y#Hlk*@C#DxOUxx0|I;W9pYFHI401xX>Cv!uj?CKcx9Yh~S!%d(TD4P+Vn zBpj3?K|&f9jGn=X6HlbS2n{iSxG;`2NfF>LJ}W8#c#{{8YMj> ziL9VoTVzNyv8Ye3icTXVxvGzp$=QocCbQNaSDoSB(d_<~n0?etC&5xWm?ZFZz`N})VnnPrJI8;2*wyw}{ zo`o`1$6YhL1!vK8ymDZd&7jyF(HHFWr$^W|~sXu_u3YtO6{&q*8m?3skMP zdXM5-@!z1Zl2hF7G2ogucdeZ3Roq{ff`d@x>!}O;+@k&jQ6hW zEV~eU?y#<&RUt9rk)UKQ1-e68WGo(sas`_o3+*9mPBuP=YOI@x9#maLbA0@UjTXG% zwPl4y-ym36`;%tC-k0oE|8O}qRvGnC*n2-FVe({TOldG;ffs7~`x{l!qu?b2UB}}| zioAAi$5)q@MPF!s|Hy0#Ha_@3kKZ+Q(9oyP#GC(2B~aW(ej!~s3qAa9+{Kp?cgTK& z5;i2eFbKy!csPNBe_R75fkaL?4TBCx@ptRx?gIr}0z6G(6nEkz*%)&iee|RV&=#Z| zgPmIc?KxI{UbsVX+hMy80+lLuHXy!C1xMttk1^fN^NNA)P#DU0q4z$t4w!(LS|hEt z(nh9PE%tE7|KS28Gz z)C>c6*a6TL^OcA-nl&jpT#!i>40V`$)Z{W5+!)UXX-sqiDZBel1?w%`g{BjLF)Lln z&HEHf12anQ2ykt6m#vn+dLI9 z+}Y^(S7WosKwqqyantY!prnxf2Izu%qSDAL_uh$Q<}AO`#ngKe_k%8K!>>QiOltuH z-UDhS&xf@ZOa{u#Ku!P2pKD|HD+aNh1f(mwD=?_ML ztnfuOV8fRyQodm@4aFE^Ks3IO8ia)bQsk3wo};t0Gp@{x796^X`wQrHLDXYE z=vzoR`Q2jnuU~>q* zX(l+K)6BO2-)cr+xP4sxF+^r0p|DLkp3+aix#=W>Cn>0Fp)t( z8o3#@Ol*_5|8W{!lvIl@P)>Msd$sfdbLU>exoG z?u^{~<&hN=_~ic-7z5(g!wumz&UL_}Nm+8gMD`1_v3kX1b>;&d7XU^W%56S%6wD$A zSlDd&E1<&>Fi{lKL>FcMp%;}`y#ZFq@!uJL^1nvL0uY&u5a!KwDtjnr`nS@1aR+p2 z=^X>TyRtZ+4i*+LzZU=39T2tcwl%YLhB=k#SWl9$(!LZ9{-L|3KvyPUvBu~oCWPFN z$Htk5J~S84L7Q4dxix+Gg<{@LBxf7zC}kPYM&LdH00`SK?l^nn*LMxoq+JCCw(pUn z(Z28j~bGuYaFpRmAcgt%Pa?hanVwBEOp;lJ@bo3tnosif+|H zZf-W&&>XP(gdGu0-6r^a zIG?mS54T~xo|eH-E`dX*3D?NU?Jos&zxiHJTyr`~Tf-OJBSo@fR!?Elguat;!7az6 z7|5Uc5@+JC+etx9KeVcC*7^PUxkCt_;%-85VHWzt)Hau-HDkZ)&D%Hmq`lBQW_w89 zp*^wE*BBaPqv8SXS^cIR)C7k@RocS~%sCDHyQ4iEG>cR9k`gMmzUhajL9Swd*n~o* z_ze@|*LPQLYD-v|+>j_-#79;G)y>h!Rx)xo_j^7>aIz(aOE+9}IxM6{41TxUe^5vh z%EHZdkyQF@8>|_t_f)%?iUt3lRZUY8R(@AypZ;_8w30{QoR+yk?Cbey<*CTlMiJ@u zPbj(&L<-_?b3zHfwQ>U2)-oh5;c!t*v)TTJo$Vn_qLTx&Cfc5^t+kXXv|?ut4Jbux zH_Q9=6fBIE)MOfSO7?g_vld#=?xF{yeWfIXpQm0kAvznz9yIc9HT%1Iy8bqv+!9kN zRzi%7we*XyMWQb2|LlmYCKqleLP)N+NH#TaE}cuHB(Y>2oZ1MC@qURjGpSeaJ>C zy;U;TP%YnhFV~WgRVS-gTtej9p*(A)*29J}iz<~ZkaY@3^PL${YJ3MUe(GmF8hJ~+ zs9S7%$;)e5)oZN}NuN&X^E=tshw1APukT~E-5A}Zt_t6C?A0g_NSs5e2iQhiTJLDh zy}6n-lEIbzgYKE~J{olWpHb{R=OZ9K;%M4|-bx=QgN0xWeD&D!V%u^yBo z^L-fejBIok!4JLz@K}P+%Ba}aF!;Rk@mq+B4~DortO$t%k_CmS#_Q?}@an^K?6#>D zy$KR2D>{n3IB+kUG<7|rBadhLLu*bx3EW$c>kGo_>L{o#4iyKMiN~*0aOA;cc=q~O z9lK{8KjXLZz*PQhJp%?uzE|wZAxG!%c3+$;m0N_glGxXL!m$p&^)tsyZBkhvpdfGo zztyAI3r~uK4SXf3MH?_ozVV~~ zNO+=_gU`LRSEN!Mq<0kqF3d)5<{iQGhCw&AsT=-tiDtcNa=9l2dq2yq$_B>EZslQ7v$+*ui_JJj3l17%k}k-&BvXW_0Bz6n>Tk1A}-dfUW}@uSE?f}`YSR# z%l+$-tHJ@u#wm&N%>z`j)A}b~dg{?R(>QlON!Oa&@HhthY-Y=UO>_eOzWV+Xrc;kE z(Z-7$Iu~adfZSU*l_6{IxW~=w5F$=oOPHZ zbqZeES4gEDx8vNgLM=HTezBeAF5tKRBiqU2BOaf4nFSyzDR?!(I=ORF+~r@J<5f1U z*u6=%my*CZ$y>y(G^kUjEdbt>DZa9%%iubT`~i=v%}J*W9yF5`*7ol#6(mG<7#WHT zMz-eYwXoq|n8z9LhJ!78F=x#PO?@amfHVbhjSLjD{Fw!#OnhLsa2;IzYyqEEAmO}- z=Y^ZTugr1y-`nQ02zfc}lXoDjw@rj(P}G8J16VIf(|WxF!Kc&>)bI?(sz7ghg=e~W zW=;HrD7 zQ-^6+YF3ei&d3$$1{Jp+y9;o=0dj172u~Fs;KZL-_}zT;|M2zp?VUXl8;6@ZUn2m% QG6 Date: Thu, 13 Dec 2018 16:36:02 -0800 Subject: [PATCH 34/54] added image --- .../device-control/control-usb-devices-using-intune.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index 238872f81b..8a299b2cc2 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -82,9 +82,9 @@ For more information about controlling USB devices, see the [Microsoft Secure bl ### Only allow installation and usage of specifically approved USB peripherals -Windows Defender ATP also allows installation and usage of only specifically approved USB peripherals by creating a custom profile in Intune and configuring [DeviceInstallation policies](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation). +Windows Defender ATP allows installation and usage of only specifically approved USB peripherals by creating a custom profile in Intune and configuring [DeviceInstallation policies](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation). -![Custom profile](images/custom-profile-prevent-device-ids.png) +![Custom profile](images/custom-profile-allow-device-ids.png) Peripherals that are allowed to be installed can be specified by their [hardware identity](https://docs.microsoft.com/windows-hardware/drivers/install/device-identification-strings). For a list of common identifier structures, see [Device Identifier Formats](https://docs.microsoft.com/en-us/windows-hardware/drivers/install/device-identifier-formats). Test the configuration prior to rolling it out to ensure it blocks and allows the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one. @@ -93,6 +93,10 @@ Allowing installation of specific devices requires also enabling [DeviceInstalla ### Prevent installation of specifically prohibited USB peripherals +Windows Defender ATP also blocks installation and usage of prohibited USB peripherals with a custom profile in Intune. + +![Custom profile](images/custom-profile-prevent-device-ids.png) + For a SyncML example that prevents installation of specific device IDs, see [DeviceInstallation/PreventInstallationOfMatchingDeviceIDs CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventinstallationofmatchingdeviceids). To prevent specific device classes, see [DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventinstallationofmatchingdevicesetupclasses). ## Protect against threats on removable USB storage From 85e53f9a348de2d62148e8aaf24fe4a4c495bb7e Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Fri, 14 Dec 2018 08:44:02 -0800 Subject: [PATCH 35/54] edits --- .../control-usb-devices-using-intune.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index 8a299b2cc2..b84891dcd2 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -21,7 +21,7 @@ Windows Defender ATP provides multiple monitoring and control features for USB p - [Prevent USB peripherals from being used on devices](#prevent-usb-peripheral-from-being-used-on-devices) in real-time based on properties reported by the USB peripheral. - Granular configuration to deny write access to removable disks and approve or deny devices by USB vendor code, product code, device IDs, or a combination. - Flexible policy assignment of device installation settings based on an individual or group of Azure Active Directory (Azure AD) users and devices. -- [Protect against threats](#protect-against-threats) introduced by removable storage devices by enabling: +- [Protect against threats on removable storage](#protect-against-threats-on-removable-storage) introduced by removable storage devices by enabling: - [Windows Defender Antivirus real-time protection (RTP)](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus) to scan removable storage for malware. - [Exploit Guard Attack Surface Reduction (ASR) USB rule](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard) to block untrusted and unsigned processes that run from USB. - [Direct Memory Access (DMA) protection settings](#protect-against-direct-memory-access--dma--attacks) to mitigate DMA attacks, including [Kernel DMA Protection for Thunderbolt](https://docs.microsoft.com/windows/security/information-protection/kernel-dma-protection-for-thunderbolt) and blocking DMA until a user signs in. @@ -35,7 +35,7 @@ You can view plug and play connected events in Windows Defender ATP advanced hun For examples of Windows Defender ATP advanced hunting queries, see the [Windows Defender ATP hunting queries GitHub repo](https://github.com/Microsoft/WindowsDefenderATP-Hunting-Queries). Based on any Windows Defender ATP event, including the plug and play events, you can create custom alerts using the Windows Defender ATP [custom detection rule feature](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/custom-detection-rules). -## Prevent USB peripherals from being used on devices +## Prevent peripherals from being used on devices Windows Defender ATP can prevent USB peripherals from being used on devices to help prevent external threats. It does this by using the properties reported by USB peripherals to determine whether or not they can be installed and used on the device. @@ -80,7 +80,7 @@ For more information about controlling USB devices, see the [Microsoft Secure bl 7. Click **Create** to save the profile. -### Only allow installation and usage of specifically approved USB peripherals +### Only allow installation and usage of specifically approved peripherals Windows Defender ATP allows installation and usage of only specifically approved USB peripherals by creating a custom profile in Intune and configuring [DeviceInstallation policies](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation). @@ -91,7 +91,7 @@ Peripherals that are allowed to be installed can be specified by their [hardware For a SyncML example that allows installation of specific device IDs, see [DeviceInstallation/AllowInstallationOfMatchingDeviceIDs CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-allowinstallationofmatchingdeviceids). To allow specific device classes, see [DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-allowinstallationofmatchingdevicesetupclasses). Allowing installation of specific devices requires also enabling [DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventinstallationofdevicesnotdescribedbyotherpolicysettings). -### Prevent installation of specifically prohibited USB peripherals +### Prevent installation of specifically prohibited peripherals Windows Defender ATP also blocks installation and usage of prohibited USB peripherals with a custom profile in Intune. @@ -99,9 +99,9 @@ Windows Defender ATP also blocks installation and usage of prohibited USB periph For a SyncML example that prevents installation of specific device IDs, see [DeviceInstallation/PreventInstallationOfMatchingDeviceIDs CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventinstallationofmatchingdeviceids). To prevent specific device classes, see [DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventinstallationofmatchingdevicesetupclasses). -## Protect against threats on removable USB storage +## Protect against threats on removable storage -Windows Defender ATP can help identify and block malicious files on allowed removeable USB storage peripherals. +Windows Defender ATP can help identify and block malicious files on allowed removeable storage peripherals. ### Enable Windows Defender Antivirus Scanning @@ -119,7 +119,7 @@ Protecting authorized removable storage with Windows Defender Antivirus requires ### Block untrusted and unsigned processes on USB peripherals End-users might plug in removable devices that are infected with malware. -In order to prevent infections, a company can block files that are not signed or are untrusted from USB peripherals. +To prevent infections, a company can block USB files that are unsigned or untrusted. Alternatively, companies can leverage the audit feature of attack surface reduction rules to monitor the activity of untrusted and unsigned processes that execute on a USB peripheral. This can be done by setting **Untrusted and unsigned processes that run from USB** to either **Block** or **Audit only**, respectively. With this rule, admins can prevent or audit unsigned or untrusted executable files from running from USB removable drives, including SD cards. From 4311844bfae55bbb652271e7b2720919d39fe048 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Fri, 14 Dec 2018 08:54:59 -0800 Subject: [PATCH 36/54] edited usb text --- .../control-usb-devices-using-intune.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index b84891dcd2..84b722099b 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -8,7 +8,7 @@ ms.pagetype: security ms.localizationpriority: medium ms.author: justinha author: justinha -ms.date: 12/14/2018 +ms.date: 12/15/2018 --- # How to control USB devices and other removable media using Windows Defender ATP @@ -47,14 +47,14 @@ For more information about controlling USB devices, see the [Microsoft Secure bl | Control | Description | |----------|-------------| -| [Block installation and usage of removable USB storage](#block-installation-and-usage-of-removable-USB-storage) | Users can't install or use removable USB storage | -| [Only allow installation and usage of specifically approved USB peripherals](#only-allow-installation-and-usage-of-specifically-approved-usb-peripherals) | Users can only install and use approved peripherals that report specific USB properties in their firmware | -| [Prevent installation of specifically prohibited USB peripherals](#prevent-installation-of-specifically-prohibited-usb-peripherals) | Users can't install or use prohibited peripherals that report specific USB properties in their firmware | +| [Block installation and usage of removable storage](#block-installation-and-usage-of-removable-storage) | Users can't install or use removable storage | +| [Only allow installation and usage of specifically approved peripherals](#only-allow-installation-and-usage-of-specifically-approved-peripherals) | Users can only install and use approved peripherals that report specific properties in their firmware | +| [Prevent installation of specifically prohibited peripherals](#prevent-installation-of-specifically-prohibited-peripherals) | Users can't install or use prohibited peripherals that report specific properties in their firmware | > [!Note] -> Because an unauthorized USB peripheral can have firmware that spoofs its USB properties, we recommend only allowing specifically approved USB peripherals and limiting the users that can access them. +> Because an unauthorized USB peripheral can have firmware that spoofs its USB properties, we recommend only allowing specifically approved USB peripherals and limiting the users who can access them. -### Block installation and usage of removable USB storage +### Block installation and usage of removable storage 1. Sign in to the [Microsoft Azure portal](https://portal.azure.com/). 2. Click **Intune** > **Device configuration** > **Profiles** > **Create profile**. @@ -82,7 +82,7 @@ For more information about controlling USB devices, see the [Microsoft Secure bl ### Only allow installation and usage of specifically approved peripherals -Windows Defender ATP allows installation and usage of only specifically approved USB peripherals by creating a custom profile in Intune and configuring [DeviceInstallation policies](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation). +Windows Defender ATP allows installation and usage of only specifically approved peripherals by creating a custom profile in Intune and configuring [DeviceInstallation policies](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation). ![Custom profile](images/custom-profile-allow-device-ids.png) @@ -93,7 +93,7 @@ Allowing installation of specific devices requires also enabling [DeviceInstalla ### Prevent installation of specifically prohibited peripherals -Windows Defender ATP also blocks installation and usage of prohibited USB peripherals with a custom profile in Intune. +Windows Defender ATP also blocks installation and usage of prohibited peripherals with a custom profile in Intune. ![Custom profile](images/custom-profile-prevent-device-ids.png) From 8bb6da1069d59d6b57e064095172c34e3f1ded3c Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Fri, 14 Dec 2018 09:20:35 -0800 Subject: [PATCH 37/54] added new images --- .../custom-profile-allow-device-ids.png | Bin 24773 -> 28634 bytes .../custom-profile-prevent-device-ids.png | Bin 19503 -> 29697 bytes 2 files changed, 0 insertions(+), 0 deletions(-) diff --git a/windows/security/threat-protection/device-control/images/custom-profile-allow-device-ids.png b/windows/security/threat-protection/device-control/images/custom-profile-allow-device-ids.png index 0c22517406f09076986a7f30ea98a3a76f3d4446..d51f405f064c3d8bb9b9a8ad346c71a87fcd2277 100644 GIT binary patch literal 28634 zcmd43Wn5HU+de!dN-CfXts)^P9nuOqC=El`&`67PjzLHa7$7B#ICKg~m(txi1B`SI z-3-jTN3Z+3?)!P}-}C?aeh_~fX7*m^xz;-4IF7YL)m0TJNEt{$AP~jVCyz8ipbPaN z(3z4;XMx{n2VPkM{yXEUsUQc+?`9%ioVR(X@(=_nj3UFET>!2xKYya{3Ib6!5dWQN zan7^^ft;P6K6DShd*`8aWoiiB#4}n1hnz8LjYBg- z($1P!!$2rjL*Z#z$W_PCZu&=FakI^{s*;vpY+HgkLYE^`LVB}axmin*zluwjG9?L) zBcVCh?6HX-Z#HdtiJ%xXjw0;BeAiu<2eVw4SBsaA`+^O8aV5i(3of{mZE)jEwqBC5zu^45ev_WR~>VS%j)dUn@NW;(rx~27%IULC!SyAfL5Y%=5ty zmAXaFfM^g|6d-kOb6Qh8zG9w))oX0{rBAR#uisoo9!u z^=>F(w~>*vzPTbY3%T4Gq@61`0)wCQp%fYv5o4ANf!Df4`mP@)f<0aV9G{p`am8z_&IkAmS*POjGvA|-yJO+&M$FsYp&|Ja z4db&S8HBx9UP6CUS*NVq(2~b)&i-LnBUcWl8No;xlRdUU6g-96ipF0w^Jni7>G1x^ z;=7l>?zdEIlU&O&{;nrrNzzl=_pZYZ-o96FAm0ATMU&H?3;6k?tgTRzT5DJr6bh@J zd6K!D*CAe3@Tu(8H}2ujr&&GDt&wQf7g4VJG|sC>Kbw%!Jkl?br+9e4EeFHecA{kl z5+(OGjeWfZ+NalNK`&Dbh1u!vL-dJOT|<5LnmNspnd37b-yPMT`e04l_w)UUXPkX{ z6m0CP)^u$F+Az_2?9eb^{d?9x!1||esu4xYBDEZhFa(clzW7(V)efp|qr*eBlkj`S zJqjV~jkRNNTOs9+$#-CG<)p&BNIIzLErIsIgc8}TBt6-RrPXgG9@&28`84Yp+cq$& z7-@I$1xg!C47iD<=-L`VWTAVtL$+}kH+$Mxdv9K)nN+@{b$NHJX!CK9f?Ys1%+t?eMU5iK>6?4s( zCa5AmEqU7<%_KN4S$c-yVSLW5TOqLv(&3*90L`>%1{bFycRo!dfN z3fv86KXOjB4(FE)9fp<=@cV8V1JARWx?2kT@tgL?-5QmjU3DkRmYppW)(*bry^oY$ z@9g!TD1FFMAN=0%AfMD!?z^Sk_NSx#i8*G;rN1310XQ-q-S|Twj6iuZmY7Vw;_gC? z-k)ZMTf-^rzG6g5u|_%BYx+ zha0^pA=q9WwGM^zfwbE^rF7*IEN*K0ASC%{GiK@KAZ0yM!YE6OzF6eaNJK!?^`^~& zHkN|sKBPVG>FYe0^@5riK}o!R#76b_z^0DysDbREfu}!CZ)x|sNmRy3C0v}v=f-LG z`~dv8-EnzEJPfA@t>+qod zwJckYm{?Br5$ZWflW$s)omOP|l!khJ#_-7J;|b2HYELE~Ef&;(%;^$eh}w##yTaSBK)#{dSmRTRLsa^}nm8nxB1?9AmHgYw8 zg(iZ9A)DJT6N@V^XZ$)v`cgt)#~PbQoF)ehbP-ZmJeMGVq~&0mbLzD9sB${S2qwk zWtZaQGTRY&qv9w!hm*4=vOzO^S~A;G+jh_SZW*)HzBL}X-*Q}g zq$h;m#m>;x9qtxS9GngzS(T_wa=YptJ;!>==1H`xY}F}?20b~2@pge@=b?~dZuzSwuVupe&qD+$D0qIj3t>su_^Q65M*yQ&b>c*ogX{kq3CQ>upt{Gy| z%3bT(hg}=?Hc7r~^lJznDc&W29+~b_e~eUjMv_Y~v%n7Ad(ZFqM~Iko@!`0W7}<~8 z41~e?dwcoJb(hd{dD&4HD;{Ipe7j%8eBnI(l&?3%mcr|M@ujwdm3j2z4AH`BaN5Fg zwR4emSG+x(sb|l4XlbRitGV%ZIud{&iuSrRRd(fbUwpXaTUbC0Rrrx=44dNq(^Bs{3gJa@bSY}W{*_|~2}UWv zv&c#V&J-Z)1751ZJ&_o56H4dmtH{ow$nZK3KdQrf98(?lv%}%u%1Kpo;$;bKCVJY3 zIAsM6(cEU3@}lf7m&j8;h28GlLW1>Cfg`DX zl85S1XZL&Y#IreAa+*`8$Ga$TyV>?W`opeEm;pvzFQacTp##Sv+L zq1fcJ&RUT27ae8CZu52YRNnG-S+i${g_@Jcy5nY^Q{TmF;ng4cL`ja$k*}jXaz$*A zj&^cE$BWNc$D~2IqC8hnJ3=L)b4^@JU$Y;^*$nDxAu%uV^Rmb?HaRD~rq|+S>+niQ z6}Y$j{5SrD&l`NAI?bLs$Q0osIMv3&@saP@)1Hl4WOnW&$yz8Hi4A8eoUBeoJ$^Vl zw5VHE!=cLsSvn*Jl9i0-_xYr7pTliRGhpf~T9Uk{=uK%YGFXac6CTP=k1g$3Ct2FE zrF8|Z9rK^EuXR`W7jAt;Tw8vEXAH{TcmpZ4cf8S~+hG_5(+=4EimaU$yRiJu_Zz(Q zNRdGGc`HQ%UN+KH$N-@XK}`m2B~FbDI`*u=2>GAt@~rpa<-+3I)fBRmCyKGoH_ya9 za*Rjkq8YX4jH{ONxP5aBzdww@X3nn9hIhZ>y|YP(u#rCzNpi$=o}c3xPs|J$xd8G) zMQR*DOBE*XU`JgR@rVB(zp*by5;_i?`GT_Rj8tS)|QgnH-OX)(RW$Er#yo6ez= z10KS~C2~vvBZmttNT6P++Gou$^o<{nXNMa81tDq#9o3ixFBG=he?-M;g5RXWEvVo* z+x&ZE52B{>9y$iGn|s)iJxZ#y#(7v^b-a-E+RA-WWMWZBLn?Z z3RaL=@ZA|dmJe%o!vTBXdB~wQFPn*o4`9Nk_FjeCf&u@8nO! z$lQ;Wq|InYoK+UkIX#NVxcpU4a{r_FQxrOx!2T+{+NU8&TYP$hJ?`MsRS(WGDSSQs ziDMmFx-ZdgEqvllQSf`75R2J;g%gclk=oCk3S%Mo*A@kC@d7v*dAnR9EnU)_%`Uv?j0vvuY;&f_#dfdF?-$b{6d~ zYdmeg;+a)DKYp)2OE8zwt&73+ws%Z!Fjb`%;pVrI1=yn}%7d^z@x5Gvg5oZjWrL(f z<=hkI9Q{L(x(}-gmI0L*!dDl#^ekwC+YHnYl)_N)7 z%Hy0Xi@l}pd;Yu*aDVK_r2)>CwaQ*6jVSS#PX~*#@}fL(!DZQaa@W3#+CTu?cR5{r zv%gK4Ra1>Rer{1os!0oawnIgjlC93>9JnED{FPnB(R>5kl#Fsdw!>?Ooa#CT)#0w^ zSJ`F!vbEc)qmah8F=6rVDV)NOb0}B3CAT|;w#4r$yE+}m^42yD?tydKS=;q(kp2nw zj0E9UdRPtLvF=K>D?SlC=4>E~+b?}`MU&|7!+Cb5dpgLNgV}9!zR`oeXZy4wYP|zJ z(z;1^5;BV6?B%f;IFG%OsN-0<`>5~mo7NNFBjYyq*S&FrCeF2THTuFezFeGpj+fzu z%>*_}ys;v%9_&c3E;j^c%KKZgVWOxc8D&&)J*{-&WijJz*ovvzu1UdZ<22Yo2vA2l zg4KT6?+0G548hui_rA?{@|+yUF+K45GJcW_$(B{70P^oia)G|SO0E2HvPW~p0@}CT zS4pOq{h(gj<6=2iAblmn<6$bE}2aC}7w;1nT_! zu7Y~4J3=*bEefO#-h|H}o6B^CfzBqFRd!A_W+mg-r(+BrNvSKH;Xf`M1y>?8*6I@! zj=Qq=S{4fEnslQ}#`z%c(QRx|6!w5oDlI}hfY z+YXR52PD}_HPE?>x?=nO-}U@;ZbJ%vs!h9~S^+UZ-lfi7zupCq_F(T!DD!O_cnKR{ z!NlgPai|?1Agk0$?{59Im`lX!e4p)=9Af`;c7bF?fq-?ammOVT{>tNph^}t@ulx?U1Lq zx+$~lnwql=(#e|O|jt}4p4 z7HR<_{`|Eg*f(dth4Gi10VzI?I2*ybkP!D^+win0-o{@PzxQ!tb9Z(B**U$T|M>Ek zk@e$XeEO$!*w9&1cMH37plCbyMy>}{EIebH*<`f>1oUm}i-wrd&dHc=? zf35NotYDhD3*7^I)<(Ftotj6RF-d_;vmmS}%gwi)9LI1=4ha$IQ3}D$imVw(v2YjJ znBP@h&1ckvp%iM=U5Sp=i{YXdK*|??-##G!j*Zj)gx8F}fd3`g8PTdEHbRfjl3!0= zx={B{Pk@Ipf}yhfW?G_5*Uogl`%^l^sH9uj@qtG2kH$CUeN3O0Go9XI*COv2zArSE z#GFEk#Tn0o_?dV%_|69`hsp)1h_5MOR+po=p^>&@JHto>Sl2CLT2kAbR2YOjZ1Z|vm2$poJBq!d91h|C!jw~+TAomic;c3#H zCfA1}KQ@}4Gk9SUpT?$D@6C9rOp9moE`6o8!_}V5f7^Gvk{<1zyLvxg(H*^}_6pZq zc@AXy7I4$7EyORjC*#&}0f`I5CCA07jpGWR3Jt_aK-NF(=We1v?M=eqMl-KLDsmN4EB9mPTt>%FIJ?VRGMMW;zcBvxe}Zf$+~QiOE;A7 zVBR?2$S8B65|m?T&&fXr3VyZ&H58?2Rs4K$_3o7bPQ|!qMP(=RPZiU}F_Mh=De3J| zNL-WRwJa^kuj!4);V=(E?-Bb)|y3r6jxcN2Ju@H_h{ae zh_j#{?Phj{l#CgHffqo%692Y!F`(H7uC2c7pa*3CFL3VvhVK63uR-7@Wd~66TpK6S zZ#tB7Z*^?@U?xiTXc0vvy`w$~0{yTwCkB-;H6kD=J9Y*{+Aw$##C476w$Juw|9^BD zTx9IJmv{H>U7E_k*iFGJ|At_4Vbt>*LAg@qv|q0LHR#|Xz>73?c!Bm~$enj{)sA)WmYWXjeY1ANx{a;Ys$YEfoETn}S29WugO;*_ zD!zT~bWcxDx0!E95Res`uzePy9SOb=r#=&*L3y%9H+hN*pFC}lE$v`6c3Tu$2%%^L z?n%y^3JkLAtp*4bWV<^kDpbQSaxGRhlYCxcU|>Mv3B7+rkxftX*w`3?Q7nOw_#*Rh z)$c)n7HB6asNU<|6)HfUMwt+>J$^Pbo?UjM??%B^9#to>2-UY5FM%}$dRhP7-;V65 zBD=i6yaY5!e7{azpdH*aE-Qxh+eVLfc6M&gw8)cvCr)QdGd&8t?r_i{CVMg_Uw0e? zJ3W@A(x#_Fts0KjF1-dPKZ%&GU7rb}%4zIu(g`wAJ-Vxu`@Zkx3&08x>A+f+qm!AP zk6D0Oicrayx;l%)^Hu@Y5*P2>ffQo*H|s;RJJXlq#Rr77nl9e)c+WewAK2(vHZhO- z=nOx`v_!Fr5%zP+CfnJ4F!x@tTO%Jn-EP3fc%yf)4YC#?a>2`@>4SVL^J8X3n-gSh zls7M!1_C4Y+v%=y4mc|2^pN&=LBRin<1wtYhdQJ00>MoeZWO8`9;713bW*(|)U?zt zYo(H@Q<~F)9++`>*oD)D?MVn+&(@8uR4EVqP8U4Y-bh+(?4GY?8fwK&BGOlB=(90#nsvE}Vk7ZuZaXfm&uXZs zz`ZrwFxlrD`QHTh)KGUJbIdm{Xb6OLC`!dfWj0eh-WC$x>$lN*dF!|5gf<1jjQZnQ zH%a@9d41N*)r@yUXtnJ#e3A}-y`c(jwZx%w@+<9DhVx=!0p5C?5ZjuxMlOiEzgIIW z3anJ&?aDkLymEs_iT>hZ&rHE&Q2=HTCcVLE=KsN*HujAJn#F?l@ZHm+xTo?SU&DO3 zzC8H7GH9=$%8QQsBXjt5y7=n= zXW5?UYbTh4Gd+|&pxmM?T)%L#UJLU{bsi_(#e1yyr7P*5W5#Sxjm? zE?2`#Ly_6EW@9hXccG3&=lb?A>8amkCew?;l$4W*qbF=6szKAblC|+g}ZX!%;TL z-t+Zjd`5``CtB$C&VX9T^=CQ2+__F|-$a}VDo{?8%aVZ9)PHdDd1hS7Bf#~PEl$(n zRt!SkRud*oUHmXFhk1TgRjBrT#C0+RfPRRN6o&jVc=z>&=gxus$OIvD7n9E77ckS4 zTs2JVgx-~84R8~5hy>z|-0zr34mCuY_-!^(Fp8G%g7Tb0>xh8 zk3*|+TAdZh%M>X+r@f6By?>3{iibs2;_kq$=zbFhq8ktvacHz-JHw+P#VQ-gBj(M3ZQ1c zd4J?Qh&DKj!io)YhGX!)1#PkO_3NM7sZCgv{>8;{VP2@>K@olGCe;9Yk#hdWO~@J0 z1ER4;6lZ9{z!#of1>zg%Je0BBS{1LSr^n%TnQzAG2INezg*YGSU!x@^bnpc*F%%L% z`lm;DPA(1H%k+ix;p|5>sm;b@XUfR)zpGXqFjSAG+N z2w_M(GCnyWIiAYC*~lhaDE8V#Yl!-%`*BO3nRVfvU6*SjblyXQ#ONqK+>1>{#E6N%u56y9k!y63XN zqmO%#&2|^w_}D#EBjVbqxWW9UuCsof<8lGZ0RjjEXMuVD{ftF(TIAQ+t8b#U)9zd> ziKr(}2@?!Mg}84yCFk+)E*0NOdB5xsX5yfgb7jJUHmlVWq4__<5>T@PY2tT3WhtPj z$e=ZUqe+in*2;oh<#yh;AX{W|>UlOzluwFW*^YKL1Sd+F81)sBw=Ou8X>F33IfOdT zS6wqRc~}q<6BM*Bd%x0lfpf$;5xtG3l8=!m4%PJc&9wx=C}}nI6;t?;@aEe?=<<5U z&nxA#xA5valuWktGL+Lnul$_p*|8et+;XyfSb4ii$Ax^j%xw;Ar~E=LR@A-c6%T%y z$`k3V1Fs}#)^QW-iN7X?3z8K`FYxZ&!Oc0aMC98|kYK{c=yoq}#VI9hx;ITf) zEiB|FAMw?b*XS53w%KB1(p*`I52l&E| zE5F10z!8|;ijxL=IZxtYgcZ2|;aqIP#RwK+Ek}&Ue~OET z0$~EHeyH%2wfT*y21Zc_y&NO2sUT0RzvpPgRbr$82C9DPPgTSN(YTgQTf0Id^F=d9 zFK#7}bfhWQ-P(b%n4@8|y<)UmH_c`Bfo+JL)S=INj0By;6UnCW!Vf8U9QHJ?B80E@ zz`U-~ek8y55^8WHCeFXNxTQy0ps4;ig{_{D^1uKuxLXzCMgcZiSHQ?RUdZe*CPeCk1RI|6?N` zq%hWPzFoE0QS0kfhI#4YoQGox#){0vc5u2cssCR7!gUt-?k6BEo-V(_URnVHxd5;Ql`{#r zsJ()0_VLxAAXE;d{HKzbzCc*TSJ#z^{8i=SJA{9al7YS-;uae!F6Ztd1J;!qc3^nA=SGv3l#q%3XfBGM5D zQf;DXoWTq~DQ{rT>Cz=XbRkh`u=JnVYwmW6%8Fw~UQ_tqB?o)V5G?0FaTiPGyk72k zx?*N!Hg!T3>4ZLP13bG|z1N^V2dw9y|1sKU{t?rJ6HI6awkqbvU-{=aYLL?CD6lth;II{89Pe z1?BSa&si^M;09fr1l$iV*{W%r;x{pj!EKl(vjm9+$;)%;SKW(qgIF~Y=`gk*zpPm# zY=9EPm(plT7hZnsS9~;ZG6bUo;5%9%#s3J*P9<;Ro3f@s?U===IUZh{eKPL9KOrO5 zSI0Q_L5Wwt8x?#C^g8qPXS!rrXG5=&ZX*C8fVk{Hyi48Zmh1jP+r=vK zd%(or~RU`(QB z!qExbyawq`o$eFy_>@;U&JWlSW)>&>m8Gej5(Mu3>A7d(i)|TpPCS~I&M@*Ma7MDg z?>VRwV_EKxiu7a>3X!ofeI@IKFD47=+bjcyR=mp4lmuFwKp+M2=BvCoS`HI5!c2=>#HT8tbk=I$LN+5}3o ze&B@o1dj@RxgiU+zYiDG+Sap2`%DBh<%$P|Q%qCZHH>-`iLe;EF1W24JB1YVcUf9U zB#|dV%f9=XikpZR**DZ=1OREwL;`P`*$!;2An+mJ@voK~+pCR>={$y+w{NGnpW3+( zHJtc(E%iT8i-Fi>OQyX@tI#O0O~>qFY;O4OtsVkfX_^q)Q-$B^Kzh%|f1`g1eM%n& ztMB4~EH!XPX{cAH7=`A&G_i3GH_)*$b@mQj_^{crLj?1zpG&0 z>dg`@f33o)m&)2F*qh3+8)~%q6^=71J@^MPIfP0YOq+}))9$*kpq^s^85z-SmF_Ek zK3knaJ*$&7nAp0ln1Z_tU(a%>v0HHkToy|Nr%^R>aWVcY*F+o{6}wPJ#7t$(0$^o9 z&f0_xbZET2GVr@x%e9#KhtCYL1ZPIRTYBn6mi@8TYn2ms`` zXIL6|t&D-;4A?zl3pwfUYc@5z?R@e^u?BX!m846j>U7efcw!jEdspfR%M&ASSl`70 ziP)-#%IYTj+|(*l1wyPs#OvR<4p47$HR=KVmo-F}&Zf0Dy(pVu){0T(en3r8$e^lX zdJs9(F}aYf3QP|K$M$-KeC|D5KzZ6S71?V}Yb!!oBKfp+)-72&4vS^jD8T#-L( zjsM0hhLx%ANG&^YRr5hakuSD`q((kOe)k=d-_#OJs>l;Oru^3+R1_o5ej%3mjjcT* z3pPFkr)aIX@H*sM#1b~vPX`#``)dknPQIn3B@y7cA1h{# zqb9Q7e4ntoTo&_MdaI!>3e+jYvLs0Fm8(i3U26G{$80y1TdAY&WJTJ(346$dc@jij zzjk97BU<=z4S8g(A1pNTK5SH(ip@<8aLItjHk4U)PKfIW)HI|EW7hmwV&BE~)gpS` zf896b>PwAgF2b);i}jl0wYn433GAqegcBBUtSf)AO((l`YRE}OV?xA6ryT(>!DQZKGPNQQ#3q1QYQxuRRO2l zA)c}){WnK;dOJvxy;jYRjlYDj`cD7o$nO{Nf3eQTGFfu`!&OxN@+aoBK*nmfe_xTr zaHn+T>@}uE@J&3oKFrNlUfS|ogQfVR)D|_0tuvjOPKlI~XNRQSzv15KE#=@1xI13@ z%xdjX7-KegtOwQxr$QyytA$cIO4LwN2d3Lt)pI%-itYT>b3aBX{dV?foJY6zC;hkI z>=zKi@(4qO0DMi*M}q5K6Jh2nUBRgDi=QoAdlq+CaTA-%^mNk4LCouQVxe`6O+n1g zHQ)B%8~Y}E&&2pgRa{~JK321y_67)Aezw>(Wa4sJWUUP0Am2EO)$8zGjeZm@C z#83P!0K>9b=QsX)W7izz+7yrm_vb&Dcu|5ILBW*$Z*s8lbNu5{(b%02F$^z2wU`m0-+p9+i zzCP@jDBZ*4W)&N;DzkCKxE)2nPi4Ti+!e4sYnNGL%cuH742cZ~IR2GIw107|@jD~Y zD!xI!SY}TEFYSjC?!EdnW8~V@xdd~=4205fI#uCB4~tvqV1Anuo>)f~)SvhkT!McC zIB@p3<#d{nF93aS1$p{>DyE_CNa463AmAsRLvh#o0pIRtLTlTF{aseWL%=ARpMWz1 zSmvfePUw8@Vw(Mj8-4CIaYe29HjPw(tzu8Ki-`4iZuDFu*Bwch`1Y_z3}a5O0H8wL zpbI8;mj8TAwAqu6;*mPM#-3*+{9w|TjMM25zDF21R{M-@+@FRmd!J6j zK6|a7gC0*oC9(0TYN*>)RMnR9(Jc#(SIptZp=6pyqFb{AYEpLahE)qSsqF-%$C1^C z(*t#0ji+H_##FMWgT=K))F>wDoq7{Yhrgzkem#YW#P2>V_&O?+6iSNSz09hfrG3`{ zOUrFUS6pg4TqlQX^-DL zIzX%Vz00M)P4$V;ye#J6L>+Kx;C8{cn@_I8N53jTQvx&ovb5CZ?c*L5LZSlQBTA9xuF-K&F zHRY0jzw%#=XF^4M?$&u(^xv%ezu6gWUkh5(-G6njK$8s=Ser9{HM9TYGTL#OaB2vk zP?wGCJG|)s{gcs-T)O5Uoyq$a(RF9kY5pCg`dt<@Gob>hK_P#->pyhM-}uy{f0z?Z zfsuIXq`_t#wVuw95>tRND9F{G?VNYWp&wkY-=itg9gFw`pj`j-({FXu9EAqRpiq~k z!1mT)_B$25DXm5}=vJB!21!f3OFOMHK22OMZzgQPUu+__mU9XwU0Rrlom`g~w%Y%A zkA_nALiEg*gggT<(GlHNRcRD4)An=Kuc>7NVK-^KbVkrHXK9m8a_zS*)AG2IK~ec zD66U0lsgcOCf;+>Cp!Z&68dFM6H^T#z|Upfy1kNu&G_h;zGKC^e&QYNENe~i z3e^Ob38ak@hy1Si{D(-PkGLPXmQ^1Y0+1mZQ2$r=6r_R!T9{U41W+LvigRt$qH*%y z_B9e0h07CirH&{d?Q6gdtdy+mLwNK)kHs>F~$ar)wRmFcozw^;2a1u_xrIqALNK4MI#Gn_wB>S*{ZP-EGj{S%Aa zez~YD-KT<;f!wFNS+O5ed=M3>Cn6nD=J`SsON*pqQj7UM*!JwxwT~uwpGxZ(25Po^ zViWV$Ue(sB#jUs#D15LwmJOq9ux{o)rOGH0=`8?`5BT-V*etC{pdCMK&wEV_M_$6y z!PFpP7_#vIjp<)d8TB4WlOJOzt_u*zTrQ)u+5XmX7qcOq>Xb!dyPe&;Se*NZh2b3E zUYw;^RuGHkWg@FVOgzJR^WXOqzSVl*5Mq;HVq=fch*-9ekupwZ>GEL>CLglzWXBb} z7r!L(+Sk^qB@K4*9L~vKLdv|5VwK9FkvY-~%`C64)-maa<)OJS%vw50XLUzdpgJ8@imuAJtfofbmGeMrEN+f=zW7OuE9d#>^`QNbW zQYiQWO1tNe2WTWqDz*u3=}u~kLv8+}zf`w#G7g4>{EAt8?L0^{ok>WO`qN%J&*bF1 zxfpBg5l^M!7g6Mh5v{Z9?Cw4i1!tWxr#-n6LLw?%>w+4LlM@Z|;ck6U>Eg%H6p&q$ z;mNmiDdzPP5j(@X2^z%<#Y}p;UUK4yq(}v3eO$T-f)C+fh9(gzRCNyL(=>EL6rC9M z8+_DR250A`A||i%bg7L+tzxcow+!&-XGa@1n%g-kj#WO<&MwP}F0zQ?8;tw9enUD@ z6kW;xn)$9{cQE4GQMq4Cc4*RcPx_nil|sYid{I%KDI7C^LrLe}y<1KA*{32YYs)+K z2hvbhk0{zsS8_(%p2pVBTc8h04oZ+(H&;d+ChV##u~}KW9gW6DJ|9oqETk@GAwlkpI{%yxZ4|N8)Rl01{ay7z`A|Dglt zxhD@}x_Tb2(F|n|L!z#r6S*rkA=xp(g`d|F9{J=TVs0`(gtawF%ADr2-lyHoV-THZ zdvb1~|9!|Urcj%e!9}yw<`fF()gy0j6q=Xkzric9N7{Y!;HI<-pVY{Wa(@Y3gp%KR zeVbNaApNS-JFt>)udx({O=pbx=mof&)Hqw(vCcsus~C-NOpBD->9uH*9$T}Et<9~> zn2aO$pHKLM&z8Oy^jw;Yh1HhsRcRb>wTJ1;MVRNGjQh-peECh8Eo})Fd`nGaF^D~R zoCQ;18$|;YXO6r`NuPX+xkYCRqoO#4#n`4$K%(%nbS(iO%~XuYY&p(7Nzp9jvGzRO z=)Y*lNU6`AqcAxLA%#41&X(ih98zr16P2BLsbP10KR-PGigS*zNQuj0wUr6Go66ml zpV^GtS1s=qsEVZnDE-s`!kz`KuJS0`p20xU2Vb(XMhL7>_T4x{$oj4sK+A1M*8L9p z+P;Y=d{;whb!5k@u+SPBv))#B+~zl5P|22GbrK@$@^E2$f}K?0G2FH;49%x-PgnF| z%+g_)mrvO}>in}Ol^s#mYePUcZUkgGnFkfKACx@Sv@*Vc3j-`@U8m>@TyXBzIO@J( z4~aWGZ|TBHnmxWOv!@zqFLx*zmkz!)djN$>rY@_iIBKG_IwPSHS;2)442m%_;2ugE zgE= z`RSUYultq!+f}{3-M&g=8kp3(A%oxh@DU_glp1A&3QiqMqL1e_1l6|FQwF$n^5mEe zOFMWeYm4{M$1>Ku!?oT$cZk#_ss%>I7+qve%Pg(erT@luG*4~vX1)lOMckT9LDstA z$P+6?k_nebX;7u6L2BSN0 zn(&^Mk;99&bWX+;oL2O?wiZlX6kp&?4qv0BFt-^Uk|J`0^O-*9Ut;DK8@%r0GuN6= zv7da@<*VwwwDBf|TUR~8Jd8T(JVO7CBi%*8hExIOl0L`Xi51+V(Z_i~Oer@*%oL(X zqW5kmB1ToBIPbYP=tatEw~SKV8&Lbl4*=C!>eCwQ#6P8(-e*nZx!%Xx)GMkaTF~xa zVBjPp&DEmB;S(rWU*EOJd}l2-p+&{qAL*=FXRgBy=#18dsIS*c?Er^I99V zCz5zsA)@HRTa9l-9^*IrN!0LgnMcPwig^8)NQB&oL;nqk{KL}#_3UK;t^Iz9SVO!9 zm{%cP^M6+mH4r(9KTO?!Axy8JXjcJbW~|Dyz&oy9LMPB$TxxIB0yubic}4Gz)KtsY zYEG%Y>D4Q!=yoH`S^(DTk=`H29*WcX&cM@p`m}fi^^L zkod&N%aIzuNy!YNxTqeslf067tt@@Se@1b;oTXjWrrR0mMMA|Q<*_=tQc&l_k^o4< z>-J-;hqR8ie(X%dtbIc#WpbM*9&qWUs}?jvN@IQ1ix8z8*t{H9M+V9-TU<6(Q9Nws zyc}IT(?N75{8roWisXHf4(*C_NnTaOhFQZFWED{1k^4?h_tiXL$6Y)w3->w}lQ-sN z-Z8GN(brvHdp4$35u&A3H@&9d-;-WS&{hUkbzt+>UVMAOi5|jB^p$k2S?kWAQym4B2Ow-16<0=W4~3f~ z9}=PrP8eQ*bz_cXROY-GhY)URI4}8$ywX`G=*~&{8q$rgBS2@Zn{oVY@&>}wcQ>G5 zLOwgIQa(-nQy(xDM3(RODcSoR(vT%LhJ3a9-H2Lq+h^mWC0wW|jlmL&Io0nu0rJ1N z2P@y_OG2Lp+oChe3~M~rbc|C5F6R}!g4ogO#>Aj{oP9kQ2Mp|VD?)CSi412*rw(f> zGGgol)ehY10wsT91zeX+vc~1J^C}tB)PX7+1mZYLWEN>yQJqa>AKm$Yvlb8<8m^ zwuMt%Hz1csxVEk_>lT!A6c#!z%LG&NX3zDfr`jj9N4)2 zb)H*TA$d1pyjIjZ*<`%-s7!itI|jG;@M%;a1BX*?Yw&x~n4eZ6toM%dJD$Y*N=A?K zMcscf`?ez6ujz7$l5T~3cG*OJRa8n`QQnq{F;A0Db0waoUtZCXA+z#WhoO%~X3~qX zI{3JKLLf9JZ(M#Xd%WxDl(&^DdBfrnkx~53;y!NVss-m;8;P4_wpx7=rW}z?k7Ky* zV+*xnK@k-Vbae+owe$2ZE2{>RCUC0JAwRAaUElhW2`oEwT$=}!{>FDF8Lp9AA_f}s z^)E*9jXP>mwaS#Rzq}YHtYOgz<4UgVAf6+fODBIOxi)UXsllh7@igGwu_iX=1(nYF z&7mi2YTDdm&yzQ1h;09#QCT%|Z3?y+A>EuO=wpIFXK-c7^Vfc>FYnB}$Sd@`ijiqeA5=>DG4xL?3lcxm=qEB;@D z+V5cb=d5|~n?GUrFU9A-$nj`gLb0=znOS@i^V8a!VG* zw-e8g=d_{s_yN_WMf6W*X`dZHzgF8PaG{t%)O6>s_)cWwKQK? z#YBh@i(f)otVyK~vB&|muQZ|-jsN)-4>dKixB|Z%3C{Ly1ke3wwI;`@?v8T{}PUnTRug^ZANl8k*;)Wnnj1 z8QRbZF_}I!xtdq+C}JJnebYx+HFdWE*^8bC>)Y7axJQ_a20_4SEV|}n@(jX5XY_&- zohogCw-A`ImwB#Ft_SQ_{T54b0orX~x&R5{=9>$f83ox*TL}yapOw+1p`qS(ndq&S0$Ya(hH7mwre&T}hPn{LxJS!w1hvVh>dTXBo^Yc1n8= zLLVmcoL-HJ%9j#xuzGeCc_E+I?L|YIDd@A$hiRc`)r`}X1{$J<3neq+2L`=-6&Px{ z#32rOsug{eH(bRygDvH)v%^SgqPTwnY;AsIaCv!@-@Y^|R$F12>njdZ7BZN69TlfS zw73A6aCJ*fb)%9zrQRLAO5m~vAwhi z3CI$J|CcE4w^ZeC$sKX4ikyPyMhTPOdX;6Ss;5z(1{B+(qX@6LjFrsj}+O8h6M30Ii-FIYd(2k?{X;lp8#Q4E$ z?nT(N#Fum_BN%&*J48t^(A95o`(+eHTZuR=iglmu| z*^vuC;#X2%xzmHbaT5z}MUj4R+I7oJ@NK7$k5UB~1TJI=YY}`fPLIFrHiJ=}onwTi zMIv7MTXF^H{MaD^iRR?yc5;Q{3{NrcV&=5bR)EsInnK*%>#I5KK7zG?%mSqCf|GzW{955JI9gaY>*v&ia-pWtl z^(w>+sGi-|#05GMSpz?Q9SKIw!q&3b>3L_KX!BluI(>yYX|X6`=$kZF&A~JvJ1PgL z_s$VRge8LpB!=qb?^LDW1t1`>21_}}vH0DeM!cOR03N6wve%b+!Re}DM(>LuO zM@(x*+?5I~5^hk$OmhrLME)W&n)?wNgZH<1tc{bYvj+>$g3t(}HNRgLbAKdvrh)U{ zUk?NDhzS*I*xP4;JO3tqfc*vV0s~60UsKN8pdW#Mj+X&@!x=Of7~9hSuLBc+ssABH z{d0nioaC>j>aV){H`M%C&2gJ-07^E5ozf=I02shAC;pBEC=Q@*e?0%)r-db<)1Uwig0F{%$M$?z*@OpXKuwm}?hJ?r$m)MItdH8DhEFt$$eY^F zec-**{=y=9rX>na6saUu0hzeVnArdXf<*lN@d_wrynb+}9$znKW0#T;ycl>pl`EYa z&rSemH$p01(oiEzrQ$zcHE zw#P&R?~}Thspf>&aS)yTkQ-Ox%ZhbAAEkKL^V+aw%gzB5t9O!Yc);+VpIkP3LZonT&Pib=qsBqXO z=j9mSqHc~i%2ZmG+P#yhRHajhY!N67#X@9~8kgJ(w))fz^lA1xchW_GNiX5n_x=1N)?(v$-ofc8sn!D|X1EKc-hzmQ)?uOnMr ztQ5#?X zlTeMk3FX~(ElA4Hj_W(UD{j)<7LEirrt#`KabA6EZWs>S+?a4e{0eaMTdvs^hT}uo zU^5%uRtGqWzu3MemW&_~$gs@TFJHe$J{Z90o%URwV zTB_gn9$AJk_1y7bdc*0M{K==>F|(e{LaN3W$49(1WV<0@yoE@Mtd{}lz)yDHsk_^2 zNW(4n0zvw=49Z-tJaaekCdtHXGbxv2A5`rJ*h?<6AGx^z5lJsFlQ;nzD~Q)siO62+ zS@+zS5)!Ryw~t`GxCtLk)j79x%e1A~x6rVL*eUfsk&wPklm{^96L1nXcMZP8z&_Um z_C*x?WEx40ceBqBN+tXK+q9eZw#Ki^&m{*+vK(AgNDl!@@)_~ey)Z^C2IG*NZbDU3 zK!`frSJUBEK4<$g!*S6QA#OQ@5rap_hgZT9y=s?QiovUXKn}dNa04`=|Gue9e9eAi zN}QU8ftwc7u@4^sHzH1x=-*3a_c^`$H{^YW@W0vf{&vv%*I*K`d;WSk0#2OY99jOp z8U0(SS9W#Fj_kbs<=qPL2HP@Rcz}x(}eEYlN^pq2u zMek~6^U8yT>d}B)ly~klc6D4XG!R?q)-+Aa0_33p`ZnbVJr*Mcx%0X1mEuPF=V|gp zt7K2^^xpH#*6oH$zEL@Ui)+_CBnP~h2IA8<*z=hP_BRi`P$GzPuGuPRgS_~?3;Yq$ zfbS_Zm{k*Kd;%bmr9h< z4E?~o0#>WeD%KEafJET-$M3t8sI@HUTSeUNC^}bYkR^Yl$ZySY$d z)Vr%*iLoMRGPYH3HJ$_JOQH7CFif$U5_jE_9XlBV=66rF-d+l3xAprhr~KvZTYd+% zJZN$}>}#!>iS})WnP`2~eGS{l&|1MB*9WyS(>^Og{!+kgI4(Dg+7w{A0~gVDf!-BT zf%UUFv$*E+^Xv@+#`#-+iJnrsqY}gZD8MdszU~Z2&n~=z)8y93G8Or9{rRYg)wP@g z3;bT*9u2eU)k8$m%?V|)_bLZ7~t)B!4sO*6(_h&k_0p#hs? zeu4mmMW{?X)At6Sm0=Pb&C@q98FSZzH(oj#9@2}|OVa$)+86sXx1BNMUfgMxg)qA4RxI!l#(K|z0cKq z-F8c@XxJ}YuQWa&v`T3C=8aLM_eFddqq%!Ke|>1zM;WRIcBbKxv@Hn=540Tv6rZ~e zjIh2t!o1_s3j>e(#1l=`wttf>p5iTH7On=#O3+WRDLsfT5gJs<74odfG&F!{IX%%N zXFPDJ>xrDO5g7dzdo9*5wx9vZ-3T;=gy;4a|%RAeecUsP1J8p)^) z4fk*a;02Jl-hNA6KMa)lky6T;f-Th>#Y;V_m(U1hyhO&*to^&wxDr9rSQCZ%{^t-Y z6v(MWA;;V$oZh$G%hw+QQk%u$MBKCdjgjL9Etx~5+xKh?N|223nJ_vNUQ_{tutzdy zlbBK@T<8carfrXZuMwnP?j|rAm$KAEKXI`og|i4Ni72g+Q;B_QJa!X>9K5WgMUz}? z67Id+OH$1N{~IZe)Tl(HNKd32S5I+7GF0_Tkq$^CGv}ptWTLMO%*^YSrQ#KP?)`m7 z>!q*tVCbz?sA$0DHjl`=Nu_1HuZwN73Q;qqCRCDAe!lfA{VEirAlm66 zWg>~=k*i=245`I5@}w>8p2xh!(LAc#oRQzA8UV*QVUB#bUe+9>NkV|eA+f@jmzHSn zsuv&<(Q*T2B--uO9)=#z%|=EHhAb*q(b7gYDTankn4^O(3wr1&uY_Z)gP&x@ujNUX zHi4pn%1hNhrNG2rC(T3YIz zCQ3x6O3mZucuc9n8U1G*`x~3#oap?9uk9T4mGz(9CUzd@bq%fDOdAljo0H|RJwk0w zcQ(j|y?b6`Q>EI5IA)&ih1@8Di&PN&KrL=rUbqik(l?d?XlUJE({okyx$UwBr~5j8 z&l@%~H{LJi(^+qY2eI?~;u#EA8W(eYN6Wh$vmurE;sr~ciqfXUrKX8XugmA$)SVjV z?((0KV;JYi4|(hZ8gIuhB<2;Y<*nS9R1H~0kKez^t@LdS5dT2|58~~K%Vk0{ z0cmMCFTl*sPw5nJOsQrUwmV|^1ODfLCPTI?rEH%qM#)?84jZ5JUwj``TqYPAr8+Lo znkgoNCuU#ajS-UrJ^Uaz4*NI&)>8Cc-J4$utvucrywaO$2K`HsBSvvkgbzSc z$^h&TaQTqv&U@KmohL>G3nm|{YI#MdX3vamrv7+Sz2PGMGZ_N|zhP{*jmVfJkJbD5 z?g`PjIB6idygXL7ydShIHaopp-#n5+bk=Q@nebVX9b&Ba8X$FV_1)D; z25xP~A7dgWSUBu`!_HBzyYD8iGy^at5x|sG>+mQY%HSNgAex8_@fcq4e~D9_QRO70 zSH?WAF9tZilSnSwq!0gHJ*h4AMK`Pa7V@D%AAElg$w_a(m06n}d8$v*Gr7fp<3+1Piian54Z>2v1vGMn%7rWOA$4@M_CNPJ&avEk}l=BAk=hEpL zwI_c+Wf7()Uymcl4V2k_+TvDdw%i0BW z#A~BcumCFoa@~Cm+B?+#_^lmIea6>x6RKYk-d|%wUZpqDf+-Pt$yafPk$mp7xcoSi z8BhIzt=l8m^WTm$2D?77X#Vh0+z-VR=&xpSk_2Wg(SQ#N5A9j@^2trHusaLnsN-s8ATu;5aCVaN4Tb4oHhh^=P z(azGRK*!;BIoBd>n9!+QRa{nyY@cc7^-}$)HzhVhG`6W1x&U% zgP1;iRhpJJDR>68DV13EyH0q7^O(_>Zo09v-o%Uz*NuR1E5r;Mka@ zS=0zVZalz~JvWaaRa`V7TF3YrRaOe2-^l>7I4V&;E;SDg9v~Nuo1zmu$$k*gYfuXk zu;IaGv?{2#13k@Z;1K%e>R$TR=`$YJ!{0ViV}*F9MQ9{92rb z6DNkQ2H%-Le4-J6>HK&GUwz~%0r!@vnolh_%vsWP>hc!tOYM;)+gpbGMqE}-S!ln2 z(qfNd9$mBo)%0s5ZOLeog}Z{l8xgOM8aVvWq`QWhvbCGdw3D=Pqm}Wr`!Ze;vc`y& zy8lI_(h1mKsA!?d0=5}xK90VsCtoG*b;MggUU0|in|fwp9-H+ngiYPI@qUc|B;#Br zB)u7adaqgn(0&t3BfR?bSxuv})hxG|uAs+U-5r&U7&^M`RmVPrK(_7ic{r)NkLT~d zj9aNn2-a7tmyIY(aZa&tdoklMx>w>|v*mmaRIL2y8Y&7lyJXAxV+f_Cj|oQ|Urb|L zqaA`6B?l(v8`DG?Dl3}*W!dOU>a2bFp*C`?-*?<`V9xy#LW2a7s|6aUD8*`nFvFB_ zO_oeuoUYl?MHFul1wJt7etFLvSYfm}`sXz|;66k3heYJ3!n&J@?yr;D77^2^HT0EsV-COgdc^ z{%D@5Y%WeODm9a{8nE;70B2r7-BTSw5F-Mr)v7l~(O!OR#tT^rqZjEp2~GXNZGVuC z6eBAb*u2VCO`C0So*wg2ZpiVno>h<5VWI%OQ1g3AKPyM%{{fcTpTf*O&-xd;l#dnm zF#GepizF|d%cje8ZV~vi!|u62^Q*@&BtI88`V5z6=w#aWW49Nw^#+Ut#aVNMlUMp$ z5|TM_%mLOYAMSHD=;hqDDcq44-sAmHu2Y!CV`i^tN?1J=O%`{g8CW{Xu?ZEaRqOq~ zE2WH2MRv9s&+>CN#|`m9F^`qSjZTeW4DG|$K!(Mw!R!PGwQlFg*OzOZNpIwxjI%N}_g+2RXk9mMnwTl&T3}2?Wt-=uQY!cK8pt zd-TBEZ^I-*0%N!%?@~cp}mnCRaL?Cy+Xx((+PQ`9_#ZXc*ND=kOZ>bo_ znjK#TPE5*VXX(hU!q%9`x1p8QOGUM3k@bTKMlQbE;P>r1IS@H`@U{|4F`ZzwciB_p zO?OsoQ_L9<-XngmAi>=PdqrU=wkP4f5e8u{5BGJ#p{3zPQYOuj1bd!>C%~F6K5ty0 zb~JN0qfrT;og3qoh)Suk+S4cGyJHZ(XPdORoRr;WEz!mL;ist;4CS97Ut)1%^(b11 zGL4rI5dM#04F)dav|~IM`Acp|%akX_o@u#ZH2y?2Rq-6d*^R*EjTmkfyuX5ij%OnM zl2?AX!nih~z)vRwDH3DwvU%$3-M;IO^vmURV^)GMaOvX3nmYUOHyFz+YCEp*7}Z`m z1jV%rm>X~Q2=zFN(uFBN_bf54YC)GE&I=kDLGKD#Q|@SrJW*dYcv@&+D8yUGodz> zZ+IG-*~5WtY;4v!!I4M7HK_c&*33^kg6`+*o{A3Ye-Si zK;6Ecf%_tpcGM3Sh#%og5lMosa%_KT06`Cs#Mx&z{f(mhz4iYOKXi;WpfaYQ{)b{G z0BxZPqnH8g<0$`=Xbh;>&$RbX2;QBT`q04Kd<=gaNK72`U}a^k z`zelnWCIxcGk|A++Z#!73Q*_o-)j2NH0JJhlIJZ1AQFxb)R@Q7IQwy;yT0_PP@Jp}}mAYVM;8=d14T zv_~HAcrKZJxaVEZKv}dDkkB(dR1(^kV-fapYZ#ssZ_&f!E)r`HSp6dCWG8t1J6SRn zIU@GgP@q*e@C7m|j%*mm`|Qo9Rh|?B5%#?%;cs8BE26cVe`(J4pn&LKp9VVBCJNP` zm@ftec#ts{bX%da(dpfivAY0n-DGLl_FS?S_C520@|U1Jhq$wcD_PVl(M=~pdHKzg zDQIiI3xbEM*Df&L${J`Qa;&FYL@6=(@W7gI=8xDBm|u9=J2+Upz*r?7o`&s(!0aUw zq|g6TX<+b-^;YYhb*a{%DfRCk=!y>yG-WoQdSAWz-alyb`|fN|gMawY;kKU0udIyr zEOrra{%_xUJ&=~0cDPxTSr0p|Q+K=r{A+u_VBzMCF8!B>Yb*VmM0Z(`0(y7R8sd0IIVH0tBa#Z z^O98)N*fLii~fguIHQXLLypoj40(Gw=A93HP0k#sE%C?v#kL^yT>H z)w_oWpr}Ja`^)QF#_t%>*XKz?#?OaN#^*zAcA*upP84={0d09%34sp#Im0|pot04NV6aR93ufFYQC?#V5&wtIj{86PDlPO-Q82La)y+tvS) zKXC~i0^@QvOn{vp4nka6t{$}*b&&3goz&lXPFH#55Fw|(U0}yqEQ!f+dS%7chowde zeRtOV$ViLZpAUFXw;iy6V$MS>UI;(|LXn?cPpmd=rPUslq{)v`{9Ar;Bk9p-r65?NV!I#bSl+cO{$DU-+1LAx082lKdat8Y6Z zm2Pw)FOJ2fUK<@f#2*U}MR0e>qCWMFfNV-%YItz}&Oy=XQe4ac(m5O{5qaT-x=7hb zib4HDnW+oyqw}U57DFm*QnLZv$+r5!uHZbPg-=K_AuEaa;C$LaMDY) zVOZCYvPpvi2*=@EQW5`qe8am)VTCL`^HV~H>UkC5_XvijUWr{@pL-NXBJ%+!m0=ek!LG?yS%9etXLsdq#`$<46?yCLoUs zVaY%4aql?)pBHrc@$7`^gBpre1#$0(%chkVWg)CZ#s=oY}EH>6mCeRO}22Y)hlQ=Au0MgGmZ`}spoI^saw za!BqAnAB5n%{zlqpK}q9R@S6JFRWeQI4O2hYN&?o6m5V6%~-7e%}q{&FzBJW=SLbC zU#!}F1f}&;2ld3LQZKb`=!bB?R?1tykqrQ@!9mr433#q))-LzD`^JFc1M~UcnDgx$ z4qA!>RtQ@78}ZRIQ);)&MUD<_6Er9J#2}O3#*k_(pK`WeFhW(cO`kqIYZEboD7MOt zQ&bL7+0?-UX|Z;JxpxO6M`X=kz%|I*RT`+3W+#vgrzJ-?$xjE*FXL*9^Lou7G*NjsZn6_Ci#kp^0y{Jl07uc;TotwarHgLOV;2!! zifN_@k#ERrNn?SWw`{#E++c(znPSA$)I}7kU~h9!NuT3j#Nildav0T9;vc3D={OA^ zSW@w^l0+OBy)`=sbXK9GXv`9BM*U7tCAOY^py7^x8@&|LGiWcPQ}x8JeRD^sUnKvN zM;KFetYr!Orv2F0P58`6->%1q(dXYr#x6DnKuI5D=RWT~-VSF+)AiMHX(;XyMBr!nEYFV^4`}CSk zo2o2+2wgP>islqb7z^WK!*MbQD_7=7xpb3Jd1ntMGHC&toY0*Z6}YifIs5D$-=Q7E zR44jflXO5vTi{>8On=UF9PE^3*#IancBrGTII`pj92ENR_3r;GJ|*3g=w`W>@oC*$ z;h>#AU6&8~0k~fNN7Fif5LEyV&L2N$M-^q>`t3W-ungt|Oe`{-@;@zgy{qL{>>vCW Dn7!e` literal 24773 zcmd42WmsF$_U@Z1rG?T$jRK_<_u>+y#ob-o;*#KQr4%UcP$W<&QY;h=PLbjS2^vT! z4uRmVXLav=@7>S+pXZ!??}u~F2PSKgurk-moO6u#_l_B+rXovx_xW8A2t+I|C#3-b zT^|I2uHo)n2ma!k%6km_y5^!GD*=KdDc69Ln^td?--1BpG55~j-vZ7F9p&_0Kp;}r zzdzTomeigg&^rTpskd65CU^{qr}h|Z^}_8VD2FNhWsVvo=ZE^E$BKj+q~&94O7I$< zBw_qVm0dAZF~VV2gws#>sCnj(<4V@dihSp=&1|~XJ6rae?-nEC=qD}@!VKQN<+Y|O ze1sFfEd2KIrVDn~zz61ch_%W}NQk9UMV|P-p!eCTyeg?46tlZHG_cDen=UsC1#abw zQb~4ps|s)=^+uMWFNG5U^cfVS&=&d7ofHIm`CN(uXbt}J_JkDDv2G^gH^b5Wt-&Hw z-@!x?VSF9*=Aj^ufQGb=jt&~4(uNx=-l|)90Zy2L8#h=Eq*+*TQ*2l-3{YQ$h28#8 z-gC88De69_rWitJV#b)_w>B+~t~f#|kbyvqX04xYZ7sc9A1`$eN^t38N0b;MIDCH5 zWQR!c$G-+=O}&(*z{CV>If3i8uFjnmUufg0x7IHQTKvrp_Z3^n#I2uR1ATNPV^I3i zwV;3fKI3TYx7_mbVUAvV$L~>8EsbTymox6ukln53tBat6(EfSVKDR5MzUgRz8qpfp z@n`z`PDj1JuTDjXDM6rp8pU73WonW{wpBals#gL|=wH|M1{@RHl_7^(13}!{wgW(!D3C zjtc}=r+WeecK%&h&w1)*=Yz#^Z;{_?D*yyKj-i%SfcCZ0|F6sWcXu`m~fP;Ige_U6e23R~% zXr2aYT$5~ zAAVM(akkN$yE8GeN>j8<+%4m3nq2#0Yi_J*83_(3 zU5K1+eEQ zy$l!-_gc%P??sbfq|@V#&J$kp^5#`p~y|pLOb@RF~FNGsRBT zhTX#e9~^;Yfe`NG&xHqN8KicL;$BPMkzoF=Pk_(f+Ub};K!tDJ=jX!ggICjd-83_$ zkud!h-!!&MPt0uko3;HZQ~m*77`_bs>%&m~&vC=n@ zX|{X~#6;QPj;}u$H%wvEe}$T&jv(ff8}3Y}@Hfx&ZJM`pfxVM#ixM&|911YKG$m;; zZFI6;FB`B;*fj86(62>-UM<*V(d|DcsX7AH03LO^d8G)4z(%p*somh zbI*C9cn9~()BB9UsUtZG@P>nFp8bx#b$^87WrhnrMOkJXG6UTmzBsQ} z$!m5$+7*wh7V|$3);(yGEQ5}gM^e~d1F131ls_-lDeb+~vu6k*gKT*2XDJVeE|fhn zvV3Blm!zn~jz5`?^4mJco|o1x@+>>_dOZcx3YOk*NV}gPuWS6wnz{DRCsw>xi}8-Q z|4G)-j37ICqq#~%{l0?L#_t`~e#eoKbtuKX@2*rV1G&#aZ_9yTR=>p$pXR8+O+oGxX4u+G=1CaAdhiiR(?U1Cm?|&zskY)AeNj6SM`4KA(d+5HoBp# z#)E}#nRDgnLVE`UA|la$;f{Cs<+M92Gnj08NzK#wp>q~eF*}pGyCH6pZK~kEBeT{| zq5OE(Yj)6gcExLZLi{`s=4!;>71^&Pe$u*tWwiFGL0lT@X^j-bN7$vc6f8u=EL3}3 z{_3FUnR^C1x(sMJ;Pc!UxvD%<5=RaMhz%YtBm#Gld|$x7!m0WNO`3hX;L1oid412q z@2u2N(-!x3J}egl&^tqY31Zo+>(L=0Ass!(e{=&%*Wc&Ck5le9bg##dOohrp{a0hW zn-@%#j^{)s>(7RqE{4|3W?9_aX>jO%%R)>VqXo$eWlGWG&dRGCY85v@7#+DQU%KF{ zT8)VyVeA9l65qAj{($XKjf?Ft(N3&n*V4;FLOm|XnkKd2v<>z7dAj#pt~@DwRG}Rz z-LAzD{=Hxw-k@^XWPt~}GXoJ@ndN!mAD8lXt=Ag{a>=2XoxT=uS(sx&4!u}pQf%erM^mk3ifSZ+#mD)0JuOThV<=~(}>(up16;$19z zdU}eHM41adKXu0z8{#pUmv+!F6Apof+cQ z=|uBPjb`?bw~oY|LbrORwYnm_D1ZB!hU##;G!sjBQr-f6B>F(=#Aez&gS-ZOi7bRX zw^z=9(GKFKK?CjZtN%&cjp^JP8~1nk4g>yO=y|TSq;3aXE6V;!f$k8P8nVr)V))>j z=}`-t5C6UXWO#_I$EoSz9z5g3x;dyPdIpBP(s9{CEQ3)%2BjPH0J4fc3B{!k$j@qt zD~%1=;zm6(U9Bi7Cd7A=VXobum~~ArKFD^0UKSS$_%V7dGOLO_64VK&+r#2{Fxre; zeO0eOpl4c)RFDnd{cOg3UzE?F_?6*ooxEr{HsrphB~oh|;bVIUixE3PDhn7xR;r?? zI8BT%OLwn@Qov7^bX%&AAYif&xc=0qQ#~i97ezd&wp*|9dqYO?dB z+kQM9GgO^fZ(OZ$`5G40L#$a!S0Pd-#{gRjytn~U^Ht$TPuBUJ8S17G)Ia4&6LKk{ z5LPTbO4L%D+<^AG43 zRiU|;gBp3J``UyrMoA9R_?KUIspRLEg*DlSK0*d(UZ^nX!!SUrsRsyo45A5Z^r< zLPVK~d^IpLpS(TlgKJjULMUh2&+HbuZ$C9P8S?10cjrhPK_DhEMheKWuyVZXow;If zPG@h;eQPz-_7Hs@?YY^r4#T;JK~UBm>Fa@xGAKNuko)hiar7!i3C}+i9Z;do7v!^Z z2UYT}XEYny0N0XZ#MICPc8rm7P zqcD_(f>JR`+Jz6Zdfu!vpcx&|k z>h+kpPsqc@?RVU99xR{?!)-|q2MLPAgjweo(v<{C2*}oU4Gk+<^L*Znkf$KD9WWI< zk#A^{|BemZT>TnPc^J2W|GATZnwa0Uk*o5+Y9{UhxT3`c$lipbI5Dx|NBN*uX3W2y;yV{3WDYj z%Ju9483n60w?T7*K(U;=%;+x@#a`@1t~EtW2vj!O?&*rG{qWS3*P!UpsAq{$o%7Y@ z#i0eDI2SdmhS79!pNpKY@IU+fSklthcWJQJ5QyKOK!U@KDOwa6ql)Vjh4UTEmcQ<$ zn=<5R~6iI?nroo`G z;+}nGo`=jlVHkfjrO+!BsVy%r?~KQ+A5u{w=fMj7x0ZfsTmu~}V#Fj0nPi`Q|H+YA z9Pc(%es4`^%0yW{rXk|362(VVU6ZKkFU1uGW4?$Y{p_?Nt!3xmVFH^Ztga0UREqVa zGKR*QNd@nqMYg5m5e;dqX+SwI z?)6Vq&mSq4RCZ#{p@dT0iKi+A;gTOBl2~=&2GzYtis>3irRJMWy2&4g<(56Mp%f-b zQKUh|zT}ikDT6jQLP!YtGFM9+(5~4qYErMqko{1?+imkvTI+V&3C8j89N&7F!rCUb z1iduQTv$?rp(r)yHtUQ$+iWNU6g-k*KldHT^{2YAz5(-GXGI2!mV>I~Zsi|*nByt` zjB40c9-Au>wpn;{I;h93i zOc7KJ>HHbRpF65gyCd^WZCqME$+mI;?&fZ@={r#K3ZXOSw9pB2?qznr{p{;zvW4(u ztfFBXv8qK@AlwFHXAC_N&=nfT<^Rcf${(G2SdyKI#Yx zZ?viFmFgZQzx=hdScGFKzpuZfl}h>-I2#^U|XH(RJrjxzo}r*P06Y4f%9_NE+SR!6Q~E1(p5zBXS&Eup zMWt>&N+L@oGsos@@`R5!GQuXTY;ky=uV4A>l7arrN8CESFW?FeZV^|L?aL?SrvM9F z)m!D4*CSJ>F~eo=+IfS_H%#_FQ)IV>EHacfXb4oTK19nea~%Z+ALWP1Am&%Ah=0i5 zW^yIfllxWft%#Gnn%QK~e?=xRV4cBz$znAZOO725c_bKxy(BHDZfB-2EIz{|Xc$z= zlZf%9M_4SicFyHCY}WUw1jp%_&$R`+-|h~EXNqc{(J(>`2 z+wNPnk;A#HyfF`ACLM{&tR)pvs^T8ycQ~b_S#3vl_Ku>xVOr(Ovx?{pR=gU#a!|}? zZ6purYGt*8Xt}_*oHew#SkjNi>Y2~fIw9F&@1ZK@%D(W3EkRb3i4d&q+mXGFX+rau zbY;Vk`(ph@o@x);_D4#FQUa1Ur7;yRcVh3`^cRV(^^lPs)*8ROk*ttzA-3zB5<6XM z@XcCItNc%8pT&o1!(#eBdJT9TtJ)BZL&bUE+P`;}DtLd;4c@2)6NAZ8MMer_YLPlTbHb&V`J)2;HKv++MTv*w+NQ z;U!;cVlP{B`&LZ^LXPc^t8e~o12@Fz5vRmjZfL}@aDkQWU7*Dmg&!kw{%ZE_;l$Sc+Tx`Pvfs&PNk5bRMP6AGxF_YKd4V7k`Z08U-e09eQxxWB~%mBl@=}$jrf9i`bvzq^k zRvZ}r1{k$HspU`tfc0n$U6%$cK0lWX`nMqb?*aK=$Bgd+?*LbK9P@yu`t}s;y9tA0 zgPO{kX5F{$#fe>0thy#8mqQG`1v-iPdm$oSQp^7u6aPEc{U3kofBY)z_|VW#-xFsr z!8wU<}E$8(`Ts0H$e*GBSH z<&JZ0Jqe7{UZ8GqpQBCV7Jt9o;oA#<)Ob_%HS1t{1N81|-+JaFV+3N1Pg{DbEsj7K45sha1JDf5ph%_F zU}mWyLZRw!h(|OvVc^$5zZ{c~7Wi4Vpm1wjw{~LG#hl#lmzgh~sd9!|X;*5M@s-g- z$H(qvcvaTJlpybqN}p=+6&|817P*@`$j&{Z=kzy95*3oHf_Oq zh;^GV=CSN|G%={QO_F+nLeJ6sMC{5Bl5m#+H}izcj)qk_-7N z=yG|aB*MpSt^80y-z9HirbcuMSo)(s!8nA|91{}Iowh{=_R(~lTITjJA?L;JAQCaA zE8$8~tNt`TyUm$8WJ&DDAdaLD!+!6w&KnSw?Yar;c?k@bTMZGyFV~=c8#Znivn7ud zSy+;RY^ut82u#L<+gzOipOi4W-~aVG>1sG+99wQUvDue~L&v-M+YE%)AC5T{d?{th zf?gK&J|~kAEUu>sHZB?~?G{{ZYjIezQ6qfZ(o!Q@9cEwIIdMmGxUo|xekzqXntxH7d)zY%YYcCYLnk87Zr{yR1Ieyq-?!E1N7YdU=5)w{)ATFf-=9J*<4kcBQv# zRJXr30YVm08K4bye|0udOrLJh*uY)rnD){&O>}@OGx=%LPP0{pG6d zX`a}j$W5UUeB-szl229knG{Rf*7)0Cs6+Pd~TizNV+djU(JgfaOU(U_Xv;I>*7sG%uG{@uR z`*`Kq#L5g#kD~&Et;l@hZx0sTsvefbtX=!&ejZF-sNOK?6)xq97+tqH>tc&L#l9w~ z$PKaVG@Oaz-rEp1F&$f^`tuM?LMjNP_wxozpQYM7K6s4n7GmN^DJ%h2-*c*_6v} zK#fl>3XX7zYgz>(@78@ZE>`j<8D0 zfeId`cg@10Q|a?IPaj|n&$R>}{Fu3rFpF74`}R4^uZALhP0l;;Kj1c3 zk9)K8i_tS&uL_U5e2515FOxo1`g>s9QefOSBqqvCTYL}@d2#{h49o+Ys_1Ypq~VRS zy|< zvaG{`tbFQQOb<@P6{>#8zjm7SI}##(MhX#}Wnw|0@|6>O#Ol?Hvnx?nfN|9M#^C8UZ{%@mar-4z6YKo{e(#!o~tAs6&Op8|` zBe=ZNDUzmcuZ#{GjXOXOmI+N2gYO5ru7r9;{wCt!^6^$OrsHyQX19th7Q!JTl1*|O zl_@fTekAA3ihIT-(9ABM20ohQ2ZfaCNlLcwF7@FlKfXQKZYSY1s&(8oUkQwulZnA5 zexoBtn}3@S78GdYx%tcSr^godV0~iN{|xW$|5N_!+v(dMiF_{rPU8=gR|zEonM+h% zdl?i?KPMhGe^R81Dw8a^_KgJaJ5S}WxYHxlZoHZOX9)kV?Qt`p^-09fw=;xXRKR#% zz&|@#X(ti)-K<-Abz}@>jei~F^#9RL{m+fpe}88=0IHYzQl^DK zLAL)32u1tvb+Z=-P7RZ<%LeS$YAQ{Z0X3xHhUo9BYEHrO*A}uVLah(y=k&E(9?g(~ zKIX)$4$Cx}4A`mXRccGu!Bh&0FNy{Rj0ua2yrxr-Qw`@ z!?B&_wy5T@>M1%Q8=UOt{~qfIsq+ozH%O;bQPbXRp>p?9XlyQ$w>?ni%X1H8DV-V} zE3tj*GanURUk@OFHx``lrG2EOgJFszt)20Fthn3sGmc4slGjXcaG72>Jy@sq{1XTe zgzo)Xr-h7Q(g5G1hFOS%g9m^}o{a+t##)Ifj8Y3`3s-Z4unb$LG|ZPOKOXSVMc2_8 z*PR*g^cJUR@v`q#dvt7-X%Da_Pu9_q*=r^1=$s*_g-Ok;YHD5xId`O96a<_W05X0s z^~qm8#ZDtx~I3(zPn~3RoPv;GF3DO7v;Ykc6cK# zTU1Msv+|4s8B)5ZI|FYsp7xu2-X)-C)>jFXw`fs`&Js^S{~`kqHR5>b1bEh*7((M3 zpCcaXT97`PDYe!4kECw#ws6C&iAptje!> zkuG^M&2kX1%GUFYoz+oxKu4{KF2fFV^fWg4daK8uHTtX*G&NM9rwUmS5O+xGQGL>5 z`xeC6tgQkorxl9AsBH%kLK5Pv%Z$oV@dyB0s6OS2VdM&LMrHdp08B``>gJfM8eq zs#oSK#14G~;o&#?vCdO2>S#L+fo|`64U4|->N2ZmBBm-h&x=GN5?Oa}V{XQ*5?Og05!`jV8Ot1ftfF1j(W1{N`3cI9U5M zzw0b5nXWQ%G{=`w$8i2nR16%Zf8MPPQ!W?rPdKCBku*g$xf0jKVjLyAO66;IAl_c^ zI1dXm$5GqOPIC9#((o!*cR-9^FSI`(J$so9Egh#<`}S5P;LZr#g}F*Y)v;QLKEfp5 z{`*hp1EktFer> z9!a{Vz6w)?5xTH6_K+x6K4!apIu%t^eDkOz6}3EiU0Ba)TE^X@iWTv>cXEp&x!cpP zNV3f7AonKh}TJa8&AIP+NHi9~dYq<}}XuJq(@_FS!r z(mwChoAKoEmTlJGh%TItF|+x?$>$KiAN^r+OT4_os4V*|zHtA< zqxZNNnij_|$gR*`1fe|_lk!N+y+zT+e8)iI)x-C_%ZpZhLn+3cGK7A{x59HH^W@P# z#`;eq*%?$atP9j4GipRMHR1Bfnw#uNWtl_~waQOFq#F+Dj&~Ewaw*n4PDX^%u+2#?R`dmvy+Jev4%Pq1>ecv zc*j|$3;DIKF)BgAQ%XV2sjutP@`~ut-lx#dCJ&YqFiB{&fL!hk`LKi=z;dHT8&>V8mu|7*7?%Qzu)}D*l`U zN0G03{0d;eOry1=@`9ppGIhVXT;fN!-_i2M#oye!f23}?zhXrEJB&Ey#;G|6?aF7X zyS=AMzN^0>pE-%|^r@Z7cLxd?v1labtBuu-pYGG8Wq4x*0P21Y;-T^M z+)k*-PUeNPAAYwnuPG2TJ2J0^^EI}DZ7vk;o>c9pQ|)$_xa8gLv)syi*v5Mg=hS^4 z^Cx-jX9X+O>y-x%Yz9?KihG>^peimd#uJ4{l`-Ar?U+);HtpRT&xa3};hj3nHjDTPNI(-++&z4_}^oTejP>Js|PIS5ArKOSXDW}%5NKgcbLLgTdy#6m_H zG!&=n{PVO@?0T*bEI$DBj7GKv99P6%#Zh0BdC}^ye=IL0_kR}r@#AyWdrn6ujdaG zh6bIw!9x~1(q6NQ7UrXveSXqp+!Lru2O~N{O=cJwJxTX{GJ;pg(oQ5T%+ycxK39J( z$a0VKvbtbU|NUu@BP9&tP@4SF3}0gin|rSEhG{audrvux>l2}gALu|6a$~U<_-$oxbra-?e}05LeW?f5WE}3D83; zxJ8f%!8pE&8Txv$^yWTUyuOb{V{qwZ{BxeTM^8*|k!7I-rf)j1p3O$3xii45#1pDR z*KQXUX{#);HE4Ll#alyGl<#OcZR&S>!#`EPDRmNvS37XSti9rCS{z0fkU^miq0=_v zt!3m+(Vd1`)#$oAA~zH&jGHc1t&>TTP?43BB3FxSJ9q3SFe9%B1}iGB#r|ru>5Tmd zd~xO98QAJ~tt3T^+NG=Fo^Ceose}m`7#M6eY&D03+&16~k3kf>>(|YA`Gniot?}JR zF0oiDoCY$cYODIxM7#(lK$~jWa>mP+WhzQ-Tpc5uH_z21Qq41#tdy;}*~e|XKb@_O z{!snOM>V_@-rrj~hUIse_{;|eZhJgk{LvV{LA z3@k}uQ_M3P8xAvr`&U?`I+I{&N+xpax7V-29@lf_+x6fUb!u+Vg%SsgExgCf=sV+D zSR^<%6XvHEK2$R}CgUw2H^sB{#k7QZP=J;86Liu0PCM zrG9JU_mJmp8EfPVqoRgbW1p1-MF2mp5CHhG3Ibx%@_z89C5;@^zMs1<3bL5g`+uWquba3)sx%|q?%Ia#jrQReG zfPMmSaT1G#ngSZ{xDW77tL3XFidc?j?>C54_I66?Ru&nHL>dbI1-R~b143>(bnI6% zpn`Q!WUs$SyBLs*nHOhA(@B6ujr^Ccp!zpmVWn+QnFIH8n+c)Fgg=?)&7S7#wVl@1 zObXD~kV_B6hJ|_c_OE+GOu?a$qn~}6q5Jq=7oyqDx9h}VLgwB8?F2}gbMn?y<;vFO z=GGlS5a`y+vQ9{cwtlH?v*B1t?4LIl#owFqQ*^65Huw{EbjFtV%WIWi0GYhGOeklC ztEO^c$r#m^-iHP=G%l@ZWIn1_=He5+(x!y1)JP*P+-m=A8cVVkj*6Kou1W{ofV0IK zB@qeIjWQYHUzoW=^h5kJkVq9mzKuu?0j%djTkt)r{;zZW3U_w9X=4OYO!k?tg?O*4 znB`2BII)2izh9+i?%KZW_MN!3f6%}ZkkU~Z$JHYV9($sa7Ac(s`$+I zZ3=}?&yKzT3QkM27|sNkutQayqMew5$H-k?JRYx79J27%Y%o*Q-J}q};ArMYY*d0; z^zG(kOkmwylT5DdA@!=LOn~YyX;*PMRw_cu*WKT(ViWpj410&=$Ir2z8M_QOzmkQs6tAZlEKCJOVW?Cl$qf8Hr~UO(C3d)tA=;O3pV72O zNogkWC@?MJAVmfx|k*41T_QEAnFY=X*)(Uvrf1)!YwZ1$kKv1NXn6d)>(I({ zo8)>`3}!ymALrOKf5nMshdgs14sm!R)pgf_TH4~fe@91Sg;sO(}hG&IE;XN ze6s(C>RzN)@|Sk1%tYi>JPJS2G$sD?&YM;R62V=T(Fg6U=%K-U?^}k6m_Azq@aWA4l$2Pww3!FN0{_QP%eN^{p4i^Wi4qg~e(EMG-^m}IpsB9@ z7cpW0|7L7#3~9zpYBl4v0{i@2`YoJObt25a15Gw|cw+H-YSke@zB<92D);8MH-gt> zn}eT!vi`1Gqe{;{I@CwNb@|ujmZBiFmHX9N$s(N#C_URRF@f`?wqH#ko$@f=cS7P}82pl8m2 z2dDnUcJU!-@uT$(CM~2ujKS%d3qkn`3Fs8?9+|WXp^pZRUJHPTnE$cH|8u4P*LweN z#IPEO#R6qtT{^uA(0~0p>c*4dg}zL~`U`ik_#|EbOEl;e-Eau(`p0vbDxlIRgq4uz z83H)Sk^X!7zq!>O8kXr3d0dP@iS3-~m54#DjOG-nrc40Kbn1~c0R46M47Aqlwbh{o ze!vvg(zJW&`31pWSdUWxKWzeF)?cq~_VN&67q0_1V!ns(18UsDuSfCIIa-%#{}Y>O z$klRHwRQpkjJ{?PSgqn{WjmuN1f1rj^e6vWVN``cfY*UqtY>$50SNX3ZkdPEatSW7 z(+rbom`Qp9&HWU$ne0`b8;c~n*lkRPf~`*VL@MjMe)rDoR0LdIj*shv@nlS0orqsq zNlFHFP$D;gFlapo^d(+`>MxtBE;@l~S4!|{GpjnrKDr|y(kjzvCa>FOU2Io`8+=Dh z$XBG5UJ23NTV`=kn_nX4``qy)aC`ppYzv_YxW@s(&mmexQW9f{-VC37=R$5$09-B| znmCfyxrp;l8o=iQ z>#Jyfjkyqk$)UKAX{r$&tK=m(68bgKeyv+!o=Aci^yV7tvNbI^^!O7oCT}E(U5<$z z1}TW#+#GPX_4bmEzTiNTG3h_>1%d9$tIJXp?QSlI=NGZ43WR?q+O&@F^s`nCH_1En zxB4XuxHjm;y&}t88T7fxkOmTeT_YiSF8C z|D$^EElD@jn0Nhwm)qqO4mXHfOP(!CFVk63*4k<=^KaH?FVy%hQ-p8OIs)Uyg}j4j zn{zv()E}p;+DujEmTnlit$sO`Z>Wc4J`V^-pVXimH8EnQWk1)n-8O0sJo7UBH}u_x zwcLJNX$=xqGr)_=G!q8Z0z|&~H)&rSNHn$G!{FEj7C3)|6%?;?jG&6AwU(A}JPBig z?KrE!LI>ZsQBm`XhRQWSpK=Vm)XZae6I zkPaz~Y`MrhMcEzfmzk&~sOVNIcj}539=-O9M+fMYCPZ?onJKza}JE4u1*?H`{~@qf{O&QU%2vIW}g0j z;?_m%oyFOdjh!rpo@AKlj|lmfAj^*DZu{MK?G)D#_mg3-H-Yi%SQ%ApAFLnTbr$pr zC|2scS|GoW$>qKjg7Nj#X7qrSJC|I0EDkLac1)YUm4!}OcpF%qEAU;|S6{^%9Dxr8 zZrLh@;U-JV4#fq?9eng#z^#$gn&SQjWv}P74$eHZ&x*YzckBym+j z7!ko7ib`817~k4&s4;qLk3IG_(20#PIdMI3iovR>EKC&?W6s7BIM-0D{2ql()IT^) zzZWbGtthEYq(%1mI4x+OrpFQwVq`HX}`4c$$rqA~hyV^9$%JClZSy3W`W# z))HQ(bdVR|`VLYj;>iP)sl@V|J(GammSmeLP3C75ibI{7dVIKES#me4 znr29F`*#ZRb(tGs1%+mUS5{S{jCxG7%2cSx`fE2TN6d}H?!~Y7NQMw&^ zR{LamJNs}ifZfIyy~%c&!AEScTQpf>@&(9ag420d9u9(dR{ic5osk-QN}WqC>;;P4 z{>MKq8?U5;RZ4*mvSz0IoN=x0*`m^2X0Ao&q&77yY%G3f%C`4ry3@(Nd>svWoSjBE z?M_F;sis-qbZy#JPpvOJZze%tKF|1ck0TQ|wA6WB6RWVsI8lc@b~+f+tnc_LXkse2 zqwD&RC3Cj$KBb00dZc0<3$=j2!fu>MKu+_ET)}v51?+6f)i?L%ynB%HOL}8uUo~TH zW7Fmbx8XYe1&!05gQW;c&mYRTPO1Zv}Os=4bQs#>&yLyfBK+uI9_HCL`2g)B(R$ zi1`V5!nx43O9|}=7})Z&hJ)X$z@Rj4ZknrRvwTj@HOwqU!dj&aU4D#$>tRPU!-tBt z!g8r2Ld^X|<2qNZEm^{*UFPzR$oLLwl@9Fs7;Bd3s~rVZ$E7_P1~D!ax69J1NowpB zLyVFVRjTLG@fR}7rD3k>GpX0|DT({d4)Lz1UplO0>Fa$ygeu1)pV9Q(d$Gjxos^n! z-!)8Q>AMeokdOEc&^0-rBFHeg^TqG6(+F++rNb zwUY@uVYH-Fbrwb=E>KhQma1G`cUF{2XM^_#XEpt|mZqxU-do>EyOcU*S>2{qu>z_c zhpBX4JRIvy5S>G)=kHalAA@}Su}x-V7OAGge$tLHex?z_$-?z!}9=W&ERFr~hG zJQw5vC&zb$7%QCRmGC_oPF@k5lu46QWC?vrI;*q`TyFaEThyu@i`SDMFOHxy`)eC2 zJkSHRM(~vwg+?@w1e{WzhIip<(*6s6`FN5xX+H~JbhlJY>Y=5PPV5z(e3Rvpy21q) zyL|j*&@vO53>}>*w6iNFcI}V)Vm~DxIW-x|s(;{^&c*u%t4{&F{BCxv4dX)mg-LD+_OiwuMlgS;$9cqRSmlzL$|gi1H_UA>z$8=p0rCAmaz! z?S`8*J&ha-l-s1^Ei@|U8nON!K*(}4K;)%5K+SI1BtjLC;NMRnTBa+!tH5?a&-&QC5f-2cL7>-k;haE`V7r$FkOZ|=u3L-M z%<@3L&(0rkwRo{(4)fZEFx;G)nXcIN1$PF<3hC44{fDQB^atLI{)|n1YRiIiE3`+x zbQ6iF_X5xQ7tSlY!*w@e(} z13~wBKQNyb(1GKlV+(plun8ikj&;s9-PkZ$l9^No^tceHeFl>1Jxn@dA$*{jFz2t; z&f%tMeV!m~GmtO!K{M(^qwOt!>|$u4eIga_{Z7IG?EuveEkxrs>i<{WeB<%tfg6?j zn|DL~Lf>PyykgZB&ISj(b1JcbFFGH=&%z-(3H~9Wt;0?fTC9O17(3 zA8W`eUpPTQW7U%Ro9p&M+!dMs=;2NeR9 z5A6TYg}iVYI#y9MJ&_x3m2tDM$@@&v=Um?{(%^o?-lt(TZjKTy+RCF`#V`sSX8c^F zSmk`VC^3wG>5P#=m4tjs_M7Q+2{=xfID{vJ{YA)%Au>DC6x6=1A(z+Bj8aK|l$c3V zXPvAqJ;qb1ERi{A*U(Qwc8A=QbzOo{QX3nEU~GAZd)F}(V?Kr(H;+ru_U<*8*Tzkz z7mJ+57G+nX8;5izGHpW%<%?;no2NA8S~+f+PuU9GtF-IeU=e(OdU+#b-b>$0_watu$jB6c;d*2y$;XZFL)>Z@`=>NJH6O@W)w|ai z2Sgb#Jns0mODDcDFv@4eQj|mqhaP1phH{1(4=f9eRTz_-C~HTIJ-32|FY+;;xy-6s zd8{#Vp?-_#&7k5lzee^4>#!Hz%cvsSKUm6qp)PNb#5$Z^{s1(Qt-H;* z22FyeACBGD@YOwuyLaCGL2?Xxi~`>36><)OB%P>1=r|lVU6#fRq1HK4eIqIztsj|I z?VzkUD3c7U-WRzP&gO!;O@8awJS(zSf-qO|TVqZ=B?kRBS$Ye=WJ!E=MyNLdM*eB=sR_54or@JqythM8rCMWvYYLB! z+0_p%Opw|5=ZO1{VZ5ZI)3 z?8R$k-E=W^>Rc7om z8+*5%x`CVeJZiHB<_ZxL$^-E6(D*XpLy=|Sf&3WR zT=c6dG4;}O@O9T_^6AEJy_za-*?5K1kUHiW5AAqc zy^+Z}LaThK&Y=~0#s?cctas|jMD$zf)jDY$B3PqdB*qp|UT<*ISWU5`q&@E$+_l7| zq$RWew`#64s>!WO$BrU!MG;YoUP?p+6a=IsK~Rb`0R^c6rAQ4RH3U!r5h)4?NJ~Vj zbU}nrRfG_b-UR|7gbtwvNJ5!6dgp%Y`)1axS+iz-%%A*7PV%0!pS@3ZdG@wU~^`XArn-j8w^nqK0Or=Dca0mCE+6k=n(iO^LfTRpH$y|t21(oJ561$nGHKh>+Cj(8o;~Y~zt7uC zSB)~`7);uCRF><=aPH`USn_ae!w)vbvz~o1j^)Kpaoo>pIS)+Evug00NUkr8DV|F< zvOfgDpxQ=_iZKZn1l>SB)|U`cTuS%AjfuuY&8IO)h}-ix$?G57rB9%$&5=Jb8BM#(X{e>@Go@1xOZ;F$d5#{4i#Ravt5yIrzCwyZAUB--no-XT_k!3%Fz zHqr~(>h;I`H}Wzdl%ZP=6MT%`_v(w<2Zg#{;P+Y+=clb--dw;pM4j}XD^h4}fA|Qf zx%CvD=_;={0Q$s62`C-c9vcW(5R}c1tZ!-087g@gM1C2?j8@t?n9)ixIBVx#pnKp< z5_%Jd=U?n^>MY2z)dJV567;@!yMW)93conQ4Z=-rdZmezA~ zfUjf(@oRjv!|)AOg;4~$4(ygX?aTxM?Umyvx9J!5J_RGu+a0m*d~3_3hy40&j?}Av z(NSq?$gHD%!Hj6P@*#Z!Y$VGM#F#Ic%`DwWc+U5I84)A1rrMs`8!6gxnUq3|Lr}1L z8efIjI+SKd4<*jqq62cg&&Rd~u#Q5SyGw%4?24!EgzyEt4#9j`&XOHkeSmyWYU=

4o92SPPyS|zE_LXt7WX8OJcPH%KrFA_mJNgeVz`|iN!aCflnF? z9jSD!M;)%)4E%v9vvaXyJ@3|1d;HE8QLvfAG#6gtaK^Yozkhq#{PoF$cIIbw_ew13 z2ywQz2p@vyjGT1hi-)ftVz$fX2ggVCInaPmv(YlB3^p^3?44u5w5YsEV=o1m2@hSr z8^-H+%-#gj!{Kai4V`q^7>-ND&^-c!boMHp*3L3!M97UStG~~)nU!YLbni~W7m+EL?<2DU1vBjREzNVd2o7Z*N9Z}k>=XRonxsp zqRvX$iSw8Xa&c&ksZQ2c`9KpFe}9)GZJ_B!1bg)Lr?=)<&F*|ZX(HIRdQ;bcJ33q8 zwc?M-;>S)?K2}tY5Ia)>&f35;^yEhM#s%kZKR7(;fhOjTFE^Yk?xB5}*7~ng?38E; zDc`G{vSVGx)_bAb2-mH;TI1N!cuW1_cknK8Ay^K9E@m%$jH%Bp(=LLKXkll$Lz6|mIA?2d*m%f1XvWeYf3E*z9Qi1lHG*#Eit zX)1+P506W(1uRJTUNLV+f)l)wcr*i2n6T7#M;EpDxisZ&&&Q(I-N!G!mAyASH6>wT zm^G&&nvTkvTw=F%J)IS@$+he>DJZh3|Mk^JtdpnBcBO62!&cA0A08GT>$pdW{Esr+WTTbsjPIm3hSZg$7p+EQal?a$!}<#b&qOUJ$OlZx?rKmdA1W;G2ziK5K^28mRWFw_%WdE%@$>TXb?{wLr>nlUCB2wT72cR7QA*M2BJ*JMbzh z#t%xBU(#&GJ`s5W<3DP&-QWM5p!8C^waiU7&h^e}z{H|UVKzc}#8}(apwV+G`R14e zy$55Pt2`CL@Q$e&ZYxEE-)kFwZAgq?nc&%_U{T51rwzE323DRFkyjvgIjzSi)6ttFr5eV$HC5gJ z%r1UZT70vU@gr))MuYuZ*fg!$(d))sQO@H8(IFqcZXYG zN2tU|TMnLaV_boM%PTcg&w0pkm@J0-7|~FK-L-svKoH^hyh|ke*#MhKU5QG4qptF4 z(_(vq#ml=a= zs``d$HrW!1`Cu)j)}%&CjqnT@v-8QL{1Nwx_u$MZ&6U3`#oJ>=U1~94Y4~ocLBaEW z1yOk;sRw6jr&o}MmG+El@|Dq#vC$CiZmH<|N3l~LHOG&%cpf~g7ms}$(Re!LhQ76f zjQi`wy5;yVV)a_j{NQv@DJCj&!HF8*ujJM8q6W28nx1~6zWkPIA*{EO`Xmjn%^}D+ z#eci!0>Y#Hlk*@C#DxOUxx0|I;W9pYFHI401xX>Cv!uj?CKcx9Yh~S!%d(TD4P+Vn zBpj3?K|&f9jGn=X6HlbS2n{iSxG;`2NfF>LJ}W8#c#{{8YMj> ziL9VoTVzNyv8Ye3icTXVxvGzp$=QocCbQNaSDoSB(d_<~n0?etC&5xWm?ZFZz`N})VnnPrJI8;2*wyw}{ zo`o`1$6YhL1!vK8ymDZd&7jyF(HHFWr$^W|~sXu_u3YtO6{&q*8m?3skMP zdXM5-@!z1Zl2hF7G2ogucdeZ3Roq{ff`d@x>!}O;+@k&jQ6hW zEV~eU?y#<&RUt9rk)UKQ1-e68WGo(sas`_o3+*9mPBuP=YOI@x9#maLbA0@UjTXG% zwPl4y-ym36`;%tC-k0oE|8O}qRvGnC*n2-FVe({TOldG;ffs7~`x{l!qu?b2UB}}| zioAAi$5)q@MPF!s|Hy0#Ha_@3kKZ+Q(9oyP#GC(2B~aW(ej!~s3qAa9+{Kp?cgTK& z5;i2eFbKy!csPNBe_R75fkaL?4TBCx@ptRx?gIr}0z6G(6nEkz*%)&iee|RV&=#Z| zgPmIc?KxI{UbsVX+hMy80+lLuHXy!C1xMttk1^fN^NNA)P#DU0q4z$t4w!(LS|hEt z(nh9PE%tE7|KS28Gz z)C>c6*a6TL^OcA-nl&jpT#!i>40V`$)Z{W5+!)UXX-sqiDZBel1?w%`g{BjLF)Lln z&HEHf12anQ2ykt6m#vn+dLI9 z+}Y^(S7WosKwqqyantY!prnxf2Izu%qSDAL_uh$Q<}AO`#ngKe_k%8K!>>QiOltuH z-UDhS&xf@ZOa{u#Ku!P2pKD|HD+aNh1f(mwD=?_ML ztnfuOV8fRyQodm@4aFE^Ks3IO8ia)bQsk3wo};t0Gp@{x796^X`wQrHLDXYE z=vzoR`Q2jnuU~>q* zX(l+K)6BO2-)cr+xP4sxF+^r0p|DLkp3+aix#=W>Cn>0Fp)t( z8o3#@Ol*_5|8W{!lvIl@P)>Msd$sfdbLU>exoG z?u^{~<&hN=_~ic-7z5(g!wumz&UL_}Nm+8gMD`1_v3kX1b>;&d7XU^W%56S%6wD$A zSlDd&E1<&>Fi{lKL>FcMp%;}`y#ZFq@!uJL^1nvL0uY&u5a!KwDtjnr`nS@1aR+p2 z=^X>TyRtZ+4i*+LzZU=39T2tcwl%YLhB=k#SWl9$(!LZ9{-L|3KvyPUvBu~oCWPFN z$Htk5J~S84L7Q4dxix+Gg<{@LBxf7zC}kPYM&LdH00`SK?l^nn*LMxoq+JCCw(pUn z(Z28j~bGuYaFpRmAcgt%Pa?hanVwBEOp;lJ@bo3tnosif+|H zZf-W&&>XP(gdGu0-6r^a zIG?mS54T~xo|eH-E`dX*3D?NU?Jos&zxiHJTyr`~Tf-OJBSo@fR!?Elguat;!7az6 z7|5Uc5@+JC+etx9KeVcC*7^PUxkCt_;%-85VHWzt)Hau-HDkZ)&D%Hmq`lBQW_w89 zp*^wE*BBaPqv8SXS^cIR)C7k@RocS~%sCDHyQ4iEG>cR9k`gMmzUhajL9Swd*n~o* z_ze@|*LPQLYD-v|+>j_-#79;G)y>h!Rx)xo_j^7>aIz(aOE+9}IxM6{41TxUe^5vh z%EHZdkyQF@8>|_t_f)%?iUt3lRZUY8R(@AypZ;_8w30{QoR+yk?Cbey<*CTlMiJ@u zPbj(&L<-_?b3zHfwQ>U2)-oh5;c!t*v)TTJo$Vn_qLTx&Cfc5^t+kXXv|?ut4Jbux zH_Q9=6fBIE)MOfSO7?g_vld#=?xF{yeWfIXpQm0kAvznz9yIc9HT%1Iy8bqv+!9kN zRzi%7we*XyMWQb2|LlmYCKqleLP)N+NH#TaE}cuHB(Y>2oZ1MC@qURjGpSeaJ>C zy;U;TP%YnhFV~WgRVS-gTtej9p*(A)*29J}iz<~ZkaY@3^PL${YJ3MUe(GmF8hJ~+ zs9S7%$;)e5)oZN}NuN&X^E=tshw1APukT~E-5A}Zt_t6C?A0g_NSs5e2iQhiTJLDh zy}6n-lEIbzgYKE~J{olWpHb{R=OZ9K;%M4|-bx=QgN0xWeD&D!V%u^yBo z^L-fejBIok!4JLz@K}P+%Ba}aF!;Rk@mq+B4~DortO$t%k_CmS#_Q?}@an^K?6#>D zy$KR2D>{n3IB+kUG<7|rBadhLLu*bx3EW$c>kGo_>L{o#4iyKMiN~*0aOA;cc=q~O z9lK{8KjXLZz*PQhJp%?uzE|wZAxG!%c3+$;m0N_glGxXL!m$p&^)tsyZBkhvpdfGo zztyAI3r~uK4SXf3MH?_ozVV~~ zNO+=_gU`LRSEN!Mq<0kqF3d)5<{iQGhCw&AsT=-tiDtcNa=9l2dq2yq$_B>EZslQ7v$+*ui_JJj3l17%k}k-&BvXW_0Bz6n>Tk1A}-dfUW}@uSE?f}`YSR# z%l+$-tHJ@u#wm&N%>z`j)A}b~dg{?R(>QlON!Oa&@HhthY-Y=UO>_eOzWV+Xrc;kE z(Z-7$Iu~adfZSU*l_6{IxW~=w5F$=oOPHZ zbqZeES4gEDx8vNgLM=HTezBeAF5tKRBiqU2BOaf4nFSyzDR?!(I=ORF+~r@J<5f1U z*u6=%my*CZ$y>y(G^kUjEdbt>DZa9%%iubT`~i=v%}J*W9yF5`*7ol#6(mG<7#WHT zMz-eYwXoq|n8z9LhJ!78F=x#PO?@amfHVbhjSLjD{Fw!#OnhLsa2;IzYyqEEAmO}- z=Y^ZTugr1y-`nQ02zfc}lXoDjw@rj(P}G8J16VIf(|WxF!Kc&>)bI?(sz7ghg=e~W zW=;HrD7 zQ-^6+YF3ei&d3$$1{Jp+y9;o=0dj172u~Fs;KZL-_}zT;|M2zp?VUXl8;6@ZUn2m% QG6J`|eK;-7p~C-3&8x zUU2XI?eCo5xz2T+KhTTeowc4-Pu%yt-arL8DZD%6cR(Nzp7a|DB@pOlHwc7Pe(M_W z$tS`C4DcV8gOZdOsHm564fy4T=_}b+AW&&I?uGtM;P>0MZ!{c0ApEAwAFMW;93v3O zAy!)Am5QtG7Q#EkXvAv;1%CP?P;Iv@L+VYeLG;L%GBoWgCW{J^x5bekp2-!sp8T>e zXDT+B=wN30ETJ9DE;0%hJe~O9L1QHN<%`uwnJ7uwcH7IDWMiw{d+sDAcY|?ue`EQ7 z|Jc2wM}}=8`13BOsL0C6S&D;=s=BJW)2zofG85NpyJjWHBR?;{w*gX=_kHRHU@R~s z)ghX$7oU!fXFPTqklS_Ha>?$mbK_G`Rh@j%5y$ zU1r=a+jZY4%#aGVr@sR-h}M>rJje!1t*T@9(U_k1<~T={QW{S#wzVIpBA4X(6KqiKi>%5_ zbUpv8#2vPpqab1m5NLFKC+sIT)zEw8DaI^9XpX}^wKgh{0Fx(29?c0p`a<1s8i0t8 zkrTEZ(O9Rqd3oR>>~Lnv3Nv2w$?qM`hrrvc>5bMZdlGpuW!}eq=8)1nB`YPo>2uAL zz}N#{A#|_+4E;Sk#cLVcMO^s&d-3dE@Pc)QG2~09|BQjG_3nj>unDia{15q=lba~Z zltkp=mXywj?e*SvD<@Yn+x%btoFa#T`B52_0fLL&=tZVFxWk^5$V2L%1m5!^BI}if zy2qD8^Ov(Sgqat!8fl!xP=eT z342tnqoasgkHPC?-ae~`RoLO{)-Ij&#S1K)*w}6OGAFAeLkhi$ih91UhNP7A&CbI2 ziKx#>dGQ6cl3`IuQgo)=OKvZ5&qa2Z(bg$QsNLIJ8p}ME7m7>e$WoS->cSYJwWwer zZ;@p9E;OIg{3ltB0BN5XiC23<9fmh)Y!(8;vhL5tbf9?iNXdHe^sP_L!u5KZRJ>Gs zbeln`=^vF7IcD;Y`|nCpOnz8Ww+HJQjpH*-@>rt60k4_H zF2Ji7I&Cn`g))lHrGqz^elYqn=Lj0&2&s?F%Q%|IkI&WoynCu;KMLR6IfhvBopo-* zdUTfI-|0wJk}{g2JE?hPThn{Po#Hmf!_j6L{HEyN)abOC)6yNmoxA`t+t(=#)=O-L z3@0ajL#8Wx$vomaG9KCvrn-(&r=sDth_RWMgGf2^*Ve!DpMT;p>mN1=J2lsGqb47cAIaaK91*7MSHMR36%p!z0BD>%UmM0)U@xgT(_>`AfPIrqsd%JoOM zE|ysUwv5$iQ1Rq`=397>F`FtaSA-gvPH*pGuRH${yG4-D{CoX2^1Y}$P(PK$Jt!lS z9B?!x+YL-_b7tVp%k^(Tf{2BvYED#A?6yr=)mhI^C(MnT&TxX01HhrA4X3o6~N241%icx+2rAo&N!WV1u5JP9%Zw+BY-ndnyl#uPC&9SWS zZb!QYec;-8USYd${He1X4om)J#b8kf_*zXp59SbhSHAe0D?;sk|>|AF}FP9m#{DD`-j)NSGRN zTS?9(_sw3&hF`Qebe|qiKpwqYOer|hv#Q1hj#LkAI9Q~L`?k`h@S z%apAMu_r9e6YfyX80;Q2$u&%$QPDTfeMiGz zSU*4RWM6$8e|OGin^$XiXf8(mg3V#ZZfPZKix4K%;?*tXSSlZ0b71Y+SwJ7jpvKye zyw~37(IMM#CZ5JeT{Ocs!Ras@ZTyqUGQVk{Ru$tEc-%v?(s|;)=wjlB_Sk@rk`+3) z*6g8#rAVD#GsC{MqO>T^rrev`CkCFa_1I1=;Kq4qPj^9)(`ud?PU_?^IKuG4c4$vs zH&?b5RIWgq#bcPMZgrw`6sU#DU)pP{Oc>+AC{-DJ>Aq9E$kgL=3_@(=JhEuwTgf3; z*Pn6b7lRUjbjq-4x)_1zszwEEepf_pO>&<))N8%almo_%BjbHP@Q$h8u z^;FYMazAEqNXbaB?HSW%FL~d~lX-O5X+_QJKhsB}IezCGU)IhW>G8_zusEZi0vf|u z@$!@7+0}fsRV|y+8%)jL#!2re>f;=Fj&+L07UHuBIjf#l;Cf$tMl606eUT4(3rahgYfH`poX90c<4UdJ);L%4M*q7 z=GQA27f(8|sdl_W1mW2`XGFjvi(ld-P`04I$xERr+^4GYZ+EK2lPaF&;etv`sGuP) z0l!R46O4>3*4JY-F{N?SSTSh~MjwQ8iYRAPr+PPir#^3%jPpi~Qe)agh6QeMCM6Cv zF8%B;wXd|}*P?eC+2GNNGJd@F(k;r8&HmuMRIrj!pKAUwnZN<(0AUI+Q@e+}f}TD> z_N_La#{zQ}ulB>vh?;WTV1XntUZ(Q&9VsGX-VDJF-{b#T3FQ(3K6lLLE!GyTr@3<3eb3;CWfzZDh~DgG992$wHl`aSRm1Oo%R=_!#qJFzRX<=C*DKd zFDQD^Wz@~#1UVKZ0!0_c@{WorVFJf`FQw62BMaePD@cM|h;{G24gKCMIZ3VQR6v;O z9Df_G4Cd^;cdl`^gc~>CE@#EwB=8@~RvuC3sR`ufNSuSpyCRrVu`)j zx?-&mj(1Bb5wS3DCk%M+7X{`8S>M3W!>vW86V{7y??PEL`?GD^X06jfB(2VnQ7CSn zq=cg@Qu5rX*UH-sW4M>h)V5PCYC{;#_ld`Re3+*(-?`_Vs=I%U!Ix>kh0!L7Ouk27 zh@gfzQNrEvS)W60g3M7(-lqh`2PpJW3$U^J8Kp64f} zwgq;9ztka3!IlRBMLb&Fa0$DCwmxBGfup}eRO$r!d$5gSg?MY{g!tKSzLg~X$#d`C z#e%-ssEZbXtxXJ7_~O)D-zkbhTqe?`)7rMyEhIzoq@cwkPu;!ooL47NPw@!Xec5d# z@ZinSh9%_o@>*_PvcnebaqjP4-XplV!$4bcjnr7d?sTr;tfil8X^zLyJ-Kc80E$WA zm>?c4ki?UOI(x{W65#aet81MUl$yeCv|e#4rMTF3nL_EA$4V`d$E{=6CB}1}8ipFG zO%rJ-o+gUi*oIjRZ0R>ms85cS+Jd%yUYvMP=AN^U)aPZLc+_Umaj)SYSxjoIBxmnD ztJA4)Vslx4zbQhxLL>-EW*(mBDZ-0&vU zlsLl)o9D5(`(q~q@Y1nq)e0#^z)szyoC=ViF1qySnc{@U>;>$P8_t%_J};f?Ch)3c zL$hRbNW8Rmug8KvM9-~i<2K)u}M~cl(@8BIxfsecbmWp== z3B-9v-U*RD3XAJH&$V#q0!l)*?m7cC*KL&)n@TaksSQ1$rzk|Rx_6^U+9n5GpM2(v z0@U@4mwv=ZJIq7*t$;ZM#o&UL(mEBUg{q05W1H0@(+)FO+T+O-z)U4%iyRXPh|G$ zx3!;w`Y&sKDhZ(Gzh;_l1_#{1Q2i2k9Ik&eRs6sHl$J?>X_=tD$U%-0pR}GXPBmaT z{s$2NN^_ROeIdO&v-gxwh&e#De~S3z+Zvxt7XDqfgF=6PX9T6P%UFRv;Xg6LBKNrj z1N8stsq1G)7zm*D6L?9r-nx5ZaR6FW)ksq6jSC_*m7Jr`DyzwWMeVy#55`K6O3zYd7 z=u>~xG=1K3JB0#vNayVw@Au%#nR3sF?MkYCICv%h*1FMrXS;YCqH;0&6dGaNqCwB|zVsO=_2?2Fi9h>p_OiHc z#h+q(Z^9S3R<$;=GbM7nwd_?Hd7sn*-e&a=t8U}*N%B}dO9A1KCQj~0;e9&ZF3;zzh1*&J(NG&mqj@O z-Odyt8z^p%XmRcoBM}-EUCy}vvG=wE zL-27yFIpr;WD;^N*sET>wH+-VbMZa>W9oRifOP!|wyYHgLkhT_AAMIf)=1H|!hP1c zY|2CMmg-x66M^IWG=A$UhIV(e2`mu1WEp|RU_leSGh6u^dg?Pou{#f<6?wZkXvlY7 zeONxx-j^%`YRF0B7ymSDp1kvpo~B*cf!2EV8<42sB`U;@jA%)jICJ3k>Lrsq@}v>L zA!cx{lwM5>9FjUOJA?0BoyZAuJxtFRE;H_Pm z!bn?cU%F5BUi1u*toO+-yvk96;!HhGx;Pi|C7f4KgW-eX(5gZj0v%#d!s2KqUvZ?1($Rat#;6Vy-tFFB&md#SmFc!{|V#MZckqp1Z}LAwmtGV z9FRKMMj+d1!v!yPn+ODVKTUx^q5_woVbDq>v5yO|Z+=3Mp#QIqE)VH{frC{Ktg+OGGhP3B^=#Ij^3>q| z#q@r<79oj;gTn!et}2W9XvKqjtKSY-zjxfcMtm0@5KmM%8}NgcVDt8zn+s3c;gLX+ zvML*O1FJa${L*!|a&COV1L`N36a&wnIzAF?~2pK<7eYB!Ht&5U!|6qI>r~ zx@AV&X5gYvwflvU;z?f*?`%EC$j*s;(#tu`)LdYJV$H4F)9dYy^cv3R!XKd<-xI$Wsh5*E0xlh8CWbX4|6T;ltevU zP2KGtmM(ehk34!B>wU<0I)CQ#D2Z5)jNnPGSv?h5ofw;Y;@|t}&Tc5}HtcxyVKeC= zC&%QHUZ$aK)NLAKa8I+e=J;hX*pf#C7}51Hlfy^Hyw1-X6~46IJ&KwU*gEY;?XQn!DgCA_?7uVo@!_|-xoX2$&y+0X0PRDgJ7qm(?AKQPE z5r+mBh=qm8lNZKDUo{Nc@3-@8UmMaEoOI56xb7)G0=1_(?_??-eFFk*O##evc+dA(o^y8uF?ObXx&~}| z&>dybc7x941<@=qo!93q=pZF+jnM~^s)YhO^+PwGQ}E8XE`;VSCs-6+qS2weChbq2 zt4J?eyR%%h*1VpNW49{Ev5KV@=Hj^tpE!x@S$J>aFwXUXQ90($(Y9!Y0*#9quXK!$ zq2$a!$f|IN>Biw+z)Z&-_MblDBGa`SW5u&azpe*>7xV7i(b!Cwe?o-OeSq?hB@~Mt z$7j5MwM3G>%qCXg8Gq*5hehZ{NeDc$fN4Fyl_t)|<9O4~Cx}1;wijws?Iaf4n#gYS z?P%MD1>JcTnnsTv)F}P9Z$Uzi)O$H=)35kr@sqX$E9UX@k< zdm>-vb9GS^SUM{dlk6aCAbH#sezbbSxkkvbeb@k)InRy4!bg$ zYiV{{Zk@h8Y1$@I{g{9eh0}{D_u4M{qCP&dv(2Yhh(7(9>CA2B)PC)Q%GK#(uLzy* zV1U&B{*23$HQSMHp5i)xd+eGlw@Ev6bw*1`nv6?}jJHOKPC6%)M2wfOoOy$IFXbNZ z=jUhiX;5dzXTvK}={#SZN}FVON<_YTzLXtpfj-a0KgNhIj|avT)t#UcEBg?b!)1t| zQ{nUJa-_?w*G}}*Ca|B9|Ms%9?#C0R#jtbp12nO0jB4nVKQ;w}(LkE`-P`8#I8@|^ z-5&gRsU=m&H+=RTX%={nXrvkB(+eRiJzYGEOn*`n8R+SnM$vc1M3{8xwlt~4$BAuUMaQVk;i7K z6t$Nl5PHG|_uHEYL@s__C&+oryM+Z(U=$V+%PC--efM9sNYgg8mgSXeL zO|26U>OeQHh{{6A_WNb`$zJDZN-Ywl4G#N-W%2iDJ+FCPpg;k>cok zX@Xa8j}_ntoo0+9|GQthJmB}PN+hnKh?XThj-p$0zH%>&y7fELeorv}P_pt(6I7?! z(22cIOAO~2&Jla@)>0GUlap)dK%6cRwBNlUu%mmPuBD+1MkX6-IeUE=I<9G8^BPkn z`)k2~YD_cO1-hD!N9~z>{;cU%qU=}vurSf(jr$~-gOj1T=Wnt?`-B^(>iHtVwz)cZmv-N}vb&s~<{e`&YRNW5DrPJ#8UkwZI7!Bk~e5Gkr)A%^fEMX)61W){~jYn;TPoYPHZcf$p zF|H!Y&ktPq%vOA6u{!NmL%qgk4q!mLFwe1%mt7b#=-N}zM$-dHj_FB$O#PA>XCEI;sMk6!v8&gVZ( zvKnFCIRsXL+8wr|_WVEQ1BJH?9uQ&v+P*;ElS>2a`o|y4#V3XXsc~`Ny(2y0O2NC_ z=4uB&{!Ut>L-T1;Gl8c^FC+KW)79kHG=qRr26*(U*FTStQ$b5gN{oU%+(W{z3he}; z3Krmiq@ST9^YvJStZfDg?{d4p;~FxTy8snrXo$Em5NLp82(O}ED1n9n)Zl&`_ie#Q zgq%+;pd2`v0hoHXjnP8P5ga|X0`Z=)`g!SeS%4GeceQ@GP2{}{d&Ib{5JDlR1v{L4n6yvY z&pg7Pwl;^!i&NEks%2ODorvy3EmG}lg}CaI84s%;>7H8_dQ&hjI#pN zZDWTQ>(B((E^=;sVMVDR`H=om=C~R}t+ELtI!2fMwmG0Anto7PB5Fr2Gp+5(igzQ` z#7&jIWI`#S&9gW66!OyX_UDoD4@QPx^oU6*TLqUwc1X;ZkzQw7rtw1OeaV5LXY5(Y z>(--7-~)mN;}|;$y@e?{+E&EbBa;VXtcYteL;t5kyPBAOB@JxFi+O7vnyy=#51^}E zO|HfdS?L|Np$b)UtT;_e>GxY>3RN_8T_*=DwAK-cP_y{xFPP(5bRw>bXZw9v)RF@P znPm0lJCF_A&Aqw^-6zPLA$i_Z98gqv)^mRZ1~=jD)T2hQQ~eyN5!O#l(2s-__2O?^ zs7^TFkAe2O9DiY;#nvB#1+3mKnB*+psRx$M+Su)E%O%We;>ZW^634JZ9d+Z&PzuDv z)J*8z^wSoErC2N>m#`5>99+#l#}flYRhJdCqDPvY=^<44+jFjH%L7837slN+B8u2d-}S5OI}!; z=hdt~;AMaZsqyDb=~B^Kk@`!w9>^MHGUdx!Gk1*y3UzrU%zz&Zsq)-VOT+xExy*%} zcJI`kBZOA+N2saW;aPw$SiN*=EHTFSTG+Nth@c^<3(8vdZu}I0LMK~Rb5X{J0Kpba4cdW9=l!~k~cu}&QfbiVpyfBE92Hwe$Sw@zQ-W@BhLcIB}cZ{0_7gh ziId)d<2l?C@;148M?}NUERYPMvw1O#xfZH(SqM0C+ar701OQf6eJl8gDwN{^j9*#j z`}pu;oSNEmr4FNK*=jXo<4-ND*L2>CJ9B+n*ZMw-)vX)*>H)kuQMUcXHL=*e6=>L+?O|g&z>QUhl)viz>O} zeq-;4XY6^;M}75l-6Zs-^z#|J{KFn{Y`*7;&UhGe=fjhLnQ@mbp`9tf>@JsNXJ7;( z&hvCtuYj}4uaDO&QFdFk+uxleNgn1@Tx4C!JG&8h`(<2DsGWHzox|NCMW^S)6sk24 z>jy@C8uIOzP7Yw7ZK~(|!Em@2()p;r8V^*@{Dl#0$D0^oe8ZQSGdZnfTMb`hS})98 z%Ua}mojhh=CtJv65v(3_=}+~SP1D`iyXcGA&(_3ZAvt-v zBFO0C$&~ImGQOqfrMa6Ax-=XzHI?NnDJuFTjsb9`rq8Pv?bcs=vEK#p+?TE*`}FN! zdxZu!h<9V7JolmVdL{IGiYXT7zXRAOxl5E2!MwK7eNo5ApkGF}HZLqFXq4A`d`~M# zIQ_kYXx>|NXp550BK1p03JVy9N|6L&#B+0&b(1!P7TryRoxcg_4r0`GYgW^PEi3mI zqvW?I%GzQ@PHOrJmm{w;%KvLSkVJ<9vF$43HSwa?6lghrd%`LAgGZ5&$YN92wWxP_ z?niLf3!`{N5v#h&5mXR9G@G$&3w%Sh9Oaa3Vdk9HWxtzOs8uzoA_*We)qAZJh#(E8 zP*69&(V4sr3|8;CzBYz_rDhWccVB2(Ql3IT&-dP%TUrXhc&PDJv>-M=`ZD(kqLt_N zOtqaBswo78#r|c~=u$GX`3$!c80};QRULTDvhlmIWMkryL7jpUOC!76f$yUU%e!?Y zc>?#B6bdF-ZA2|o!L5P}3?hu>R#QA=(2D@fF10o-h!bCfbqX`H5g^xq?hPzPe}qZ1 z-SlPlI2Q44=l5(@mG4M1O*uUiM`nGS{>z9$VjA2}&o5JX6EJ=4Ff}@vxwK>z9z^F$ zTx%nCgGBLROHjVSmv#|}QvWHdfm0Jabzjd~ijsvLl*(@F81|Aym&Im{;5cAKwh%37OSArL+< z!#TWE)w}Z>pQ(F+f_Xwe>SB24K#aY5*noh50D^c)R z9Q)*ERizp9tND$z0BNN=@?q2zKd$E}_VAGTy-fGmOq~*d4XRC4yvM)Z`OR>Ghsz2< zI@^i}Y{CVfHc{8gWbVtwB6o^0W4}LHcfR<##)1R4-EA17_L7W)A1&wa)O(>;98txn z6CxWH$TK?&2{Tu=(g_GuunrSG!9JnLaz#vbvBXA@Zv~?uG?8?|ALU zkRD^YC76qPQc!(V{Pv6e4#<-W6;-(N=2E7V^A33N_d$Sc=JSoWV~0P3w+*H0qi)7? zI3)u`-{4@2P^jsbOR;9J#F!lU`Q7wK!Np!%7Cfpz9NQ1I@ocI9eE_!1aIA>e)||^U zYk`-`hWuTW2;9}?EJhElJk{#0y?WvT(F7w4yR>JW!3@F3x3Nv~BFDeK5C|Rqo?*bu z6m0N#Km?6C>3Js{c9+y+ADyjzkry=G2x~YV&ft;ZXlmhY1p+asc z`@O*%6C5&1N~b7sQ?zaqQSmAQ$tc5a)~2c#o*B%H=E)D5FI* z_#QM>0)U~-a+$xx_wLt>QG1x4b?Ef9k{_TS=p1DCc^#~|%mNAJ(Q&TFws#k1Lrh-p z;vmYVA;Wyu%X5sv%AMg|`O0qxegiin>9(imTIw?029Z&1DXxe5sD>&LkHd~Q858@% z5mN}@y3T`bTtrUW7vLo^8twMLSdflv2dr_bcD$~hSF~Wl6~Ncw71Z8Plc`i%Zy21< zt}{FtdlT`x&`;lS34gX%t;Oz8)GolFe)kt$nNz^Vy-BRl=I@N3Vu3R=PwG;ZO$ZHn zA}=@krS8|ll{~qhSuB?MygxSxNti?b(J$;xq^$(0to3|CE_903UtaTkuW`KgG4#8U zw`da}JN|c~cSUTNP0|F*y^!I#zsB=q#};oWrB?pdE1>2ivye2^QxP%toj(usmnJiN z3?L)rD*uUGR~4l!r_sdRjAf(|?Pqh$v;XAaeww9Pz?YX?iy%N^>w`Tn^FZ{SF`2|( zaNUFjF_g>aAM1z3VyX5Hg!6RkE$Ei^2@smCPoz_>l4Cyn9jRigTo;?pbbTdk@~=RZ z_pg-i51NvHS7Q_BbBG}4o=hd-nDGOHGi?1&_r9)nvcOC!XPs1upYRjn(B^q^JiCtf z?^(R9@%rZ_Z<7jWNjMpzNK-BU+9iKyHvcyk_iyM3Pg9GYx?%}Hf z3f6K*JNbnPARGIK9agB+(96b(|F#T-ft#X!|CF=wlYc@FQ0G?P2LTT13P8FdO#Uf` zKex(Tz3Vz~=nA%`D;rP5buSGqN&#fw+@`rAkjs43+ySbJXYP`Qys2NT&q)rzP*<4- zzzG8I1-Veg(MsIP^2MM-OiGxNK@kmYRLe|#*CnQbq-nZO@H!>M6OEq;je~aPD!_`t{>6HkA^;M`C4W3KtG4DO{Isv zrVo2Y+4&2(QUm?)bfEiz1TVKY+2A2-D`hvOD*G}EwT1T_TD?K0B@b}cfAGKl!CaQ4 z&UdgubVwXSUUWg%cE$CN&>9l*JiKj9N!^0G4_Dslokz;5MpL7A1IBb*lC>tP?U2V? zMT90FLuWc(?2_inp}S%Lf`h`L05yUuMboO(LLKhDC)VDg=Rx^GJyn&xKkzGquUvrqPI#z}$yTv}`j_0QT3LJxR1~=mBJt zADhbUBQ!aw1T`}dso$V7(O1S5Do>TXODX@I5$CFtmZw}1C!+s=sUT>BXyB>ER?Q`2 z)5QkYF7yw_eResiK%q-^b0l5bBrXisAp7a#LV7Q-c8im_~D_=k=XR+ zy1)I+wo2(San70y1>?$de3+7=Y!rRvYL|IFnuK zJ`!6wsARP;ZsJgBP7$1@{p)+D7m0P&hYbU7#Lr7Px3n=L|w$ zM%RYEefUaBAU$)osO668e$NQ{C_xCnPMY_A@=)tr_wvd{Yb9CPmK=P_^SMzSI2ct# z@aW|st-548^o}oce4#o0+e;v~e=@fxX*-|`%K@s#*H;w>+B0a3oi}+`h)ju`d6hGE zy+%%-QpN9{aDFrGXW#2Sa54&%yKHL?kQw6_we1Rj<$Ogc=m^gzru!vT8@H6 zEnEY)s^x+6S;H6t8_`3h^pI_nW^J2kK&|3C<0T&XDnFaYNsRim%!^Lwq>t@-vzpY% z(=mLXhax<;;)wjM(*yFu%%=ffjz=jMfMI_6T)&*iB^PM5)R>6xoJ*_vVtAqXhdMrh zSDK8G#W`b&y}%Egvo!8eh~cs4g{{t(8J~H5^-oVKR~<3ucp$lVfsBZ?b~FY_uYQ)-_w^EGQX>z4r)8)U}Qa0|GuN#aek3<`P1%%ri@&2f#Tr*$)>=-QNse)XOqgD!=`rSrct9k%iirbu|lY7NsXsDf?yV0o2rt5^< zkW@|9)yv0=u^6(oBV&^rg3`Zsyq-s{9^}yxkY_ zIu$3-MNKC$K`2~#?UXi9>c`1aLQZRCJV7S->u3?9|8dJ=wK&57d#uyY`@#+JK3B_h zvq>br^#dJJi}{~0mjcJ;N(FqU>pcF1^E92Y`|VB})xVT0_T3%_$dRjusVO?mseKRf z!EY$tne>>+W*z-6YQUG(kNHJ>|9aG|5nBaF`4_!>>eq@0s|004Rl#l4kdG&k#>Toz z3?&qTIuRim)lOiUZMZD zdAPJPSzcBswMwzyvAsOBlT=3okJS9`M6;sRJk_@lio7F5JS$~H8Pgd_8Z^tex<{Y7 z=(SC`;c86Eh6dU5LrAaJ^4H3AwHdAS9L?Z#3+mUm0#c@-uG7cPU2~p%!y{H)bi88w zEmcKwL{cf!Px;WA<{=xGpm}(PXx^|xFw%7 z`BbdR;d-wAe7yg-S>@#Rh_la>WTxaxF*-{BM+j<#Y31>PQ)~PBekGnmV~n!nA*!D} z!zlf467W*xqRD{ry?ck`e)#ewvrQm0>%v65g{RRi&%HuHN(60@x|T{952Zirv}2S7X?VBO$QBc?3{l;!WX}oAA=MIi;3bpE zKb=v~;MPjRdw#5ub=}bJIP^Rn?DO zL{Tp4^-a%R(sOpLE;3Sc`D@lG)^wL&N%O2HI96r#mgn+)+EkQt-cdJ^&@s<5ZRYF~ z%;;Rl%$d)Q7N|MnkfWU$s+0^ePeHy zjwM;Q#A~+C1ESfggy5DCh0@Hd)$z5G_&Hd=nKDaTW-B6uRP(R=lD~cfDtrxrnbUL*B;2o?=1MG7cf0GO@m~@W^08A&4T;!XLi7 z2exzh++ax3(h!LdPcN*d5Km*i+(hM6m)oh3K!XHj{I1^pHmSh;i?)%#$_7}`9a3RA z#W9in1m&2K1><7Akp-vq;b&SRKCbdi%V8rHF#;TFs{xP8iDZ(AD}8^pyv95>A4$%) zI{R%hhUOI=sdI*%ZFVqq8@7ezVx|&krNZKCrF|)k{iZB!GU_JBDh^O!OLA+6QN-;G zU*e%=u1e3i>e3pMLtN@@0Xyn(4=?E%p9!Jp={Zs5o ze9?!-0B@Ow4+*EOwYhG%!F7xHq{4JMd#>wPcgAAZIW#pj-PbbXz-L{0c>&Twww2&( z9SCDq@*^F=-*Q}2C?SZ|3Bg;>r_JnOLwYj$@(yf*{57+VY%`O$h^ZnYSo!?wK*oB) z!Of%rl#H`pv^}e&GqbK#UA4&0X^wBX zJ=SZ{1#hLu}Y2#^!0i&f$JK z7vPOPfOIjX-~L+nZhGR&cJuDNc(K7Jf{X@Q59zICp4N3>+ZJvRbe4Y&9gVKtoNn+q zF=u<(vK7fYKKr_Cf~2VxOXtQwwK!Rk?FZu?*|ewu15WrTk)?`*>dR>hg$#To&Kiv|L^qm zpBv%-ctysk=~f9F1@4gb3 z+!SpU5^8PxTR=&%bE%1}0sdu|yaE@7PIIk3x`D0T1`2NlH}IvY4_#CEZ>ssVycOzf zsfG`JsGV6hPSg=3r@f4PXI=Q@qd+s@HrpAafO38O^8Wglv^#)$@#p5A9l)|DAnj;C z%D_lLj50&nJaJ`4w}T^b7@9suJK<^IQ@*qXHna5uRzRQ!EPHKFJjYB25IX?F{$jXI z93ftspd0>e^YnM~G}f6tAxmbHb>ZtwRy( z_DN&99$WLlY?Tw8GeEnW6NX)+I*x#LDL|XHdvJH7{B(*#(0_>FV3!1x74jF?C#tV0 zQ1QLHDJGPLI7ap@qE5{qd3;?UA2Rn=JEq5k?+pR~mr*dF%mzsOGayrQWTN2Blf5jm z+ZphU?4iRuiAq~dw?0tq0wX87#6SF=Ju?c#3iPrOb8V6yR4a5n8!2y>5#uFdApXEu+zB&_$_b{A=!*4IG=jk3Ima)%YUs>sPIn^|7?nQWEP zF9Cok0MH#kau^-a0)O@kQ?42lAsOR&U&(=+%7c-o{PuwCq_98p*~8pm*4lPsfS7&+ zM6N)F6kDccBJoRm$DI<~FCvX(inY)KTN}-Cg}!=t2N6i;xnE;&=T=WRd~oMRKL;RG z6-FHn<@0p`_i7}J=P7M|Cz5KKtoDbq@z5tou{E*YhaeYq0Q!%oTPU*fa#<7 z3KJ@#^eNSaZnN-uZa!{Yu8LS}u{UbtvVT8$%J^BTz5IJ%^-bDsYQ%1S8j}t#M(e}6 zHUp>j!@Hjpdo(N?2RBsV!-De*VxkP)=Q4-D>m%sr=_B_l0774)e~vXlRi~Kr3DMO1 zVn6HkMVLEBlCE8_g{frWny{MER$#_1upj4M#Jp`!=c#!epZN{_@Da5+ioFg;{XtX& zol33!xJf%UNbq}ENMs2kfYz_x0QTPH8xy8JtS#;TAnnttvaZMtx{! z1*(7DJ@zgs&-d+5^7pwxK0O-NwQE_5_elVW(<*@OUrDzqB;fgyx-9bUdj;E5R#TOJ zY^I7gEApNrOuEM-cy7ze%bk)w_Iw%)-`9WW9cKfZ{!HsQxpXC0M zt5ou@=hf`5QM);X9zQ&8vn2|AKR3V=-heTiFrx|HF*@ICsrspq;jI)2sJj29oCC7Q z7c`+*C2xVei{bBgL3HwL$W#6xSzrhN72s2oUgQ7!0*OK;w<|;N=`bNR@wF`f|89xg zTl?0}@=Fr`Z*3ss)Fc@AZ1`%U|0ALUByfO88kNl4hG}!Is3rzQ0g&v~J13%Lb+U7p z5*(~EMSa9J?p%u4q5_zA8uqfzF_*IJ*b?AEAt1}H?;<%)tfkTdLNk2T9%=fcz9DDnZDvx<~G@+stmXOok$?#@Tv7*jTO!V z6CqCt*vjCIJ{9N_JXyE#+C`k;*SYq6>wF?Sp#5n1f$;fS~n(|I&p~mFv<3PcDkzS6v7?`XxQhS_e>f z%o}7-=CxbRQcM6d0-=NEVM$M~RvHtVzcIa}s&)5~j=zF!NRRKee&0FqdO?JZ+lCD? z6Z~WNlz@hevw_I-a=Jyj%HG3oUaAx2Dq=v|)(M5t1P5|>{z4CHNPXpM9Q}FYX;Fc% zU37_bC82SRJatiyL4gCF>|}bEy)EcZF~M(^1@O0ug)Z&)4en7xe^688EmG2B1*+1s z1zy~vdH-#RU9IQXQ3U35{%mIb8psUi?{q7)1Wgm%A$!>7;(6`KU>Nhot|LJrxV`>q z&TYl=t1l%P$rb`T9ArlH&v*JiMYI$>%M!z3)E_cfS`hQW6N?;8>3$>O_P!lB$##eF zr9LF?z-w4O0SM!t*RXH_Q$!|pztB~BG_A!79A&m8Rif(55*y&pY>>3uQbliNr#k;0 z3)BNtP5)f-D4Y*v0`;5!U7P?&{y?5RrlTDaCTeYQXWJXy|)O_qSu5VS`eL# z8Z{Ut$_ycdM+>9N3?WhoVf0Z(3yBsrA!hUvHM$T+3*MW^^T;{xIoJDs*Y$np`usWO zzGv-yuf6u#zxDgATTt@OU^Qehl8Ofa_xWn70U|*ES-j#vhl{A!C2yaDCXr^E{1FTr zQb9(aOOu(UIvorKL7OjUIwSRgGb3M5jn44$K7REql5ReP3 zxAU*o?X74ERW%h_0yX|ZO2EL**>nLdFO~=LZvX?^T}pB*%!9Bw62uAenTzwW-jBYLDRI2WEx7S>Z7%Xs7ym@|9?l zDRML#K9WMQAMkBFBTKb-BW{PUQjK{#HD$kw0DlS0K~D7CyhaPsB5ySyz2+lO62hOR zeBWsBaX5V+bEx zbPCvs^xRN*O>kLFU17)I0{uf7Qkoy8uC0@SLO5@#UQVa%ijUYI7v53$Cwz!sw$P&q z1Ybi8w7`4a=2I_|4Y(84(CigK^NSi&i)A{DOe`dBHDsJXFkK&$bmSQhW*lY!WypiI zX1Y;Hym!^97OfdcA>TYOL)dF~31^z=!8v@%iF5jn3}!hC&ux?*H$NW<6XVT@-}G~- zxv2R(N6*4V54UN*S?brFfD}u!6&r1*-LH5pn&{tXTC-d+d|Ph0>}PuPi=19c3|g7W!sx#pGC zL#8ci1^>kbmt^5+1^Ozf{E!d=^6JmG{^kRVHv(B0BM_`lxX8dd{~1z_>#%@+?g$(D zU!T5?$lXS*XW6HI534}3fS1B~lJfm(;q^bO)Sff~JC&dSmi{Gg`+0Eut9bjj!1(__ zME5^v1@}bR#?F zOy00Qnq*Q8AjaE194MqkpS=rUe}M7F-^u~>ZvO7Ixd(?W{S`Uf`PsOu=C~`XsIdJ) zsD0r$f<>;PG7wp8A2CWu9SMX2UHYTV_Z*!!GJx6?ns86y&13x*`;`E!gFO{L_U#B7-O zlrN~IZQPwXCz~{$0_huxSJ|1VKZKb8Y~!N+?~ejDJ{5TzMOMeF0Lbd@)D0-i6k^_S zr^H@OOZ(=-i;Q+pW0;-ZKk96C?dEqN9Orezx|fu+-Yb57G|yoic2CoX_}}Oi^`W4> zRjo`=K>*|X438_kh-$()+e7;!rbdyk3K|v3ooN=6Xr1kw?pQatWm3uMHowp0ArSq8 z|1c0^u#fT3f{Gi|kb(qI?H-Ft2#wX}OLsBt#p5ZtqZ~l}=%n&1zWeX8TA}%3(BmAE zo^Ucb^T8$#r#8CD>`U)GCi}cU)qw}n_|m#ONkqhpj}-`j;koy&t{T6=AssNp$g*^4 zW-qt{EQD10hjl+FuL|F6N0syf=m~sJ$GO%_q6{M4s#stXFlN(~nNmDFHyzZ7{{k1w z6Y$VT0m7Wb(uHwr>{O=p=Z{HvK9ZpqDBMWq=Iqnjd2M}C5Fq&OZwA!Q_c0yZM!@I3 zG<`o4-YSZ5U;u{-mS|XV6JYFoxLJl=7wrSKNSMOD~PQ!}u(ax>C16ls1 z59M0@Q^7`8J1~+8+d&~L!Sqc?CM=tV^!a}EGN63i&pW@w*B}^69?mA}#A=K`LSS8Q z-KmvdRQ8R=n(biw;<*~^_~#AW9PKL~)Wt}a$2O7`Y~myQyAzvg&)meFk%=6(gVF9j z`3G!f!+hLwiDwpe9poaJHW1yW2rQI8wj9;nw(+^<+g8kYI(VjoYlIVf(?yI0pEYr? z-cfMNd7G%WyVy2saV-a*tPz8Jfy656w!-^Okm!0~Xp3v@ z2-rjI&Zn9VPLOfCrStY7usXRoTJBGot==?d>kzdSEMa40+MIJ@#bo#AGkxm+La-D? z26AbiXhM`|@HX@HD3jUcIz+K)6g6M=do1WslW6GQBzQ;dB;HP=Iv5_r%wjFjxo&kI zt-3A&t0~>_g~jM=etg>9z4s=iCY0qbg zm&beKQRw3?)Zb9ifwEk@YOYjO7_!7r2!3ca%0XfiDWYXHE;L#*lxU1mk84>~?N42} z!xPIHod*5rlU=bpMU>_(CUTc^(QQYOq^HI$A{$afclhOM9D8gA24W1U;G;&NXvuh7 zx@~JNTVtH_wDOY$H*_ED2^%`=N?Cjy?x-lqH(hYQ&<3TmOW#O=*mgic$;BCa^C+ek zY>Ev;-H3`Wu>^aLiL3&rj(=-+H$<;NBzzykZ0*85C+qaCB-A6xW|<@37iJi;!8`pp zBuCP^`v>8OsS76=M_GX!26F#j%ES;Fk)PNA)tsaFNq9AOD70kuQpwwPs)Gainq`t2bF5)r5nNWDLP6Z^dn?BCXL+_@`QVEWsMSf@4iH?B86;wtMsd=-x1YJ3P#bx7#7EgNkM(6Z zqnLSR$Cfj%d3Pq{h%bH;X8zy}?lSCKD`k6E2IM_QQX2rqJo=U3(_g~tzR^VrIv@@r z+S;IJJ23*F+&X)=PTs;JIZm68b1mQ=KZ$2RJ*w?d3b!u2vHli-MinuJI?UJ8i_N0r z`&i%O_5OI{x8Fm~EH+ZR!Isakk7o=)N5Ax(&K!XcDia)e`ia1f-HySzS@YY{t?N!j z#tu00uVf@Qok`u7$^Gu;-Ooz|QWDHNyFQ@9htxq|A;qU7ogrN z`-!h`z`hoBY{DyRqNPmc3Yo8V7wmRy-1k_mB6@nZ5;=fzCy_wLldz?QS9shg?_qnr z$}?oYt5o zu1y5hPQN5RKFSb+uKDZ~+>U9!vR2tYEkUc2s=!#?RU+RbE}&u&(O znrAnN7#J$73^r%-U`H8HL-m|q@j3gXw7DlBy9=5V=-qOJb$N@tL*afs9M_B66Yw07 z72yIvf4RDD0oC29>X#_Da>c#R@&!0;bI8NReq{OO> zt0q}Mke>GaA)3)_(X{`P;jU$g(Pfe}v@X+RHLKq{HrE-CD+lZgP~Jrw5ZsVp?~oB5 zoXCPKn0SZcI@4_~ND4Au<7*_Q?i-%%N^`GSmISIFRbF3B>UWLM`p1H3z%O@7%{F_j ziqrDEeA@GnRB-Qi@o!pDXdx5-oFU6kby$_}>HIO9b&bUc=c&|Ii*|r06J20&WhHBf zk1AZ-G-s&Yl}OM4WxCp5G|z#;dD3O%N4-6G8O?oNsKArC&gR{jvyRW9;R5F@?d%}D zc}mZ88>0NJC5qsPRVUeMDDop(-RdC7s1i8h2F{oSW~G)cjZ}RHs0HJ-4@%97juz(8 zG&MLCU0Y560&~x7ht$(a&KXP(@UaFvx`3MoD+(e@{`{NBGV6a`DwK^Q_UVP1_y|gZ zqG4-3H^Q+ zQ4jV-1v_ES3oy;X;>FI`XZFpZD#u_HyPYCGNww!0UF76=+eI-d9!XEDuQS{I3L@$O zlqp0%OCZ3`j0dQ#)SoKEt4{GS0r4ibI*RaIE~*Lphi>-KT#Vh}Op3omBXZSoWk%4A z-R`|?>F=-tK!u-hacq=0-z~9B0@9k}_&k#psFSRM%RuuKIm#r)f9(B?F$vHX7GVlRkJ*kJr+mlQTUoh$T(MUPy*tW&&Jn?;Z zbI*KfkbE<3)i9q+zI!zyhe=c%#-)1>MS{SH zpV=uOV$=6pQ;KKrH!etoV;nlxSG}Q9B0_lbJrmN^QvjLnPPsK}*2FY}yb0!z^kP{| z)4stR#8TrKmqWCfiE1=r4PJh}q%~G`)Hdu_)aamJ*KCfo=YUn^r><^J&v}6N;c0sW z@&s0VCVRP2(ys;QuMexfGBlvEQx3O{=F0ONM>Mnu-_G~gz!!PBS|!9skQ_P8zm-=a zAE#FNp^2-wApzM{?WxX4O>lpK%(^UOYn`JpA##cgeVMgloDs}yM7fvSv*!oS!oKD^ zHxp6BZwSk`$in(Q+_IxD*Vo7oHCjQfosQs*7$K(xfa4a!+W#Z#8FEcw)T%0ED6ja3 zzFuKXPm;yZvV@Ud#meyIfNOdTQ9_aT*L(VnmR%_(p^pZTEr;IZ%DVog;iFI8Hm2E^ zaH&Yy43NOA8nRE!!;xb!OW%iZU3~;s?O-YYS{n6wj3PiqPQ=``s9m1Ngdqo|?0?Nk z&Let$bq5cW*?oN+WdF6H*fmu;+xXNoZq}vaTJvkOs>%WLez0f_)nt4C;ckD`*iHOG zah>>bfL1D-MZpK+%ZC%xR#{9n8L~u=wo3x!Ye!SWOGurOHvNjqNF{C%A(Q=8nH!QR zFDsA2W5 zJMhMheN${S*V%6Pu^=j8q;QL3>p4mJ?YM|HjLk&lkk*7nU*kS_6*NWP3Gre%K+<5?ywaF~p+&3JgDSiK} za`b-8=l6UndT$2gH_zp=wb@dUDUnzY-K>@s@5S6wW+m5NwTezFGvQxTU!J&>XvVDi zaZBHe(1~jJW%g4ukhQvU`8PFoNuYvvg? z3Q@UsAM;*)Xwj0E5lN*5$V{vnJ}y1%^-bFiXu|PVws&DE%c%0*=Vb1+p%(M@P|ehC zUPNz4y2fM5_4gatr2PB+cIz=zscyzH#WxCTST60A41!uOYv&w0=1V{i%M_*a+sZLl22y z_gSjwmmo%MJ}jl(?T9J2H&Q3-_87)W*XekwS6j}KARp}V;(NYP6}=sky6mvwLeHZR zpYJc9QeR$e7FcuBY`l|pYOZ=XXn649QNj5L>jUt&i@6;MmREmh$XJ%mbx<2T>6bhZ zRkhN3YQsy2JFC{pq;Boa&CnThQF4Lkt;qgj)gtTFVw*NSnnGpX`B$!)y2#w9X^;7? zz$d<4LJ?5^4g#VN1!~`28+dnwv}9QF^)bsgvz86y;=k4)RV(D9;jy!=C7n3cYph64 z7CnZ**EovOK-@dSEHIsBENct&aaIqRe7A&kw{LWLy$sIxv#c`d#Se6H_a_jGbbFWN zB$~QYo#WlmDC2X(4<;&W+wmk48<~A|k#Ki}_xLR@;S$si_{fvf!O}pQ~9@fB5t{ z!uZJ}5(ljD1CZ&f7A8+h^JlpVtYTuDT-xJ;7{a`3ukpt+W`Ts~Cu0YIYx7_4BnOWY zfrh+5W8qw+tK=o>*HVF9`!963JCMbnhq#;cl%oJZ?NNWbzm7dWH}ijuE(4qANyCg^ zTm4@@51_@Tt^aRNL9=*qS^K~CxPx5Q3p7(+W%J!0!TDFJqR5cv$|wgQ;!F}ucQ>O(jqo3 zPY=VC3Dx>!dLqnypLdionZ+v7I!d6lxXknPFq~am*E0bvZ3oK(`!1!{27S!wAz_B% zRd_DHSlI76DDyl-3qfA6??wf>!`y5)4;&PqY%NMPm{%7oLqx2*whlhKU7*yW|B7|eFdC38b)@EexrVQV1(=wp8DeJb9h01%L!u->s z2g8Iq-h=M+x&CG+q}7IQA4-#y*tAtZFG&TE$9H;3zm0W-cSSw%> zLo`ZHz}%-+_+-e4J1~fIMbCE!4mZ`5Jx@F1OI)}BxNK=VtwY`DPM;^k^WR25i6XIr zK5PyM79#E#68!y2b|plr%A+ zM12h>=JbRexwyE`;6ZOdJ?>H9m%|#bdpW0{z_G*6>1*Hl%|nizz9~!6TJN6>m_jIC zfc?|DN-ZbR`27}`-T0Y4g*4cKi^#C-I%)&%wTX9Vx0u2ABdI_WjxQhpE+NtRhf5aX z?bmcZ-vzE)9A!kumMjg()<*?}huJ%KWP=OY5{q+A4?X8C2P|;4t!&KGbMeL63Jn4( za5?}Kkb(mH4tcyn#?cvQzppr-%H3v#r)h`n%hpNDEAqT{osVYjIeqc;|KuuzegyVK zYgR9A3(*@K(v%|=pmwSh5onJIlyO(nY(y=%^8?KM zYEr>=9AVpCZUm%ZvXPo8IiDHzI7qc<0n?I9pr#}sz;*Ssb$b2*7n}&RmD84zB{dolLHOy@AaZ{*2GA}n`DEM4JZ_Wr z9uS$61GQ{d#^2UaaTo) z)BuX>5W+ExHhmE$fO?8>v$1~ac-r5b{aaB`7>U)LJAL5OpL5zVxc01SOq41JEY|<- zz$BK5uj}JTg%Myh7FF%iIQ>Hy( z_x_6)P5q1N@?RaRPidWx-)8lnsHZz3I68oysGb!|_l?9dagf0VrGZycZLwXtd!t0f zs=xS+KrLO27zC87X*px}iHS?KL70y>g%S(3?|wi?JPr#2dKLVt&^tPCbeQ7P0BvED z_DmtIO6`A^|KeT))%{dZYeq=a!UwmFJ+nme^`|m7N|LyTOxG*H zF0mg?vbp-m&U9WpWmPr@jK(wO7NW!!rX~8YI6>SC?nlBwdSl(gUdbkrTC+cEB68J{ zk=r(VIcV@SgG{k?vN78EzKC&a;xun$Fb9lpTd;g;+JE=S!(`Ys@w>CX&k@w+!cN#H z*^N(^s@3_Rt#QOVb#RFMfmOQ-d4@ zD1zbE&4hMp+XHbO!Zu+f#uYAWSdj$^!6{#3+Q_DEZstaNvx@C%;oCnZho!x*@yW1% zNtcBz#2w7VIV6<+;=2M&3!tf?mdl@^TrGT4^aHTyKa@Lp@13G)!YNTHx2IYJLaMcd zsbw8#Wr+Wtu$(9H_J)(nTD4|>;3j9X+xa$eL7jAd^ zgF;|4jY;LE(eDJ0q+x)=O(6d*7~n=#|KmTYQf(SCPFW2=FB)1>)_SKV7U0tjWIr$F z{rxAem8##N{(IGQYbhhL4t_k77`O6-ENZanj3xjLh-dwPzFeGs)7Ti{i;$OHl{__I zRe)uDYR0WwIWu6`H}nR=0)!w}by2;;H7+V81jJ{5v;Pz4Z*~9#p2Qn>W5(u1I==ioON-e0+N~}J9gt2pU;IDfDN(j$Wbl*M^y96T`tOC#yS)nnji;0D|)=AMejRXw3 zl_+K|W);*U4;M|~3+()v&YC4$B95j=HyyI}(PHnokPoD;8}u0j?WYE5`Zbsr*mg)U92t1a^QzZCv^u3t)!fSf1K zuy8sGspqs&@U7j9F-{$yZwB3~yQz)*N9QQR#a5VLkn*8;n$b|<;_wDolSz5;Qcx4FQ#=fLB`hGyUW&I zN@HaSyYtxUx0&ZpnesGDKtxsp)?@R@Buqe&PN`9^E{WUaj?=yBJ}JwEt(#IJ=2<4% znjYtsmahBy2R2S~kS@G&*UZ84OStOdpK=xwWm-BxdTh6{8@x@?qCkT#e?VVqX;T@@ zApclo5}(rP@mfQ0Zgpx%KKKfMK)DR?+6!uDU}$+rnf#4+&&D$NI))5kS@K1@(9wT2}tiCB3)YO1e78my?5!-d#}<7y#xpl zklq538X%C&;dy_*cV^bieBZZb)|&PG!C{?1&e``q``*{Juf0#mI~BQmcd71zK%jdH z@^92ZpuZ+SAOh6wzkp9ZM{VX^xr44&r&FF+|-i&!SM1WIRQh?8}{t@ zx6e`~`8aO>@ta+atg^A={z6-rbz?Qiv^%%PtXJJ4TIgq`fA+-R;BQ|#$AULAusfRY=K3YCldG+Pw#~Gq^K@rp zq#Jq^uDPc{PY41%2~41M1B|{Uiy#1jWTpNekGzov z-^1UnlhJZ(J{aWV4Vtb%;>Xj|(^5H0;nYGB$5~{7vXKmf5on(a?uM%0Q-xl>tL*jC zn-m}QAl=V)kHzWFda5(qE_xYGZ-6=$+<*HMb&kK8DL2kkKpaf#J1B_rG#*B!tX`p^ z_?;c=Pnahas0y-6X*liIMA~25WMVZ}IrndYIy#>;qVC7CN3zA@1-bFLYlOLH3DgM^?8lU{D{8{>5zpJ9eu z?BEQ&X1UB=GVjyCQHdW!!9T&bSi!I#^gg(pwm-sGW3gGpAitZA+Az}bQZZ6Z=WqV7 zhJ_B^TfLmR3p6!d5E;f}iB0+_9LE29|p0G-ifYa?W>)a5)kjGl^MR zD!gsqemr38bTjy*4U5MA01K-iqTA;kv3aAo9!z7~Tik=F`T1h|`nt|5*XPPr7atoT<-k|Yd1Bk=MbCe}ck4=Zv7_#8IUHQ(nTk@ju zYAU5%LFjyhA92Vwr5`$f}UN`s;&*KFOCJzT1iWi6fK6^S)5i;SlU!px;0D?Gej( z+x1^W^tQNw?GJ=;w53#x5|_i=6M|6YPLD$dywCS{kOr3KEpPPiUX~M6NehIU*JvjG zgnL2Eo!jaJE9oJf%7ZNT{WW|t9O;V-4ZFK^;|}7dCyr+})}#ig_CtHI6-OpLD*BNsXBJ`fv8JEE{DIJfQ!`beD{E{2kE##Ka zr8Gr{NsfqU=&Ky<67Wh++mWIF*^hEqguU|p!C2`y+MQEHYD}|akBARm_RKW;jFCDV z{mupVjRm(8YTKvz%rrukp(jXEUUHKF)KL;{3{k=vBDUEh5ec+~J7>R*m+nY*BpZ4N zd($&rKDWEne^u1Z%73M7REhc~@cPm<=J%;HJ=r;_F63LQ>P08xRh;$rovUc|qrvv9 zePBg zw}tLm^xmw)jqIS;mcqg<m8^ zoXd$G7SWf)HE6Fb1r3=1$#;#LbgZdEZUWvP@I5nf?NGeDD9te5v}8j5oGw zwKI@7)`nD-Es}6IOE-b`0Q1^&*YC_HOeY~%a{raeQu}hdanvB`l}(S9kD5t~gX`+@ zM;WypR`AeV)}K$f_zyecz}{VX>^AH{u>_Zg3cGYffIz~9A9W$`mxexV`GVJw+8Jjj zf9j(%+cvw}FZESh4(*Td15ViRVrnwqZai`eeSQ<)UWzV$dH3q|Hkw2cI^>KEf9$(i z?<-QWg0nwvzZ7znrsc6ZHw=Ft{zs7m1gaUTLIJpt%SkhyZ6&l?BY}PyW7kOv?8rsiI2*vtwU!jMU}*_PD{HZHFv%bYUj{P2U>aVjx?eEys&ppZI+? z$C&TA3e2#LNSB6v0h|0TGoI!`7Y?FRYEdf|s}$m~pmb7DhXVgIP8hx?u7Xvg9HAjmmtLuMoc944P6+y3_5Bb@ ziXkB-Tbhc%s}QbV@*A*cr-@eY4)Cx-V}o`$l=Z)*a**e7=9$kwb$eHulZ*=N6L`L%Rpz(PM>XDTssbcRIO`=C1nK}1S!~owLhS|IP zGlgzH8kIP&Z$BS)XtTujIb9}}U7GBkI}G}_;5KILy-_>GxU(?smSYFsb61fw7Th1@ zJGj6>hk*k^V~@SV8RJ6&=vA^dzIUc=H4@*x*?vNAbnZ`cDLpTl@S9BHoKXa)4Owis z2!HI;(OA%ql{AL-&_hoVt@yR#rNpo8n`Da#zoEFW`n5AgS!JCp-^S>K+G z#rJXV;+8PM4zPpvll7U*?^t864Y*tzq>COeISR$**yHg(=G$8&ojB0&+6FxSa2t&) zcf@CUK+xKm7a25{hVA%>8~AhXZ5)2#u`3>mrf=cw!yjn3 zAGe(k$8&GLILPAOd2xVgyvjV^!AN2Z8klf>HbS`6VpF`f(d^YsTL~85LBE5;KX6mH z^a36du`wAIdX|jtAEZ|-AQ|uvP^eIfHc#eK@b=3Ur^n#yGXN7D6T34V69a5zBP`5~ z@f$)u9njM$3=U)2g~QkHa^p7-V%%}m+&E&u!nAq(68aSX8*qsG0v`W)FQ`Qgr?c1u zMH)`vbDMMVYQRb{?B!R!Elj?<$=WlkFRr?emM$>mTR1$bZr`}=gA<2wTfqtrzgsLs z-~5Ox1dnYLKhGZYHvo}yJpM{E7|77)6y0BG@X85sX3`k7=5*NSECXs~Z*o7Q# zzlGXITa2uUnKXlWFCXWUMJc||pvCEAFdr&K6MD4CSBTlH>12Qb%T!-LIYwDM^alLJ z8kux5%$zt>Yeew!FwTDZL1hJdWv6HLtanuC6$;tCJD>;0ZbE?fw=IoHE&5dP$0Olx zP~Y?6%+?zG5!h|t;QU~8O~-TbELJj}5Q-vPJ8|gQu*=JM>)POKS1x zq*cjq?2C0mR)LQNQ*Q(X7c)^pxfr+aZCI;W>!fz=vu5 z;+Vjx=K@467EG_8J3>Eri^=^WGB?dnGNCz2DeW>kt~psUV?Hw1z*pjLE_uMr;>cVv z8*e``A7BYa$C0@UahH_~`AqJIa))p?C>@OS4p4nRp}3|6PwxEh9$&?rcu97JJ?1td zKDb+7O7IQ>VvJTjeEnV%WS8P$M*2LF~AIE*H}2TD?OO3g-r5(q4a z{LbYN1RQr@q@bh7DncFdI9kxg(f}7&P-{O;?_OW+9$ce9rPLM``0-h5x`YWAaQP%C zOD$^FsI|IE?Xr3U7NN52SPzRpB9XPVwS2u77Z;`a^_{Q&Mi7`hNSmrMKbcC`IE7zj z1hc;q%sqVx``)Y$v9+^H7x$XhrrsP$KO)MAV`R9^LU(P9oBAMWWqlUBw-=TU-y74o zeKW{+vWtRB22ojGxzfg%txld^(Nv08x)LeVfhlFagUOpdcuS(~i~?u*YletVL(Uyk zzm3BxS8UZd#SQZ6pG&n&mq-Jh%fbX6)B^6t(L1*Z&O~6X0uCejb(o(y}(Z^463=}N$Jg|tO zNrTL+>Xs7c=AD_3QB}!p6otgyL8{S-wgq8fFBnQ{&EyN^QtG^_LT=3YKp2%RG0IlL zFBQPbvw7W=gz3XV)r3d8wQgmSEmuZ`B6QH@Ut=ll{EK2Z>*@{i1SB8SWbM_UFP=5KZ*agk2T3m*^6PtHJv<3C~oKu$C?U&yvOhlY?q}l9@ z^1PTbnQ~$AVxpLMK!SzenIq-~hqBLT>0Q)pCV@Gn(%#ZrcJ@FBtDBdtD zO`()adOHCuW8QF;xsA=B+)6;|fE#!rQ1@W`942^2-SWWiyGu<%_9|uOk!a)7I`xkN zHeNkJ(iyyRmio!V(*q@kvI3SyS)<)dJz9j14fiJak4%;R8e+h+us$wZd_1=yCt3!@ zOKpX|1Ygwb)9;VOdLAivUv=7U%_Mody{vZ8Q?M-Te)JSsB^^rc>;Guc5f*Xm&KKFD zmu9)SD}&;~Y-sR=Pusdsz8@X0JNJ|4a~SoxVLrJwB*L5)QH2N{dM%FRoOM1Jw8 zExZ+)|6yvqrW~sKd;hIW5dLWdwS&=VVE@DB@OGlKDszI__NLX6)yTY!C~~G7%iUmE z1cM<`4icRCB;%`5g#B>pSz7oncz2svmTHhj@1dH(t-!8DT6e)zaZ)`mt6R*mu{B4o z5M4ow7<|b5w33OD!J@umd~mr)5&bqmmmhWEaJY?)d_4QxJXF*dz^7qo=MGUbM3!pJ zMV2L<@aQ>E(oj&54YN7IMuZ&HKwTd8xArytnKlVtZQ zKi|;^K3DW)&QD8Xs+l}}(bPCtR46j&Mw_Il{`m|hZKUoo+g{vtofEqmU=dOnkB^L@ zEVd`J$I*>@L0@NWu%RRF2KoKNTD%XMeYEGcVZD%%WDRQ<$6GJ%DCMwfnoLuCbdhQ! zjCo1@fKRizM5t7Qne*<@J!22~;R7I+g3Cx@q$UbV`Vf;}@`%@P|3JqB1W{Sbh5V-) zAf+mPsmd|FGQ2&0CEIN}i|)BW7=O#VoKP|7UnyCUIZkkjMu#howj<^T3iJy9672Wl zHIQI&YX5wfu;VfZF#X2A)A>1*t+nS&ZkmL!^nf^JKYU#AI0Rf2~ zWWw}+_t+sXK?ov#zEF1yK!@*dBnG(KFAu3fuloLN;Gmo+Kgfh@z%CS6`K@a(qPHNb zU;+xLq4tOR5R_d>8e6G-a2A1WIh`*-eOG*V>(~v_YplVgZ&h_o6SR>$tvXKn@}8w@ z<|!77P2@71TUapA*9Sv!mq2Q`hNdTvfJ*!t_e{4iO#9Z$Jl=@P=4P+`g+@MFFc{46 z7janCKOU`ssbE+bjrNb1C>@moO{5IVWlL>sn|1d7*gd8rJ^CIspL^S9&b;muAxyc< ze$z1d4y};GqL|ldNjYEcSp#Hm?&6}!;jUGXFh_n@94+{<@7|2BolkL*V_yBFP*ZEE zD9!}u zT!PD#T*%x?j~k1_2w84e$T3K4?~dz`#ku-VD!rG)*CMs4l6JC{GKrMFB|e5{IjOY% z`aM@`lhyVu_wXmKV|^k|k%5YM>%K)WJ6#>umK%jsWYR_!SlPmf#trjJ^6}ChK?2S7 zWou7Njhx3#pN;b03{=CUKrFu?6mSl6q1ZuG%0T&0W$ul6IEC(B4Rlrg z1Avr>xw)8;qDRqe-9+XOlno)dn~ii7lv3_nO++rMvtrXWa0<6vvg0R4wB^PP75k~K zI2Qwsj|Hg&>1j!MpArZ6tZ4FrzWzY=6b|sPcLu`4RbP#B3_ndK&~8-PQT6zHJeluvJdYa{ z)p&Dtf0SqaTe|+*Xt*_ELCNb>X~ik@>1Su};uJ#x0+Q7?iL?ov83Pg z)}Gs${!p5yzgQ~O?CIo*R#Z>854p!@xdZ6<#)*3gv;c{lUs}RM>%0N(x6UXccG}f0 z73_0)8p%}Z??idDRsKcUfG0*Va6e#{W9F43v#b?g7$FkT6GT9=(han8lntZ5%NK>d zGi#t{jZZOmcAgX(%@A*HZl+$TNXq8`7s)xfUv3!N6lNTrJ1*c&%JPNRrI96bK6Al^ zGPoj1iy2w`-$_O!->kV`j~8RvH$YErS@g~Bn;{r-4~3z)7H)wUfSjfZIRxG2DA|TZ zTtss$FbYY!)IQDZJ8j_M<2Citf4tz&PAJtNKK(9MCgo#k6-fp4VPA~5_zZK3APw4J zj9y*9W=*NHtX$+$hsSWq&y3X1^d02;9-!_%nq$qLxH}QAS^`^JYpp4$2Mh;Y z=evA%@J74@MtObm>kdfAqu#7tz6 z6f_w4pEUm8nN#u_dj28q{~drZWUeI|`|3(efL_)AI{_1RNZtNd6#?>#2EOxu=g6qr zj^P7Jm6h82<)7!N03W;}{|Cd6soKVyJzG2ss?5#TM+)Je7wTF)VLC`sWCXQ7VwPBW@Lv45+dcp#$36O@^%-nFj@g4| zN$+TjELYb4L01)PL}ja|rA5w}rM98gl*LzSbi(aI-k-N}wP_68l+++=ruFY_6Qq@a z2(_`XvHX5=a-v^vA85+KdtFDNa}#Kb3-;5h%J(s1dVnZmqU!o}`mf?*BuguC%wIXE zM5AP@onVPzHZU_OoXfDuuTJEVIpqiv6QAIO}%jsoww`; z(%G3TW4zdtc(9a)vHW)9hn!$!Zue$+nCtO9*S08)qQy+zNw?ktA>+wynv?Gzmw_ET zf1yn3GdlS?3vYcV(M1AA8{sg06s8+n-lgTIn=@o^1LL4qQeGZR-qpAf5LDgR_*AMg zDZ&VnyE|y`DZ(2n5)vqtv_<)M#qM7#L3Do~kUaU%6ORTI+FjXaj#pqk9BcCy!rHo1KCsvBbS0fqX z)YtYIK-LBajehzYX}T^wnSd`KJ4)*K4+x#3#1OQlkR=g}{RaK!&XVh@p{i$}XZt6j zOijEBDQme{b=PnJq|naq#-J+L#;3^DaYkBu$w&;iU-I`7H!}=j{F=T ztMBjz>yBHM&5ji&X0@Ws{#E9=#=h7vo0bOK&Xbu^{F zK0+lrnD~%9+APm`d1!siEsUtMcjsQ@IH4IjZxP$c7SF>?Eb|toTvG}j&9;b0_h$+| zl|z-)mM_SSz|XpDg{VA-Otl~z29Ew0O2AEp^p(JTKCBa5n;L5`=C@bO6mHv;K2hI^ z&R4$LsG*vaHqIzU#idE!*sJwjHxn&yb-r5O!@M0nI3p$t;(|pO9YRutB>Aq8T?^*r zf_wY@#%Mhrfme!@U31?E_mUNUa?r4XbNg_%!JCYgKO(dsQ;F7X8QC;y1`eLO&HFCD zb1CZdBagc8xlO4&%H=5f#$TF2GM6rC2C)(%PdqRkrhUXI&LzZ>%O_*={3$6uRH~Yk z!+ys|`Meu8A%l&+Ffd^*8~X0BP%XSb4_J|;yP$J&>bSe27`p8es}ruf17 zf$aWRhwyx_hfGSuJ`AXq9tk#3u^}>9fG&L7!?0a>3ptN*mvYT$t{H27<=V%l5d*Em z#MRu%lTW_y(aa{kCQ~Xi`?6in==s4Ju_jtfQ=Fh;W$Pfu^*nGstpYnnNdlfqMz4hz zKY!!g6F8_eTrCh>8b9=z)&w(_LPg1%Mo}vLF;Xx`T#$7qmaX$mWwhs*B5RRy!KY?f z;8vwIt=I~}l+Kdb?*oSu0uPP%izpo?<5(vb_NQomzAmky6I&VO8x!^=OBCSn8bwFzIpNt?-WmoPn6pm0b>Vu}N96)I-LsmDL>+`6xm zk`fE9)6G>Sga@zYU`>oHb>bujK3;^AgA_h>}OC^$@DFE^&9y^A@ey9*I*J>-U%VGCX3)>`AIpm*R)xvD8>ASCYa5f;*7QER_GDR zyOnFw@`tmbihMrb?%5N2r<0FAZ>diXojA#1TEZ%=!El_?;^$AEP057ecNklFvU!;K z!pb&Wssms4B*bqsOS;kV zVUN}URJ!O2>2ct;i+W_t?Qz7NQy`+&?*^wI7zj8TvMRv zup~H)*pQyojd_D3Vo=*ePsj7y}TE*URo6q-9z_(u}ZY?>@W?k|{Zf;GB zrPiBZ-YKI7A6|SAw%{1eCAk~yK?E^F?0i3K^stU2)EJ}SLYL;jx@KtLkuE?5%rXKf z4crpBfY7iC)XUzP<|0bEkTtM^2erCpH3LJBWRRF?z2 zZ12Z03x=Hbsh(+n4K}0=`rcgcw^!T#p&3csTy8cyT+31zy*`pNtIuHxUUf`GU?d&LKnl@-Mgess$Aox03@U|No$w=t6FI5{oX}vmog)bRtErUm?@E z^*knyT$Xdwhq12C*#>}6$6hW$PQ`i6Z-w6j`idh3OXW_KbH-#5Bl>%hdDb;OUirMV z2O|AJ8I)8&)TBj)xP%WU-TF^;;eWxA|1GjeNeqm7TWd>9T(eYxdhSMLfTmpw>i->U z{XY@%|M$N8zmWfDpqTalN}c~hPB~Oah;;b`>M)3z2bvBQB-g6Se_c0AGip|+(b-yn zW~NSCHC{{bwDbO}$bXcVSUres`Jyi3B~CZCD(5A?!BeNt+khbNWbF#(&(|pDuK=pf z($Z3Z2On*YI@sIqqfh|^9K!zt8>Z^ZrFz-UU*} zKkWwvKn!0D(xRqjcbn6cs(wZsI2qqcysG{ylzgC!Tj9Z z-N4>tzSPuIK<&934#*#mvJS6{CZLlM!U?WBNu{~?u0lkqZ_0GxN2YqY2S3~5w!Zl= z>r_x{_1iQ_cxR45VSjwEl&Puq_i!^=G}Zp7778O`zu3Z>zPq~%G!}-=k2Zan9!&ug zNk&Wxqj2@liK&fj1i!ab{c6#x}L@TD}DBW zpQ&nb>{ee4Yy#dl@_jSEKK-`GAqdgP4>SM?dK3ytQLW6YV{P9%j|s)p34b?1sW znLv17YXT)RM<%fNcT_HAT`ShkkK(2eV?nv_{3-Hv_@C;0J?zTj4i>W6k_pB+(x#IG@iM-s@b zeiHwkzVPqd`Q=}7DkveqJEk4i%snWV0<=QdhSf^Kt3_;897Wm0fDw$|AIyA!NKg*J(7y0Y-VN_Jbxn` zk2Z#ZB$z1<2x~QMZCvT5Pe6WopMn2`Yq+T(v^Txzki2G2raZe)W0i#ZDLp2=y@+{_JV8*HPUihRHM-g#{5FZ*ItIMyVIOlWm2ns zGp<>BG%}zTweG-TwwYET-4u-;?*h`_@9T27()27oK8y|mirvV&oZ-0NT zYIUK}nE@Duy6MK-Ht+aMpDAhX7Yr%VP>&k(Pf|Tuqd1Lxe-ZEw1bRec5uB(PQY1Cz z|LFn<*-+c3F+jUd#OoB*X5K!}AoUUiB95qH{8sy>h(^k|=+WWdB;r3%pAw(ezS9*} zw>wh-P@qFS8}-dQFDi^!|I^O}UICe>F~w0$blaBrs61Urt_pA)S_`@Cyf6LmFQv3K zQ{V1sKpI3&8k@-mf6XX#mi0tj#_CLILg5QRky!S6M`zn?|^;1v5TA63D?n_?dN zU>wWB1xWte)O0`>jP&fL9;jpD2dV*^TTu}oTq<(5+X(^<22`0F0o`W+tj@nkla6Fc zwzs#__X2*u`+v6;@_*WVVQE6?{D)?CEsyO`(!~-AZ(H>JH+_GA%Op9A>D)YblxWWHP3&xxPEqWWwB8~xC^hu#ZTN@LUq=_3Q((5P>_IzV5Ss3^Mb3;vF zj>CdsxLlG%_k6t7>7Tabu3OFFh!#$_y;WUKvFWN{r>SBYmYq8TiJ!PeiRJ$6t1jJ@ z1IA+fKB_|~=*2N=5@%hX94e0NI=@Pdo_uCeYu7J=yV*{*wDTFbUvOJ~kL&3Q@GPr~ z)bOO~ImVVNA2C~>-v2;KjS}49w8H*zP;3>qiqs&CBi^kdDis|Dd)QX%GJS~V9{2<9 zy`8(^zNUzVnz;$ou!3(1V5_8++G;&dlwEz5g{fPU>GqkZ(9^c|0ku|(OHa$ht`hlV zVJoImHv7v0)&V4)Usgg?sJh zB+AwiVWSd%D!J1<-Lb7%fG^+4v4KNX^^crw!Rx|zeLRWZN*N2mqQ|-xKJH@u22v)r zcF5y`hHf-hF1kBorrH*GtGxs(n>hP=lBkEp=ZoQ6A9!clz#fF`)bmaTX;KuTNBM8+ z%Ukc=`;_ibyTD+TF|trKi5ha-sX&_BYG2KLSFcmyHBCISOfJ~4o6=C`3lh-gZ{`iY z2cbR{u1qgI+KT$I?<7-@Poi!)YoW(L5@7#$g}>Sh{?1Vl`C{@dtj8)6+tM9jre{g5 zHtxV8A2ITL+xybYG~w0WzER}|pq^3~W+;EWG@P~)-f>sxHzB4aXWeR$R zB8*G7tPe~DkPVK_9=2IO}H!Kwv7sC z=W}4wxO}UUmUP`|XC4+AH8=cj!rt5?L=5G(R312~#pqA+ixCE<81J4D{r;*Tb4m z(3pFg|9~f!JQ<509{Q*>t=Buq_)&YK;uqI=bK0(5Bt)P-QBW;BKiAV_VzXyL2@c(n z5=u#`XnV2yAU!j+r%A=@AgxT?2$EXTWFWRop|SqTtLLvnXpGb9@L-nD<_MsR9{f4= z%F_rsi=H@8(u8dFm3qUT3`e>h5S&bYot;0wEtJFN>9DnM+cVqHw&&&!O>B=)9I z9`E;lG4-cgl}~qn;Au)pPNiakVU&WvvLX&VrMrfgQ#FwyX0>0tv zVTcJvZj@G~r6#fCy4H!^(Dq;gTLO1g)8hV(a-BB?Jz5!2Qp_meQC$mbccpho@Zw~J zd|U>ts-AS`6WHPu>30y4PdjMHRzcNy7P~~>Yn*Visy)q&YzyV=D(>e{V9hjoUbij$ zJ%4P-h;rgfm4O1yp80$E0-`*xN60B?d5Z-U8e3~l%h?5F4>SInTz2Yt-R$qlN91$Q zfO$sTs!`fzL|HNKYlQIV$c#CZyk|hBb-*@)?Po@gopUSYZUav&%l9=yL|4$odsNd1 z0T7RMk8{P3?enQ#ro^bZjV)xTairBFn?JO|#bn~m*-FcatX`c!SlnfxmC3>}jMuA^ zwcw9 zX99x{lRqB~NT0tsQp?KFuNk~a82)l3M|p;QG0u~)XByV9amxiM)^7VkW+G!?13qR>)jgdALNa$>mz{+@N|x>%z3% z%wn?UN>o6wW{HW{YYzps)0e$;95?(JGr(%a4~^4mz#T2TKaBPa)cRch>B#*c97Pa{hz9W_YeTTV5;^Si?a5Z8Io-LByH=mq;Gd& zC!dH664&C&Limetoa)ECZcbyar7cTmnIEhRr6%;%r2CbAf@ud7 z<&_iBvlR3tsoJYNWSGVtIteG*Dih<=c0-CV6zDy3-KcTm{AyamHk*<~g^{o`-t ziJtkJQEwC61HDvllh;&|bu}b~_U)B; z{ge2F%CM=;^`fh6C?uS2;<(2LZGKU|snSaeiOWE+*Um zE#0_gV}Ke!2#n-_I{vxL|AMjn0A9ej0AF@p*%4fXd3gn6=O@S*aE4S>?|?V3XxSV(DR$M*H_b|3zPaBIlqBC#rc=-?CitgSF{!pr7s!k!4vQz_E+I&>oG((x}TOl<1MBcdht z7aF8!;}C}-*AcxA`9ICH>zqpZI3sf$e$|uZuFwx}ou!MRz2R=RPSTz=ij?VvJ9}); z(JcnmcXxRoith=VL>!v-G{$4^Dd8^haIQL?y&o*FS67}%%+0;Oz-To)#{SI@O9M58 z)$wC{(n=Ncni)xW{BimRL4PvVj2hGKfC3jtrpl4BExq8@&vg38>V~x8SfNQxyV1eI zu)Q^mZ1a)!d#um92aB;{pTgI-1=Y}AcR1()?n|o!dGD4n%{jdgbUZTCpcYD@vDqK% znwwK;puUK6*(Eu*xkLsD}QLkVX}*_oYw#n@RD1VXY6R2V zd|XQSF~w@5D=AmbW|>XZfYZwUkq$FpTuL@dUWm(!Fcz%Zw!JwY1;H9Q?>ea~k&4u{ zlogR{57(S~nm<(dY+SP8kP*T)M#qZTUEgc)a5SLi`6|92$y+lY=+f)Otdu7r)H(>C zx9j%k@dlS4WgN3qixmCvjHnwvs?w30J) z7WvxQtG7Ea#~NEI(xHBhko*>M4Xy){UiM;*d6v$^uc*TY6FT-VXy~100w#9h_kA)Xf`E!N2m}lQ_TWXLEmN3J#8o$#C zxiKHAKA!%dwP^Xw$7h*S#yx&?kI`+5ZjW^Gja^>F;>#|ju|H<^&Ykc1i~keh1dX+x zvT@PV(`-CCLPf?2#vsI#DA)vsXR7t`;0{Y~j{d30?s=8)*BcJdq~KCW=GGU=lz?u> z0FO=W^?;-{Y}i$k7%VbMfqqf(9Y|aJ7Kr72{+_)7Q2tpc-}n(5-&JJytO>wthiOTFDqfp zO=$fGY8*LUFIQ@FoPF731g=qw)oD_Nf3W2xhlVlduUVN`v>VP=R){#Jj__pIBo^ew`?kl%Yy&?dD>ro3zKC{|dZI8@w zqe8lO;aze~7E6eTVYs}AZCBe1pDTsv7q4t~vy$WR?JUc~2kIaBs(%nbem}wMr!AkP zzmYqUI2n%S5n{rZEp4l-k{`KFev9i8M9tKdOGf)mX@8)Y6AW|RxWyBA>197sC`@KC zJuS_*{bRQQHNxLfMtfAFmHEJ#T((&VrFV;^g|a$o0`5_ZJlk2n^=jEbm_k!WjbLIVAv_|i|asuP@Wx9rO=IA`t32exNh1Wdg#g{wMeetTD z)|jB!?fq6--wz^&?2f(^|E0aLFhOI_b8^9@Bq29HZ=Dfm#!9Odu&G?MkVQ{q!~mC}pvuPi zuQQfamBr|RdA;n($ExFLMGpzF7s%H}Ro@;!XvOW3ly=r4g4m)*wF9CCr~KCXJxxu2 zBSP8FDxB&CrP=F|`=_!aR2D4myh8Yf#3q~IE3qQ zgK%C)eu8;5H(3AuaEzfiz8tGuu1s6jD66gLg$!vfgga#FHys#F8R)n@O)YCBdpPbb z1f$7jd8^zw^WtxSR}v0JtiX29-Pen?%HPtzGp=CGABkq!m6tPb)N|A3iv4i%bX73d z!i|X?n~(aDM0dCz?pn8TA+7UBby4L#)lXWVE7_dl>WI4dy~(_4PiRH4Qz^+WPS zIL`tzs$t0+y3cFqMK7bYi`=p=daAjNa&5e>u0yLB4Tny%Au|S;BDnoh@vqYqB_5Fv zTBx=+ZvJNsY@T_1c0U&*GfnD@IhXS^?wU1|M(nlu7LTx|*s#;y{spgb3bjiXsqGbI zwG$~7@?r6!VYd`sPY`$p4gA0n_*i4l557lsXV7T-*ygQwdavrwx+&e_1y}o-UzNxi z!*@ure$(LMGxo~bc;uH-STNu8RNSy zF2Z@4qW4v7&D#PR>7EwJdVl80YxIRD*H6}C+I*$K#j$Lbx<2d>^?6f~eXiZSp273s za6t%s>urjNr)Tq=qbD~9{2v4P^Mh#FAOG2_&x!?E2* zRiCf-*t$!%8Q3(bEAHrdHY3Sp$&baCazZC1HSSoKcg|$?sn0%Zj|s&U_ANZm+1*(b zw>th;*G)^e8!wMG%njx<*=AM9DV%@b!q{35pWpJL|KQa-YQ37@A4fgg<5js(D>uSt%IB!Rm!7AK-{uRt(KIi3LUPO8IG!7p zPaTq1f90Gae5ix%=n~BX@zd=Noq2Vn^j@RWZ{9bx(cD6&nqL!5FTJ!|bFS!Yx$}|E ztG9z)=W2kO)Z5-1C`hZZ&YB#3@v#Jet&f&CBLSRN>&xu@Y$|`<;<-uK-HHDu+go4T6e8Q*3hr^wkOhwNpKgHk zzKQE)S~Vwz<%EXWCq%Jlg^udLg16toxzI31>6c`|t-c-HF^m>aie zRd|ID-vi**2H>og4=9Z3z4eKHHiD Date: Fri, 14 Dec 2018 09:42:01 -0800 Subject: [PATCH 38/54] edits --- .../control-usb-devices-using-intune.md | 153 +++++++++--------- 1 file changed, 77 insertions(+), 76 deletions(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index 84b722099b..9cf6041d31 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -17,89 +17,20 @@ ms.date: 12/15/2018 Windows Defender ATP provides multiple monitoring and control features for USB peripherals to help prevent threats in unauthorized peripherals from compromising your devices: -- [View plug and play events for USB peripherals in Windows Defender ATP advanced hunting](#view-plug-and-play-connected-events) to identify or investigate suspicious usage activity. Create customized alerts based on these PnP events or any other Windows Defender ATP events with [custom detection rules](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/custom-detection-rules). -- [Prevent USB peripherals from being used on devices](#prevent-usb-peripheral-from-being-used-on-devices) in real-time based on properties reported by the USB peripheral. - - Granular configuration to deny write access to removable disks and approve or deny devices by USB vendor code, product code, device IDs, or a combination. - - Flexible policy assignment of device installation settings based on an individual or group of Azure Active Directory (Azure AD) users and devices. -- [Protect against threats on removable storage](#protect-against-threats-on-removable-storage) introduced by removable storage devices by enabling: +1. [Prevent threats from removable storage](#prevent-threats-from-removable-storage) introduced by removable storage devices by enabling: - [Windows Defender Antivirus real-time protection (RTP)](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus) to scan removable storage for malware. - [Exploit Guard Attack Surface Reduction (ASR) USB rule](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard) to block untrusted and unsigned processes that run from USB. - [Direct Memory Access (DMA) protection settings](#protect-against-direct-memory-access--dma--attacks) to mitigate DMA attacks, including [Kernel DMA Protection for Thunderbolt](https://docs.microsoft.com/windows/security/information-protection/kernel-dma-protection-for-thunderbolt) and blocking DMA until a user signs in. +2. [Detect plug and play connected events for peripherals in Windows Defender ATP advanced hunting](#detect-plug-and-play-connected-events) to identify or investigate suspicious usage activity. Create customized alerts based on these PnP events or any other Windows Defender ATP events with [custom detection rules](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/custom-detection-rules). +3. [Respond to additional peripherals](#respond-to-additional-peripherals) in real-time based on properties reported by the USB peripheral. + - Granular configuration to deny write access to removable disks and approve or deny devices by USB vendor code, product code, device IDs, or a combination. + - Flexible policy assignment of device installation settings based on an individual or group of Azure Active Directory (Azure AD) users and devices. + > [!NOTE] > These threat reduction measures help prevent malware from coming into your environment. To protect enterprise data from leaving your environment, you can also configure data loss prevention measures. For example, on Windows 10 devices you can configure [BitLocker](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview) and [Windows Information Protection](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure), which will encrypt company data even if it is stored on a personal device, or use the [Storage/RemovableDiskDenyWriteAccess CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-storage#storage-removablediskdenywriteaccess) to deny write access to removable disks. -## View plug and play connected events - -You can view plug and play connected events in Windows Defender ATP advanced hunting to identify suspicious usage activity or perform internal investigations. -For examples of Windows Defender ATP advanced hunting queries, see the [Windows Defender ATP hunting queries GitHub repo](https://github.com/Microsoft/WindowsDefenderATP-Hunting-Queries). -Based on any Windows Defender ATP event, including the plug and play events, you can create custom alerts using the Windows Defender ATP [custom detection rule feature](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/custom-detection-rules). - -## Prevent peripherals from being used on devices - -Windows Defender ATP can prevent USB peripherals from being used on devices to help prevent external threats. It does this by using the properties reported by USB peripherals to determine whether or not they can be installed and used on the device. - -> [!Note] -> Always test and refine these settings with a pilot group of users and devices first before applying them in production. - -The following table describes the two ways Windows Defender ATP can help prevent installation and usage of USB peripherals. -For more information about controlling USB devices, see the [Microsoft Secure blog](https://cloudblogs.microsoft.com/microsoftsecure/). - -| Control | Description | -|----------|-------------| -| [Block installation and usage of removable storage](#block-installation-and-usage-of-removable-storage) | Users can't install or use removable storage | -| [Only allow installation and usage of specifically approved peripherals](#only-allow-installation-and-usage-of-specifically-approved-peripherals) | Users can only install and use approved peripherals that report specific properties in their firmware | -| [Prevent installation of specifically prohibited peripherals](#prevent-installation-of-specifically-prohibited-peripherals) | Users can't install or use prohibited peripherals that report specific properties in their firmware | - -> [!Note] -> Because an unauthorized USB peripheral can have firmware that spoofs its USB properties, we recommend only allowing specifically approved USB peripherals and limiting the users who can access them. - -### Block installation and usage of removable storage - -1. Sign in to the [Microsoft Azure portal](https://portal.azure.com/). -2. Click **Intune** > **Device configuration** > **Profiles** > **Create profile**. - - ![Create device configuration profile](images/create-device-configuration-profile.png) - -3. Use the following settings: - - - Name: Type a name for the profile - - Description: Type a description - - Platform: Windows 10 and later - - Profile type: Device restrictions - - ![Create profile](images/create-profile.png) - -4. Click **Configure** > **General**. - -5. For **Removable storage** and **USB connection (mobile only)**, choose **Block**. **Removable storage** includes USB drives, where **USB connection (mobile only)** excludes USB charging but includes other USB connections on mobile devices only. - - ![General settings](images/general-settings.png) - -6. Click **OK** to close **General** settings and **Device restrictions**. - -7. Click **Create** to save the profile. - -### Only allow installation and usage of specifically approved peripherals - -Windows Defender ATP allows installation and usage of only specifically approved peripherals by creating a custom profile in Intune and configuring [DeviceInstallation policies](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation). - -![Custom profile](images/custom-profile-allow-device-ids.png) - -Peripherals that are allowed to be installed can be specified by their [hardware identity](https://docs.microsoft.com/windows-hardware/drivers/install/device-identification-strings). For a list of common identifier structures, see [Device Identifier Formats](https://docs.microsoft.com/en-us/windows-hardware/drivers/install/device-identifier-formats). Test the configuration prior to rolling it out to ensure it blocks and allows the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one. - -For a SyncML example that allows installation of specific device IDs, see [DeviceInstallation/AllowInstallationOfMatchingDeviceIDs CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-allowinstallationofmatchingdeviceids). To allow specific device classes, see [DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-allowinstallationofmatchingdevicesetupclasses). -Allowing installation of specific devices requires also enabling [DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventinstallationofdevicesnotdescribedbyotherpolicysettings). - -### Prevent installation of specifically prohibited peripherals - -Windows Defender ATP also blocks installation and usage of prohibited peripherals with a custom profile in Intune. - -![Custom profile](images/custom-profile-prevent-device-ids.png) - -For a SyncML example that prevents installation of specific device IDs, see [DeviceInstallation/PreventInstallationOfMatchingDeviceIDs CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventinstallationofmatchingdeviceids). To prevent specific device classes, see [DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventinstallationofmatchingdevicesetupclasses). - -## Protect against threats on removable storage +## Prevent threats from removable storage Windows Defender ATP can help identify and block malicious files on allowed removeable storage peripherals. @@ -165,6 +96,76 @@ DMA attacks can lead to disclosure of sensitive information residing on a PC, or - [Block all connections via the Thunderbolt ports (including USB devices)](https://support.microsoft.com/help/2516445/blocking-the-sbp-2-driver-and-thunderbolt-controllers-to-reduce-1394-d) +## Detect plug and play connected events + +You can view plug and play connected events in Windows Defender ATP advanced hunting to identify suspicious usage activity or perform internal investigations. +For examples of Windows Defender ATP advanced hunting queries, see the [Windows Defender ATP hunting queries GitHub repo](https://github.com/Microsoft/WindowsDefenderATP-Hunting-Queries). +Based on any Windows Defender ATP event, including the plug and play events, you can create custom alerts using the Windows Defender ATP [custom detection rule feature](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/custom-detection-rules). + +## Respond to additional peripherals + +Windows Defender ATP can prevent USB peripherals from being used on devices to help prevent external threats. It does this by using the properties reported by USB peripherals to determine whether or not they can be installed and used on the device. + +> [!Note] +> Always test and refine these settings with a pilot group of users and devices first before applying them in production. + +The following table describes the two ways Windows Defender ATP can help prevent installation and usage of USB peripherals. +For more information about controlling USB devices, see the [Microsoft Secure blog](https://cloudblogs.microsoft.com/microsoftsecure/). + +| Control | Description | +|----------|-------------| +| [Block installation and usage of removable storage](#block-installation-and-usage-of-removable-storage) | Users can't install or use removable storage | +| [Only allow installation and usage of specifically approved peripherals](#only-allow-installation-and-usage-of-specifically-approved-peripherals) | Users can only install and use approved peripherals that report specific properties in their firmware | +| [Prevent installation of specifically prohibited peripherals](#prevent-installation-of-specifically-prohibited-peripherals) | Users can't install or use prohibited peripherals that report specific properties in their firmware | + +> [!Note] +> Because an unauthorized USB peripheral can have firmware that spoofs its USB properties, we recommend only allowing specifically approved USB peripherals and limiting the users who can access them. + +### Block installation and usage of removable storage + +1. Sign in to the [Microsoft Azure portal](https://portal.azure.com/). +2. Click **Intune** > **Device configuration** > **Profiles** > **Create profile**. + + ![Create device configuration profile](images/create-device-configuration-profile.png) + +3. Use the following settings: + + - Name: Type a name for the profile + - Description: Type a description + - Platform: Windows 10 and later + - Profile type: Device restrictions + + ![Create profile](images/create-profile.png) + +4. Click **Configure** > **General**. + +5. For **Removable storage** and **USB connection (mobile only)**, choose **Block**. **Removable storage** includes USB drives, where **USB connection (mobile only)** excludes USB charging but includes other USB connections on mobile devices only. + + ![General settings](images/general-settings.png) + +6. Click **OK** to close **General** settings and **Device restrictions**. + +7. Click **Create** to save the profile. + +### Only allow installation and usage of specifically approved peripherals + +Windows Defender ATP allows installation and usage of only specifically approved peripherals by creating a custom profile in Intune and configuring [DeviceInstallation policies](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation). + +![Custom profile](images/custom-profile-allow-device-ids.png) + +Peripherals that are allowed to be installed can be specified by their [hardware identity](https://docs.microsoft.com/windows-hardware/drivers/install/device-identification-strings). For a list of common identifier structures, see [Device Identifier Formats](https://docs.microsoft.com/en-us/windows-hardware/drivers/install/device-identifier-formats). Test the configuration prior to rolling it out to ensure it blocks and allows the devices expected. Ideally test various instances of the hardware. For example, test multiple USB keys rather than only one. + +For a SyncML example that allows installation of specific device IDs, see [DeviceInstallation/AllowInstallationOfMatchingDeviceIDs CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-allowinstallationofmatchingdeviceids). To allow specific device classes, see [DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-allowinstallationofmatchingdevicesetupclasses). +Allowing installation of specific devices requires also enabling [DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventinstallationofdevicesnotdescribedbyotherpolicysettings). + +### Prevent installation of specifically prohibited peripherals + +Windows Defender ATP also blocks installation and usage of prohibited peripherals with a custom profile in Intune. + +![Custom profile](images/custom-profile-prevent-device-ids.png) + +For a SyncML example that prevents installation of specific device IDs, see [DeviceInstallation/PreventInstallationOfMatchingDeviceIDs CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventinstallationofmatchingdeviceids). To prevent specific device classes, see [DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventinstallationofmatchingdevicesetupclasses). + ## Related topics - [Configure real-time protection for Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus) From a6e5b856a35a39d240e368949aa260bfd45ecb83 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Fri, 14 Dec 2018 09:51:25 -0800 Subject: [PATCH 39/54] new images --- .../custom-profile-allow-device-ids.png | Bin 28634 -> 19577 bytes .../custom-profile-prevent-device-ids.png | Bin 29697 -> 21633 bytes 2 files changed, 0 insertions(+), 0 deletions(-) diff --git a/windows/security/threat-protection/device-control/images/custom-profile-allow-device-ids.png b/windows/security/threat-protection/device-control/images/custom-profile-allow-device-ids.png index d51f405f064c3d8bb9b9a8ad346c71a87fcd2277..d6679cd0bfa1ee173f98ca34b6a0d118e524388a 100644 GIT binary patch literal 19577 zcmdSAcT^Ma+wL11h=?c%2nbQCbVZ7Eks`g<&_wCIg&t545D<{ARHX_b^w1#!U#S8H zNJ0w%>7lm(31!FM-oNv{XTRs{b@n=Iowd#%3{Pf-S;NdT_jBE!>zY_SotHE>SZ)9S z02*~QWdi`h{VW|JMW<;C$p%Qc%-@b-Qf54$1~$;H0yqJ%BewY)^2xYmrzM5 zJqXZt5ql>p#^>>m`X7C@A@x)WU(Lv}caK+26i5h1!mKayqhNo^;aOk;+;Joik_|c8 zTnTdU$4pF^sgTd~f&9JA+4kwY%K(6zR#r^j8!UMzD|_d40N}^%kL2;q{}}#ip;o0f zgp8t4+z>-*bZN6rH2I(H<;~RzI4~0?5jImD^MZQv#7nzZt6@2xULEXLo#p#vPz$nv zX1&+P&_~MVpUOI3Sr;T3jkJkUX zCCsvk(8g!Kys*q8E~i;S=FNS|8%R=T#e2l0(4mBH$vV;Q7~Lh_i#vYpq5EGHV~(zz zgd>g>gCI%T&~+mz=*r<<=QM)T*0-n{d1Q_W?IwPY+>7-EAJ=hBk#L@Y@j!x*WJUT7 z@|{IjIX%OR-7Q1Ws3wK0%kN7a1x!~rS#k+8$BKyYhiP=2y0d*q%uO_HZguU2zU|^=scl+$ z{s4J!M%%93cIFZ7d0yW|KxybfEiMIj-Y03POurU(m<^dD&00~qzT2KY8n`&C_7BzF zlD&KuSV+Ucz6PJ2Dvs{8m{z=^Zo58WNge0FqL=(a>?D_fLfbU}3*Q&m< zm44Qk;LTX_6;?UzU7#K8rd?m~K1sS*(p^f7>EHpL+FZo9^Y4vBtuKBik(S%T`PM+5 zQcDbxd+!2VFz$OtzAQoheJbG?|NAv{^~Xma^G8?!k-iLjhSdrsf?*N3vh4$@KVm<5JwaHW zbX;;I9x*r$#zT@ArJ4QjOisobg%RpyefDLRa>CD8gU+@S)aEG(1^XK#;*7Cv8x?kN z4By@!j_Sq4(K)BtF2Wa?-^asLC?7s|DY;a$K-|HzeGxGb-o6Oq=#>{CPgh`*QpZEb z0icZ$bsPZj)pv*m6u^>bB6JTz+Tue-e+ z;OMZuLQZu0Z}Q#F*}FVR%sAUSY8|AxlF<@P+5h!~C|beV>XW?LX6|7d_BL?e?kR)rCC;Pe0F~qqhgf>lfrggJ2KY zc+$L_Z*vhZ`{!=Ce&is?`Fpevd3`?GsvfT*I@>E-y zU7Pd9q=8@AR-q@ej*GcKnYm@C#q4=;ZCWMCHwe2HvlO3y(i9rH9Cm`jUHCRv8fA!B zoyCC`JXa*G4|&$WgMJ$m5<&Y=R~s1;4A-tD!RC7g3#I`8Drl^-68*Pl-E}Vk01`Yy zO3-64guKGQ6JA{f0A5`uivmFO|2#B#a*yrP*_V%YUA^a5&^C*|wcn&Lx2oTo-2eUV zjG4KWZ|dmNj95l;pT#;`i+a!NE2|-d)-u=95Ft@oly~bn>CG6`@rlc0#O9cDl6s{6 z74nMalpc{BT@bQJo)ZI$b~}MM^CRUKBMw2a_tPS4Zu+Ip>@RB02;8CE%81MsN#k9~ zq%*jjjoXpWj)B_kZw64lE4w3kww~8gB#lVj?&!02dcfGjp{Ug`u!OPX%=A3eCD$^R zM*hy#-`YnXEE#C8TZn|WZag!i=8+Med`P)n`7=$4GCze)Mq)6PV9EA5+`!*5xNIYE zFK>x2DyZLlFB@&{xc;T~=Osgw-LRV$xoZf-!k@O$auEl8#*VhX^g56MJB+qVVsL|_s^I?~)=f6C+yx#HN zP)~7UHTF}N>c}hQfqNgzWJ%S8L~%^V|=!3PZH16-0#YXU&N+P+gr!L zO!nDQvMWP0gv&C5hgyFxM2Fy57rB|Nmx%2avnN|e{jAnL-z=A`s|4&?F243nFBBV7 z62gb0dR~QkW=8rTfO?sSG<)(2xdE+GR}Ch;cch!Q%Gi9IH=>k$cIF&xZqPTJG`rNn)mv7v zsIZRrJm%N@`)GI%jUAY*h!jD4c|-~vjXUSMQ$6WtJdMNGl zON3R)`NXPw5j=IshQ&`g%S8(6!u;B*V%k%e2%Cl^1KdqUQL_9=M|-*dkM|9OVJR zq9wVb$~xx6G3~e6BqVBApAkXB14EKHL7OwYDdY$ZvsjvPtvU=xVG!rw=CzXSP|4~F zzmQ6g!p_3VxMt3lp~hKs_SjKk(}k&lA4|Np2$2|}b@&rwSiKF5>H5H`>qC^z^*U2& zy;N~+UF=@53coK0w$isNs?c`Rsl+1Mk*9bZw>tOP-?K{Xr-B1_`lKmq$>(JKFS}Jk zC8DEa>6w>Ug|k`VSH7?tb)RqPv!|?e_E3(N<^^kPH7(ox*fprrH1n&W3zp0O()?E zQEO)GEo;-_EDC6CMX$R8@EI>ml6SFsH>Rs#l^3+kEVYzoSV3D2n)%sfY0jf* z`{U(PY`3q0htGzYrQ%-k!^vh}HMx(}M!-WFar|cmny*<}eb&htL zis~QwbHSY+;lBW@tW`|2g}@yC+?7dG)Oy|u=etQTfol6fM&^6>J~1JVf1)YPw6Q6K z6;~On-ty@PI=XP=Z6V`Y{^hSADTBDtx%TqMbOcuuu;aomO1skw-oNHLPlBhZX~qY0 z847BY^d9bCQH_zB#dj{ZL^3d3&F*Ux1`V0?X*xd=!eX77Q=F+x!J4ryBVLfzmWoPN z1ub{E^_9D4pWmi-e&e)B4i7x&_UUn+UW8j5nc+}1wh_r9=a}e;!ZCv7;!dc3aHA(x zp5R?O5Ml`(yXB$I@N`sXdTS_K(!zAcxir_o>IYQ;@04Qlm&Y?BaR;qWVb)r9z9&;u zO>+b`Ipp;ITWVgpF;OE}*bU*E2g-TC>m+BCRh?(da*=|Y zyW!$~ux82;_4@1b5Ek~Hw};C+Nz0*N^Ko)lt?ChS+`e~K7_<0i3tM~mad0CYRr4+) zxsax&cone(l+C>xaKdbvOEaulzCgzr@JiT~R6NCCUFXlbk{ghhzk7U5as=5QZ!gWhESo})`dK9V?z|F}1p*6-{xb06)_NQ1WSH1ExPSeP# z;a8Qx^`qX(EP1NE-;%s$sHQSjt+s|V+tTW1YB<^wu@XLK0WBJq;UBhVX3@WFm&h9v~%|fh?YCrrsZ|%QI$I$d^n1Sz8~X;W{c0?y_Vrm^!0r`vh4dRsBH_&+ z6BCID+}TzDh>L_@)%^llH;2gx)TXJP*}Yuf6z>zG|{R*=!)X_0vp#*gpV6e?KAs z)L7rfR2}vm=+#dNaOfv6j^3VRb*?im^{~RP7zyN}k1~BS;&Tq34-5&RoXjqUkKw*c z1JoT{2;$5NX~h%kT}Z3JtMM-eRp8{TSg8Ds+@BF1)_d6=dQs=hfV=@PO zeD$w_Q2Ku}w0iUA4MY2o{M$qO?ZkB$H9#W6in6M{a;Z3od^#0|EFVqqa{z!VN`svw zMysDr=8FHln{ddbD7^Lszn)TA*;nW}aA;-z7r2QVR6A~3;7MeajtBK}tG0`pSE?1$ z$qp!ujgE0h(@TKoygFIsVl=>|{*;e8Fu!Kx)b0ZC!c3mLY>@Pd=2tCn#EhBXb(qhPIHr#+ zV8&MI65y?Wu95r4mN6xcv1Vo`rTxdJ|D0dn+How6}ea3V)b20a9^0qF1Rb@OIW|UI-{k>WNka0sG7$5g9VH zo3--Lg`yj(AQrCa#)+p)&nt|00Ap8pi7Iy{ir&Pr!Hw$5tDJ@>H=OzC zzJ@aFJ+Dqb*@PhNig+P52sb81d*-aIUE6Q1GTc8;x+To4HQGUDF8UAisf9(w)D|f> z+7;7ls$9^!1m*HNtoVT6FarJ!gsNrjwJU4cUOmqPR(l@@u~tOYy;fa5bA{7k`H!Z) z|GK(Oo>+VhxK_y1oE7uNL{*^)F)POORA+^bxh?^@J2wkyVb)bpxZk|nI9q9bmQ{?i zkqWIFS4_Cr3Usg_jIi<4XS#bkeH$pp#T2le0dur;sH#W=-~U)(Y>)ORosv+C9H}T0 zl|x~=p^dAktd3rcOEGUmq{r)tpLX0pR@1`=nB0tqW#S!)8oFurwc|Drn~{T0X_-65 z=ces=N$haprLZv=dMQf%`} zjs4zR8vO7}{}X&|>maaNo zV-CW;Fg%D8Cgy#OgN043I)Oh=FwFi??)Fw$(GBUvWqv+VQ`%lUUN2$tCRfQpvRU9U zqI`ame__6N(k4eAG*4~w$ke(YQa^WhFJ)}>wu~*M`_>dp$Caxh(f86%tII`WTQ9yY zUe<)S2>+HbuXJA_{?47>X=^PqzqN~dGWODq$^y8&|>yU>7iJDhB zRmgL9Vzu(wMZ6EOOeDQ|J5;OVyh^HhyGFN9Nf*l@5`z5c<2>@x{W}V50Dm&&WPL%z z4CbG&vqr&I12KfFEUXkdIiEj*M^m!BTczHarN!{}!@@Kk$qQVCza-xV7uV&mICSC+qz2{wQ_7}PDI>off5cBI2P}Gbp1sJ>$Y3D3610u6UP;5HMUZMO_ncRv{zm(t&_rmt zVyu2q`H*gS$w{O2yM#XF)pCOSVt=1ayK z*<3M`seedF&X?t4%9C@0uvqlJ$zOh`K~@hxs2Z0rBt{w)=(~Sw4RnzSZorbR-HI0F z1YrD6vZA|j^etEe@#PYL6{!&>@Gp=!xAQNm_+Mzne*zc(JHs^=R#xb$JK<7=h*fxK z9r)6Z9)puEpxOT=pva2(u5snxnx`%?5*eXpld0C3C!v3DjVwZ@-f&5TDymu{$gHAL znp$+J$L46ND=phCUo2GfV+SJaS#G`;J7Wp)^*)**x4BF0REkXRyw{)JYkvOFN{&MX zgWc}Z$Ef{QP*hSw{L&~ksCjALki^ra<5|_`r})Oi(l%c!K19g&+hd_JHw{rz25#)WFIL2Dw>C>k^+wDgKBjM-1Aq)V3-)jg(;k;CG|KoZ) z6@Gd&oBqAz^Ud?Ad|IV;uUq7Gf@b{1Zc9xW&K3|-C8 zw+qV@YhME4I%1XVWU5#le~Z1a8Jj%JS4v$Y^4uDP)6^f!p7|y2*Xc+wtZBG;vdJWl za1u_|17}VvO#cUm0rhc+&UYcbAfKPf+N2o;6n;VqVap1B0UJvB+YNa%3sLmZRl=-5 z|2zDZ)gqi_@4jB;&%J4=Y4q!0f7YJ`}>-}|$-pQvzN?R|QTXK^|G<6Srg*H;P_?=Ad7;zl5gpV0~xA+mU;mh>> zFyRqiWjbD1JN;88_`uvB7v{?ZJh&ch+2bEE5fTGEWih)J)sM<{kG zV-r?h9BdyVc<3aaAt63Gk4;Qgk6p^Y9-ud9?|L?d#Me)uKFCW?ns=q5-5Q+6JVzFi z6g;drN^||QPX90=J~`$?(8Q|+ic~u-G4_?Re8tH0>&)M&%CWtLrqWSuY0>@z!}uDC z-VwGCO6;|Dw?74=xpRZ5+|2G-w`Zb!%M~s3FPLf6Yw!GQ`PS*+e=_wW&xta>N#~X< z5#zJ+%?j-Z&Z+PG{#Tx;CX_>ds5fIa%huT0X{XrN67RGQJgp2LK3i|x8AGAA^C_cL zr~Jz@rXu6tQg9mz74g!!=SzR>RD&YPZL0(1vclP#E{yuas?MO^qRS-HTFf+D_fYY7 z62+;@lb`~ZujlRj#|@6Z5&bA=La7OZUTaGgYpKYcKDC<9$?TXB-JUqSg$`%={El>f zXIKU4uwal$;GL8Fg*AMty{FMat99Xp7X#YlvAgV9AYUf1M0$ic$-Vp&X-h1*0jF+K zD;p|@Z96Q$hFj%na0~3QL2j}aG4>tznqMXCtN`Qy>taM-j^?nV*}fL<-d}+h`i)zv zSjWX-8o27+-S}BAYp{HzzUoTxi9gOwh8CK4aG3mJ@hlnq2V*gT({>%8b*&PoYjvV6 zq1TeRU!_wTb{>(L70wQK8C@Q1&bh^Q5_j5N2+Vk@GtE8^}bOvUdQ!X zMh@KT=W7ScbcYiy9?1w?13;(xb`B`#myKUK5H+rT8A^Eif9L zkoF2bp;O>G>n~dsk{e>H;V62)s$K|LwDECcb;<+Dt;uRykMC$+9!qM&$!C+18aXl3Et2a5Kl=!Y zMtc6JOh4ST7HNLVqORGwTWzw3^g73?=D0LK%8UZK!FS>^W>Ha-pE3$oef$p9N+yaJ ze^8DdJ6fasWMT)0qgN=})f(4U&le-?z-_{oEv^|q&CT2z!h1D@SkWn0--U=aKbKb6 z+`_rH>?d1wv}|ncQC1}N4bfV2D?9^bVA?iB78@mPY$2v2>i0ih&f4hy2by$j9B2JR zH6qR$`H%lEDQf-L`SSYkb&9dwwcZ$5fq}wCsStkuk#>Wm_dwAwHdW8>| z)`f2&z>W^tuC}V;B6n@;=P6jeDRy62YC=9Airr1{sPY&AX^ej&-H(fZU(Ida6$mB` zs?3ggT~ua(T1GUWwCfGbu!0ItpFeDvbF1yReZ-^Ee4@b@(s1wM`bAbMiJkOb_F!CS zua?P5Fq05E9u2bMC4)Y5=hgyR$g0xl^z=F+14vQG)UgxgbBHn}&0QTwUTM#;1gR@q zfj!@6e9hS7Owhfzg$?!?=88w2F@&CNM}W0N3_{ai)YGV`(N4kjN_d~2!7$6xZ1UCi zA+JwDzt-ccOT?~nvshU;zc{s{gAKb>EFGN1x?2;LxF7ZF(5krvSDRR2%IG^fu(7h~ z@#5S&yvJ^Bxh8T@!e&w-(N&~hlg|gqBwB0aVgdT`OeAUPw3FY;a>yv z!`hNPpSYyE)dhKVE#1j6v^wL_eW<$r3@>#)**Kr1NhG$0A#*>nfW35mSqxetYsI zsDDzN7pmDD&3n`M$U6MC_Mr0QHGcOrmUUdEQ@2j8c`M7I;sdvO*81eWgR9*%!=;RT z$xh;Jxd6)x(8B0*h;dVP?$3^a4QRt3USAs@{l;67_^&1kC&*wTF$^|-y>uyqbLr2^ z)RFRLV{2T^E=VCY?|Rso!spD&uMp#SgMEG>tH%6qAKDwSDK}vS8$%K|^=E+BH8a*FrO-_A#XdlTdzwuy7(PIehn4yuU-dNec&13ia6Nxm+S2ImgLxPW5y~f4q4ysbqCpA>~37^x$*6`V*YABGc9o0jZ&LNY0 zEg|W>rNduONB$DXhoqzJBic=L*x#rSxxb(piPa)ZrBNa_$4fJ)S7R{~x z{-*RVYMCH8`{?38_hJz^B_|=lLo0v$m4@u1Pr-Gdqn5S(O$tkKgDO&MMW1=(KBZgA ztEomMtBG5fr4$vboO$FlhhY>RT>^c^LuoMLqhAR+|A!Ao^HlU9Ct>!J4pcY9%-P6& zYIpwin2Wy4VK?wxPo6BONCxn!Ut&N>9bQ!pcjmoUAEZrL1`h zvgH9)?Ez?h-!U7BPp)J4Dfz{4r3;5~1_o6f^k)npV z8761qGD%p!F>RlNRs9g2j{4Pe(srXGM{goqs)a}M&pg}0QTKA3yEfe|DzVGt#9qro7`da_z&W@@aUVS08#-%E%S< z_i211n^L#Nbwq{zwBPHF%Geu}s5~8?50c!{(mlj?pk(EUtA%KWXNTj4Fes1IO$l~v zN$nMQ;Fz4O*2JZ1d`W4ky@$teo;cyR5^X>3bO<+5NADPUjm*PYhSbYjWv;8p?TfNo ztD8;>ayvg_N#6v~6?MBf8_3Ks90l@UmyHTl=Lu*CkRBMG^4oZVDH78ngEQggMY^CN zSL-(;m-}t2caO^#&KEN;`(|dE7~9){<;*nr@KjafCtE~=h|Mgt&Judec5^L z&~iDdKPvfE{*8#!kFA1k;TM2vZzq|F-QC^j`A0WZOf9{mHn6Q2V%{^}pvN~VKSV+& z*}t&!YjRg~?-`phukBXR421F&ln-Huerlr%*QcA{fw8+>+af)w$PtM58D+hWW!Ui?(;JexUgS z*5>0s@ozd;@rR4zyPolZs50zg#VNR+8f`|^uqj(e~Va~5uLV@d`d1}*jX^GGu*#M}RJGyYO9 zr$)jU=Iz1orYH!OMN^&{sV#b49Myx-Ow0S6ZgiNP7RjMxRD8)SC%W*(w`%h7@c+SW zLINyBT5nl9kD#M>8k@2p*>r$J%zyWaUSECn<*uELs@)?3gBHNdhP)s6V5+xBSkIplKO3%Zv4Z@@zVcF6i@r&dyI;$-x<#%9IW4^%**gX{_A z=oDk`{uK~6QwKsn-6|pD7G!}Hw}V~D5AU!H*@XKHORXHQ)YaAPkzM1-0CI?L_|8Y! zOb>ov&>Nn=WTo1li@SV`1LgEL^-*SYTKKoXCr&XqKN=W(+m0~s-*xrkHxXqB-l*wa zoDJEAJ96mC?!LbpuM+gvi%IH(HO{(NkrzY5tA)3ep<{ngPH?*XJT3jW{TNs{DMvReb}I@zz`;vil!%dkv=~gb_H^!il-7so2&i?4 z@yS4hNA<+`rw2{`Jk36g^e+l97_f~^4%ZTM`wby4BI`HYrW>>=C@2WI@97BdiuVF01*Pza46gfVgS`1HXt0n`^Iftd! z1=nw!lJ6m0n5+x#Usq+@LpckN-z*lQ0@Dr#HkdGEU_9aCpJt`_Qr4)-2Psy#8N#S^ zMn(1W(hLyB#cOYhyfvh^+x9~b%~yj)Lh`^Ux7oJI769ORY0KXLY-_-FL#f&N!TJeN zTg+Xv$k>_KwB12kB(KFCFl41w>*8NOpN1UsoFcojbcJA5M8QR7_(|ru0FhXjcoI4r z!$G44B>s-MPL9*xr~FHL0r&s4<@irR?EkA_iL0AiMQzBDM@U>zyG&){->b&BAstu@ z77`g!x>~5>^cYk|_OJnd4%{Py|0k^bU#;vyV}pO;-PJeBHwaVxPJbW462=X4ODHBw zpieCl+)(c=Ui-ih5%FHETa@YzSwg;gyGDNgk!rLkq-bAeY+HsN~@WN6EI~?Y&K#A4J8+AeFy? zabEgorU@@J>~>JV?}E#WN^mE4f; zcX&4Z%00{KUix10^yVb~!9CbrIr9eTg7tSU{z0@~gTa_d^?%rIn${ZG6*KG^WX(9w zzo<%+k*OAG==kfb|9v!5=i;Q~=DYOyIbAnH+n4WS!kQmMt)<=6x~V3S$!iDbU7MrF z^uK#~0oszSA0$@Xia^$m(feik(Zu}{^pDL=y#E|>Clscp@XU7I*b=cgg9yWjJQ__j zO;wI>K2(vLy;>rP_^s;)&OxarzdS822lU+2{zp-&qB}qXkYeVLh}kx z%*dtK#8!Rpu!lA&-~65(fy$pe2x1GX@pD=a)^lJKy0)f68>__>8tB$kAzk@z@BOR@ z3^9&zH6VU^WDjyP&mLPsrbMmP?am)KH_X=eGxAWtT3@Z`%19SfPY|X12D> zy5&<}?HdlT)u>RiYV!)tCcVdS67y0)&@rb$+qxB; zbZEtPwb1_V{d(~`#*BOo9zRTBX5L{z1{#IIKSoor6?QNX*R$u&3arEJ83P;fY!z_3 zuLjQSx4TkJ!=A^)=cygex$b)`WSsZKKEQZxm-SW1ti}{S3ZAI#{Ai=Mlm@E7>P>t)8#RS-O5UK4wy*v;*CL$elqe+c3gLOu$@^G=Hvh3D4w}; zgdlEdayB!wf|{1$v&Y~lg@nM>^Hcl~r{;=SddK6{gMaQ7u6IWL@nRoT5|vwRXgtvQ z;x{Jz9%%beq`4w*wa_n&_;aX2Xd!3SWqea3(xGVv1jYn1#?!emN@LZ%1$ZZVZjiWA zvtS)Im_m`I0g!R#rfw&}eatM1uDYw^V^R6wlyo4`mNMeupNI9#R+)05az>RxsTQ8{ zpWP;f+l#MBzQ476IrBiHzo!%hu7$*JZ{=h!JC&K(Z(v*t7j9Nd-@0%bHqBHy+n97* zY>2@L;1q(@gtumeEJm7sS(}qD{Zaw1i(IyS?^$etd;2uE>_5g;(GaSC+U_@;tHT9+ z+Xn>tUj%YMH3oUFxl<4Yy6@MVu#gpmFJ*C!PG^ z)omt)uqec1ar~8+4U?oS^=1J_95U2=fx}icUbc(gk{*^R?u4Vydj?JV8P}4vilQ$k z>1ldsJFUIV@5K|Ab&@;Y3VyZ_O3v2ucy!KXg*dyP7qHGb_9p+0-l$**e`>rIIJKUCT;pWJv+LHmFy8nA1ckziu!_F{O$09hSbXF0_5g=dZBf@c*(c#j$t#= z0wlm~hUk(Vyj<9MJzY9;vZ7q`xYcMc>qd0(r6Fg%d+D3=s8Z|M0KwTgbD;D{aDlt9 zlb@9wm2uQNF2R#HoB0@Sc}4IW8D1I5VhD4qv}b^Mq`_MiOr4a?ny*9o7og@q}U)8P&?8PI9Z?ol3^zYUnjf(WnV zxjh|LB+|WS`>{s{=slH?ReZEIG|Q!m%p`>M1C#PL161XOozA{+qv&@)AE%K`G;1 zz<15yl9(BW5VL~$TWt$l4_G?#Ftyowzdt>7ySo-Y)y*H@8KkZvoCVHevnqD|0BwjG zjYKqSs%`$>%>>!D|muavN^VXG+${8wGc<)Dy7BswxcS}NkE#{rGtkjRq(ddwT6g1{8(sFY%qt94{ z^{Oj9PqrzL1q^BtB1-7Zi&5Cix9kFAmPy6KCY$0|c9trFvN%Xh$*#tD=R0o2j|BxW zYlNo6_sxI69?yW4Sy4{Ao6oF+*=VL(tlp!ryW|3x^}miGCiM`unymfV+D7x{-;d$b zAXw2xr^n=%fOw~FllpYoQ>aJS8{`vUi$Ui5x4Bi#Z0cD)>AhD$u?%3?2Y=5!1JyFf zOP8Z9g$3$Ee^Ax`M5l;z7}%u|?i-61T*<4O{r&2;XiV{oYU!VKvx%)N}0E{bxqi z5&Odkg7<>jWu3o_g#Sqka0QXyul0kG6# zln_4e=}W$iB=}b$YT4Yjf?XSSOouGiax2^&I~&m;w{A@{f=>PHmTP`gSkJj>Q#N)* zyIc35;n~)cg=lF(J9lt54)AZx^7i zMj)eY5np8+4I3=-Rn`(&q^QWlbfkJD#?f3HYt~EhTHH|wc5Yj z@I_9~nmGz2Z^}PP9?fQ@MBKop_MdDb+P#>OuUWT3CuNZ5{x+>r^}|YhHNx1Ht?dEe z1^C26vU1ghic`U0+Fx$W)76^ zh*ZL?(k1!)6EzqWdGlUEZ%pCdjfs9MeoB1v0c8=?0z8^^3tVwy#(-{6?&lEks!YK0Xw?J1!)UU4}=!C#vhq!!HdMnv0Yvjk?}`B%kRY zZW0rW2PKuAXI(Rd1tmjwt94nii=2qmfO@WyRvCtzqUwY6 zaQPRp2uVbO$5NADKWT%1I)vV0Qs`aXyC&Ifz2W=Q;P%Hviz2&j>Povvf%?^?YItRV zi*kUn+{0_zB7?vE>OZtMbQ=L{QXMI0Zaw?#ZHlvRhay@<8+MQBa#rtHB=y;*t1mwP zEho#FTCA_&8Ffd9m}F^8qGZ?U5TS`jmOIEKB#}gK=XV0P6AEOX zxhB85&cpL`-niC+wf_IVDlP zX;4p-UTF~yAPo7I6wSR*GRtDLRBYW8Wy<+X^!5K!yXN`|{d?KhGPLkRJwurS^1h_p zw|^?}k(;KvZgBVFgiZOj*R;?C=ybSQ%iQeBm6rz&74Mu_3lkegB!qDOz!O1=y_#2Z z+siXgUR1^|=wq3=C-@8=1wS}=z5uP0F6sspB$^_3Z-@3mQs3ifCC-<#)X1;(% zw2@Fs8}Jha51CrBX*tXGLGsU7Z>?iI1^0u_bT5R=L=3OHjJKV8m_wb3J>3_e9G``w zCb;v(l~;P{daxT*QKn^J$|a)9UE`y3#!$XYvF80|iIxWbc)YK`9qP+kkqv^b5$Sq( zs$n**X@Rm2d2R>a6u%L^7&X&FGrSIUX^nL+E4~^4UB3=Bw?a&*KHO@hI4joJu=<+Z`+#n_*2TYZ^u1Oww;?_y6p~p2a^%1Ak74;1m6Nd*S1vZkFL7LIc7%t8ea{97E4`wlg0(tN zCmodk@aVq9rMa=s7fD>}tghO`!*}Xx{<6@Qe^~B^U0nU{+GfF)6Isqj4%wZIxXl{R zAHO!Q$oALzHgPm3Z?bA!dg0|U17!MkV^D%ji=9+S+1+~R=-}< z{PtdL+s=rHo-k$hUSQ{BDwp!d=LdgeFN|8P`gn5j@AGrwQjY5DnWV7K&RIRR!e*Aq zglhpQjVn?+%Oci_YKLauePOkP(S7yv=1Gr^Ui0_p-yU@$?ze<7BlnB)UMrC+n)PXZhEwiO)Jkde2IDV$#37n{+zzGzx>i( z$GGNf?A`D~;nVz%XMPs!I=9>|=hwrUqtjM0+Q(R&uZuDJ zck{(2m$PAauKFKN)$;!q_I&ZrU2E1_%i39WzWDuBaQ2>a{)ewmdTqI}&SviO6MNLI zMV7=p{wyFF{;2r+!>sq+b$X8FX19;+>ewgtI)3)LI=ic>Yx#uryuWNN=zsOc^yari zr4o^SZGQ?Lnlu%%ex4c8FSzlqf|Wzb&ZNt|=aQ3bZ*weq%p>1>eR{RZJ>lr*rHf8K zahYcRZ>O6{Y~Q)*wma`0pKiSIui4#q!t-kvpLbm@Klggt<4ga(sqFgueb?j2AOCLH zm`QB=YIZecx97QdW2=~wR^9ft$3E}O-%XTQcJo)~zU%u{cdffyaQ55m-W7j87dptCeM~vq1 zyiVO4^)kUFRO*^x?hlE4^-Ytu^s;>YksV(f`u=2E>Gt1WjwIa|i*`$F{{BMwT0~7| zSdwH|>E47;!JZ9$OPlX!Z%S{l`sp8`{;^E{Z&%fi1o`7y$`Xv(eP#hqvqTvDSdiv~ zMwz56t{!A+!E3$WfDUj{%7pARV_3rqnmLR;?fn_jx4dWrOh>?;<{)$V$a4-jt|H8V g`vut4KK*A_-r4zn(Ke@_z$qIBPgg&ebxsLQ0NEtT&;S4c literal 28634 zcmd43Wn5HU+de!dN-CfXts)^P9nuOqC=El`&`67PjzLHa7$7B#ICKg~m(txi1B`SI z-3-jTN3Z+3?)!P}-}C?aeh_~fX7*m^xz;-4IF7YL)m0TJNEt{$AP~jVCyz8ipbPaN z(3z4;XMx{n2VPkM{yXEUsUQc+?`9%ioVR(X@(=_nj3UFET>!2xKYya{3Ib6!5dWQN zan7^^ft;P6K6DShd*`8aWoiiB#4}n1hnz8LjYBg- z($1P!!$2rjL*Z#z$W_PCZu&=FakI^{s*;vpY+HgkLYE^`LVB}axmin*zluwjG9?L) zBcVCh?6HX-Z#HdtiJ%xXjw0;BeAiu<2eVw4SBsaA`+^O8aV5i(3of{mZE)jEwqBC5zu^45ev_WR~>VS%j)dUn@NW;(rx~27%IULC!SyAfL5Y%=5ty zmAXaFfM^g|6d-kOb6Qh8zG9w))oX0{rBAR#uisoo9!u z^=>F(w~>*vzPTbY3%T4Gq@61`0)wCQp%fYv5o4ANf!Df4`mP@)f<0aV9G{p`am8z_&IkAmS*POjGvA|-yJO+&M$FsYp&|Ja z4db&S8HBx9UP6CUS*NVq(2~b)&i-LnBUcWl8No;xlRdUU6g-96ipF0w^Jni7>G1x^ z;=7l>?zdEIlU&O&{;nrrNzzl=_pZYZ-o96FAm0ATMU&H?3;6k?tgTRzT5DJr6bh@J zd6K!D*CAe3@Tu(8H}2ujr&&GDt&wQf7g4VJG|sC>Kbw%!Jkl?br+9e4EeFHecA{kl z5+(OGjeWfZ+NalNK`&Dbh1u!vL-dJOT|<5LnmNspnd37b-yPMT`e04l_w)UUXPkX{ z6m0CP)^u$F+Az_2?9eb^{d?9x!1||esu4xYBDEZhFa(clzW7(V)efp|qr*eBlkj`S zJqjV~jkRNNTOs9+$#-CG<)p&BNIIzLErIsIgc8}TBt6-RrPXgG9@&28`84Yp+cq$& z7-@I$1xg!C47iD<=-L`VWTAVtL$+}kH+$Mxdv9K)nN+@{b$NHJX!CK9f?Ys1%+t?eMU5iK>6?4s( zCa5AmEqU7<%_KN4S$c-yVSLW5TOqLv(&3*90L`>%1{bFycRo!dfN z3fv86KXOjB4(FE)9fp<=@cV8V1JARWx?2kT@tgL?-5QmjU3DkRmYppW)(*bry^oY$ z@9g!TD1FFMAN=0%AfMD!?z^Sk_NSx#i8*G;rN1310XQ-q-S|Twj6iuZmY7Vw;_gC? z-k)ZMTf-^rzG6g5u|_%BYx+ zha0^pA=q9WwGM^zfwbE^rF7*IEN*K0ASC%{GiK@KAZ0yM!YE6OzF6eaNJK!?^`^~& zHkN|sKBPVG>FYe0^@5riK}o!R#76b_z^0DysDbREfu}!CZ)x|sNmRy3C0v}v=f-LG z`~dv8-EnzEJPfA@t>+qod zwJckYm{?Br5$ZWflW$s)omOP|l!khJ#_-7J;|b2HYELE~Ef&;(%;^$eh}w##yTaSBK)#{dSmRTRLsa^}nm8nxB1?9AmHgYw8 zg(iZ9A)DJT6N@V^XZ$)v`cgt)#~PbQoF)ehbP-ZmJeMGVq~&0mbLzD9sB${S2qwk zWtZaQGTRY&qv9w!hm*4=vOzO^S~A;G+jh_SZW*)HzBL}X-*Q}g zq$h;m#m>;x9qtxS9GngzS(T_wa=YptJ;!>==1H`xY}F}?20b~2@pge@=b?~dZuzSwuVupe&qD+$D0qIj3t>su_^Q65M*yQ&b>c*ogX{kq3CQ>upt{Gy| z%3bT(hg}=?Hc7r~^lJznDc&W29+~b_e~eUjMv_Y~v%n7Ad(ZFqM~Iko@!`0W7}<~8 z41~e?dwcoJb(hd{dD&4HD;{Ipe7j%8eBnI(l&?3%mcr|M@ujwdm3j2z4AH`BaN5Fg zwR4emSG+x(sb|l4XlbRitGV%ZIud{&iuSrRRd(fbUwpXaTUbC0Rrrx=44dNq(^Bs{3gJa@bSY}W{*_|~2}UWv zv&c#V&J-Z)1751ZJ&_o56H4dmtH{ow$nZK3KdQrf98(?lv%}%u%1Kpo;$;bKCVJY3 zIAsM6(cEU3@}lf7m&j8;h28GlLW1>Cfg`DX zl85S1XZL&Y#IreAa+*`8$Ga$TyV>?W`opeEm;pvzFQacTp##Sv+L zq1fcJ&RUT27ae8CZu52YRNnG-S+i${g_@Jcy5nY^Q{TmF;ng4cL`ja$k*}jXaz$*A zj&^cE$BWNc$D~2IqC8hnJ3=L)b4^@JU$Y;^*$nDxAu%uV^Rmb?HaRD~rq|+S>+niQ z6}Y$j{5SrD&l`NAI?bLs$Q0osIMv3&@saP@)1Hl4WOnW&$yz8Hi4A8eoUBeoJ$^Vl zw5VHE!=cLsSvn*Jl9i0-_xYr7pTliRGhpf~T9Uk{=uK%YGFXac6CTP=k1g$3Ct2FE zrF8|Z9rK^EuXR`W7jAt;Tw8vEXAH{TcmpZ4cf8S~+hG_5(+=4EimaU$yRiJu_Zz(Q zNRdGGc`HQ%UN+KH$N-@XK}`m2B~FbDI`*u=2>GAt@~rpa<-+3I)fBRmCyKGoH_ya9 za*Rjkq8YX4jH{ONxP5aBzdww@X3nn9hIhZ>y|YP(u#rCzNpi$=o}c3xPs|J$xd8G) zMQR*DOBE*XU`JgR@rVB(zp*by5;_i?`GT_Rj8tS)|QgnH-OX)(RW$Er#yo6ez= z10KS~C2~vvBZmttNT6P++Gou$^o<{nXNMa81tDq#9o3ixFBG=he?-M;g5RXWEvVo* z+x&ZE52B{>9y$iGn|s)iJxZ#y#(7v^b-a-E+RA-WWMWZBLn?Z z3RaL=@ZA|dmJe%o!vTBXdB~wQFPn*o4`9Nk_FjeCf&u@8nO! z$lQ;Wq|InYoK+UkIX#NVxcpU4a{r_FQxrOx!2T+{+NU8&TYP$hJ?`MsRS(WGDSSQs ziDMmFx-ZdgEqvllQSf`75R2J;g%gclk=oCk3S%Mo*A@kC@d7v*dAnR9EnU)_%`Uv?j0vvuY;&f_#dfdF?-$b{6d~ zYdmeg;+a)DKYp)2OE8zwt&73+ws%Z!Fjb`%;pVrI1=yn}%7d^z@x5Gvg5oZjWrL(f z<=hkI9Q{L(x(}-gmI0L*!dDl#^ekwC+YHnYl)_N)7 z%Hy0Xi@l}pd;Yu*aDVK_r2)>CwaQ*6jVSS#PX~*#@}fL(!DZQaa@W3#+CTu?cR5{r zv%gK4Ra1>Rer{1os!0oawnIgjlC93>9JnED{FPnB(R>5kl#Fsdw!>?Ooa#CT)#0w^ zSJ`F!vbEc)qmah8F=6rVDV)NOb0}B3CAT|;w#4r$yE+}m^42yD?tydKS=;q(kp2nw zj0E9UdRPtLvF=K>D?SlC=4>E~+b?}`MU&|7!+Cb5dpgLNgV}9!zR`oeXZy4wYP|zJ z(z;1^5;BV6?B%f;IFG%OsN-0<`>5~mo7NNFBjYyq*S&FrCeF2THTuFezFeGpj+fzu z%>*_}ys;v%9_&c3E;j^c%KKZgVWOxc8D&&)J*{-&WijJz*ovvzu1UdZ<22Yo2vA2l zg4KT6?+0G548hui_rA?{@|+yUF+K45GJcW_$(B{70P^oia)G|SO0E2HvPW~p0@}CT zS4pOq{h(gj<6=2iAblmn<6$bE}2aC}7w;1nT_! zu7Y~4J3=*bEefO#-h|H}o6B^CfzBqFRd!A_W+mg-r(+BrNvSKH;Xf`M1y>?8*6I@! zj=Qq=S{4fEnslQ}#`z%c(QRx|6!w5oDlI}hfY z+YXR52PD}_HPE?>x?=nO-}U@;ZbJ%vs!h9~S^+UZ-lfi7zupCq_F(T!DD!O_cnKR{ z!NlgPai|?1Agk0$?{59Im`lX!e4p)=9Af`;c7bF?fq-?ammOVT{>tNph^}t@ulx?U1Lq zx+$~lnwql=(#e|O|jt}4p4 z7HR<_{`|Eg*f(dth4Gi10VzI?I2*ybkP!D^+win0-o{@PzxQ!tb9Z(B**U$T|M>Ek zk@e$XeEO$!*w9&1cMH37plCbyMy>}{EIebH*<`f>1oUm}i-wrd&dHc=? zf35NotYDhD3*7^I)<(Ftotj6RF-d_;vmmS}%gwi)9LI1=4ha$IQ3}D$imVw(v2YjJ znBP@h&1ckvp%iM=U5Sp=i{YXdK*|??-##G!j*Zj)gx8F}fd3`g8PTdEHbRfjl3!0= zx={B{Pk@Ipf}yhfW?G_5*Uogl`%^l^sH9uj@qtG2kH$CUeN3O0Go9XI*COv2zArSE z#GFEk#Tn0o_?dV%_|69`hsp)1h_5MOR+po=p^>&@JHto>Sl2CLT2kAbR2YOjZ1Z|vm2$poJBq!d91h|C!jw~+TAomic;c3#H zCfA1}KQ@}4Gk9SUpT?$D@6C9rOp9moE`6o8!_}V5f7^Gvk{<1zyLvxg(H*^}_6pZq zc@AXy7I4$7EyORjC*#&}0f`I5CCA07jpGWR3Jt_aK-NF(=We1v?M=eqMl-KLDsmN4EB9mPTt>%FIJ?VRGMMW;zcBvxe}Zf$+~QiOE;A7 zVBR?2$S8B65|m?T&&fXr3VyZ&H58?2Rs4K$_3o7bPQ|!qMP(=RPZiU}F_Mh=De3J| zNL-WRwJa^kuj!4);V=(E?-Bb)|y3r6jxcN2Ju@H_h{ae zh_j#{?Phj{l#CgHffqo%692Y!F`(H7uC2c7pa*3CFL3VvhVK63uR-7@Wd~66TpK6S zZ#tB7Z*^?@U?xiTXc0vvy`w$~0{yTwCkB-;H6kD=J9Y*{+Aw$##C476w$Juw|9^BD zTx9IJmv{H>U7E_k*iFGJ|At_4Vbt>*LAg@qv|q0LHR#|Xz>73?c!Bm~$enj{)sA)WmYWXjeY1ANx{a;Ys$YEfoETn}S29WugO;*_ zD!zT~bWcxDx0!E95Res`uzePy9SOb=r#=&*L3y%9H+hN*pFC}lE$v`6c3Tu$2%%^L z?n%y^3JkLAtp*4bWV<^kDpbQSaxGRhlYCxcU|>Mv3B7+rkxftX*w`3?Q7nOw_#*Rh z)$c)n7HB6asNU<|6)HfUMwt+>J$^Pbo?UjM??%B^9#to>2-UY5FM%}$dRhP7-;V65 zBD=i6yaY5!e7{azpdH*aE-Qxh+eVLfc6M&gw8)cvCr)QdGd&8t?r_i{CVMg_Uw0e? zJ3W@A(x#_Fts0KjF1-dPKZ%&GU7rb}%4zIu(g`wAJ-Vxu`@Zkx3&08x>A+f+qm!AP zk6D0Oicrayx;l%)^Hu@Y5*P2>ffQo*H|s;RJJXlq#Rr77nl9e)c+WewAK2(vHZhO- z=nOx`v_!Fr5%zP+CfnJ4F!x@tTO%Jn-EP3fc%yf)4YC#?a>2`@>4SVL^J8X3n-gSh zls7M!1_C4Y+v%=y4mc|2^pN&=LBRin<1wtYhdQJ00>MoeZWO8`9;713bW*(|)U?zt zYo(H@Q<~F)9++`>*oD)D?MVn+&(@8uR4EVqP8U4Y-bh+(?4GY?8fwK&BGOlB=(90#nsvE}Vk7ZuZaXfm&uXZs zz`ZrwFxlrD`QHTh)KGUJbIdm{Xb6OLC`!dfWj0eh-WC$x>$lN*dF!|5gf<1jjQZnQ zH%a@9d41N*)r@yUXtnJ#e3A}-y`c(jwZx%w@+<9DhVx=!0p5C?5ZjuxMlOiEzgIIW z3anJ&?aDkLymEs_iT>hZ&rHE&Q2=HTCcVLE=KsN*HujAJn#F?l@ZHm+xTo?SU&DO3 zzC8H7GH9=$%8QQsBXjt5y7=n= zXW5?UYbTh4Gd+|&pxmM?T)%L#UJLU{bsi_(#e1yyr7P*5W5#Sxjm? zE?2`#Ly_6EW@9hXccG3&=lb?A>8amkCew?;l$4W*qbF=6szKAblC|+g}ZX!%;TL z-t+Zjd`5``CtB$C&VX9T^=CQ2+__F|-$a}VDo{?8%aVZ9)PHdDd1hS7Bf#~PEl$(n zRt!SkRud*oUHmXFhk1TgRjBrT#C0+RfPRRN6o&jVc=z>&=gxus$OIvD7n9E77ckS4 zTs2JVgx-~84R8~5hy>z|-0zr34mCuY_-!^(Fp8G%g7Tb0>xh8 zk3*|+TAdZh%M>X+r@f6By?>3{iibs2;_kq$=zbFhq8ktvacHz-JHw+P#VQ-gBj(M3ZQ1c zd4J?Qh&DKj!io)YhGX!)1#PkO_3NM7sZCgv{>8;{VP2@>K@olGCe;9Yk#hdWO~@J0 z1ER4;6lZ9{z!#of1>zg%Je0BBS{1LSr^n%TnQzAG2INezg*YGSU!x@^bnpc*F%%L% z`lm;DPA(1H%k+ix;p|5>sm;b@XUfR)zpGXqFjSAG+N z2w_M(GCnyWIiAYC*~lhaDE8V#Yl!-%`*BO3nRVfvU6*SjblyXQ#ONqK+>1>{#E6N%u56y9k!y63XN zqmO%#&2|^w_}D#EBjVbqxWW9UuCsof<8lGZ0RjjEXMuVD{ftF(TIAQ+t8b#U)9zd> ziKr(}2@?!Mg}84yCFk+)E*0NOdB5xsX5yfgb7jJUHmlVWq4__<5>T@PY2tT3WhtPj z$e=ZUqe+in*2;oh<#yh;AX{W|>UlOzluwFW*^YKL1Sd+F81)sBw=Ou8X>F33IfOdT zS6wqRc~}q<6BM*Bd%x0lfpf$;5xtG3l8=!m4%PJc&9wx=C}}nI6;t?;@aEe?=<<5U z&nxA#xA5valuWktGL+Lnul$_p*|8et+;XyfSb4ii$Ax^j%xw;Ar~E=LR@A-c6%T%y z$`k3V1Fs}#)^QW-iN7X?3z8K`FYxZ&!Oc0aMC98|kYK{c=yoq}#VI9hx;ITf) zEiB|FAMw?b*XS53w%KB1(p*`I52l&E| zE5F10z!8|;ijxL=IZxtYgcZ2|;aqIP#RwK+Ek}&Ue~OET z0$~EHeyH%2wfT*y21Zc_y&NO2sUT0RzvpPgRbr$82C9DPPgTSN(YTgQTf0Id^F=d9 zFK#7}bfhWQ-P(b%n4@8|y<)UmH_c`Bfo+JL)S=INj0By;6UnCW!Vf8U9QHJ?B80E@ zz`U-~ek8y55^8WHCeFXNxTQy0ps4;ig{_{D^1uKuxLXzCMgcZiSHQ?RUdZe*CPeCk1RI|6?N` zq%hWPzFoE0QS0kfhI#4YoQGox#){0vc5u2cssCR7!gUt-?k6BEo-V(_URnVHxd5;Ql`{#r zsJ()0_VLxAAXE;d{HKzbzCc*TSJ#z^{8i=SJA{9al7YS-;uae!F6Ztd1J;!qc3^nA=SGv3l#q%3XfBGM5D zQf;DXoWTq~DQ{rT>Cz=XbRkh`u=JnVYwmW6%8Fw~UQ_tqB?o)V5G?0FaTiPGyk72k zx?*N!Hg!T3>4ZLP13bG|z1N^V2dw9y|1sKU{t?rJ6HI6awkqbvU-{=aYLL?CD6lth;II{89Pe z1?BSa&si^M;09fr1l$iV*{W%r;x{pj!EKl(vjm9+$;)%;SKW(qgIF~Y=`gk*zpPm# zY=9EPm(plT7hZnsS9~;ZG6bUo;5%9%#s3J*P9<;Ro3f@s?U===IUZh{eKPL9KOrO5 zSI0Q_L5Wwt8x?#C^g8qPXS!rrXG5=&ZX*C8fVk{Hyi48Zmh1jP+r=vK zd%(or~RU`(QB z!qExbyawq`o$eFy_>@;U&JWlSW)>&>m8Gej5(Mu3>A7d(i)|TpPCS~I&M@*Ma7MDg z?>VRwV_EKxiu7a>3X!ofeI@IKFD47=+bjcyR=mp4lmuFwKp+M2=BvCoS`HI5!c2=>#HT8tbk=I$LN+5}3o ze&B@o1dj@RxgiU+zYiDG+Sap2`%DBh<%$P|Q%qCZHH>-`iLe;EF1W24JB1YVcUf9U zB#|dV%f9=XikpZR**DZ=1OREwL;`P`*$!;2An+mJ@voK~+pCR>={$y+w{NGnpW3+( zHJtc(E%iT8i-Fi>OQyX@tI#O0O~>qFY;O4OtsVkfX_^q)Q-$B^Kzh%|f1`g1eM%n& ztMB4~EH!XPX{cAH7=`A&G_i3GH_)*$b@mQj_^{crLj?1zpG&0 z>dg`@f33o)m&)2F*qh3+8)~%q6^=71J@^MPIfP0YOq+}))9$*kpq^s^85z-SmF_Ek zK3knaJ*$&7nAp0ln1Z_tU(a%>v0HHkToy|Nr%^R>aWVcY*F+o{6}wPJ#7t$(0$^o9 z&f0_xbZET2GVr@x%e9#KhtCYL1ZPIRTYBn6mi@8TYn2ms`` zXIL6|t&D-;4A?zl3pwfUYc@5z?R@e^u?BX!m846j>U7efcw!jEdspfR%M&ASSl`70 ziP)-#%IYTj+|(*l1wyPs#OvR<4p47$HR=KVmo-F}&Zf0Dy(pVu){0T(en3r8$e^lX zdJs9(F}aYf3QP|K$M$-KeC|D5KzZ6S71?V}Yb!!oBKfp+)-72&4vS^jD8T#-L( zjsM0hhLx%ANG&^YRr5hakuSD`q((kOe)k=d-_#OJs>l;Oru^3+R1_o5ej%3mjjcT* z3pPFkr)aIX@H*sM#1b~vPX`#``)dknPQIn3B@y7cA1h{# zqb9Q7e4ntoTo&_MdaI!>3e+jYvLs0Fm8(i3U26G{$80y1TdAY&WJTJ(346$dc@jij zzjk97BU<=z4S8g(A1pNTK5SH(ip@<8aLItjHk4U)PKfIW)HI|EW7hmwV&BE~)gpS` zf896b>PwAgF2b);i}jl0wYn433GAqegcBBUtSf)AO((l`YRE}OV?xA6ryT(>!DQZKGPNQQ#3q1QYQxuRRO2l zA)c}){WnK;dOJvxy;jYRjlYDj`cD7o$nO{Nf3eQTGFfu`!&OxN@+aoBK*nmfe_xTr zaHn+T>@}uE@J&3oKFrNlUfS|ogQfVR)D|_0tuvjOPKlI~XNRQSzv15KE#=@1xI13@ z%xdjX7-KegtOwQxr$QyytA$cIO4LwN2d3Lt)pI%-itYT>b3aBX{dV?foJY6zC;hkI z>=zKi@(4qO0DMi*M}q5K6Jh2nUBRgDi=QoAdlq+CaTA-%^mNk4LCouQVxe`6O+n1g zHQ)B%8~Y}E&&2pgRa{~JK321y_67)Aezw>(Wa4sJWUUP0Am2EO)$8zGjeZm@C z#83P!0K>9b=QsX)W7izz+7yrm_vb&Dcu|5ILBW*$Z*s8lbNu5{(b%02F$^z2wU`m0-+p9+i zzCP@jDBZ*4W)&N;DzkCKxE)2nPi4Ti+!e4sYnNGL%cuH742cZ~IR2GIw107|@jD~Y zD!xI!SY}TEFYSjC?!EdnW8~V@xdd~=4205fI#uCB4~tvqV1Anuo>)f~)SvhkT!McC zIB@p3<#d{nF93aS1$p{>DyE_CNa463AmAsRLvh#o0pIRtLTlTF{aseWL%=ARpMWz1 zSmvfePUw8@Vw(Mj8-4CIaYe29HjPw(tzu8Ki-`4iZuDFu*Bwch`1Y_z3}a5O0H8wL zpbI8;mj8TAwAqu6;*mPM#-3*+{9w|TjMM25zDF21R{M-@+@FRmd!J6j zK6|a7gC0*oC9(0TYN*>)RMnR9(Jc#(SIptZp=6pyqFb{AYEpLahE)qSsqF-%$C1^C z(*t#0ji+H_##FMWgT=K))F>wDoq7{Yhrgzkem#YW#P2>V_&O?+6iSNSz09hfrG3`{ zOUrFUS6pg4TqlQX^-DL zIzX%Vz00M)P4$V;ye#J6L>+Kx;C8{cn@_I8N53jTQvx&ovb5CZ?c*L5LZSlQBTA9xuF-K&F zHRY0jzw%#=XF^4M?$&u(^xv%ezu6gWUkh5(-G6njK$8s=Ser9{HM9TYGTL#OaB2vk zP?wGCJG|)s{gcs-T)O5Uoyq$a(RF9kY5pCg`dt<@Gob>hK_P#->pyhM-}uy{f0z?Z zfsuIXq`_t#wVuw95>tRND9F{G?VNYWp&wkY-=itg9gFw`pj`j-({FXu9EAqRpiq~k z!1mT)_B$25DXm5}=vJB!21!f3OFOMHK22OMZzgQPUu+__mU9XwU0Rrlom`g~w%Y%A zkA_nALiEg*gggT<(GlHNRcRD4)An=Kuc>7NVK-^KbVkrHXK9m8a_zS*)AG2IK~ec zD66U0lsgcOCf;+>Cp!Z&68dFM6H^T#z|Upfy1kNu&G_h;zGKC^e&QYNENe~i z3e^Ob38ak@hy1Si{D(-PkGLPXmQ^1Y0+1mZQ2$r=6r_R!T9{U41W+LvigRt$qH*%y z_B9e0h07CirH&{d?Q6gdtdy+mLwNK)kHs>F~$ar)wRmFcozw^;2a1u_xrIqALNK4MI#Gn_wB>S*{ZP-EGj{S%Aa zez~YD-KT<;f!wFNS+O5ed=M3>Cn6nD=J`SsON*pqQj7UM*!JwxwT~uwpGxZ(25Po^ zViWV$Ue(sB#jUs#D15LwmJOq9ux{o)rOGH0=`8?`5BT-V*etC{pdCMK&wEV_M_$6y z!PFpP7_#vIjp<)d8TB4WlOJOzt_u*zTrQ)u+5XmX7qcOq>Xb!dyPe&;Se*NZh2b3E zUYw;^RuGHkWg@FVOgzJR^WXOqzSVl*5Mq;HVq=fch*-9ekupwZ>GEL>CLglzWXBb} z7r!L(+Sk^qB@K4*9L~vKLdv|5VwK9FkvY-~%`C64)-maa<)OJS%vw50XLUzdpgJ8@imuAJtfofbmGeMrEN+f=zW7OuE9d#>^`QNbW zQYiQWO1tNe2WTWqDz*u3=}u~kLv8+}zf`w#G7g4>{EAt8?L0^{ok>WO`qN%J&*bF1 zxfpBg5l^M!7g6Mh5v{Z9?Cw4i1!tWxr#-n6LLw?%>w+4LlM@Z|;ck6U>Eg%H6p&q$ z;mNmiDdzPP5j(@X2^z%<#Y}p;UUK4yq(}v3eO$T-f)C+fh9(gzRCNyL(=>EL6rC9M z8+_DR250A`A||i%bg7L+tzxcow+!&-XGa@1n%g-kj#WO<&MwP}F0zQ?8;tw9enUD@ z6kW;xn)$9{cQE4GQMq4Cc4*RcPx_nil|sYid{I%KDI7C^LrLe}y<1KA*{32YYs)+K z2hvbhk0{zsS8_(%p2pVBTc8h04oZ+(H&;d+ChV##u~}KW9gW6DJ|9oqETk@GAwlkpI{%yxZ4|N8)Rl01{ay7z`A|Dglt zxhD@}x_Tb2(F|n|L!z#r6S*rkA=xp(g`d|F9{J=TVs0`(gtawF%ADr2-lyHoV-THZ zdvb1~|9!|Urcj%e!9}yw<`fF()gy0j6q=Xkzric9N7{Y!;HI<-pVY{Wa(@Y3gp%KR zeVbNaApNS-JFt>)udx({O=pbx=mof&)Hqw(vCcsus~C-NOpBD->9uH*9$T}Et<9~> zn2aO$pHKLM&z8Oy^jw;Yh1HhsRcRb>wTJ1;MVRNGjQh-peECh8Eo})Fd`nGaF^D~R zoCQ;18$|;YXO6r`NuPX+xkYCRqoO#4#n`4$K%(%nbS(iO%~XuYY&p(7Nzp9jvGzRO z=)Y*lNU6`AqcAxLA%#41&X(ih98zr16P2BLsbP10KR-PGigS*zNQuj0wUr6Go66ml zpV^GtS1s=qsEVZnDE-s`!kz`KuJS0`p20xU2Vb(XMhL7>_T4x{$oj4sK+A1M*8L9p z+P;Y=d{;whb!5k@u+SPBv))#B+~zl5P|22GbrK@$@^E2$f}K?0G2FH;49%x-PgnF| z%+g_)mrvO}>in}Ol^s#mYePUcZUkgGnFkfKACx@Sv@*Vc3j-`@U8m>@TyXBzIO@J( z4~aWGZ|TBHnmxWOv!@zqFLx*zmkz!)djN$>rY@_iIBKG_IwPSHS;2)442m%_;2ugE zgE= z`RSUYultq!+f}{3-M&g=8kp3(A%oxh@DU_glp1A&3QiqMqL1e_1l6|FQwF$n^5mEe zOFMWeYm4{M$1>Ku!?oT$cZk#_ss%>I7+qve%Pg(erT@luG*4~vX1)lOMckT9LDstA z$P+6?k_nebX;7u6L2BSN0 zn(&^Mk;99&bWX+;oL2O?wiZlX6kp&?4qv0BFt-^Uk|J`0^O-*9Ut;DK8@%r0GuN6= zv7da@<*VwwwDBf|TUR~8Jd8T(JVO7CBi%*8hExIOl0L`Xi51+V(Z_i~Oer@*%oL(X zqW5kmB1ToBIPbYP=tatEw~SKV8&Lbl4*=C!>eCwQ#6P8(-e*nZx!%Xx)GMkaTF~xa zVBjPp&DEmB;S(rWU*EOJd}l2-p+&{qAL*=FXRgBy=#18dsIS*c?Er^I99V zCz5zsA)@HRTa9l-9^*IrN!0LgnMcPwig^8)NQB&oL;nqk{KL}#_3UK;t^Iz9SVO!9 zm{%cP^M6+mH4r(9KTO?!Axy8JXjcJbW~|Dyz&oy9LMPB$TxxIB0yubic}4Gz)KtsY zYEG%Y>D4Q!=yoH`S^(DTk=`H29*WcX&cM@p`m}fi^^L zkod&N%aIzuNy!YNxTqeslf067tt@@Se@1b;oTXjWrrR0mMMA|Q<*_=tQc&l_k^o4< z>-J-;hqR8ie(X%dtbIc#WpbM*9&qWUs}?jvN@IQ1ix8z8*t{H9M+V9-TU<6(Q9Nws zyc}IT(?N75{8roWisXHf4(*C_NnTaOhFQZFWED{1k^4?h_tiXL$6Y)w3->w}lQ-sN z-Z8GN(brvHdp4$35u&A3H@&9d-;-WS&{hUkbzt+>UVMAOi5|jB^p$k2S?kWAQym4B2Ow-16<0=W4~3f~ z9}=PrP8eQ*bz_cXROY-GhY)URI4}8$ywX`G=*~&{8q$rgBS2@Zn{oVY@&>}wcQ>G5 zLOwgIQa(-nQy(xDM3(RODcSoR(vT%LhJ3a9-H2Lq+h^mWC0wW|jlmL&Io0nu0rJ1N z2P@y_OG2Lp+oChe3~M~rbc|C5F6R}!g4ogO#>Aj{oP9kQ2Mp|VD?)CSi412*rw(f> zGGgol)ehY10wsT91zeX+vc~1J^C}tB)PX7+1mZYLWEN>yQJqa>AKm$Yvlb8<8m^ zwuMt%Hz1csxVEk_>lT!A6c#!z%LG&NX3zDfr`jj9N4)2 zb)H*TA$d1pyjIjZ*<`%-s7!itI|jG;@M%;a1BX*?Yw&x~n4eZ6toM%dJD$Y*N=A?K zMcscf`?ez6ujz7$l5T~3cG*OJRa8n`QQnq{F;A0Db0waoUtZCXA+z#WhoO%~X3~qX zI{3JKLLf9JZ(M#Xd%WxDl(&^DdBfrnkx~53;y!NVss-m;8;P4_wpx7=rW}z?k7Ky* zV+*xnK@k-Vbae+owe$2ZE2{>RCUC0JAwRAaUElhW2`oEwT$=}!{>FDF8Lp9AA_f}s z^)E*9jXP>mwaS#Rzq}YHtYOgz<4UgVAf6+fODBIOxi)UXsllh7@igGwu_iX=1(nYF z&7mi2YTDdm&yzQ1h;09#QCT%|Z3?y+A>EuO=wpIFXK-c7^Vfc>FYnB}$Sd@`ijiqeA5=>DG4xL?3lcxm=qEB;@D z+V5cb=d5|~n?GUrFU9A-$nj`gLb0=znOS@i^V8a!VG* zw-e8g=d_{s_yN_WMf6W*X`dZHzgF8PaG{t%)O6>s_)cWwKQK? z#YBh@i(f)otVyK~vB&|muQZ|-jsN)-4>dKixB|Z%3C{Ly1ke3wwI;`@?v8T{}PUnTRug^ZANl8k*;)Wnnj1 z8QRbZF_}I!xtdq+C}JJnebYx+HFdWE*^8bC>)Y7axJQ_a20_4SEV|}n@(jX5XY_&- zohogCw-A`ImwB#Ft_SQ_{T54b0orX~x&R5{=9>$f83ox*TL}yapOw+1p`qS(ndq&S0$Ya(hH7mwre&T}hPn{LxJS!w1hvVh>dTXBo^Yc1n8= zLLVmcoL-HJ%9j#xuzGeCc_E+I?L|YIDd@A$hiRc`)r`}X1{$J<3neq+2L`=-6&Px{ z#32rOsug{eH(bRygDvH)v%^SgqPTwnY;AsIaCv!@-@Y^|R$F12>njdZ7BZN69TlfS zw73A6aCJ*fb)%9zrQRLAO5m~vAwhi z3CI$J|CcE4w^ZeC$sKX4ikyPyMhTPOdX;6Ss;5z(1{B+(qX@6LjFrsj}+O8h6M30Ii-FIYd(2k?{X;lp8#Q4E$ z?nT(N#Fum_BN%&*J48t^(A95o`(+eHTZuR=iglmu| z*^vuC;#X2%xzmHbaT5z}MUj4R+I7oJ@NK7$k5UB~1TJI=YY}`fPLIFrHiJ=}onwTi zMIv7MTXF^H{MaD^iRR?yc5;Q{3{NrcV&=5bR)EsInnK*%>#I5KK7zG?%mSqCf|GzW{955JI9gaY>*v&ia-pWtl z^(w>+sGi-|#05GMSpz?Q9SKIw!q&3b>3L_KX!BluI(>yYX|X6`=$kZF&A~JvJ1PgL z_s$VRge8LpB!=qb?^LDW1t1`>21_}}vH0DeM!cOR03N6wve%b+!Re}DM(>LuO zM@(x*+?5I~5^hk$OmhrLME)W&n)?wNgZH<1tc{bYvj+>$g3t(}HNRgLbAKdvrh)U{ zUk?NDhzS*I*xP4;JO3tqfc*vV0s~60UsKN8pdW#Mj+X&@!x=Of7~9hSuLBc+ssABH z{d0nioaC>j>aV){H`M%C&2gJ-07^E5ozf=I02shAC;pBEC=Q@*e?0%)r-db<)1Uwig0F{%$M$?z*@OpXKuwm}?hJ?r$m)MItdH8DhEFt$$eY^F zec-**{=y=9rX>na6saUu0hzeVnArdXf<*lN@d_wrynb+}9$znKW0#T;ycl>pl`EYa z&rSemH$p01(oiEzrQ$zcHE zw#P&R?~}Thspf>&aS)yTkQ-Ox%ZhbAAEkKL^V+aw%gzB5t9O!Yc);+VpIkP3LZonT&Pib=qsBqXO z=j9mSqHc~i%2ZmG+P#yhRHajhY!N67#X@9~8kgJ(w))fz^lA1xchW_GNiX5n_x=1N)?(v$-ofc8sn!D|X1EKc-hzmQ)?uOnMr ztQ5#?X zlTeMk3FX~(ElA4Hj_W(UD{j)<7LEirrt#`KabA6EZWs>S+?a4e{0eaMTdvs^hT}uo zU^5%uRtGqWzu3MemW&_~$gs@TFJHe$J{Z90o%URwV zTB_gn9$AJk_1y7bdc*0M{K==>F|(e{LaN3W$49(1WV<0@yoE@Mtd{}lz)yDHsk_^2 zNW(4n0zvw=49Z-tJaaekCdtHXGbxv2A5`rJ*h?<6AGx^z5lJsFlQ;nzD~Q)siO62+ zS@+zS5)!Ryw~t`GxCtLk)j79x%e1A~x6rVL*eUfsk&wPklm{^96L1nXcMZP8z&_Um z_C*x?WEx40ceBqBN+tXK+q9eZw#Ki^&m{*+vK(AgNDl!@@)_~ey)Z^C2IG*NZbDU3 zK!`frSJUBEK4<$g!*S6QA#OQ@5rap_hgZT9y=s?QiovUXKn}dNa04`=|Gue9e9eAi zN}QU8ftwc7u@4^sHzH1x=-*3a_c^`$H{^YW@W0vf{&vv%*I*K`d;WSk0#2OY99jOp z8U0(SS9W#Fj_kbs<=qPL2HP@Rcz}x(}eEYlN^pq2u zMek~6^U8yT>d}B)ly~klc6D4XG!R?q)-+Aa0_33p`ZnbVJr*Mcx%0X1mEuPF=V|gp zt7K2^^xpH#*6oH$zEL@Ui)+_CBnP~h2IA8<*z=hP_BRi`P$GzPuGuPRgS_~?3;Yq$ zfbS_Zm{k*Kd;%bmr9h< z4E?~o0#>WeD%KEafJET-$M3t8sI@HUTSeUNC^}bYkR^Yl$ZySY$d z)Vr%*iLoMRGPYH3HJ$_JOQH7CFif$U5_jE_9XlBV=66rF-d+l3xAprhr~KvZTYd+% zJZN$}>}#!>iS})WnP`2~eGS{l&|1MB*9WyS(>^Og{!+kgI4(Dg+7w{A0~gVDf!-BT zf%UUFv$*E+^Xv@+#`#-+iJnrsqY}gZD8MdszU~Z2&n~=z)8y93G8Or9{rRYg)wP@g z3;bT*9u2eU)k8$m%?V|)_bLZ7~t)B!4sO*6(_h&k_0p#hs? zeu4mmMW{?X)At6Sm0=Pb&C@q98FSZzH(oj#9@2}|OVa$)+86sXx1BNMUfgMxg)qA4RxI!l#(K|z0cKq z-F8c@XxJ}YuQWa&v`T3C=8aLM_eFddqq%!Ke|>1zM;WRIcBbKxv@Hn=540Tv6rZ~e zjIh2t!o1_s3j>e(#1l=`wttf>p5iTH7On=#O3+WRDLsfT5gJs<74odfG&F!{IX%%N zXFPDJ>xrDO5g7dzdo9*5wx9vZ-3T;=gy;4a|%RAeecUsP1J8p)^) z4fk*a;02Jl-hNA6KMa)lky6T;f-Th>#Y;V_m(U1hyhO&*to^&wxDr9rSQCZ%{^t-Y z6v(MWA;;V$oZh$G%hw+QQk%u$MBKCdjgjL9Etx~5+xKh?N|223nJ_vNUQ_{tutzdy zlbBK@T<8carfrXZuMwnP?j|rAm$KAEKXI`og|i4Ni72g+Q;B_QJa!X>9K5WgMUz}? z67Id+OH$1N{~IZe)Tl(HNKd32S5I+7GF0_Tkq$^CGv}ptWTLMO%*^YSrQ#KP?)`m7 z>!q*tVCbz?sA$0DHjl`=Nu_1HuZwN73Q;qqCRCDAe!lfA{VEirAlm66 zWg>~=k*i=245`I5@}w>8p2xh!(LAc#oRQzA8UV*QVUB#bUe+9>NkV|eA+f@jmzHSn zsuv&<(Q*T2B--uO9)=#z%|=EHhAb*q(b7gYDTankn4^O(3wr1&uY_Z)gP&x@ujNUX zHi4pn%1hNhrNG2rC(T3YIz zCQ3x6O3mZucuc9n8U1G*`x~3#oap?9uk9T4mGz(9CUzd@bq%fDOdAljo0H|RJwk0w zcQ(j|y?b6`Q>EI5IA)&ih1@8Di&PN&KrL=rUbqik(l?d?XlUJE({okyx$UwBr~5j8 z&l@%~H{LJi(^+qY2eI?~;u#EA8W(eYN6Wh$vmurE;sr~ciqfXUrKX8XugmA$)SVjV z?((0KV;JYi4|(hZ8gIuhB<2;Y<*nS9R1H~0kKez^t@LdS5dT2|58~~K%Vk0{ z0cmMCFTl*sPw5nJOsQrUwmV|^1ODfLCPTI?rEH%qM#)?84jZ5JUwj``TqYPAr8+Lo znkgoNCuU#ajS-UrJ^Uaz4*NI&)>8Cc-J4$utvucrywaO$2K`HsBSvvkgbzSc z$^h&TaQTqv&U@KmohL>G3nm|{YI#MdX3vamrv7+Sz2PGMGZ_N|zhP{*jmVfJkJbD5 z?g`PjIB6idygXL7ydShIHaopp-#n5+bk=Q@nebVX9b&Ba8X$FV_1)D; z25xP~A7dgWSUBu`!_HBzyYD8iGy^at5x|sG>+mQY%HSNgAex8_@fcq4e~D9_QRO70 zSH?WAF9tZilSnSwq!0gHJ*h4AMK`Pa7V@D%AAElg$w_a(m06n}d8$v*Gr7fp<3+1Piian54Z>2v1vGMn%7rWOA$4@M_CNPJ&avEk}l=BAk=hEpL zwI_c+Wf7()Uymcl4V2k_+TvDdw%i0BW z#A~BcumCFoa@~Cm+B?+#_^lmIea6>x6RKYk-d|%wUZpqDf+-Pt$yafPk$mp7xcoSi z8BhIzt=l8m^WTm$2D?77X#Vh0+z-VR=&xpSk_2Wg(SQ#N5A9j@^2trHusaLnsN-s8ATu;5aCVaN4Tb4oHhh^=P z(azGRK*!;BIoBd>n9!+QRa{nyY@cc7^-}$)HzhVhG`6W1x&U% zgP1;iRhpJJDR>68DV13EyH0q7^O(_>Zo09v-o%Uz*NuR1E5r;Mka@ zS=0zVZalz~JvWaaRa`V7TF3YrRaOe2-^l>7I4V&;E;SDg9v~Nuo1zmu$$k*gYfuXk zu;IaGv?{2#13k@Z;1K%e>R$TR=`$YJ!{0ViV}*F9MQ9{92rb z6DNkQ2H%-Le4-J6>HK&GUwz~%0r!@vnolh_%vsWP>hc!tOYM;)+gpbGMqE}-S!ln2 z(qfNd9$mBo)%0s5ZOLeog}Z{l8xgOM8aVvWq`QWhvbCGdw3D=Pqm}Wr`!Ze;vc`y& zy8lI_(h1mKsA!?d0=5}xK90VsCtoG*b;MggUU0|in|fwp9-H+ngiYPI@qUc|B;#Br zB)u7adaqgn(0&t3BfR?bSxuv})hxG|uAs+U-5r&U7&^M`RmVPrK(_7ic{r)NkLT~d zj9aNn2-a7tmyIY(aZa&tdoklMx>w>|v*mmaRIL2y8Y&7lyJXAxV+f_Cj|oQ|Urb|L zqaA`6B?l(v8`DG?Dl3}*W!dOU>a2bFp*C`?-*?<`V9xy#LW2a7s|6aUD8*`nFvFB_ zO_oeuoUYl?MHFul1wJt7etFLvSYfm}`sXz|;66k3heYJ3!n&J@?yr;D77^2^HT0EsV-COgdc^ z{%D@5Y%WeODm9a{8nE;70B2r7-BTSw5F-Mr)v7l~(O!OR#tT^rqZjEp2~GXNZGVuC z6eBAb*u2VCO`C0So*wg2ZpiVno>h<5VWI%OQ1g3AKPyM%{{fcTpTf*O&-xd;l#dnm zF#GepizF|d%cje8ZV~vi!|u62^Q*@&BtI88`V5z6=w#aWW49Nw^#+Ut#aVNMlUMp$ z5|TM_%mLOYAMSHD=;hqDDcq44-sAmHu2Y!CV`i^tN?1J=O%`{g8CW{Xu?ZEaRqOq~ zE2WH2MRv9s&+>CN#|`m9F^`qSjZTeW4DG|$K!(Mw!R!PGwQlFg*OzOZNpIwxjI%N}_g+2RXk9mMnwTl&T3}2?Wt-=uQY!cK8pt zd-TBEZ^I-*0%N!%?@~cp}mnCRaL?Cy+Xx((+PQ`9_#ZXc*ND=kOZ>bo_ znjK#TPE5*VXX(hU!q%9`x1p8QOGUM3k@bTKMlQbE;P>r1IS@H`@U{|4F`ZzwciB_p zO?OsoQ_L9<-XngmAi>=PdqrU=wkP4f5e8u{5BGJ#p{3zPQYOuj1bd!>C%~F6K5ty0 zb~JN0qfrT;og3qoh)Suk+S4cGyJHZ(XPdORoRr;WEz!mL;ist;4CS97Ut)1%^(b11 zGL4rI5dM#04F)dav|~IM`Acp|%akX_o@u#ZH2y?2Rq-6d*^R*EjTmkfyuX5ij%OnM zl2?AX!nih~z)vRwDH3DwvU%$3-M;IO^vmURV^)GMaOvX3nmYUOHyFz+YCEp*7}Z`m z1jV%rm>X~Q2=zFN(uFBN_bf54YC)GE&I=kDLGKD#Q|@SrJW*dYcv@&+D8yUGodz> zZ+IG-*~5WtY;4v!!I4M7HK_c&*33^kg6`+*o{A3Ye-Si zK;6Ecf%_tpcGM3Sh#%og5lMosa%_KT06`Cs#Mx&z{f(mhz4iYOKXi;WpfaYQ{)b{G z0BxZPqnH8g<0$`=Xbh;>&$RbX2;QBT`q04Kd<=gaNK72`U}a^k z`zelnWCIxcGk|A++Z#!73Q*_o-)j2NH0JJhlIJZ1AQFxb)R@Q7IQwy;yT0_PP@Jp}}mAYVM;8=d14T zv_~HAcrKZJxaVEZKv}dDkkB(dR1(^kV-fapYZ#ssZ_&f!E)r`HSp6dCWG8t1J6SRn zIU@GgP@q*e@C7m|j%*mm`|Qo9Rh|?B5%#?%;cs8BE26cVe`(J4pn&LKp9VVBCJNP` zm@ftec#ts{bX%da(dpfivAY0n-DGLl_FS?S_C520@|U1Jhq$wcD_PVl(M=~pdHKzg zDQIiI3xbEM*Df&L${J`Qa;&FYL@6=(@W7gI=8xDBm|u9=J2+Upz*r?7o`&s(!0aUw zq|g6TX<+b-^;YYhb*a{%DfRCk=!y>yG-WoQdSAWz-alyb`|fN|gMawY;kKU0udIyr zEOrra{%_xUJ&=~0cDPxTSr0p|Q+K=r{A+u_VBzMCF8!B>Yb*VmM0Z(`0(y7R8sd0IIVH0tBa#Z z^O98)N*fLii~fguIHQXLLypoj40(Gw=A93HP0k#sE%C?v#kL^yT>H z)w_oWpr}Ja`^)QF#_t%>*XKz?#?OaN#^*zAcA*upP84={0d09%34sp#Im0|pot04NV6aR93ufFYQC?#V5&wtIj{86PDlPO-Q82La)y+tvS) zKXC~i0^@QvOn{vp4nka6t{$}*b&&3goz&lXPFH#55Fw|(U0}yqEQ!f+dS%7chowde zeRtOV$ViLZpAUFXw;iy6V$MS>UI;(|LXn?cPpmd=rPUslq{)v`{9Ar;Bk9p-r65?NV!I#bSl+cO{$DU-+1LAx082lKdat8Y6Z zm2Pw)FOJ2fUK<@f#2*U}MR0e>qCWMFfNV-%YItz}&Oy=XQe4ac(m5O{5qaT-x=7hb zib4HDnW+oyqw}U57DFm*QnLZv$+r5!uHZbPg-=K_AuEaa;C$LaMDY) zVOZCYvPpvi2*=@EQW5`qe8am)VTCL`^HV~H>UkC5_XvijUWr{@pL-NXBJ%+!m0=ek!LG?yS%9etXLsdq#`$<46?yCLoUs zVaY%4aql?)pBHrc@$7`^gBpre1#$0(%chkVWg)CZ#s=oY}EH>6mCeRO}22Y)hlQ=Au0MgGmZ`}spoI^saw za!BqAnAB5n%{zlqpK}q9R@S6JFRWeQI4O2hYN&?o6m5V6%~-7e%}q{&FzBJW=SLbC zU#!}F1f}&;2ld3LQZKb`=!bB?R?1tykqrQ@!9mr433#q))-LzD`^JFc1M~UcnDgx$ z4qA!>RtQ@78}ZRIQ);)&MUD<_6Er9J#2}O3#*k_(pK`WeFhW(cO`kqIYZEboD7MOt zQ&bL7+0?-UX|Z;JxpxO6M`X=kz%|I*RT`+3W+#vgrzJ-?$xjE*FXL*9^Lou7G*NjsZn6_Ci#kp^0y{Jl07uc;TotwarHgLOV;2!! zifN_@k#ERrNn?SWw`{#E++c(znPSA$)I}7kU~h9!NuT3j#Nildav0T9;vc3D={OA^ zSW@w^l0+OBy)`=sbXK9GXv`9BM*U7tCAOY^py7^x8@&|LGiWcPQ}x8JeRD^sUnKvN zM;KFetYr!Orv2F0P58`6->%1q(dXYr#x6DnKuI5D=RWT~-VSF+)AiMHX(;XyMBr!nEYFV^4`}CSk zo2o2+2wgP>islqb7z^WK!*MbQD_7=7xpb3Jd1ntMGHC&toY0*Z6}YifIs5D$-=Q7E zR44jflXO5vTi{>8On=UF9PE^3*#IancBrGTII`pj92ENR_3r;GJ|*3g=w`W>@oC*$ z;h>#AU6&8~0k~fNN7Fif5LEyV&L2N$M-^q>`t3W-ungt|Oe`{-@;@zgy{qL{>>vCW Dn7!e` diff --git a/windows/security/threat-protection/device-control/images/custom-profile-prevent-device-ids.png b/windows/security/threat-protection/device-control/images/custom-profile-prevent-device-ids.png index 03900ea0f7ad781fd4ec0eda47c859b420053077..46e55e7717c017e7cca9d2ebfb3e4381c1ca28b3 100644 GIT binary patch literal 21633 zcmdSBXH-+)yEPg_Kt)7FR6syQdQ+-M7eP8m@4dGmy#){iR79jpM>>QgNDoy&danTj zM5G1?p@o`+H~#+T+;he~=brK2G4A`}egMYa8GEzV+Iv0EeCC`_K5A>ern$y=4FCYp zs3^bE0RS#(0{~<-S13tm2q*@1(jPK!o!2h`(BTJY(!pg%c@230;72?)-kO4ReAQFg z*c$-2(ed|(jGjw1901U}tMW=-FTet`K;!eo5rjQ$dpI0U&SB=}7-20CGyT*m>e*W- zkJRZs-vLUSnW+xnOTXHcWlAO9so#J|GhDHYvP<3-B7Y6C8nkm>wQznm%>Jbv**rUA zK*z@Ll1@_nrfcw%a9G|@7s^%$N+#R zufi_@0LmW#q&a>at-G#0FhLlfm|!DJ3_!J9Ria6!U6Y0!=vt-+64+j^jJ;;{#hOf5 z`^?nNRRM4ZFnq2T^r{%6$KuKCYcmw2if@9@UULHD%ntsJuRmUVf+Et2-vi&H#9it0rzNGz_^)cm z^UXg*xP&qW!kYbG(M{f4p|jjfyu2#090*IfSgxJ(RplArbdv=DMq3yaCY9cE)>4pd z-hvZ=7u~NCK|=fcgsO{Gw&H*BlmQ(_-3W_zleipi(MG_G}zqU{`RPP4`XC zzRK*gGW<%9Ji^;Qm(Irsm3DDFflV|#Y{YH`CT1beuLUABP^p!0y_o>QJh*M`tkibD zeSK?p{S)dOC40&!x$P=5%TJ#U0JvF(ewh2PTPP+gC%wyXy3sS#cCPemh4a}}Rkufz z9WkrksByAQ7C1q0r3;-kIFI{~g|m!VVFtG7Y0_Ifx;PKs@l}{)XQV5njfrQ zgI1e11WmV3ae!@2NQ+(LOv+nX6_Y2#s-reJOM!iZ?>hIHXW3z=zuq3e83HfP9aq#i zTY0FC-w%x_s6@MCfzXgvsf*LIpwz73CCOFGoU^8V!&L>Z^Z~8-kR^P=P z0xDU{{2(;&Vld4txJVmDgSz$vY37jp4^xif}F+4VVM5_0^=@)vZuZa8zUith8Y_)v>46fLiI zE?&d;EC<`xn{|o!PmTi&@|Fpl*@CbK!wuq^iPna@%TzlF!8>CJ^8Mute2>?`f@Oj~ zLGYrFpudtkfavEwz=CNn;C5RrtDo0t`Xo_>=9XXEauH57mI7xAkfZa65S*zA2M)WB z8{zMT)`uv|_{<7SoP%wGQNbl4i+0T*V6)M%IFJnRb5pb~(8Z0e)tRjHMYoMeYUNl5*Cg1@(66kQ>kwwyys#yUPezD{ zwp2s>PHA!*mgpo!^p4YdJR(v5qY-mGa0f_bjcJm-VK54`JbYa>@C%|fADY(7Mn9I( zh_KkVTxm1gH%ZXVy@?@U{TKKwle|}G1aNkPU8Ou5W-D_=~MG_q;uv50*0^}=}| z|CD8!w_kc&h#{04)K&MWT;f#W^yAib!b%LMxnbm!&N}aIU3;wSmwuF%l1)OEC9nK~1`V%cOY4DlxdurQ;L&c+v&sx@ZFGF}2ji1aDS@ zXSZc0w93=}Br$KE-ams)dHYeI2%j!OwM4(2{ZzO(m@2-2ZVDXuhcULkol!>!OrSom_mALvaisLI zpjkapoFWG*@`(fa3`m4|r8hs>n6hdkg%m-Ni=4!Q+=eM)sP1NYTN><6%xe9}X*yr% zS;79;#X6@@KxYIVNAHN#I!U~q`77+q62(~!6MMGa#F`@Ba^WXz&K=n4m|EzC$?YE) zdGRQhxIwi-UhUrxBO+u|TzS>@)4@50z+WEt?pRB924SrdO-zzuTVZJC0(I!R(5!F& zq5o76=_NSd7`r3-?Ag*HDH-N54{2oLh5rHrBr6#yr9OOg=?(xO_wv7{(76?WZ_|UJ z)hG8_zbx*Y#Xe}WHuG8*?|pkL<8wZi^%?d1SXw~*^ZKuIr)tva06PF-@XY~c&Y8HT zq2NAWd@x1y&X8g)HGg<(3=CX4G&Qe)>? zZC<_1yf2PIb5)xug*Yl&%N<8 zomF8M9)Z0rhV_CnPtFBf^p0eGkY~x8QU_+I8i-jttVGrMaMxP+YMRaLs9nd>_skX4 z4!!~HuSZW+qQCnvYV=TZoQ4|sd}72zX3RZ(x-#WbB(9h$OkZ9Tb&@UQ;DNE?pj}db>ad}ePs%eMkHx_&xsSZ}*ySELm9cOy&2;)%8`wKAw z6+@dA)c}DS^R-~Xz?os!8X6L0nsLdznE zOBS&`l}Ih^#yh9O`bggO?W2f!Of2+rzvlst5?)tebp-$r>)}Y1Gk*dMJP(!d7wn&7mGH=FEB{eem-FeOJZ^zhlLYX+==eDhF&xFZ&eAt6|}dN|N+ZKWckaT<(Eg z-H#^ptZ0LM{?z;SGbhFfj+NK6c%3p0ryyMj=I2jnjA$v`^E~PgcC{fild5iC&l{Lf z`3<*AgPKYedKf#Okmj!{y}Z1v4=R7!7)f;Nc+_$Lbnh}DZIDPOkGWsBxoZAgOizB# z^czTd&j|oDGP3^zZM83vLQdti|GHJH;(9HQ8xin&(zezX3}~k|GfWnHye=R`g2k5` zs7ZO=ivE8_$2b3LEI48JvSN~KzIcJ407wqB+Zr}Nhk6Rk!re8=CkcYu=ur8hhGDo~il0!xFMF8;FQ<=av?mCUrCT0T z7YF}*Uz#(P7gnII^hEqg9D@rObdX8HGokxQI$U?Q+s;@>`GFQGE*Cc#dq?AW)&Aot zZp4DsBmN|B=RRiim)j*htYKyjj*jl0jjO4qZl2>|IKts!P1XzFej3s{-Z&)&?GS#) zyq}% zv_Pt@_*FsVPD}7{zbL}Y_Cnv1uxYp&&E!$J@Uw9o1FwstgcX-#UioAK+aUGDxy+&$ zC}pC5#UY4@O0#d2ZOn=Qh0*sHjO~59$4?bL(Ia+4+c;sfS-IawGySG$J~O1y&aRFt zX2 zJze(s&QO$bWmb8Wh?MOSL7%b}Z{{u)G(WmV=}Ha#IV@Z+#i7Ot^ujjwhyh>a$ho|7 zh^1$Ul?dREDN>gv*ZKO1FDCLE-Ef7Z!Zv!~TRoLX9a{1kklf+-r_)KffRx!x;qOjw zG#g~kcbc#=2>Rz+71e($subbj=bbn*u~>NNH_JpD_U4;%yk!Z2#x8HSm6a46I~5tj z>%K?_K;}bHmi_nQS$#l_J;PVEm0aw`A2dhX&8dkq<^tk<9OKY*& z=%=%>_|TQcOTkCm3GMCjf!)G6OJ{&gZuVL0g!C$E$^@6zykA`wW+z2@P#4M4;UiUh z8yRqafpwb!yP$`Zg|8uD>kzoKUOTCxmK(%gU-=MjF)?yugSPr@kz|>bJO%qe=#<%? z&6bMmYt%aBf_dNG!gcDrK9yhOax%$TZn{v_dV2ORdMfvyMASX&C91GrxFd z`n+xWJTWfT%(qxYO+EqTVxZQp1DsDd$k6h3S#se$uW=P7+(MIo6SP!#L~6p9%=8uc z=+|DifLnRB8f(8Q?lGUfEW7(5b-)3|Fg%xW@Pf`J$kDFB07Gvk=M=z06HTb;ubf(_ zq+sBpX~YhxS@T`FJuqRb!z}~4?Q^!q671Q5k>UjU{hic0wU}&MW@sqqI z?kwQJczMV7xl2Ni-VQ?Ii}F8Y3kqK(Ih;<8r+xh4;CqMmmpPOS+4GTg80qo?HNq06 z*XlWfTnUb6PK(v0t2*8un73@~xk0TREyg8IRq~Y6o_3?XOuXUJ1CwN*KexHO0pe5* z{ozfYCJkeGI}S!&<`5d;nA_5m@WEn7%)%>zJ@ zVM*MSa}d2NbhCrp&*jzH0=<=QsA}<=d8ZKuYi{l$`Qdbq;bqT~XdbTTJIr&QrUo*R ziNZSscF;w1h5q?;vJ~=p2A`O2xqpVh?lvhkZzmH5tyIXBLOS<+%ObFHv!>d!+ytmRxAU%wNfarx z+D6sfH8V{&xtbXaX$Y_K$}{@$&OnWPBFUADjJ)yJmf%TE7Ov2-4_}WGv?L%R=HFgW zt?tAClh>sPHt?EbkVolG^?_<$-Hdncxfuf!Q}spYx+Llc+2%@LQZ4cP2;;4AiAe={ zgGRaNIg{CyZFG`4W_X3^MvXWp8vZ+9fXiCVVzqRjNhhPO=v}1BCGOFpoGRD) z=DiNn?KbfRNf)(z5p4pI`obV*^njN%N`>&bOCzC2)vM;%pftkL;BFDNR<_a_&+~#V z#|~;Ds6VBn=gwLhSH18QM>#t;)BHF}HFh(uRfl0ty}Dv$*xJs1mCPK&7Q$L+^cE@{LqeKg{DZh>G;d(r zG;gppb+mL2=RMLi#RI#ro@7jFOv$9Gd%PvURv%l{-(1IYVj#nPEv_BEjJSazbR^^!C zzE8J8JAKHFm`IS`je6(CpS!Y?)K=dAnGySC9`IAF*gqfeQ?q8uf9YQz{dT-gO5z6Z z{^7~~8zk`m8an*z0^Da(1;@$3F>eY$_AL<*Z~?%K@!zHJb(a~^xXfk6Gy$khp}GZ_ zxn>I5o|u0{PfGd!UWwGb4L3 z_@kp=KJ~j+M2f9Nx}YlI8M~;E;8a;fFrs_E<}mmjba@2Qu^cZeU`gChv-k5ekl9a& z?~M~*OX}?|wp7;d%#A*M@ic@Urkj zq4jcd@Bv%mI8n)3>9uakX+ouzxpm%?$Q@yCbk=or!VA&I2WpCacAu*3&cvtZ(d|BR zYxBoV<*%_DjbE9(Ct98;_Vp#)rCOBSX(+gxGr70iqv2%w_2MM{!V~mL=Cn_%QD8g3 zBe({sZ*LWoHCipCpPly2{N7KoXa9jW&x1vv0%{DT73U>`QFP7QwWrOnW=HF{k zrlg`;kjzV|deB#7FH~n#ytFeNZNt;H35U;(=sU*bI_vB290PR~7xc0hw7ZJKXiM1l zvmLS~{9gD5w7CrX2J7QA4t^8(g|?neov#fH)}&MaK>r552(imxEEc~bxd6y`AbT2k z8gstL=9mlDvZy=$x`mY11Ox2B-8_ovwVct?<7wPA&e}PN38&?QtJFF|J(b&57T2Jk z1V2WE&iq(%e~zrG;rW`V*Z7cp@tt>IkovXL_L*^*-_iEfNSoxkch{WD?pVRa0!UMF?0n+$3f;ERc%;{Ps8wbaFP5mTta0%x;fDa z3-n$Kc)Avm7+o^w7{TLjst@E>_IP%ZIqc{8b}c%#}QeghVsZmaI=eEJOb(^0XvH`Dj` zKK8)^NpMDxFN58tW6n#FNpkuak#)MGNQmth;iEIWh7d91YN%w|*gd(lec7`4I1f_X zcPubnmP5|uI#{fLnSDuf=%OPY z{5s4itmcLKN`J5?kDnRw&>6e2&RD$QTDka~Sd2Z$@?Q+}I$cd`@_&4RAGzQw(&=lV z3!IzC;V?97_Z}Zr#~KVd<-Nrk7Q0`Y7>A}dm1(40RjqZGnjaQ5g3H46Tm9IScU@|8 zD`M1tSnxPnYV7b)bqfW7VQPQ1$#*)JI*e{rEY2a7Hb|?EWi@;&UuF_vbu~Uie6dgM zQq|lY)UlJ0VMPxXGQaYY?Kys6^X}bqtj6(|xkN4+y|#;vwiM1o{3p_wZ{}%|o22-k z>{_Six2SCK#4cYiAH9R%oC&GX|9AKCmy^6`pedN9I0vs#p|<%{*`h zvuX7DbS57*WlVxkBCzqUB^29Iju&$WtDo+HltOVI+XJ_1&tdiN$}|7(X}GW5w!~4? zeMUQkP`)P8yn(H|WfJaDMANTDT=9VKHs3;UE*h|&i-^DZOE)xj{0H#(x9n_Qw!mBp zF7RK~0a00jZsw7&!@ucm|NlW3f#D{1(b!wuP4)cAuY(IqN{Ebc*DX`uOu)kCK7;$J z)HCPDMk>9RcY)X5gHr;%384A2sF#n zN9B$p8z{NX{_sJSS`%LwJDSP$iemcbUUlPTBfZlPgC9;!BUkr77aoup4C7qSByNGJ zVu%rg)0F_;;N5nr)#_YAg_-w|sF0*2ujScz+RD1@1^izq<==>qPS2!!Wtwmgtw23W z9!2Af{zeuadzlxU==p@8_NkX9^|(dMhzt;ptB(Wks{8b%hozQt z$kIQ7%D4x@AEz%>d}NP1QnoC%A?_?PMn(p5CpSN@A(bI1)(5knwwCzP>^Y>lj1N$G zrxq7%t|d$AcF&PgU2k{b>nx^!3X3$F{4j~MpbZ5F8A=SQ^&lHNbDLW=fAkqdXeZZ0 z;3MXjgP!;~>PH6FbO0|pR(|m&m~5)`OKxgSE4tK7iUmQ&<9*Er* znceuI@ic;i5mLw2WPxyQch-&b8+tW;BXU^K^T^~p~>tbHm$Pr1hW z#iF75CcU^unlNQMKN$}L8*_hif_S)Q_6v4uYU-+*nw7H;Qir1obuVZ)l>Pd*b=aQW zd%&cQyaP3@+?!JPQv2ngUP_uHgrwHt}JXOX|E3ExhaG&G72A z`!Xo>I~YCldU&rH1g@l?de;5e`mqsk&hD|)u)`DGk7X*A_eR%%JMOM~7&FNd(Z~89 z^%5&ol|HF0hR}{E!`d*M$&Be~n{%8l3xoXeedB$Z^G!QHhL{rS>q}tfzD7!CkI~BD zks9vg8hb%udw5hv#EeFaQG9d%1W9^v(R=>m?KNTZ!!eC*IK$`zhLMd zbs&DP$2>QjwG>bhlgAh)bo3s^K0$NOapp1yAFZDHhi~OkCPngA0>y#Rg4xhsBZW&< z_eML{-dAd%Lj>tF*IgxF9R05KItPVuTS|qF;?OK5zTv7x<5f2i&*v$>*PJ#5Zxt$W zMAp4o)mhoB>OK_wc0t);qvH)Pz(&3-{jK`A`O=k+V09HkrrEOSI^(NO;p3Z4pz|ZR z%)4CTVF{F4GJV0qy&MP?Doqg*Nxn8?gZDIr;b_5fhf{z0k#Ri+?`D=Z4LdZJC&x<` zv-tQ{2I;Fap~|A_REEbtI=6f%&r5b-yu-O+wTljC5ED`2HM73C8s>PWm?PH{O-bfO zpQzmG>RZCi*HqJ+eV1fl1gdL~qsS%%i}her>w2Kj$kn2WsZ3K(_Laq&=v;R*foJ%) z)5WjTfKL;O!zx=N&{eF@7|RP8i=X+O4Mlme3-i5&uy#}lJL&fmXrbajaTPvJ>GxP&5$=aq$uJx z88&#{acDrZJexC&dAdX~O`p(YD+4weUO$rv-9Ol;J#KkDEaRQq?1p`Ws1MGXChIpC z_$cudG2L+OM#T@ZJ`3p#awt6Uqic+w0DW_Q&~e6qnso)PyFe1Sf^{fh+Ex4UxXSCN zndtRb#r3t0Qp*fb@J^prXw}xWzaZl8@_T^2^Zf%d@?_D5()CXMj&&1%QP#D3?_kBe zb4?Y>&QP^ZA>m0Iq&R2KxYg77tl5$X-lgBa^uRV_Z;O@eLd&?))yG292#gRH>X`Jc z-yVn=QhwCWPHH~YYJ>d<>djFnoK}kh7n^@+hW&(f18p=_ZHYwph^2hykz_mE`=Z)I zqJIX+TyP%Gq*HU)S#eXP_P&hX{VRy5^pTgNcsX##;3Mwmnzg0S&*xd$9xY4Vpfmwk z-W|4O)!xWNX4Bf`XmsIwg%ZvOtp>LXw|KuPPqh8$i^!=6ws&~mEG#kOL3nselEA4x zqmt=-gYskLz40|3F(FxE)vWO2q)=}Cd5Rj35|5yAhhWHzZKH*Vpvtr5@)4iqDc?0i zwjfmXSEh*+=d;X_ZwESf2ltL|%zP&-)z7GqQOq!sHDd3EK*nze*-^?k=I zk^=WiIP9>qY4A3m_z6k5SsJMsGFKIe(kDP;RF1UOjkVLhZ+^-&Q~r-2-KO6X3`Bv} zx2i16k=S@{ha(EAiQ&-x-=`xaAYAUs_qK7jgWCL_pU}e5VLr;hnN$?ii4+9}*WaT~ zqT#e^=|5Jpa_<|R-=m~!8SX?LK<+rUoL1j6 zT?~C7N$7t-r9S$6w2~Zoo3%-Okh>Svrt!3b2Fw{~IDR+V;3E1CEU0pI_Z{BsM7pn> z##S~>RmG&uwToP<<*+Apt>UmK=#PIVqOPruR5%*bRWDMO_1Lw&=khx{K2#|l3L1HZ zbQLM9cN9gA8^uy@REj``{D7Un?Jl^-wQ3JpSO5CjtF}vi>HYnl0o6$!)WkrQdPEA7 z)5jTY=Tv7SRR=^=>LBGZ4!IYN2`%tu$vS2PgK?DnExlK|5leNW-S@E4PGGc$c~Hp~ z+kP3)f*Td)reblHC7XnrBLpGpo3hr(cz#<_Ox^a0vnUIql4=>>r5pv^c@K$Ra;XVB zk4BAQ<8PRi#wPIx4}+nrMpdHX|`ig+l0wpZB4G@p~& zA8}u8ceWvE>M&2b5B$DYV?+fFU%rt{NQqY-hOxLk!=F)qk(_EzlzyaC{>4Q^Do(}H z=vsb}GR7%j(>z&49Ak1;ZS4m5-1c=U_T5S5N2w)^SF3mL-Qkdm!$lQ6HK}5N;o{U> zZLwUIk1mUigPL0DsMvqhVz}ltUGM4g&k;5ib&FwW2Oj+k!pmb9Z>UM%{~jyJc4-o= zij;0SU%;lSbJ&JKA70ni3Z9!-DF;KV$f!RQ7~)dKo!p#1Q8K&BB)C@Oco*H_ohpU& z8pJr^)CL!{j$Gg@i-+Y6APvRwCGy}i#x<=-HFcb#UQ_on^QcZ@Wq(8odOY zhL>|RZEp_qHNao~%zfGH)7x}^E&8pdsEDIB2`13=W%~1By6BQ2)$GHY=iVYR?nJ9; zXJCzaDkUp{|L2-}a{_XW%EVmT$y(FByJ#v4`LJTjc83u31Cx$F`q9`@XPmVZLd6~^ z-v;D`Kk0FjR|uK@Fh5~d>%rkzG@h-=6kng; z{s!qZRjz|akJAMxUZWTMRmJUwAOef0_;*f^%cs<{rqi{(h77)-6+b`#rVeZ zdv|Tju0qwfqv=Ba(^B!run8U2mUIrh^F6xDc2N5y>RhNUvbhH&fOjh?@~b<2Z@Fq> zTdabliAI7{2E1Pi1fXAxgW4}^yE7SNM&n$}+*1h^vWq&F3iLUaiiqc^p@GR<0rQ@e zmm#(G^Nx`U@|_{k1jO%c%ivbCz5J10n9Lsc5yAD?5=gEuzV+8AsHv{rP!Fg}>O6-f zMfN~Fv6Tt^1%#>)t0^WV!6|8w>WxoMlb#-W-A$RnTS z?x1Uotn1=kL1;71bsgb@EHE77<# zQ$IvLS*08nuRPo0u9G^J!-C$kEa0aixhpn${~HZAsd-Qztm6xlVECFtbdIyYq`Wq~ zRhK$shZ{Kj#Aaz3FLPEpA966{b-3~7eB1*QGr_7K0PuTUzB_GWXHod=E%0CJu7zL! z`%)jxFIgNEZ+hZc)4;G+6KEST=(Hs4jPrbaXK(NADXFMNM|Yq<@kjwAZ|MiP+T7M2 z##if!o|ZjS`2?!^TaiRu)@Q+$A9o~j^Me?lF7sXgMwI_JPSSZn4LM`qOceM*n>yL}_5E;R+vyw2Erm({T z*4gpWBu=flJ)pErf>_Rtf^M$G8Jsyr{||y z?j4w96Iy@`(LRp%0 z!>W-xP3z-{OxHRxqe~v8LqKT;5_K<73!a@c`!lxjaDN-M+@0nF&121#$ueE9MXfleRH-4S8rK`*t9mQ~*x=Dya{sQ5%E{}ru%|LyGuhBH z_PDO}Jt*>UaXx~NQ~(i7)$C(L<>5Mz#5?k+hpARpPi;({BY{d-h!mu zt;sC@%ToJN@IJT{*f?=J+wcuhyZ*t1;i3QrQ69xEo)qn{pqH4{$O+N_! zLrv2-M3Ob3**bG6#4MxaDD~XS_HPDsa>h*0Y`&!!C)7Bt>8$EJ+Sriud&)1o>ddVl z&Azps_p&VX5)W%a*5xqNL|Q_J5taW{#^B=}Uvr2wHgLq-ob*WaK11}!NwBxT{lKN2 zlUH|2qOYk*&-GEuQ#K*jh;#f02y^^ydG`8#l!>TcpvX)~#7|jQ0bxm$EMWV=oTk5* zmyp=2s3kNG7S{4WCS(TZ9>>$Ham&n_%CM(JNVxgQROQZ~LH24Pg6OV%cf#VTo}c!< zHJcYhf{J&?l^)&kCZbKzD_2Z}(ux2}`d*>8L_%LQT_S@bcNUZ^LBhXdyv|_mF7G!E zkZ9_I$(9X8K`(QNxo0~Cl)9wgOY9H#U=BLZwL?SMxtid9tvV0Q4Sh-1G6U_n7QTU$ z&xVZ|i3xo-)SSq+pTB+7PphS?o4xQxi+(YB0=)hElSJzab*9jmuuO4YkHz!gli9pm zaMX;Mp(p=)(Na;dc)YZr1>GIT(abt01@nuh4s5*lUe~?Xm&V=e7dZUq-^K)UdJ#|8 zk=EfE+sXXWUgF=Ok#toJ+Je~>;VCDNRFR78G+GNbJz|ehd?Xcotb2KD8v+D@uiv=Q z4>fOENj3FIh>D^>LI{gTb@lM?o{gJ@_nV{`-C;FmZ?m@^^F~_u=6tb4-oGR#Y5k#b zvm9(dpHtc)38C=E;D)ac=){hf<92^>%8W%9xkBMe#U&*ewWiu!B27uX=BFRkRA+V- z2J8>?Y^gHsZic$V^%`IWnY?_#NBVDXYqwcF(;AxB(S{<-33imA@xhz3qV9 z=9ow_KpxwC6qOb7fYrMYM&q_m1u%~UP`KGH7)DV6nBqwR(si7sYX(p`TiQWh=@2B| zPZHr~!_fbvh?oB2|C0S~{~uES{nUnFy|k*+Eeqf1#7eT%QGF{Be|p!u4sQx2u!f)Zt08FD>3so=TX)+(bU%!pnoFU z0N+ECV&?vjc+enaiKz#?i?WPls4>35D#M2`_s^Cho-BJPlWubBingeILe{BcnajSe zyv^pOh+FB&`e=iF+dHQSl8jkN=94 z=A@a=T)ABO9`DlZgfnlsTqa)skUEyr?BWKWpqk<}p_{34xHWYyljMeH^ZqChNyqxj zt+Rj*-$*Qf7B*u|_^UKRN!=B0moMq*)VefRCG#jsSREuqmpnt8da)~e2TD3UPS59y zV%I(rrAIy`{3DsXBXKZ&zklbE7=aN_5CHH~iA|1ut$Z)KyHF^rRy0)ps*Z^cbXrTT zIHTxEibbj6MLIyNz#q?j(0=$*^GnSc|K$<*dd^nkC0PPm>z`ThT`twHoC@H;Uw1UO zAtf-oRtpNl@um|SlJckM)gmvtFq&W3nMr)YtE;A1cD;c|3KZ8}Qbux|pbU^vIrtUM zCTQbdmyN*R=NQ!8(*vfXqub%HBPYyWYB|tEzHp|`Y29g9z9A8~U+7NlyZc){aK}4$ zE1Cpywp6_7*tL;gi9YSQ7pJ+%T!B&65xx{vk|O*y=(q``5paoQ)%%AZ{|flWoA-YJ z)sblR|Ho#Q{{}by#}xlOSPaYFB7w|>-@kwGnjzLm(t7x2IAtls>;WDb$jBsx zg#Q_ZBJ~1mUMmgkXhg1}L(#bwe%Kczo|izF7(XfVLsg5}Ghi4*FD%1eTuAeCycnzE zj-Rt8jLf_}J`8|`sx+3e`M_a*65r6SqPbh$C;@}B)?Sn^;cTF<*+2r)NTbwUEsxYt zdtpgD?%C!vS1j>QnJ7ipLyK{9Sn-{crEh`m^RLBUA+g3iw#LhK4i-#}_)3n;Ts01w zIkqYJ4|*GqO|3+!eoyu`>y?Okk6< z9<1bLdFWQF7k|C4;-nfoqUQ5}=v8*1Q352Hv7Q=Qwc{1ni>CA)YQ8P7`ghzW^Ulu^ zr&8h{8xJ#8B`K&5g=Xifu=|Ud9${Xt6EoUDH;qxXw7-Djw|2^#S~Xh&-7{F2QQ>z6 z!^n#*-CuNA4}!b$&4p=Lqja8ng`LNG&@%VlASn{%L$+J14ylpi7e`ut76kY2frOgB z;n@=T?9UPG+o~&K#OJA7Ln{Gy+ZaYX^Dq)iz}c-lHGTHJZ> z1D~VzdMFmAeRHQOk$NAH4j~Dvtj2YZ2r^+TOsMmNc^jtqiH7)15lX7Kxd6AmL7&Qb zALF^>#mh>l9>KKKo`}_|!9uF7A}xmoWABwMJC+Dc+mlG%)VmJ$Pc6S%)qg~Z`Ivzv z4E&mwIb{VeJW;_b+rr0v14k@gpe8CZmuw2jD2@^rg=dW(Ck~ERV;yQY9ZN%>n)Jp| z)QQ&YNCy%U}(wGvXx>E0rgjFcfimd&d&QwE``#5O)etO436kD9Sh zCpiE-pI2w`*z!Io^dV9e>VUnNlDo3R(`ddw3W1=F3aEC+^Uh_ehoc<_gKjaTS5Q%9 zL-#-Tde$vfmJK*LG}LKExbz+&HQq}&CsRf)tqqci&ln5}-3Keb?E@_e^!zRt!t1Wl{TLG=#?OjN7I!40cHFNq1}VJMOf$oR1I?G z%bu66UdhMyoiq67U<&ItDd%s=ESxor8Vu~!%4$L?hQy!)eMs?0!%R;bHBO9t=Vw=o z{MgVU4Bx32H%YZ=3{7#S80fHY7rQ(xcV8?LBX$z24epZNQyl~&vhalRNW2+neSqa}3CH9& zO@gO??WD)qN97IqNsl@2Dt@ZQg_q=xGq$hdA3agUbtyzqN0Zf`Jb9WzpBb)^& z3=E|79#Srsf-T#pOP(2E!smD;gn<}Wok4u20@2Og-fmTHEK^NZBmh>-i~Ul_Zr`f3 zJ|R0hJ)Lf8V*@kEtiNSiHP*0gFyrxfP=zh)C`dF(BDvU?$>{Vl!}|;RR$FGfv!ic) zBob9kV>;157-Z9JS7%@S*}J9I9%}dpN9cL~?d)YjbEaV16LoO8Muz*G1Djb>GJ7>) zGSYL4z?Vg2Y^-kD6cXQQi0+(@fyV3x_7CU-OP zH=RT@Re@#~b5aJoxqv-)ts9%mrO$9DAtr~;D0ky88;V(1o88HSlRj^F6o{=E!E0Ls zu=1uF{#)ac=Bx=?paa!YqOIEg_&PovKfQx!YF&r|)aG>1?OXMEG-yoS-r@NX`p^iy zsX(i0JATjN?IydD%~*7Ed%L6Yp%f~SpZUI+Vf_wBBjBr#VQj)}v24O`9-qp>&R4M8 zxF?8DEI0qUiVxGl?6Q5Qhv84B4NaqY1#SdeEnYS;;cV|SQ)Eov8p!#%)wTQ95aM7n z^rDRQ3EOR;_?sZ#@**I+x&Jf6U#guGMwZVPOoFOz)reF)bk@jlxUrq$0|wbsh*gx} zUP#__w)3#yO?7g1R#hZ-S71t|FH~}1g03we2_Bc|yVS}$ZB#7@ztj5~FzCp1jGof) z$Dd3uJ+JL{4ool-E!KR#XQ{LcN4;%D5Gke6Ofj@#%`4G~`dvQ!) zS&JA*G4PoA;T0=wkMIawj;fyt12+0kroM8{J0sj9LZrU08_sK+JB5VISGd-AZ$#yK zn!DEMRb)^{mm6=l515HjwFpnCkD2j4CkA`3YBR~?jv!bg^@BOs;sYNf@!&Zt!@u3l!gGHt4@DobCeJUyzz}K3MO%UNZ2| z;U(JvtMS^Y%MWW~&Z6ZT-TJJK%TGjZ=;n4?rN3^qEP>T&<`0zCX_~r;`_2CH1<##t z1Rb?W;sua`X2X7XhuO0&j;z*htka#-;7&hB3ylNw^UV5I+gGU{TbozuKi#1FqE*sv zDNBRJh}2wofSpOXc*fv_ zmqQ3~ANWEuio7lp)_Y`SK{LRU?ztGT_qw=!f4ybz`S_C87}|V7r0%A1+nLLZjO47? zwn%+u&kpWqJkL~HBZhkl3_MNQ^bb9uM~E*rW~UjdRO`kQfi^ZBe2z6<0T;eryEF7V z3(mu4@;E_OBi#ZEE7MVMu)FZQHa$&6q12q<0M)dGd91@+9)3k@CzX1H=`HAwJ1)@J zn@&IALqBEx)+K(@3t3V0tU=fH*G|i{bq&9$K`?@8ecDn5>0s^Ht9dI&tp7g@FyVH8 zc0Rix77G;Qk?;*yW+micEr{tWytgYNj5qY;kIf}HUQ&0Cq}oilzrr{}cy`2pW2r6m zEszzN-K1JP1Tssx_K&kZm?QybC;!8pyxK)vp}!Pl=LTDLYc1icIj7HAgt6J_`DSPL zf=cb2v-yR6j(Y6rwB+wO!mb6I`%}mSBo{e}CN-Eak-02v2ucH2Ads=w*Eh&@>9UoX zHkh?c-^L_RX2rFNN-fK(cF7d_*4B5zutJvif~d@pD1O!3(_{d!V)$I~_C)=}*4~Hs ziLAx9wR*{_e_n$`Y}3gBFE5w+(zWa#gA)@|8c0nm7P-NN>?XWY-owH9A=<0DFpnyB zfumy&{P>5U+OL)v`g7ye3oDzF43V_&3Kvb(g9U13p*lm zo0u~buP*mOD zo<>Xx8_cSIym)ma7g%HH5WO{JaU=!i+}!>CZSAjdSb;yn%KBkQ?{3x#^^OW|mF=kg z2k|*B=33e(2E(qq?-ee3=)?BiPDErRHrk{5hS?OG?4_#!rWimi*`dlz;PIiGy;c^~w2Sb^ z>)ekYLZP)L^C*^@I&q7JJU#WL-r*y3!fiTfYea4@%Q&a+dS(ufNA8;W{Za}kQ?HtU z4uWX849u8eQ1An@n^vyf;JP6nDOtXuRPV3Ycm@3M+j;LuWt$xAZp2bKFfa2?h70{; zpj4cbnmX1&qrv)9HB>rF1}D3`rk194-wEfubM_=*ssi^jXpkCUAGS4026zJE4Vj8z54Z;5Cual|EJ#mcQ%Tu1?*+N z^#3*7EGf4f28Y_2lg$RvCg%A?oY=FMG~B@Hz@v4;UJ`YUoI^cC8dStktc&$4WR z=SSOnywnS_rq}<{*v!kGK0W@kSfq&&oPH1R)8tm3*h|0ux^=Ygl2h-i~zhWsM-8GW%O-iXW_kBnFiT+ zuQDY#(#{;ow|g-rb{(E2%TdHlwqTD!EjnmnXHRF3qFgYkfd<8gJFV}|PF|d6vqQ$g z${r3zH!8m6;$3FfGH?A^XD{Wb5PeJqaQl$6x3{cFD;U}7WgmI z^zp?tlUb$Ioi$g$Ki=kYqce#z5PW;pVrw+~#l9|Jr}m9(iIuadNZVe+h3=K5*duko zDCUax3`azr%vkw|@5!n^Vn$kMQGf9kJn?sZdyVE;t_K1AE*fh&F+#G(i;uj?pdI)!eeW~W zhbikKSo^G8BR0&?ytC#c_anY8F|5Y~pY3vnRF0GFxg#|%j*r+_2!Wg-x>0`8q9Gh( zwD#@-<^td|bFL;x!>MaiONK9<+Z`e4IgjU40qfQvLj5A8DJ=Nnxblyo{NeeZy7*ln zCUtE8(CKOR(h(|JR`a|Zl!ptca9AX7WER7YjDfyS`JpNWI(#e6tp?IRhZc)L>vD~0 zX(kvw#ED`qmhD30t7S=a{_0n{>FfCrj~_TL|M=BBw<9?Ny`nAo3Hc-DZV_6XcSzpJ z$zeu1<5ieZH4gSQO^yC4OM5-n5t%n{AL4(NbFR@)sB0Y8R<6nHY-FVAvNcI^+l`PB zMKq<7VT@rC!Z1d~U>IbIC~TD}+aA|SxsI4|H=$fI2#pyg*IZ{zuH$|=v)BG|_B!W$ zIBT5`XRZD5{qU~!tY^LJdEWPZe*Zt{`2K-mrI5%u6!Ok6DOh;JD`LYoMx=i8c(1k* z&?f**drl{Y6^`8KUl|&;4lS4Ucv=2MCwv_y(6{wFv(`((7oD(?XyCFlQW{U1T;wH| zMKg?FfysEY%ywqS=f}INJi3-#JI0>a)lcaCcB*>be%O@I+@I`a^S&kt>)))^(ZhF{ zu!uPSC824H>dmz7%&&$T$k&nRHPp^IJm^f-Rf8a6ekO&bc>cfx_nG}(C2~bK2cCK{ z`q}IUg>LJ1QGG`;fL>NSl?8GRw9p##6V34^T~#q8zw1*_F|Yg3&2%PJqVsl7qWW4_ zOz|>)FK4mboYM#SBSq^Pk*nfe6KnZaL0&WNuN4a72l;XseKy^%`iCgp0jm0 z1Yo;(ugTU}DrJfika(}tvneIB9z8>s_ewB+Uq%xR7A}n{_m&))Gj+^hyhwZdVp#CY zOOMxw%#ssFf5zHil8kxpj`(alKERq?;eB_%L2{>R?PQ3V9^ADK;Eg&gkJ*~d(_)!0!!yVZ=?ds)m8T|UpiTi{;--eb6 zli2pMP~vX*>}UUFsW;8aDMF~dZr#DPg+m(pCnF3d!z=q=@|!>kGEWOy?_8~%8Q2AE z>^(d4o;9nwU0%SFhH_$QnHS(TE?~tuv@0lo6M;pk|_Z9od)7xcjAL z2ADE@O8|coe#KhCt#BlYJ3H|+4)%;Jnuj`&j#_a1;i? zOBYR0xX!)uHT5T|bbvnzLb+C06&}O`>VV&&K5xJxRK;;!>M^^W?Q1G_DdX$M0KSZ2 zPafK>{@XN_S>Dw0Ou{WZs%|r(2Lqis!b{l&_+yS^2SFkkTayl&=DbZ0OzsX&^#ZP<`%Fe z0qcu+C5($Vk3=fFSjQ@&R3sh3w&d06MZibd#`$UGQ5_;`{4u%|Jy?t>YPN>#D9PS4 z#$;_gF*KVL-B*HrV}FfsXCDbdz`v>K*d8gd&41kMt(k~PCIuy9U_bYqCh|W-pDp;< z>FsS)*OP8yaP=)($Txb7icj?b$VJL64te=Fehu+aAJlw7 ztLD_*;#`2uL>3IwJl*~ztK2;s7dOk8|f~E5*?ifstU_3Iecy| zy-fMxt*>>(<%aG}@g)W2W7*0_j=u3koh{4kaL(Wim&WzUms-xESY{eiVYs>CK=9$S z1zIZW20c;!_3bIrcfg5J3xkl-MyB6!SVt<_@w_R-Q2$6I&`EeBv8y7R=zjlCK(xWL5+=Ne3(t2kv zvSp`$LrlE_?Ta%wd>^yra`TG3Rv|9C&(D$@JoSzyiQ$HMAwL~O-G6nrPO+l* zq->qEZ^n>~|M&G%2%qwj5berq!C1%Nu2}iJ2B%qRm{B)*($w050BV1Xx|nNVAa-3I zrpcV})#-#-mLxr83`!jDT{s$$LZ6tPy$ z33F6e?n5%-{(ocp4XX*h|upC3+tw)pB^R;>+&DUE~ovc1B|-?-RP$sn1uBZDbrsQ8T~%hkFv0b%>gPYmVBpqRY&-)yS0N=QIUuKm%pKX< zt1%_5eHBHO&CTv9lF?4k63kx&_|zY#b!AYOAz(@U{!ST__J`yY_5;jiieT|FO`FV zbttEoq z9ZLLk<@^;pLLks3zG`oJwC2<-B#07?41C^&p(XcS`iOjk-n>A5;D}DjyF7zCWTKHG zez%~_0%o?)*Y7K^M9{mcvkm$EywDwY4kn7o$mBg&A+kVau~G4ys*W-S{?ov@=T3#8 zYXq?3{~J+x$x zY|_;!2ef27SCwm|-n$?bD_U1YM;XsZN~(zV8G|Bgj&($%5gQT{(31 zQP)7^%V&keZ*#v&9KtFAo}DQw4HNYRmbs>ZpR(H?M{An}K?m#J z&2B4Ap|@R}O=%$oatiH_7$=!|5TX{n#$Sc7@MG&9Z0PnwdAOpX4#{AsyV1IygxXmj0eNx-d}Qe_^7;bsbyLZ;-!UF3cL7 zx#E*|+dE>pad1n2JXk3lsu!=@Kp%XK^fid@X2C6gPU_B3{idpB4EDEi>EHpeSYp893$ zh6-6#;7yOM*JQw7Oq{#4K&Uon#&r-Ek%Pz?NQvJ#BHaIgUwXOeq$#u+xovfKwtEsP?x|zyeSb$&D-*8FC10<J`|eK;-7p~C-3&8x zUU2XI?eCo5xz2T+KhTTeowc4-Pu%yt-arL8DZD%6cR(Nzp7a|DB@pOlHwc7Pe(M_W z$tS`C4DcV8gOZdOsHm564fy4T=_}b+AW&&I?uGtM;P>0MZ!{c0ApEAwAFMW;93v3O zAy!)Am5QtG7Q#EkXvAv;1%CP?P;Iv@L+VYeLG;L%GBoWgCW{J^x5bekp2-!sp8T>e zXDT+B=wN30ETJ9DE;0%hJe~O9L1QHN<%`uwnJ7uwcH7IDWMiw{d+sDAcY|?ue`EQ7 z|Jc2wM}}=8`13BOsL0C6S&D;=s=BJW)2zofG85NpyJjWHBR?;{w*gX=_kHRHU@R~s z)ghX$7oU!fXFPTqklS_Ha>?$mbK_G`Rh@j%5y$ zU1r=a+jZY4%#aGVr@sR-h}M>rJje!1t*T@9(U_k1<~T={QW{S#wzVIpBA4X(6KqiKi>%5_ zbUpv8#2vPpqab1m5NLFKC+sIT)zEw8DaI^9XpX}^wKgh{0Fx(29?c0p`a<1s8i0t8 zkrTEZ(O9Rqd3oR>>~Lnv3Nv2w$?qM`hrrvc>5bMZdlGpuW!}eq=8)1nB`YPo>2uAL zz}N#{A#|_+4E;Sk#cLVcMO^s&d-3dE@Pc)QG2~09|BQjG_3nj>unDia{15q=lba~Z zltkp=mXywj?e*SvD<@Yn+x%btoFa#T`B52_0fLL&=tZVFxWk^5$V2L%1m5!^BI}if zy2qD8^Ov(Sgqat!8fl!xP=eT z342tnqoasgkHPC?-ae~`RoLO{)-Ij&#S1K)*w}6OGAFAeLkhi$ih91UhNP7A&CbI2 ziKx#>dGQ6cl3`IuQgo)=OKvZ5&qa2Z(bg$QsNLIJ8p}ME7m7>e$WoS->cSYJwWwer zZ;@p9E;OIg{3ltB0BN5XiC23<9fmh)Y!(8;vhL5tbf9?iNXdHe^sP_L!u5KZRJ>Gs zbeln`=^vF7IcD;Y`|nCpOnz8Ww+HJQjpH*-@>rt60k4_H zF2Ji7I&Cn`g))lHrGqz^elYqn=Lj0&2&s?F%Q%|IkI&WoynCu;KMLR6IfhvBopo-* zdUTfI-|0wJk}{g2JE?hPThn{Po#Hmf!_j6L{HEyN)abOC)6yNmoxA`t+t(=#)=O-L z3@0ajL#8Wx$vomaG9KCvrn-(&r=sDth_RWMgGf2^*Ve!DpMT;p>mN1=J2lsGqb47cAIaaK91*7MSHMR36%p!z0BD>%UmM0)U@xgT(_>`AfPIrqsd%JoOM zE|ysUwv5$iQ1Rq`=397>F`FtaSA-gvPH*pGuRH${yG4-D{CoX2^1Y}$P(PK$Jt!lS z9B?!x+YL-_b7tVp%k^(Tf{2BvYED#A?6yr=)mhI^C(MnT&TxX01HhrA4X3o6~N241%icx+2rAo&N!WV1u5JP9%Zw+BY-ndnyl#uPC&9SWS zZb!QYec;-8USYd${He1X4om)J#b8kf_*zXp59SbhSHAe0D?;sk|>|AF}FP9m#{DD`-j)NSGRN zTS?9(_sw3&hF`Qebe|qiKpwqYOer|hv#Q1hj#LkAI9Q~L`?k`h@S z%apAMu_r9e6YfyX80;Q2$u&%$QPDTfeMiGz zSU*4RWM6$8e|OGin^$XiXf8(mg3V#ZZfPZKix4K%;?*tXSSlZ0b71Y+SwJ7jpvKye zyw~37(IMM#CZ5JeT{Ocs!Ras@ZTyqUGQVk{Ru$tEc-%v?(s|;)=wjlB_Sk@rk`+3) z*6g8#rAVD#GsC{MqO>T^rrev`CkCFa_1I1=;Kq4qPj^9)(`ud?PU_?^IKuG4c4$vs zH&?b5RIWgq#bcPMZgrw`6sU#DU)pP{Oc>+AC{-DJ>Aq9E$kgL=3_@(=JhEuwTgf3; z*Pn6b7lRUjbjq-4x)_1zszwEEepf_pO>&<))N8%almo_%BjbHP@Q$h8u z^;FYMazAEqNXbaB?HSW%FL~d~lX-O5X+_QJKhsB}IezCGU)IhW>G8_zusEZi0vf|u z@$!@7+0}fsRV|y+8%)jL#!2re>f;=Fj&+L07UHuBIjf#l;Cf$tMl606eUT4(3rahgYfH`poX90c<4UdJ);L%4M*q7 z=GQA27f(8|sdl_W1mW2`XGFjvi(ld-P`04I$xERr+^4GYZ+EK2lPaF&;etv`sGuP) z0l!R46O4>3*4JY-F{N?SSTSh~MjwQ8iYRAPr+PPir#^3%jPpi~Qe)agh6QeMCM6Cv zF8%B;wXd|}*P?eC+2GNNGJd@F(k;r8&HmuMRIrj!pKAUwnZN<(0AUI+Q@e+}f}TD> z_N_La#{zQ}ulB>vh?;WTV1XntUZ(Q&9VsGX-VDJF-{b#T3FQ(3K6lLLE!GyTr@3<3eb3;CWfzZDh~DgG992$wHl`aSRm1Oo%R=_!#qJFzRX<=C*DKd zFDQD^Wz@~#1UVKZ0!0_c@{WorVFJf`FQw62BMaePD@cM|h;{G24gKCMIZ3VQR6v;O z9Df_G4Cd^;cdl`^gc~>CE@#EwB=8@~RvuC3sR`ufNSuSpyCRrVu`)j zx?-&mj(1Bb5wS3DCk%M+7X{`8S>M3W!>vW86V{7y??PEL`?GD^X06jfB(2VnQ7CSn zq=cg@Qu5rX*UH-sW4M>h)V5PCYC{;#_ld`Re3+*(-?`_Vs=I%U!Ix>kh0!L7Ouk27 zh@gfzQNrEvS)W60g3M7(-lqh`2PpJW3$U^J8Kp64f} zwgq;9ztka3!IlRBMLb&Fa0$DCwmxBGfup}eRO$r!d$5gSg?MY{g!tKSzLg~X$#d`C z#e%-ssEZbXtxXJ7_~O)D-zkbhTqe?`)7rMyEhIzoq@cwkPu;!ooL47NPw@!Xec5d# z@ZinSh9%_o@>*_PvcnebaqjP4-XplV!$4bcjnr7d?sTr;tfil8X^zLyJ-Kc80E$WA zm>?c4ki?UOI(x{W65#aet81MUl$yeCv|e#4rMTF3nL_EA$4V`d$E{=6CB}1}8ipFG zO%rJ-o+gUi*oIjRZ0R>ms85cS+Jd%yUYvMP=AN^U)aPZLc+_Umaj)SYSxjoIBxmnD ztJA4)Vslx4zbQhxLL>-EW*(mBDZ-0&vU zlsLl)o9D5(`(q~q@Y1nq)e0#^z)szyoC=ViF1qySnc{@U>;>$P8_t%_J};f?Ch)3c zL$hRbNW8Rmug8KvM9-~i<2K)u}M~cl(@8BIxfsecbmWp== z3B-9v-U*RD3XAJH&$V#q0!l)*?m7cC*KL&)n@TaksSQ1$rzk|Rx_6^U+9n5GpM2(v z0@U@4mwv=ZJIq7*t$;ZM#o&UL(mEBUg{q05W1H0@(+)FO+T+O-z)U4%iyRXPh|G$ zx3!;w`Y&sKDhZ(Gzh;_l1_#{1Q2i2k9Ik&eRs6sHl$J?>X_=tD$U%-0pR}GXPBmaT z{s$2NN^_ROeIdO&v-gxwh&e#De~S3z+Zvxt7XDqfgF=6PX9T6P%UFRv;Xg6LBKNrj z1N8stsq1G)7zm*D6L?9r-nx5ZaR6FW)ksq6jSC_*m7Jr`DyzwWMeVy#55`K6O3zYd7 z=u>~xG=1K3JB0#vNayVw@Au%#nR3sF?MkYCICv%h*1FMrXS;YCqH;0&6dGaNqCwB|zVsO=_2?2Fi9h>p_OiHc z#h+q(Z^9S3R<$;=GbM7nwd_?Hd7sn*-e&a=t8U}*N%B}dO9A1KCQj~0;e9&ZF3;zzh1*&J(NG&mqj@O z-Odyt8z^p%XmRcoBM}-EUCy}vvG=wE zL-27yFIpr;WD;^N*sET>wH+-VbMZa>W9oRifOP!|wyYHgLkhT_AAMIf)=1H|!hP1c zY|2CMmg-x66M^IWG=A$UhIV(e2`mu1WEp|RU_leSGh6u^dg?Pou{#f<6?wZkXvlY7 zeONxx-j^%`YRF0B7ymSDp1kvpo~B*cf!2EV8<42sB`U;@jA%)jICJ3k>Lrsq@}v>L zA!cx{lwM5>9FjUOJA?0BoyZAuJxtFRE;H_Pm z!bn?cU%F5BUi1u*toO+-yvk96;!HhGx;Pi|C7f4KgW-eX(5gZj0v%#d!s2KqUvZ?1($Rat#;6Vy-tFFB&md#SmFc!{|V#MZckqp1Z}LAwmtGV z9FRKMMj+d1!v!yPn+ODVKTUx^q5_woVbDq>v5yO|Z+=3Mp#QIqE)VH{frC{Ktg+OGGhP3B^=#Ij^3>q| z#q@r<79oj;gTn!et}2W9XvKqjtKSY-zjxfcMtm0@5KmM%8}NgcVDt8zn+s3c;gLX+ zvML*O1FJa${L*!|a&COV1L`N36a&wnIzAF?~2pK<7eYB!Ht&5U!|6qI>r~ zx@AV&X5gYvwflvU;z?f*?`%EC$j*s;(#tu`)LdYJV$H4F)9dYy^cv3R!XKd<-xI$Wsh5*E0xlh8CWbX4|6T;ltevU zP2KGtmM(ehk34!B>wU<0I)CQ#D2Z5)jNnPGSv?h5ofw;Y;@|t}&Tc5}HtcxyVKeC= zC&%QHUZ$aK)NLAKa8I+e=J;hX*pf#C7}51Hlfy^Hyw1-X6~46IJ&KwU*gEY;?XQn!DgCA_?7uVo@!_|-xoX2$&y+0X0PRDgJ7qm(?AKQPE z5r+mBh=qm8lNZKDUo{Nc@3-@8UmMaEoOI56xb7)G0=1_(?_??-eFFk*O##evc+dA(o^y8uF?ObXx&~}| z&>dybc7x941<@=qo!93q=pZF+jnM~^s)YhO^+PwGQ}E8XE`;VSCs-6+qS2weChbq2 zt4J?eyR%%h*1VpNW49{Ev5KV@=Hj^tpE!x@S$J>aFwXUXQ90($(Y9!Y0*#9quXK!$ zq2$a!$f|IN>Biw+z)Z&-_MblDBGa`SW5u&azpe*>7xV7i(b!Cwe?o-OeSq?hB@~Mt z$7j5MwM3G>%qCXg8Gq*5hehZ{NeDc$fN4Fyl_t)|<9O4~Cx}1;wijws?Iaf4n#gYS z?P%MD1>JcTnnsTv)F}P9Z$Uzi)O$H=)35kr@sqX$E9UX@k< zdm>-vb9GS^SUM{dlk6aCAbH#sezbbSxkkvbeb@k)InRy4!bg$ zYiV{{Zk@h8Y1$@I{g{9eh0}{D_u4M{qCP&dv(2Yhh(7(9>CA2B)PC)Q%GK#(uLzy* zV1U&B{*23$HQSMHp5i)xd+eGlw@Ev6bw*1`nv6?}jJHOKPC6%)M2wfOoOy$IFXbNZ z=jUhiX;5dzXTvK}={#SZN}FVON<_YTzLXtpfj-a0KgNhIj|avT)t#UcEBg?b!)1t| zQ{nUJa-_?w*G}}*Ca|B9|Ms%9?#C0R#jtbp12nO0jB4nVKQ;w}(LkE`-P`8#I8@|^ z-5&gRsU=m&H+=RTX%={nXrvkB(+eRiJzYGEOn*`n8R+SnM$vc1M3{8xwlt~4$BAuUMaQVk;i7K z6t$Nl5PHG|_uHEYL@s__C&+oryM+Z(U=$V+%PC--efM9sNYgg8mgSXeL zO|26U>OeQHh{{6A_WNb`$zJDZN-Ywl4G#N-W%2iDJ+FCPpg;k>cok zX@Xa8j}_ntoo0+9|GQthJmB}PN+hnKh?XThj-p$0zH%>&y7fELeorv}P_pt(6I7?! z(22cIOAO~2&Jla@)>0GUlap)dK%6cRwBNlUu%mmPuBD+1MkX6-IeUE=I<9G8^BPkn z`)k2~YD_cO1-hD!N9~z>{;cU%qU=}vurSf(jr$~-gOj1T=Wnt?`-B^(>iHtVwz)cZmv-N}vb&s~<{e`&YRNW5DrPJ#8UkwZI7!Bk~e5Gkr)A%^fEMX)61W){~jYn;TPoYPHZcf$p zF|H!Y&ktPq%vOA6u{!NmL%qgk4q!mLFwe1%mt7b#=-N}zM$-dHj_FB$O#PA>XCEI;sMk6!v8&gVZ( zvKnFCIRsXL+8wr|_WVEQ1BJH?9uQ&v+P*;ElS>2a`o|y4#V3XXsc~`Ny(2y0O2NC_ z=4uB&{!Ut>L-T1;Gl8c^FC+KW)79kHG=qRr26*(U*FTStQ$b5gN{oU%+(W{z3he}; z3Krmiq@ST9^YvJStZfDg?{d4p;~FxTy8snrXo$Em5NLp82(O}ED1n9n)Zl&`_ie#Q zgq%+;pd2`v0hoHXjnP8P5ga|X0`Z=)`g!SeS%4GeceQ@GP2{}{d&Ib{5JDlR1v{L4n6yvY z&pg7Pwl;^!i&NEks%2ODorvy3EmG}lg}CaI84s%;>7H8_dQ&hjI#pN zZDWTQ>(B((E^=;sVMVDR`H=om=C~R}t+ELtI!2fMwmG0Anto7PB5Fr2Gp+5(igzQ` z#7&jIWI`#S&9gW66!OyX_UDoD4@QPx^oU6*TLqUwc1X;ZkzQw7rtw1OeaV5LXY5(Y z>(--7-~)mN;}|;$y@e?{+E&EbBa;VXtcYteL;t5kyPBAOB@JxFi+O7vnyy=#51^}E zO|HfdS?L|Np$b)UtT;_e>GxY>3RN_8T_*=DwAK-cP_y{xFPP(5bRw>bXZw9v)RF@P znPm0lJCF_A&Aqw^-6zPLA$i_Z98gqv)^mRZ1~=jD)T2hQQ~eyN5!O#l(2s-__2O?^ zs7^TFkAe2O9DiY;#nvB#1+3mKnB*+psRx$M+Su)E%O%We;>ZW^634JZ9d+Z&PzuDv z)J*8z^wSoErC2N>m#`5>99+#l#}flYRhJdCqDPvY=^<44+jFjH%L7837slN+B8u2d-}S5OI}!; z=hdt~;AMaZsqyDb=~B^Kk@`!w9>^MHGUdx!Gk1*y3UzrU%zz&Zsq)-VOT+xExy*%} zcJI`kBZOA+N2saW;aPw$SiN*=EHTFSTG+Nth@c^<3(8vdZu}I0LMK~Rb5X{J0Kpba4cdW9=l!~k~cu}&QfbiVpyfBE92Hwe$Sw@zQ-W@BhLcIB}cZ{0_7gh ziId)d<2l?C@;148M?}NUERYPMvw1O#xfZH(SqM0C+ar701OQf6eJl8gDwN{^j9*#j z`}pu;oSNEmr4FNK*=jXo<4-ND*L2>CJ9B+n*ZMw-)vX)*>H)kuQMUcXHL=*e6=>L+?O|g&z>QUhl)viz>O} zeq-;4XY6^;M}75l-6Zs-^z#|J{KFn{Y`*7;&UhGe=fjhLnQ@mbp`9tf>@JsNXJ7;( z&hvCtuYj}4uaDO&QFdFk+uxleNgn1@Tx4C!JG&8h`(<2DsGWHzox|NCMW^S)6sk24 z>jy@C8uIOzP7Yw7ZK~(|!Em@2()p;r8V^*@{Dl#0$D0^oe8ZQSGdZnfTMb`hS})98 z%Ua}mojhh=CtJv65v(3_=}+~SP1D`iyXcGA&(_3ZAvt-v zBFO0C$&~ImGQOqfrMa6Ax-=XzHI?NnDJuFTjsb9`rq8Pv?bcs=vEK#p+?TE*`}FN! zdxZu!h<9V7JolmVdL{IGiYXT7zXRAOxl5E2!MwK7eNo5ApkGF}HZLqFXq4A`d`~M# zIQ_kYXx>|NXp550BK1p03JVy9N|6L&#B+0&b(1!P7TryRoxcg_4r0`GYgW^PEi3mI zqvW?I%GzQ@PHOrJmm{w;%KvLSkVJ<9vF$43HSwa?6lghrd%`LAgGZ5&$YN92wWxP_ z?niLf3!`{N5v#h&5mXR9G@G$&3w%Sh9Oaa3Vdk9HWxtzOs8uzoA_*We)qAZJh#(E8 zP*69&(V4sr3|8;CzBYz_rDhWccVB2(Ql3IT&-dP%TUrXhc&PDJv>-M=`ZD(kqLt_N zOtqaBswo78#r|c~=u$GX`3$!c80};QRULTDvhlmIWMkryL7jpUOC!76f$yUU%e!?Y zc>?#B6bdF-ZA2|o!L5P}3?hu>R#QA=(2D@fF10o-h!bCfbqX`H5g^xq?hPzPe}qZ1 z-SlPlI2Q44=l5(@mG4M1O*uUiM`nGS{>z9$VjA2}&o5JX6EJ=4Ff}@vxwK>z9z^F$ zTx%nCgGBLROHjVSmv#|}QvWHdfm0Jabzjd~ijsvLl*(@F81|Aym&Im{;5cAKwh%37OSArL+< z!#TWE)w}Z>pQ(F+f_Xwe>SB24K#aY5*noh50D^c)R z9Q)*ERizp9tND$z0BNN=@?q2zKd$E}_VAGTy-fGmOq~*d4XRC4yvM)Z`OR>Ghsz2< zI@^i}Y{CVfHc{8gWbVtwB6o^0W4}LHcfR<##)1R4-EA17_L7W)A1&wa)O(>;98txn z6CxWH$TK?&2{Tu=(g_GuunrSG!9JnLaz#vbvBXA@Zv~?uG?8?|ALU zkRD^YC76qPQc!(V{Pv6e4#<-W6;-(N=2E7V^A33N_d$Sc=JSoWV~0P3w+*H0qi)7? zI3)u`-{4@2P^jsbOR;9J#F!lU`Q7wK!Np!%7Cfpz9NQ1I@ocI9eE_!1aIA>e)||^U zYk`-`hWuTW2;9}?EJhElJk{#0y?WvT(F7w4yR>JW!3@F3x3Nv~BFDeK5C|Rqo?*bu z6m0N#Km?6C>3Js{c9+y+ADyjzkry=G2x~YV&ft;ZXlmhY1p+asc z`@O*%6C5&1N~b7sQ?zaqQSmAQ$tc5a)~2c#o*B%H=E)D5FI* z_#QM>0)U~-a+$xx_wLt>QG1x4b?Ef9k{_TS=p1DCc^#~|%mNAJ(Q&TFws#k1Lrh-p z;vmYVA;Wyu%X5sv%AMg|`O0qxegiin>9(imTIw?029Z&1DXxe5sD>&LkHd~Q858@% z5mN}@y3T`bTtrUW7vLo^8twMLSdflv2dr_bcD$~hSF~Wl6~Ncw71Z8Plc`i%Zy21< zt}{FtdlT`x&`;lS34gX%t;Oz8)GolFe)kt$nNz^Vy-BRl=I@N3Vu3R=PwG;ZO$ZHn zA}=@krS8|ll{~qhSuB?MygxSxNti?b(J$;xq^$(0to3|CE_903UtaTkuW`KgG4#8U zw`da}JN|c~cSUTNP0|F*y^!I#zsB=q#};oWrB?pdE1>2ivye2^QxP%toj(usmnJiN z3?L)rD*uUGR~4l!r_sdRjAf(|?Pqh$v;XAaeww9Pz?YX?iy%N^>w`Tn^FZ{SF`2|( zaNUFjF_g>aAM1z3VyX5Hg!6RkE$Ei^2@smCPoz_>l4Cyn9jRigTo;?pbbTdk@~=RZ z_pg-i51NvHS7Q_BbBG}4o=hd-nDGOHGi?1&_r9)nvcOC!XPs1upYRjn(B^q^JiCtf z?^(R9@%rZ_Z<7jWNjMpzNK-BU+9iKyHvcyk_iyM3Pg9GYx?%}Hf z3f6K*JNbnPARGIK9agB+(96b(|F#T-ft#X!|CF=wlYc@FQ0G?P2LTT13P8FdO#Uf` zKex(Tz3Vz~=nA%`D;rP5buSGqN&#fw+@`rAkjs43+ySbJXYP`Qys2NT&q)rzP*<4- zzzG8I1-Veg(MsIP^2MM-OiGxNK@kmYRLe|#*CnQbq-nZO@H!>M6OEq;je~aPD!_`t{>6HkA^;M`C4W3KtG4DO{Isv zrVo2Y+4&2(QUm?)bfEiz1TVKY+2A2-D`hvOD*G}EwT1T_TD?K0B@b}cfAGKl!CaQ4 z&UdgubVwXSUUWg%cE$CN&>9l*JiKj9N!^0G4_Dslokz;5MpL7A1IBb*lC>tP?U2V? zMT90FLuWc(?2_inp}S%Lf`h`L05yUuMboO(LLKhDC)VDg=Rx^GJyn&xKkzGquUvrqPI#z}$yTv}`j_0QT3LJxR1~=mBJt zADhbUBQ!aw1T`}dso$V7(O1S5Do>TXODX@I5$CFtmZw}1C!+s=sUT>BXyB>ER?Q`2 z)5QkYF7yw_eResiK%q-^b0l5bBrXisAp7a#LV7Q-c8im_~D_=k=XR+ zy1)I+wo2(San70y1>?$de3+7=Y!rRvYL|IFnuK zJ`!6wsARP;ZsJgBP7$1@{p)+D7m0P&hYbU7#Lr7Px3n=L|w$ zM%RYEefUaBAU$)osO668e$NQ{C_xCnPMY_A@=)tr_wvd{Yb9CPmK=P_^SMzSI2ct# z@aW|st-548^o}oce4#o0+e;v~e=@fxX*-|`%K@s#*H;w>+B0a3oi}+`h)ju`d6hGE zy+%%-QpN9{aDFrGXW#2Sa54&%yKHL?kQw6_we1Rj<$Ogc=m^gzru!vT8@H6 zEnEY)s^x+6S;H6t8_`3h^pI_nW^J2kK&|3C<0T&XDnFaYNsRim%!^Lwq>t@-vzpY% z(=mLXhax<;;)wjM(*yFu%%=ffjz=jMfMI_6T)&*iB^PM5)R>6xoJ*_vVtAqXhdMrh zSDK8G#W`b&y}%Egvo!8eh~cs4g{{t(8J~H5^-oVKR~<3ucp$lVfsBZ?b~FY_uYQ)-_w^EGQX>z4r)8)U}Qa0|GuN#aek3<`P1%%ri@&2f#Tr*$)>=-QNse)XOqgD!=`rSrct9k%iirbu|lY7NsXsDf?yV0o2rt5^< zkW@|9)yv0=u^6(oBV&^rg3`Zsyq-s{9^}yxkY_ zIu$3-MNKC$K`2~#?UXi9>c`1aLQZRCJV7S->u3?9|8dJ=wK&57d#uyY`@#+JK3B_h zvq>br^#dJJi}{~0mjcJ;N(FqU>pcF1^E92Y`|VB})xVT0_T3%_$dRjusVO?mseKRf z!EY$tne>>+W*z-6YQUG(kNHJ>|9aG|5nBaF`4_!>>eq@0s|004Rl#l4kdG&k#>Toz z3?&qTIuRim)lOiUZMZD zdAPJPSzcBswMwzyvAsOBlT=3okJS9`M6;sRJk_@lio7F5JS$~H8Pgd_8Z^tex<{Y7 z=(SC`;c86Eh6dU5LrAaJ^4H3AwHdAS9L?Z#3+mUm0#c@-uG7cPU2~p%!y{H)bi88w zEmcKwL{cf!Px;WA<{=xGpm}(PXx^|xFw%7 z`BbdR;d-wAe7yg-S>@#Rh_la>WTxaxF*-{BM+j<#Y31>PQ)~PBekGnmV~n!nA*!D} z!zlf467W*xqRD{ry?ck`e)#ewvrQm0>%v65g{RRi&%HuHN(60@x|T{952Zirv}2S7X?VBO$QBc?3{l;!WX}oAA=MIi;3bpE zKb=v~;MPjRdw#5ub=}bJIP^Rn?DO zL{Tp4^-a%R(sOpLE;3Sc`D@lG)^wL&N%O2HI96r#mgn+)+EkQt-cdJ^&@s<5ZRYF~ z%;;Rl%$d)Q7N|MnkfWU$s+0^ePeHy zjwM;Q#A~+C1ESfggy5DCh0@Hd)$z5G_&Hd=nKDaTW-B6uRP(R=lD~cfDtrxrnbUL*B;2o?=1MG7cf0GO@m~@W^08A&4T;!XLi7 z2exzh++ax3(h!LdPcN*d5Km*i+(hM6m)oh3K!XHj{I1^pHmSh;i?)%#$_7}`9a3RA z#W9in1m&2K1><7Akp-vq;b&SRKCbdi%V8rHF#;TFs{xP8iDZ(AD}8^pyv95>A4$%) zI{R%hhUOI=sdI*%ZFVqq8@7ezVx|&krNZKCrF|)k{iZB!GU_JBDh^O!OLA+6QN-;G zU*e%=u1e3i>e3pMLtN@@0Xyn(4=?E%p9!Jp={Zs5o ze9?!-0B@Ow4+*EOwYhG%!F7xHq{4JMd#>wPcgAAZIW#pj-PbbXz-L{0c>&Twww2&( z9SCDq@*^F=-*Q}2C?SZ|3Bg;>r_JnOLwYj$@(yf*{57+VY%`O$h^ZnYSo!?wK*oB) z!Of%rl#H`pv^}e&GqbK#UA4&0X^wBX zJ=SZ{1#hLu}Y2#^!0i&f$JK z7vPOPfOIjX-~L+nZhGR&cJuDNc(K7Jf{X@Q59zICp4N3>+ZJvRbe4Y&9gVKtoNn+q zF=u<(vK7fYKKr_Cf~2VxOXtQwwK!Rk?FZu?*|ewu15WrTk)?`*>dR>hg$#To&Kiv|L^qm zpBv%-ctysk=~f9F1@4gb3 z+!SpU5^8PxTR=&%bE%1}0sdu|yaE@7PIIk3x`D0T1`2NlH}IvY4_#CEZ>ssVycOzf zsfG`JsGV6hPSg=3r@f4PXI=Q@qd+s@HrpAafO38O^8Wglv^#)$@#p5A9l)|DAnj;C z%D_lLj50&nJaJ`4w}T^b7@9suJK<^IQ@*qXHna5uRzRQ!EPHKFJjYB25IX?F{$jXI z93ftspd0>e^YnM~G}f6tAxmbHb>ZtwRy( z_DN&99$WLlY?Tw8GeEnW6NX)+I*x#LDL|XHdvJH7{B(*#(0_>FV3!1x74jF?C#tV0 zQ1QLHDJGPLI7ap@qE5{qd3;?UA2Rn=JEq5k?+pR~mr*dF%mzsOGayrQWTN2Blf5jm z+ZphU?4iRuiAq~dw?0tq0wX87#6SF=Ju?c#3iPrOb8V6yR4a5n8!2y>5#uFdApXEu+zB&_$_b{A=!*4IG=jk3Ima)%YUs>sPIn^|7?nQWEP zF9Cok0MH#kau^-a0)O@kQ?42lAsOR&U&(=+%7c-o{PuwCq_98p*~8pm*4lPsfS7&+ zM6N)F6kDccBJoRm$DI<~FCvX(inY)KTN}-Cg}!=t2N6i;xnE;&=T=WRd~oMRKL;RG z6-FHn<@0p`_i7}J=P7M|Cz5KKtoDbq@z5tou{E*YhaeYq0Q!%oTPU*fa#<7 z3KJ@#^eNSaZnN-uZa!{Yu8LS}u{UbtvVT8$%J^BTz5IJ%^-bDsYQ%1S8j}t#M(e}6 zHUp>j!@Hjpdo(N?2RBsV!-De*VxkP)=Q4-D>m%sr=_B_l0774)e~vXlRi~Kr3DMO1 zVn6HkMVLEBlCE8_g{frWny{MER$#_1upj4M#Jp`!=c#!epZN{_@Da5+ioFg;{XtX& zol33!xJf%UNbq}ENMs2kfYz_x0QTPH8xy8JtS#;TAnnttvaZMtx{! z1*(7DJ@zgs&-d+5^7pwxK0O-NwQE_5_elVW(<*@OUrDzqB;fgyx-9bUdj;E5R#TOJ zY^I7gEApNrOuEM-cy7ze%bk)w_Iw%)-`9WW9cKfZ{!HsQxpXC0M zt5ou@=hf`5QM);X9zQ&8vn2|AKR3V=-heTiFrx|HF*@ICsrspq;jI)2sJj29oCC7Q z7c`+*C2xVei{bBgL3HwL$W#6xSzrhN72s2oUgQ7!0*OK;w<|;N=`bNR@wF`f|89xg zTl?0}@=Fr`Z*3ss)Fc@AZ1`%U|0ALUByfO88kNl4hG}!Is3rzQ0g&v~J13%Lb+U7p z5*(~EMSa9J?p%u4q5_zA8uqfzF_*IJ*b?AEAt1}H?;<%)tfkTdLNk2T9%=fcz9DDnZDvx<~G@+stmXOok$?#@Tv7*jTO!V z6CqCt*vjCIJ{9N_JXyE#+C`k;*SYq6>wF?Sp#5n1f$;fS~n(|I&p~mFv<3PcDkzS6v7?`XxQhS_e>f z%o}7-=CxbRQcM6d0-=NEVM$M~RvHtVzcIa}s&)5~j=zF!NRRKee&0FqdO?JZ+lCD? z6Z~WNlz@hevw_I-a=Jyj%HG3oUaAx2Dq=v|)(M5t1P5|>{z4CHNPXpM9Q}FYX;Fc% zU37_bC82SRJatiyL4gCF>|}bEy)EcZF~M(^1@O0ug)Z&)4en7xe^688EmG2B1*+1s z1zy~vdH-#RU9IQXQ3U35{%mIb8psUi?{q7)1Wgm%A$!>7;(6`KU>Nhot|LJrxV`>q z&TYl=t1l%P$rb`T9ArlH&v*JiMYI$>%M!z3)E_cfS`hQW6N?;8>3$>O_P!lB$##eF zr9LF?z-w4O0SM!t*RXH_Q$!|pztB~BG_A!79A&m8Rif(55*y&pY>>3uQbliNr#k;0 z3)BNtP5)f-D4Y*v0`;5!U7P?&{y?5RrlTDaCTeYQXWJXy|)O_qSu5VS`eL# z8Z{Ut$_ycdM+>9N3?WhoVf0Z(3yBsrA!hUvHM$T+3*MW^^T;{xIoJDs*Y$np`usWO zzGv-yuf6u#zxDgATTt@OU^Qehl8Ofa_xWn70U|*ES-j#vhl{A!C2yaDCXr^E{1FTr zQb9(aOOu(UIvorKL7OjUIwSRgGb3M5jn44$K7REql5ReP3 zxAU*o?X74ERW%h_0yX|ZO2EL**>nLdFO~=LZvX?^T}pB*%!9Bw62uAenTzwW-jBYLDRI2WEx7S>Z7%Xs7ym@|9?l zDRML#K9WMQAMkBFBTKb-BW{PUQjK{#HD$kw0DlS0K~D7CyhaPsB5ySyz2+lO62hOR zeBWsBaX5V+bEx zbPCvs^xRN*O>kLFU17)I0{uf7Qkoy8uC0@SLO5@#UQVa%ijUYI7v53$Cwz!sw$P&q z1Ybi8w7`4a=2I_|4Y(84(CigK^NSi&i)A{DOe`dBHDsJXFkK&$bmSQhW*lY!WypiI zX1Y;Hym!^97OfdcA>TYOL)dF~31^z=!8v@%iF5jn3}!hC&ux?*H$NW<6XVT@-}G~- zxv2R(N6*4V54UN*S?brFfD}u!6&r1*-LH5pn&{tXTC-d+d|Ph0>}PuPi=19c3|g7W!sx#pGC zL#8ci1^>kbmt^5+1^Ozf{E!d=^6JmG{^kRVHv(B0BM_`lxX8dd{~1z_>#%@+?g$(D zU!T5?$lXS*XW6HI534}3fS1B~lJfm(;q^bO)Sff~JC&dSmi{Gg`+0Eut9bjj!1(__ zME5^v1@}bR#?F zOy00Qnq*Q8AjaE194MqkpS=rUe}M7F-^u~>ZvO7Ixd(?W{S`Uf`PsOu=C~`XsIdJ) zsD0r$f<>;PG7wp8A2CWu9SMX2UHYTV_Z*!!GJx6?ns86y&13x*`;`E!gFO{L_U#B7-O zlrN~IZQPwXCz~{$0_huxSJ|1VKZKb8Y~!N+?~ejDJ{5TzMOMeF0Lbd@)D0-i6k^_S zr^H@OOZ(=-i;Q+pW0;-ZKk96C?dEqN9Orezx|fu+-Yb57G|yoic2CoX_}}Oi^`W4> zRjo`=K>*|X438_kh-$()+e7;!rbdyk3K|v3ooN=6Xr1kw?pQatWm3uMHowp0ArSq8 z|1c0^u#fT3f{Gi|kb(qI?H-Ft2#wX}OLsBt#p5ZtqZ~l}=%n&1zWeX8TA}%3(BmAE zo^Ucb^T8$#r#8CD>`U)GCi}cU)qw}n_|m#ONkqhpj}-`j;koy&t{T6=AssNp$g*^4 zW-qt{EQD10hjl+FuL|F6N0syf=m~sJ$GO%_q6{M4s#stXFlN(~nNmDFHyzZ7{{k1w z6Y$VT0m7Wb(uHwr>{O=p=Z{HvK9ZpqDBMWq=Iqnjd2M}C5Fq&OZwA!Q_c0yZM!@I3 zG<`o4-YSZ5U;u{-mS|XV6JYFoxLJl=7wrSKNSMOD~PQ!}u(ax>C16ls1 z59M0@Q^7`8J1~+8+d&~L!Sqc?CM=tV^!a}EGN63i&pW@w*B}^69?mA}#A=K`LSS8Q z-KmvdRQ8R=n(biw;<*~^_~#AW9PKL~)Wt}a$2O7`Y~myQyAzvg&)meFk%=6(gVF9j z`3G!f!+hLwiDwpe9poaJHW1yW2rQI8wj9;nw(+^<+g8kYI(VjoYlIVf(?yI0pEYr? z-cfMNd7G%WyVy2saV-a*tPz8Jfy656w!-^Okm!0~Xp3v@ z2-rjI&Zn9VPLOfCrStY7usXRoTJBGot==?d>kzdSEMa40+MIJ@#bo#AGkxm+La-D? z26AbiXhM`|@HX@HD3jUcIz+K)6g6M=do1WslW6GQBzQ;dB;HP=Iv5_r%wjFjxo&kI zt-3A&t0~>_g~jM=etg>9z4s=iCY0qbg zm&beKQRw3?)Zb9ifwEk@YOYjO7_!7r2!3ca%0XfiDWYXHE;L#*lxU1mk84>~?N42} z!xPIHod*5rlU=bpMU>_(CUTc^(QQYOq^HI$A{$afclhOM9D8gA24W1U;G;&NXvuh7 zx@~JNTVtH_wDOY$H*_ED2^%`=N?Cjy?x-lqH(hYQ&<3TmOW#O=*mgic$;BCa^C+ek zY>Ev;-H3`Wu>^aLiL3&rj(=-+H$<;NBzzykZ0*85C+qaCB-A6xW|<@37iJi;!8`pp zBuCP^`v>8OsS76=M_GX!26F#j%ES;Fk)PNA)tsaFNq9AOD70kuQpwwPs)Gainq`t2bF5)r5nNWDLP6Z^dn?BCXL+_@`QVEWsMSf@4iH?B86;wtMsd=-x1YJ3P#bx7#7EgNkM(6Z zqnLSR$Cfj%d3Pq{h%bH;X8zy}?lSCKD`k6E2IM_QQX2rqJo=U3(_g~tzR^VrIv@@r z+S;IJJ23*F+&X)=PTs;JIZm68b1mQ=KZ$2RJ*w?d3b!u2vHli-MinuJI?UJ8i_N0r z`&i%O_5OI{x8Fm~EH+ZR!Isakk7o=)N5Ax(&K!XcDia)e`ia1f-HySzS@YY{t?N!j z#tu00uVf@Qok`u7$^Gu;-Ooz|QWDHNyFQ@9htxq|A;qU7ogrN z`-!h`z`hoBY{DyRqNPmc3Yo8V7wmRy-1k_mB6@nZ5;=fzCy_wLldz?QS9shg?_qnr z$}?oYt5o zu1y5hPQN5RKFSb+uKDZ~+>U9!vR2tYEkUc2s=!#?RU+RbE}&u&(O znrAnN7#J$73^r%-U`H8HL-m|q@j3gXw7DlBy9=5V=-qOJb$N@tL*afs9M_B66Yw07 z72yIvf4RDD0oC29>X#_Da>c#R@&!0;bI8NReq{OO> zt0q}Mke>GaA)3)_(X{`P;jU$g(Pfe}v@X+RHLKq{HrE-CD+lZgP~Jrw5ZsVp?~oB5 zoXCPKn0SZcI@4_~ND4Au<7*_Q?i-%%N^`GSmISIFRbF3B>UWLM`p1H3z%O@7%{F_j ziqrDEeA@GnRB-Qi@o!pDXdx5-oFU6kby$_}>HIO9b&bUc=c&|Ii*|r06J20&WhHBf zk1AZ-G-s&Yl}OM4WxCp5G|z#;dD3O%N4-6G8O?oNsKArC&gR{jvyRW9;R5F@?d%}D zc}mZ88>0NJC5qsPRVUeMDDop(-RdC7s1i8h2F{oSW~G)cjZ}RHs0HJ-4@%97juz(8 zG&MLCU0Y560&~x7ht$(a&KXP(@UaFvx`3MoD+(e@{`{NBGV6a`DwK^Q_UVP1_y|gZ zqG4-3H^Q+ zQ4jV-1v_ES3oy;X;>FI`XZFpZD#u_HyPYCGNww!0UF76=+eI-d9!XEDuQS{I3L@$O zlqp0%OCZ3`j0dQ#)SoKEt4{GS0r4ibI*RaIE~*Lphi>-KT#Vh}Op3omBXZSoWk%4A z-R`|?>F=-tK!u-hacq=0-z~9B0@9k}_&k#psFSRM%RuuKIm#r)f9(B?F$vHX7GVlRkJ*kJr+mlQTUoh$T(MUPy*tW&&Jn?;Z zbI*KfkbE<3)i9q+zI!zyhe=c%#-)1>MS{SH zpV=uOV$=6pQ;KKrH!etoV;nlxSG}Q9B0_lbJrmN^QvjLnPPsK}*2FY}yb0!z^kP{| z)4stR#8TrKmqWCfiE1=r4PJh}q%~G`)Hdu_)aamJ*KCfo=YUn^r><^J&v}6N;c0sW z@&s0VCVRP2(ys;QuMexfGBlvEQx3O{=F0ONM>Mnu-_G~gz!!PBS|!9skQ_P8zm-=a zAE#FNp^2-wApzM{?WxX4O>lpK%(^UOYn`JpA##cgeVMgloDs}yM7fvSv*!oS!oKD^ zHxp6BZwSk`$in(Q+_IxD*Vo7oHCjQfosQs*7$K(xfa4a!+W#Z#8FEcw)T%0ED6ja3 zzFuKXPm;yZvV@Ud#meyIfNOdTQ9_aT*L(VnmR%_(p^pZTEr;IZ%DVog;iFI8Hm2E^ zaH&Yy43NOA8nRE!!;xb!OW%iZU3~;s?O-YYS{n6wj3PiqPQ=``s9m1Ngdqo|?0?Nk z&Let$bq5cW*?oN+WdF6H*fmu;+xXNoZq}vaTJvkOs>%WLez0f_)nt4C;ckD`*iHOG zah>>bfL1D-MZpK+%ZC%xR#{9n8L~u=wo3x!Ye!SWOGurOHvNjqNF{C%A(Q=8nH!QR zFDsA2W5 zJMhMheN${S*V%6Pu^=j8q;QL3>p4mJ?YM|HjLk&lkk*7nU*kS_6*NWP3Gre%K+<5?ywaF~p+&3JgDSiK} za`b-8=l6UndT$2gH_zp=wb@dUDUnzY-K>@s@5S6wW+m5NwTezFGvQxTU!J&>XvVDi zaZBHe(1~jJW%g4ukhQvU`8PFoNuYvvg? z3Q@UsAM;*)Xwj0E5lN*5$V{vnJ}y1%^-bFiXu|PVws&DE%c%0*=Vb1+p%(M@P|ehC zUPNz4y2fM5_4gatr2PB+cIz=zscyzH#WxCTST60A41!uOYv&w0=1V{i%M_*a+sZLl22y z_gSjwmmo%MJ}jl(?T9J2H&Q3-_87)W*XekwS6j}KARp}V;(NYP6}=sky6mvwLeHZR zpYJc9QeR$e7FcuBY`l|pYOZ=XXn649QNj5L>jUt&i@6;MmREmh$XJ%mbx<2T>6bhZ zRkhN3YQsy2JFC{pq;Boa&CnThQF4Lkt;qgj)gtTFVw*NSnnGpX`B$!)y2#w9X^;7? zz$d<4LJ?5^4g#VN1!~`28+dnwv}9QF^)bsgvz86y;=k4)RV(D9;jy!=C7n3cYph64 z7CnZ**EovOK-@dSEHIsBENct&aaIqRe7A&kw{LWLy$sIxv#c`d#Se6H_a_jGbbFWN zB$~QYo#WlmDC2X(4<;&W+wmk48<~A|k#Ki}_xLR@;S$si_{fvf!O}pQ~9@fB5t{ z!uZJ}5(ljD1CZ&f7A8+h^JlpVtYTuDT-xJ;7{a`3ukpt+W`Ts~Cu0YIYx7_4BnOWY zfrh+5W8qw+tK=o>*HVF9`!963JCMbnhq#;cl%oJZ?NNWbzm7dWH}ijuE(4qANyCg^ zTm4@@51_@Tt^aRNL9=*qS^K~CxPx5Q3p7(+W%J!0!TDFJqR5cv$|wgQ;!F}ucQ>O(jqo3 zPY=VC3Dx>!dLqnypLdionZ+v7I!d6lxXknPFq~am*E0bvZ3oK(`!1!{27S!wAz_B% zRd_DHSlI76DDyl-3qfA6??wf>!`y5)4;&PqY%NMPm{%7oLqx2*whlhKU7*yW|B7|eFdC38b)@EexrVQV1(=wp8DeJb9h01%L!u->s z2g8Iq-h=M+x&CG+q}7IQA4-#y*tAtZFG&TE$9H;3zm0W-cSSw%> zLo`ZHz}%-+_+-e4J1~fIMbCE!4mZ`5Jx@F1OI)}BxNK=VtwY`DPM;^k^WR25i6XIr zK5PyM79#E#68!y2b|plr%A+ zM12h>=JbRexwyE`;6ZOdJ?>H9m%|#bdpW0{z_G*6>1*Hl%|nizz9~!6TJN6>m_jIC zfc?|DN-ZbR`27}`-T0Y4g*4cKi^#C-I%)&%wTX9Vx0u2ABdI_WjxQhpE+NtRhf5aX z?bmcZ-vzE)9A!kumMjg()<*?}huJ%KWP=OY5{q+A4?X8C2P|;4t!&KGbMeL63Jn4( za5?}Kkb(mH4tcyn#?cvQzppr-%H3v#r)h`n%hpNDEAqT{osVYjIeqc;|KuuzegyVK zYgR9A3(*@K(v%|=pmwSh5onJIlyO(nY(y=%^8?KM zYEr>=9AVpCZUm%ZvXPo8IiDHzI7qc<0n?I9pr#}sz;*Ssb$b2*7n}&RmD84zB{dolLHOy@AaZ{*2GA}n`DEM4JZ_Wr z9uS$61GQ{d#^2UaaTo) z)BuX>5W+ExHhmE$fO?8>v$1~ac-r5b{aaB`7>U)LJAL5OpL5zVxc01SOq41JEY|<- zz$BK5uj}JTg%Myh7FF%iIQ>Hy( z_x_6)P5q1N@?RaRPidWx-)8lnsHZz3I68oysGb!|_l?9dagf0VrGZycZLwXtd!t0f zs=xS+KrLO27zC87X*px}iHS?KL70y>g%S(3?|wi?JPr#2dKLVt&^tPCbeQ7P0BvED z_DmtIO6`A^|KeT))%{dZYeq=a!UwmFJ+nme^`|m7N|LyTOxG*H zF0mg?vbp-m&U9WpWmPr@jK(wO7NW!!rX~8YI6>SC?nlBwdSl(gUdbkrTC+cEB68J{ zk=r(VIcV@SgG{k?vN78EzKC&a;xun$Fb9lpTd;g;+JE=S!(`Ys@w>CX&k@w+!cN#H z*^N(^s@3_Rt#QOVb#RFMfmOQ-d4@ zD1zbE&4hMp+XHbO!Zu+f#uYAWSdj$^!6{#3+Q_DEZstaNvx@C%;oCnZho!x*@yW1% zNtcBz#2w7VIV6<+;=2M&3!tf?mdl@^TrGT4^aHTyKa@Lp@13G)!YNTHx2IYJLaMcd zsbw8#Wr+Wtu$(9H_J)(nTD4|>;3j9X+xa$eL7jAd^ zgF;|4jY;LE(eDJ0q+x)=O(6d*7~n=#|KmTYQf(SCPFW2=FB)1>)_SKV7U0tjWIr$F z{rxAem8##N{(IGQYbhhL4t_k77`O6-ENZanj3xjLh-dwPzFeGs)7Ti{i;$OHl{__I zRe)uDYR0WwIWu6`H}nR=0)!w}by2;;H7+V81jJ{5v;Pz4Z*~9#p2Qn>W5(u1I==ioON-e0+N~}J9gt2pU;IDfDN(j$Wbl*M^y96T`tOC#yS)nnji;0D|)=AMejRXw3 zl_+K|W);*U4;M|~3+()v&YC4$B95j=HyyI}(PHnokPoD;8}u0j?WYE5`Zbsr*mg)U92t1a^QzZCv^u3t)!fSf1K zuy8sGspqs&@U7j9F-{$yZwB3~yQz)*N9QQR#a5VLkn*8;n$b|<;_wDolSz5;Qcx4FQ#=fLB`hGyUW&I zN@HaSyYtxUx0&ZpnesGDKtxsp)?@R@Buqe&PN`9^E{WUaj?=yBJ}JwEt(#IJ=2<4% znjYtsmahBy2R2S~kS@G&*UZ84OStOdpK=xwWm-BxdTh6{8@x@?qCkT#e?VVqX;T@@ zApclo5}(rP@mfQ0Zgpx%KKKfMK)DR?+6!uDU}$+rnf#4+&&D$NI)) Date: Fri, 14 Dec 2018 09:53:16 -0800 Subject: [PATCH 40/54] formatted list intro --- .../device-control/control-usb-devices-using-intune.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index 9cf6041d31..a42b6d5cb8 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -18,14 +18,14 @@ ms.date: 12/15/2018 Windows Defender ATP provides multiple monitoring and control features for USB peripherals to help prevent threats in unauthorized peripherals from compromising your devices: 1. [Prevent threats from removable storage](#prevent-threats-from-removable-storage) introduced by removable storage devices by enabling: - - [Windows Defender Antivirus real-time protection (RTP)](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus) to scan removable storage for malware. - - [Exploit Guard Attack Surface Reduction (ASR) USB rule](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard) to block untrusted and unsigned processes that run from USB. - - [Direct Memory Access (DMA) protection settings](#protect-against-direct-memory-access--dma--attacks) to mitigate DMA attacks, including [Kernel DMA Protection for Thunderbolt](https://docs.microsoft.com/windows/security/information-protection/kernel-dma-protection-for-thunderbolt) and blocking DMA until a user signs in. + - [Windows Defender Antivirus real-time protection (RTP)](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus) to scan removable storage for malware. + - [Exploit Guard Attack Surface Reduction (ASR) USB rule](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard) to block untrusted and unsigned processes that run from USB. + - [Direct Memory Access (DMA) protection settings](#protect-against-direct-memory-access--dma--attacks) to mitigate DMA attacks, including [Kernel DMA Protection for Thunderbolt](https://docs.microsoft.com/windows/security/information-protection/kernel-dma-protection-for-thunderbolt) and blocking DMA until a user signs in. 2. [Detect plug and play connected events for peripherals in Windows Defender ATP advanced hunting](#detect-plug-and-play-connected-events) to identify or investigate suspicious usage activity. Create customized alerts based on these PnP events or any other Windows Defender ATP events with [custom detection rules](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/custom-detection-rules). 3. [Respond to additional peripherals](#respond-to-additional-peripherals) in real-time based on properties reported by the USB peripheral. - - Granular configuration to deny write access to removable disks and approve or deny devices by USB vendor code, product code, device IDs, or a combination. - - Flexible policy assignment of device installation settings based on an individual or group of Azure Active Directory (Azure AD) users and devices. + - Granular configuration to deny write access to removable disks and approve or deny devices by USB vendor code, product code, device IDs, or a combination. + - Flexible policy assignment of device installation settings based on an individual or group of Azure Active Directory (Azure AD) users and devices. > [!NOTE] > These threat reduction measures help prevent malware from coming into your environment. To protect enterprise data from leaving your environment, you can also configure data loss prevention measures. For example, on Windows 10 devices you can configure [BitLocker](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview) and [Windows Information Protection](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure), which will encrypt company data even if it is stored on a personal device, or use the [Storage/RemovableDiskDenyWriteAccess CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-storage#storage-removablediskdenywriteaccess) to deny write access to removable disks. From baa42ddf74b8b5a51f87b49e2cffc8a5e9be9919 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Fri, 14 Dec 2018 09:55:12 -0800 Subject: [PATCH 41/54] formatting lists --- .../device-control/control-usb-devices-using-intune.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index a42b6d5cb8..8c075d8e4b 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -22,8 +22,10 @@ Windows Defender ATP provides multiple monitoring and control features for USB p - [Exploit Guard Attack Surface Reduction (ASR) USB rule](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard) to block untrusted and unsigned processes that run from USB. - [Direct Memory Access (DMA) protection settings](#protect-against-direct-memory-access--dma--attacks) to mitigate DMA attacks, including [Kernel DMA Protection for Thunderbolt](https://docs.microsoft.com/windows/security/information-protection/kernel-dma-protection-for-thunderbolt) and blocking DMA until a user signs in. -2. [Detect plug and play connected events for peripherals in Windows Defender ATP advanced hunting](#detect-plug-and-play-connected-events) to identify or investigate suspicious usage activity. Create customized alerts based on these PnP events or any other Windows Defender ATP events with [custom detection rules](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/custom-detection-rules). -3. [Respond to additional peripherals](#respond-to-additional-peripherals) in real-time based on properties reported by the USB peripheral. +2. [Detect plug and play connected events for peripherals in Windows Defender ATP advanced hunting](#detect-plug-and-play-connected-events) + - Identify or investigate suspicious usage activity. Create customized alerts based on these PnP events or any other Windows Defender ATP events with [custom detection rules](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/custom-detection-rules). + +3. [Respond to additional peripherals](#respond-to-additional-peripherals) in real-time based on properties reported by the peripheral: - Granular configuration to deny write access to removable disks and approve or deny devices by USB vendor code, product code, device IDs, or a combination. - Flexible policy assignment of device installation settings based on an individual or group of Azure Active Directory (Azure AD) users and devices. From 4c5f1130ec60451af20e70c240ac7779d4b7d6de Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Fri, 14 Dec 2018 10:17:03 -0800 Subject: [PATCH 42/54] espn --- .../device-control/control-usb-devices-using-intune.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index 8c075d8e4b..5969cb07aa 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -20,7 +20,7 @@ Windows Defender ATP provides multiple monitoring and control features for USB p 1. [Prevent threats from removable storage](#prevent-threats-from-removable-storage) introduced by removable storage devices by enabling: - [Windows Defender Antivirus real-time protection (RTP)](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus) to scan removable storage for malware. - [Exploit Guard Attack Surface Reduction (ASR) USB rule](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard) to block untrusted and unsigned processes that run from USB. - - [Direct Memory Access (DMA) protection settings](#protect-against-direct-memory-access--dma--attacks) to mitigate DMA attacks, including [Kernel DMA Protection for Thunderbolt](https://docs.microsoft.com/windows/security/information-protection/kernel-dma-protection-for-thunderbolt) and blocking DMA until a user signs in. + - [Direct Memory Access (DMA) protection settings](#protect-against-direct-memory-access-dma-attacks) to mitigate DMA attacks, including [Kernel DMA Protection for Thunderbolt](https://docs.microsoft.com/windows/security/information-protection/kernel-dma-protection-for-thunderbolt) and blocking DMA until a user signs in. 2. [Detect plug and play connected events for peripherals in Windows Defender ATP advanced hunting](#detect-plug-and-play-connected-events) - Identify or investigate suspicious usage activity. Create customized alerts based on these PnP events or any other Windows Defender ATP events with [custom detection rules](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/custom-detection-rules). From 9524e749ac3f92fa5e2352acb172b24b81c7ba3f Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Fri, 14 Dec 2018 10:41:33 -0800 Subject: [PATCH 43/54] new images --- .../control-usb-devices-using-intune.md | 4 +++- .../create-device-configuration-profile.png | Bin 45144 -> 44895 bytes .../custom-profile-allow-device-ids.png | Bin 19577 -> 13879 bytes .../custom-profile-prevent-device-ids.png | Bin 21633 -> 14886 bytes 4 files changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index 5969cb07aa..ecf929900a 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -152,6 +152,7 @@ For more information about controlling USB devices, see the [Microsoft Secure bl ### Only allow installation and usage of specifically approved peripherals Windows Defender ATP allows installation and usage of only specifically approved peripherals by creating a custom profile in Intune and configuring [DeviceInstallation policies](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation). +For example, this custom profile allows installation and usage of USB devices with hardware IDs "USBSTOR\DiskVendorCo" and "USBSTOR\DiskSanDisk_Cruzer_Glide_3.0". ![Custom profile](images/custom-profile-allow-device-ids.png) @@ -162,7 +163,8 @@ Allowing installation of specific devices requires also enabling [DeviceInstalla ### Prevent installation of specifically prohibited peripherals -Windows Defender ATP also blocks installation and usage of prohibited peripherals with a custom profile in Intune. +Windows Defender ATP also blocks installation and usage of prohibited peripherals with a custom profile in Intune. +For example, this custom profile blocks installation and usage of USB devices with hardware IDs "USBSTOR\DiskVendorCo" and "USBSTOR\DiskSanDisk_Cruzer_Glide_3.0", and applies to USB devices with matching hardware IDs that are already installed. ![Custom profile](images/custom-profile-prevent-device-ids.png) diff --git a/windows/security/threat-protection/device-control/images/create-device-configuration-profile.png b/windows/security/threat-protection/device-control/images/create-device-configuration-profile.png index 1e0f0587a3c8f95194339752d66dda39586800eb..1b6d4aa7086610bd1c0c1b4b63a9a6686e6d4294 100644 GIT binary patch literal 44895 zcmd42WmH^E8!Z?@aEIW~NP^Q4Ab1182?Tey;O;aUBtUR?ch^AU65Im>cWDR?jr;Wb ze&5`=Ywn*rv*ySA=+&prI;T#ZI#o~Yy`Nn_loX_~(84(#51$(1;}PHVz_Eobe#bX}W7uJYA?WE!A$I zU-Nsgi!+J(vJyxza@bcmQh>&sta4+9$mVw(;@>1=vLpq1RC?B;o<{6&5@?zO zxGZ<_c$}_Ds;J->D`bUBQ~9bD?uOcJPsub*%J<=-c@mu#_sou<_b=m1;KG=Wpx_t+5c!Jb-{&d#U&ux%?BfSZMZVIno@Y(D7#64f( zu7nib)Vpgh`^_CK)FGaB+!*u(PBtNOnEp;!fQlfS4wUxZELd;HNSox`wzZHrux$Y? z8{_V-jC#?EbibvqVc%*No`<(;6flpp%e6U)3Ev6SIk@_<%KG3da(k(ixi-y)muaYRNsP3qC} zHRKwl)>RWkyfgaRDw$e8F~+RPJJ=ZB`SnEJz{SIDyq*z(7}h2qNrR?#|E*@rCRL{S zR@rR-itEeEzP=v>PJ0uSan=a_I4wE9+leq04_{b05xwe6ht@?B&i^Dl`sPuvV9I=I z!4x;s?_ozSf_QXa-QzL(4{3te&yth;fIFu7{_F<}92zq}AIg#r8_mIE9R^2kaq}5z z!)x@QNQ zZ|d6b(`81^%YGTyUUdYbf=~>dd_3h+aG04RNY>yF&c zOlo?~pS=F&dkKJuz2-bP8gbrf%w35za761)bVl-kqFDQqebm~kknxcQlt|OA}GoF@ZZr{(#`sMI#c$sP7 zh=OAZ9(GsUJ_rs{b{LqTRjx#^+O2aPU7g3xtM)h$3hvrc-L;ERs8%;m-c<7PZfpCD zH(3N_>Q`T|xqmWG@|o~>7FJn*xc@j_H@j?GIN$cnzo%mcSympKV0~9?~z6h*OSeXw3uZY=T;S604 zz1XF&mV4*Q0K}bHZa2fr zL!o0M@2c#_x2oib+4LCC%y7M|rkefYp3E}zdrk?Af;sr&DFbNNtPsst) zi4{I1^HDls+P{BKlFp|v4{BNY8c~U@74enZ^xx`UD%bxGcV#6bS8C2%(gv1)S27ryF1|l zsH|hhK4=*WJho`_z`s*(i7`Bx56lu@ORrx%^!1KP+4L;WL0NK6e4BReor4rn;Tu~$ zcj0U>{vbTrI&em6eY-N&VK>+8_td&_F9L>rRjXw5KmIv(Zq`2Z`WGTmpu!s25~Ym< z%U@bO>vI4G4xs|8pTWBl>1`7ioFbdG@JG||R##((=DOq-QSrG-S&gw*==8)ub$uIhz-P0?(SX6`1!i`zY@CmxCgZSOaWjEcQE}|`}Wz9T&^v&2W)dTde&!in;1h|WgWu1Zy zlUhreCp@It-7{IbDtG2N`Tbf9BchHxy$Y)oLM?PK<8_rR#z=yR zCe?bl^8G%qUU5w?Udv8v6rP75H0{srr0`#NTbRReA5VEm?JnU;{x4!dkP(=07MtJcY7?#jGe*AT;`&l|h=#Ny-yJ{*DbE6J*atJ?Nx( zQV*tfa@td^Df8iwBT(pUIFL)j4=_`Ea&Uw$%2#&PX)s0_-Mwk4Nc3)W zR^wp9*NF!KPq@D4Zw%6dS(rne3U3lyesEF}=#^cYBr`Bg^O3H%ul32JRYQ zto=#@)DlB)Q&7oQern<(t?~d|71B77>gwv8<=i@_UwZpXawNE&$O>OTs`lSkd=1ie zRpu+I5(+rHenQ#6>d$w}CL0e2+(iX-!s_n{+P-FV&jePGl9n=ha5JC&Mn4(X_RVCB z*>gaw=VIAr@|fbZbteQj@vHiwI|3pdfA9341ZFoj}qD-hZ z1<3p{vwF;E`2NIkqqFz4M1<*Z%&SM+tvm8j|2WC*o_y`LrJyTVQce@YjI9pmFGc55 zyPHgd|85x3&B&G;?+G^Kb=RZ#6K>OO9x%EnZM$rv>g{$WruD!B#;$}ya7CCv9A zw~QtmP7di#-csf~rgsnD-`&pv0cz^i7^zRw-OO7H5uW8;3+~UB1b1XQ^64$o6lva7 zz>cQxj^5*%={L8Gcf~YF%agt#b}T7(CC~Uo@2o$(&oQ-czmc!KG%$wRe`r4`UfsOg zrm{9^M$r^+tjS}?wRwsP+CBVUrv$+2yRPU;PzM_2<>k%6u|bi#dMCZUKE#7*s@1;z zco(94XHwDb5NT+0Y}2n>`SYsyZtzS`OarPYaR;X8@-7R)aO!k<^kH|DvoN0UXc4Xm z;!K+|@4QUoU&o8|Pd?#nzgdhm6taG9+?f9yu}|%O1bwBg(s>K3ht4lKw+x*6D(?+- z*r_^q%^_9Wj5+8UG}$d{e1m@mUH&dX7%lQXRnbROc7XOfh#Cxh$j-w%MsA0yG+xK- ze?PfUG})W4FvCvPSAFK;$no;ExET%6l@;Ly(@1Yf1 z_d$nRAy7KTL9(5fpp{G53K_gHPHx)OTG1850(>)93r9ZlY&9b#6uzXi^4ZDKp7}Z<;hxJ9NN4GBcbAy*7z;cwFC$3e9#^#2ML4&kd7))VNar4~K09GZ ze_!P;c9b+#pz`V&^Gi`tDDLQ=K{f4V*)OOxO`if7XxwA6@(*}@qdP|kDu&eCIAu|3 z+<);*p1%)XK_mj58L3jD)}eQ3qS9P{e%3kqD}&Qc8%$E6-`4bab9=rGGlVNKI|hX% zC8`k&|Hw6{by(;iw11Aml>cfvm+PVmATr0jp? zoIZNSGgf4?_0#~Y<(Ix3fBRp=b`+6*o*|%>ffy?G0aPXfH5?(n1D{(0zn6rrWH}Cr zi-$eVNnBf9u8}j{-Qb0mEgX<^)qvqqVQJjyXJsO)>PHM4sWQT^h(4W6cwPRh#lcxh zFTMHS1hm%kkkWbmDGMN<=Uzfk1vQp;y;YE4uO8N4o;6u}EE4GD&z^493*fYimJZ?! z9WkEDmvlC0>sxz4c~LNeSB#j9^HAsi;@&4QF~|T&k}S@j-MEmKd3>_@3Eof;nDHtV z@mul0#S@p6dZmMJKs*_1C$m!1srmBtboMFC@PY7t7Pw_+f5uOAEfB*2ytP@Rx_EdA z^F?|05rNTLp6Vxr9h|$E+dqR4Gk+SWxC$#fE02*Po_9_Mp>S+pIH961Y1I2M{cb=y zcx)hFUmG)C1_n;hjN)<4r+=%DB@CN|COqtCd8`@N#05PLGbZ=>YK8GLcD-VJ(YujSitbNO zDPi6jaD?~3hK(@?5G523)1fsH7>Gvy6_0W(BnKel*|+XGGqn0iu@dE9t+jJ)rMux7 zlB%M&Ru4E&Gs%DN{pghFs}@Ndy2X~W(%`Y~OHAc^8JDUOs3fefhOqI|YNpoj$*Z}g z#dx~#bE$eoaw;MmP$D8AAXqN_Wa6=1px#Ro={~~8i1f@Yq~fgefWEo3r3&i>(i;zZ z$Lu{JHRZB7^xUK5#}7{e-`gz(i$nSfg}_H>iNJRQ>U6tq9N-#-;|PbCjz9=9^v=n{ z!Jf`|rda%lkgo7+{pXD|7e?f=D`aC6H;fXKMVxc(!w4Ax`<9H@*m&!W?f?=FlQ-F( zTWE3lBm%CCAvjcQ#V6xa1=7$BP8u47)mArgN5|R~*s!jE#YE;0fRLBb=~_oBpA#)7 zXJpsLqR4fgpUb-tzof8M-@xD9Y`QjRoA$I%zuZ8FN7|8b3^a5ZaQfcbMtI?#EZ(NL z8riCDi#WGUuarSdV{(xED%8~K zi0#PaBKe@kqWnz^+UBiqO8hg!LmSYXiJnBCcVGnYOklDIf~IF3YY9!LH=I0!p*z2bQe3);Lk~umj8j{oT2!)^DSCP616X$;(vVa(b!r`V^7DZ}ycvpAhh3S5zG=btb0sL#vmvV4v>Za75 zIygs4yoqC@@cnV5YKH@1v#Y^HP8er#-Ht;`pa)S(6SAwzkXjL%NUq{Mi)MCce0!5o zC;tcB=H73-e|CRnSTJm{-|8~6Jpii$sFSXChMPd^+zt-;4IG|>Q-L7@f`0p{UB+^k*WJ`59UEwZP5bD%}pZ4S` z$Lc-beZ`{Ze-7U~)*aa&*KLv*j4?S^*&rKJXVHRKrLOM35w>2J)id0U`eDN!W>;Sv zDe_@AipcWh1%<8n<$bm4MKHtUgDM%DJ@I^Xhj8nwc_4po<>BCMp%|)pV)WaC>vv+uB!PMV_U@>!HkRol0Qg``^*6e*8v?ln4^5yP+fGi_nXlRK z@zk-btloKNVF7$U@JG+nJ*uJhYy}YF&SkCt?U`T1-kt${uo>=duMug?U*S%mI6pkQ zwq(i)t<2uP#WOKP?;|TXgj`e*jLnKaafoPUDWMc3`=d>vz%eycsSM40O*$J;DGP9pU9kU|6(;xTzCIA)vq-|ei4fuY)Vfw zbR8^do)ygyfH+cbQ9G2T@Pn4#8s0uf)YY7CSFSmhQ~2kMvHxyNa(=vffDF#_{ytnT zx|Qi9pI3RBz-Vk|xa*Q${b1+Lka=4wq%&Oe*~L>)F9O5F8;!}H2Lt5fPUI&uZ`^G$ z8>R4EPvsXfM?AkB!F8mcGf&>-^-9>v7jx!*qPK_qsLw2kfXY5wC}NZrBip&}-Le$T zLHzCjfJiC2ybTNS=~rZm;9K-Aeo{wrZaf&_D}bBw^9~hXp+O|O*_P5YsX^eZ8RPy4 ztu+9wq;fffq2|6+TxS@F}j81)QxD%__I7r{%HofR>QBR!pWjCAuR56;8;{$iX5{v5?&i|{qJ>P_ zN#`reI)4UB7S4#qe)pesHsfy-EO<$B3Vs-RG)IpAW7-{mdw%NfhV3OE$!p6%&I$R_ zm%Bc)RW-c2v!F6Qxn60V-L8EBxcamTV>lno%ecP>T`1xAl~B_3Pq+s#G`RQhBw9T% ztz53p-G+9nEL}~PG+de7ca^?zu@gA>aDS` zY3CgI%ooarT{&h%n3zc|vygB}#oY1NpgjqUMhF08SA2JZi$>0J7EZ`n#q+MPJeR!* z7?vbh$hz#S<+nZNoeg^;s?)(vmTa*{&Y7DN`9~)Z#w^+S^DS3u%kvx8RbR~0sRP8R z$2xs2Bc2nA;N+O&0iP-KG&w}WcITT{8s@2EDc98dU9z>F%v!2!*d|F9;-#p zq*ru3>$Vyk@%Uk83ES^l8ztu(K&((jf7}M3XW5JWk;a8XR*Zslajt3CsrDI=(=jE6 znyu$H7PjqguKV78_g$-zLLE(qoN@v*?-|(h|aQ4P^Y@j2!>2-A$m#bl_+d1nqPs{9S3&Y56-3rpmH`LmR zF)8-bGQNueknIn{h?+-Cgwk0vP;7QDfmuab4Rzr)L8RddI>*kgh5r_vMI|EWi@UzSm~6M%fWX7`x=wKv{9=}hLX z6^0KXs{Ul1WpMjRZ|j|ikm+HH%!doQcy-QF$72c%CssAiNuhvxbwQ)LG&jGqY14oE z-X3tlzVd2>$O%cc%$5k_cb^0ve-2(wMKtTf07ajK;-`xj9+Q!DqYzUZFO;SXOkegqWf ze6;!Ml z5pEsBX9dh15Gq~IaX+%qWArWElqUWFs(KgrUhtk@MH!&3ek3;NSL4Mq85w{_AD&lT zGIrvl zE`fKIlzBn6o*0CDXYX$#%RD{M=#r?Azil`nufJ*wB65hrD&BqEBAZ{1GqW zQg)o9H2V8#DvHO3CzMD@0g3DI?V|HAWJO+v#lhH5+t9V#8~J>6K|oSPIZVizaH1vy z+~mB7V5yctSH900%k*UXq$g^4#p4$1FaPWHSUs;3hj?IMk)?OR9@ z+KcGkagg545~mw7xAcA=>L_pr%=Ftkv83*ms|kDMgl%y4F~(Ust}~7;mFLz+^Xjf| z^a%n8x~#6?v<7!(jn$*z+VA?x+Ai*Du(MC59QGPVjE|nrSghFGo!Q?-6ikNCtQYbO z43`!V0qG~{;X;Q6u(Ynapq%o#WMi}!FWo${k?>(!i{i&1ya%OLecVb0WZ>MXGgUqbi?Iei0j%Kl0~$NB0iPOWGMDqNVVyz4_$ z)G4p|%6snn0;#<<;SILsV1)Q6i~utJ0yiPo3570*@~+65y-gstGgjJBV|;hdGNy(qzOGHo6n%Qh1B8Z{Nm zCs}q*8-m}w?_=xFEipMiKddpmWao`svw`@LhMy#0Z%4%fWuHYnj0TI@H+{WG&7bmo z4YPYZ1YL3~GL4>#X`>1nymD_mJkA679Cr33tMA?b^5gjhD%g>$$^)kk9`$XrY(h56 z8rS#k2tw|Xye}S}J#EeJUtVEv zf1DG`o4pNQEpRoE_WH>D>JN@NqGtwGj!DWlr&Zx!O~mvh{@ESgzn2>v(`$97M0Z)10=$Lm|H&@^5kI|W-N!F$HD2JZN#_oB?o$WEBHP1> z`ITkk_RO^7k8KL7lFHRB$Ive`<2$C`Gv-Q)2NmKEOwGskniq=51GxjjoP-Uk)2_~4 zIf|0Jwduw!*YBEsDATQuU5{FssP%J_)Xc0nXBJ(0cSHE+?_IW+ZJj#OpETg`lUvwt z_c{vxI)tOShQC~k%>gw1OhQ7dM8ND~hG5#8;r`UlyYVbc(6}Y;e&iyjy3{CRP~GD$ z7yZTf?y#vpkiCFYf6hmHcX~X>j7v zKadD+fw!@|gh>u_zh(`-ZKaz|?o;P9g3%K}DJPUF*@=hApW;)X< zQ&9oWU)@$GGHs-zGTvMwLHhmQ3o;VeUlfkPZzU1R?~-?~;xKQ|1d;1;G?-Rv9Q~19Ai95Tmcuda_^}wAj z`0YD#{cX60+jnAFbFPZQ5rHcfj`2U~wf{BZiNa;%f2Civ|M$}G|7TTEEKoytb{JKI zacTPo21fjagoL17!MOQ^1O)G1u3)hE7yS4fl_FWD0EU7>xJvzria9v8eMOGasjj$y zk=9bn5n$_I?#PS{^8KTK=8nt;a?G( zNBn=QEBd`OA7IeYeiE8O#;fCH%}7Ej-L+W-HzXR#(Y3>{{ML%q#l#Lm577Dfe%Q{nf-wk%(V_N$die}`o{G#>dprIgCd+) z#00-r{R&AyKtQU18}su`*URRl$V*?n*{B4Y*idiu0lFA~4bH{51yk1wI33nN z4R>P^{nJJkV{+Jmnq?{@QS7#7mlr__JIxlh4=0Mh%V@fXrNtg{uDN#nDPo@Qrg_+y@mR+(<{D6t+(FHvFmrHK<8!qgNR z9|Qe`J2u+XC|(w|^M%>fvUaQ;6e=MOET+D#`(ZwM013bqlyZZ2!_KCu-6tzH9ICN3 z3CcF4&CZ%%Gd(_xg|5<}wBI~>Q2NeDRIF$S^| z7QVy~Cy3uGlQDZu>P$ovJc91zgo`V&()L;b_P2Q*TCF<8OIh}byjXd{`W#Q)2wzSQ zDs2f)tu3JGhDEJxz1PIt28u531fKK^45L-V>g8&9Oau3q`#~blx8h$2$6A6dk0c51 z*hGXsP9;gxanxw(bw;xgGUt}3j>#P)^XYjUMNHVUdK?h3#t4R%A158}hDj4$ z7eo6rrNr%Tomg8hG7}@g4*aTozW~z^L*CU zlo5IpgQFVw1#Ix~gSuaP6YzGXq3FPPJpIy!N+r zxNoS@w}g6mD+cTyi|kz$1O^ezYbhj_dCoTROY1KkrjDZ>Sb z^}C73yk|0-e(P^4qPsG+PFjVMjKc}pej<6zS)wOR&+SX7wI+#!nNeC|HD8f#1SIzF z#gEswp_<>(W83cE*HO<&9<4LzST|dol&o*0-Rd-=$qQ|@3Dh=3r@3!zXzu}I0_;JQV zlSO%IFRYVt2&Tn-e{*k(zo%mXhL{>QQS8>ej%D53MyzMs$5l&~(`_%0T z)ti_k{fG{}*1WD2K)%U>5tU8?1 zH%-U(>5A-~SUWw1PoG-c4mEyY3GkP*lvYzqPOcrIy7auK`hqBHgQ%7^ffM8{ZB!bw z6g6H%^YO!5>+O7vae?YEtuw@Fu+oq&o}?VD16q~g4VW*{WM*HmmS#$fngyj5<4jy2 zhH#d%52VUU9j%VIwNQkb+&(3nBFN>?7)3JDHYd6EQ;8MzroZAC{MQ0cbnO6`juMe|l%aYKKyg!um9DK0E7&I>HC;>|C{gni<7J4k%g z6gnR_urw4?(vRbXM=fKJjGKh0CvuTd)(x`j%z7pl_FutQ<|ZJb5-Hk3zgqel=XWs{ zBK~}DJk;$cNK+6}kWCNr+xGoJKTzk<=G*Zp6B&TA13)7e*tMM4&f3)xrG zUcx4{bbe`Xb7<*z9uIyRYfFZ|?PAS-vZ19j&@pHHl+6PH%(!+6NsW?nXx}UfP2XR6 zYn6xFMNIt+XSe9*8DUKlJ(3rlV5uroEs^!Tzl{4QbN2Lb+7%ChKrTnwyTV#p?AF?~ z0k#1L=phH_DiX3{luny>DVMz+zxQ3^3knMShK7gnT+nHy4HPIb7k-k=%h_ImclwBOjC(=A*kbK)XL9 zh!mfx|K45fjZSVp95qb-E>~xv5b}C^goqR)d|#S5K$W3FQl|S+-+WJDGjlipfyGCM zl-pTdk9)GlMz&1_QMM+z1>@Sq(8$57;alUXj`}Kv^7f@cL2`%-nr>fK8T}zo2SG9< zQ)`trJ{;KYp=4LAT$J5At2gf(hl1um#KC7) z|DI^+J9O!pe%n7Pmc^sm35pq-8O8Fvi9mY!xugmoEIVODVW89%=3V3kCsB&ow#k=b zZDCDP$v*q)^FMyE?YCPI&gm5uEM8X!bR~@r>i|L)jl>y@0+qXp5H`-c^LMf-s_MMF zf4gg-_!knulbu4u>8+igZ!{VYPNCbY`rPH=C(ILQ0D0!x$|YzLTVwe_zgF?84%h_B z^yDoIwha^1H1O9a-l-Ob;xRoUGS71x90f7nM4_o~&S@W;s4}hwDM(rQ2x@auTpXRg z!+HJOGhM08#joYPn`W_tlN^MC6W($ib%0JdOIUcDxFZm_03ibE4Eck#Ms+_yf8-Ca zNcaV`(d`P$003nR_`ZY+SrIo*K&jiTrhVwt+SjZ{`{g&yOp_?@-PyY?%1itD`iA^Z zp zhJ*h-L0Z_OVd<5>PbAEeSnP=4pG5*!3_x)MJbS#|j-fih!50g2gMZH8Sd>uxmHz^M zfY1MGQ<10>QTTzYatY`gWWo~*pXi10(V2MP-18NgV8Q(^bSXeYMKPISRkZ*HrWV;h zF8}es4E283fghPG!_6`8*{vy+Nur*RBREvzk1_PA2P$Xs#8LjCOuNc(r_3 zDz5SFh~hup4u zH8H4b_My~dR{Ny>f2)H+*oTCTjm?A^Qj+6Grdh3rr@E`(>4(H!F7Sh?dw9G`E2!gN zV0rf_u4{9#*e1R3;fEoHC@PH(DJdyzz18h-#2<}DVl>%J!o-ADPhY=3(QJ5l7-lFf zEqzzRudJ;6cd4;r<+b%h*2SRHMjs)lpdy+NhP3Lg>khu zC7@{RDXF`5-PoxhmQ0?vfPC41OB6!p^YZ^7eQZNATK$M>>w#k5(KQ{P>W2nik6l&>G`FPvoPybV zB?|^r8Fu>QB4-E`Rendw3X#KD64$JI%{&xw;g%gzZ{^#=Bj1ThgJ7Q@ITMQ$&~Iv* zy^54A_bd<*S4XZ6O*w-tHA9z6Sl5Kcl*SEkpq*CCWfMPW8Ncfy)qFaEf3YHE>YU6Jc3FREh<4&b+; zgNToWqEcrxophh+6u*0{GMuYG>tUWeaxcfXbP{wgEQ$nT0EK@d?AYeyDaieZ#P1GD zd>1GCxR~XAebh6O#KPgcBZEoyk#W-IQxqS+sAe3J4{LD(A}^5yb5)=%ZU7+;8}yaJ zK#-idLGWq!be?3%?(So9Ipap^=r-K^ze@WyeN}_I2=^LjAIy*C1gtw%=-jT0nlwnUxQTUMD~4W4Sl>?{i}eYg%rYT`LXZ z)tPbhM7{^R=KfgBopjY*_=v%9#lf+R3~tbBL9+_knC2_p4JdAPz;pMkH(;dR?OCxZJW4-P^ZW0U)t|2P5064>?|+LRJ>zarz1J@gG`4d_ zS5ZkcKAW<4L<e_95> zy@cBhlfvR~AJ*9))e+*Eb~R@I+23Xq9@y&3-a}Q9?GHLAeyb&^5J@z}tW4L+UttL| z_*x${#TCpvZyK7u$47xbmUY)#rw{|(wqS4{t z;D8yjv$NmTbmX=M;yxIS3Iw8jY$u(%{qhxIAlhU1vtT#)~C-= zo#eMqzXUQ=?zESC5dB4IdJ%20_EuGc5BwIz$MAc}FbWYxrc#9gEvG^e&Ce9B*Cuqn zho}x$XUc8!CWxCytnf`S-^KRPwpUFMP_d5tr@f7Lzg+WD&;6$TCDQHVxu*4|)~D_O zlgo^>YV>DY6!Zp7p2e{Oiw1}6UkEC3n1>@^d>2CNZAKhW(jp5xS*3VP0P6$%^T*z` z=&+zKt;M?2qE)-)@U|JjS)PnA0w&2((Ah0tov779r>Izoh5+B$h)5?eK0c8R!gz|6 zid(Gq82>if@{6Ri?0cygK;+uyc^H9rVv{dop+Z&e_8}a(rZSDzC39ha%~Y9#>s_G- za$#$EKHvK6wbAx;l5;*w4fTp;N=lVh!#fhxzB`t7@f$hoaY|}5WpK0ARM?|$nY0ZR zL|Fl16B#ye+ndnWYjqay)EJFlQWTC}N}?iGy_=aW50z-F=jkm<#y;~Q?0DA~D!Sxu z>qr`jaFjrO+(#p`DZa6_g=t}7;hN?5%HJaMt=XN)&?|<-cwK4G=9J*;kv+VZ56(Rs z2uHnP76h!xvum{{3&783fN9cL2rm{xywADyL!kdRd{}N?D_pe_`)NLrc^BK{3bSDm z98ICxaUp0~t&8YRsL+#IOw6P}d(m%A-a|ptEOF-NFfU4X+bH)_BH2t5&i&{}B8+L` zj~)_HjO;<#hCR$AJ1Q<~&8))U-Sd+n`r`6$6l&3{H*M|V*XF{n$5M)_GkiT|)*Ky9 zqbG)Ky%$4uetvgG1(U!-3Vf=Sw*%fN9worz)YE~`XlI=q-^04u%7lua+s^s4?6Opv zbR=(sc~Sje<(HN~^%?;YO!K5GrJN5=ZCkklEHLtvjkki$8 zFWLiq{!a?6%0B0D5cpTYCNAGD?srSCAV0tTZ)R4%vjS=u$BLHG zmpfck#e+zV`_~^~%%d}iSG4g;kfZ__&F%@-`?-Q@F0qfL)f*T80QJN#?a}oSgG^;x zoNPw=Fp&ipfgAB0a*c{GUj1zG!IZH_So^G2f7Pn~S~#`Tl@>CSX6qgFwr(4UH{fX? ze)z^Ba}vgrnrzYOBNm?1A*}HEUk0)BTz|ElC^LL>z3fnNmDgn6_G15ay}z?T)A9C~ zTV|^d#-t{5gn(kQ_zYQ+l7ed)oCKtFpk!0Pm+uu3y1Z!W>+k;jO`~vIyYtIbC^{Vb zs!7KNZUvOA>iv^KfdgNF?f*(E{%805|DzO0|NW?>_st2RX>e@*pTf@s92!2hcNOp9 zi?7O0z)yid5XoN#E;JgV|EnqaIb;8Q!v98+0z@(`wz+-uhJnHD@Auzoeu!?Yud}ka z_Z9vUrlViY9sE?H;XR`sAQSWbIm!g>N9OBo(PZ?T8mUJJn_4Ng)5&(%uV47Y zcX5mv7SO77;*5F7V;j?C>$c9<`^nd&(%Ltg@wOh z?xwb#F8U3(qu(>|!GuI_qjK4acvOziAEh`x$y^x-&SXNIFRkHyrVUK0{R z0mT>w&j4K!G0(j5DYz1m;OKqWIdeF-9m;eD^Kj7KK8cL!pv$WFjf(OJH{G%a9__#F zv&&CNWQQo0g)Be(JMhRwK}_drQ&@$b$<0M!GFNfL2MDxbiG1k;dq0rS5|tyd2x_k{w)n_z0p4rHAvAB%39|gB`ah4L`+s{ZS;Mmt4l)` zDXCeZADTzper4v$7pILcJUagZG1YftGBQ7{EKg-gzvVx>ykJQ;*1b~`3u}YtjqxDG z{HP_&)72J6ALy=`-!X=|X>>XDVTCkt)t?PkXUs44h6d4tf%U*&%hwEv&13nih_V}j zwhXheegtR{E$-?>z`FioyT)**l=^xEz=E7hd7;yie&&D9B`!f*&(Rj0?1ERn^;JgV zyZa|6O=rCOxa9M!R87Ww{!j<^2POB$lPM}iBF^-4l=q^J+vEtqzrDKnD526_S)S&G68{?o`ijg|u?}h|i|% zAd43J_uaR)sW?aR)3v~DBpyw1#rD{Ho+bMzT67+~7e6#I2jQSB%d*JN)EJQ6xY%25 z%DelHY1$2_liktJ9W0Yfu!9vn#Wj2|J(_P#f1qPy(A@y|Lt991`sjPu;4jBHhO9Eg zKIYoKV7@*WJZ#;pWPDV_*w9UJ%frn$bkJYE+}B{=f3Y@d2W(tQ)tB>3)M{qpTF34fK*FRWEo)=w-OSoVF7V6=nw8+093p}u*ZIjICh;_2Ot)6o4 zA!UQ(%3vqBeQe`-4Q*?yA=hQS=+dh#0epvvd+s-tCjes9B(%nJ+@R4d_%tQPE<8_g zr4}@iljKs#Le>&AYpgIO*1ci}Tz`m)^0t=_#1WYP=XO;xLk>+j&9WXlt+@>~#1$SX zBNXd+n-#AM06L|69~1!mmfQfJy|9#f-BMwCtuP$7TrLP zg2gS(24I6?T*nBm=MxR>vK{fzy!Ut{JUOdm>S` z_i*&LWb04+{w$Z*w9-*O5Q>ir;VMBQwH17XU_zQmdKjF;e-)Qx_t-JZ6~e+7!fsnT z45Xj~lCHY!e~;TX+qu)*aq!zw`)*yss%->U1>c9&Qa23|oAvEUiH4b}*SHiUB(*7|JYBjG&hUCOZ=>RT z+*~Iak%IqAq&%dp_Tliai^+r5YC|caWzlXVL`4%rq?d*K;7m_e^eEO^I8g#^A&!f4 zl{SbMf1-E||4_(PpgG#>?TrSBJ%1O}XL~+-#9ta$cl+Y=E4zKevbxW_;b&k=9@6+n ziSM#qY&V4!(K;+7TG2%Gv(v~qQj@gkZpr4ES6B8HVb!4|X*lk3V?iYP z_t%MO5XM4EN%$fQZ2cZhx+%qN*O0Kt}uY#7~)b3~pctGHe|CrNZ4HN>`5!4tZ zxf@jz7o@-Q(ak;vy$ij%3Y8a;Avn#DmNEpx1oO<$f53r-B1CJeZH=$vUB7`o?z#ju zo-Z*$Xj?7Nz4u)&boTmQF@lPt38X&@7xFz!}0RC_>`BTF~0*%cs$0=dk~&{j9*3qoys5h zRpP^$k8bw((6BUU>=pLt7|T#{4@di!GZ|R!F$%$5Tu|!$l8j?W33!ScM$}nF91ge^Z?*3W z+y7o@8vBJu3{N0CFt=Pj=Mb(W2@@>J&4a?)hS=`Z~`d(WJeBymqc z^-6gt8WCQEM9sX*u-J&tG*9T@suBSM*K)WlOZ0}4rAQHAHu&#R!{>5T!Xf68O2p3) zp9n^7z=-xe#zm$+a=Wk;WXS})l})#bdl4X(qY8IRz$~k$Xl#r!Js#5F6h^Z*Ez7r7 z1kFNtFV^D^9xpYM+j#vTu{l*!)r|~RjE7hmldAfcP@FVD%$az&6q2Bdttpq1g-oP_ zcs05#Hz;YAD=`2&JwJi!OW9X5L=T@ZD$2CiJo~);DhTppg7bE6k20DTzom~5Y0J)c zOVR5K?x3Ct6NS1Ty9hf0Jpe-iwc7_zlhVIkmeY*cP=Wa9>p^xoradUN@*$Ob;z61o znu=(%utws#z`j9mj>ymOm4vgPMD#M*j*oA-Yt+_rC;z&Ka(@3(39?+^|8v4}wJ_cd z^(KbZ(`7<)3BtR%vtsAVQO(IZ1$s=xIrKMH|jCLku z)qSG^L6oV+Mmq51=*W<@1sl7Z75IJdaB&j}aBzVTf*nhvm>yoaDgFqy@A(gRV7Ec3)=Bvj+GXxRt_UZ@9Uu2 z^7gG)5d%}CdjD{%w7&@3GLE%yaA$`?&;X{-d_R#6jUw8E4r0s zCU`XtJwcLlv-@gSygjE4OifFrZdcemEU(bA?yVCN(xR5m|Mj)Bc48Gdo@f`ae%fzo4K3a_?##YFQ78s*8D)VoCm zdK{pMX+8tY8&K60{O7`JhBE>>3Ed=$Z#QWuguQA)HFp%X?v}I}o0fV$B6Ysw5s9USsU~)fP#Cc(OJ02Atgx$+C^WJY-)JCDKbfVET zH7|2}8Bxk_p6k#fq-Xh;0*p)e4##P+)u(shyU3N>$ffq5jRYiy@PA1^8mh{BLhwwN z%KqlX*HwZrTTPDMq?;iTRZP^Cv#YH7kof^|PfbC3_I=3eDHCydH|9mmUn4TUG1yPm znH->;)2EK(bZf;xY%3fF(_CMXe}K$G9c@I-P!J*puIL?W%rv}nP(sBSNfI?exx3{aT#Cl zwPe8YS|7#%w78J(}$k-RA2s7D()7UtM2*mt)ngN%5e{kwJEn${=*n4&H)_t z&<2UZC7Bo^FnmGyTmku8Y&BNqDtbS`sOHNskx2J2lhDV$i4Sql{d-m$$C1jsW`sHj zJ(pR#$H6a@)I1nttzz+i#@*fxKWA>tSVN=Xb2Da2i|xy}S)abArL99P8@&*{H`efg zC>dJ*AR2V&@SI_E#7bRlPuFw3Z~Yhx_3W$mYFL_%Yod;GHd?&}wcV~e!{OAC19h_d zgv6n>XZ*RtKE`}~#YmvpNX7c?VDwp1)x(&TPL>~48eQeN`V-WAxKnkX>g+NXQj|cN z+N%WFB{EpRO}6snbO*Xr$nJ*Y<$0-Y&a0}UQZp5fPjwKEOgc2j(Y_6dNrm_v$-m7T z>LxVLq^b~RsbYBk{-79=RD|Rqw1^roavC%QDE5Cy$H%UF2Xj=3o-z-`H(DP2`-{KR zCh!B^&*>i$Eg$ncfr}Q=RwG!|m9C+*!t-m$SC(iYKBN8Ggx$K7Uh50R$Q;57QgJN~ zppjSV?G5wTIWIKb)US&Eij}V;I83WPAFi5a`uk>Hoo)}AKYJakN>G7t_yc7@0u91< zA%InOH}qW(*TnG?aDH`%3o)DUJI7gb`HHWV@>V1x`Xl9|W?Q-FgLA$f#k%j&z&fMs z{P^Q9JX`KkedzdqU+KIZvqN_65)hJnbf}H3bW>7Ot5;xD!A(k|_t}8hCvp_~(Rvn= zBX}jFBQ)vUm9~3$b@n4>lE1QfpGbRb0T3eqW1o!d?ryg zvDeRga~=a$A@tW9%)q^!oBQ9U6uz73rs`2-8y}d1K39U54E3ZYE~T_ya>)+uIne-j z;|E_IK`*3Rj(`wmD``Jsegi|L~k9_MUjUIoOEds7_!^<9Cx2;qlH4Z#ED%oSOGM5qM zcH*bX!bG@K{k2DAHn+)B{d0raZ#`wZdxB<&3$Xgq{z4}k+iuan>vz;2lT;`Le+M+0 zavAf3bbiQNBh~!xMY<33KES8Ld_@C1__SSa(4X&ZKcV7a{9W>A^}Y^zxG_#^3sqMb zUw2v|f%_7c*zx2ST(e84Yp-2Jp!e{kJVf->5>YVk&e!$a2Ey${1|E(|3Q9~^4+_;w z*vutI-w0|?48n}^ByJxR2p+zzMB9PRuMR9zz+Z*K0(L6|u{Xo|6S-UJq2*v1@#Dj+ z2JBl>y)44@)(ZLghiNG)!oSVRIY+-Mf1i)yg@dK3*cWsIx+6!j5Dy354Wo(9J6rS5 z+Kq)=%g`q&34EnY1(HKLRwE3+0L@PvzE;<0vQjQ`@6{+IQ-#QTSiX22V*=MpL18bg zkv2F(T}uZ9jc}g@0s3V%TE8%~KGCn~B}p4;KRtNQb4j`O`$*w;%{~0Gwl(Jni21$y zBm9gqfVW!MyrnVV!)}aG;7#^{ML9Y(IAmVnOIeYg932`&!;&=}uIHDGA&2756W(w&>CJlE5($Ii!yZ7$W)9zj*Dt zcbZoBpB~SCu$!YMl$%w*f5vq%;B*@vyvAw&K@&1h-CsCF1os1yWpH0qOcJS|A^SrR zfTaF6GK9xu3|ZGU5or$?X^9v+mzo-lNG zZt8A?cwdWFKjG`%T}#|_58=G1#)ons0udLsAQzzV8bLm48$o~c?N~VQ%$uuP*lElC z*TQj}hjb90Xyk{Yl`}mXB zf67qckN@pZn>W#Y0LDmU_dI*p1ND=FhA|lyLDVNpOV}QKk) z)C}B17)x4OzK9&vqn95QzPw}RQ7GS>IdHG`9J?xg=*3e)RmeOPZkFZ{%VSY`Nvof% zNZwwjkYMD?6ENy<9iRej>r55xhYGt%3cGQ(_L?0R?WP&HY11tX zyn5)hSQoLWk=LB=I45G(Z6!V78iFWX$&K>Y_deKM_a2^UG4p(Nej*4z{l(aXA2!Ct z$PC{q$DWd>3n-wN%%t}Z(vRZ-I)dvLa6basz4q>9?4GKy81U|;5lu1IxnR{~-qZL* z81gVdkt(OX?uZZX6nwiCOFdvgl+8k6t+bnMsP%U}E7;Swy zo~G=HBzkDZszJJx2t|t$FBV5pfc$GdpwSAFk75EbtR$s#SyS{yqC*7wBwuvJ^|WUM zVMme>T3m1_W4I^QPvt$gMFjdn>x6W!fhD>f@M+!&i+%ee2R z85Tx%MtryWn+L*Pr%P-AZjofT@B_rFgUEGDzsc7DZ}7}9avm&q&uWGB4?asu4hN{6 zL$|JQ`mK$*YirzixGvy6d9*ejl1QN-FexKoo!*dVVuRW4fau#7f29UjJ1mQ6REhgG z`A<7i_-tFY(O$>WH5W@ko)kPr=fif5!$cR_L;*6>^(GVTXSuc&$h-Nll^n_TNIxz) zJzhP-n1w&Am3rZo>&blDuZj3k%?`sm^jEZS+`>d>Emc*?E>H{>#0tB0r<~rsaV!;0 zc#aB6yA`zX^n*uR=&!Ku(}E2>>!$uJl?%;zeiN>#iaHpM&k0}6Q%J#CjFOH}(kWP! zwZToD{D!E#A!v~9R|PC+A;33gR#e%j(~)vwo*WZd;HG!Ocw6>tn2!oi~}@{kmd_18!vRSu09dkK={N8lBf4(Gn0M0R4Pc zPIv`F+#gIBoS`XAfLn8xxe+lr*GK7VA`S4{z=Lf&h%MK6Rr-k-tsX|8t?HbjrT2rf!6!bChbuXJg8`_I~Cw{f*O)>lD41 zI)zd8DfQS+$ElU00Qsm@n~#4j`)>^Sr_ZMH;K5qO=5+n7{R!9yw=t~w9;k=%C*Zau zjWZ$omAK&qU4H8S=!evrw;FcZ>S&JR8@zjT-Dgp&(kF`S^BxOou?{q4D^RDqW-vHp z(%SKn$ASZAQspsnC8e;F%^(Hl#<>lp7kmD2; zL3Xm+P?~4{RzNmF!GwAW|IsV_iAL@vLeqN33)^=?giRCf0{h$XLtd<(buCV3wO~?S z?uYUD4zTzf(BYxC>*G&}{*q zOV%9kM<%X~_H2e+H2|-$>s~8}oyV`mmZbVN(#t;WxbQmPjA&=_yTU%r!fvdL&*sLw z;$Qz69kQRnE>B(vZA1>}EYd}5aOK9a#VeB{G%V4ub+ZFvEbWzb5oWP2Ht(Vl5pnyW zn)8hIByl4+Zw%q&l`Mn{vGPbQ;jwNNHp-vRB?~$=xDyKQzJxQI5JY8q8#y^5NQ^vU zK2;Ou9N3yy*q@4lT@G=HPxT}Z7r$vSJK{&V+wzFsksGcjo|-#(D+?%vuN3}A$C$ls zP#my1jr7j16-^}~tV5`Ku0yqyjMP?K>(nF@+=}hsot)XS2Y;T#THVb6n>G2nUX&VI zhqRu>grcr>&@LUB40&!%lvNG?1i}2vz$%#&axl|73MMlKr$mYzzq)4(e)SPyq^zqJQ7{00s4mn~sG}8Rpg{pKGirN95n= zANbPaA ztU<~szH)-fN_bn|>0l|&QRQKn><N5ReZV09r+2JYI9lSHS%-ahNnZWu^*oA z)hKTxiw?vvis}Pa;rH8()}zISEnj2M`2E!~`wOWs z0}YpKJU}E~4w3%- z+hI1{D_0D+(%g9wc&pDM=^;+R5+lO|>StAn-bE=8FO;kRGz{UFIUN1?cP(>`Hc=S-z|it%T#Dq28N!@#9*m) zWtOTSTQbhp+3=~h(I|cPf-YqEn~ZRjHjC4W;mwL8Nj`WJmDa?-GeH1dxro5CH(r6V z#+yyCO19&L;U z6R5%5m#YV0h`_0?5>1TqL$QC0?sD_TltH@;dA_@~4G`_PpM#B5Hx~YgG&p>QM=A<_ z0Ef-L${BZSBY+>zC?9h^or&A)WA1!MU3rITTZ|QEYKYM+<=M4pmR}}EfO0H@cQx;U z?Im9`jQ!xhzm69l{ZV;mv9#sfXpxpH`4Co&)Wn0pOJExuEL~RKx5aCbvs`Kg(8=cj zdAlN>Ha%^&!~G|3A1fE${RQ$?}86Rw(|`_DCs zqxmSW)S9fP?k%@vm?mi$+30UH!KmGXOdydFE1X)P8h+rFD{ zIew>knGTV0T1~-xpjY;l+6Lc!Q z=^Gf|)$aX_*Mb#@dX&n1mQV_Qzt)bq;CqvFPX; zhL5e4kx_YpC)c!S1s$?)hzgKRKE3;Pcc^~?$v8mB`eJMG@koi^%@HGp8(~c>O}c!m zJ-|RT?GTgcGt2iV-m{N_(qg*>*%ijOW{r{`14_h>xzT>$LV!+1e+^Z}!PEH-LDC-| zVxTX5H5!}jzDc`aXfa25#bPV$>dQWY{hbhxzB&I0g-|m+m4GWlt*8NLr6Jyc)ps3? zm-lrt?`_6u<8gO`k(dHths#$W=zD*?qL_-$s!d!dTQ-s%9Ok(o4q_qs#yP5LQ{}w? z?o31%L!GZc@pZF;r>Kk^27pA4JS&;mb5s)TYt=)bleQMZ(Y%L1FI)%xDhz$1(8f;! zWy_^C^CsBW-;g0B&UU4URfloqqPVz#%wWif&5GO=8+UEqP3apur2zhuTU0>h9vF zIYh4S+H&7epyagvG>o`uz0QUlKecb0VRXC|Ew^yER7EnAe4c#sv(>=?S6ly0-aTB4G9L5`} z9QQ`_(Lcy0r(7S?Gt06MW;aP3@{@-qV^J#398gK~?Dwqi&x;R|ajH%Y0=;fQQz1Wy zBT~EieOP3Tw|p0n)S?IL&L0G%#eo9S(u2-j7LCL(ZTbaA?nyLu7DsV&&Du@HySxi% z<|~Ix(|*&(IP^ds$5kfu+q_|A zpZU0t=)toza>%a$a#RCPmF(L-bRUR#?IFk9z7lU+@#1IYt)vv^k42l~zDH1uKHrE{ zofmfbGB?Lwu#*lt+9dwFexs}OUUzkHyJgW=)Acm!DmpdCbtZMRpTvi5uVO=wOIW(r zi!{sOSB-W%X3AyytmmSyiJl=XTjL>d?W$T#n9>Yq-gad_!~(@j>bfYY>GKT|v=T2e zw_aH+xMRIKb+C2{1@dhne0t)|i1`Y$G^NI;x2NQbw18`QSM~%s%;%8lM@W2nrre}<@>TL;6aig38XJ7lF2$Y-_>np?6Yz3 zmNS2#@wrHWQ+l?AE9SJ(u2%s)ss6tCpym}@!E1Oj6uad;OY*?q&hXGQmicSHa}t!8 zI4Qbh=6LX2Hj7mv9M`fkx!TH^u(cIeCq&5dC`VcDD#W`(s4k*F)Lo7^r5EK;WIf?2 zobZ<@L2Vv5#lXwT-Tpi@Hm856^$dw3X_UGbE( zJVKxhQ|ny3Nv~)ar>)K9PD13>tOucwa8V)fBq; z9x5Ke92AIFdq_>;m6kair<`V8o9_N~-Pt(QR>m}yLhDkBQD0PkXte41V~+mt=5-)oY2Kz8J4;{ScJz&TF0m5kSH)G5Y7** zL-FfI)CH1v5Yo*%SMMHJo(MOKIY_=w()NuS+e$Jd?!y4fyYWJhx7^FhjWCID*Y{V# zp*gn{7I$OM%Y&=e+McX_q4%Die+(!JJh_*lxTq{y5+KP5Oq$`~B~Qdd1W!)A zmV0I4w;%??qXT~a_ofLbOSbyJvfruf1~cFEwX~0} zV|6xf=-RF28XM_wp?@hkdyu}jHi#n*hqSlsz)W~6r?~m<~6CZAM(DhTC|@~A}ZIls6!buEYbx1swWs?gF|Gpu&f2X8s~>h zr&8Kh0bI(^zh#^VLdt8M+xwiV=N@XkwtO&(h3IFdCpw)uZ#9MZP18#WsLM|fG6Xwm z1s+szxhVWz0EwRTI!Ek%%)9Y0q&L^0*NBBDdK|BGOdK-`M6NuBYhTR@QW6U{r>1zD zwx%Yg5)4I7h5ql>I0WPWIlcS8^UHD-TCkUfoi?Oje<+M@;Y~y8vt{I*$F&AH2h!E> zqG#RQc<`{!_w&br>|R!E(0}@I46o@awpT2O57X&8CGG@AA|9bvPaAx>h7KaTZe~lR zip>ywrP}X-jsa_GP-`T+9jU*n7hs#V0EyWD&e(sukvf6o6-6TWTux|_-JPQCH_??$ zQZ7|)Y9{faYWu(T_90v2Pb_|Z+(B(CMd(g^C$1gi{qQ-ivFzcc_dIQ2el((#SgGfb zcBja1aW=%NxtZya1oLN|Jc~mZ!+1<5f6;+&3`J*iD^{)+VmJ3XF7Ejsh{p_@N<}DWXJL)* z(^J`;yR*ZySFw?xvrR6b%~}2>kLfQm7i$7*ym0*$rb0n~BqYXkVwP6g#O{|n&+SxT zSh){^52}6EwGj~V$d-ea?ENMSYbkAJeh0#5y}RfveqhzaXbQDgW%Qv&axGYY;bx5}S$8iS}3 z&K==ev`{Bm<>ZF+ya))ZdrKC-cWKAO#sV7f`tO2lEOS8en{O|2HdsS?n;92cN!)25 z01n;~rEj1*7o&9muXb8|vRIz0C0C>KtWVF)ixI7LuB5ZWyAh^w_(F6a+(`&n3Lp%U z26kUKvzxwV0#X@&Wc`@*g}Oyw_=+1v3>yuk-sl!i2Hs91Y;67b4r zb0~$lg}F=Kb!$p!eAyV0)>wN+rhTYC^+?J#>WA>|S(Pt$eI|l>pb&*9% zPTOFc=bK38FT57onQ%|Ru*y;~oj9s|yY+0N-}(QvcLC5SS?Dc?OexN+L_?u#!r0=z&#^ zaPnsn*KTS+e&!6dnzBB+wX7W4Fo){Y0gX(C>wJT@wpt&ndLAjNdqSD0ptaRK`2mkI zWHdw2fJrZRoSUhCyu;pcTu=sgVo?2_%#($WY|~v={xpBPd?LikMPt{-d{GP05a|zy zdz*GnezV?yS``IAK&i-AFsiI(KmvBZg?SZlbiv=h_NKw@`4QFhm-+iER^`yCk$i*tia{cv<0E6 zryA{%;O>N*B{9Yh$@E+2*Uv>y{l0pHEmKk)pyYMJ?K$%Y z(xM%m4_ctTIMYUYdesV+xA)HVJkp`lETdU&ZQWpa&sTM&dCa^-M!9MmX*rZEK015$ z)A5N(;!F-|d3mz*^6Z|IoX9%BUedl@)GDosBp_QT2u4u(r+zgJoxVIm{b6bamlI!` zPBU4dBmEAp0?(3p^}-+adHW~GjVmal8_`C1Chwv0*;wbn_rT3tc82BQk6 zJohd^sUYGYSjIf8YEqtcK>go$#dfFaBHUTDH{Kl2b0k%Kh+G!i{&b&A#sklzf_|`{ z^w|1H4v7}KJ5pWc!o}JnCD$p&SSEik<&viH3JVgm9`Tj_SP~2}&)-faees&oS~8KB z2K2J;ZgHj~at=<8J|8l8NIo&gYW}R|ImJHYzLrQ^OWo=}p>^IFVz<+Kfk}|)cs3c1 zaT0nUv0zc^c*x*&ws}I=BE3WLuC<3nND9@RzU6xuW(py_>R^mX-k2FcYVJxg*36i- z`UT&?gzq@zhuC(XCpeV38hnjaz}#3sn4=$y=j?Q$W(NR57xI)zZ8!4lUmQkV>iye? zyZl7Iaw!gb>p%5-Sm$ocq~xWEmh_bx(NCaOyt!V=WTCQOCB9en3#j4iU(+?QW{;Bz zYb`nl_q5>gXDU~% zlGToW*m*CmoqFN1lWHNbW|pp4AxogVwe*L1*lJ0;X;LRC=-S$%@C(hbO&Ux8hv+)l zXL;s-#(>aIdVNY{{J3dNu|An_b%+o@kisK}SEM6#HELdwt`=Geo>JJ$P^fkmE-fI~ z`%-WdETf)Qkd{?fQKC`ykiJv%e@zznpTWWN7|+4|uF0qE_0Hh?om9h~q`)S7VPWCl z>V+`?B}97v|5N!jM^Jlo#gYnP67ZfW~#laY~1;hioc4y2!tpK-hSlZP}}~u z{W%X3^_k-ScyiyD09_W8kY6eD?FNac|&z;SJ~ zGmCijFK7<+KOa+79CdKYzfu-Ul0(GFq3OGuf0apwDKWowVvOPJcpZw16Nmvcne3d9 zXg}J(B=euc@y*+>r)5zNGJ_=LY@lA<2R9MG>KHq%&?}iR80rH9s(W~W+aHx*qGvt~ zofp3YB_?1V>`B-Uzg-MHj|Y+0^(NoDvzs_9E-E=qF)=Q50bOtGVIvRDO37;K$;0_-)x9qq_nb(?A;0F3;n7or%X!)yA?LX@6 z)d*e5j_5Qdq%1#Jm{h)!0vLWDKB;HXQ7^mlYH)e6u|14AQx$#rHVt^&xSOc)c#|K5 z)t(tlscEj{}pfPy1HalrrZmsd#du0H5>=jTsl`;7A29#J>+WoHDVC$=O z{JHB?%}M3DlB`ER+8QKg%n2oKulm!FIU^t;xPyYB$0yGSf?E+^KRmBv%pz~GDW3j{ zF$M0nSK!9ONO*EPif)Tq`sz}_)u!r7O?UaS1@6SM9Zcn%n07R2#?*NS*Iq86rT+sTr{0yEI$g^v>Q zi*#ed8{u_h4C2r-n<+|#-IVgQ7{BODRTn}Uj?xOqMe=zdER(#R>S6yY_6YUKv#hG})qY4}DSH%8W}gw z3nW*eD$LbCl>I1P5H?pUT$2L&Ug?YT`v&;1#NQvH>=3YaUtPO!*tw$HlPYRInsb@k zTs#y!m8VD^ul-k>HAf%_8#|W&q^vj#j(VWVNqrJDoyzXB$8NTVy`m`nul8bK{q&7> zmzKyuSWa=L6lfP(h~O>VLy1;-Pd^V=UWd2v#hNy5TL*7E!@A$~&A$7qC28h!p3<$F z4)=}HrqwTGn}eRb_~jjIg49HWVonYhd0Tj41+^IQnfcW3^<8?}w6PSE`M4t|L1$pI z+-E~cUN+1($dS1j2_SF2B5~Vj+Td}BSe7j#e!GwxS5>|JDG}YWe6=sB!A;>}DhHzA z_Nv{5dQzebZO2->XgVp*IDhX5BAeP-murQV-H7mi84O2{mQDx=sNqFzb2~kkV(SYd z5Q&k|EGGRBoLc!c8Lud%XoT}TMEVR71(gfPq&_O}>6|a*fOQ}m5|xMq@x{QQEmLfo zKA;|R@K4-2z-8r&X<-0=3M2m_k*l;ka{vpA^w3b`LjXl^Ox!vMhaZ;SGT&} z$7j5&H}C4@d1Xe&RlH!mGy9`Yrrs^}i>@#h-YiSU3M1acSu)|g9|snU{|nJs(_e{J z%cLU!@*5CL=m15Sz=Rk<@ig>1oKp}thMCJMy@9l9k)slJqQqD9hM z#%Www%!+XT)xxDY+s0qK$>RsP#?Vuiah#Uge}{A}YeL=>3BNW7s6eCi1^-Ombr zAaiSp(vAM0_Um{1@{K>=m=z0lTgwG!%gEFX?_rkmr~LumiSV_K-9=)3DVF{~A{UL9 z{r7x=&6~NuU$5r~huaHqegY(eL>7Y9MpFMge`9vXXs>Y>CdZ~+v!W_&WTxAT9lLmvM)iJS%x9tmIb;1&9AQ% zS{#gw1IV6gZT;(>yg6g{?(^fjX9kZfq}mhcWRk?1@3iZD{Q`EhTbnKGd&@3FOqz8d zFm{~YTg@?FIk&!d$LhaG2cperfR@j%J6G|S#ghr|`ZW@WFVwvq;7UgUCLeoi)6d0ZQ|@IGfJ`j4!NI8Z79w_wc538=t^-ZUQ(lB>g3< z84zc@RLf&ZG^wwF1k0=&HpJ4tsj_3%gwIHN_q;J-owNU!8s?2!JV_ltKMc`II)k7O zTcGYL1N}I5KDflCmv4%>#BNV(Xf18) z$SrG43{~pCFt7cgs-*jkJyI<(@Qk!xx*lUE9A2XCjaLx4SaOfwk)v}w0l)e}Z1Q0y z=G2BEcJG5U%`Zli)_%^r!w8f{g=F9VZO;hfHPM*ZyMGveb%NPZDV&BKdHF+IO!nqH zBMidr`^e0RY|e0WzOhV)VxO|+a%sn?*Y_Bku~mH}8vazq`)7Fgq(3vp4?|55vAx(j zb#7~GH(NBl5qXVkF$(VJ?C11T`Np>?Kzs7YvFF8LU$SY${L7OKxWb9VZ5r+4z%Vr0 z!d`{>m`pU%QkZ<~tY~4Sp>e3A5TK7i!v-?)Z@yKIWHm(j;Ez|ct1W)7TRxHT`DUY4 zlOBVxvJZBvvp#b;SCqYJ4 zk8KXv>Yvj!_l3xY$yFxW)WOs;r8e7HB)n%l>19rQhV8T#wWgZ7y@_r!Sj)h zTf^B~6~+%%Gs^eKg&#L0diYudkC+5}8wnwkK(#RUL!}+*EP?-f%A5Jardw2GuIOY- z?mfQ~z+Xu?>?+maD0U!%8ydfDms(-@oOZL2S5mB_P|NpI+Hfob1k6x-Cv?sXLV;MF z+P!*@=tsTEvK?`9hem}>lJW_kGnr`jaI6bpbp>-i4_M z7=SPFD&*OGM`-Gw!K<^n`!w02^38n%wEky znQRy|0f4gg_ab6VBYn?5{{?2854LJf{5_wp=PV2bujU3(wi@#RtEpgddj%{+F{JlmU?oVr%;= zAsLr*$BU!%<_g>gFmV0gobvJZ@f|;<7<;{=-}2&}kQBN>$YCc0;!Jj&H0iKbm=_|_ zkE!bLb;Hh!bfh#(CUY1$`TF|27uyP>v_W##>t#O4ia*^%ycD)9Bvu80QNDeDfom=c zG42umGszQx4>}D}#WL&+Et0ReLPJSi|5uqipfnLk{eM&D)_HHv4RsR(MwuYm9N~@J z{}*kpA|(UMz-N@Cmf=gVG-sXBtt{9_qw7Uvc3mxFb$>LQSMUEvX^y4zKOEeDljbHw zgi1k-i%AQyzwfsJjxVl8fx5Qs2l&t4xU*O5BSSl8kaG3hP)L45JZ=GZ$_7=p^XAgO z$9_3*>m)r#);guoK&WP5F@ib1Id0}Brd#qzSXQHc*Z1O%6+yePd<7_0PwCdpg@sm&<&R z{XK&eENmZLljfK^KEpllxs5VLycmcB5nhQhNM1|-kLKRGtBvms`)#q{QYZusTC}(m zq)?nfDHJL04#k5Pr)Vh@C|(+@xVuYmceg-`2X~(E{hep6v(76x`E%CFteM%f_sm@P zb$>2N=}r9gp`U!hm3}X04!)0d_VBF2Rao1+^KdQyQRFz3++QJJexDtn!Bl2iF2O#F z33Ju|p4oaeqh!=L=f5xe#XNA=N+szi`ITKe)@1Vp^o zS$+GA2D%r}Irm-8dUjKmO23(eQq8cvFs6ves}#?>`6dUP{Qp2^-YeDJ5eBwo@$Xj7 zv{V6$+77?M0!#&*?+gt7U6Vq=L=aBj?et!ZLZ%W$j zp8HZyG7;Ygbcjc}5u;Z7`!Ml{yVStK%Y#YCvwFC%Jrv*3x;trHz#fN6SXsrf5kTDhX+0*JznT0*#Mh2}5E1aym#c*N z^!Z@QwO<(fZ4>GMlSDp^FQ(Zx6%&X)ED}7jy1wKXV`Br*po=)}R`U<>pqI zK)7&WhbAv!+E+PtpVJ?n7kZd2GP*hB?yru#l=$n?RvYgG6Q?nI+5uR2U+{QnBz}u@ zl%7eT-A6fru!cdGX4~7LJwhvR&Y&-?$o3KoCi-~cF+($mvR^I(xn!=*S|yMglpuICoFSBefnPnH6U}lah_m*0fjZ6MemL7@%$1cewyc6NVDkX z;gy%3uBjYQj=Tn`>9y*l(e)b~JasU>Df($4QnM(QReHbN5oU32F|bEEXgjE>M_PxG z6O~dnw7EF;aup={KS`U?ddh^7Ze6^}DlJzRV3-FEi-7Y{1$Wj-KS_Vx{)h{fCP?f~4iirN z=0zBIL{E%srI8^{(o>LVbgA(RcCO3k!!yO|CV>4?3oi<5^ECwN!=TI|hf)CU()q+3{`r3!?1klwb{z$QML!`N)Q`4 zh2V9gCxm7B`U3}!L|q@OShw(leUpxHlfh5Vpo7ih;SBDyA9S8Ar*MDc#i6E+N8@X` z@XZ=>Mc}~9C9~KHyPZ5-R5c_M$ttS=oiPwYvzL~Zwnp8XaKL5e%RT4zaD<|JoMW(? zpbX8d?cOq_dpZ(ED{z7Y=h&JgNfLGjizGouen2sR^&BspGJis`vVF@Rt}#Vu#Yzcw zRVyqu$KB)!Q|)e&uJ25$h-=WLy5o3{9XJCC!q-P}JRT%GJHX zEU3yy+{9Dcx!c+`#MB&g4SXZooaQ7NqI z^EgNT_ABhCO3eS(1&{M*ULWysMk7t>G)Qaxl;WopR&M9pIZW$7wyp3xvw8uQvk;&UZlQ{&KJFW)AS!dsuB z&%0@mApC!ynQ?Tj;x=}_BC9kU=yht)oQIc!{z^6n#k19TnT1-!oH2U+lUREGJ%}@z z6Nm}I4%>_DMBe2R@(ygog~HxNaQaO@b^w0pqU+;E9v>~vx8ZF5Hh_OJAIE)pe1;CV zTC7=?t2yQ0N`pVD8zyeA|C-AaGEMWYN!EA(H$k3e+L&k~-C2j(NU|T1tsNxK2a^u7 z9`ME$`cUzVmm|GSdqCr(U6bkL#cGcx)kU#cK(wGj56Ya(Il|Z7B0%-7A@GMeU6I`M zLiLpYt@#gBTjNn%!^#-NFtH-kz6N(o?N^rXWJf* zbffEB@c!ebC-^klg?i_~p>5q-iT=V#JN3d#+s7bTd&_x`X+UV1MW|eueO7G1pxZZ- zVdYK&jceqeW&LwGSHAZL+bexK$=xVz$wO%V4aq;8E^PR)Ty@(;YkvGpi{($fl{YcI z;l8gti4k!J7|%p|>ns@=cwiDz{i<#!{oopKAQ+33P&G>*D#aGg))@habiC5n4{16CuBAZr>UQaRR%h)4t0or(_!*DMtK20`kLp zqR7m8;(lFS9vxh5UNIG6)R2WDJO1u_Brgs&C`O~Ff)&Khgeog5WwAdqoEm{I^*^Tf z^|kn(ULeUw1)(XGFWP!PL=OzrNKwGoOT0}J*J1r**aL{>R9^l;ijxZdVWpVl*|AdX zHUlq?K`Wh9!Bi_RO10v%=~W2h=^poZE@G6XDsh6G7N}m0QV?z^_1j9K-(dQ8 zYc{;K`jJk2e2x9Fc{H@Lgupo}px1J}}v2=$qQZCUZvVHASRKpHsGLYVrg zJ{OB_>rJ=h>OoG=q^OHVDz6fDv}CQ#RXXYo!T4-Y0{2jtBM7cE1ew!A^1>QJZ6@;& zN;t_hKG?UJ4uP>;;xRl9dy!Na3_^^X?ULGXgmeugFEnRXjr=nf!0=rLuG*%Pj#mG& zvZ)cW_{L46LA1VOZZJF$`*jpzY#RbfKhggJSk@a86e)NQi%G#Age$&aF`qV75VZYfD_d~wMI^$Q%I`NSiUs``d_okcAS zgrI!igV!uR$bjj)%A}x*+Ke1w3Vvk6E=ZP!;H9#`a!4ZX9mVL-kcxhj3%SMNO44NM zQe&`&wj((~veWv&fsfbHCyH99&mBbv)N9waPH(Ll)K+$Pp6HDdXtZ+pXBu@uaP82ipXcR#o)N)9pcEjF+GHqImT$ z@3X4Ko~X}qQueqgQwN(CeMRSQX8!>`8+&VO)zY=m7}b3;MD|eRRh~4d!U9nz$A9Dk zy34bttuyG~tsMQ*VGT9I)XQ&Kg?Bt}}CzP&(Zj#BEhcnj1z zMamr%$!}FVz_>a*d;B*|;Qmmfdb&}rL}b#4hu6y!H6X-0+w(1W3Xs{ui5GU-Y|fYu zrDZ}&2m8wUpZ=myQB-L`Wjoc*WcKv#b+V@g=Ez+W66WtnRJt%is=RC?m@14NCGzOM z4o95;f|4t1`uTJ-{|ggBZV3vQ;1-TU&10-MXCWto@tv$WG%M^Z5~ASZkXV!lbcWl% zS%fkQa-p?!kqRAi445bgDDz>{I7 z1}@k^&2wZr)XHX?E;O~`ia1^0UU`{*H~}}q$0+IS0~ln5S}P^lYK=@6mXPurxc*5> zP6Vof5ojwuN8-)fr-Bpgv&4nq=zj5~C?rSn*srFgz7a-@Ovb!Ob=N22nIe;fk~dDc z*X+{q)Kk9dsl?(7)L8f`W4*RYV0f2rKJUxi*70|^@}FyCY)|#`5tg2v2A?j0Yc!mD zv{gbhuO!n`B%?SJZM6e+tvjG`rjYbZer-#=fvGYriZ4B5p4*Md1)qH27!NBbzuA$i zmJ1N?9C?JpE|Y0j3U~{f`4O?^n2^29)MezZ`ybEkN)$dbhMT^{6cxSTo0KAk9A*I7 ze}m1y&W?i&1L#_ZzSV3v&r*18TVd?X+!-Em=pcxz%Ss2%3^nFBnL-w9m@Fu`J9@?h z_Q@IRZoKR*-lWtP=?i=D6LHqy3WfbN6WJP&gd|*#$X71hqo89 z!fVqCJ;FoEAQC@9SePcMrYwuWlnd?OHMF(}^N=%q7-<8Orj5WEu2QdP0J7e_X~gpc z_l>x2ru_7C+u(HFzPV4j7)b^ms67gIqcLM!bQz5acOlQjR5Anv*tg@mZ=O$l-uM>c zU6Y=8-s6BCH9LHi(Cn8w_!44XHrhXH=8b%7Az*uYcVUuiaDk5@Gh^%9X2_Y@T3J3s zB~1(;VgXh%N(eR*Id`o|-}n9zx)ByLE8r)1b3pyAbVay(qEXJrZ1-6Lj2H>neX4nV zO|$OppbT5ZV@LVF*4%Rp<^;+(jUhmqDtg~0YSHTOgN!C)jq zCl<(^f<7hFgNR688;pE^q1XU6De!hBT5RnwO-&}}x~_E4a5>S^nB3GghlPR}yNCUT z=Wm5IP9>6@^!W}0>%AZhc^6JGa(Ci8Q^-#BJKgH-tp98AY?C)g^L*2nHN#<5GN|*& z<5SiKisie3Uzn-N*Dfzq5AGp&7L((0c+T)&8q zNyR({@WQ~?RJB99!K9`85CLy$28Qq7n0B;xF$;xheAL0C2*#~-xlu%OC^BARi!tNbvmOiqe>b^C!6THe6^M zXz67}=bnp>;B{fjKKx4pQSg}8h-*sgod&<^&5Kshk?d*& z9`Hno^{G6NNOhMS#im^v&CK?Zv(|MBXiFrzfj@KFS~`o_(T1DxNNeot z{DOVD$wEC?!USx?&!n~oh_`Kw{#TtUNfz&@Notjt*Ux|wGO}0jfQo)5c!POKv==JRn=J;d#o|O$nOjd6Kv#5NnH?}3Wh7PBt zWu+a$*^bpmU`DmWFCQ-MkT?X1ePl|_w?}N;5nyz@l{}qyJeO_0-KPh~A=&V{|5S6_ z;^f=zCMrOP+ik|;z4BICOl?RRYmn*T~Z3^0EDhNpv2b?8Rt@4XXU&AIfD z3~7=#`C;_&ZNL<+#-DK0%M`5>Ch(JL9w%wZ;rJpwoTd|CMqxUcp7r@m70)e2n84_I zMuz;FH}HSR0*H5;rErZf_3}(q(n`pCl{8@hCEpXrAbT=`6?imD!o1`5Hmk(1T=me) zWO1gGps0zfgR|BV;DHS9;EDba6b8bevZHPxg3}xsJgItg%}wYs_?aQPuwp2R`s@7S>pYeq5=;K!D!s8 z?E6Em3ggLuUL#emOc+-E209s!L(W9e=JDpfVf$!SwrkY|FwZa{Wz+?I6Qgc+z&PN< z#9SFmVNMf&IQ>&60{%(3{@yA5$Ay`ZK6&#@_q(l~j5=DYPY>s$V}uFfH8YIxoN9$?@L2ApHVKt z+JEsn?LSwZ!^H04B9*;`sH6Xh~ynT@9}fE*9qSOIGLG0q&q z2`2`s!I$=1*X;Va>Sb?mXb+tjkEM>}`-t%m<R+D zCN^uIeQP`b+fO(|8JCli`v;j=Z9`Ni-pz5qNvuT_2m1TR2`qCt z*D*aNf89VkiWuj^WiI*iEP+^baN*x|N#?kq-+~Z4~2hG~m zE=mRB9RH-Sy)b2U+rU{h1*{?&DBTJk6yu;Zu{KSN@Wfw4iCD18FZn{Ts)fHSJmru& zX@tS~>k}jcX@ps0ISBHUYl*T;^OyauAf2lUJhL%_4*OF2<&}1{GFW}y9>XtAX+&F` z+rM(UC!+Agv>Hk8h(9PQcT5f;<&3@Nv{G8EGD#|>TbNmh0|hJrX5~aRH|E*y+gfe| zBX=85pFNI6MKrb`bFnQ7*o zEPmv(3h78uj{)%eq0nbC1HekA2D5Zll{0^QMYI(^9u{_fQJj6>q@L;1pqH9)TFs|s zpsmz|FEZLMK5BL&>hR+xk$r*n$?@?d3OnNb&(kd3=gZU5N~{a!KS9B zTU640pMO6V5=!65Tw?O-fRCrTHE+Y4E;oGj)Utl>Wj=F@CXbpd@z4~gtB+Mv6Zl@zFZ-hq~TYy&@?tP&5*B?e~@faz}bmBn497x`Vd?KiecK2 zv+zSA^KyQ^jrpt*8o)xC$QH@dDPfYA@Pi-=W#{der=NT`r?T|J118n=8{M#w2}SXC zcp)z>e^=kO?&(;|ZN9_3_%tjB<)BI2HcR@|X2bYOZnXX-r)=sAUT?{5qIFdin z&>$oeCBL|(=}k*ppH5fe$<&Z**=DBl}F;1-9!4+Zp?TiMd!WGux4cWiY)8NkJlfm#6&FG10(L2w; z>GMzd9qY64YX9v+p^cvsB8v9>;&26BRw+ZgOQ3EzXfy(n-Hf7z_`dt^D%uYPt%zJs z27{wiUEL6d>H3>iwT5yy#${~x*Xz+*^G@TxVl__v{Oz=}27endo~}<{hH_QW!eV3N zxNY03On|`^a5b7IatBQ7aPXH@UfRK@Hs`LbvS)md(kyVjb6QH3N5xy#k5or#o~S^< z8y!+YsNCa%!y8P%P$_|9{AQ!055pYh-7)xa6|F2NR40atB<*Z&ba%^d50!*#I_j~& zmt`snkO8pD;bfPiBCjC@R)kG+MHYOCH`qMS$t9GGoP|4JjuU=D+Rp!t9yH63DZe_z zU0+{czyup{w?sI~grtAhZ(hRi$tQtG>@I$F8u`SSx!6Qq?(Pw_(?tq#%m~@Ar!mS~ zBj6a+Wy7RXcq~WD!}&P|ihe8O!J%4V?79av<-ruU@W99<`&K9!(HCal&30pI0e799 zX5qr56CsG1H{7s#`O4|7j8-}@@kNfnlkw_*_iyUF>c2q5^W(yb`q<2Y<-a%eXcAdT zk$}dgt<;GNrLO+U*JPbr;ah9mSYGEXQE?QMNIG8d)SLn%8Fjb6PPu>(P@Six0@~+I zt$iH{h=7q;14Zue=)d1LF)G9kAt= z8Mw+_GIT~xp+st2B;~d6;@4Roo;5Y*Qd#uIW-@{s;0yIHV>-_^*`;{08ZR|NzY*oY z$D@-j?D`f0Y}+O0R#F_kl*Mg(#xa;{{vuN2)k!5soSmQdgkTYu`dmSjm-ly_>w`vq z6?Qa+te{J=#^M#2JX;Zpm@9MVJy|l~umwG9W6!@4D{)FRhdE zCLeuonoki0U5NF|IB&FbmaL1jSxM|A%m#sK;neZ*@j#@Ki^x2#Ir1y;UQ-+zUyhqr zUrn+*yO|HKDY)6Fgh(Jq))^L6g~^GQLoqF;g$oQA(OV(v8jKqCKL(|7WC4=Pj$co! zOeEPV-MPYFFWw{)<#8qB(z&vM6zs8yrzMlkgp@y`>1DSH{mp**d`itsCMD(!xo+NQaM`IA z10AU7gzxUUD{!-{xOj*U)MX*;*tXZMtu9-i4@cv+oW8arHE$#p__K&yvlO0MsCaFw z>*~yqEF0mh9k4N{fh;7t!Fy>dpK&uSkC6ne9%wC02UtIvbW+wcW10*--)rPW9j797W4t zH>JZh9A~$pfwQG67RFEvn|0>*_|DyqEpHK?a;h@N^e4 z5czji@yg7yP{aX8x0jEy`}wP41vZk~&Ozx3(x!p4yq5}=WSg^-?^1(Om%Jd;oi7Hi z{gBT%lcyC*E~d1UQ}g4;bvFaNUe7y&5o$-$@_OP>R*YGGj{y)G35~hBep|d1U+NX5 zOSsrb(+GOn=nO67yQ*r#*WnlPZx{#w3@Ld?+%JVR(llZ|_4n{lPD6vZ)m{Sd$Z6Aa zQ(i?SZ89OpA2A6(8BYn{i8@g?ehD4#uEZ|a2$RJ5!~pv}(PwQK_)%5QWQ5CnM~2|$ z%IalFV*ZRs5&3nf;)b11kCoaf_Ll!~jxR~2D{H^Jev8hXZrlWac5~-EGx9`q|2q*p zNl8h@SFh+d=662(@Bel=JpP_HZ??{)nk*J4OsbjrmYiVCl#F4RU0WXroh|E~Un6W_ z0$FRe-rEZhW_7!WN9*j;6B7KRxaZ{DaFSFm+4H-dU*hdfwp7#;tEh}w?e775t&iJ! z$nNAfkWyE8U|Ap_em1MK&xl=i-gD+nGMxFiR{SZzH*opa2V9XbxVsY4IWuQz(!#iy zkF5e_EIRMgvlEhmVoP=L{JAFXB#=YDs8)0f(bCk+&TYXt(kokw@&SEUz7Z<$17D+1 z)7TFvl3BDiN5Ev&jl3k`h+lR`sxvv4>CA9DmIYCSa{cbtgDs6PKqu#be>&Tj@tVi{ z%9ss4EONPp26>%tztrBGD<5qfpc9*j-MrF*f_hx_I28Q6qxJL4xbU~>-5rFIs0_RO zhx&hZSz7y@>=WPZ_U8&WR%0IBo3kB?H(;ImS5xz}EyraU^@m90lG=zV%k|Jp`#yb9a4Qg_N?zq z7=s(^mg6gu>p|9>e=;5k6`g)d_>eZUjxpAKosk3EO?u>XcZ1jqVR_e*?T2Wr%PvFF z=`~I!v-2KT;=F)1ovh&F0VV|%6N8-rTkB(=38HG%vpn+z^!=C3Ttg1lsn!f# zO*JqNXP0O+isqqIGJTi%(q;=0U>6HOHpAtdjLU<*0>(MRyM768sYp8#A1pCkVA;8g znsg*#bkJ4f48!e0$QzGvyqM>bH}rp%gE@2|J7o_0VlE$rpNDuziGYt! z2+f1;?F_c)GKz^Zsxr%H*{$afZzwu=8(QdroX@%5`I9zE8Q)UfvAF+&~c@I9)|fd-_{+9}$eKwSx$LmDq}Z&*W|=wCqls z#!r8sEMgsH3y~m;8T0X4?#KMO9xe$l?X*J&j6vWxPKu{f%=uQE+r~j$Z7a@HY}YUN z{A*EMUjf>=Xo06>lst$b3C&OF6#+SvzN2N2o-G1Z3o<>A*bBQv|9vPlpgw;jILSNk Uda-)_?CGZ{tNON7+BoR{08he3;s5{u literal 45144 zcmb5VXIN7~+chd8pb$Vx=tUHy_YNU|R8b&E@4a{F5PFjuQF;v`y$jNNfFNBuA~h80 zgeIL6-{*P1bDeWt=g0YxWbfINnLRUW*1hJwXJQ~~N`&|{_zxaDAbhPX|L(zqhwujv zu%M4|G2gbl;+dESSRU_`UOlK9rQ62bJhGKlm3{D_7DjMmj)S>>;-;+c@!$bb&%X~A zkWD4z!Gr4k*YdJjz9#$a0Z?-7mcNqM%O`hUqnAGSUf|Yp=|d#En|n0}Yf8iBVSy7r z{iCUFYI7S1YiPo8Vzp-hpeJO|j!vF@AB!J=ewf}BvaR#aZT1_WuShjm z{CjW>0U~zLQx!GEgQdBvgxeagS;uDzhi|+&@-n+btV?i>m@UNan(uabeS`XNUq|%? zcBdxPSR48=)VAr_^u^BCSe#Q)iPg}Q&EM<+2}bIjQaoi|OOZ*#LuEqNlio|fqs${0 zX0*E2uqnIDR&(fE^|H;23MayF2%JtBgD&!&P0~oH9vBwU8Z{9m=YpRP%!rEPVpHse zU06PkM@Jj#rkm#~8E#TE+@{}8Y;L=)yrNs8C5gb^r*-!8FALI;V-ym|8(wI<8=Zx)Cw)lvUP!-zYr-_}n872Wo^(UY->8B%rxSdDZN9?^X%py=u7BbJ7j*CF> zt+Bkc{5$o$*>PGNYcdbuE4(SoKOz1AO#SXsaMWzW0A#t=ZfhI7oT$X$Cm;1FE39Dzzc^;CaqBua{8_b|Ts zu#3fV98FY$9LG|X8+a_^!!`WM+c2@Hn1v=Rw!~TzScONoAY$G*jk&e#k7xa_Zu zODJ+yOt|Y<66GK7N^B=&B{QErGX7hG*zH#AQH|!8$8ee*{tghFJ1yhqAxcH83u{(-OS{ZIx;Ie zkOVnyir6iz0hF>@N18f%&O%5pZkD_$7 zx+V(N!Z!S6(%Md{03^+8{xV3YCzTF;J%eu-k7Sm0tkN@!h|5T<>L+tKN{@|*OBkuT z)Fzf3A9O2c=RqjA@SX6;>5WBM+nx^o(Yg-#6ypW;UzY^0#vA*SQJO>ADx3*|y(7F~Yg=Ua%uFIW6!%E96;2finTQ}iS!J~t~gc?m8h*jHYs-fcM=K34X`i z2|mZ5YKnM8Vfzou#%QAqOI_X?Q{02b{II6%tLU%TJDU-duja?oC@H&{N~{|lU!;@4 zDCL=dl3KGiJj$Hk|2sue2vUn?gnWvgFjZyH%v(83J@Hw=i~YN*v7u=*;6@L~^_qts z(l6&TMrl$6&tmf&maCgzu3zsUT(l48>I86?2A2&R)0k2b$3wfFB$sab6h0S6=1HT+ zsl3+@4-CBHI~iezXD8qEK)i2K^OvTP&>iEzq|u1oKCf^4t3yAmlaHkQpteiYd6k&< zPI=rax39<_D>h)q9wL_G4||tuvq#h^4zqZ{51cDGSJWtinZWbIFDi< zKPS@nmt)Q+YUsb~?g4Z4`TLK#q~8$`weySNRCt|M=h^kOPNV4scEeo-m_7JPekCSaAH$p`)r*4V{%#>som9bvh6!~YEG zX^iwyWgz}DoFTZ8EqMtL88`e$=(S?QSeF#`KU8r>B>}gmk`8JESi^R)&JfqfL32^` zlHNz`9SqeVhLgpMP1QZvS=CMROZWV@5^&Sport^=JY(uVB2>5?GO?YkG31;40*8V6cV$R53me6}5um<_@HZpzx#^|N<$hQ$j`LE|Np zCX^GAr{HsRB)LCBHYIlc0spU7WJqQka*n8ELGyj&JC37}^HhPJn?o{Mn{c%6qc4)b zGNibHMBq0D^_2JCvh0rhbFres49JN$H@b3hIbSgd8I%^VZpnVL92tczNr?|N4f>O1 zdgR7t$Job3Lg{1gFr}!**f~?_R++Efb{J&%c`GDpi~3H$3`y6 zhV!INM@gDLdCDMoX9k{5^fTnST6i;k;XL4D{La0pw=U7s_a&W_;4r z+ssaO;qX_w>i*3rkhsJ7_zFvv*?4ak94gqCH>6%?d|7kw>n379 zq(yus^4&`T`m&zJR5735eg1l!+&LqS?4)nHhMxtw_uS5oGpuYMU*owr={MAwMlLUWg5brL@!hP5F&Ctx}|?nWxZ%| z7s`8?PGFHC(XgbGL5WQ6+JA3KSys!BJ54}q9-lpnAfT+O+2Bt0#nC>DPf`xj{DtrD zH{=PXUp8Z;V4_`p(Q$P|-14q3pi=sFTm3i8y&uI#>a!du3cXm3er>;P^&8YD4CYl$ zY(}uVxYeEM?T3W3DOkQ`?z+t&G zXbU5aFm(fe$@9YLvt@A6%9c|;i?&RfuF+$c87d+Z>Uj!#DUD%^JPKunQ@2Kd{<^m8 zSf2D)u-ZbaPj!4Pz* zhzZShhvRKzkBZxMF}=2;`s=01ov3ILy6s>^Ivm^FN9rJ6L!b3(tpcuFZIY5dEXG-K zCs*cQhgGbS?JGZudi%al`|`K}E-D~ZD-zUKeJu}6X5%OcBkhRdU`rzVLvvb$x$&#@ zD!+*OT>t|Q7LR1TyRJW{-TpmL7MAF0w<*`KdcD)&Gc%tR^mT}Rhw>!E5$&7P|ByKC&C#G`1s+ z5Row*Fxrd})X^Gq!a>-%S~@YASC_5A1Xa&6!2Twe{Hi?k<6grvS9$vrnG0+%euB%{7`XA3=r7xFCCQOBKH70T4;MitdU1lGla6x!c!kRG1&yEGY>=OS?OcL&W&0_AVQA~xtu zz7u)-c%%K=NRcnB%>Yjjc-#;2WCC=zW1$ zY0Dy~p%2t6Z#&I5qk>VLFZDn0F{Y$ke%U#}-zlHmY1Fx?(ieLP)pAlrKL#hxK0iLO z(;>RU2lDxHo(dME9)L?4qzVo;*;AlBXNd>-@*N!N##t=Q7Q6-#s2#Prg+XoanPV;X zCJJs&*upoRH*&5v3VpSmqggj^Lt#xIjB+()s$ssd8r0CY3abncmWbqHTebaG2ET}@ zE>llL{BHKJj(^yRzY-e0u0So{$y|=#5_}(YF|=^lWhklMQx?8uT_K|lu~q037gQU1 z!93CW-E-^sgCU)}Ws)`y%cJkGWOVD9amAt*Em{F#Z8&J+Nd^`)*2U4}P{*a&kFPy1$G@72i}S^k zB9d$}-!<8fh&%KXF-@gEn?yl71|OfW_pf>eeLmA7F3RVt(&xD!^$ag}P!%2Slzz-O z6wR@e!C)~-q2n^l)mr=o-@phn(AS^+4P<>7rLl{vZphTU?k3TJI_M#)j{Og5GSf;_ zv5NWM1O~S(li+WWrt{CA#vq#xW6c>@rJWLcs;kka@HN2^YZv(mo$%GlilRIHk#WO;g2v zDL9Ec^G63)mf^u>Sp&$K$YmSG?|TGPppVXob0AHvl1Y<1NAI`WC^z;E%pO zDA1!bWoR@Gay3pK>uGWosOGr=gVg*aOx2*odBt_N2zFkwzoE{QF2z^gZ63>}!M9$5 z@$aq^uk+98|6+I6RS&j0QZFd_-SFq|ayDYah?jXm#Wz`Ko%v$5oNprqxI}c=wZOW3 ze>jj~V5m%O(C~3#6?`uOMTF|ETbqu)+4tj~M(5}FKw~DZC5!K~6f!*OqhN+SX3UhGr0I0!75-%>bWiDEm+j)`sx%hqg8@ z?}zRtDYHj}(mzJ=%X*&YY0J8saA$Ef5c=NeQJt8H&-p?&uiRpRDlWXPMqJ>9K%}M3 zfh4DrkeWV&W3pv>Xt$*UcR&WR+!+O=hs8KisrAv&Ue+h6QtG6=`c6S%A7~`|npygT zF60)KBU%YfzGJ9?lkx?BM;+6)IO6ox@HoN%gO{p_^P9ZAtP7g~ZytkvS1DkV z-yLT&-M2YPe%iP=|-(GENjMiY%F@8f5!l{VCXOci@^INM^Tk1_H(;qH}_L2 z(=kL^B2Oc|ljW7oEdDPqr%3KmvrM|y2ekytb8D~~ubq=id_PozsL>?k12|6=#~8Zu z&?&F)JV!fZLy4z$n;vSK#wd=Q+*N1X(q#Fqb4j_ajF(nqlLqrHe)BCX3YX> zv<(F!i?D5+yei>poUwR~4Z__Ve`F2YD6gvTuXtyDS)dyf#r`ZKWnrnbZSP7i8k{RE zY6BOc+f;eW(9sUw27HMwlP4N_6xCMPbNp?=-&6XFMp0kZayI_>L40%N^|Z#bjE^5Z ztoY=3;vjijG6g)v)y%tsOILfqST%68zhp57$8waAYeW7&esm!ZpHZCrZTi|Cc_P-- z?x|K5v*I?wz69)$~3%qpQo=w$P z_I3_66W2R!@r=?8Gu4#U8n%YAl)NT@)tU?Ch{Q6Z3aR((4)bs2-i=tEY-P@ASqZ`P z8PPWDx!tNV}Bd+NaqAvIy)Oz*T-rfllP^_4Dt~GML)&ZWL zH#WBFj6chb7=()t3zPC6$>KwkW0~?ipF|>_;>V~jUZ(te>2O{(?=EakpCKwNoemkX z{&QfbGxIrZ^mSs?k?%_MXfO85RXc(R{qS>61$|l9M>pOUSNLUca3n`b2uF!}K0XH= ze@C+<48J7oio6US<^&7>Q~TstSL6st+_sMpYjf{Elr3#C8#ntqp2EfK9|m~Qn}*18 zyaj&L`VY*l0_a-wS>kI{sA5(*8NT3Qo9=cIXPDy%Km0P=!^iPVOQX98>+w;&SZ`** zQ$p*%Hg+?>)3n{huJ2VY;=t^Zz zHROosUq0fFvn?ged&V||acq|)UOg5>+5Jj+Ly~Bis&heo4Ae|z40cApz@X)S+WDUr zCBJ2T86mBGVAy*ok6QWY2HUn;{KCq^TUi$?P1&tv!e}r0xdb)_PA+CGS(a_J zw?o#O#^-`(U&H#VSj|i_WP$afm_8mT3Oj#^$$+Ws?@T{a%Nn-k)e~M34IFL(3?E3x z9em_}cpD*Vy3;VyDY$6n&SesJ^7%>$$C-q;ZPj(xu&V#^Ms}XlSj3iKD)(upb8Kgy zY6Fn`@7b_)M>J#0J}X_Gu$?|xXn!OV7zUh5XRrm5Un`;uYPpPumS-^n+*57-@d-=y z?#)IMMTr2%gVCApsCi<9pkvAS2BZkmean)^tlWFI*Ak!N6r=JSll16A1OMQu$NXZUN zpf9uM_-GkEkKL`+bqga1)1_SaJe{-f#+!-46dwhNevKPj3y*tk^76GsF>3%&w& z?gGerU&wxg<9F&Oc0A8Q!6kMOwU1^~IMaM_6gsXC$Pc?1|H*!RS=}5kwq*gHxw0?! zn3pCFxQQXkp79`B;RWGEn+^L|^jOnj%hHo^ugEb*>k~}BV^9$!Nu;kmj>mdOwApbg z0N|u#Y~O)dc~~5gPW==8cgh+%+(I{T>N?LeDKOXdg7x zhxNn%vy<9z;Nd~U&%=W?nyXDp0UbCar6`dj3ugBm+-R5RPV;MN2rIj!PrG9k8J<|Dx?;m_F=;s_>isWhLk_ENxBVLlDE zKQ&-x?bDnu80F)+njgWS|hucd%dqY9=F|iT`k~r1ALK zP1Y-}!Bo6rfnl-$l7A&uz(pTssJ*p@c!rwQb#DQukxgrY;cWqr7BpYaw?n~3!P&(? z3|R%L6p@98M~+ZS5R%g7k&#>sqiXzaR6?po`nOc9>ak853{Z1AATdRD+#lC*^0jtp6Fi&7k&93teZ-i5dKXJ81ViUr=cY) zsF@7Z@|xOZr4?&?d4Am>0l*M#`6tIf-FCp!;(A(OLL9d+O;yFctl$hh={mg5H-YqUl6;B-7)({vGT2rgNY;gi3j_@X1DR4gZg!)3;KU z@WsW&qfQD}!D&YJLHu8)>)JR{UK@F@fkHgNmpy;uYFe#cdT1U6q)@>$_vVnHgh$23 z)7!Aiu;WGdn<8s#z6UX>Z1-*Oof{?djCLIDaj=#;=O2t7erEu=@uO%}v$%-IB2Y@t z3WISR@g6XtA0PH2eeVF_k6KON>TUFEi9fxBE&3#tdI!Y0Vh+KIFwq05PK7-Rh}R&#$+oMx`qhY%>b{|`*aqdS@d ze^4HsM-$%I$gK8}odtzr6bKvVpC&&Is^j&CzFe?;*Vw|IcQ`RZ37(|lVfB_;*$p#TMk21SO z^PHIAuyf}P7H6yg$+Zm(RGud(f2B)K!{RnQFMKS0gahEAPfyN`Gr=qzXD>8{I`|Qm zG;=`NH$(cG2Kk;Vn1J{^e?WF_^pD@wp!%R&e@rG}FX-aN*^^n%{9JmudzPD)Nh1{ASWEI5_}8dcB1hhrhGs1W z+P~0}4$$F-=II8#b;g-wrx*0@a;pkmI8Bg$H51Cmx8+|{{)?qbY$FCso0XI^p{(gS z5$y<|X*YB#1)PG_w=uK}LksxHS-b0HD2-$?oz(b>R8LHSbm)w9Hc$&3oS(C>v=$`6!BaSzF3VjK8q2;dg`M}ehp*jBA`=KMJy*K;`2ql0 z)g9A9MFiyvxeg58{kk3q!*(|uVoPW+!~{2a-9uG;kTB=ytI>q389TPhb3dlZkhMmr zGV|2YD#94`n)#ElmCWnc&oPgzi*Epb)^6R3SK}EU;8CD-*$<;99T~m8`W4RCtfW3; zWc$s13w8SD2n_~;B{wJzi`-HDXhR|?m&qd42ERfm;h(d^Dj6juJfn7h5|cck0by9y zLGZm8$l(KTCWT2E(MXgOZ$RhhtG%JWx{?>}QXVzk!i%cNg_&cdZ%2Da^q8qwlNdX3 z>DJ(62tx?oY_2)$K&&KX9ssWyi%?mPCggf^Mov-^O>evA6eOSp3j*@g`3Z%5PTk*J zJ#k*Jrp8`b-x#X+Vw8+~EFzY0@^;AA@(# zaM9A9vthk3u-SRjKiKJe?>G5C-GzL${{-)u_XQVk>y?fEWiU8y%oNPR0cZ3a;%@9J zukOI-?Y#L0#V0h|o+yO8d$*Rk%q|31*3={m-W=y9<}k%BOYEGO8MVB*AiCICxY5g% zra_^LX&8h~px)l1k6wyqdX?VE(2mjGFMs37F+Yo*4t*kOxWOTQasW;^+Y)dx6?wgG zPI>jj^>Ed%ftStJU5DO3gF0=_s`htzULf~zn}k7c?Z$9RWkW)r)U=!4O!ESKpKGR? zh|Si%92SUuzthscsc$@U&T?`-;AQpELAT_yBgdR4Kfu2%G{qyEak)7`$v30;Yv}au zb?C`jIw$tkiT>I1!`#Npn~-bythT26YG`h9*0Bg&?={69MSsoyzU9}nI7q;-Ir9OCy+P=zjykvBh&q_~ZanyuwD>Qu<~_Zs$0%d~gNS%JK- zfRSYiJ||6?2Xe^9-;|)e|FH8um-bcTsb>!|eB6ygZs$}vrA+`XDd}CiZE+Fp&7}^F z@L`=a$7+QnxZ06zy~@=sPV-!qpkeVNl8|)vddXgGnLEp_}Ql6Y%EAoJiD80qz$Hf*s0KKpK>2=nYMcTlX&D9qGnkdU3r6B zZ)}yjv7rf}SGShIc02jg3=R0Tpx*rlYewSgUE`v6mLs&|y<k7x4S#Sm{ZfE|ksi1B360y+ zc5RW)jp=Iz2GQ`sX(ku0c_Hu9=Y~}|i`&T=?pX_Zbp9RF7aavg3`4Rhajl=_(9K1m znVtKfa?J{EyX#NW=OqG@0|#&66bq?=0j)>9>h%80@gBl(Ckg*5zAyX59bs5bci{z; z7a~=GWy40P$?eC2@UKCYw7W`QYuzYX1JY}aBpoB(NW>%?{9~7vS^!&2a_2zEr%&>@ z$?}70|A%r|1>j$qldxElzJ0crLFYS>K8dvCY3cjy@>W)=y1JA`9Z>yIEG~n3<*48GOIkzfMHea-=R!h4KR#k&S#}c0m#S^UzkaC-m~7FR zrD|aw3_M*e#L5x(C;~ijt6BH_3J$h6+gjY85)uC3?66|pGW)$qXp4TAty=f?gVq*1 z{Ur_L7D*wR(fi`#cn5;H!^!rj=~+h)P4`(G@5-u=HcBx3=33$6^7&2F=lozgF)*10 z3G__3*ET$fjVhlFhTK4BDg9Kbg}$oN4J-%F7WTxN2*RU@8B>{L9UaR7&EYAUP7ZbH zB9;aAQL17Hnnz#MyesX6vh?Z7j~Z|%hY@wO1KLM)5$g-C zosj{D?YjMXzV1>e$9?f*S0e5y;bMu-gglMy)TDIVr+$C8VoneJpwS+;~xc z?vRgbjD)wPg3IM;AI_XmtllygfrACNqiESJR^!Rn0>!Hy^?f#fM2LSBB5R+08^E>} zgT-=1Y2pu$=p5Jr`I*barG!yIf)rSRk;hD?*eV=E8~D_aW0@Gb0b~g2EoB*TDHFB| zvn*lMc>dK#8UeUG>6F=H`u~5)yt{}OFwk?k2V!(aAf6@i2@;s$#)U=P{=R&SVK&m& zMP^ybje%j=?a|V_?jKcF{K#3{dQ_e<-$@SyE@y@*G4Az9!)~k*%0ZtbUw+q(;j$) z5^d-fOyCw!66lUCX~I_s6YmU)93qMA9>Oiyd9)LA!EeF}DIH}XVs>vb1nAJNhbun~ zOwc`B)$P1W!Gwx^^Oo91%hMup$IoY~j@1ff*LN)x$xhf1mGPCrK@W#4IeX=>uiWGW zU74i~JK{tW^9G^>?%JiEhm#>C%f-ZG9+{rH$`;_8J#tG1Vn19>|6uz83&-HusDK$A zkw}Q&QNUu1d^S=E)zmg1w;nx<>p7e$2dTB7gnF;NSHv#E4VLMJldiQz>9s9fD%Kpx z%jqe}XV)F{zF;ab8;S$TSNR4iVfKa$hdj@tYqb)2I)zkPuvXz%AHR4{RNJGIdEi_I zk45>_*MM1$5xcmW?dNcPR)%uvXO@};d76n7YAPt^u@mU~#6Q%RGkB|5=dOMZGBI~p zesmE;)6r8Ou~guyZ)ZAml!Z29Pgz z#w7fY&PuwUN|?+BTXt=EC-uMTVxX}G$WG%*bs0=J^ z*DUzB+s;Xq7{ga2FDi09?eZeon0tJGMq1E7gCxwQ4fJ|kTi2!ivPMcU)%Sb1uXgU$ z7se#||IQioaL8sfbS0yCaZPgc{gTbTeD-7gU~y1&Hj*#T?sBAJR3OF^63*mV0{&VA zBV=1u^8aPV5ssUkL|K8w72jRO?XmLXJ3WYKvfA<)STpEvD`9+69AB4Rbij~G7aP0f z(D$Pb4utZelpHyO0Q`TZ?$1eFGJzh*wKDZEwS?*oRY+&W+VytmgFS0pvdR2Pq8$gs z?~qigHKkDd;jTo%GGFSsOPD1MX1AH=-*MzeELF@4kvTJc zI8p<&1t;oR{lnrj>|eptwz&0quP{aSaAHeXDyC!1NS*Cilx<#MYIM%!>qts!i0gI+ zmUB!PzdZ}FcU8b3R6N+NMqX@-E6{3$hk-J=T6^Y>V;~PlKJ$yFUnkO4mm$)Qr6bI~ zJ@fS`y$SU=W{X)@m7wm$%F{QQYR3}!qdZ08Ck2}@BK=8W!TG5W7%$5+s$RSu1%n6I z6Gg~pVp5~W^6-qlc0uDQMu093KiBc6z313F+)^TNv^?$bd_BpGSN#AiASOxe;R}i% zr;pxps}=AO40QNtt$W`7q}r+R-C3L1iU2sd(_`9+Eva+p>zDddcWM#RcZ2<)R5;-j>R6+yY7UeWUo@$BG5{(^iEecvS?Q^E{%7=SGw^*V4o_*tqsuwe5Y zY{PMEdze!>v2Luc2LFdx(r9=CpHkK;Q*IS6YtR2ms{c%2`quZb(rZVbZrJi%|Jk1c z*dU#J?TU7IX~1EiZhPI0v0lp_eMa1oq?L>&suU}b?MlhF0jQo-4o^-T;KEEcK-eVZaYxc!4=XAO=*bq8Rw|cYp!7;`%IsZ|lbh?Ke^hCPo6KhN&(dH+ z^@X^_1K5%P)R0%m@+-4UsgVaeou9>m1>HwmEysA})~d68)PQ2HJgc8(xjO;r=KpIe zF;WduO%Y^5jb;lHzicN9{~32rRP7{*WqXg7qHDY0u8{CG*>tm@hVU|cC01O2EfQ=UcT(#A z)IiDzMl4f~S2K;6`5j`R2d=4{DU^<&=Z^?gaI;Fg0|-;Sir$fP013kTA_TG{B>!uP znwbdMl5%rJ(x0AODRKQGsBtBkdJB-TSOCqjRO?M&_~M_ON|#Y%QR>qzQI`;>e-SSAP3APAg8cc_!ziS)$iyoJB9H$hFc*+8 zGEhbO=O&prdshg45x6m z^Jp++BK#B}0PlMt0FR*b)n6-`fL~o$%juQwt{lK*yPpL3Fp8T|lOkK>AtJ7fbMvv=_ z5>Kkn(PF8LCnY~8{L=eYCHlM#7pBuNZZ=;mj6U>rkYVLnd(FSUJIV z2JH=VT2YU81!{or30&9|{82qmvs_or_ESx?29(fl0!{|pu z&uTKP>e=Y%ZEjfgW=rbaa})jsGWAyHTM~?XYR)IL3)VHIg{%)0mj5=BNEr+%vjtC+ zx2lVwKU~&|L8a291qZhxWC=>$3Ec*dz3b$)af5Tx`d0fU_#Xadi?Zy&_6}Njtii}I zMaX92gpCE|)}w*wFfd8<_2 zeT7=+y};n`ko!<|&rP*R3i|O_aU_45v%a$f@rhX{BI`F1T1P=e^m!<9jzi^8;<;_Kcvk?q@RWd9~PVm3_^>;|(<${Zg*jeMJ?5disERyZB zq(4tw|GOwiu*E&yo39heM?>w5-{|1h7r&Tb%`BMXmi3KDBgAF=dLM}BX8sv|+K2sL zGKc@vdLBzqO%s3j?3TEKhOICl{>hKiXYKyypKOzSc=69bY^(GbTdc{4twPRgB9fkq z0lW|6hbDp~ABLS(uba`7IIL;LcqHD2HuX-Z|CtOp>0kbTMxf^naeXoIL_y)Yj{r#V z_k4*FXrP#5n!&bzsOCs*yNXS>t(4fk>2R9Y?7qyN&$axv^`WikUCg5UKnB+bD%@<0 z;)%kI9;6a&knP(w#o7xXGnsdhBHQ_&bxuTyo;sq$TS5=vvPTR_HE#@BW==^ae8F0JK zDjjNie>GcW&xoYxk!f(n#(P<8T^>nLZj6dk^`jlGN_APXy|2lBL9Ntfr(pQ!c#xPQ*ny=`K06TMKBYgi6a7tS019yK+Ul5^$0Y zG3cNwnqE~=Vmm1d#7D*Q#w`pt02_6worPpJ&Yb9*_NkB!a<0!D827LH0QjlhGojXx zE&I-6A|vxjko#3M@wV1AZ8vmiFFrymB=#&fA=_B%+pjPOGo;M2Pcyw5nt;}Y%rL6@ zb6-Lx(A@fQK^cIp3XibFgtC_(>HM0x zjwt^@mG#WGwYiAP2AD%vpeFLo6q&Z|sf2BcW2Nc#*{rF0qPoXYtYc)R zp==-3|1qzc+KE~tTALo?H>jU$F1+}StClxCarfuK2MOf!ikV91)~Wr*7ypKPy2^Wuq^d_%~7vreSa5)Vk2dQ4G*G3;e(op!Dj&0xUCdLEr8ei+MnsH zF^uv7`lV73qg-KMeG+YJosDC$d9mpfo#DFJZa`~_x>NapT zE18zuB=>QgCG+TazwVC<5v0hsTrlJ##E$Q3n?ygA?Tok*waTADLV5`ycJQJf5+&iA zDz@2hl6W1Bt7QoL9%uk+)mss8kQ@Oy1z-5{5%&*CAP7qUs7t;vQPaenG}x!H?%=zv z;A4sXcwX+xD2Hu7Ob0$JqZD~B7qi4hqY__j(ljp2K*%XtW;qa&3Dg%7Gq0CdP!@sz zA=KM;*uvEbAYvg<7xk@R$u8Eo192d?nqs1{H5=u z$cyJg6^#HD#UJ1L-FUH35r28wuveKZK(13x#_1wW$$kffO$@cpY~Nv{w<^{$KZmFg zAX<|SE?rT$onC)Uf7FoWd^&6^Wnn1cQyi9;igPCe4{{&TiVYar*TU7RCYW=pM19KX z^&axz9xI*GbvJQ0FnKXZ?!M!zk4rc?ea?<580@Rj|2ua#x07v)@eAjs{~D8AU=3RO zF0nJ$(Y<%GmQ1T(1(PCgny@m!Hkxx z{lHN`!}sWS$HH4?3v&3{FmWkX(7;^Jo$GtU}%#gC`SHU z9Dt4eHO9IAbr0ibPi7W?Gr#l3WJ|*wVoR2S*V8E}hc3RvZGzWcnpEx57jYRAf%3M2dQ;CbeyRE*O z^(@}m-8CP{6b3=Ja(s@hhlYkeA8)wIoLM@_>=`L_@5+G%c0ZS{&UL@P_us?D)D0SFdFn1P5ys1#9n0me&X%fLP%#{3 zKsk0@a*$A_f&k_J3)XEfP{Kof=ToIc<_$KxECA|JeH(S~+xK`zpq5{6%cb3-xIL(s za^32vXJ`G z1GHs1edHxMBb$UQlUp!H2kEQh{l?pxZ!qqF;xB=pt&JjIX6L#xI?|_4b+)v3inbK2orEF}ROJN%{!Q zXt#IpM*Wym6vFmj0Z7_#9Y$pJ-K15hS}fr&G{3MeV4xn~&f?8rZLl1Bcp_iEo#Y`F zQuh7rUbfenlcTYDKkcL_B4=;?yK99A>LF^^Tz*`@6SEU~YqA0a5z!u6!W<%v*Sth! zVo9+P{%N3Y9B8`a%hPT`pA|E)ok-7h4Su}5h40Q*{%m`rqGELN_0utkmWIY?Qe%l4 z;$A_y_YKe$wz#EtK{O{|oE^TQBu`Jebw-q$x9C0C7TV?O>l%?Q$`G+JK}Eo_Wt@L3 z;N0PvtlpZae^%j~(8O0RQGXFK$5YYDF*c*-Z5!#QcdO&h5j^{PwY^~YmhMQTyw#~y z2%F{Dwo@v@iUwlCCh0T0<&M{)7Ascdv0#(#cW9Lu-`=r6Xm`7f+I&ywtmNx2Tr?#1 z&SfVFi|~<4loY`n&=ra;8lr~H5&s#}F-MAmPU@Bn&m?2|;jhQtH=q3;UK>_<0c>^q zs9q-wx5<2iapU%##fgz58aItr4;tm<{Mg-*W6upd*PlJr>H(`il2YG@Y1ud#4T+8W z8OpPovyFUz(kulUOWN=`W|yuWU3e?v%7d&AUvAd3A8os8E0Y$HV?(H6m(AhT{Nf|1Jdy8rpt~-fH08Zcuu1Z5>%5M$SWd)+-okI_H+CyVW8tyxvGX4O)r_KqrcH5M56Hulb>5Xr4CATxFS z+_;dT2Tc=xnH0mO)1y?UTFBy0U*>k`6KjUCopgx`B=3r;g)>FyKSV<$x8U%SN32SB zSiwJy{=VaPxvienlK3J`VZbxZgF7~y$i8@<26&ba^g+QZ=cIJKsPqk!wQ+adF3E`0 z=KPUg{kz#phQXg*PcNChmo+&)2mjXY*9xNjSu-E|BfX z_5j9Q`_%Q||+9C6aX2~;{Mdnb?4IH!! zS$$33c+{Wu6>6%^#cO^fh3eNb)JJ&A6;{IL0GGw}=3KGLyM9}|`1NRTM1}GSRMeDb zbS=aYG}lUSxO_yA_Md$3I3OfB(uSiy93qBk$oeIo|6-1^@a7@OBWzJ{WaJ`&RIvDb z;Q!HD0a;;k;E2GezwGQ24btS+)wzHm-Do&Gg*dF0N;0FrEzGS0q94F%YVc zR0Ed{z@cZZQe*r>a!OS&rafT*#E%rf@Fx9)aPS8hqc=D*9k4huPC#a+y1F`xM6P7Z zOkf#E*rcAP=R&by!=FPmpZUk?WxfYUG{kdG<*gs6Qm&=~)3eBZAf^e{fmWb;;7>e1 zlFV%YKOTGA4g#tRQf33Ow44Qdkh?{JC|RNkRd0Ejr&**Yo0N|khL^E>Tqd9xu1+n3 zhGuhlmlcxBZu=_^s`+Y*rr%P#t*IG%e?1N7?34Ny#~WP&i+5 zT;yq4Sn8uSmM*Iyj`sJx24m?5IYA=9nEgMwoeAZVTkTm`0<4x7IVnay7Bc4_EO3fD zEu3A93VT4YOtRP6>zn#)GLhwlh_(lG)#+l?J`c6zS-y%1(?(?YBwOXdLzfec5z=+1 z{55l!hK}zSjszqFHvC4cq!5i5oVF+B!q5d3WRR$8bm^oSls(WWgo!MU)hq^{+#7+M zXoR(1!FWdCr=QyQg%4uhHdfyPjD?32@3r;&zX|k);z1uB9hCvXGn~z02+c;vVt9kz z91YssuA_}vkZ*Z|uC!?l-VQp}H(^cdNu0Uoo{4OUb)X}O^-1&10JfkNo(zj+019%d zU5U=cKwO4yh?q}$CldJVN`XP2im^jaeSGj6&ab8+YaZeW>^iN8o)9W(=)rfrhaakD zf!Wy|Y#@HRooF@ilY4+v#;+ts@m8|Jyy(%GMg-58ftoW%-*+Z-{R5688{c@|i0T33 zyuaXOcT?83Kc^^2;5W zg2MDD&7GKRtO$9A*y8~iz4>@!KV^wgS>Z`(a_Wj$(m23cRO);qIsH)RoyQMzW>Dx> z>*E20JkH1+y5(qlC@HDOya5BQVbamiY2PD_zoEF}U?`cqb}=(#do!N)CIKQE;hn5s z9e>0Kh!3b*URtc%N%{UQq)h@c=qYvXCeVEYs6nxr&<-)J8It;qxkgGoz_M-QZ%+F(|~(`OgE%dOUyCKvjL@y@Ip6{5GbX z-N3R6=S*a+z&%|CAyf9U*Ji4X$_v`o+{#>l`id#F<#r?3EeOcjj5`~ib2yC6tzQ?| z4ULkgF!KPtU+A+EA{6$vi))f>tK6JtylifWV6En+JPNWg65J#h5 z-o7M+0EQE-01Y@5$Po8@;z;LOM|>GJrTKq9+@C8|*DSiQ3V`oRE@+)h8**XwZ+a`r zdLtWx*X5jy=&q%qL9GX!{$I!l7}VKPZGRv&IKT-KCnFKUyv2akV4Ec#S?0ryzZZ&J zc}YvYT&{~6vcY_w38%u^W1Dm}TxfUovwU5*OW@9blOzOw!X9%%O7ibz$N%AUjZyOn z&9@ym*=&|BvAyero>LG>VQwtNGd?=E63i$?Yn4;!{CHn_Z<%mg6n@Kw>%k3o!J3Dp zULpQ;(Ed&uVK*Z=SNCxNvjiv=a=U-26^f?BY+_3*kZStAOOm?Mx)1tF9P}38majdP z6cyWn0A}6F^8wF%xj`{!?(BT9$TVmr&+^fnh&0M&iYt1Dsv`KR&ZRO1S7us9M!GBf zPtq%TpWE#={jqa-Lq4ND;6@86f=CN@Y}M1Ps|f9)Ce=^&&BfeA~`C6I<_$BOIZ7Z8b8cClbXl^ds)O z%AWzuuW67x?6~l~15gZ)=-*(NyF~c+LDM7bc20nv&F|>6kUU5Zx^8c-1K_11;f=jg zm79$9nl9W(ozEl%;7XCOca)qmY&5jCh;4Iop{iO}aGcEqRQ20?&c+_J+p#FPoo|0c zHyW5Ssho}f(kb?4hap1`6M*X}_d{n!Y5)*{K~w}vSHOUDqs*XVsIv{q2O+!<3Alf3 zF4sCx&y|QJXCUB|vWJeN0dwAn=vYDxrsZKy(REZ0-`!EiktyPj0Q9qG9O}#MTo~I2 zh`v;}QGLlNxMR;jxlri&THk-NBTwmH#e34UQU5yH&+`2>!O?%glbS^88WszMez!G8 zUMZEv$G1QyFBjn^RjsC*v*#f6RuO+R)A#CQ1os_qB|0D>A^YfTArQFXzwZO&PyzWz zIkHrqRNddC9NfCk|9;p7XDpf9DKbdBKGI6xMxDLia{&4UjGzJaQK+x=Cx;G#mz36& z3Jiq;#nPYk4h(OoCL0F^&6*?NC%&iayrrW1pm=Ug*0VF@#*qi#QjX2i#Q{yF9T4u` z-gbtvr6Wv*)YAQ7pq)b~B%FBGzx1h~;ya*s`ioyc#xf44#y9|{LKvSa4h6l`e)C`{ zlqXocQtL#i)C~{fY@e>Bpt!YQPu~d51tjX19lqL2}li` z;G?fL%DTGD;;4+-_pszxa)@O~GsNQY+SoVS1d)c2n%dhK2u#yk1bhj8lV(~Izk1D* zcFz=`iz`0}+1-ojY*axNE(l3ug!J!c`TeL|I}F-abHA(@G7xh>WR{@d4(YxL88fDW z9AJtMr#XFOlBB>z9gRwd0JpA{bMo18;*2%@W1OS}Jpkp&;f}EHTrmf(G%NkYt#FSj z3KhY+iCWwfhK(9w7pHWVAMW27>uxCk`};pnLS9Q6T3Ln<#arzo4$|?ZQwWGL0gZ2C z_$mys!sUs67CtE=Uk@bujl>K-H%90Au*NF5! zmHR+`jqQb`S>SnwYJcF674IagS2ZO0~*CtwsAnZ@yDqL&Syz6 z_U24v>u3nWv=kUe&Y-}-E*H$eV= z`(Bf|(%!l}{kgXT*M-_iUW$``9ZFy6P+u;wHK{`P`@!=kfCPYA@o3>SYa=Q{#kYiz zpZZGgO=Y%(B!cz>0YBwM3ii-y+YJYa8y?lS;|@7SY>{OtVAIzh$xVcHA@Ukn*MTY6 zV=;rUk)zYfP*qvNxDsF*O#kXzEISc2>P+(2W4N}uiiS7} zfAMDkl~Jn*)D-uh?`HDSCr|vNk(S&^0DPX)%l}U&KqGOCojJ-{E^jgEG++Ri(Qt41 z^Iz@J$%|M3(A-MiObS$zmdd~lt)4-$oCI`m$I9W&6-@J&<%_fD^jer?T>=sz0ze`Z zEeJW%r^E#EWt^)vKm_{adH3pad6vJ(z1E8VyWGpDtEki*)g4ewUY^}Umet&mjQU?x zG-R=*Ng88!vvBaf>)EBODvIwv=zSzuJ{`Gy?`c@(BIy&G4o{i0T3HtFyJ@(xbq>(0 z&6&MWEZ=-|fxa!T9xw%myIxu01I=6BYcREcZ8a#mZTNsYw#?cI(b^Cw>JUkM4%1Z^ zA-pP233-2X<=GzZ>4sz!|5E`9J(QG>DBxm%<6Ss&dq^(v_AJ9@9?sZZCKxpQ<5hU6 znq&`ibRWpop8~4tI)W*V**@X%@wM422&H&cksd1`%~~}rsA&<0H-<{uMt#q+o&HCZ zcALK;?1eL?QhTJzm|;cf10h1pQ7UEQili`H!LHcJ?o47*}vB(U@dl>MGBKij|N zOa#Og;y)9!7I;PIzn0}m9e5D$KcV>8b8!nx+DyP@et-~1PRgYCcI%guDB`Y^S(vrm zYq9lbb@*E@2b8}86yBzkNK6=>JL063)^~m_Rhm8IzhWUA9_;D*TL+?3uw~?ID3y5_ z)51{p&d3u34ajBACJev&*myJY_~UgO8z39T#(p9hMsh#;efeLB%o$-u!8najhf^Quainm9(hEfAryo#D$GwURKGX08A zh~QX*J-#`(M#ee%G2WJ~)jr9&5ryl(rAb$T46LXEWse7RN1Sro=0VN_xd)4WvdakO zR|}*+PlI6nFmtv&*@`kP=Zzrx@VbQ~VQQ~w`yYpIw-ncCALE&e8BE(G zA0>M!;>WrBiY*q+l<{`fcECUh|zRSd3ox=g%96#E-*B*~OY`6W?czqyD94)q( zhMN_q@$Y5!^W03(vhaWb$$bySa#_2~@En+{bANHM9`6E|_Q-dG5|crU-$U2#U)ibM zEhqm95rZ~DF!t?pGNQ=HX;-P!z~l0U<_u* zJAzc$a+qxl0|n7c9bvsDe2o-5vtf{)8w>i@pk95QN0%D3*_4fvpPJMApH;`tKCz(& zQ|HNSPaDY}JdC_h#pYqTXWaUP7^g>ZX5NxfhPzjhx6>PLy9AcmbxnM-B@~3jg{|N@ zd?dX+ttr6z3>7tvM+2v96^-Xl+1MtQn0R-+#^zH7ubO&#C%D8`^xc%;MJ{p-sMCm^ zr-hyKwqbAiJ%6{ZO;pRf-9JnR15sVfAv`7XHXZ5s2eFLQJE<^s_ zY=e|aF={d0XMbp+Y$JzqB`Z%7oi2c$9fv)f z4>KWocoZCuvY69Mg&9UV=^cG7Q!9-4G~_d6$w-<7V<7o zFlIE1aG-8qbhK5+`5{x6Uc{ubBV&+L*EUBo>wl!KZ?`;CP@{r0)%G_95ZCT)=yqKL zuN#-%JmRFY;kCfq8oM4C|8lzW1{vc0sCFVpOiIY0l#gDe7r@$NZg8EqtUV3%Ic4$A zVc%m(%iv*UJs=|`3H9*w0qBPm9GUJ(&&JTz4*r_k4{@i0XfN$vqkbQMjNb<-emyK? zIzkspt@Ut2m5+$QS5mPF1K(=VL?P%ug52Ukd?Ybe<7E=j%##!r=}O zmvs^(21{m@J+-8I599RYt#)*nu}MuC6t0GrUlRM^#Kt}8%V${vQ91ig2%{rSsmN_! zs#u`|k<4Eu%72MM{&&HNNOD^*y8p=HKqoPNOqk6q2sPk@A7RqZFTMDfU8eF5=1}`a zLr#qh+5*jnEseBNT- z&Wi_jZUMaB3n#M{4H4=)c)P<^hq9;%DS@cQ&){U~hDc>tioqOKr7%R@+1uZcM$!Y+cDSXfU=dm`jo&$+xXOaPhzH)BcD9O5{yMZh8dAvZVe3Z*pU zfyYMo44K4f2lXK)Fk=6zYU&Wvil{AR3J(v^Wu`vs@x! zZEA=0bSal$OjR3!^tfbQ)cz++RbO$B3XYyQWKb%!>i2V0c-nYz0HOU}7@=UUbbh2` z_+Zt$C5~_m6_fn(fr?m@;lYpe65>N@x?K_KS%YPtqya_k-`MZJIKVute>w$-Ske1p zVYMJSEmQark_I9D!;JxfqRpf9)Rqc0k#8WS)IWZ;JTm0{SVK$^d>-z6j?>BI^Xr@(JfC{ixURxJnkkyPV`Hvq?iYK+hE0#F_-1GLDmc&M?Y{yu)-*-W zMVRz%Gu>+n|Mh4K3Y{r#N$V{+L!_w#ls%ydiI7t#t?YFNY#G)_PTVicprD9R^+*It zYB6_e*b8d?1)}u7^dS(c+TWdnkwZn-!O}sQQpOb9`eaItkO)4;nm+ZnK;P>*-cHXrArU>A#@*l)wMOMF zqxHy&?}AIS$ju1<3Z--fuxN4H5w`kZS(g^+@w7-MxDM_pxkbBCu`^l%2AK3xnKN37 zI5iO8{qW{lOXG=KX<0X!3-(2A{*P!(S70-cEw0jpwCKQi9ja=}auBous=d`G2pf>E z&FYv2705b_fhrDZo)~=m5!Y>mPXK!g@UXjJ&)-OLC?A!Z7}H?mbNQKi1{3k)J@wYZuKLG9QuxDywO=#;EYiOHzMUn=!8X< zS>*323ZQ7f2_T?>U>u5V00^DrPy&D@@Ky^)hJ}ayG2rr>K(H8~E~E#do|RM5iC+-3 zgg{EGsSQ{ot&~?~g=%pawv3pUiLv>wHv9*>t;ab~-70)3{B1Rni9ukkJ5h1TdMb zgn76TE3`=YP9jiIr>_CZ8NCZsfU>uIzMH_$^=3G>VSUq=*x6rl`5Y!&Vo*{q8P?eG z^I%cklGI5}?iipN0hFq+PQdaRcg|SRzR5S^BWE$BavOD*Wy2tyP%b|9`|gbrvGe@J zSVN^BVde3m+xQH7R4j`qbWjDXyTA*Vm@a}S`~z&AS&J){)eBa;B}Iz!-}!Zr*vil` zSgJ+}Pb#$+5*p)nPVld4X9ey-vU$? zU}iP~E{%CoUAA%LEnQ^UAh~!E6^F3X1v`wo)UqNz>Cg1>Oc_o-2z45SikI?yR##o( z2y&aT)hjrE@&Yr)j?egBbb#Io6^EFE@SIg+hWJ}QZ|#8lIPCV(UVfXupKffm^cI~8 zbGmaWK_q9rYwv#ah72t75z;SZvG=gX_1SoP*~veQiqy93km(ixXoZXk{-yA* zFa0@G?Y0fTKWZ5CecaO;+Sf0J;tI+FV&&sk2XZH>4O}=lhojWAM)dh~(?k-glUTvv zg_{19?IHS{XBln0F{_q4sAFdf(#O*7#Yn&k|GoByLG7NdkJJ9D)%(!1m(OV}Y-#J( z*o40~Q*{j=VKffze;m{n-sG~U-45Wl1kDC342-8GDJU(pJ_Zd%X@@jNyocPE`hh^1 zUkb)Tvgc|v;0GFkXtcWhF06uL!9_h`yr>1oF?I*zdkBx+7ggQLybm)BH$lPI@B#;m zm0M}J$uM9CUdSGvnH9wOw>sxWXM0xQ4#K_>=Aq#GwPR)(c1}dlZB!%jo5w=~dGi+L z-kbm?)zsid44B|TK&?_?DFWrW{!xvlGS$>gfpw5K_bCK1b`EhAl!ALUP-f~q2#@VC zkC7Xv>F%HyMShMa3W`O^)9IPH?p7>oxgBWZFn~F$oQ1*F&>-BryT>*?luO!QoF^iN z+(!iD<0ZiNAaXl}2yxeSxrT~zNm*Xj`w4xfY6=BMow+askKy`b>HUCU{9PaSgtZ!! z0yg_HXdiMfhdE6gXyb~I!H}jWW4y$+4D$ObL=_%ell+A6PfF-TNZn77+V%vuGPnX_ zBK_v2`+@Zwfrvn?R+>rDC6J3MHHBcu8HXp2DIi}B8v4R`4;%HMruXb)EXHxEvn+)* z2lpSSiB#Yjz$k4-u+-L=l2>RYvr`Fty%`OWjk1Sh85*^v4Su&=g7Vj~u)Iat3w#Ek zwj(eW>e7!WB4u~=54$Q$amlA=q%t(XXFy0@HX)}UZ9qSn5G$`0^E0lxBY?D4JXY5? z#qTeF^N0I<$wvjc;RP@50^ZYKxQT~wzg0$C2O6yGB-~ACr=8cz>i|tw7|f@z6BEDQ z68+0U1AhJeus#E@If1;;%H#hOU;X0`paY|dtr}puRf!G5Y}RVRv}acKYxJ0mGN~oKqLym^kxq*YR-s` z26^+Q!Ghk5p~Nerml!QUAT zJZmRBhb~k!eFog)23-F*vXS9p%1APPeQR%@U}TPVB^PM51nE< zg1^IiTok6cp3vjDkm6erq~V*p&VmHmshwh?)GmdrdVkoH(~9!3fXgRHU^bx-fv6yJ z@whTLfWbVJz2CQcvbR4JA*VKp2*j-f&Z6t#NhgBW_l27)LUBi9x@&J>fcmw4sdjiu z*(UT3$fpwr|Fzw0GmXuI>nzr^`+&=RXyFH>Kw=o6SY~vKbfi#rlXCzxAPb&;-@D=8 zLwO=rD_TQQ;R`(P3t7-)NyAGJLAay9@BB4PvzJ%KIBG7f7uNa`m2&b87C)G zb8~5O9}v_3HMowB+S6g11Z)b!vlX^BaF+1L@#%rm%LW7)f%8(^ZZj*$ z!s0|%1VfHHyUuk{9Ko$1WhnH~hsbfgAkvQ57-@rC=++>r`|`WIGtrNS&3>ujh#g%O zsC9KATcvG5e)XSyObFJ`zV%fOn)smjNp0FRDAHg*x0u88`ba4v%pyX{OKp4&QZfXb{o!cghpacOc|F3IVcqvKO)YRgA}* z?CfkesN6q)zNp^Qr-BiU38H|FAE06pt2PMdpfZzen)Ajp#X3`;FDYiL6mWSCP(y5% z4Qo7!$kW{3^^AfVV;ly{QgX*o4+!KvagJSIbrv%W9nDE`zRNTm77wfK2fJaY{Ju;5 z4LfceCA~bM>Fbck*M2=O*V5|_Y=*;4r#oA~;0t}Qxz|9ar=j%LfHY!;*CIDt!y z@Fe@XoMLB~OX{T3UB;lS;o$5#Gg;vKdQ6N`QSsix+{Jx#jwY5uM@wkFm2ab=Cfh-8 zSwg0Z)nMq-O8H98l4TL|o_Xo8$IWr|c7AS(*I$*q39BJnk+Hdts5~6dYgVGgs{j|1 zuE;Tv;wsv89^z?Y9purDFGD@zD9D7D#!$DktILDSrxCVOsU0_-767(u)M>5SbK)O*kkooNQZgoUL=5?BB`;_lp##>D^!JB4P11{=0Rmx zpvkwT^9)_fSJ;yvn;qRZjo9JsF7BM!AB%G!HvN8bat`Fdd52&D6i6&q?}SG>%HrrK z61(3nS^v>^cyLW}J+>>0?ZIrR|Dt8%FzfP%BDfkm;!WJJetk;#syRfPqOz3T-ft?y zB?LAL_22`8tIyei79B?h7u)r4m9Bc4A(vcQTAf)j z^V z;!e)!;4H8zSV4zbpdEZIB^L5)+e!6I$tLB3GAvbrsO+uFh7FBx?y&!gr4)SBQRiDp zo9obh$f&y0+cXUqomogPfta^C^?*o;`^_Ak(%g9hf}kg<{QP4=IU5238=;}bH%K%r z+GuG_V+JHMfu*}ox{!)cpNsjcZS4fWBJy?{MR2(ef{K1Pn~~q~z~y7t{V8JEgHIFi zLizj{AuQr4@?vGn2iU}YiTv2A$@GTkIw zP?W;Wu!S&&7xJ*x=o8lvY(|DK_HbVJxCvkr# zOvxcYd*EV_Y+Pe;Bb}_;{NXa!a&B9F{V`^?hO^s6`C?vt3dLQ$t0nMhVu8bHtEi&* zX(s$v=CNTJoHLDPau7=cFxBfJU4K8_H0CUBDfw5i9L!~}h_(<7Krk(aKWUsjF~oM4 zaplh3cX3wE;7p9e=_6;olrk@*(;^TOovHDnY7OI1RdJkGBbw4lc zqTFn1`;RnoIcw{=(ym>JuO*Yv;MEs%YTqt$S*s7(Ub%OHs~b8-k`+rFR=UfhA0qdg z23?5R!d>L2AdHqJFs$ZZC(YI_s)|)Nm>qj^HMX6fyZ)qFmXnl}4C8N?pirhyB;Y?* z`O0a??RdNx@Q}YBdZD4d^QEf$GR%Hpb7#rPyt0IC&PHnJKAqr#XMy|O;&-L6+(^5` zN{f@G5`6uujskj#;~C?hEv zZ|8~w)3I5H^L%c?K3i=?f^%?YXVT|ajRX?+MIH<7NWHn77LJu)wOb7b&IzvLXXe;g zUAttprubFP(GF9bO8io=ivOakTuyf4Y^>~=nueU}7t1}@B+?alZs0;Ls?M_G^a)gi zJBmqm^YC}hN$`ze_Q_qk3Q>%XLw9c!|xiwq|44~4fgqF zO++Gy#x}u+GQY=1vD{#Dxlc7L{bLb2Q~2spMu=44{nEQ5#Q79YxPTtz0?txfQgjQ@O4{ z%Ra&NYSR08qtr9o#Ds*~M8Abxk43V$>qNn0lkOriZkAWa4^Jn$m#=8UwJ#5*$7*_YnSWdR~k=-)I)Wgb`Jw;BL^LzhqaqlA_PcK{+M8J(t6$!~N4T5xy60orQ5pkt7ajK9C7+ z%^l875$EQfO!H2*0-r^)R-6RN&z8!u5tA0TZH+hxaTmg@ckFGKR??CY+|D10txabO zt$))x*M79WII8Wm;BjZ_LOj&PTIAqS#6;iY@pz@cp5isRxV-?VL9l94xDfC@47zO| ztRKwWs1VlEG$s;Lb|Cp}SKWY>L`mAkpj}rNpt|Y!OC}Da=vt#Ps_^ca!{rBNe$Pi zHjUQ6Yg?!`)9ngCDRG(Xw?d?>>8wREySm>A*8T14eR};=aEvR%cObzrTZ2pZP4~I* z%c2^}%m7ZA4tvrflV(w`%UQ}JUscM&+fq{lT=rGO+SL!S#g;zuMr>+qe$}zC4#i_7 zwOH&1^2d7?46`wOxZ9Qnj$*$ZNYxY9%7p5QmOnh=W1bk*tQ|e9V^;HJ;u~7hM{P62R%Mc9#;fIk7Aq z_Qg8jaGW@@CkzB|gNI^G>uJsnPC$e{-P?CE6PqXg(-szGIVAN(ZI8*;x{D!04-Sy; z_!(XA&JFfnzl)*QK2DgG;QY=bD_)SgJ=yPxNIBDOcgpCQV#9ZMIJS`d!MwDX`gjYR zR%ue0DV3{WRq8bL$!sxUinr({^T}2^we{k)dE)wns0=S97OVcj+c{S4nB-zf>vEw6 z$+*_aPO3@b#3S))KBGGt?T4QIEw{YIo=@LQ;A=b`&_^^{USTbi3eI+O@N7FGPBFP^ z5Qj-eYWdN(wj0r~T6l6wdgw}&YEQ;;LTb}K&_>P2=#J<;h~_z(e{a}KRnU&C;SGgM zP$X!E#5`_<(e9lKZ6Cho0YaN;Cq&8-=~Z~3D#)KZ6rxP$hI|IbiVaVf3;J>vZ={{k zMV4`}2KKu^wdlue?T|}nV*iT(Jzf1VvOMkyh#j_oR9Rc9&fz#i77w`*xBQqvlGQDh z!h^Sr{Lq&SO%~Vi+}ZSEpYn}(kqEfnkcx$|>?jwhw1>wpGVx9)JFUP18*mb9hgbGq z81X;gxLuBm@mO5#Pg~DwI?cyOlDBfEIhEO0?w}HkP2%Z(VX$jXYPrKdR0TQuO&`?o zmI<_eo?bjCWpAt3r;fAuViR_{;c;tGCvs3;(QkpHzy_|#k)rp3Y_MKs|A=oWM$b&0 zJAL$FQk75rH^i_b+%i((LRjZ_QZMAGO&ib2%Qf$E544&VilU7Vy7xAoD3&-rAIo$F*sBpMpKlG<|%G9n)yL`v& zOQorxfdm_VEzh-nC>o-d;Rsi(>6t2aJG9`t!Qo*QCkTf)9b8zpK75SECy-(LZD)8& zNBE;*6~5w{*&6Sw>yw1aLq*LAdtKQLP=~-}8DGrcbUCc{{IIrnA6j-k>)PA| zX{xTi-qwCmX3&t?!nJTPI?raG@}OYG{BgiYxP#A^h8si_<-MwM4>Gi9B9=_z~?X4=<#U zo#v5LlRK!#3QR{LZY1T)^ZEN<1Y_KDT-<4QN4Ct*HMx90W(XS7?lKGu$4$7N38M~r zN6Vj5h=`D;(4f)751=Wy*2I^s4rhV(HtAO#h;g35jx>KJ|G+l$?07kY$%KX40?qAt z(q>PHFx5}jSqQL`YX6xt`*z4?bNJr2Vv?j%f?52R&x4#7hF^?qvl_QQSGMNI%G%N$ zXvL^EeZNz}$Lh(?kK*;bcUD)`xVD%3Emz8&Hgca}z$-Cu5-ApaM0kQ}q?}`aZ& zq>*#EWy`pNvx9jOIhxJ0b3dfbgFh0$O9Wg4HF5U*;ER@0*ZjGOi*Qo(Y-DtA6s;!M zrYAf2-?Nl6^Uk47Fb(;-%i7>Cd1riOWa8PLs)r{uvY}qyOV^4N$%e0`6J%|BV}#0~wU} zQ4rZjiUxC&1jfrclY(sn*fJM7pNLW!xDE^n=@tm}O#~uv?fOrMl!C}O#L!Xi1MHo_ zAk=OV=@A0Xv^Rp^eDGzw-cJZ3?uLH;Uk+)Oa=z3XF$p94C|@cy?n^>PnZFfu7Gs)N%)a_1j@hYK)rkpUd;vRo zw4`6_USm!DH7)imRt0aFsp*s#Ur8?Xtk(oz+Ko-=NLNn6Cz`UCw{q%Pnxzb)HA_j; z(@`rGfl6DS6Z{t!7uSnxS2lDhJRE@MJjJQN5dIR>F1oef#qpiXE?Rxm_yYy}WGKj5 z#>Qsc%o)339zF&u_zf{hvP2SAkWDUI7~Cn(5Jad$rGfJg8C4wLPIJGVP?7i8f%<>9Zg{FI+mt?DDD}^V>mWTXMN5?;>D8Otq4#!? z;D%eK=n|z(0IAMcGY8$p6X`hJAILMt5(j3P34z~Gyjf+*ZKG&o!vsX zL@GqR^uxfOaRXSez5~DGr!A(YHCJ8}yF91w7aBr>$@g}L4fXmTllk`A=3NEqA+dkm zMLDx^CuCBNxiS%$)P;@^Dw!pR5y~h-D{QYL7T0L%!7AJGI=x%H29W^bO~>Xko$wxD zd)4*ZvrVQC(x(||$4f4AOj84CjW}wo;eJbBB*q8Z=wBre_qx==B{T_q>=OAjQl}%` z8ywhT*;~Uw_vwr4o#nwKy{(UDyInl>DF1Js)-s@dbhNh0as5t86&7Y!DI(>k8sIE} z8m~6HIO=8#(sKvBq{~|znV8miPJO|<$6Q?%#KcJmgLs#4LpiPEzJWR!><$bJ$6RS% z@BR#DtDNhmd^02(Cv;WLg0I_T?B{d}(K+0?BS%=xnO^4jGEhzl-nK3ZZ}d#U^jmgD zVu3AH4>7e^fGvaW9$VZW)}C%w{S5|V+9^`qUMrVqte@QhGgx=+Y6S*Mzf_yUnegKE z4?hj+;86-Z-5rsS;BGHXg-f>#p6@Gml8N8$!W_8i#NApols9Gy*O!n!Ph2B=kf#O* zzousb3a56k;(QIa_`+N$PWd=kG+OwrJ=ZI?!*oPP%_hii22(7xF~o5*SDBN6Clcsg&s zEQ*~GEX3VG`c^k@t*` z2EH84lmQO~fGFNK(tv-C9P9Q4Q1WN!dt2W>2YkZ9dO=7wuRaW0;JSS%vyy$vx83BmvK3tZ-e?iQacqWS*w82_MZ)W06%1-`R7OA&XKwcXzW4Spzr0wRo- z-_PFxt7Cn>^%=&$vrMP`b$swH+b7+8K&RX|E(a>7FY-1e`4Fb; ztU!6@cFqS53SetQmtPj{AN$!-!~gU5d)x&*A6a>Nzw~*x9U(X*7~Tc3)o~^dmjzlt zTfz;TzdbtJu9(m@U-3ChRH0L?8K8h`yObQ>Ny~31v=Ym*(i^e%*3kOac?)Gc!G<|# zHb(l>&YW|JZs|jd+d0#=W4wt9+oGk0QgH3H;Nh?L)8*xxX3&>MyhiKFW{EHQJ2FX~ zv(ghTQajW)vf_`&pvdC)0WIC(h?M7tm7@(@>2nWveWc-S=|cYBzCzVien_U7wD}cD zh{>hjP?ND3B#8Xn2E?a)J9mZJPw%czR!6^c zwBByOsZ<%GG@W+9odUZ_b!1D#ejAx$v9jfGaUIPL*3aXP=Lz2<(+f{i!c3KRM5Nu3 z)#36(G(U4|tOCm0Eo3W4S_80Q zK?bL{N3Rp&Zp7efyK}Dy_(wQmrw=Rit?yO0Yy#KzDu( z_HT#joliy!ucl)=i%0%;wtVR2R`Ub1SI0 zbm%2TF38gX2OWiq!Nc^bdT3DzULtzf1Gbc7MzY3hSLksK#CJ6%&tA0o(N$yl``4$S z6MUJi8zQ20tY76+SocIfUgv!{_P>0hm@cO#ia<7ULL@O4ln=WIt>VUK&0$uWcq+ z@h%dbH`B4bU09>9*F|@a4KL2k^lv#et}vLNMVJ+1gu7WCoh}R_TV(xGHw+Ho-xSd& zkw@!q>%Qw98a)hhBUyPw#oI2<1HEG&ac_LU{fp3lp>Y(^Siqx&tu0x=zUB0ynuDI- zVvvAYL!ieDk&s%L!)mELO1C-*WgSt^5jc`A(^FKrBU$1x=~!2*1tn0>uIdxDm^qfy z2Qc49qe%^I8k#}m5eE)jNk;*K#pT&Q21WF*{qb-V=#=u8cG``y`;g4EK9){O5&M%j zJOh6ER~~m>9628J6roY4y?_W8efW)OkU>||wD&@hMW$9wJ-%h?u&l%CaZ64f{+OBO zvi0`jfo<6PfEBM7<1?|YjJJOOi@g(PbY~a_-Yl{lU!5@`+@SEJqch+WK7;o<)ATmSisHto-{Z=&MLR~e@w;q54PnaQp<=& z-dY})i=a6{oJ$rlV0eAT5)br%M-F`0BtsLH{u?N~n80pe+4KLNMkqbvghpaALd(XN zo&s>BPlIIDPF=bK*hIL^i6#kcR{&QxAkd$W=2mEcxbUDET1VNLgB}{)6Bj1e!BRfr zHy11k@4xNjSu*5(V~l?fvs;#bb)?WwRr3BkX^=3(2g%$v_9Y1CP4(q+&wM=&>OG<^O< zBGf2H6J`1J3m3cAJRh?qf*$j^PZY^q@X`1RfQt|edi>B)+^@uG? zyX4kCu~7ZvZ#&-eg%9__$7o|kjM}KvqoQ_&ilr{XWbD3wiEBe{dw{L%)9jXi$#9jS z`wh(x;Y-fL1tL;j>%{mFUpM0}m{Si?2%}F^L+21!`Qf}|QGd)iT)EXe!TB_hl)oX{U?$FM;W3U9 zm~WO(mqJ(+bw>PqpTD@lj#qA>g#%wY|F+T8PpH4jVJ5Ea9X|9NjL=t4m!G{Rsat$i zZ$u9+d~*N3kn6#Q?Mo+bVG;~+-!5rH{A!%Y!f%q&KXeWvE_j3Zye%40RO3wc%?kwY?YWIHcFvw62 zjUYoPD4+-k2n;PCNC*f>H`3iH-6;*yA}Jk1cS%SijdX*9bb8i!dq3WLf1Z8Les_4i zn3=WK6~F8I`v*4GpSJ{jbX16fYw|-n;F{l$bwBH``r=}0MOuw_v|Lt6PEVI3bq7-5 zr3QVZRNriCdGq-Q^93cX6#M}=^0&wbWQaJ621K02QP?b^ZS}ooubnbZf3r4q4G;Q( z)5>N8=krA^fzJ-;^Qx2}eS2borjDhFe!qo7XXp%Ip0S|r%vLD)_Zb5?OcTIJ-0#vo;q;0b2MNNF8Er*R2=}%0;m!; z-QOR!sSc^Uk9}7kANLLi$h29hovQNLF3?0E4^xOc?H#z=v8|3?N_R=0Xfdb2bvqPe z?FUJz=v!u-z*m3O0; zbHj+79e+^>u^X#Y8~#O;`mv&=zl%ZpbE_N#--r?ymZVi37TPSRQ)`qkFNliMjcu?n z1s&u2GmF6UEkZK3T@h~kn=F#wTGN!peF-9xp?TvMlK6hpr@$Kfm56hM^XrS4_N{5@R`i@?35|HXQ? z0Sw%?78k0C&1Y{0+E!9Usl7?U`?;dCV@6DM2EBaJ5Bun4H*FLZSlj6}P+z zfR$7I_`LWInF+3si~7MdR)8{#VxR8AcJ4RXLBZmQv;|+*(f(e73G+{1zqnlSa7Vxw{!sGu=@|8~y5lX#}(^Q5 zYCVlDYiN5FJ1~(U*fI?e(!fs!o6cm`qbe%p%l9N$5_F*8G=YeEV^uQ}DPHmD1R+hMz0LKAn zv$GUXJqtM-Ii_L9L@FTY`oDP{xDCxTaG6q=OFiso%pWhY7JW*XUnLe zY<9&-2}yhe`@-IP&3K|IRlIRAEWQ)Q&|%on;p()FozM&yEB)v@>hY;lSS%Tl?yAXC z&N_UEV2$rKA6cMv59X-%Sl{fa1{T?C>M1ur^@KL=9o?&0t(>&y3)~oAoOdwFu7uV- zX!(@&S~}u#zm!cJu@$GzVtvwbgY7XgdZ#y4#_<;YJu$bI>_1wRz60R^?Uw2fi!$g(#J*C4Ds08KQ1^4>f_pc3a4580$pT{ataPwq`H{GV z0u0oZV{SsD@n+)Op`fXDU}2zg#V~E=e&j}ebC>r6Yj#8IIwNEK?FY>B7?fiJ*B)=6FOGAiZxF7yfW^|-vUZh>?ih*Sl!IY?JR950$W4|3;jvgyJ{)H9+#GS z5%lWX7tkOX#z1){-#PSIUYjT8`V?R5Yzc93d-d%HiB%W{Q)T|)4E(Rm>l-{n#ar8X z(ZBLNuTydU*}-~y8o%4h2>LT(v_BH&bO7{rgDbLiGR{qYYhB8z1!&A*xJ6%L?j=tB zHdb&4fN#3U<<8Z{6G1N^k#$h*(KUiFp4kl&-&mm$F9etisAWO&6+DABe%EVez1S~( zK;_M*=TCAf=LOJYtz9nDT?#drZ$6v}@#BJpz_M+XfcJwF=K`jj} z)n-bqsZ!cUjWv5X&K_UZbIQ9-9tr=*_L=YGFV&5Qq0dsX z#sH24+WV}#n2X%%Y&qIKR%`xo-~xXfT&NO7PN@9wQg>)y-s($fUUpMw`}$pFBE{pQ zA(Kb5=Hj}oTq+7v+3wSERnp(ThsxAl-3!4(DTDnYa7e`Z@61~2)}Ln=KX3BNaF%ZV zTsVkiX}+1`F@mPRMHPtUDTubrZzDv`opR&5rq1RhyR}MqFp2LARx}$@1i3qV^IW1H zp2+jV(x;@PYn}6AYda23q1^V4k2J$rm?OfJ-{a39>>rkrS(I$hV4(Sz7_xkLe>qC-M424Tw5Lt)?+AJ7W|te*g!}N&U!H z5j=kMNCD4BPMpL04feal?DB%h&4?H?)yw8*M_ai%O95H4XNSF@=j}`>Jh@MZqia`g z(m{1y?mm--DB4Lnh}Nye+V+SNDu1fV*TKX=Sr?FvoW;fNpJn*3w%V_o` zhhu0-3}uNVjD8N`%7!>o#GD80psD=2O7l2Xpm zs5mWO*q!#vnokH+!B0Dct?=Oiw@!`l;!%oWPGgt!occEj#JiY(|0^e>P z7RgOqIF4>)R#h=8M>!6G_^+GA3H*{TQ$;-x8m><@;eVS{DWVonba=rCqB!A)cih(T z`eNbPTF?^vvgH8%!;6O-OQK01O^h(Vx*YX^z%z+Ow~S`K4)-iKrn6B`KTL`r0U79C z_uZtvRArbld0Az}q~*3p;>P6y?LH3q0lfG{))}iJrqO;|-jMy8Z^v(Ox!Afj3~58a zzo$#VY16jb>4#Mjm5S}i(ko+rMP*sxAyF{Ab)HNQ zNqnCer8aWAT0riwBj#K+jQFK>FXXRYLFi<<7ON&WTY{OB;vX|#XmZyr^ag7pPd0GL z`XW-#J~&LkCl5!s$u!y`luh8$MZB03svLi75EMS5hr~v{y{w5@Ale^4N+Lp6q*H~ zTSjN2bY>4>?!D1Gs?$1%bkF%&jEUk@zrmkOf^5DQbLGTccshNLr$Dz$G<{>#O?6=E z-IZ08?l^7Pws`rK@30c4>0(dJi|350?|7n1V+@ zY7G&D(W02cUt*HSebZ~neB!POA)AiqYm(VqSlNIB@(osBg(y$F$)?x2=_2cWTQw*z zcvynS)}Pl@U-x*Y3_q^`a@`?BZ}&dD{w^%-bMw6%9_AQIxguqS4N+#MCHz|+0=WMePioT*QGC_jPJT#Mw%M=-XfOs9U* z^6mc4=pCKjgswgZ_4@)M;ZIvT%b)_ZxvlqKa6larJBn5IB59oHb1jDW*MWdQ4_h3& z`O@49+`XhzX7|qMlP2CC_v=xHD=a<^H+~pT-V7b4z*Iz2^ADRQO zWtu$&QMQT1dqGcuiT&kn0~sG0SMa}FbE{be4D@>{HR;XmUQ9r3o)etyv$b~rekpM{ z_K&OCpIl)M&a$T5hHDDj`M65l2yu&MGF!B6hIWI} z*^Jf^=Xt~Hn`l*y?nq^rXtjDQk^X^cvc*ivcUtXq{52<*P>V=-zwd@7w7c%hmAEM0 zCkJW0C>qf*9?WkdzueH_WKKO)+dvN*ZQcw8L4GLFwTB;X#-NqJ0|h{|I0*wDOzE~c z@FW;`Uh6eHvfpA7e<`uHWU?;`YjZDvF>SV($mB=7m`IUlPBQ+`>qyr@Yd%GqTww?g zi!iX}V_n-&t8mO6wr7e`gjV);Q)(+A_@J(MWfe?z^JN}4Wqxt@`orBP-4dI!H`4qODkXoaLXu2#%#j?KTC)>m4cm-8InfZtOto~wo zG!#H?7Yn5v{q16{z$prK-HZGIx+1*@<2@k!CV13@F39}Pg_5thGyKGd2Ioc7{*19d zRQGzakA{rH7;Vg>$TDj><2VXmQ4w8q&;wY8_&}V?H(c*2`tWz)ME~204ibb7v34Y9$-Ux)AT%J8)y8zv zg)J4&FhBhK<%Kmad1+mr`~=#k+*Him4+r-)pz5^=Z??#ju^F*z zB(U@bQw`1amoY8!XV5o;H|lK3lwML`-+z77!pj#2?&bf?JjoN8J!emZ-d0u!8!DcA z%36-@CM4VDWPbK2P`R}-^S<0`&sWM6Td86-XEFgtH&V+%!&>uA zzjMZCm@;ZuM*XXaSLft2mi)yPR5_(@^RM&3g!IeEX)}ri(c+UT)YhJ;$ybJRO_d7L zpDJV5uH55+Bx~IPI>b!wKYSdR?*K{KeE=|&t=kVdJZfqd2A3X0lzypPYG5Sqwi#eQ zMSdJ^guS?t~ZM7&)@u!tn$?Li+~Eph}Ydkv6_r< z54*P$mhty2AB1-c5OWoCj<6&U?F2a1*l>;Q5CTg!7giV+k&dtqe*etFCFo=FqB#zn zTVF~MR(Y_;8Y~pS;ApHcY-M5g+Rkj%zVepv#=5E2z={kV5 z{ip%QC!|@d@?SN;^&KE=D}E$%+h=*(NaQ)Aov4%tw(MuB`u@IE;oFaj(Zd7_1Gj@M zSW61Sc+=|50(_s8K?mqK+wAV&?++%5yh3WfL9?B6=d~mptanQDe`zP~V>4=pWR%)^ zW8ypIaqVJ9fkGt$KiQe-PwEXA!>C*0)yu)mTJ;$8)nhH(hzJuiUYarss#x;Za*>T) z8!)_PioN&&7E1*QZs-I+3u+cvPe<22En%c&*Xr2`b)Mntf}D`;Pf)a3FK)gV`xZ)V zeQXC@;en;T;JaWk#n-KGdkMBRAhPkLd{Q6vlj5OyC8SV=d%3GS&G9vDlvQP{ZpSK^ zisN8Uy^I+6m##T{sH~sY)WznSmuchsX?MPUMAa7UD^goytgv{KBB^d~8>d^JWt7F} zzg0)C3m9}ua(6gQbYxiG>-*MrTpt2&IiePhvy~=T8{5-3y2Ixoixqo$cz<%skp{>C z+t{z9vid*;khYEN>QBPIB^ki`HvLpS_HSXWX!z2a8MTWD*80P(CP!5khM)ym{Ne)1UYY3;P6oZX(;khl2*$80l#$1?-(43kN18(`9EKBhdb-}svEb7kjg^gT zXZh)Y-c@1|kei;oT?Y%crB{Zw4Fw5r$XTwSt6{>5-eF10*26O7E;cO!Qg&%%Zn-X5Ro{704L_7&N?ex)NJ~* z6Lcm(HxyWy*-{7Tm%639?Y5%vbOyBNy_B`xDARxn6nQ@nrBo;{V2-fH1vMGdZ0r8_ zAFP4u7{(2L{2$|(t{}#SP{o66GR2#;vq`Q-b)eT~E4GFnJD{qR38x&0>M1L14GFA1w>eG|X=g_F+I#s)dQTwh^?S1Tg;ghR`e^rF`H zad#iWN?*q{O9O9>$RLQrf|~Mx45|Z!AI~H%Gb1F5)sIS-I6r`=nZM4JcS$Zcb{2-+ zQVCF#If~E|KnTA6)Y-Ijem?Qi+v(4{+xXjKd{;s_l%Eb@kjvUZQs<45a8{>b_1S%m zn$yRpmqHXwF6&nA9^>7~i$ng*6Xmn3dtPb-5j%|{>k@Ef>3iv0Qxzx3q=D46*e!!l z`##3ikr99S!#ixbJ8Axp5ts4on;K&2)!&V_3_5sXeG_{?RU<>M@XB3WQXDrf_EZ9k z+}Fz{5DIrX_NhAc>qhfDWxjqx17Z4f zji@or(8aKUX_WX_Os#L8wr{1;@02N5&2b!$%~Jr%ur^v9wW>;H*ewKiRSA&95g9)e z!iFfu<|8(5kG3OmzMOS6IES4H6k?f0eB78)>|5lSH%Tyv2EVU5bbM`m>1=a$JY$85 zT=i*gxWL?!(EdD9=KWGj$ZxqkBRs?G*&Zd;RYnE%T5BT}Q_ASpOrm!hx z>P24uX#Vwa?ly4S&4-thox{@Em#`rKzhm5eb5SSB+@Wj8`thy5Kh61Vlp80n2xaJz zGKoY>Y|QhAYB1eo`9j0s8Iw-6P5WeOD4kM0`A1GWnGaFuBVCTke4rO#ywo zoF#&_cU^Uv$zQVA!!X77N*@m(G~6GctJaj&C+Bi)e{+uiCRhBf?|`Gq^19Kes>v`Y zz(szOlm*J+Nt?0B01?c(aq$&CmRh@U_8CagkICvf zyd9C`)@QD!F!ks{s7G!W1~Qs!7YJ^7b@XsI98Y6#58odx?=)z}5x=bg{~xur?C33? z?)#D@+_&}qj&odm`&gZ?b?WmNAaMWpXxi{PmccV#d}f53IyGOzhcB9mi~$6Vnxb?X zt_T`Q=?YC953YxAHWhpd5-N6w)o*S^V}rEk^O0t~YKU=6mp*k{=SQ)m{}){GAbR93 zzSciwiCfWu_||x1rVCx$=tkQth=i-)qVjI$1KZl6&X7l-WxVZ0 zS3QdUM~{{x*7x2o>PQ#*vImDFH6*a?mWu7VZ&61*NhewVuP{qkU(c1LD)us@bTxj* zD|Di`wde6u)`%kg>1pT-^JItt5CfoJ@`R_m{d+)t_Ce^3B4I@P(bsHNW^UZ;$}>~f z8G}C}t8Cr|6~}7{uz4W9w#i<|2CFW(Cwa-Ae^i%V73)E*uL9+=VG4fmDqiJAjL2^aX!ix*Vj=1%F_Xa$UHOW% zU0iEXL}=+RrLy?{o3Je8!G5S9iv1+Ood*l|4Nh8O;}~H!08-fC!F-fkVBva0>wE`o zQ0%{Oe;gbfkcXqP^qXhv>4B;hhWp4^Mg{4Y$(*+Y&Q^$OIiBJBd;O710EzxxWG5~5 zd`i2z{hvk<$B{@A`m;l_KYWHb4y@K>51BpMQAZx+uBpHOA&%)UjB321D$F?vQCb^; zcn*LCPAe~GDW4s3{fUv0=YVc}Hh9_4Z3l4MUlt9ZgLHtl3uLM!1DUrKJ!U4?YznOI zZd(lypnLz(O(;s^Hcv2+I|@oY-?T|Yp3nlD3@(hv>%>nF&*Z)+p3?!_nNzqg!L=$J zCNzG$$unhF;3+za+RTZM-qH6aVFd{%T+Jz9u2<7X+a_?7sutBUZ#I@ zk*KbAAW_EmYjreMo9sVC1}}tzXx#3)KXvfiQ-C%Zc|h|(peynrYg$&%Q8YLHTf6XA zbNMU2gd^GxehLT}aB+WS)3fD98pr*%scggMB4Vz<> zLsJxyy~Mn-W7Md~k!EYZ<+)4VzBTrRTA%bjocgfXsHHMWnK}+1B*E{k63AZyw#obB zvdE1vp6rnywn7#WS*{ow&VC4SE7-v)+Xv^$KzL!W;r^s7_X9VfA~vEg)1g5P#JA>9 z;S@S#cg8C=Yf{|d(Ya;2@+PM>k>{3`2WNIZ4Cw#z4gYB)hUPB2>9x8P=9aMFzK1Vk^ z@vfFJ@c^S8emeJ-}WKk3*4dUa}dkp0xo(YeEpe^Bf`TB ze&9CHDs_)spQ5Puyd533x2L%%%n+j}!AlD85db!@SSP(p(J+^D{FtS+ruBYdA!Y}U zqsW|D)zH`g;b{q7r(KN1uc;11KTY%UXLJUy(h!M$U!Vs5NSjkA`v7u$^M(^}S3XZ>xm%!!xFqo05czOCLkihGirwWcyQ}+)Z-DSIW z8g4pVvq*=wssWKw(`mWd)X9PU1d=r`PDc^0Vksw{BkSI`B*`pBU&u1N_U4vU! z?tAxHzk5gb=s(?K^bZDAyUy8X?|s&pYtFg$2~|~=#lj%P00013a_`@%0|3t?0RSYo z7tata;p%v+h<`{f>avo6@=@|##Fyt*5=s&PKvmSsds7s|cl1y1^;`e|?Cw8*NPUil zU;u!3Sni#Krl-+iIu3MsI$>4Tp00tVP)my?_xWMHocy#Bi?mjQ4dWg|Ldx=VJzi09 zu@>Q>yH!!N&Ks3P{J?KNHQiDJ3xlYYCmT?7o||SJFc8sGTZ;C;f0Ce?te0W$Ct&ra%?p2Q84~~)XOn>^ zA^`xT&w|wPJn{D2#l_|PfqwO<(hM=#QqXHk zq}M_W9!pMrO)lHMIYF*+pB-IcDbVzQd&tl`udOYy$M2~tys!cAup0xP;pJaZ_D{F3 zpOTMJ0iX3Mv*pY5;qC`>r&&0Dg~i~tcn%Lg!RVs?xxC}n ziL;}jgZ@;piGZWlC;;Gd5sxqszgWIL8-lJ8TgBf|Po?j?>39!MpkeBG%;Q-R{aVzo z>-eK#Onmm~t6H^Eo3tw?z(jjk6aGbVK;{RRsSx*;*1=3cX1g05MQS;8;2Otw$rD2G z9Pk-Exeki1HXt*_Wy-?6rTI?N&TD>Gw}^4uSa{*73}+7KiNkMOwn6++vq+s4)w-Gc zlF_G}oASc8>9y}MPWhAdb>nHZN5JpflNO#N-}!pldiq8nV@L^a7h?_pKul~)Wge(e zjmxVDgFw@7CMt#^R*Q92gRfQ}p@-G2UO(e>zN&0&==h&E@B5$YaJ2jmV;!EAKr9wX zw8r3Ers#$7s$(^AJ7V}~;i3k|6UMi5mIh<~8`npNvcp!9!Q)~sEdxr}j04CrsDQ?= zdSt-3?aC|No|Ez{MF}`JVaW~*KTPR$%a!y~YKgdyWx;gTH$qla0#D#e<5SP=y!_M7 z!>Fh4ZY?ST+vPj#-m>?b$#<2LO5@@V$@-})PyVN#eKGbl-;yy9p<{{#X7f+n$rzAP zs~)fz4wcueqQd{-v{xSWUc)bpv5~w2u}1NpK!y7*-c`@}D|9q58#>k}&6E4~5r%QW zGWDk8AehQ4{)@}QefzV>?e>$Q`A)?BwVL79z8AB5N1v(-?+S6I2;`V1U_LJ+QC+hb z_AT^$R8e{C47>rTiTbc#N>)e`y9SV(Y*~p*++QO*E_ke0c90Aa5&{5hJPB2j-Q+n; z^SRtx;;&i{mXDCdLhe5HTJVcFh|#$|ixvL~?#R>!eS0?m`*j~Lbl>@f6dBAf8x-qsex*fvN$WNb`FD2tIej|s^WU9d6+4SLFtzRd zoE8ZUJrO-|q7PQMx-Y(2kbP9@RS38!|NV4kn%T~0zYq`M;^B*oc^s<+08G-kVxUb= zWW9S8vG*YnkHRP7p7IY`a~F3;zM~j1>P3XeZwP?~Mq)MFEOGw5j5sjdu@3j&3bX!G z{vkgSTQ3!4jfXO-d?S9VSzZTB4vIq&kIBUdSj8NH0*E+(@|EgM>sWTB-4y8Q{iFrw&(iesK> zW1;{)C&J#tg;IV}$XHa z0%;Yd2$h@w&e=v(z>2Tm9=^~{2~j!M-&s{xNfAO|BERM38wP%VpQo$xZzwWkG-_gO z92#1f5mfqWCfNn=xYJG=!xCHVs$-!RhDGTN_WOeP0Kg0({s644vtZH3?s)>P+=~wU z{jZQ$nv!w3gO*mCEE#w@;$*$ikF5m zMvpl2Rg>}c7EbT=t%u6v2r~RyTqV=@ia&q~j=bvk=t#i@*U9vMl;6JzD#&~i zo;lwv$P8Hh>xmKmpu+jE90Z?pvD-zSX}p@7SQYlvhWbRdom{=JhLV z8~~13y&HY`S_lk%x|w?UbUpq=xE>&K(f7IvzMXly9^kyg3p(=Mn-cdMCTS4&+RK?a zZz@oJXuepw+$ajTYy>&nTowg9&Sic*UCp?E)QTco@9@35ds;iy>AfCX6?@>sAzK%x z5Phg9wOVXYc_Q1tiIP=$T66@iLl~6f4J%ie>yVY3_l%UG`dZv zh0i%}^acd)s|9+a0qFQr>U3(D%rtpD(bbvW zU7lbnpfV;kPl`}<7WNRNeY}0He@|av;MB@FkWy`e;}?DQ4||B2rM{|jVDC}W8(pV z2L`(ErHHcFq(NZ4!8HOYqGC235O{a+8IcrG4Vw)J>@`F~EJf7H<^ux1?3Z~Z#TRUc z1$yjyztXx5i8Hzp`v}2GS3@#T(?^7bEq-hW+~dnXq57)VnBu{r+L<)T6o_WXT|ol zkKIID{g6Wy&g|vF6Qc3;sB?v=b;I21_14d}%MrP&1r7g-w)th-0Pxj9W{poo!9QU} z|9~+4y*UWdwE1v#w$@wnBWV?m9|V=?R&-(neAf?zB9TOcKFc7u7iK@n+Z;O*pn-ly zrh(CKtX?xm2Z#2K4TCQAfOehGpm1_9<~KFIFVKtar0uP)lI`@2-j)0NR-)?pp}Eub zzN>@z8uLEvn~J%Wm-}RYJ9cmqrc*81{oIRmpMBxUvyaW_NEu)Z# z21AJ>e=IXD)@NX~S_T{ykFR*Xpp(g?HuBV9&Q7s|rx)5Dt+$v_(RP`F&u%)D$bNTq zob+^i*%gQrcriH0omk#z$h66lLi91YOwpd2!K_GvHzy#w+u&g2%G;Z=YT;xTsWkRM zfnO}(a=+aPcR+VZ{fx-HaJd}2WqvBZ1je$Uesta)g5xuwuRB+7zqr!oQ_*rHv?>Fi z5nbinVF|?19DD(vtBK=Iv$-zb&NG|vH)x9AI8Upz#+jI zm4EAWP-`&-^6$G)hHNREoo0;Euua13vNW?>$#lWwaha+Z2Ltk~u(3FBP;S9EO)? zsob{!%mU*8*Qbey_NvzVxR=`w;=d`q2!tQ^{8lWQ`oY6T1+^~AI3cG&es!U!DIC%} zOGKlY;;+S}*)rfg$7UwW)fhk?g|{ECUFf_w_lAU!zE*#t5g)tOs9;In zn;)6epf62H$V5A>U|Cj@$Iy}Ww%rjCSM9Z**#!X`K{Wa};!ifSt;cg(6Zi0evU1@3 z33q*d>q*y39b><`oy5mwn5S}@z%N>pHtu}rz~S<$Co8|#wxZz*i>)gK1eUL0yZ9zh zH4noqIC`fvapGNoApWkZJ+Db5@J%;L@5j!(j~c5KZ{hjF;hgP_es}J7n3k^$MA~s?K!|8*D!WU(X65%hz1#qb zUkB;C1}bH#8%uuT##nrnAD2&$yCR>XsbG^WK8@S6D45Sir7ASipKtUVt=qMy-!9)d zrHf!hHoTei^QTMMu@&bXChBKO!aZ*cimv)&@WfOQBK@RJLiVsdnw;Yl`nv?#~! z`e_Ph6+45Zv^p?7TgvG;W^^v8{lSPmFVtTY%g=KeiEu*CQ>igEY+n_ZTa$|OwLYFI z5ZUBrlRwH~H6XNqPQj7$NP$!El8YXZbspP@)^5MW_~7#=AK;`e^#pS|HaIh-94jQ^8T{5$ad zuj$Hvd^BnP^>(=D>Du)8kmGu&1pJ$6ej`4>g#GV$i6EJ%e}g&*l>K6R8xNsNk2480 z8X9)Uq=2G$GmQTVstOAhy!J|T^knWB9~wXX`q>$TK*1G+Ue#$oOW?5@y~c)#{_W7W zK>YkNPGr~~mt*TG{PJ*-m;e!T7g9K)8!e`A#N{HYK^BUFJ!hG`w`jGI=3Z6X6nxV9 zZSA2k+HB@&;nbr|>J%DGScQANQT+DD*(zV1FubtCNiXj@p6*{;nTuGo#oyf&40lad*JIW&aL?Gq6I;y1C=A>3H z@E5O2&h)^A#I|JJjMB#N&LFgOYxK;A1FNgUMaC$z@+P-^?bpw1!13u+#1*qcM5-T@ zf513+SWffvG^hD&zrJu+MAl>grCkV=R1*vQ?M*wgi$uTRb( z?0{*JvbKiKNOQ#1jkcC?W~3`y2a62R^@VQ+#_&P^Xu5D4n4OJW$o0KQyQve1OGA4F z{nx@??<@OFg2_oehKU44$KI1hHacq0Tkl_bc6BF6b$e_>a{_V=AXE1X@FLk6n$8>3 zU+b4szykXcPugQ77%AhJSmXJ)&#{2(=0J_{c{vudxh3&UV$*BP1qJ`vGwRXby_BtvhBCi72X3F+(ZHVm!T@YUA^BG^_&=UgR>IfzX?)nd1SFR zda+NpFaJ_Xiwni9qwn?}0|R+#5Zsj2kzyySXvrroRcPJiTTX-OP5Ta6adda~^>T-6 zjw2iA(?(a*B2JquWp8AMcczCP9~9b@`NU>=r#HNE-qW_D+A`%M`IhZfL$1@Mq-F83 zMlUXH%>a`Q7mu*>)^PImQ01D`XUY;xbW`+o??Q=}vwoQge{Xf-S;?5=*HqpmgS^W5a(ca*Q{yZv9=;)f|$6fN>8 zs{(rdh9>6ybHf83CyJgsSs`f-yQ>lQ^VOS6O)g^3EC(=zJ6F?FZvE zAKs~VFkbnP;dX7b-6u0>*KV*&Wvtz@S~wdsX()`Mow}E0W5gYq^u0Iiee*HO0buTQ zRHox7e9aM4-o3hdI#*=S+jzGV5^#B*d3yxl=EIvON(ahDQ7$*TmEd!E3B+x4y|Ei1 zX~!Q#p|bahi+nWc_kn8i`*^*I>+|w4;Jh{m!k2%U|90Nqw|UiFXAowZ4gE5& z6=z;i&q}BTgS9Ib7nYDzqXSA~Ys9@TXONS^Kl^R{^7xt?T6u$wg1G1=Q7~5DN&0xx z1vXo~~S?5;c{=NuD1cBd~;wrz; z-$4oiv&etQ76MbV2!Y6-pZ(tss!%99``8#e=dDbqnIp%90tha;YJA2%rXC>X;Z80% zk$xes#{Xp?yhqKPzm(?>kDY(TJ(Fpik@~VC!vhtnOTRguT|1Xb>>RvzO_w!GmMz*1 zW^;u}`2Cf|eL2WlA#(B^*<;0P8-Xsby*6Ubx5w`O4#e>VpbBsv1US$1g@rj3gb|EK zxPP@70O~HBTjM$fO2gwt8z&IxSJAYUg3^oNbMNMS`G*mi1i_IJ$$(>Qgfm?6_g13I z2#YlQm7lhHZTVb=bUF>?qOh*tAnr%*{9&ZvKO`d8_IzvP57;9Jq2W1%%;9IUojoE5 z??bvF2hJ7H52rtPP%CPxLi1!w1!qKfs*!SIu!v_LzfSI`I#kNNa3QJN+8Yhkyi&;1 zWowtpHyKqgsNOYN&YBr5E8^Qi=dY26W{R9`Ox`p|>94-Ci!Z1`nksj6ZN74q?;Tta zYSZuk){O;H6hzh<`!rLc0ZMK03k2;ZWhJVFXRBacXfTH=VHwaWHuxx;jd151bizH5gBN@?C3|kv z{n<)`q(H_6FjRVmZtT-LuNPwP>BDzlNaWFu zDp^JJ57gisiTqv>#y0diJD6>?T_1u8KkX_e;}P;lu9O2$#7ey+9Kb*Pi9aqI>2`&%j*Ue1wOC{mI=`V@-3|Gg2qGn*NDfO?xuAg+} zs8xD}f1ltQW^vIBwkGis0aEf%?_M5X9$kAJ){j|Od}bD?G)y-b~g@iCFD zzRKYR$&X|~!$8fP0-K_d_RzCIcyi{|*Ihg_%d*L9 zUla{CH!F)Esj;D^ct*P5tA!0o;oLmeX}v$Z^2oUP2Y+Hxfb*}V!;lr)D6>A}wy_pA zM3`YZm(%R!Zf-Y-OfTcJWq9)PXg&}`b0lqt-TUq_Jyb~TLlFZ^GRxO2>YbRcjB85C)iKl)v=~_zv$H{W9)vA)*n}|3A zLmp?f{<+)jKJmw@7qG9|r!64L-WezetazDWuXFXyC7;7_y58f6tLKfO{^C*o&y=FT z)7$7BHic<3*Ig5B3mG&S;RF!u7Ff=SidAvELhQrPBhyoix-b9f|%-rU$4aM?}5 zy$gHZPNMil@7qx$wpS5d^@V%ww5*2Y(qD^vcP6NfR??|q{bo$|spC8Kogf~~Aw~QO z2GcTuFO-5~k@eCS(!$C`Gt9@Pu^+>P)W??Qc45z)6Tr!{@&zoANU0HaGG~BQ!0&@H zG!9~z9mRx2&Ei^t|%lu>T_vvZl)Dt-Zp@yeKn`*MOTq>U8~p{Nj^&xN88uq(_zuqs{J$d4{*6gM%&PbccC=^! z&;P5NMHy3-YbZ0hb*IoiO&v~waJ~HBCrrB>Ej5KudRr$+W7^#QCvFf7LC<@G6<6G# z1y{}xLCBsNl-@*kgUHw7NB^eOz;;ev4*q(sdHf9@1{Gve0;N_&m1EE9nGzfm2J?L$ zeN;r3gW%q@e>i{ z4xx3j0ju$A`PeV+W{Qnu0G?!xBo=IP(RVjOVs9*}CSJr}vF6GDfHvvju9kfSN;I|s}N`b5MAboFSh5M0Noj)-V9L)2%j2Yt0Nll7JgM&Ioo z_@U##3TM*&OUWX?IKCV$2bRx()Q8q<%Xz)6yN86C=ijB_2%CwcX(P5gHWXs$f3s=O z;Baw>O`HIoPyK2ey11GIolFJIT>By10T3# z-lZXgZ*`Y)rL8P`aHIATA&w3|2iE#;TvI~bOqJ?QGZ3KCHDTCBw_^6;)@aQvy6Q_T zUVs6faRssT07|O1V%+3x+w#WM8#fQUTnlINWZ`d?xSks^vVZzlZ1#OM92?^<**vwy zeHUIbtO(DZT&x<)Mg~xQORyur!sly+mLc6>+0-=@qziipEl+fiwfv!3{KGI@56Q;X zJ??#0F-3T7i5=409_IOFk5$ny2zviqE{u`KPh9`-a2MgABJOEK2OYjt%G&Q`E_2Ai zmtLdR?9-1WL!}khTtJ@VUrxhQa!7z^T6sQ31MqV!{OBsgO;+FLk@R~CbSJ6DFWnJX zo35V~^96{eK!fR0`*cJA5boP!jXzEdfkzk9yEf#{=zmNOTUPTkT}T*`A{qkKDp9%f z#Zotrr9T(_g^(LFmo}JyeANG7$^7vr{@??c@#NpV=Kr=B_YZ1x|A)L5U4Dhpsw>237wZaij5Rr`r{Pujv#pT!Zxw1l$iW^~SB$Ptf-EJ&HRM_LF z_380W1wqK$0Dwx!o4Yq#32c*GQXHztns(|ypZ&6i_Um3wj*TUs<2GWB4=1>Y!x-MM zn1>I!oDb1RwKZ+3N7PDs5#rCL^@Z!dnCO(w&f##sT5^esKnJFb&L;#5XCX2xzF50 zb+Q9$zRhQ2=G|b$6~97SovuxbAMA)T*c+B;R7?=|Z@MEV+cg!UvWCx>4fT@HKky31 z!+NPt7;ldP3~wjJ5jpvsRC>ak{WaN<7Ev6v9fHJzO5O$H)7pGtWI0z&9Dv0N;1l_! z%X0O`(8{(V+z|xy$ci9JsNWZR;qjn6In*45qw`Lq(>Gf*?B{Jpz8K-kS+v&Mqv?x( zBy<_VDnRI$Pl!52C7+!tFcpMwhFfm;N~9ZpAH&NLLW$VOv-5A${|qg|Q!Bj|^^y2} zkf399>W4T*8xcMKxnlc&7!Cil8vGCXu5kh%Bwno!g%ficwd#A__+0haF#*qs5JgqT z=qe1vTD)bYGABelC!e+7!dd!8< zTpS@cVXC9|G`5r&r zBQ7oPOEYWc<`1TA@j>(i5_D!BBui9o?JQHE!NVbIYVaEfGn}rWFu`grriy?wf?3Wk z_%!mPwQJh%Z-pCUG`XNi^`Ydwi|R>WahY$Ttoiu8a3NA}d|C_-65JBuu#aUvG&@q6 zYrzGW9fp);+`6N@Uk|QNxt5X$xNzzDiiMjtWXU%B|7?4mK zFqVOW!tdYdNnX~DPW0EPA%`&wnvbL;54z6rs5vIbjmd{Uag>0Uly`6+GAt#5pGET`PKYpr!}2H zC->z9F)9hyFI-h=^15PE1}6-$_q{0&AvlAvZQX8qw5}nsdY*Qe0%%T4x;0cc!nmEd zeJ{>gPsIxh%@qe0fG=<4i&dIqlZ)vj+ujZnb`vK&PBBHIm<*~M>CF5-=r?PDywRH0rQ+)R2ECODoPR-F;ViI&}AVc#_7&Yi-Hl%HG>Daaw40Be{-8ik-5^!>GuFef+oO;F&h#%(c;kCPVJ-eAIVM+t zV$5R`U)l_cg&eSL7^ZdFSB(LaSx*!=~gP;mu*OyTo)hau8i1W{*&j5|hgQ$$Qi|?B>CYfH>6f`z8 zcI{GsLA7)@5djeT*2-3PaY^UH`>|D|;qcWEQyF~bAL{}&yNT8e} zPwo+B*KfIUDm`WDrP#Rq242qe+DcP}5yoXTl^Yp;`qB ziBfU}#;9_Q9>Ucr{11hfCAe-%+d3Mbz|^+_N+B7(-%3@<%`LvF?P}`(kg&lnWn;Gqg^D?>*Cl8 zy4pqQFviSWY-X350W=}PFPgcNyzxbtV(f_N?Q6jgl$jobi>3^W86G(YQCFWed)ZLP z3_%Y9v$dS0!(yExi>l}Rta_ET3W%)USD}Wgcf$_Gi`FE6h}2o9ep`Db6pw;RxiLo& z3^9w;8*33404WuUeRtKC>9rWmA5ze!G8~C-oKVbL6bRX|XZcyAWZIgXNZ&o|Y9jJr zvyd>sG8%1$HKDE)M9b`liWW8C&mO zC(uk=XmW5aUryIh8wT_yFfCB?4WTn_j|&7HMS}*v36w^L*LT?a41!Q2fjg*R*(S3` zlffE(SQV;Vrzzm{i$@0)%`|#E{-nKe+nW43Mo^SeFnvv0QSD208)?2=)zmH+54!^7 zh-Nq|O==ypS?a*<6}3CD(@dh=ZnjX5YQ3=QGworL;f){_TySaE&p4WWCd2T`iOpNj z`xL0bTVp|szAw&LQSX{Mhtn{#nrkPW(O;9JB%xpC57Q`$_a1V=0dpD$FHG z7q&dm)T)1iS)@e8K3QjCq#j>sB)`f}gvcGY zP!kUc%CdM#l1M3WM{+X5l{uKRBEJibjDuEgwcHlq`w6Y!t*yQ{0F&oV)YtT^F)~HwXp=f><;$f4vw*;_anysTKqV z(zYfcdv-Kx7(toiu(C8(x=|tq;M*k%VGRkB-sZ|AYQy6dMcaBBcuEy6y907LHQXP( z2rV>3y`oHVSUH}Iqj37ypQFoT?^1A2erwpHmF9mJ#*Oj}u9YmQJ%Og#mCYH21H=~p zFqkm<)>(TEvsjhSpGp92YATc2^-QbWi!-Y8ZlqSz$Sn~9b0}E5?fp&PtsC?6EE*&p`BDn{!vw7gZehur7EY*y29c)dwgNqJ(aKQ|GsE7^O_tUa zH1;)+bGi_8EdSK47ZzsnwRMx+oj(z~ZnQ}J)t4;7bkx{uD%sZ0pb`V+9LrUzgo9?> zGWDVNgA?M;WQw|0X1L3j$l&$H$1qm4;gYm`>RVSUdM=k;2viRaw<&D&{aBPk&XUNA zhFLHOTei0zQb@Ym$`Py`Tl9iC=CLHc(#W-ntJgg5(W6{>!HU>;iZLlg=DLWZ>SQ66 zMBf}qXvwn7(0=b9(iqaOYmc!$T5FxO4B44XPxwBp)nj>1WabgZ8p+|dqaN7f=8R(V zMT6e*O1A2=3OA@-JRbcRVr^T%_3I~oAR;CG%IzoI&qHj-{6Jxq!fG?pcr;O0H#?c~ zLlxEt<$jA_@=_0EOz%z_va2cHfi7mq?PpdkvUY<0gFDYqwU(v)OGeTzw$?=3`=ra9 zUdd^JpfI-|A3yNqvJk9Gs;LM7^@=2#h<07$s{Qec2b1gVMt_2WHs?X&HA>o~V>(lL z5wr6`hA0MU7+UAGlX+#0+)M8#2-D`rQJt>at+hTlVGo{NJMqvt_A4$Egp0_<L z&e`<50G{`?JZ??aw%dECnKX!em!K@~&wRjJ>%-|wDE2`>qC8#d!Q}%;qMzg1x^Pdj z07m9CE)QyRP>i$A8MI)`)$5BCP%d6_3Z-Rm-LeP`j?+McFC+*A^=zT#ueq8~S_M`! z!yuIPDXH=;qneYKJc4Xo7VgS2tpkl>d^{!^75Si`~KwvWfDW zvaHQ5UTlUW?Z@APNdIK;xndJXiF8YCRPnW1bZ%{gSqQL30hc~QY{ebN=+{L-?B)DM z_~*d?BAuXq>QlzXrN4;Nt2>rHtq;Ci^61K~xZA9pYvJDg$^xw7`5h_+j|w1J1DZFo zlpCdlnq~(ADsd&?EKoP~1AD&Z_6zYSUa8^2y+q2#C5uL9XclXD_~X}RZttUqX2Udp2z^ zyX)~xmihtuz`T^&PJ*(M8f#zAp3R0i4lL(6)~BIQ#eK@T+^rdIV&9^}O4dJRu+2nR z?qY(hO#s$7i2O^!*t^8a>S5>S^V%e-VQHbPUVWa%(CeBCIJ6I$i5?^jvtBM$GT50( z`uE}N^F|zbx-CQf(!cdXLzYmsDOw+__v=6yEAK6x~;&3la;u+J)vZ> zeUJ90v3M_oD}G|5h~?m7SK(AF>=S$~-K+UF>2hFTus;J33=@QEDs){qSw?w#}Zt#a3~k+AE2&(|sg zMdgoSA@bN9N>^XiZ4y4D8yA_G)2xFnrZt~WCs_WtDOk!SoLuX8h6W(RN6eZ)Wl&nS zNOGM!>&3J0(rAbfIFTF3_>3wNp_rK*b$dxp1o%#XZ~zdyl>T{~|09dwfB8ZA{~i2e zpXL9-MU0N?`j6%k`Jb1Z!e9Nf9q<3LyY2MPyA9)X{Hym*NJi+tU-k>=xgy?t0LV!z KzbltC3H%>tjnA+E literal 19577 zcmdSAcT^Ma+wL11h=?c%2nbQCbVZ7Eks`g<&_wCIg&t545D<{ARHX_b^w1#!U#S8H zNJ0w%>7lm(31!FM-oNv{XTRs{b@n=Iowd#%3{Pf-S;NdT_jBE!>zY_SotHE>SZ)9S z02*~QWdi`h{VW|JMW<;C$p%Qc%-@b-Qf54$1~$;H0yqJ%BewY)^2xYmrzM5 zJqXZt5ql>p#^>>m`X7C@A@x)WU(Lv}caK+26i5h1!mKayqhNo^;aOk;+;Joik_|c8 zTnTdU$4pF^sgTd~f&9JA+4kwY%K(6zR#r^j8!UMzD|_d40N}^%kL2;q{}}#ip;o0f zgp8t4+z>-*bZN6rH2I(H<;~RzI4~0?5jImD^MZQv#7nzZt6@2xULEXLo#p#vPz$nv zX1&+P&_~MVpUOI3Sr;T3jkJkUX zCCsvk(8g!Kys*q8E~i;S=FNS|8%R=T#e2l0(4mBH$vV;Q7~Lh_i#vYpq5EGHV~(zz zgd>g>gCI%T&~+mz=*r<<=QM)T*0-n{d1Q_W?IwPY+>7-EAJ=hBk#L@Y@j!x*WJUT7 z@|{IjIX%OR-7Q1Ws3wK0%kN7a1x!~rS#k+8$BKyYhiP=2y0d*q%uO_HZguU2zU|^=scl+$ z{s4J!M%%93cIFZ7d0yW|KxybfEiMIj-Y03POurU(m<^dD&00~qzT2KY8n`&C_7BzF zlD&KuSV+Ucz6PJ2Dvs{8m{z=^Zo58WNge0FqL=(a>?D_fLfbU}3*Q&m< zm44Qk;LTX_6;?UzU7#K8rd?m~K1sS*(p^f7>EHpL+FZo9^Y4vBtuKBik(S%T`PM+5 zQcDbxd+!2VFz$OtzAQoheJbG?|NAv{^~Xma^G8?!k-iLjhSdrsf?*N3vh4$@KVm<5JwaHW zbX;;I9x*r$#zT@ArJ4QjOisobg%RpyefDLRa>CD8gU+@S)aEG(1^XK#;*7Cv8x?kN z4By@!j_Sq4(K)BtF2Wa?-^asLC?7s|DY;a$K-|HzeGxGb-o6Oq=#>{CPgh`*QpZEb z0icZ$bsPZj)pv*m6u^>bB6JTz+Tue-e+ z;OMZuLQZu0Z}Q#F*}FVR%sAUSY8|AxlF<@P+5h!~C|beV>XW?LX6|7d_BL?e?kR)rCC;Pe0F~qqhgf>lfrggJ2KY zc+$L_Z*vhZ`{!=Ce&is?`Fpevd3`?GsvfT*I@>E-y zU7Pd9q=8@AR-q@ej*GcKnYm@C#q4=;ZCWMCHwe2HvlO3y(i9rH9Cm`jUHCRv8fA!B zoyCC`JXa*G4|&$WgMJ$m5<&Y=R~s1;4A-tD!RC7g3#I`8Drl^-68*Pl-E}Vk01`Yy zO3-64guKGQ6JA{f0A5`uivmFO|2#B#a*yrP*_V%YUA^a5&^C*|wcn&Lx2oTo-2eUV zjG4KWZ|dmNj95l;pT#;`i+a!NE2|-d)-u=95Ft@oly~bn>CG6`@rlc0#O9cDl6s{6 z74nMalpc{BT@bQJo)ZI$b~}MM^CRUKBMw2a_tPS4Zu+Ip>@RB02;8CE%81MsN#k9~ zq%*jjjoXpWj)B_kZw64lE4w3kww~8gB#lVj?&!02dcfGjp{Ug`u!OPX%=A3eCD$^R zM*hy#-`YnXEE#C8TZn|WZag!i=8+Med`P)n`7=$4GCze)Mq)6PV9EA5+`!*5xNIYE zFK>x2DyZLlFB@&{xc;T~=Osgw-LRV$xoZf-!k@O$auEl8#*VhX^g56MJB+qVVsL|_s^I?~)=f6C+yx#HN zP)~7UHTF}N>c}hQfqNgzWJ%S8L~%^V|=!3PZH16-0#YXU&N+P+gr!L zO!nDQvMWP0gv&C5hgyFxM2Fy57rB|Nmx%2avnN|e{jAnL-z=A`s|4&?F243nFBBV7 z62gb0dR~QkW=8rTfO?sSG<)(2xdE+GR}Ch;cch!Q%Gi9IH=>k$cIF&xZqPTJG`rNn)mv7v zsIZRrJm%N@`)GI%jUAY*h!jD4c|-~vjXUSMQ$6WtJdMNGl zON3R)`NXPw5j=IshQ&`g%S8(6!u;B*V%k%e2%Cl^1KdqUQL_9=M|-*dkM|9OVJR zq9wVb$~xx6G3~e6BqVBApAkXB14EKHL7OwYDdY$ZvsjvPtvU=xVG!rw=CzXSP|4~F zzmQ6g!p_3VxMt3lp~hKs_SjKk(}k&lA4|Np2$2|}b@&rwSiKF5>H5H`>qC^z^*U2& zy;N~+UF=@53coK0w$isNs?c`Rsl+1Mk*9bZw>tOP-?K{Xr-B1_`lKmq$>(JKFS}Jk zC8DEa>6w>Ug|k`VSH7?tb)RqPv!|?e_E3(N<^^kPH7(ox*fprrH1n&W3zp0O()?E zQEO)GEo;-_EDC6CMX$R8@EI>ml6SFsH>Rs#l^3+kEVYzoSV3D2n)%sfY0jf* z`{U(PY`3q0htGzYrQ%-k!^vh}HMx(}M!-WFar|cmny*<}eb&htL zis~QwbHSY+;lBW@tW`|2g}@yC+?7dG)Oy|u=etQTfol6fM&^6>J~1JVf1)YPw6Q6K z6;~On-ty@PI=XP=Z6V`Y{^hSADTBDtx%TqMbOcuuu;aomO1skw-oNHLPlBhZX~qY0 z847BY^d9bCQH_zB#dj{ZL^3d3&F*Ux1`V0?X*xd=!eX77Q=F+x!J4ryBVLfzmWoPN z1ub{E^_9D4pWmi-e&e)B4i7x&_UUn+UW8j5nc+}1wh_r9=a}e;!ZCv7;!dc3aHA(x zp5R?O5Ml`(yXB$I@N`sXdTS_K(!zAcxir_o>IYQ;@04Qlm&Y?BaR;qWVb)r9z9&;u zO>+b`Ipp;ITWVgpF;OE}*bU*E2g-TC>m+BCRh?(da*=|Y zyW!$~ux82;_4@1b5Ek~Hw};C+Nz0*N^Ko)lt?ChS+`e~K7_<0i3tM~mad0CYRr4+) zxsax&cone(l+C>xaKdbvOEaulzCgzr@JiT~R6NCCUFXlbk{ghhzk7U5as=5QZ!gWhESo})`dK9V?z|F}1p*6-{xb06)_NQ1WSH1ExPSeP# z;a8Qx^`qX(EP1NE-;%s$sHQSjt+s|V+tTW1YB<^wu@XLK0WBJq;UBhVX3@WFm&h9v~%|fh?YCrrsZ|%QI$I$d^n1Sz8~X;W{c0?y_Vrm^!0r`vh4dRsBH_&+ z6BCID+}TzDh>L_@)%^llH;2gx)TXJP*}Yuf6z>zG|{R*=!)X_0vp#*gpV6e?KAs z)L7rfR2}vm=+#dNaOfv6j^3VRb*?im^{~RP7zyN}k1~BS;&Tq34-5&RoXjqUkKw*c z1JoT{2;$5NX~h%kT}Z3JtMM-eRp8{TSg8Ds+@BF1)_d6=dQs=hfV=@PO zeD$w_Q2Ku}w0iUA4MY2o{M$qO?ZkB$H9#W6in6M{a;Z3od^#0|EFVqqa{z!VN`svw zMysDr=8FHln{ddbD7^Lszn)TA*;nW}aA;-z7r2QVR6A~3;7MeajtBK}tG0`pSE?1$ z$qp!ujgE0h(@TKoygFIsVl=>|{*;e8Fu!Kx)b0ZC!c3mLY>@Pd=2tCn#EhBXb(qhPIHr#+ zV8&MI65y?Wu95r4mN6xcv1Vo`rTxdJ|D0dn+How6}ea3V)b20a9^0qF1Rb@OIW|UI-{k>WNka0sG7$5g9VH zo3--Lg`yj(AQrCa#)+p)&nt|00Ap8pi7Iy{ir&Pr!Hw$5tDJ@>H=OzC zzJ@aFJ+Dqb*@PhNig+P52sb81d*-aIUE6Q1GTc8;x+To4HQGUDF8UAisf9(w)D|f> z+7;7ls$9^!1m*HNtoVT6FarJ!gsNrjwJU4cUOmqPR(l@@u~tOYy;fa5bA{7k`H!Z) z|GK(Oo>+VhxK_y1oE7uNL{*^)F)POORA+^bxh?^@J2wkyVb)bpxZk|nI9q9bmQ{?i zkqWIFS4_Cr3Usg_jIi<4XS#bkeH$pp#T2le0dur;sH#W=-~U)(Y>)ORosv+C9H}T0 zl|x~=p^dAktd3rcOEGUmq{r)tpLX0pR@1`=nB0tqW#S!)8oFurwc|Drn~{T0X_-65 z=ces=N$haprLZv=dMQf%`} zjs4zR8vO7}{}X&|>maaNo zV-CW;Fg%D8Cgy#OgN043I)Oh=FwFi??)Fw$(GBUvWqv+VQ`%lUUN2$tCRfQpvRU9U zqI`ame__6N(k4eAG*4~w$ke(YQa^WhFJ)}>wu~*M`_>dp$Caxh(f86%tII`WTQ9yY zUe<)S2>+HbuXJA_{?47>X=^PqzqN~dGWODq$^y8&|>yU>7iJDhB zRmgL9Vzu(wMZ6EOOeDQ|J5;OVyh^HhyGFN9Nf*l@5`z5c<2>@x{W}V50Dm&&WPL%z z4CbG&vqr&I12KfFEUXkdIiEj*M^m!BTczHarN!{}!@@Kk$qQVCza-xV7uV&mICSC+qz2{wQ_7}PDI>off5cBI2P}Gbp1sJ>$Y3D3610u6UP;5HMUZMO_ncRv{zm(t&_rmt zVyu2q`H*gS$w{O2yM#XF)pCOSVt=1ayK z*<3M`seedF&X?t4%9C@0uvqlJ$zOh`K~@hxs2Z0rBt{w)=(~Sw4RnzSZorbR-HI0F z1YrD6vZA|j^etEe@#PYL6{!&>@Gp=!xAQNm_+Mzne*zc(JHs^=R#xb$JK<7=h*fxK z9r)6Z9)puEpxOT=pva2(u5snxnx`%?5*eXpld0C3C!v3DjVwZ@-f&5TDymu{$gHAL znp$+J$L46ND=phCUo2GfV+SJaS#G`;J7Wp)^*)**x4BF0REkXRyw{)JYkvOFN{&MX zgWc}Z$Ef{QP*hSw{L&~ksCjALki^ra<5|_`r})Oi(l%c!K19g&+hd_JHw{rz25#)WFIL2Dw>C>k^+wDgKBjM-1Aq)V3-)jg(;k;CG|KoZ) z6@Gd&oBqAz^Ud?Ad|IV;uUq7Gf@b{1Zc9xW&K3|-C8 zw+qV@YhME4I%1XVWU5#le~Z1a8Jj%JS4v$Y^4uDP)6^f!p7|y2*Xc+wtZBG;vdJWl za1u_|17}VvO#cUm0rhc+&UYcbAfKPf+N2o;6n;VqVap1B0UJvB+YNa%3sLmZRl=-5 z|2zDZ)gqi_@4jB;&%J4=Y4q!0f7YJ`}>-}|$-pQvzN?R|QTXK^|G<6Srg*H;P_?=Ad7;zl5gpV0~xA+mU;mh>> zFyRqiWjbD1JN;88_`uvB7v{?ZJh&ch+2bEE5fTGEWih)J)sM<{kG zV-r?h9BdyVc<3aaAt63Gk4;Qgk6p^Y9-ud9?|L?d#Me)uKFCW?ns=q5-5Q+6JVzFi z6g;drN^||QPX90=J~`$?(8Q|+ic~u-G4_?Re8tH0>&)M&%CWtLrqWSuY0>@z!}uDC z-VwGCO6;|Dw?74=xpRZ5+|2G-w`Zb!%M~s3FPLf6Yw!GQ`PS*+e=_wW&xta>N#~X< z5#zJ+%?j-Z&Z+PG{#Tx;CX_>ds5fIa%huT0X{XrN67RGQJgp2LK3i|x8AGAA^C_cL zr~Jz@rXu6tQg9mz74g!!=SzR>RD&YPZL0(1vclP#E{yuas?MO^qRS-HTFf+D_fYY7 z62+;@lb`~ZujlRj#|@6Z5&bA=La7OZUTaGgYpKYcKDC<9$?TXB-JUqSg$`%={El>f zXIKU4uwal$;GL8Fg*AMty{FMat99Xp7X#YlvAgV9AYUf1M0$ic$-Vp&X-h1*0jF+K zD;p|@Z96Q$hFj%na0~3QL2j}aG4>tznqMXCtN`Qy>taM-j^?nV*}fL<-d}+h`i)zv zSjWX-8o27+-S}BAYp{HzzUoTxi9gOwh8CK4aG3mJ@hlnq2V*gT({>%8b*&PoYjvV6 zq1TeRU!_wTb{>(L70wQK8C@Q1&bh^Q5_j5N2+Vk@GtE8^}bOvUdQ!X zMh@KT=W7ScbcYiy9?1w?13;(xb`B`#myKUK5H+rT8A^Eif9L zkoF2bp;O>G>n~dsk{e>H;V62)s$K|LwDECcb;<+Dt;uRykMC$+9!qM&$!C+18aXl3Et2a5Kl=!Y zMtc6JOh4ST7HNLVqORGwTWzw3^g73?=D0LK%8UZK!FS>^W>Ha-pE3$oef$p9N+yaJ ze^8DdJ6fasWMT)0qgN=})f(4U&le-?z-_{oEv^|q&CT2z!h1D@SkWn0--U=aKbKb6 z+`_rH>?d1wv}|ncQC1}N4bfV2D?9^bVA?iB78@mPY$2v2>i0ih&f4hy2by$j9B2JR zH6qR$`H%lEDQf-L`SSYkb&9dwwcZ$5fq}wCsStkuk#>Wm_dwAwHdW8>| z)`f2&z>W^tuC}V;B6n@;=P6jeDRy62YC=9Airr1{sPY&AX^ej&-H(fZU(Ida6$mB` zs?3ggT~ua(T1GUWwCfGbu!0ItpFeDvbF1yReZ-^Ee4@b@(s1wM`bAbMiJkOb_F!CS zua?P5Fq05E9u2bMC4)Y5=hgyR$g0xl^z=F+14vQG)UgxgbBHn}&0QTwUTM#;1gR@q zfj!@6e9hS7Owhfzg$?!?=88w2F@&CNM}W0N3_{ai)YGV`(N4kjN_d~2!7$6xZ1UCi zA+JwDzt-ccOT?~nvshU;zc{s{gAKb>EFGN1x?2;LxF7ZF(5krvSDRR2%IG^fu(7h~ z@#5S&yvJ^Bxh8T@!e&w-(N&~hlg|gqBwB0aVgdT`OeAUPw3FY;a>yv z!`hNPpSYyE)dhKVE#1j6v^wL_eW<$r3@>#)**Kr1NhG$0A#*>nfW35mSqxetYsI zsDDzN7pmDD&3n`M$U6MC_Mr0QHGcOrmUUdEQ@2j8c`M7I;sdvO*81eWgR9*%!=;RT z$xh;Jxd6)x(8B0*h;dVP?$3^a4QRt3USAs@{l;67_^&1kC&*wTF$^|-y>uyqbLr2^ z)RFRLV{2T^E=VCY?|Rso!spD&uMp#SgMEG>tH%6qAKDwSDK}vS8$%K|^=E+BH8a*FrO-_A#XdlTdzwuy7(PIehn4yuU-dNec&13ia6Nxm+S2ImgLxPW5y~f4q4ysbqCpA>~37^x$*6`V*YABGc9o0jZ&LNY0 zEg|W>rNduONB$DXhoqzJBic=L*x#rSxxb(piPa)ZrBNa_$4fJ)S7R{~x z{-*RVYMCH8`{?38_hJz^B_|=lLo0v$m4@u1Pr-Gdqn5S(O$tkKgDO&MMW1=(KBZgA ztEomMtBG5fr4$vboO$FlhhY>RT>^c^LuoMLqhAR+|A!Ao^HlU9Ct>!J4pcY9%-P6& zYIpwin2Wy4VK?wxPo6BONCxn!Ut&N>9bQ!pcjmoUAEZrL1`h zvgH9)?Ez?h-!U7BPp)J4Dfz{4r3;5~1_o6f^k)npV z8761qGD%p!F>RlNRs9g2j{4Pe(srXGM{goqs)a}M&pg}0QTKA3yEfe|DzVGt#9qro7`da_z&W@@aUVS08#-%E%S< z_i211n^L#Nbwq{zwBPHF%Geu}s5~8?50c!{(mlj?pk(EUtA%KWXNTj4Fes1IO$l~v zN$nMQ;Fz4O*2JZ1d`W4ky@$teo;cyR5^X>3bO<+5NADPUjm*PYhSbYjWv;8p?TfNo ztD8;>ayvg_N#6v~6?MBf8_3Ks90l@UmyHTl=Lu*CkRBMG^4oZVDH78ngEQggMY^CN zSL-(;m-}t2caO^#&KEN;`(|dE7~9){<;*nr@KjafCtE~=h|Mgt&Judec5^L z&~iDdKPvfE{*8#!kFA1k;TM2vZzq|F-QC^j`A0WZOf9{mHn6Q2V%{^}pvN~VKSV+& z*}t&!YjRg~?-`phukBXR421F&ln-Huerlr%*QcA{fw8+>+af)w$PtM58D+hWW!Ui?(;JexUgS z*5>0s@ozd;@rR4zyPolZs50zg#VNR+8f`|^uqj(e~Va~5uLV@d`d1}*jX^GGu*#M}RJGyYO9 zr$)jU=Iz1orYH!OMN^&{sV#b49Myx-Ow0S6ZgiNP7RjMxRD8)SC%W*(w`%h7@c+SW zLINyBT5nl9kD#M>8k@2p*>r$J%zyWaUSECn<*uELs@)?3gBHNdhP)s6V5+xBSkIplKO3%Zv4Z@@zVcF6i@r&dyI;$-x<#%9IW4^%**gX{_A z=oDk`{uK~6QwKsn-6|pD7G!}Hw}V~D5AU!H*@XKHORXHQ)YaAPkzM1-0CI?L_|8Y! zOb>ov&>Nn=WTo1li@SV`1LgEL^-*SYTKKoXCr&XqKN=W(+m0~s-*xrkHxXqB-l*wa zoDJEAJ96mC?!LbpuM+gvi%IH(HO{(NkrzY5tA)3ep<{ngPH?*XJT3jW{TNs{DMvReb}I@zz`;vil!%dkv=~gb_H^!il-7so2&i?4 z@yS4hNA<+`rw2{`Jk36g^e+l97_f~^4%ZTM`wby4BI`HYrW>>=C@2WI@97BdiuVF01*Pza46gfVgS`1HXt0n`^Iftd! z1=nw!lJ6m0n5+x#Usq+@LpckN-z*lQ0@Dr#HkdGEU_9aCpJt`_Qr4)-2Psy#8N#S^ zMn(1W(hLyB#cOYhyfvh^+x9~b%~yj)Lh`^Ux7oJI769ORY0KXLY-_-FL#f&N!TJeN zTg+Xv$k>_KwB12kB(KFCFl41w>*8NOpN1UsoFcojbcJA5M8QR7_(|ru0FhXjcoI4r z!$G44B>s-MPL9*xr~FHL0r&s4<@irR?EkA_iL0AiMQzBDM@U>zyG&){->b&BAstu@ z77`g!x>~5>^cYk|_OJnd4%{Py|0k^bU#;vyV}pO;-PJeBHwaVxPJbW462=X4ODHBw zpieCl+)(c=Ui-ih5%FHETa@YzSwg;gyGDNgk!rLkq-bAeY+HsN~@WN6EI~?Y&K#A4J8+AeFy? zabEgorU@@J>~>JV?}E#WN^mE4f; zcX&4Z%00{KUix10^yVb~!9CbrIr9eTg7tSU{z0@~gTa_d^?%rIn${ZG6*KG^WX(9w zzo<%+k*OAG==kfb|9v!5=i;Q~=DYOyIbAnH+n4WS!kQmMt)<=6x~V3S$!iDbU7MrF z^uK#~0oszSA0$@Xia^$m(feik(Zu}{^pDL=y#E|>Clscp@XU7I*b=cgg9yWjJQ__j zO;wI>K2(vLy;>rP_^s;)&OxarzdS822lU+2{zp-&qB}qXkYeVLh}kx z%*dtK#8!Rpu!lA&-~65(fy$pe2x1GX@pD=a)^lJKy0)f68>__>8tB$kAzk@z@BOR@ z3^9&zH6VU^WDjyP&mLPsrbMmP?am)KH_X=eGxAWtT3@Z`%19SfPY|X12D> zy5&<}?HdlT)u>RiYV!)tCcVdS67y0)&@rb$+qxB; zbZEtPwb1_V{d(~`#*BOo9zRTBX5L{z1{#IIKSoor6?QNX*R$u&3arEJ83P;fY!z_3 zuLjQSx4TkJ!=A^)=cygex$b)`WSsZKKEQZxm-SW1ti}{S3ZAI#{Ai=Mlm@E7>P>t)8#RS-O5UK4wy*v;*CL$elqe+c3gLOu$@^G=Hvh3D4w}; zgdlEdayB!wf|{1$v&Y~lg@nM>^Hcl~r{;=SddK6{gMaQ7u6IWL@nRoT5|vwRXgtvQ z;x{Jz9%%beq`4w*wa_n&_;aX2Xd!3SWqea3(xGVv1jYn1#?!emN@LZ%1$ZZVZjiWA zvtS)Im_m`I0g!R#rfw&}eatM1uDYw^V^R6wlyo4`mNMeupNI9#R+)05az>RxsTQ8{ zpWP;f+l#MBzQ476IrBiHzo!%hu7$*JZ{=h!JC&K(Z(v*t7j9Nd-@0%bHqBHy+n97* zY>2@L;1q(@gtumeEJm7sS(}qD{Zaw1i(IyS?^$etd;2uE>_5g;(GaSC+U_@;tHT9+ z+Xn>tUj%YMH3oUFxl<4Yy6@MVu#gpmFJ*C!PG^ z)omt)uqec1ar~8+4U?oS^=1J_95U2=fx}icUbc(gk{*^R?u4Vydj?JV8P}4vilQ$k z>1ldsJFUIV@5K|Ab&@;Y3VyZ_O3v2ucy!KXg*dyP7qHGb_9p+0-l$**e`>rIIJKUCT;pWJv+LHmFy8nA1ckziu!_F{O$09hSbXF0_5g=dZBf@c*(c#j$t#= z0wlm~hUk(Vyj<9MJzY9;vZ7q`xYcMc>qd0(r6Fg%d+D3=s8Z|M0KwTgbD;D{aDlt9 zlb@9wm2uQNF2R#HoB0@Sc}4IW8D1I5VhD4qv}b^Mq`_MiOr4a?ny*9o7og@q}U)8P&?8PI9Z?ol3^zYUnjf(WnV zxjh|LB+|WS`>{s{=slH?ReZEIG|Q!m%p`>M1C#PL161XOozA{+qv&@)AE%K`G;1 zz<15yl9(BW5VL~$TWt$l4_G?#Ftyowzdt>7ySo-Y)y*H@8KkZvoCVHevnqD|0BwjG zjYKqSs%`$>%>>!D|muavN^VXG+${8wGc<)Dy7BswxcS}NkE#{rGtkjRq(ddwT6g1{8(sFY%qt94{ z^{Oj9PqrzL1q^BtB1-7Zi&5Cix9kFAmPy6KCY$0|c9trFvN%Xh$*#tD=R0o2j|BxW zYlNo6_sxI69?yW4Sy4{Ao6oF+*=VL(tlp!ryW|3x^}miGCiM`unymfV+D7x{-;d$b zAXw2xr^n=%fOw~FllpYoQ>aJS8{`vUi$Ui5x4Bi#Z0cD)>AhD$u?%3?2Y=5!1JyFf zOP8Z9g$3$Ee^Ax`M5l;z7}%u|?i-61T*<4O{r&2;XiV{oYU!VKvx%)N}0E{bxqi z5&Odkg7<>jWu3o_g#Sqka0QXyul0kG6# zln_4e=}W$iB=}b$YT4Yjf?XSSOouGiax2^&I~&m;w{A@{f=>PHmTP`gSkJj>Q#N)* zyIc35;n~)cg=lF(J9lt54)AZx^7i zMj)eY5np8+4I3=-Rn`(&q^QWlbfkJD#?f3HYt~EhTHH|wc5Yj z@I_9~nmGz2Z^}PP9?fQ@MBKop_MdDb+P#>OuUWT3CuNZ5{x+>r^}|YhHNx1Ht?dEe z1^C26vU1ghic`U0+Fx$W)76^ zh*ZL?(k1!)6EzqWdGlUEZ%pCdjfs9MeoB1v0c8=?0z8^^3tVwy#(-{6?&lEks!YK0Xw?J1!)UU4}=!C#vhq!!HdMnv0Yvjk?}`B%kRY zZW0rW2PKuAXI(Rd1tmjwt94nii=2qmfO@WyRvCtzqUwY6 zaQPRp2uVbO$5NADKWT%1I)vV0Qs`aXyC&Ifz2W=Q;P%Hviz2&j>Povvf%?^?YItRV zi*kUn+{0_zB7?vE>OZtMbQ=L{QXMI0Zaw?#ZHlvRhay@<8+MQBa#rtHB=y;*t1mwP zEho#FTCA_&8Ffd9m}F^8qGZ?U5TS`jmOIEKB#}gK=XV0P6AEOX zxhB85&cpL`-niC+wf_IVDlP zX;4p-UTF~yAPo7I6wSR*GRtDLRBYW8Wy<+X^!5K!yXN`|{d?KhGPLkRJwurS^1h_p zw|^?}k(;KvZgBVFgiZOj*R;?C=ybSQ%iQeBm6rz&74Mu_3lkegB!qDOz!O1=y_#2Z z+siXgUR1^|=wq3=C-@8=1wS}=z5uP0F6sspB$^_3Z-@3mQs3ifCC-<#)X1;(% zw2@Fs8}Jha51CrBX*tXGLGsU7Z>?iI1^0u_bT5R=L=3OHjJKV8m_wb3J>3_e9G``w zCb;v(l~;P{daxT*QKn^J$|a)9UE`y3#!$XYvF80|iIxWbc)YK`9qP+kkqv^b5$Sq( zs$n**X@Rm2d2R>a6u%L^7&X&FGrSIUX^nL+E4~^4UB3=Bw?a&*KHO@hI4joJu=<+Z`+#n_*2TYZ^u1Oww;?_y6p~p2a^%1Ak74;1m6Nd*S1vZkFL7LIc7%t8ea{97E4`wlg0(tN zCmodk@aVq9rMa=s7fD>}tghO`!*}Xx{<6@Qe^~B^U0nU{+GfF)6Isqj4%wZIxXl{R zAHO!Q$oALzHgPm3Z?bA!dg0|U17!MkV^D%ji=9+S+1+~R=-}< z{PtdL+s=rHo-k$hUSQ{BDwp!d=LdgeFN|8P`gn5j@AGrwQjY5DnWV7K&RIRR!e*Aq zglhpQjVn?+%Oci_YKLauePOkP(S7yv=1Gr^Ui0_p-yU@$?ze<7BlnB)UMrC+n)PXZhEwiO)Jkde2IDV$#37n{+zzGzx>i( z$GGNf?A`D~;nVz%XMPs!I=9>|=hwrUqtjM0+Q(R&uZuDJ zck{(2m$PAauKFKN)$;!q_I&ZrU2E1_%i39WzWDuBaQ2>a{)ewmdTqI}&SviO6MNLI zMV7=p{wyFF{;2r+!>sq+b$X8FX19;+>ewgtI)3)LI=ic>Yx#uryuWNN=zsOc^yari zr4o^SZGQ?Lnlu%%ex4c8FSzlqf|Wzb&ZNt|=aQ3bZ*weq%p>1>eR{RZJ>lr*rHf8K zahYcRZ>O6{Y~Q)*wma`0pKiSIui4#q!t-kvpLbm@Klggt<4ga(sqFgueb?j2AOCLH zm`QB=YIZecx97QdW2=~wR^9ft$3E}O-%XTQcJo)~zU%u{cdffyaQ55m-W7j87dptCeM~vq1 zyiVO4^)kUFRO*^x?hlE4^-Ytu^s;>YksV(f`u=2E>Gt1WjwIa|i*`$F{{BMwT0~7| zSdwH|>E47;!JZ9$OPlX!Z%S{l`sp8`{;^E{Z&%fi1o`7y$`Xv(eP#hqvqTvDSdiv~ zMwz56t{!A+!E3$WfDUj{%7pARV_3rqnmLR;?fn_jx4dWrOh>?;<{)$V$a4-jt|H8V g`vut4KK*A_-r4zn(Ke@_z$qIBPgg&ebxsLQ0NEtT&;S4c diff --git a/windows/security/threat-protection/device-control/images/custom-profile-prevent-device-ids.png b/windows/security/threat-protection/device-control/images/custom-profile-prevent-device-ids.png index 46e55e7717c017e7cca9d2ebfb3e4381c1ca28b3..d949232d44fcaabef0df5879b1b4dfaba7c8fea8 100644 GIT binary patch literal 14886 zcmeIZWmH_jwl3NvA%vj8B|w1S7Th6t@Zfag?hxD|KyV1|4#6E7x8N>~G!WdK#$9e_ zpL53B@7{Cn+vnXe-mmwg#~iCxb%eBCZSoybu5Y z5CY!3fVX55>YTs@f}^sOD4=5O{T}?{m6?dV2mnwWh4Ns42){=D_66t&0HAmO{UP+* z6&V8nye-n=BC2k>M;RCqOEU>8QZ^q!xYH%{xXS)63m^0MsT0)I8Z2nwGIeRD9;>*d zL=E@I#jF^Up;<8z+dunrNwd62{3>SQ-hw}af7MqP?C@C3T2e!!4}E^gRj-VKs2=q8 zseki9u=)ot7N2*PS03Ah*5k*~kH@g}Eem?dx@F~}!UswNvSqU$yY0Av z=;+;V2%k>@0G}}WEGJVX4hqt2?^cn7HD{RYhvHw|*az2zLQ}Rnd3D8@m#=A-=ZEFQ z4_aMyjoq(rUA7#B1ibDdq5y#JDeS@!tdeF<_39s-q0lrv9jvX!-C5s9ikK+9`*qpn zrG7batE$6(vrJN-xm_r4fQc#!Kwo!64g5p2fm(^tfGKy2^B}07tiym}Cbisr@XpnD z#7z?C72vxwn;irz*H*qrvx`W4*doXrx?iGFt}Hm#>SBG9)?qH(#}CUOo4=ee%BPM* zn{bjiP`uKy7TBM)Sb07s)4q*4>0G;oJq;wRx#}|CJ{ysK+P% z0P>$IN5+*+)&=X{tyd1(EL*Bie7|0K_?1!9>b|>yAEwx|k>tA(#^AG&G%gJ5LK#is z%7yD1pp!TlC%vzPanH-@U8Y_>ZuynFF0*)DuxX9^xZND zcnPpJ;*tb!5*`TRv9?-$R0&rv0OHO#)O;J0g1L1*_w9{mF50Nk(00##f58G;3nzdH zjH3!w9pu1TEUtlDU4a26u#k=m2QsbZ*N=Je#m-~*D=efi9*>LxlY%AyKz|MZ3Cnuh zyi+diWCemaU}14Ggoru`xE=(X6bVIPYyX`6RgFNU3&s+5-J8|Ba_q{9BK8{+Ug39K zWy9W0S5I1O;2JUW+d)NtPmsPrqUigSRKxue0LXL?S3mVELw2^3fxIQFbbdpxI+ZoT z&6V8~o_OnaGLn_~5I}XVl;!~(mIdj|nvIid(I3ELtl)lvyf#7-K^3w70+ zIrBZ@v6Q*X{PB+|2b%Y?INZE#>zLx(S@(V_y*XaM!+(a_Wn|G6I%fj`05zYd9p9(s zm@nTkGGg@}XY|VH6U7QX{>I>wqXb|e0&^5x2Dzfs46ED=Y>-+i5@O z#D^buUYB;fI3pvzv&->)X1#2vst`Eono@U(|GSM<#jTt#^S$xYE>MJh2Fl#F>x}eT zA1JRp1M4@p^aQRzR}Y(3zc8q}eS_(rHQ&LpgL_KA0*)cA<^Kg_{8Mu`IM>;H+z#pL zy+cKuUh{TCT000fEf#jT^`Laj7ut;s78qxfrbe9o|r5O=6kzJBB_F& z&&!TOh{8shdYK=GRjkSstA_fL38aKuyZOQNowPiL?kVuwI85T;Ymo`wZEQF?+U<>% z=oGoI9vtqu5L80dD@fE4Hpgrqm3+~Uq_GTwMHv01-o>FBd=SpC6rbN^JWS}-kW=%@ zc6r5cxi-~$c1vbKU55@|=}1CB3;2m%K5AoFyp6;X&(+k_E+`>*Es~p?F0L4A%#&h| z%j7<9Oa&P#nB?KKIpBqFQ!ZSUki@o(!Zi2yujJn$yy+O;|MCNqLnQ9UpsCpweI}NM zuvTyM`@#KpOfw=^+szUPfYl>2dPvQ+!?k!`rbILS232n3DMO%4$Q1TIT_{_rvz7=6+ebLc%aWr`2fiJ4}Dy z>3?Yj+#ntogN09%o!t0OCyG&mx6|%OE0`O*aWqe7HLRphdDy;}K1T1|*L(D|d~_nZ zeJ?KbI#vi)+}8I{%BmlFreNSc?-lpEE<1va1GwC2KYhvCew7jDdmhdDG`>Nz@)!vV zx4(AHywwVhI8Er!Y8vo(T0J#;`g!TKcWSomy89ezKfA%;dtJqPMWS~rVYO)QwFM&) zqUt;9&w9MaAlUHry`T5hk6dVfJQS|!gL&W2W011;J$oI_`+99Yhn)(O-fv)NZ8%0f zo(l7xr4lp|GJEj3ANHySbJconGBVNdk@g^4zV%1PmiqZnwkF*!n10 z!c|a_qd&2Jl)&nZrcjnarMnN6ijcyK-Rg02 zUF8hg6Wu^(r;h5rady=kEk=$cj>^m95YiLfO@$jov;84^X-OY@o zhsyiTfv+c8g_7nADlgDss3&@ghDHgMH^%|g8?C}f148B9bJ*{Vw)v1If;vy2S07}J zJO9aWU^|BCV~{n?ysF{A>o^JBl;j~o%!E}1Ez^g zOhMLm^P7ePK}j|&LE0}I$V15S1GR|^9|8mHycURd-g}+%uW z`CPa3MJExk;lPpcGb(Z-4(rE97Eqo?`6I4pxgf{5)sdZ+QBR%AjzDFdUUi>*lzJtn z<4oBz=w9Bl+&kB!95}ujgFowDJ{ZU-c?oLi(*-^^!|(0}9JE2N=421W>a31@=NS&j z#?C=4{kn#}8^n*Zf4HIW(YGt>xLaobkj+~ijn7*}(l7x4=C8%!-cu?91Xg? z&k*xpX!bX4e0p>}S??`{By~j0qU9ove(Ltd01zYRA}+iWN6A*gWSaX4$IHmcBJ=Vx zX67>Hdp|?>s;Vj;?NdqvlSZDRo=z?#$P4rM*AiBZjm=e+M6}727o#ry6NZcemR#?$Xo z$*h5pu-W{FH%TdNJS0~j6%E^7RY>AliODk# z@@A5Fzfdu8BCb}|8{O4ASYSX=oDuj9a(hTvs1&R^X$oH6>DST(m)QtE)uJ~scFQ%2 z&Ln_X6H15Lu9puGEiLw-T6VbOm$Q1X{t#$^nG8f3y?Q#!XoU8dhwK-Z0V(4^I%RxR zC-lt}xn6J~$c0bgGQOrFefK(&I#-Nkw}2y~Yfy>$PuNqp>kj*4|DiQtqI*!~`cUX> zd7QLqceA+CV>S_wi65lxlxs5L#@QQAtDV9*r5#AgT)NR8<>~h}*Lj$!;f6K0ZV#Ae zZqcz~WicE$xGSAD79(0~gBQ>pgyQb4v$^{=Pzm$VJFxT;H=}Dg=OO3E1L_M?IsS~U zKBiX-u{(OctMG;NscOF4s4cV;IwN%-@mQbXZyT=3ml)RJ9W#)>FKqAppsT*twa2Lw zmR$-OOXtNF#$e0@_rMJGr)pk9*t9-hCH3|F5Zn=q&6|su_hH)<;RC4+)aybM>37m+ zlv8)d_X$K{TmFa{UBfR`3a|PuupsES8J7q@)*u)m;!D>fG)pIA8~DQ~2Q;qD2FBr` z(4e!!+HqZnL8@HkJ6F&;ul@QD_`V&A&!uwJ;y+%jLmNveXq{4}tKVrBf*$HE_j%&CrohZ87$kgd4LgAc=65B*9j;RW<4Yg< zZ2E;Rrm`M;6p=8?olm<^SPuWx4GZZJ_TWWj1;~$Zug;!FOn7T53sXj5qhxr=zRX7R;V~{PkxWbN?S~?!KSUN5yWqn?3 zWBlzp8lL#cigVAPV7T?PkGRF<2&AkH-+b50o|Rcaya8~PL+Y4JTbRSXmb+x_d_QNl z{9Na72+@M5B_*pP?3sgkc4VC8a=_Uo_`*ft+F>E`KDtdp26`y$`3d&CD<$0ga5lVj zGFNRR^k#c7*}GD~b&==pm*V#&@#V~rV(k4dDer8?Ok)V^-d5qkfzqO*qim>jcrk)4 z_|>MNk=zEVf#JQonov0ErJ;?{&9B{I9}Y zVj6>Hf&2U9hM_^vQ-947qisB@A;^4?%DCS;PxK_ zFSWRO`hh@v4x1rv55Lz9^(*8UK^81UDs%<+0ZJZYcps+?x(#!k`PsJu!Mnis=$93> zbGY3*BbGIcMjIcOeqJ_j1uq7&tD$CMCaK8{2cl~A_HVHRYBx8FJzdD$VP;X33x1HSiUJKyN73CNm-Z&`?S@Ufrlj;l%r=*b-xsn+aZnibwv6Q^@j{7 z?CBWROpwg5Au+rXG4=Cp;pB*f*&=D5);w^Cs}-V~>Ee7?5q33H~; z_bse5>i;=asCfS-nIDnSW z`*^vN!_`jl4=r7PP_Ml4qY~STcGZgu?{`L@PSm>phyo>@3!t2mJ7UK?Y4gR-WI*)` z73DF7;1QmN2dhmKAeQ#iD%Y*QaG0{zo<)}8Bo_&#`JU+ZbcsajZLy0) z@*h5(|35>hJe*l``d^^yZ`XnLo!)SbJQiQVO5*=lUgp1mtL8!LSvzZRHDdp+CeJ&AOHjMCuk4U09du;qJL$MZ-E`+wlCjgW==5;^^ANw`K%$^&O+*hy_SdfN}Gw!$+ardtGit8QPX?j@9QQ+zB z5@r4KC--SX!GTHt>C_^mjxvx^a?NG&vbBKt0Zn3R)wZg)=?&thl(D*$OvV#yK?LUGQDTS}(@oo{ zR_QXx*Ncwhk=)C>NV2j>=|<^oHowmJIUJ)Bll+JYONlck%7xLfEretEEO=X#=tl%ck< zq9JKi_-s$lKIn&ss$XiSjsqgcv+^-jP*pzL4!6!y@H1;n*xRSz6Fu&d&`jJajI0Fkh<{cfc6}$RAXMs`D z={CBr#i-gahGRUG4}#eF$d}@U4DU1TfBC68{V`REaWz17%DoEnPQ`9U5lAU_zso3y zcIZ?#tujPRiXRtcl&nkJd}#gUje>}1EvDIPEz={BOS*aDs=Q=)X?$8F>M*dwcs!vwwbB2k+8r9XsnA)|U9eZ@-tew1*1~GR~LpEfo)><-fdsGs3f8Y zfC)IMZ}(Pfym4W>V3P^lx0JC0mdwe@&Xe6KTMP^FA$9S!a>HyR##DU|hZX5;2|A(E zh)g8GnkzB?=&N62RN#PJB15}Aij(>DN^R$MmW-#-p^mJq;_2paFD?>Q^VR;7uMnnIvUp{i|oQ!!;vBC4CwS+m%dqj@>l=yjzNikKJ+O3%Af(!khGx z`>EGMo1`ZDwz^ED{Jo=`8+|sBbZ0e*FnT6IS&hGrX}=d?pUfV=S%z{#^4IAI!&Y7C z7XLjPI($JqlJ%Hmrw=vF5SwNq!YQ43EpiGzhL}^qe$Li@xn?3$%%>^j3}seduKtlc z!vqa7CKDMaj{eiLw0;*70S)nkUT)H>iuZpXlzs79ZE}lAqoVm2H^8-Y?!+X`I82Mq z`onm~)9*Z%%cn@@zunGpnUqi;gU8V%He-odtxf(Bktu=?3#o~jh$X3B3g~x2U&F(x z0k14DK;QPCBdj-n1CkItYboQE^M9g`{-3gS|3tn23%R}j=*=N^I)46_rONqlu~gXv zsuX}%e_1Rdobt8x{Vq{AwALxg+=Tcc+PU>_y-|F|)s&iq%s-22Tokf|ykTwE$JHU^ zV!{aL|Dd$EvcRpjxM5WBq8u{G%jyt5_p{Bh4E`h>ewRZyuSN5~F+%uvba;HXH51sY zrWDiJWl2X(LjD&0cF+Dre3V4eL(w#=;Q0#Dey9A~WWREARW^{HO6hgGB`J)fp2 z`gbL8qJ;k*ZtwY>_v11A-Pt@=3YS>#qByrXqJ9Ft6HaZ%sk5kywb~G_?aCq76_#wO z)RF^z`uNl4TtN86Of`J((KBR_;oMosClB|L_J&+e|uL^z|#X}G6TC5hx8X)0RJWGam@@dB_j^LIee{LNFaEj>N1nXC^I04tbMMBECmxW$ytcQRQz2bn zALL#btKoV7a{(K$5Rqovya)Fn2pnyBdYs$ zYDc^aTbp|L<9c^zK3S?KVyY`yO~=%3ah6bmvTjGr{>>v;J|?NdUDvfY6G&fbk?W{145>H|3v)}&Lhc0qj2RVQzMmnIu640_jNxG z3~chSxqfzj*ZBN&-zMoSF8hx)4!!c`o7v{Lk1HLK1LsaH*pKDD1boPLw!-Sgs!ukz z0o)#$m2>C8BT4>*$&RUJc+mdHF_MCO?akA+&vC#mBm)MQzDM}nvj??lSmFvbL=J&E zB^NS#Ujq+Dci~h3oDq!bSi}+wTECe3WF~odza=7&cWPZaRW^P@3t<)R6Rm15>V(dYWd6#$}~#dZey@O$JlylYLhA_(w_{XY#HYGCfC z>odEs5Ir8NJ_T<|QFssb@8sS5K~K)AS+&L7*3 zM;98^vt+6lE=$g{O>0k&_ujAIFPufn|NJ^n^f<0v zo@lVf3A(Yo|ONoj=xD*#Z%YK;s@W$%w7>)4Ey70|YKsRNnByCrSISWGDWQw#UDa5HVK+SNJ}Y zw7Q+bO-n*jhihe8ki@VSd`3+oVE6<6&7}PA1Q!VWcf*<3NvQ{ghj-%&6Nu1MfNW$; zzlz=MLkXS>5|OYlyX9hf#QQ0gjQ9@+bd1a!t;|0fW2jR>br;q0{iS@9?5PN zyqgXFISUiQJF_+n|i%gWPI+JZ$*p}+=ekd>f- z1Unl+osp@_=k3AHgwibDOHSd>;2(78el6NiDd!})W|4EAnV(CSV~2%>k4pD0f}S1^ zX+-3puA7HCwxt##LXxz@aG57I!!BlMG8b?2YSDVFu3Pzz#@Vl^I%oFU>rbu_2iPPV zq_^CE$W)S(yY?j;H>vN|l@$h~*KyAEEo&~7oXZ3R-vl*qucp|{$tkKruICj_gobll;`%AWi6v7%s4O$mlvw< zq{=OKKi0!zsInB7n{38;{&ju@8p`;Qu8r&+f*xn1QU6Vt_$w)G%8MjOn!0b{?LF%| zR(|4-(=Ub?ErWAUi;|~^`Nn9Na5dD~=Ih(FG@pbe_>;amO^Pu!XnvGWP9Z3_NpbxJ z+6a~A8fJX=Q(kjS3enTw^&`3E81+TH@vH{KLrwPE+~@GpgeVn_M;jXs8pWmB`vFg3 z&&}Mp!uEZgki<_{m~$#xhXi#jU6~rh!^yqw7)lkXSvdUEKZwTGsO6K3alNP;(#Jn_ zCa9MRWm&6)i55GJQ%E%J?pr`Ba`vV2k{j=(8d3}kois<)hHC?bEpP*iQO^AcD zV6kd~tu4h^AfZk@JMf0hQ2nP2Cn32^Q(k!z^qjB`S(by&C1;m&Cu=QC56(p;JGw+>-kMD+r!;phAn{zn414p@708- z(AO69k4!gR#{(|XAu6Z6wu2gBd5bpHOjp)i{7G16CJ$d^UfY#qQuMw>JaY^p~jkoJjIeRuI@f+B1v8A>wPX0 zp<&~5WlXGO2jP~gsnYCd54F*#CSQ(Db+%(cu_cY5szdjS9J!m~S@ilV`EW}WSMA!m zN`?G)()%rqRL#ls>Yory-}~?->5=z_;i{9Ytb6f1LQANs87`X}%88=0ZRE>2nGH7quUtnwxY6qClIFqaI|H zh2Wl&r6T{$*>?r1gk-W?7x{!O5wq2UiC@mO5)GTa#28ybEe{$gsL-TI_KAME>XByb|*kIc@KIshnhN0KW z_FU<9aH`sl6fK^0yAt=*F3aO4N$d5593-O%+x15@+fl{b!MONY>1LwKvkRwLQKSYU z&l1s?!D)=|0%HzwNWxqEO$lWCjWB0t@;L^{;?RIQBv}PCquB+`^0W(#N-VY$(sW=I z{>BknStZzqAW02Z7DDYB47Qg#6F-Xg>1}$_PBxoZ*<0=wo$ACc6>9MMHWK$q(`-@x z06nE9yPafRzi!ncN~YtiH0C+@*?nZ`aJQcAbd&(=dTkiMhD5-o?r*q4G8J19_6L^2 zNT%LsFLs?*3ZLxCiV5$2H|L}URap!^Me`qJLD3GFzlvD)5$E_MVm6A1I(`7bLpYsu z$+pO>OTY+`I11c>`&&xzp9!lA@(I1xun@4E;Vk^tgB#XtCZm49OiOXP{B!M1~yC zsnN8O9js01{?qO@IrI$lR&QsOK}>i zb*zjx_Nw@dv@0<@a^U@*b=h7~2{r z_SN+>E?-~`q6rt5y3-3l8osy{1!R)j(6izEn#bPE>9`)xTXA~6@7OfN_0yN<;+^P4 zWG<`z8uZXpat~=6V%1)pqjInecgcsuQHq`gcSTkF&+X%-0C|=YHn$)SzSa{Xh#ey`C>l$9V|e8tO{>L8<;3{jXk^(JU3HsaFjjCbM*F z(ml%Z=ZKa7F_R{2%$xR@ljF7nt#y1m-^BR8?XS@M4073(ie03 z;O_{(T>ubKFg3ZSC2*L1uo-1K8tIoNt*7mQXXDH7P`K+?PHj&S!hvATjmZR0c>FD; z`OieTGns#i_tBpxjfgPI?fcij%NwTFyVT*A=Sx2l*0L)pAF25Da@E;_@+0_OoiZpYZYZ)>MeFp+i>&xMEIVTYcdsp|ozDGgL{CW>WaVTECkZCgNNaVy zqAnW=k0Soiv(}#XDa#9THmj`U9yCbGao=RipiDW@R|8qF@F|+@$lXiwZM30zy}>2M zOFvv%zMO8#??>Mn^ zL@8Nez-z%nMLDz?{N&NGqQ()3ll$P?U$rS%{m%4LeY~PNDhP_@fqQ&RvO!}``T`Hd zM=}<;W?!mb6Bg%4zb*auK?{_j_JK8@eUmnT&+F{3Ab%DWK@yi7Z_`8t)(W4EzW!>q z7#jW6-|kWWE3L8-tCy$8low&^J)zkIc8w$Sz1;in)LLT7|UD zrvUU3F&ME2+vg7LT`|{Jt^)W7y$MjBqZ$`?^Hz&YbYMjeY*XN2n^|M%g7_Yqun#ne_+t@h4(^R&E=#I3Xul<|IKW zdUsJxF;2qSBpf4}r1+C2>QTPYN!H~%HD`XH{T5K@LsV_NL0d*229g-!;6;HnyS>S+ z42t^~-@?vWE#-*A55()ghDv$~4Xs_##4d^(jkgKud)~db7e$p)n!1a$h{#0(c5n4e z8BB@N!DQ=RbiShzm4vO=zJw6Dzgf?zv~K#OvET+#Zzm|c3Z*nv8<^!RW{WQoVo0la z;QBpY$Yot3rS0yHU*Lg`NM8}3Dv!t1v^A+oeKaZR@YW<<1eZSX+bc6gdHeqKG8(aO zKeD!7EVCTP;~N=rCgi^j#3qW19PgJ-Zb+E&FjCM|8u?UNyaQCh8ZC1S3}Q^kSQ{#( zP1_$ddqu2cfBSrW^Ibq8I(svE{$0jvXEiePW-8@)I?PWMGAKZ4vaiVD?E*r^JP!_Z z8q_ZbfuZb0qVsottB1wK!YsR+rP}AUUKq=Ef0W&4n9*35>esh>FQ~dfF{>xSG+JJg zA3%8+B0Ss<7u}uLg-iP5aY75Huks!D#7L&HerxJXpd|Y}PBoqn6!io*;~DCzQ?igz z*J9#-wZHZIRP(D7ysBe4>E^79XEtCIo+{dyyYY)7H?N0m-}S6pJ2^TlWs~sP5E{9< zV$Nt9hhwTt7J);iBRG~^FuB1-cqx!ziiCZH${&|FU>QHWFc`)#UQ%bRuH;qy6hw8nhDjsBCpf0Xp0>B0n(rJE zF-kfX_nw;L#wL|AK9mjuRT$>O)8h_-CX1~q$OxEOsszdta2uh@xH#u21eScoi{q@3 z?SoN1_FDuXA8_D7j5@G;0(MChd-F!9yM6WO<{9ocH|0$jq6MK$T~97jS3YX0=^aX96oh2 ztj5VjWMPrK6aoo|}#~4o{|l&Bjw9Uy~an*gj*I zq5xU-s1%5TQ&fGqu)Ug%?|O{gd)BaXO=McK&DFG#my%M@)h08flCDa7MQ3;d!ki(N zI<>#(aW+Ji6nO}M#qHYRa?J&0D?dscOc|35FXE^C$H%SX5}@aFeB93EQ)*Sc77Cn- z{5pT;GS<{%i&sYyxk9?fB}&)B1ZjsiW=Er2-(@u8g$qc>f%8oriRbgyBOwu-!;P6es&PXbRs&$gXh@7`~Lu~#Nc$$q-^scAATgQ`!?_1iQLn%fsA7~!=S2{87WNbjw&cV zY)~+JA8?ONJ+gsuNd|0`Y+w^UjxKJM7_6_Q0Ong(v;v9#mv!*9bSVO_6l8;ULVcc&3T8QFSC1O=$TIYXu+jyhe ztt$62b=yS*(Gj-_Z_WlTTpbq=35K$H(5+q#Rhv$y`*ldau0j+67x2CkOf^}2A`=;U z^4wicOe=kE99}gu8C$a}YYsvSxmZcthyZawIcG$5_p_nxqPR7iR!Oy?+GN%k-VF1) zVcZ{u$TC@IUj@rM&P^D;UvW|Y^BUI*;q%l7kji`iF_Iah<75NTmAT)UsYxY z=;%xM9S>=KB&UHbd*++1bQrqvnQ6{l7n3ri+^u^B7Mq)6nr#cG-$lUCj}) zc`?i3pB5mxX4y!tjak^`y~UnZ0qriQiRJTP$JQcceqxAA%~k&yI%BhGb$vlAB4`U_ z9*y4!Ip)**`lWZ~{#zy^RIR~jIcN0H4Ix_sv)lsRuZdk9);zdil*B#vC$dg?o#YQs6#56R`I4$igX$w+RtYyr^f!KV;f&$(B*Rhv_Tbj9b|;H;qk< z6JS0yUxYxXgMTmL3+`nWAOGC0uta_q zm3Pvd)Zx*0>|Zjdr4V9Uu2XR+DeVZ!i4BmQ@|G$F%T!!xSVH3m_<+Efu73V)fxO$TOZMk7SDhxn9NeDDVELw2sLcn4q{Q;PFXAD+YPHaE~d_uuw z%7oW5!VA4c|9|oS*%Gh?f5&HmS9;c+on0S0PnE#GNBqqNFFyTm)!P4`^=5$s8vyOw cQQb2cIdM3dZX`-9ya6CBp&(u%s_*|l04uv0RR910 literal 21633 zcmdSBXH-+)yEPg_Kt)7FR6syQdQ+-M7eP8m@4dGmy#){iR79jpM>>QgNDoy&danTj zM5G1?p@o`+H~#+T+;he~=brK2G4A`}egMYa8GEzV+Iv0EeCC`_K5A>ern$y=4FCYp zs3^bE0RS#(0{~<-S13tm2q*@1(jPK!o!2h`(BTJY(!pg%c@230;72?)-kO4ReAQFg z*c$-2(ed|(jGjw1901U}tMW=-FTet`K;!eo5rjQ$dpI0U&SB=}7-20CGyT*m>e*W- zkJRZs-vLUSnW+xnOTXHcWlAO9so#J|GhDHYvP<3-B7Y6C8nkm>wQznm%>Jbv**rUA zK*z@Ll1@_nrfcw%a9G|@7s^%$N+#R zufi_@0LmW#q&a>at-G#0FhLlfm|!DJ3_!J9Ria6!U6Y0!=vt-+64+j^jJ;;{#hOf5 z`^?nNRRM4ZFnq2T^r{%6$KuKCYcmw2if@9@UULHD%ntsJuRmUVf+Et2-vi&H#9it0rzNGz_^)cm z^UXg*xP&qW!kYbG(M{f4p|jjfyu2#090*IfSgxJ(RplArbdv=DMq3yaCY9cE)>4pd z-hvZ=7u~NCK|=fcgsO{Gw&H*BlmQ(_-3W_zleipi(MG_G}zqU{`RPP4`XC zzRK*gGW<%9Ji^;Qm(Irsm3DDFflV|#Y{YH`CT1beuLUABP^p!0y_o>QJh*M`tkibD zeSK?p{S)dOC40&!x$P=5%TJ#U0JvF(ewh2PTPP+gC%wyXy3sS#cCPemh4a}}Rkufz z9WkrksByAQ7C1q0r3;-kIFI{~g|m!VVFtG7Y0_Ifx;PKs@l}{)XQV5njfrQ zgI1e11WmV3ae!@2NQ+(LOv+nX6_Y2#s-reJOM!iZ?>hIHXW3z=zuq3e83HfP9aq#i zTY0FC-w%x_s6@MCfzXgvsf*LIpwz73CCOFGoU^8V!&L>Z^Z~8-kR^P=P z0xDU{{2(;&Vld4txJVmDgSz$vY37jp4^xif}F+4VVM5_0^=@)vZuZa8zUith8Y_)v>46fLiI zE?&d;EC<`xn{|o!PmTi&@|Fpl*@CbK!wuq^iPna@%TzlF!8>CJ^8Mute2>?`f@Oj~ zLGYrFpudtkfavEwz=CNn;C5RrtDo0t`Xo_>=9XXEauH57mI7xAkfZa65S*zA2M)WB z8{zMT)`uv|_{<7SoP%wGQNbl4i+0T*V6)M%IFJnRb5pb~(8Z0e)tRjHMYoMeYUNl5*Cg1@(66kQ>kwwyys#yUPezD{ zwp2s>PHA!*mgpo!^p4YdJR(v5qY-mGa0f_bjcJm-VK54`JbYa>@C%|fADY(7Mn9I( zh_KkVTxm1gH%ZXVy@?@U{TKKwle|}G1aNkPU8Ou5W-D_=~MG_q;uv50*0^}=}| z|CD8!w_kc&h#{04)K&MWT;f#W^yAib!b%LMxnbm!&N}aIU3;wSmwuF%l1)OEC9nK~1`V%cOY4DlxdurQ;L&c+v&sx@ZFGF}2ji1aDS@ zXSZc0w93=}Br$KE-ams)dHYeI2%j!OwM4(2{ZzO(m@2-2ZVDXuhcULkol!>!OrSom_mALvaisLI zpjkapoFWG*@`(fa3`m4|r8hs>n6hdkg%m-Ni=4!Q+=eM)sP1NYTN><6%xe9}X*yr% zS;79;#X6@@KxYIVNAHN#I!U~q`77+q62(~!6MMGa#F`@Ba^WXz&K=n4m|EzC$?YE) zdGRQhxIwi-UhUrxBO+u|TzS>@)4@50z+WEt?pRB924SrdO-zzuTVZJC0(I!R(5!F& zq5o76=_NSd7`r3-?Ag*HDH-N54{2oLh5rHrBr6#yr9OOg=?(xO_wv7{(76?WZ_|UJ z)hG8_zbx*Y#Xe}WHuG8*?|pkL<8wZi^%?d1SXw~*^ZKuIr)tva06PF-@XY~c&Y8HT zq2NAWd@x1y&X8g)HGg<(3=CX4G&Qe)>? zZC<_1yf2PIb5)xug*Yl&%N<8 zomF8M9)Z0rhV_CnPtFBf^p0eGkY~x8QU_+I8i-jttVGrMaMxP+YMRaLs9nd>_skX4 z4!!~HuSZW+qQCnvYV=TZoQ4|sd}72zX3RZ(x-#WbB(9h$OkZ9Tb&@UQ;DNE?pj}db>ad}ePs%eMkHx_&xsSZ}*ySELm9cOy&2;)%8`wKAw z6+@dA)c}DS^R-~Xz?os!8X6L0nsLdznE zOBS&`l}Ih^#yh9O`bggO?W2f!Of2+rzvlst5?)tebp-$r>)}Y1Gk*dMJP(!d7wn&7mGH=FEB{eem-FeOJZ^zhlLYX+==eDhF&xFZ&eAt6|}dN|N+ZKWckaT<(Eg z-H#^ptZ0LM{?z;SGbhFfj+NK6c%3p0ryyMj=I2jnjA$v`^E~PgcC{fild5iC&l{Lf z`3<*AgPKYedKf#Okmj!{y}Z1v4=R7!7)f;Nc+_$Lbnh}DZIDPOkGWsBxoZAgOizB# z^czTd&j|oDGP3^zZM83vLQdti|GHJH;(9HQ8xin&(zezX3}~k|GfWnHye=R`g2k5` zs7ZO=ivE8_$2b3LEI48JvSN~KzIcJ407wqB+Zr}Nhk6Rk!re8=CkcYu=ur8hhGDo~il0!xFMF8;FQ<=av?mCUrCT0T z7YF}*Uz#(P7gnII^hEqg9D@rObdX8HGokxQI$U?Q+s;@>`GFQGE*Cc#dq?AW)&Aot zZp4DsBmN|B=RRiim)j*htYKyjj*jl0jjO4qZl2>|IKts!P1XzFej3s{-Z&)&?GS#) zyq}% zv_Pt@_*FsVPD}7{zbL}Y_Cnv1uxYp&&E!$J@Uw9o1FwstgcX-#UioAK+aUGDxy+&$ zC}pC5#UY4@O0#d2ZOn=Qh0*sHjO~59$4?bL(Ia+4+c;sfS-IawGySG$J~O1y&aRFt zX2 zJze(s&QO$bWmb8Wh?MOSL7%b}Z{{u)G(WmV=}Ha#IV@Z+#i7Ot^ujjwhyh>a$ho|7 zh^1$Ul?dREDN>gv*ZKO1FDCLE-Ef7Z!Zv!~TRoLX9a{1kklf+-r_)KffRx!x;qOjw zG#g~kcbc#=2>Rz+71e($subbj=bbn*u~>NNH_JpD_U4;%yk!Z2#x8HSm6a46I~5tj z>%K?_K;}bHmi_nQS$#l_J;PVEm0aw`A2dhX&8dkq<^tk<9OKY*& z=%=%>_|TQcOTkCm3GMCjf!)G6OJ{&gZuVL0g!C$E$^@6zykA`wW+z2@P#4M4;UiUh z8yRqafpwb!yP$`Zg|8uD>kzoKUOTCxmK(%gU-=MjF)?yugSPr@kz|>bJO%qe=#<%? z&6bMmYt%aBf_dNG!gcDrK9yhOax%$TZn{v_dV2ORdMfvyMASX&C91GrxFd z`n+xWJTWfT%(qxYO+EqTVxZQp1DsDd$k6h3S#se$uW=P7+(MIo6SP!#L~6p9%=8uc z=+|DifLnRB8f(8Q?lGUfEW7(5b-)3|Fg%xW@Pf`J$kDFB07Gvk=M=z06HTb;ubf(_ zq+sBpX~YhxS@T`FJuqRb!z}~4?Q^!q671Q5k>UjU{hic0wU}&MW@sqqI z?kwQJczMV7xl2Ni-VQ?Ii}F8Y3kqK(Ih;<8r+xh4;CqMmmpPOS+4GTg80qo?HNq06 z*XlWfTnUb6PK(v0t2*8un73@~xk0TREyg8IRq~Y6o_3?XOuXUJ1CwN*KexHO0pe5* z{ozfYCJkeGI}S!&<`5d;nA_5m@WEn7%)%>zJ@ zVM*MSa}d2NbhCrp&*jzH0=<=QsA}<=d8ZKuYi{l$`Qdbq;bqT~XdbTTJIr&QrUo*R ziNZSscF;w1h5q?;vJ~=p2A`O2xqpVh?lvhkZzmH5tyIXBLOS<+%ObFHv!>d!+ytmRxAU%wNfarx z+D6sfH8V{&xtbXaX$Y_K$}{@$&OnWPBFUADjJ)yJmf%TE7Ov2-4_}WGv?L%R=HFgW zt?tAClh>sPHt?EbkVolG^?_<$-Hdncxfuf!Q}spYx+Llc+2%@LQZ4cP2;;4AiAe={ zgGRaNIg{CyZFG`4W_X3^MvXWp8vZ+9fXiCVVzqRjNhhPO=v}1BCGOFpoGRD) z=DiNn?KbfRNf)(z5p4pI`obV*^njN%N`>&bOCzC2)vM;%pftkL;BFDNR<_a_&+~#V z#|~;Ds6VBn=gwLhSH18QM>#t;)BHF}HFh(uRfl0ty}Dv$*xJs1mCPK&7Q$L+^cE@{LqeKg{DZh>G;d(r zG;gppb+mL2=RMLi#RI#ro@7jFOv$9Gd%PvURv%l{-(1IYVj#nPEv_BEjJSazbR^^!C zzE8J8JAKHFm`IS`je6(CpS!Y?)K=dAnGySC9`IAF*gqfeQ?q8uf9YQz{dT-gO5z6Z z{^7~~8zk`m8an*z0^Da(1;@$3F>eY$_AL<*Z~?%K@!zHJb(a~^xXfk6Gy$khp}GZ_ zxn>I5o|u0{PfGd!UWwGb4L3 z_@kp=KJ~j+M2f9Nx}YlI8M~;E;8a;fFrs_E<}mmjba@2Qu^cZeU`gChv-k5ekl9a& z?~M~*OX}?|wp7;d%#A*M@ic@Urkj zq4jcd@Bv%mI8n)3>9uakX+ouzxpm%?$Q@yCbk=or!VA&I2WpCacAu*3&cvtZ(d|BR zYxBoV<*%_DjbE9(Ct98;_Vp#)rCOBSX(+gxGr70iqv2%w_2MM{!V~mL=Cn_%QD8g3 zBe({sZ*LWoHCipCpPly2{N7KoXa9jW&x1vv0%{DT73U>`QFP7QwWrOnW=HF{k zrlg`;kjzV|deB#7FH~n#ytFeNZNt;H35U;(=sU*bI_vB290PR~7xc0hw7ZJKXiM1l zvmLS~{9gD5w7CrX2J7QA4t^8(g|?neov#fH)}&MaK>r552(imxEEc~bxd6y`AbT2k z8gstL=9mlDvZy=$x`mY11Ox2B-8_ovwVct?<7wPA&e}PN38&?QtJFF|J(b&57T2Jk z1V2WE&iq(%e~zrG;rW`V*Z7cp@tt>IkovXL_L*^*-_iEfNSoxkch{WD?pVRa0!UMF?0n+$3f;ERc%;{Ps8wbaFP5mTta0%x;fDa z3-n$Kc)Avm7+o^w7{TLjst@E>_IP%ZIqc{8b}c%#}QeghVsZmaI=eEJOb(^0XvH`Dj` zKK8)^NpMDxFN58tW6n#FNpkuak#)MGNQmth;iEIWh7d91YN%w|*gd(lec7`4I1f_X zcPubnmP5|uI#{fLnSDuf=%OPY z{5s4itmcLKN`J5?kDnRw&>6e2&RD$QTDka~Sd2Z$@?Q+}I$cd`@_&4RAGzQw(&=lV z3!IzC;V?97_Z}Zr#~KVd<-Nrk7Q0`Y7>A}dm1(40RjqZGnjaQ5g3H46Tm9IScU@|8 zD`M1tSnxPnYV7b)bqfW7VQPQ1$#*)JI*e{rEY2a7Hb|?EWi@;&UuF_vbu~Uie6dgM zQq|lY)UlJ0VMPxXGQaYY?Kys6^X}bqtj6(|xkN4+y|#;vwiM1o{3p_wZ{}%|o22-k z>{_Six2SCK#4cYiAH9R%oC&GX|9AKCmy^6`pedN9I0vs#p|<%{*`h zvuX7DbS57*WlVxkBCzqUB^29Iju&$WtDo+HltOVI+XJ_1&tdiN$}|7(X}GW5w!~4? zeMUQkP`)P8yn(H|WfJaDMANTDT=9VKHs3;UE*h|&i-^DZOE)xj{0H#(x9n_Qw!mBp zF7RK~0a00jZsw7&!@ucm|NlW3f#D{1(b!wuP4)cAuY(IqN{Ebc*DX`uOu)kCK7;$J z)HCPDMk>9RcY)X5gHr;%384A2sF#n zN9B$p8z{NX{_sJSS`%LwJDSP$iemcbUUlPTBfZlPgC9;!BUkr77aoup4C7qSByNGJ zVu%rg)0F_;;N5nr)#_YAg_-w|sF0*2ujScz+RD1@1^izq<==>qPS2!!Wtwmgtw23W z9!2Af{zeuadzlxU==p@8_NkX9^|(dMhzt;ptB(Wks{8b%hozQt z$kIQ7%D4x@AEz%>d}NP1QnoC%A?_?PMn(p5CpSN@A(bI1)(5knwwCzP>^Y>lj1N$G zrxq7%t|d$AcF&PgU2k{b>nx^!3X3$F{4j~MpbZ5F8A=SQ^&lHNbDLW=fAkqdXeZZ0 z;3MXjgP!;~>PH6FbO0|pR(|m&m~5)`OKxgSE4tK7iUmQ&<9*Er* znceuI@ic;i5mLw2WPxyQch-&b8+tW;BXU^K^T^~p~>tbHm$Pr1hW z#iF75CcU^unlNQMKN$}L8*_hif_S)Q_6v4uYU-+*nw7H;Qir1obuVZ)l>Pd*b=aQW zd%&cQyaP3@+?!JPQv2ngUP_uHgrwHt}JXOX|E3ExhaG&G72A z`!Xo>I~YCldU&rH1g@l?de;5e`mqsk&hD|)u)`DGk7X*A_eR%%JMOM~7&FNd(Z~89 z^%5&ol|HF0hR}{E!`d*M$&Be~n{%8l3xoXeedB$Z^G!QHhL{rS>q}tfzD7!CkI~BD zks9vg8hb%udw5hv#EeFaQG9d%1W9^v(R=>m?KNTZ!!eC*IK$`zhLMd zbs&DP$2>QjwG>bhlgAh)bo3s^K0$NOapp1yAFZDHhi~OkCPngA0>y#Rg4xhsBZW&< z_eML{-dAd%Lj>tF*IgxF9R05KItPVuTS|qF;?OK5zTv7x<5f2i&*v$>*PJ#5Zxt$W zMAp4o)mhoB>OK_wc0t);qvH)Pz(&3-{jK`A`O=k+V09HkrrEOSI^(NO;p3Z4pz|ZR z%)4CTVF{F4GJV0qy&MP?Doqg*Nxn8?gZDIr;b_5fhf{z0k#Ri+?`D=Z4LdZJC&x<` zv-tQ{2I;Fap~|A_REEbtI=6f%&r5b-yu-O+wTljC5ED`2HM73C8s>PWm?PH{O-bfO zpQzmG>RZCi*HqJ+eV1fl1gdL~qsS%%i}her>w2Kj$kn2WsZ3K(_Laq&=v;R*foJ%) z)5WjTfKL;O!zx=N&{eF@7|RP8i=X+O4Mlme3-i5&uy#}lJL&fmXrbajaTPvJ>GxP&5$=aq$uJx z88&#{acDrZJexC&dAdX~O`p(YD+4weUO$rv-9Ol;J#KkDEaRQq?1p`Ws1MGXChIpC z_$cudG2L+OM#T@ZJ`3p#awt6Uqic+w0DW_Q&~e6qnso)PyFe1Sf^{fh+Ex4UxXSCN zndtRb#r3t0Qp*fb@J^prXw}xWzaZl8@_T^2^Zf%d@?_D5()CXMj&&1%QP#D3?_kBe zb4?Y>&QP^ZA>m0Iq&R2KxYg77tl5$X-lgBa^uRV_Z;O@eLd&?))yG292#gRH>X`Jc z-yVn=QhwCWPHH~YYJ>d<>djFnoK}kh7n^@+hW&(f18p=_ZHYwph^2hykz_mE`=Z)I zqJIX+TyP%Gq*HU)S#eXP_P&hX{VRy5^pTgNcsX##;3Mwmnzg0S&*xd$9xY4Vpfmwk z-W|4O)!xWNX4Bf`XmsIwg%ZvOtp>LXw|KuPPqh8$i^!=6ws&~mEG#kOL3nselEA4x zqmt=-gYskLz40|3F(FxE)vWO2q)=}Cd5Rj35|5yAhhWHzZKH*Vpvtr5@)4iqDc?0i zwjfmXSEh*+=d;X_ZwESf2ltL|%zP&-)z7GqQOq!sHDd3EK*nze*-^?k=I zk^=WiIP9>qY4A3m_z6k5SsJMsGFKIe(kDP;RF1UOjkVLhZ+^-&Q~r-2-KO6X3`Bv} zx2i16k=S@{ha(EAiQ&-x-=`xaAYAUs_qK7jgWCL_pU}e5VLr;hnN$?ii4+9}*WaT~ zqT#e^=|5Jpa_<|R-=m~!8SX?LK<+rUoL1j6 zT?~C7N$7t-r9S$6w2~Zoo3%-Okh>Svrt!3b2Fw{~IDR+V;3E1CEU0pI_Z{BsM7pn> z##S~>RmG&uwToP<<*+Apt>UmK=#PIVqOPruR5%*bRWDMO_1Lw&=khx{K2#|l3L1HZ zbQLM9cN9gA8^uy@REj``{D7Un?Jl^-wQ3JpSO5CjtF}vi>HYnl0o6$!)WkrQdPEA7 z)5jTY=Tv7SRR=^=>LBGZ4!IYN2`%tu$vS2PgK?DnExlK|5leNW-S@E4PGGc$c~Hp~ z+kP3)f*Td)reblHC7XnrBLpGpo3hr(cz#<_Ox^a0vnUIql4=>>r5pv^c@K$Ra;XVB zk4BAQ<8PRi#wPIx4}+nrMpdHX|`ig+l0wpZB4G@p~& zA8}u8ceWvE>M&2b5B$DYV?+fFU%rt{NQqY-hOxLk!=F)qk(_EzlzyaC{>4Q^Do(}H z=vsb}GR7%j(>z&49Ak1;ZS4m5-1c=U_T5S5N2w)^SF3mL-Qkdm!$lQ6HK}5N;o{U> zZLwUIk1mUigPL0DsMvqhVz}ltUGM4g&k;5ib&FwW2Oj+k!pmb9Z>UM%{~jyJc4-o= zij;0SU%;lSbJ&JKA70ni3Z9!-DF;KV$f!RQ7~)dKo!p#1Q8K&BB)C@Oco*H_ohpU& z8pJr^)CL!{j$Gg@i-+Y6APvRwCGy}i#x<=-HFcb#UQ_on^QcZ@Wq(8odOY zhL>|RZEp_qHNao~%zfGH)7x}^E&8pdsEDIB2`13=W%~1By6BQ2)$GHY=iVYR?nJ9; zXJCzaDkUp{|L2-}a{_XW%EVmT$y(FByJ#v4`LJTjc83u31Cx$F`q9`@XPmVZLd6~^ z-v;D`Kk0FjR|uK@Fh5~d>%rkzG@h-=6kng; z{s!qZRjz|akJAMxUZWTMRmJUwAOef0_;*f^%cs<{rqi{(h77)-6+b`#rVeZ zdv|Tju0qwfqv=Ba(^B!run8U2mUIrh^F6xDc2N5y>RhNUvbhH&fOjh?@~b<2Z@Fq> zTdabliAI7{2E1Pi1fXAxgW4}^yE7SNM&n$}+*1h^vWq&F3iLUaiiqc^p@GR<0rQ@e zmm#(G^Nx`U@|_{k1jO%c%ivbCz5J10n9Lsc5yAD?5=gEuzV+8AsHv{rP!Fg}>O6-f zMfN~Fv6Tt^1%#>)t0^WV!6|8w>WxoMlb#-W-A$RnTS z?x1Uotn1=kL1;71bsgb@EHE77<# zQ$IvLS*08nuRPo0u9G^J!-C$kEa0aixhpn${~HZAsd-Qztm6xlVECFtbdIyYq`Wq~ zRhK$shZ{Kj#Aaz3FLPEpA966{b-3~7eB1*QGr_7K0PuTUzB_GWXHod=E%0CJu7zL! z`%)jxFIgNEZ+hZc)4;G+6KEST=(Hs4jPrbaXK(NADXFMNM|Yq<@kjwAZ|MiP+T7M2 z##if!o|ZjS`2?!^TaiRu)@Q+$A9o~j^Me?lF7sXgMwI_JPSSZn4LM`qOceM*n>yL}_5E;R+vyw2Erm({T z*4gpWBu=flJ)pErf>_Rtf^M$G8Jsyr{||y z?j4w96Iy@`(LRp%0 z!>W-xP3z-{OxHRxqe~v8LqKT;5_K<73!a@c`!lxjaDN-M+@0nF&121#$ueE9MXfleRH-4S8rK`*t9mQ~*x=Dya{sQ5%E{}ru%|LyGuhBH z_PDO}Jt*>UaXx~NQ~(i7)$C(L<>5Mz#5?k+hpARpPi;({BY{d-h!mu zt;sC@%ToJN@IJT{*f?=J+wcuhyZ*t1;i3QrQ69xEo)qn{pqH4{$O+N_! zLrv2-M3Ob3**bG6#4MxaDD~XS_HPDsa>h*0Y`&!!C)7Bt>8$EJ+Sriud&)1o>ddVl z&Azps_p&VX5)W%a*5xqNL|Q_J5taW{#^B=}Uvr2wHgLq-ob*WaK11}!NwBxT{lKN2 zlUH|2qOYk*&-GEuQ#K*jh;#f02y^^ydG`8#l!>TcpvX)~#7|jQ0bxm$EMWV=oTk5* zmyp=2s3kNG7S{4WCS(TZ9>>$Ham&n_%CM(JNVxgQROQZ~LH24Pg6OV%cf#VTo}c!< zHJcYhf{J&?l^)&kCZbKzD_2Z}(ux2}`d*>8L_%LQT_S@bcNUZ^LBhXdyv|_mF7G!E zkZ9_I$(9X8K`(QNxo0~Cl)9wgOY9H#U=BLZwL?SMxtid9tvV0Q4Sh-1G6U_n7QTU$ z&xVZ|i3xo-)SSq+pTB+7PphS?o4xQxi+(YB0=)hElSJzab*9jmuuO4YkHz!gli9pm zaMX;Mp(p=)(Na;dc)YZr1>GIT(abt01@nuh4s5*lUe~?Xm&V=e7dZUq-^K)UdJ#|8 zk=EfE+sXXWUgF=Ok#toJ+Je~>;VCDNRFR78G+GNbJz|ehd?Xcotb2KD8v+D@uiv=Q z4>fOENj3FIh>D^>LI{gTb@lM?o{gJ@_nV{`-C;FmZ?m@^^F~_u=6tb4-oGR#Y5k#b zvm9(dpHtc)38C=E;D)ac=){hf<92^>%8W%9xkBMe#U&*ewWiu!B27uX=BFRkRA+V- z2J8>?Y^gHsZic$V^%`IWnY?_#NBVDXYqwcF(;AxB(S{<-33imA@xhz3qV9 z=9ow_KpxwC6qOb7fYrMYM&q_m1u%~UP`KGH7)DV6nBqwR(si7sYX(p`TiQWh=@2B| zPZHr~!_fbvh?oB2|C0S~{~uES{nUnFy|k*+Eeqf1#7eT%QGF{Be|p!u4sQx2u!f)Zt08FD>3so=TX)+(bU%!pnoFU z0N+ECV&?vjc+enaiKz#?i?WPls4>35D#M2`_s^Cho-BJPlWubBingeILe{BcnajSe zyv^pOh+FB&`e=iF+dHQSl8jkN=94 z=A@a=T)ABO9`DlZgfnlsTqa)skUEyr?BWKWpqk<}p_{34xHWYyljMeH^ZqChNyqxj zt+Rj*-$*Qf7B*u|_^UKRN!=B0moMq*)VefRCG#jsSREuqmpnt8da)~e2TD3UPS59y zV%I(rrAIy`{3DsXBXKZ&zklbE7=aN_5CHH~iA|1ut$Z)KyHF^rRy0)ps*Z^cbXrTT zIHTxEibbj6MLIyNz#q?j(0=$*^GnSc|K$<*dd^nkC0PPm>z`ThT`twHoC@H;Uw1UO zAtf-oRtpNl@um|SlJckM)gmvtFq&W3nMr)YtE;A1cD;c|3KZ8}Qbux|pbU^vIrtUM zCTQbdmyN*R=NQ!8(*vfXqub%HBPYyWYB|tEzHp|`Y29g9z9A8~U+7NlyZc){aK}4$ zE1Cpywp6_7*tL;gi9YSQ7pJ+%T!B&65xx{vk|O*y=(q``5paoQ)%%AZ{|flWoA-YJ z)sblR|Ho#Q{{}by#}xlOSPaYFB7w|>-@kwGnjzLm(t7x2IAtls>;WDb$jBsx zg#Q_ZBJ~1mUMmgkXhg1}L(#bwe%Kczo|izF7(XfVLsg5}Ghi4*FD%1eTuAeCycnzE zj-Rt8jLf_}J`8|`sx+3e`M_a*65r6SqPbh$C;@}B)?Sn^;cTF<*+2r)NTbwUEsxYt zdtpgD?%C!vS1j>QnJ7ipLyK{9Sn-{crEh`m^RLBUA+g3iw#LhK4i-#}_)3n;Ts01w zIkqYJ4|*GqO|3+!eoyu`>y?Okk6< z9<1bLdFWQF7k|C4;-nfoqUQ5}=v8*1Q352Hv7Q=Qwc{1ni>CA)YQ8P7`ghzW^Ulu^ zr&8h{8xJ#8B`K&5g=Xifu=|Ud9${Xt6EoUDH;qxXw7-Djw|2^#S~Xh&-7{F2QQ>z6 z!^n#*-CuNA4}!b$&4p=Lqja8ng`LNG&@%VlASn{%L$+J14ylpi7e`ut76kY2frOgB z;n@=T?9UPG+o~&K#OJA7Ln{Gy+ZaYX^Dq)iz}c-lHGTHJZ> z1D~VzdMFmAeRHQOk$NAH4j~Dvtj2YZ2r^+TOsMmNc^jtqiH7)15lX7Kxd6AmL7&Qb zALF^>#mh>l9>KKKo`}_|!9uF7A}xmoWABwMJC+Dc+mlG%)VmJ$Pc6S%)qg~Z`Ivzv z4E&mwIb{VeJW;_b+rr0v14k@gpe8CZmuw2jD2@^rg=dW(Ck~ERV;yQY9ZN%>n)Jp| z)QQ&YNCy%U}(wGvXx>E0rgjFcfimd&d&QwE``#5O)etO436kD9Sh zCpiE-pI2w`*z!Io^dV9e>VUnNlDo3R(`ddw3W1=F3aEC+^Uh_ehoc<_gKjaTS5Q%9 zL-#-Tde$vfmJK*LG}LKExbz+&HQq}&CsRf)tqqci&ln5}-3Keb?E@_e^!zRt!t1Wl{TLG=#?OjN7I!40cHFNq1}VJMOf$oR1I?G z%bu66UdhMyoiq67U<&ItDd%s=ESxor8Vu~!%4$L?hQy!)eMs?0!%R;bHBO9t=Vw=o z{MgVU4Bx32H%YZ=3{7#S80fHY7rQ(xcV8?LBX$z24epZNQyl~&vhalRNW2+neSqa}3CH9& zO@gO??WD)qN97IqNsl@2Dt@ZQg_q=xGq$hdA3agUbtyzqN0Zf`Jb9WzpBb)^& z3=E|79#Srsf-T#pOP(2E!smD;gn<}Wok4u20@2Og-fmTHEK^NZBmh>-i~Ul_Zr`f3 zJ|R0hJ)Lf8V*@kEtiNSiHP*0gFyrxfP=zh)C`dF(BDvU?$>{Vl!}|;RR$FGfv!ic) zBob9kV>;157-Z9JS7%@S*}J9I9%}dpN9cL~?d)YjbEaV16LoO8Muz*G1Djb>GJ7>) zGSYL4z?Vg2Y^-kD6cXQQi0+(@fyV3x_7CU-OP zH=RT@Re@#~b5aJoxqv-)ts9%mrO$9DAtr~;D0ky88;V(1o88HSlRj^F6o{=E!E0Ls zu=1uF{#)ac=Bx=?paa!YqOIEg_&PovKfQx!YF&r|)aG>1?OXMEG-yoS-r@NX`p^iy zsX(i0JATjN?IydD%~*7Ed%L6Yp%f~SpZUI+Vf_wBBjBr#VQj)}v24O`9-qp>&R4M8 zxF?8DEI0qUiVxGl?6Q5Qhv84B4NaqY1#SdeEnYS;;cV|SQ)Eov8p!#%)wTQ95aM7n z^rDRQ3EOR;_?sZ#@**I+x&Jf6U#guGMwZVPOoFOz)reF)bk@jlxUrq$0|wbsh*gx} zUP#__w)3#yO?7g1R#hZ-S71t|FH~}1g03we2_Bc|yVS}$ZB#7@ztj5~FzCp1jGof) z$Dd3uJ+JL{4ool-E!KR#XQ{LcN4;%D5Gke6Ofj@#%`4G~`dvQ!) zS&JA*G4PoA;T0=wkMIawj;fyt12+0kroM8{J0sj9LZrU08_sK+JB5VISGd-AZ$#yK zn!DEMRb)^{mm6=l515HjwFpnCkD2j4CkA`3YBR~?jv!bg^@BOs;sYNf@!&Zt!@u3l!gGHt4@DobCeJUyzz}K3MO%UNZ2| z;U(JvtMS^Y%MWW~&Z6ZT-TJJK%TGjZ=;n4?rN3^qEP>T&<`0zCX_~r;`_2CH1<##t z1Rb?W;sua`X2X7XhuO0&j;z*htka#-;7&hB3ylNw^UV5I+gGU{TbozuKi#1FqE*sv zDNBRJh}2wofSpOXc*fv_ zmqQ3~ANWEuio7lp)_Y`SK{LRU?ztGT_qw=!f4ybz`S_C87}|V7r0%A1+nLLZjO47? zwn%+u&kpWqJkL~HBZhkl3_MNQ^bb9uM~E*rW~UjdRO`kQfi^ZBe2z6<0T;eryEF7V z3(mu4@;E_OBi#ZEE7MVMu)FZQHa$&6q12q<0M)dGd91@+9)3k@CzX1H=`HAwJ1)@J zn@&IALqBEx)+K(@3t3V0tU=fH*G|i{bq&9$K`?@8ecDn5>0s^Ht9dI&tp7g@FyVH8 zc0Rix77G;Qk?;*yW+micEr{tWytgYNj5qY;kIf}HUQ&0Cq}oilzrr{}cy`2pW2r6m zEszzN-K1JP1Tssx_K&kZm?QybC;!8pyxK)vp}!Pl=LTDLYc1icIj7HAgt6J_`DSPL zf=cb2v-yR6j(Y6rwB+wO!mb6I`%}mSBo{e}CN-Eak-02v2ucH2Ads=w*Eh&@>9UoX zHkh?c-^L_RX2rFNN-fK(cF7d_*4B5zutJvif~d@pD1O!3(_{d!V)$I~_C)=}*4~Hs ziLAx9wR*{_e_n$`Y}3gBFE5w+(zWa#gA)@|8c0nm7P-NN>?XWY-owH9A=<0DFpnyB zfumy&{P>5U+OL)v`g7ye3oDzF43V_&3Kvb(g9U13p*lm zo0u~buP*mOD zo<>Xx8_cSIym)ma7g%HH5WO{JaU=!i+}!>CZSAjdSb;yn%KBkQ?{3x#^^OW|mF=kg z2k|*B=33e(2E(qq?-ee3=)?BiPDErRHrk{5hS?OG?4_#!rWimi*`dlz;PIiGy;c^~w2Sb^ z>)ekYLZP)L^C*^@I&q7JJU#WL-r*y3!fiTfYea4@%Q&a+dS(ufNA8;W{Za}kQ?HtU z4uWX849u8eQ1An@n^vyf;JP6nDOtXuRPV3Ycm@3M+j;LuWt$xAZp2bKFfa2?h70{; zpj4cbnmX1&qrv)9HB>rF1}D3`rk194-wEfubM_=*ssi^jXpkCUAGS4026zJE4Vj8z54Z;5Cual|EJ#mcQ%Tu1?*+N z^#3*7EGf4f28Y_2lg$RvCg%A?oY=FMG~B@Hz@v4;UJ`YUoI^cC8dStktc&$4WR z=SSOnywnS_rq}<{*v!kGK0W@kSfq&&oPH1R)8tm3*h|0ux^=Ygl2h-i~zhWsM-8GW%O-iXW_kBnFiT+ zuQDY#(#{;ow|g-rb{(E2%TdHlwqTD!EjnmnXHRF3qFgYkfd<8gJFV}|PF|d6vqQ$g z${r3zH!8m6;$3FfGH?A^XD{Wb5PeJqaQl$6x3{cFD;U}7WgmI z^zp?tlUb$Ioi$g$Ki=kYqce#z5PW;pVrw+~#l9|Jr}m9(iIuadNZVe+h3=K5*duko zDCUax3`azr%vkw|@5!n^Vn$kMQGf9kJn?sZdyVE;t_K1AE*fh&F+#G(i;uj?pdI)!eeW~W zhbikKSo^G8BR0&?ytC#c_anY8F|5Y~pY3vnRF0GFxg#|%j*r+_2!Wg-x>0`8q9Gh( zwD#@-<^td|bFL;x!>MaiONK9<+Z`e4IgjU40qfQvLj5A8DJ=Nnxblyo{NeeZy7*ln zCUtE8(CKOR(h(|JR`a|Zl!ptca9AX7WER7YjDfyS`JpNWI(#e6tp?IRhZc)L>vD~0 zX(kvw#ED`qmhD30t7S=a{_0n{>FfCrj~_TL|M=BBw<9?Ny`nAo3Hc-DZV_6XcSzpJ z$zeu1<5ieZH4gSQO^yC4OM5-n5t%n{AL4(NbFR@)sB0Y8R<6nHY-FVAvNcI^+l`PB zMKq<7VT@rC!Z1d~U>IbIC~TD}+aA|SxsI4|H=$fI2#pyg*IZ{zuH$|=v)BG|_B!W$ zIBT5`XRZD5{qU~!tY^LJdEWPZe*Zt{`2K-mrI5%u6!Ok6DOh;JD`LYoMx=i8c(1k* z&?f**drl{Y6^`8KUl|&;4lS4Ucv=2MCwv_y(6{wFv(`((7oD(?XyCFlQW{U1T;wH| zMKg?FfysEY%ywqS=f}INJi3-#JI0>a)lcaCcB*>be%O@I+@I`a^S&kt>)))^(ZhF{ zu!uPSC824H>dmz7%&&$T$k&nRHPp^IJm^f-Rf8a6ekO&bc>cfx_nG}(C2~bK2cCK{ z`q}IUg>LJ1QGG`;fL>NSl?8GRw9p##6V34^T~#q8zw1*_F|Yg3&2%PJqVsl7qWW4_ zOz|>)FK4mboYM#SBSq^Pk*nfe6KnZaL0&WNuN4a72l;XseKy^%`iCgp0jm0 z1Yo;(ugTU}DrJfika(}tvneIB9z8>s_ewB+Uq%xR7A}n{_m&))Gj+^hyhwZdVp#CY zOOMxw%#ssFf5zHil8kxpj`(alKERq?;eB_%L2{>R?PQ3V9^ADK;Eg&gkJ*~d(_)!0!!yVZ=?ds)m8T|UpiTi{;--eb6 zli2pMP~vX*>}UUFsW;8aDMF~dZr#DPg+m(pCnF3d!z=q=@|!>kGEWOy?_8~%8Q2AE z>^(d4o;9nwU0%SFhH_$QnHS(TE?~tuv@0lo6M;pk|_Z9od)7xcjAL z2ADE@O8|coe#KhCt#BlYJ3H|+4)%;Jnuj`&j#_a1;i? zOBYR0xX!)uHT5T|bbvnzLb+C06&}O`>VV&&K5xJxRK;;!>M^^W?Q1G_DdX$M0KSZ2 zPafK>{@XN_S>Dw0Ou{WZs%|r(2Lqis!b{l&_+yS^2SFkkTayl&=DbZ0OzsX&^#ZP<`%Fe z0qcu+C5($Vk3=fFSjQ@&R3sh3w&d06MZibd#`$UGQ5_;`{4u%|Jy?t>YPN>#D9PS4 z#$;_gF*KVL-B*HrV}FfsXCDbdz`v>K*d8gd&41kMt(k~PCIuy9U_bYqCh|W-pDp;< z>FsS)*OP8yaP=)($Txb7icj?b$VJL64te=Fehu+aAJlw7 ztLD_*;#`2uL>3IwJl*~ztK2;s7dOk8|f~E5*?ifstU_3Iecy| zy-fMxt*>>(<%aG}@g)W2W7*0_j=u3koh{4kaL(Wim&WzUms-xESY{eiVYs>CK=9$S z1zIZW20c;!_3bIrcfg5J3xkl-MyB6!SVt<_@w_R-Q2$6I&`EeBv8y7R=zjlCK(xWL5+=Ne3(t2kv zvSp`$LrlE_?Ta%wd>^yra`TG3Rv|9C&(D$@JoSzyiQ$HMAwL~O-G6nrPO+l* zq->qEZ^n>~|M&G%2%qwj5berq!C1%Nu2}iJ2B%qRm{B)*($w050BV1Xx|nNVAa-3I zrpcV})#-#-mLxr83`!jDT{s$$LZ6tPy$ z33F6e?n5%-{(ocp4XX*h|upC3+tw)pB^R;>+&DUE~ovc1B|-?-RP$sn1uBZDbrsQ8T~%hkFv0b%>gPYmVBpqRY&-)yS0N=QIUuKm%pKX< zt1%_5eHBHO&CTv9lF?4k63kx&_|zY#b!AYOAz(@U{!ST__J`yY_5;jiieT|FO`FV zbttEoq z9ZLLk<@^;pLLks3zG`oJwC2<-B#07?41C^&p(XcS`iOjk-n>A5;D}DjyF7zCWTKHG zez%~_0%o?)*Y7K^M9{mcvkm$EywDwY4kn7o$mBg&A+kVau~G4ys*W-S{?ov@=T3#8 zYXq?3{~J+x$x zY|_;!2ef27SCwm|-n$?bD_U1YM;XsZN~(zV8G|Bgj&($%5gQT{(31 zQP)7^%V&keZ*#v&9KtFAo}DQw4HNYRmbs>ZpR(H?M{An}K?m#J z&2B4Ap|@R}O=%$oatiH_7$=!|5TX{n#$Sc7@MG&9Z0PnwdAOpX4#{AsyV1IygxXmj0eNx-d}Qe_^7;bsbyLZ;-!UF3cL7 zx#E*|+dE>pad1n2JXk3lsu!=@Kp%XK^fid@X2C6gPU_B3{idpB4EDEi>EHpeSYp893$ zh6-6#;7yOM*JQw7Oq{#4K&Uon#&r-Ek%Pz?NQvJ#BHaIgUwXOeq$#u+xovfKwtEsP?x|zyeSb$&D-*8FC10< Date: Fri, 14 Dec 2018 10:45:56 -0800 Subject: [PATCH 44/54] typo --- .../device-control/control-usb-devices-using-intune.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index ecf929900a..ad249c8cad 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -15,7 +15,7 @@ ms.date: 12/15/2018 **Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) -Windows Defender ATP provides multiple monitoring and control features for USB peripherals to help prevent threats in unauthorized peripherals from compromising your devices: +Windows Defender ATP provides multiple monitoring and control features for USB peripherals to help prevent threats in unauthorized peripherals from compromising your devices: 1. [Prevent threats from removable storage](#prevent-threats-from-removable-storage) introduced by removable storage devices by enabling: - [Windows Defender Antivirus real-time protection (RTP)](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus) to scan removable storage for malware. From 5eda797f14671f85bb0ff0bac03d193df0a9be23 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Fri, 14 Dec 2018 10:49:23 -0800 Subject: [PATCH 45/54] copyedit --- .../device-control/control-usb-devices-using-intune.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index ad249c8cad..287b0c75ad 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -25,7 +25,7 @@ Windows Defender ATP provides multiple monitoring and control features for USB p 2. [Detect plug and play connected events for peripherals in Windows Defender ATP advanced hunting](#detect-plug-and-play-connected-events) - Identify or investigate suspicious usage activity. Create customized alerts based on these PnP events or any other Windows Defender ATP events with [custom detection rules](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/custom-detection-rules). -3. [Respond to additional peripherals](#respond-to-additional-peripherals) in real-time based on properties reported by the peripheral: +3. [Respond to additional peripherals](#respond-to-additional-peripherals) in real-time based on properties reported by each peripheral: - Granular configuration to deny write access to removable disks and approve or deny devices by USB vendor code, product code, device IDs, or a combination. - Flexible policy assignment of device installation settings based on an individual or group of Azure Active Directory (Azure AD) users and devices. From 43c3d803c275cc978fa43076ffc6cc2128176b6d Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Fri, 14 Dec 2018 11:06:04 -0800 Subject: [PATCH 46/54] added link to blog in intro --- .../device-control/control-usb-devices-using-intune.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index 287b0c75ad..4268875d7c 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -32,6 +32,8 @@ Windows Defender ATP provides multiple monitoring and control features for USB p > [!NOTE] > These threat reduction measures help prevent malware from coming into your environment. To protect enterprise data from leaving your environment, you can also configure data loss prevention measures. For example, on Windows 10 devices you can configure [BitLocker](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview) and [Windows Information Protection](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure), which will encrypt company data even if it is stored on a personal device, or use the [Storage/RemovableDiskDenyWriteAccess CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-storage#storage-removablediskdenywriteaccess) to deny write access to removable disks. +For more information about controlling USB devices, see the [Microsoft Secure blog](https://cloudblogs.microsoft.com/microsoftsecure/). + ## Prevent threats from removable storage Windows Defender ATP can help identify and block malicious files on allowed removeable storage peripherals. From a8e69eb0eb1545f8e19f52b315d5b7293899b836 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Fri, 14 Dec 2018 14:02:40 -0800 Subject: [PATCH 47/54] edits to notes --- .../control-usb-devices-using-intune.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index 4268875d7c..5c4f5607b9 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -29,8 +29,8 @@ Windows Defender ATP provides multiple monitoring and control features for USB p - Granular configuration to deny write access to removable disks and approve or deny devices by USB vendor code, product code, device IDs, or a combination. - Flexible policy assignment of device installation settings based on an individual or group of Azure Active Directory (Azure AD) users and devices. -> [!NOTE] -> These threat reduction measures help prevent malware from coming into your environment. To protect enterprise data from leaving your environment, you can also configure data loss prevention measures. For example, on Windows 10 devices you can configure [BitLocker](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview) and [Windows Information Protection](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure), which will encrypt company data even if it is stored on a personal device, or use the [Storage/RemovableDiskDenyWriteAccess CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-storage#storage-removablediskdenywriteaccess) to deny write access to removable disks. +>[!NOTE] +>These threat reduction measures help prevent malware from coming into your environment. To protect enterprise data from leaving your environment, you can also configure data loss prevention measures. For example, on Windows 10 devices you can configure [BitLocker](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview) and [Windows Information Protection](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure), which will encrypt company data even if it is stored on a personal device, or use the [Storage/RemovableDiskDenyWriteAccess CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-storage#storage-removablediskdenywriteaccess) to deny write access to removable disks. For more information about controlling USB devices, see the [Microsoft Secure blog](https://cloudblogs.microsoft.com/microsoftsecure/). @@ -45,8 +45,8 @@ Protecting authorized removable storage with Windows Defender Antivirus requires - If real-time protection is enabled, files are scanned before they are accessed and executed. The scanning scope includes all files, including those on mounted removable devices such as USB drives. You can optionally [run a PowerShell script to perform a custom scan](https://aka.ms/scanusb) of a USB drive after it is mounted, so that Windows Defender Antivirus starts scanning all files on a removable device once the removable device is attached. However, we recommend enabling real-time protection for improved scanning performance, especially for large storage devices. - If scheduled scans are used, then you need to disable the DisableRemovableDriveScanning (enabled by default) to scan the removable device during a full scan. Removable devices are scanned during a quick or custom scan regardless of the DisableRemovableDriveScanning setting. -> [!NOTE] -> We recommend enabling real-time monitoring for scanning. In Intune, you can enable real-time monitoring for Windows 10 in **Device Restrictions** > **Configure** > **Windows Defender Antivirus** > **Real-time monitoring**. +>[!NOTE] +>We recommend enabling real-time monitoring for scanning. In Intune, you can enable real-time monitoring for Windows 10 in **Device Restrictions** > **Configure** > **Windows Defender Antivirus** > **Real-time monitoring**. @@ -110,8 +110,8 @@ Based on any Windows Defender ATP event, including the plug and play events, you Windows Defender ATP can prevent USB peripherals from being used on devices to help prevent external threats. It does this by using the properties reported by USB peripherals to determine whether or not they can be installed and used on the device. -> [!Note] -> Always test and refine these settings with a pilot group of users and devices first before applying them in production. +>[!Note] +>Always test and refine these settings with a pilot group of users and devices first before applying them in production. The following table describes the two ways Windows Defender ATP can help prevent installation and usage of USB peripherals. For more information about controlling USB devices, see the [Microsoft Secure blog](https://cloudblogs.microsoft.com/microsoftsecure/). @@ -122,8 +122,8 @@ For more information about controlling USB devices, see the [Microsoft Secure bl | [Only allow installation and usage of specifically approved peripherals](#only-allow-installation-and-usage-of-specifically-approved-peripherals) | Users can only install and use approved peripherals that report specific properties in their firmware | | [Prevent installation of specifically prohibited peripherals](#prevent-installation-of-specifically-prohibited-peripherals) | Users can't install or use prohibited peripherals that report specific properties in their firmware | -> [!Note] -> Because an unauthorized USB peripheral can have firmware that spoofs its USB properties, we recommend only allowing specifically approved USB peripherals and limiting the users who can access them. +>[!Note] +>Because an unauthorized USB peripheral can have firmware that spoofs its USB properties, we recommend only allowing specifically approved USB peripherals and limiting the users who can access them. ### Block installation and usage of removable storage From 6e80cbd6d7c4b3d26608c5b325a8ada2e3c20efa Mon Sep 17 00:00:00 2001 From: Iaan D'Souza-Wiltshire Date: Fri, 14 Dec 2018 22:40:48 +0000 Subject: [PATCH 48/54] Updated control-usb-devices-using-intune.md --- .../device-control/control-usb-devices-using-intune.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index 5c4f5607b9..45425c82e1 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -19,7 +19,7 @@ Windows Defender ATP provides multiple monitoring and control features for USB p 1. [Prevent threats from removable storage](#prevent-threats-from-removable-storage) introduced by removable storage devices by enabling: - [Windows Defender Antivirus real-time protection (RTP)](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus) to scan removable storage for malware. - - [Exploit Guard Attack Surface Reduction (ASR) USB rule](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard) to block untrusted and unsigned processes that run from USB. + - The [Exploit Guard Attack Surface Reduction (ASR) USB rule](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard) to block untrusted and unsigned processes that run from USB. - [Direct Memory Access (DMA) protection settings](#protect-against-direct-memory-access-dma-attacks) to mitigate DMA attacks, including [Kernel DMA Protection for Thunderbolt](https://docs.microsoft.com/windows/security/information-protection/kernel-dma-protection-for-thunderbolt) and blocking DMA until a user signs in. 2. [Detect plug and play connected events for peripherals in Windows Defender ATP advanced hunting](#detect-plug-and-play-connected-events) @@ -32,7 +32,7 @@ Windows Defender ATP provides multiple monitoring and control features for USB p >[!NOTE] >These threat reduction measures help prevent malware from coming into your environment. To protect enterprise data from leaving your environment, you can also configure data loss prevention measures. For example, on Windows 10 devices you can configure [BitLocker](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview) and [Windows Information Protection](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure), which will encrypt company data even if it is stored on a personal device, or use the [Storage/RemovableDiskDenyWriteAccess CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-storage#storage-removablediskdenywriteaccess) to deny write access to removable disks. -For more information about controlling USB devices, see the [Microsoft Secure blog](https://cloudblogs.microsoft.com/microsoftsecure/). +For more information about controlling USB devices, see the [Microsoft Secure blog "WDATP has protections for USB and removable devices"](https://aka.ms/devicecontrolblog). ## Prevent threats from removable storage @@ -43,7 +43,7 @@ Windows Defender ATP can help identify and block malicious files on allowed remo Protecting authorized removable storage with Windows Defender Antivirus requires [enabling real-time protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus) or scheduling scans and configuring removable drives for scans. - If real-time protection is enabled, files are scanned before they are accessed and executed. The scanning scope includes all files, including those on mounted removable devices such as USB drives. You can optionally [run a PowerShell script to perform a custom scan](https://aka.ms/scanusb) of a USB drive after it is mounted, so that Windows Defender Antivirus starts scanning all files on a removable device once the removable device is attached. However, we recommend enabling real-time protection for improved scanning performance, especially for large storage devices. -- If scheduled scans are used, then you need to disable the DisableRemovableDriveScanning (enabled by default) to scan the removable device during a full scan. Removable devices are scanned during a quick or custom scan regardless of the DisableRemovableDriveScanning setting. +- If scheduled scans are used, then you need to disable the DisableRemovableDriveScanning setting (enabled by default) to scan the removable device during a full scan. Removable devices are scanned during a quick or custom scan regardless of the DisableRemovableDriveScanning setting. >[!NOTE] >We recommend enabling real-time monitoring for scanning. In Intune, you can enable real-time monitoring for Windows 10 in **Device Restrictions** > **Configure** > **Windows Defender Antivirus** > **Real-time monitoring**. @@ -114,7 +114,7 @@ Windows Defender ATP can prevent USB peripherals from being used on devices to h >Always test and refine these settings with a pilot group of users and devices first before applying them in production. The following table describes the two ways Windows Defender ATP can help prevent installation and usage of USB peripherals. -For more information about controlling USB devices, see the [Microsoft Secure blog](https://cloudblogs.microsoft.com/microsoftsecure/). +For more information about controlling USB devices, see the [Microsoft Secure blog "WDATP has protections for USB and removable devices"](https://aka.ms/devicecontrolblog). | Control | Description | |----------|-------------| From adc3a2f61aeabb6f70c01cc0fb0312f4202d3d2c Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Fri, 14 Dec 2018 15:28:06 -0800 Subject: [PATCH 49/54] added links --- .../device-control/control-usb-devices-using-intune.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index 45425c82e1..98584838c4 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -113,7 +113,7 @@ Windows Defender ATP can prevent USB peripherals from being used on devices to h >[!Note] >Always test and refine these settings with a pilot group of users and devices first before applying them in production. -The following table describes the two ways Windows Defender ATP can help prevent installation and usage of USB peripherals. +The following table describes the ways Windows Defender ATP can help prevent installation and usage of USB peripherals. For more information about controlling USB devices, see the [Microsoft Secure blog "WDATP has protections for USB and removable devices"](https://aka.ms/devicecontrolblog). | Control | Description | @@ -175,6 +175,7 @@ For a SyncML example that prevents installation of specific device IDs, see [Dev ## Related topics - [Configure real-time protection for Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus) +- [Defender/AllowFullScanRemovableDriveScanning](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-allowfullscanremovabledrivescanning) - [DeviceInstallation CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation) - [Perform a custom scan of a removable device](https://aka.ms/scanusb) - [BitLocker](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview) From e046e99e23ef062e27aa561b8ad1109515e56885 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Fri, 14 Dec 2018 15:38:10 -0800 Subject: [PATCH 50/54] added links --- .../device-control/control-usb-devices-using-intune.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index 98584838c4..a2938cdf3c 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -175,8 +175,8 @@ For a SyncML example that prevents installation of specific device IDs, see [Dev ## Related topics - [Configure real-time protection for Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus) -- [Defender/AllowFullScanRemovableDriveScanning](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-allowfullscanremovabledrivescanning) -- [DeviceInstallation CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation) +- [Defender/AllowFullScanRemovableDriveScanning CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-allowfullscanremovabledrivescanning) +- [Policy/DeviceInstallation CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation) - [Perform a custom scan of a removable device](https://aka.ms/scanusb) - [BitLocker](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview) - [Windows Information Protection](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure) From b70fb019bf5577b84f73d75b866132cce315b9ef Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Mon, 17 Dec 2018 10:43:37 -0800 Subject: [PATCH 51/54] feedback from Aacer --- .../device-control/control-usb-devices-using-intune.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index a2938cdf3c..977c81eee7 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -8,7 +8,7 @@ ms.pagetype: security ms.localizationpriority: medium ms.author: justinha author: justinha -ms.date: 12/15/2018 +ms.date: 12/18/2018 --- # How to control USB devices and other removable media using Windows Defender ATP @@ -92,7 +92,9 @@ DMA attacks can lead to disclosure of sensitive information residing on a PC, or 1. Beginning with Windows 10 version 1803, Microsoft introduced [Kernel DMA Protection for Thunderbolt](https://docs.microsoft.com/windows/security/information-protection/kernel-dma-protection-for-thunderbolt) to provide native protection against DMA attacks via Thunderbolt ports. Kernel DMA Protection for Thunderbolt is enabled by system manufacturers and cannot be turned on or off by users. - Beginning with Windows 10 version 1809, you can adjust the level of Kernel DMA Protection by configuring the [DMA Guard CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-dmaguard#dmaguard-deviceenumerationpolicy). This is an additional control for devices that don't support device memory isolation (also known as DMA-remapping). These devices can be blocked, allowed, or allowed only after the user signs in (default). Devices that do support device memory isolation can always connect. + Beginning with Windows 10 version 1809, you can adjust the level of Kernel DMA Protection by configuring the [DMA Guard CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-dmaguard#dmaguard-deviceenumerationpolicy). This is an additional control for peripherals that don't support device memory isolation (also known as DMA-remapping). Memory isolation allows the OS to leverage the I/O Memory Management Unit (IOMMU) of a device to block unallowed I/O, or memory access, by the peripheral (memory sandboxing). In other words, the OS assigns a certain memory range to the peripheral. If the peripheral attempts to read/write to memory outside of the assigned range, the OS blocks it. + + Peripherals that support device memory isolation can always connect. Peripherals that don't can be blocked, allowed, or allowed only after the user signs in (default). 2. On Windows 10 systems that do not suppprt Kernel DMA Protection, you can: From 529cc260e13ba21bb32d58d562bfe11e93fa1691 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Mon, 17 Dec 2018 10:54:45 -0800 Subject: [PATCH 52/54] revisec respond heading based on feedback from Anch --- .../device-control/control-usb-devices-using-intune.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index 977c81eee7..25884a9bd3 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -25,7 +25,7 @@ Windows Defender ATP provides multiple monitoring and control features for USB p 2. [Detect plug and play connected events for peripherals in Windows Defender ATP advanced hunting](#detect-plug-and-play-connected-events) - Identify or investigate suspicious usage activity. Create customized alerts based on these PnP events or any other Windows Defender ATP events with [custom detection rules](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/custom-detection-rules). -3. [Respond to additional peripherals](#respond-to-additional-peripherals) in real-time based on properties reported by each peripheral: +3. [Respond to threats](#respond-to-threats) from peripherals in real-time based on properties reported by each peripheral: - Granular configuration to deny write access to removable disks and approve or deny devices by USB vendor code, product code, device IDs, or a combination. - Flexible policy assignment of device installation settings based on an individual or group of Azure Active Directory (Azure AD) users and devices. @@ -108,7 +108,7 @@ You can view plug and play connected events in Windows Defender ATP advanced hun For examples of Windows Defender ATP advanced hunting queries, see the [Windows Defender ATP hunting queries GitHub repo](https://github.com/Microsoft/WindowsDefenderATP-Hunting-Queries). Based on any Windows Defender ATP event, including the plug and play events, you can create custom alerts using the Windows Defender ATP [custom detection rule feature](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/custom-detection-rules). -## Respond to additional peripherals +## Respond to threats Windows Defender ATP can prevent USB peripherals from being used on devices to help prevent external threats. It does this by using the properties reported by USB peripherals to determine whether or not they can be installed and used on the device. From 743978ef6fc840a7d676d50a542ffdbdc7d9d39b Mon Sep 17 00:00:00 2001 From: Liza Poggemeyer Date: Wed, 19 Dec 2018 00:09:06 +0000 Subject: [PATCH 53/54] Merged PR 13452: CATS testing fixes for links, https, metadata, etc CATS testing fixes for links, https, metadata, etc --- .../change-history-ms-edu-get-started.md | 3 +- ...configure-microsoft-store-for-education.md | 1 - .../get-started/enable-microsoft-teams.md | 1 - .../finish-setup-and-other-tasks.md | 1 - .../get-started-with-microsoft-education.md | 1 - .../set-up-office365-edu-tenant.md | 1 - .../set-up-windows-10-education-devices.md | 1 - .../set-up-windows-education-devices.md | 1 - .../get-started/use-intune-for-education.md | 1 - education/get-started/use-school-data-sync.md | 1 - education/images/M365-education.svg | 2 +- education/images/education-ms-teams.svg | 2 +- education/images/education-partner-aep-2.svg | 2 +- .../images/education-partner-directory-3.svg | 2 +- education/images/education-partner-mepn-1.svg | 2 +- education/images/education-partner-yammer.svg | 2 +- education/images/education-pro-usb.svg | 2 +- education/index.md | 1 + .../educator-tib-get-started.md | 3 +- education/trial-in-a-box/images/it-admin1.svg | 6 ++-- education/trial-in-a-box/images/student1.svg | 6 ++-- education/trial-in-a-box/images/student2.svg | 6 ++-- education/trial-in-a-box/images/teacher1.svg | 6 ++-- education/trial-in-a-box/images/teacher2.svg | 6 ++-- education/trial-in-a-box/index.md | 1 - .../trial-in-a-box/itadmin-tib-get-started.md | 1 - education/trial-in-a-box/support-options.md | 1 - education/windows/autopilot-reset.md | 1 - education/windows/change-history-edu.md | 1 - education/windows/change-to-pro-education.md | 1 - .../windows/chromebook-migration-guide.md | 1 - .../configure-windows-for-education.md | 3 +- .../create-tests-using-microsoft-forms.md | 3 +- .../deploy-windows-10-in-a-school-district.md | 1 - .../windows/deploy-windows-10-in-a-school.md | 1 - .../windows/edu-deployment-recommendations.md | 3 +- .../education-scenarios-store-for-business.md | 5 ++- .../enable-s-mode-on-surface-go-devices.md | 11 +++---- .../windows/get-minecraft-device-promotion.md | 3 +- .../windows/get-minecraft-for-education.md | 5 ++- education/windows/index.md | 1 - education/windows/s-mode-switch-to-edu.md | 1 - education/windows/school-get-minecraft.md | 9 +++--- .../set-up-school-pcs-azure-ad-join.md | 1 - .../set-up-school-pcs-provisioning-package.md | 1 - .../set-up-school-pcs-shared-pc-mode.md | 1 - .../windows/set-up-school-pcs-technical.md | 1 - .../windows/set-up-school-pcs-whats-new.md | 1 - .../set-up-students-pcs-to-join-domain.md | 3 +- .../windows/set-up-students-pcs-with-apps.md | 1 - education/windows/set-up-windows-10.md | 1 - .../windows/take-a-test-app-technical.md | 3 +- education/windows/take-a-test-multiple-pcs.md | 7 ++--- education/windows/take-a-test-single-pc.md | 1 - education/windows/take-tests-in-windows-10.md | 1 - education/windows/teacher-get-minecraft.md | 9 +++--- education/windows/test-windows10s-for-edu.md | 31 +++++++++---------- .../windows/use-set-up-school-pcs-app.md | 1 - ...indows-editions-for-education-customers.md | 3 +- 59 files changed, 67 insertions(+), 112 deletions(-) diff --git a/education/get-started/change-history-ms-edu-get-started.md b/education/get-started/change-history-ms-edu-get-started.md index 97ddde85fb..0110254868 100644 --- a/education/get-started/change-history-ms-edu-get-started.md +++ b/education/get-started/change-history-ms-edu-get-started.md @@ -2,8 +2,7 @@ title: Change history for Microsoft Education Get Started description: New and changed topics in the Microsoft Education get started guide. keywords: Microsoft Education get started guide, IT admin, IT pro, school, education, change history -ms.prod: w10 -ms.technology: Windows +ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: edu diff --git a/education/get-started/configure-microsoft-store-for-education.md b/education/get-started/configure-microsoft-store-for-education.md index caf9b51520..6da930b66d 100644 --- a/education/get-started/configure-microsoft-store-for-education.md +++ b/education/get-started/configure-microsoft-store-for-education.md @@ -3,7 +3,6 @@ title: Configure Microsoft Store for Education description: Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices. keywords: education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, School Data Sync, Microsoft Teams, Microsoft Store for Education, Azure AD, Set up School PCs ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: deploy ms.sitesec: library ms.topic: get-started diff --git a/education/get-started/enable-microsoft-teams.md b/education/get-started/enable-microsoft-teams.md index bab1e61628..5d3af7dc3d 100644 --- a/education/get-started/enable-microsoft-teams.md +++ b/education/get-started/enable-microsoft-teams.md @@ -3,7 +3,6 @@ title: Enable Microsoft Teams for your school description: Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices. keywords: education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, School Data Sync, Microsoft Teams, Microsoft Store for Education, Azure AD, Set up School PCs ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: deploy ms.sitesec: library ms.topic: get-started diff --git a/education/get-started/finish-setup-and-other-tasks.md b/education/get-started/finish-setup-and-other-tasks.md index b15394f6ac..120b357bc2 100644 --- a/education/get-started/finish-setup-and-other-tasks.md +++ b/education/get-started/finish-setup-and-other-tasks.md @@ -3,7 +3,6 @@ title: Finish Windows 10 device setup and other tasks description: Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices. keywords: education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, School Data Sync, Microsoft Teams, Microsoft Store for Education, Azure AD, Set up School PCs ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: deploy ms.sitesec: library ms.topic: get-started diff --git a/education/get-started/get-started-with-microsoft-education.md b/education/get-started/get-started-with-microsoft-education.md index 39dad1f8e4..6df81f8b27 100644 --- a/education/get-started/get-started-with-microsoft-education.md +++ b/education/get-started/get-started-with-microsoft-education.md @@ -3,7 +3,6 @@ title: Deploy and manage a full cloud IT solution with Microsoft Education description: Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices. keywords: education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, School Data Sync, Microsoft Teams, Microsoft Store for Education, Azure AD, Set up School PCs ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: deploy ms.sitesec: library ms.topic: hero-article diff --git a/education/get-started/set-up-office365-edu-tenant.md b/education/get-started/set-up-office365-edu-tenant.md index 82ee6a90cd..01a5f5b4a9 100644 --- a/education/get-started/set-up-office365-edu-tenant.md +++ b/education/get-started/set-up-office365-edu-tenant.md @@ -3,7 +3,6 @@ title: Set up an Office 365 Education tenant description: Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices. keywords: education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, School Data Sync, Microsoft Teams, Microsoft Store for Education, Azure AD, Set up School PCs ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: deploy ms.sitesec: library ms.topic: get-started diff --git a/education/get-started/set-up-windows-10-education-devices.md b/education/get-started/set-up-windows-10-education-devices.md index 5b79384b77..a62a0e282d 100644 --- a/education/get-started/set-up-windows-10-education-devices.md +++ b/education/get-started/set-up-windows-10-education-devices.md @@ -3,7 +3,6 @@ title: Set up Windows 10 education devices description: Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices. keywords: education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, School Data Sync, Microsoft Teams, Microsoft Store for Education, Azure AD, Set up School PCs ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: deploy ms.sitesec: library ms.topic: get-started diff --git a/education/get-started/set-up-windows-education-devices.md b/education/get-started/set-up-windows-education-devices.md index ba8630edd9..e1f8ef557e 100644 --- a/education/get-started/set-up-windows-education-devices.md +++ b/education/get-started/set-up-windows-education-devices.md @@ -3,7 +3,6 @@ title: Set up Windows 10 devices using Windows OOBE description: Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices. keywords: education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, School Data Sync, Microsoft Teams, Microsoft Store for Education, Azure AD, Set up School PCs ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: deploy ms.sitesec: library ms.topic: get-started diff --git a/education/get-started/use-intune-for-education.md b/education/get-started/use-intune-for-education.md index baef903733..d1ab32cfa9 100644 --- a/education/get-started/use-intune-for-education.md +++ b/education/get-started/use-intune-for-education.md @@ -3,7 +3,6 @@ title: Use Intune for Education to manage groups, apps, and settings description: Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices. keywords: education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, School Data Sync, Microsoft Teams, Microsoft Store for Education, Azure AD, Set up School PCs ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: deploy ms.sitesec: library ms.topic: get-started diff --git a/education/get-started/use-school-data-sync.md b/education/get-started/use-school-data-sync.md index f880134137..f2bcfb50f9 100644 --- a/education/get-started/use-school-data-sync.md +++ b/education/get-started/use-school-data-sync.md @@ -3,7 +3,6 @@ title: Use School Data Sync to import student data description: Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices. keywords: education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, School Data Sync, Microsoft Teams, Microsoft Store for Education, Azure AD, Set up School PCs ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: deploy ms.sitesec: library ms.topic: get-started diff --git a/education/images/M365-education.svg b/education/images/M365-education.svg index 7f83629296..9591f90f68 100644 --- a/education/images/M365-education.svg +++ b/education/images/M365-education.svg @@ -1,4 +1,4 @@ - +

diff --git a/education/trial-in-a-box/educator-tib-get-started.md b/education/trial-in-a-box/educator-tib-get-started.md index 652ef9e87c..0861f90f74 100644 --- a/education/trial-in-a-box/educator-tib-get-started.md +++ b/education/trial-in-a-box/educator-tib-get-started.md @@ -3,7 +3,6 @@ title: Educator Trial in a Box Guide description: Need help or have a question about using Microsoft Education? Start here. keywords: support, troubleshooting, education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, Microsoft Store for Education, Set up School PCs ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: deploy ms.sitesec: library ms.topic: article @@ -162,7 +161,7 @@ Use video to create a project summary. 1. Check you have the latest version of Microsoft Photos. Open the **Start** menu and search for **Store**. Select the **See more** button (**…**) and select **Downloads and updates**. Select **Get updates**. -2. Open Microsoft Edge and visit http://aka.ms/PhotosTIB to download a zip file of the project media. +2. Open Microsoft Edge and visit https://aka.ms/PhotosTIB to download a zip file of the project media. 3. Once the download has completed, open the zip file and select **Extract** > **Extract all**. Select **Browse** and choose the **Pictures** folder as the destination, and then select **Extract**. diff --git a/education/trial-in-a-box/images/it-admin1.svg b/education/trial-in-a-box/images/it-admin1.svg index f69dc4d324..695337f601 100644 --- a/education/trial-in-a-box/images/it-admin1.svg +++ b/education/trial-in-a-box/images/it-admin1.svg @@ -1,8 +1,8 @@ - + - diff --git a/education/trial-in-a-box/images/student1.svg b/education/trial-in-a-box/images/student1.svg index 832a1214ae..25c267bae9 100644 --- a/education/trial-in-a-box/images/student1.svg +++ b/education/trial-in-a-box/images/student1.svg @@ -1,8 +1,8 @@ - + - diff --git a/education/trial-in-a-box/images/student2.svg b/education/trial-in-a-box/images/student2.svg index 6566eab49b..5d473d1baf 100644 --- a/education/trial-in-a-box/images/student2.svg +++ b/education/trial-in-a-box/images/student2.svg @@ -1,8 +1,8 @@ - + - diff --git a/education/trial-in-a-box/images/teacher1.svg b/education/trial-in-a-box/images/teacher1.svg index 7db5c7dd32..00feb1e22a 100644 --- a/education/trial-in-a-box/images/teacher1.svg +++ b/education/trial-in-a-box/images/teacher1.svg @@ -1,8 +1,8 @@ - + - diff --git a/education/trial-in-a-box/images/teacher2.svg b/education/trial-in-a-box/images/teacher2.svg index e4f1cd4b74..592c516120 100644 --- a/education/trial-in-a-box/images/teacher2.svg +++ b/education/trial-in-a-box/images/teacher2.svg @@ -1,8 +1,8 @@ - + - diff --git a/education/trial-in-a-box/index.md b/education/trial-in-a-box/index.md index 4a891bb989..c91f1c0264 100644 --- a/education/trial-in-a-box/index.md +++ b/education/trial-in-a-box/index.md @@ -3,7 +3,6 @@ title: Microsoft Education Trial in a Box description: For IT admins, educators, and students, discover what you can do with Microsoft 365 Education. Try it out with our Trial in a Box program. keywords: education, Microsoft 365 Education, trial, full cloud IT solution, school, deploy, setup, IT admin, educator, student, explore, Trial in a Box ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: deploy ms.sitesec: library ms.topic: article diff --git a/education/trial-in-a-box/itadmin-tib-get-started.md b/education/trial-in-a-box/itadmin-tib-get-started.md index a8ba174071..49d37afbff 100644 --- a/education/trial-in-a-box/itadmin-tib-get-started.md +++ b/education/trial-in-a-box/itadmin-tib-get-started.md @@ -3,7 +3,6 @@ title: IT Admin Trial in a Box Guide description: Try out Microsoft 365 Education to implement a full cloud infrastructure for your school, manage devices and apps, and configure and deploy policies to your Windows 10 devices. keywords: education, Microsoft 365 Education, trial, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, Microsoft Store for Education ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: deploy ms.sitesec: library ms.topic: get-started diff --git a/education/trial-in-a-box/support-options.md b/education/trial-in-a-box/support-options.md index 11a23af4ec..cc82641391 100644 --- a/education/trial-in-a-box/support-options.md +++ b/education/trial-in-a-box/support-options.md @@ -3,7 +3,6 @@ title: Microsoft Education Trial in a Box Support description: Need help or have a question about using Microsoft Education Trial in a Box? Start here. keywords: support, troubleshooting, education, Microsoft 365 Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, Microsoft Store for Education, Set up School PCs ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: deploy ms.sitesec: library ms.topic: article diff --git a/education/windows/autopilot-reset.md b/education/windows/autopilot-reset.md index 8a5441c5cc..3ab4c50a66 100644 --- a/education/windows/autopilot-reset.md +++ b/education/windows/autopilot-reset.md @@ -3,7 +3,6 @@ title: Reset devices with Autopilot Reset description: Gives an overview of Autopilot Reset and how you can enable and use it in your schools. keywords: Autopilot Reset, Windows 10, education ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: edu diff --git a/education/windows/change-history-edu.md b/education/windows/change-history-edu.md index 76c3513812..4185c9baae 100644 --- a/education/windows/change-history-edu.md +++ b/education/windows/change-history-edu.md @@ -3,7 +3,6 @@ title: Change history for Windows 10 for Education (Windows 10) description: New and changed topics in Windows 10 for Education keywords: Windows 10 education documentation, change history ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: edu diff --git a/education/windows/change-to-pro-education.md b/education/windows/change-to-pro-education.md index d6bd7cb98c..58dcd89d1e 100644 --- a/education/windows/change-to-pro-education.md +++ b/education/windows/change-to-pro-education.md @@ -3,7 +3,6 @@ title: Change to Windows 10 Education from Windows 10 Pro description: Learn how IT Pros can opt into changing to Windows 10 Pro Education from Windows 10 Pro. keywords: change, free change, Windows 10 Pro to Windows 10 Pro Education, Windows 10 Pro to Windows 10 Pro Education, education customers, Windows 10 Pro Education, Windows 10 Pro ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: edu diff --git a/education/windows/chromebook-migration-guide.md b/education/windows/chromebook-migration-guide.md index 5ca42d662f..e981deb743 100644 --- a/education/windows/chromebook-migration-guide.md +++ b/education/windows/chromebook-migration-guide.md @@ -4,7 +4,6 @@ description: In this guide you will learn how to migrate a Google Chromebook-bas ms.assetid: 7A1FA48A-C44A-4F59-B895-86D4D77F8BEA keywords: migrate, automate, device, Chromebook migration ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: plan ms.sitesec: library ms.pagetype: edu, devices diff --git a/education/windows/configure-windows-for-education.md b/education/windows/configure-windows-for-education.md index 25b1199a54..9d1acc0a3c 100644 --- a/education/windows/configure-windows-for-education.md +++ b/education/windows/configure-windows-for-education.md @@ -5,7 +5,6 @@ keywords: Windows 10 deployment, recommendations, privacy settings, school, educ ms.mktglfcycl: plan ms.sitesec: library ms.prod: w10 -ms.technology: Windows ms.pagetype: edu ms.localizationpriority: medium author: CelesteDG @@ -149,7 +148,7 @@ For example: ![Set SetEduPolicies to True in Windows Configuration Designer](images/setedupolicies_wcd.png) ## Ad-free search with Bing -Provide an ad-free experience that is a safer, more private search option for K–12 education institutions in the United States. Additional information is available at http://www.bing.com/classroom/about-us. +Provide an ad-free experience that is a safer, more private search option for K–12 education institutions in the United States. Additional information is available at https://www.bing.com/classroom/about-us. > [!NOTE] > If you enable the guest account in shared PC mode, students using the guest account will not have an ad-free experience searching with Bing in Microsoft Edge unless the PC is connected to your school network and your school network has been configured as described in [IP registration for entire school network using Microsoft Edge](#ip-registration-for-entire-school-network-using-microsoft-edge). diff --git a/education/windows/create-tests-using-microsoft-forms.md b/education/windows/create-tests-using-microsoft-forms.md index 3b0c7b4e62..a5fdfd4970 100644 --- a/education/windows/create-tests-using-microsoft-forms.md +++ b/education/windows/create-tests-using-microsoft-forms.md @@ -2,8 +2,7 @@ title: Create tests using Microsoft Forms description: Learn how to use Microsoft Forms with the Take a Test app to prevent access to other computers or online resources while completing a test. keywords: school, Take a Test, Microsoft Forms -ms.prod: w10 -ms.technology: Windows +ms.prod: w10 ms.mktglfcycl: plan ms.sitesec: library ms.pagetype: edu diff --git a/education/windows/deploy-windows-10-in-a-school-district.md b/education/windows/deploy-windows-10-in-a-school-district.md index f33287b723..b8897a3042 100644 --- a/education/windows/deploy-windows-10-in-a-school-district.md +++ b/education/windows/deploy-windows-10-in-a-school-district.md @@ -3,7 +3,6 @@ title: Deploy Windows 10 in a school district (Windows 10) description: Learn how to deploy Windows 10 in a school district. Integrate the school environment with Office 365, Active Directory Domain Services (AD DS), and Microsoft Azure Active Directory (Azure AD), use System Center Configuration Manager, Intune, and Group Policy to manage devices. keywords: configure, tools, device, school district, deploy Windows 10 ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: plan ms.pagetype: edu ms.sitesec: library diff --git a/education/windows/deploy-windows-10-in-a-school.md b/education/windows/deploy-windows-10-in-a-school.md index d430864463..d226f570db 100644 --- a/education/windows/deploy-windows-10-in-a-school.md +++ b/education/windows/deploy-windows-10-in-a-school.md @@ -3,7 +3,6 @@ title: Deploy Windows 10 in a school (Windows 10) description: Learn how to integrate your school environment with Microsoft Office 365, Active Directory Domain Services (AD DS), and Microsoft Azure Active Directory (Azure AD). Deploy Windows 10 and apps to new devices or upgrade existing devices to Windows 10. Manage faculty, students, and devices by using Microsoft Intune and Group Policy. keywords: configure, tools, device, school, deploy Windows 10 ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: plan ms.pagetype: edu ms.sitesec: library diff --git a/education/windows/edu-deployment-recommendations.md b/education/windows/edu-deployment-recommendations.md index 17435853f2..82c72e22f5 100644 --- a/education/windows/edu-deployment-recommendations.md +++ b/education/windows/edu-deployment-recommendations.md @@ -8,8 +8,7 @@ ms.localizationpriority: medium author: CelesteDG ms.author: celested ms.date: 10/13/2017 -ms.prod: W10 -ms.technology: Windows +ms.prod: w10 --- # Deployment recommendations for school IT administrators diff --git a/education/windows/education-scenarios-store-for-business.md b/education/windows/education-scenarios-store-for-business.md index d90e41f458..af93be32ee 100644 --- a/education/windows/education-scenarios-store-for-business.md +++ b/education/windows/education-scenarios-store-for-business.md @@ -2,7 +2,7 @@ title: Education scenarios Microsoft Store for Education description: Learn how IT admins and teachers can use Microsoft Store for Education to acquire and manage apps in schools. keywords: school, Microsoft Store for Education, Microsoft education store -ms.prod: W10 +ms.prod: w10 ms.mktglfcycl: plan ms.sitesec: library ms.localizationpriority: medium @@ -10,8 +10,7 @@ searchScope: - Store author: trudyha ms.author: trudyha -ms.date: 3/30/2018 -ms.technology: Windows +ms.date: 03/30/2018 --- # Working with Microsoft Store for Education diff --git a/education/windows/enable-s-mode-on-surface-go-devices.md b/education/windows/enable-s-mode-on-surface-go-devices.md index a184220261..f58a24b82c 100644 --- a/education/windows/enable-s-mode-on-surface-go-devices.md +++ b/education/windows/enable-s-mode-on-surface-go-devices.md @@ -3,13 +3,12 @@ title: Enable S mode on Surface Go devices for Education description: Steps that an education customer can perform to enable S mode on Surface Go devices keywords: Surface Go for Education, S mode ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: edu ms.localizationpriority: medium author: kaushika-msft -ms.author: +ms.author: kaushik ms.date: 07/30/2018 --- @@ -54,8 +53,8 @@ process](https://docs.microsoft.com/windows/deployment/windows-10-deployment-sce publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" - xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + xmlns:wcm="https://schemas.microsoft.com/WMIConfig/2002/State" + xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance"> 1 @@ -100,8 +99,8 @@ Education customers who wish to avoid the additional overhead associated with Wi publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" - xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + xmlns:wcm="https://schemas.microsoft.com/WMIConfig/2002/State" + xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance"> 1 diff --git a/education/windows/get-minecraft-device-promotion.md b/education/windows/get-minecraft-device-promotion.md index 6fb8b22725..d0b001b4b7 100644 --- a/education/windows/get-minecraft-device-promotion.md +++ b/education/windows/get-minecraft-device-promotion.md @@ -2,7 +2,7 @@ title: Get Minecraft Education Edition with your Windows 10 device promotion description: Windows 10 device promotion for Minecraft Education Edition licenses keywords: school, Minecraft, education edition -ms.prod: W10 +ms.prod: w10 ms.mktglfcycl: plan ms.sitesec: library ms.localizationpriority: medium @@ -11,7 +11,6 @@ searchScope: - Store ms.author: trudyha ms.date: 06/05/2018 -ms.technology: Windows --- # Get Minecraft: Education Edition with Windows 10 device promotion diff --git a/education/windows/get-minecraft-for-education.md b/education/windows/get-minecraft-for-education.md index 11aeea97ed..aadf84aabc 100644 --- a/education/windows/get-minecraft-for-education.md +++ b/education/windows/get-minecraft-for-education.md @@ -2,7 +2,7 @@ title: Get Minecraft Education Edition description: Learn how to get and distribute Minecraft Education Edition. keywords: school, Minecraft, education edition -ms.prod: W10 +ms.prod: w10 ms.mktglfcycl: plan ms.sitesec: library ms.localizationpriority: medium @@ -11,7 +11,6 @@ searchScope: - Store ms.author: trudyha ms.date: 07/27/2017 -ms.technology: Windows ms.topic: conceptual --- @@ -22,7 +21,7 @@ ms.topic: conceptual - Windows 10 -[Minecraft: Education Edition](http://education.minecraft.net/) is built for learning. Watch this video to learn more about Minecraft. +[Minecraft: Education Edition](https://education.minecraft.net/) is built for learning. Watch this video to learn more about Minecraft. diff --git a/education/windows/index.md b/education/windows/index.md index 5f82e1d09a..d30a753c88 100644 --- a/education/windows/index.md +++ b/education/windows/index.md @@ -3,7 +3,6 @@ title: Windows 10 for Education (Windows 10) description: Learn how to use Windows 10 in schools. keywords: Windows 10, education ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: edu diff --git a/education/windows/s-mode-switch-to-edu.md b/education/windows/s-mode-switch-to-edu.md index e9dabad759..363cc0b93e 100644 --- a/education/windows/s-mode-switch-to-edu.md +++ b/education/windows/s-mode-switch-to-edu.md @@ -5,7 +5,6 @@ keywords: Windows 10 S switch, S mode Switch, switch in S mode, Switch S mode, W ms.mktglfcycl: deploy ms.localizationpriority: medium ms.prod: w10 -ms.technology: Windows ms.sitesec: library ms.pagetype: edu ms.date: 12/03/2018 diff --git a/education/windows/school-get-minecraft.md b/education/windows/school-get-minecraft.md index d2daacd44e..2def962415 100644 --- a/education/windows/school-get-minecraft.md +++ b/education/windows/school-get-minecraft.md @@ -2,7 +2,7 @@ title: For IT administrators get Minecraft Education Edition description: Learn how IT admins can get and distribute Minecraft in their schools. keywords: Minecraft, Education Edition, IT admins, acquire -ms.prod: W10 +ms.prod: w10 ms.mktglfcycl: plan ms.sitesec: library ms.localizationpriority: medium @@ -10,8 +10,7 @@ author: trudyha searchScope: - Store ms.author: trudyha -ms.date: 1/5/2018 -ms.technology: Windows +ms.date: 01/05/2018 ms.topic: conceptual --- @@ -21,7 +20,7 @@ ms.topic: conceptual - Windows 10 -When you sign up for a [Minecraft: Education Edition](http://education.minecraft.net) trial, or purchase a [Minecraft: Education Edition](http://education.minecraft.net) subscription. Minecraft will be added to the inventory in your Microsoft Store for Education which is associated with your Azure Active Directory (Azure AD) tenant. Your Microsoft Store for Education is only displayed to members of your organization. +When you sign up for a [Minecraft: Education Edition](https://education.minecraft.net) trial, or purchase a [Minecraft: Education Edition](https://education.minecraft.net) subscription. Minecraft will be added to the inventory in your Microsoft Store for Education which is associated with your Azure Active Directory (Azure AD) tenant. Your Microsoft Store for Education is only displayed to members of your organization. >[!Note] >If you don't have an Azure AD or Office 365 tenant, you can set up a free Office 365 Education subscription when you request Minecraft: Education Edition. For more information see [Office 365 Education plans and pricing](https://products.office.com/academic/compare-office-365-education-plans). @@ -34,7 +33,7 @@ If you’ve been approved and are part of the Enrollment for Education Solutions ### Minecraft: Education Edition - direct purchase -1. Go to [http://education.minecraft.net/](http://education.minecraft.net/) and select **GET STARTED**. +1. Go to [https://education.minecraft.net/](https://education.minecraft.net/) and select **GET STARTED**. diff --git a/education/windows/set-up-school-pcs-azure-ad-join.md b/education/windows/set-up-school-pcs-azure-ad-join.md index 16b59b9799..4a0081092e 100644 --- a/education/windows/set-up-school-pcs-azure-ad-join.md +++ b/education/windows/set-up-school-pcs-azure-ad-join.md @@ -3,7 +3,6 @@ title: Azure AD Join with Setup School PCs app description: Describes how Azure AD Join is configured in the Set up School PCs app. keywords: shared cart, shared PC, school, set up school pcs ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: plan ms.sitesec: library ms.pagetype: edu diff --git a/education/windows/set-up-school-pcs-provisioning-package.md b/education/windows/set-up-school-pcs-provisioning-package.md index 021860eac7..e362f372b9 100644 --- a/education/windows/set-up-school-pcs-provisioning-package.md +++ b/education/windows/set-up-school-pcs-provisioning-package.md @@ -3,7 +3,6 @@ title: What's in Set up School PCs provisioning package description: Lists the provisioning package settings that are configured in the Set up School PCs app. keywords: shared cart, shared PC, school, set up school pcs ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: plan ms.sitesec: library ms.pagetype: edu diff --git a/education/windows/set-up-school-pcs-shared-pc-mode.md b/education/windows/set-up-school-pcs-shared-pc-mode.md index 6276de2a50..3b3a9148a0 100644 --- a/education/windows/set-up-school-pcs-shared-pc-mode.md +++ b/education/windows/set-up-school-pcs-shared-pc-mode.md @@ -3,7 +3,6 @@ title: Shared PC mode for school devices description: Describes how shared PC mode is set for devices set up with the Set up School PCs app. keywords: shared cart, shared PC, school, set up school pcs ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: plan ms.sitesec: library ms.pagetype: edu diff --git a/education/windows/set-up-school-pcs-technical.md b/education/windows/set-up-school-pcs-technical.md index d826440afe..957af5e711 100644 --- a/education/windows/set-up-school-pcs-technical.md +++ b/education/windows/set-up-school-pcs-technical.md @@ -3,7 +3,6 @@ title: Set up School PCs app technical reference overview description: Describes the purpose of the Set up School PCs app for Windows 10 devices. keywords: shared cart, shared PC, school, set up school pcs ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: plan ms.sitesec: library ms.pagetype: edu diff --git a/education/windows/set-up-school-pcs-whats-new.md b/education/windows/set-up-school-pcs-whats-new.md index e942cf9a0a..b1f56ae163 100644 --- a/education/windows/set-up-school-pcs-whats-new.md +++ b/education/windows/set-up-school-pcs-whats-new.md @@ -3,7 +3,6 @@ title: What's new in the Windows Set up School PCs app description: Find out about app updates and new features in Set up School PCs. keywords: shared cart, shared PC, school, set up school pcs ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: plan ms.sitesec: library ms.pagetype: edu diff --git a/education/windows/set-up-students-pcs-to-join-domain.md b/education/windows/set-up-students-pcs-to-join-domain.md index 0f59dd6be5..a14aa4c69b 100644 --- a/education/windows/set-up-students-pcs-to-join-domain.md +++ b/education/windows/set-up-students-pcs-to-join-domain.md @@ -2,8 +2,7 @@ title: Set up student PCs to join domain description: Learn how to use Configuration Designer to easily provision student devices to join Active Directory. keywords: school, student PC setup, Windows Configuration Designer -ms.prod: W10 -ms.technology: Windows +ms.prod: w10 ms.mktglfcycl: plan ms.sitesec: library ms.localizationpriority: medium diff --git a/education/windows/set-up-students-pcs-with-apps.md b/education/windows/set-up-students-pcs-with-apps.md index 32c2f71bbb..77b6702db0 100644 --- a/education/windows/set-up-students-pcs-with-apps.md +++ b/education/windows/set-up-students-pcs-with-apps.md @@ -3,7 +3,6 @@ title: Provision student PCs with apps description: Learn how to use Configuration Designer to easily provision student devices to join Active Directory. keywords: shared cart, shared PC, school, provision PCs with apps, Windows Configuration Designer ms.prod: w10 -ms.technology: Windows ms.pagetype: edu ms.mktglfcycl: plan ms.sitesec: library diff --git a/education/windows/set-up-windows-10.md b/education/windows/set-up-windows-10.md index 90bffc1644..f4f62a27f3 100644 --- a/education/windows/set-up-windows-10.md +++ b/education/windows/set-up-windows-10.md @@ -3,7 +3,6 @@ title: Set up Windows devices for education description: Decide which option for setting up Windows 10 is right for you. keywords: school, Windows device setup, education device setup ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: edu diff --git a/education/windows/take-a-test-app-technical.md b/education/windows/take-a-test-app-technical.md index c444c9f842..8cfa0f104d 100644 --- a/education/windows/take-a-test-app-technical.md +++ b/education/windows/take-a-test-app-technical.md @@ -3,7 +3,6 @@ title: Take a Test app technical reference description: The policies and settings applied by the Take a Test app. keywords: take a test, test taking, school, policies ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: plan ms.sitesec: library ms.pagetype: edu @@ -24,7 +23,7 @@ Take a Test is an app that locks down the PC and displays an online assessment w Whether you are a teacher or IT administrator, you can easily configure Take a Test to meet your testing needs. For high-stakes tests, the app creates a browser-based, locked-down environment for more secure online assessments. This means that students taking the tests that don’t have copy/paste privileges, can’t access to files and applications, and are free from distractions. For simple tests and quizzes, Take a Test can be configured to use the teacher’s preferred assessment website to deliver digital assessments -Assessment vendors can use Take a Test as a platform to lock down the operating system. Take a Test supports the [SBAC browser API standard](http://www.smarterapp.org/documents/SecureBrowserRequirementsSpecifications_0-3.pdf) for high stakes common core testing. For more information, see [Take a Test Javascript API](https://docs.microsoft.com/windows/uwp/apps-for-education/take-a-test-api). +Assessment vendors can use Take a Test as a platform to lock down the operating system. Take a Test supports the [SBAC browser API standard](https://www.smarterapp.org/documents/SecureBrowserRequirementsSpecifications_0-3.pdf) for high stakes common core testing. For more information, see [Take a Test Javascript API](https://docs.microsoft.com/windows/uwp/apps-for-education/take-a-test-api). ## PC lockdown for assessment diff --git a/education/windows/take-a-test-multiple-pcs.md b/education/windows/take-a-test-multiple-pcs.md index 3c4d28cb04..c08098f28d 100644 --- a/education/windows/take-a-test-multiple-pcs.md +++ b/education/windows/take-a-test-multiple-pcs.md @@ -3,7 +3,6 @@ title: Set up Take a Test on multiple PCs description: Learn how to set up and use the Take a Test app on multiple PCs. keywords: take a test, test taking, school, set up on multiple PCs ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: plan ms.sitesec: library ms.pagetype: edu @@ -29,7 +28,7 @@ To configure a dedicated test account on multiple PCs, select any of the followi - [Configuration in Intune for Education](#set-up-a-test-account-in-intune-for-education) - [Mobile device management (MDM) or Microsoft System Center Configuration Manager](#set-up-a-test-account-in-mdm-or-configuration-manager) - [Provisioning package created through Windows Configuration Designer](#set-up-a-test-account-through-windows-configuration-designer) -- [Group Policy to deploy a scheduled task that runs a Powershell script](#set-up-a-test-account-in-group-policy) +- [Group Policy to deploy a scheduled task that runs a Powershell script](https://docs.microsoft.com/education/windows/take-a-test-multiple-pcs#create-a-scheduled-task-in-group-policy) ### Set up a test account in the Set up School PCs app If you want to set up a test account using the Set up School PCs app, configure the settings in the **Set up the Take a Test app** page in the Set up School PCs app. Follow the instructions in [Use the Set up School PCs app](use-set-up-school-pcs-app.md) to configure the test-taking account and create a provisioning package. @@ -169,7 +168,7 @@ This sample PowerShell script configures the tester account and the assessment U ``` $obj = get-wmiobject -namespace root/cimv2/mdm/dmmap -class MDM_SecureAssessment -filter "InstanceID='SecureAssessment' AND ParentID='./Vendor/MSFT'"; -$obj.LaunchURI='http://www.foo.com'; +$obj.LaunchURI='https://www.foo.com'; $obj.TesterAccount='TestAccount'; $obj.put() Set-AssignedAccess -AppUserModelId Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy!App -UserName TestAccount @@ -266,7 +265,7 @@ Once the shortcut is created, you can copy it and distribute it to students. ## Assessment URLs This assessment URL uses our lockdown API: -- SBAC/AIR: [http://mobile.tds.airast.org/launchpad/](http://mobile.tds.airast.org/launchpad/). +- SBAC/AIR: [https://mobile.tds.airast.org/launchpad/](https://mobile.tds.airast.org/launchpad/). ## Related topics diff --git a/education/windows/take-a-test-single-pc.md b/education/windows/take-a-test-single-pc.md index 666b4d00a1..43ab25e727 100644 --- a/education/windows/take-a-test-single-pc.md +++ b/education/windows/take-a-test-single-pc.md @@ -3,7 +3,6 @@ title: Set up Take a Test on a single PC description: Learn how to set up and use the Take a Test app on a single PC. keywords: take a test, test taking, school, set up on single PC ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: plan ms.sitesec: library ms.pagetype: edu diff --git a/education/windows/take-tests-in-windows-10.md b/education/windows/take-tests-in-windows-10.md index 7dfc8d1034..bede949a26 100644 --- a/education/windows/take-tests-in-windows-10.md +++ b/education/windows/take-tests-in-windows-10.md @@ -3,7 +3,6 @@ title: Take tests in Windows 10 description: Learn how to set up and use the Take a Test app. keywords: take a test, test taking, school, how to, use Take a Test ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: plan ms.sitesec: library ms.pagetype: edu diff --git a/education/windows/teacher-get-minecraft.md b/education/windows/teacher-get-minecraft.md index 87afbb458f..b5f3145c61 100644 --- a/education/windows/teacher-get-minecraft.md +++ b/education/windows/teacher-get-minecraft.md @@ -2,8 +2,7 @@ title: For teachers get Minecraft Education Edition description: Learn how teachers can get and distribute Minecraft. keywords: school, Minecraft, Education Edition, educators, teachers, acquire, distribute -ms.prod: W10 -ms.technology: Windows +ms.prod: w10 ms.mktglfcycl: plan ms.sitesec: library ms.localizationpriority: medium @@ -11,7 +10,7 @@ author: trudyha searchScope: - Store ms.author: trudyha -ms.date: 1/5/2018 +ms.date: 01/05/2018 ms.topic: conceptual --- @@ -24,13 +23,13 @@ ms.topic: conceptual The following article describes how teachers can get and distribute Minecraft: Education Edition. Minecraft: Education Edition is available for anyone to trial, and subscriptions can be purchased by qualified educational institutions directly in the Microsoft Store for Education, via volume licensing agreements and through partner resellers. -To get started, go to http://education.minecraft.net/ and select **GET STARTED**. +To get started, go to https://education.minecraft.net/ and select **GET STARTED**. ## Try Minecraft: Education Edition for Free Minecraft: Education Edition is available for anyone to try for free! The free trial is fully-functional but limited by the number of logins (25 for teachers and 10 for students) before a paid license will be required to continue playing. -To learn more and get started, go to http://education.minecraft.net/ and select **GET STARTED**. +To learn more and get started, go to https://education.minecraft.net/ and select **GET STARTED**. ## Purchase Minecraft: Education Edition for Teachers and Students diff --git a/education/windows/test-windows10s-for-edu.md b/education/windows/test-windows10s-for-edu.md index 29964738e0..ac962a298b 100644 --- a/education/windows/test-windows10s-for-edu.md +++ b/education/windows/test-windows10s-for-edu.md @@ -4,7 +4,6 @@ description: Provides guidance on downloading and testing Windows 10 in S mode f keywords: Windows 10 in S mode, try, download, school, education, Windows 10 in S mode installer, existing Windows 10 education devices ms.mktglfcycl: deploy ms.prod: w10 -ms.technology: Windows ms.pagetype: edu ms.sitesec: library ms.localizationpriority: medium @@ -80,21 +79,21 @@ Check with your device manufacturer before trying Windows 10 in S mode on your d | | | | | - | - | - | -| Acer | Alldocube | American Future Tech | -| ASBISC | Asus | Atec | -| Axdia | Casper | Cyberpower | -| Daewoo | Daten | Dell | -| Epson | EXO | Fujitsu | -| Getac | Global K | Guangzhou | -| HP | Huawei | I Life | -| iNET | Intel | LANIT Trading | -| Lenovo | LG | MCJ | -| Micro P/Exertis | Microsoft | MSI | -| Panasonic | PC Arts | Positivo SA | -| Positivo da Bahia | Samsung | Teclast | -| Thirdwave | Tongfang | Toshiba | -| Trekstor | Trigem | Vaio | -| Wortmann | Yifang | | +| Acer | Alldocube | American Future Tech | +| ASBISC | Asus | Atec | +| Axdia | Casper | Cyberpower | +| Daewoo | Daten | Dell | +| Epson | EXO | Fujitsu | +| Getac | Global K | Guangzhou | +| HP | Huawei | I Life | +| iNET | Intel | LANIT Trading | +| Lenovo | LG | MCJ | +| Micro P/Exertis | Microsoft | MSI | +| Panasonic | PC Arts | Positivo SA | +| Positivo da Bahia | Samsung | Teclast | +| Thirdwave | Tongfang | Toshiba | +| Trekstor | Trigem | Vaio | +| Wortmann | Yifang | | > [!NOTE] > If you don't see any device listed on the manufacturer's web site, check back again later as more devices get added in the future. diff --git a/education/windows/use-set-up-school-pcs-app.md b/education/windows/use-set-up-school-pcs-app.md index ad1e1eb9e2..46f5b99026 100644 --- a/education/windows/use-set-up-school-pcs-app.md +++ b/education/windows/use-set-up-school-pcs-app.md @@ -3,7 +3,6 @@ title: Use Set up School PCs app description: Learn how to use the Set up School PCs app and apply the provisioning package. keywords: shared cart, shared PC, school, Set up School PCs, overview, how to use ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: edu diff --git a/education/windows/windows-editions-for-education-customers.md b/education/windows/windows-editions-for-education-customers.md index 77282ce61d..d37d3c1d20 100644 --- a/education/windows/windows-editions-for-education-customers.md +++ b/education/windows/windows-editions-for-education-customers.md @@ -3,7 +3,6 @@ title: Windows 10 editions for education customers description: Provides an overview of the two Windows 10 editions that are designed for the needs of K-12 institutions. keywords: Windows 10 Pro Education, Windows 10 Education, Windows 10 editions, education customers ms.prod: w10 -ms.technology: Windows ms.mktglfcycl: plan ms.sitesec: library ms.pagetype: edu @@ -21,7 +20,7 @@ ms.date: 10/13/2017 Windows 10, version 1607 (Anniversary Update) continues our commitment to productivity, security, and privacy for all customers. Windows 10 Pro and Windows 10 Enterprise offer the functionality and safety features demanded by business and education customers around the globe. Windows 10 is the most secure Windows we’ve ever built. All of our Windows commercial editions can be configured to support the needs of schools, through group policies, domain join, and more. To learn more about Microsoft’s commitment to security and privacy in Windows 10, see more on both [security](https://go.microsoft.com/fwlink/?LinkId=822619) and [privacy](https://go.microsoft.com/fwlink/?LinkId=822620). -Beginning with version 1607, Windows 10 offers a variety of new features and functionality, such as simplified provisioning with the [Set up School PCs app](https://go.microsoft.com/fwlink/?LinkID=821951) or [Windows Configuration Designer](https://go.microsoft.com/fwlink/?LinkId=822623), easier delivery of digital assessments with [Take a Test](https://go.microsoft.com/fwlink/?LinkID=821956), and faster log in performance for shared devices than ever before. These features work with all Windows for desktop editions, excluding Windows 10 Home. You can find more information on [windows.com](http://www.windows.com/). +Beginning with version 1607, Windows 10 offers a variety of new features and functionality, such as simplified provisioning with the [Set up School PCs app](https://go.microsoft.com/fwlink/?LinkID=821951) or [Windows Configuration Designer](https://go.microsoft.com/fwlink/?LinkId=822623), easier delivery of digital assessments with [Take a Test](https://go.microsoft.com/fwlink/?LinkID=821956), and faster log in performance for shared devices than ever before. These features work with all Windows for desktop editions, excluding Windows 10 Home. You can find more information on [windows.com](https://www.windows.com/). Windows 10, version 1607 introduces two editions designed for the unique needs of K-12 institutions: [Windows 10 Pro Education](#windows-10-pro-education) and [Windows 10 Education](#windows-10-education). These editions provide education-specific default settings for the evolving landscape in K-12 education IT environments. From 07b9cff28304a00dd0338c6ecfb539f2c18c4f1e Mon Sep 17 00:00:00 2001 From: Liza Poggemeyer Date: Wed, 19 Dec 2018 18:18:02 +0000 Subject: [PATCH 54/54] Merged PR 13472: broken video link broken video link --- windows/client-management/troubleshoot-stop-errors.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/windows/client-management/troubleshoot-stop-errors.md b/windows/client-management/troubleshoot-stop-errors.md index 1ec7b52b6a..1ab9a027c6 100644 --- a/windows/client-management/troubleshoot-stop-errors.md +++ b/windows/client-management/troubleshoot-stop-errors.md @@ -8,7 +8,7 @@ ms.topic: troubleshooting author: kaushika-msft ms.localizationpriority: medium ms.author: kaushika -ms.date: 11/30/2018 +ms.date: 12/19/2018 --- # Advanced troubleshooting for Stop error or blue screen error issue @@ -101,8 +101,7 @@ The memory dump file is saved at the following locations. You can use the Microsoft DumpChk (Crash Dump File Checker) tool to verify that the memory dump files are not corrupted or invalid. For more information, see the following video: ->[!video https://www.youtube.com/watch?v=xN7tOfgNKag&feature=youtu.be] - +>[!video https://www.youtube.com/embed/xN7tOfgNKag] More information on how to use Dumpchk.exe to check your dump files: