From f8220a64d2c06de5e3e0ccfc7e503a65d11f671c Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Fri, 4 Aug 2017 13:54:42 -0700
Subject: [PATCH 01/37] sync

---
 windows/configuration/TOC.md                  |  2 +-
 ...change-history-for-configure-windows-10.md |  6 +++
 .../lock-down-windows-10-to-specific-apps.md  | 46 +++++++++++++++++--
 3 files changed, 49 insertions(+), 5 deletions(-)

diff --git a/windows/configuration/TOC.md b/windows/configuration/TOC.md
index f4a06d5d6a..876c4c17b2 100644
--- a/windows/configuration/TOC.md
+++ b/windows/configuration/TOC.md
@@ -8,7 +8,7 @@
 ### [Set up a shared or guest PC with Windows 10](set-up-shared-or-guest-pc.md)
 ### [Set up a kiosk on Windows 10 Pro, Enterprise, or Education](set-up-a-kiosk-for-windows-10-for-desktop-editions.md)
 ### [Guidelines for choosing an app for assigned access (kiosk mode)](guidelines-for-assigned-access-app.md)
-### [Lock down Windows 10 to specific apps (AppLocker)](lock-down-windows-10-to-specific-apps.md)
+### [Create a Windows 10 kiosk that runs multiple apps](lock-down-windows-10-to-specific-apps.md)
 ## [Configure Windows 10 Mobile devices](mobile-devices/configure-mobile.md)
 ### [Set up a kiosk on Windows 10 Mobile or Windows 10 Mobile Enterprise](mobile-devices/set-up-a-kiosk-for-windows-10-for-mobile-edition.md)
 ### [Use Windows Configuration Designer to configure Windows 10 Mobile devices](mobile-devices/provisioning-configure-mobile.md)
diff --git a/windows/configuration/change-history-for-configure-windows-10.md b/windows/configuration/change-history-for-configure-windows-10.md
index 9d2b98bf69..2a495b4f5a 100644
--- a/windows/configuration/change-history-for-configure-windows-10.md
+++ b/windows/configuration/change-history-for-configure-windows-10.md
@@ -14,6 +14,12 @@ author: jdeckerms
 
 This topic lists new and updated topics in the [Configure Windows 10](index.md) documentation for Windows 10 and Windows 10 Mobile.
 
+## RELEASE: Windows 10, version 1709
+
+The topics in this library have been updated for Windows 10, version 1709 (also known as the Fall Creators Update). The following new topics have been added:
+
+- [Create a Windows 10 kiosk that runs multiple apps](lock-down-windows-10-to-specific-apps.md)
+
 ## July 2017
 | New or changed topic | Description |
 | --- | --- |
diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index 445d25bf22..eaf60f5ed2 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -1,6 +1,6 @@
 ---
-title: Lock down Windows 10 to specific apps (Windows 10)
-description: Learn how to configure a device running Windows 10 Enterprise or Windows 10 Education so that users can only run a few specific apps.
+title: Create a Windows 10 kiosk that runs multiple apps (Windows 10)
+description: Learn how to configure a kiosk device running Windows 10 Enterprise or Windows 10 Education so that users can only run a few specific apps.
 ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8
 keywords: ["lockdown", "app restrictions", "applocker"]
 ms.prod: w10
@@ -11,14 +11,52 @@ author: jdeckerms
 ms.localizationpriority: high
 ---
 
-# Lock down Windows 10 to specific apps
+# Create a Windows 10 kiosk that runs multiple apps
 
 
 **Applies to**
 
 -   Windows 10
 
->For more info about the features and functionality that are supported in each edition of Windows, see [Compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare).
+A [kiosk device](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) typically runs a single app, and users are prevented from accessing any features or functions on the device outside of the kiosk app. In Windows 10, version 1709, the [AssignedAccess configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) has been expanded to make it easy for administrators to create kiosks that run more than one app. You can configure multi-app kiosks using a provisioning package, rather than creating rules in **AppLocker**.
+
+>[!NOTE]
+>For devices running versions of Windows 10 earlier than version 1709, you can [create AppLocker rules](#1703) to configure a multi-app kiosk.
+
+The benefit of a multi-app kiosk, or fixed-purpose device, is to provide an easy-to-understand experience for individuals by putting in front of them only the things they need to use, and removing from their view the things they don’t need to access. 
+
+>[!WARNING]
+>The assigned access feature is intended for corporate-owned fixed-purpose devices, like kiosks. When the multi-app assigned access configuration is applied on the device, certain policies are enforced system-wide, and will impact other users on the device. Deleting the multi-app configuration will remove the assigned access lockdown profiles associated with the users, but it cannot revert all the enforced policies (such as Start layout). A factory reset is needed to clear all the assigned access enforced policies.
+
+## new method (1709)
+
+Process:
+1. [Create XML file](#create-xml-file)
+2. [Add XML file to provisioning package](#add-xml)
+3. [Apply provisioning package to device](#apply-ppkg)
+
+### Prerequisites
+
+- (latest version of WCD -- is Store version okay at GA?)
+- kiosk device on 1709
+
+
+### Create XML file
+
+
+<span id="add-xml" />
+### Add XML file to provisioning package
+
+<span id="apply-ppkg" />
+### Apply provisioning package to device
+
+### mixed-reality
+
+*There are some Mixed Reality specific bits we wanted to include. For example, the IT Admin needs to include the Mixed Reality Portal as an allowed app if they want to include Mixed Reality apps in kiosk mode.*
+
+
+<span id="1703" />
+## old method (pre-1709)
 
 Learn how to configure a device running Windows 10 Enterprise or Windows 10 Education so that users can only run a few specific apps. The result is similar to [a kiosk device](set-up-a-device-for-anyone-to-use.md), but with multiple apps available. For example, you might set up a library computer so that users can search the catalog and browse the Internet, but can't run any other apps or change computer settings.
 

From efd642bf57b62c025b745416e43ccae627a0e1b2 Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Mon, 7 Aug 2017 10:11:00 -0700
Subject: [PATCH 02/37] add art

---
 windows/configuration/images/profile-config.png | Bin 0 -> 42858 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 windows/configuration/images/profile-config.png

diff --git a/windows/configuration/images/profile-config.png b/windows/configuration/images/profile-config.png
new file mode 100644
index 0000000000000000000000000000000000000000..473ad156eca9a18e94f3bd559a93019408431dfd
GIT binary patch
literal 42858
zcmZs?cQ{;8*EdWWQ6oefB}k(8UMC145+!<#&Jadt7)GKddhbNE=)E%%6TSCNMjO41
zHpAd`KhOPr-}}e6uj|xnon6k^Ypvf|YyZA!s=p;Aq9?+`!y{EydGiqu4}bCQe30<b
z-G1)g)A_ptzWc|w3V0R64BK}X5A5VW$m8Kv#}MNz9^PF)c2O~O$HOE0`=1RziJJ_7
zhgW#3`bJ*I$810AVc^TIu^z`I=fm^Gr9ed1zb6W#O|ehBy)U2?@%#!Z@E3oV9ugiT
z|0DBu$!uL{ft~FJcvi0L?ZF%UI+qJ>y=#RlO9~3hTjmRY8M9FQZ}Fq*O7na3Kjkme
z8=a>A-o=*=ORT)SxQD%YcJc1*+ajy~6?sEK;#8vc$-kQg4NsBbSA0x$5O#ZLgk5*k
zND}lEjs9<?f-ae-@PUnk!w$9+ZrYE0+`P$`h0}wT;s0Aq<&_LUn|*A<Nag>jcJJYv
z5WxRDT1`{sPIf_=@`)eZ@y{Sl(jwUEh1SYA%LgaZk0yyMchY;*n)lV}ETb4cCg<)2
zlr1g4Dya5jq^MpPn|mqL)}q7J@2giO48*xNZ%Bjta64h0?R(R@ZX1Y<{F=5Gir>P+
zXBoFf>7|`?l1y$|B<cDOdcLK|uzKnmc}G~rNU~ab-?KVZ<4=E8G{TsjYb|IVa#h<p
z)9V=nPA);ueuxgA&9Xn-OYURiS~spt&ARJDruUpxiHlkuJSu#4=off9F(yY?Nj=jr
zCD%Gmr|Eh$d&?$M`a1K=7|HcUP%QcR+W?g{$<x}76Zu|(D>h*MF~j9HKTN}1e_a(V
z|8e;`j(OaN?0WAI`UL&wrk5Nf6BclZ;4fnbgeDU_=*^|I_^m8_nnJE1H_MD=i9(Hz
z+zb=2Fz?0SV!Pe9iaKzz4;^{Dbj@NDy<zKNBH4<-D{1CnXcZ8xNI#OBqkx?(<s*cQ
zk%u^{D5t)GVL<<>X1^mVC-grpKk8hetnzupsv$>rao5o+FsjJnu9`Xp?Bc}Y`CmLL
z=l@Owm>^zA1_MI<ClDvHcLkl!_4M#kQ}as^sq=WJ?HFeKtsgDo<0bCl?Je0DRh~6o
zFd|FQoko2N|Eq!c&#3Mr4<8%I+>c|=i44kEncLVk2%4^b)o$?XQH`h25bXbM8FVmy
z*BHRJ8a0}KK)zz{MR1LBG>vbFb_RK-SRX7!cQX~6l6C-b2M4UW=}JNlD$SW<c1_UJ
zy<&6=Dk|k0qEsi@xqM5>xxoIdew@3SEI%JtTrD{hCs^9%XJSfX2~2_YJ+XM?ME1o)
zILkV~AGWS2?7LN@d6TUybnvC$QKa?CO@qC*zTG%|p=ELE=Lm;b<-p~62Rn9uo{XfJ
zBSDyqmhVv7J-*FscWp9mN?okdJK{9W+hzFKCXi$z8@Yc7RqPeNyy*?IJss76VM16=
zP4NgNB)`3XlBmO%eT5LG_g1{cn3gn^aDU%8;#6G!Rjjyv)HmgpD92np)AnuZqp2C|
z2PZ~(oB8(RFzC&A0+XRO*QbDE4@jlnL4xf}pIS66FAXzLT^iri?H`5<vfG!iKB}si
zxuE{6tf9t$Pv&!ereCj$6D^dWGtBllRIgI@kof=ZRW7bQ#58Hf{ziStVRtXFT5(_l
zLsyUP40_u{wqEQW+E=HQ)W7@DCbLW&$#}{H@A-}Ka2pu-z7avAp5UD$r#dWS9^7WI
zyVf(D&AN~wZ5`Twv6;YbFUwfSczV<>Pixz|u!0SZ1)pBWkq-gvn%N?op)n!>$k)a)
zJ%p6cN!w3~w>ZiaUrqHFjby#bk+DmMZnkZsRsC-g&6xFf(QEvfKcB&Zxt4}sZ->(Q
z;F$0~F}I4u3zIRhusQUv10xy-W-3izt+WL+n_SN-&*Z_kW(D2m7o{W*N8=o}sr}Lx
zH&s^D(9=$D{=)J550kse>Y3g;v}bTJk4g2Y3@x1buB0W@-)IpOy-V_fY6bWKNZ2~|
zddGxZeL{E)COAIb%zVUtDv#-Cw=35vW|cE7Ulu;|UFcgYP+i(&tuq-fOTEtO=wQ1V
zjvS1n|M=?V{43%4>Y`DN5VerU8tJQP3g7>k$XtYx4}lmi2J*lG`uf$o-%`=R!VsTk
zzW^`)1nAo3Gjs}pc&}`Pw+aMQJ;<of#_V(RqTItOzW{*?ISx@ZKmCH%l_S0V#aVxV
zO~x9pFTY&a_+lfy-X}`>(NOP&_|OU$U}s^Ycq)qiU5XhAw>Rijf*4CUV)gM_6)GFL
z9F@ECNBD&kAy#>X89N%ubjg|6(Krf&w6^-UpXBjpD@(35&5%1>`_6zUt#MUEh8=mP
z6;SIu9IiqX{jbKCu9$Jes*p4(B8HiJX#N+(Ak&M$0@oU*;m<KXyq8%$b#TEr;+#N`
zd=Pt8FSnd`R?}9e!epw&&)rzpd#2%>Omv+^T6@$GC9=KuQ!!_F1O;<J=f-_nB)tNx
zbO`S{7DkuE-a`7`V{>RUQsNZfi2{*lWdzL|JWxK8>r?ss+)ET4J-;pg3^RPJ2{4W|
zh(6UDP*d__E%^8|-rMeGPIFXyKB(PpOb@%}zq=m4o7@k&y^38d{Z5nVe?*uj)HWze
zKU@^rlbKM-L0{Uy1Qkeye4_f1+uEwlo#?%bz2SiGu@dw1cRbEh6n6OPg*UHTNZl^M
zMq{WJp{9eR9@r;t>;(ke<m2{p&xWfu(8sOj_nyFG?n7`ma7vw56<)+Cq0P}qrn_um
z!`}jfQm=^`1e?Xb^Gs6M$T4a5=0v9V5vcF#$jribZKUXJN@2kWJ4WuhH4`|_HKXB-
zIeHu>q{!fuZoAmm^ErK^A9Zaz@Y<OP)t}-=&>fb%`5(&^+LcvlW{b@imc2P2CZjVm
zWmV*g5M@-&U`^5Em$Xa-$myk^vjF<Nj<CyM+z!xjBb{BWFXg7*zzi4Evr*C`))(#|
z)zxMvM*4BUlOJMj^E-uxPby`-{IJXmBs;`9P|3sZ#RxtcY*8+<R;wFNN}&Q}@g!gA
z;CEa%Y7A7~)((FF+N|Z9a`gWl+wSK9{pLvOkjnh|lGlOjyQovY5R_XyWD}dc#`ef5
zP~+2deK08VfEif9IDk1m8!EDM#$+pF=30u8hl4=kiGxe3b#Y{iq{oMj<sCZYxgL4B
zOf1mQrxBis@fP%kXT}yayGg<y$x9EaenynM%U6<)<1*`RZx)3$A46#QftR^1j}zae
zzEN4w4bafs(yD8c{`|4rs8oBsbe@t<x=w-eS%+8g$BB13T6(Ko>P|Mr@9E7rS6Xcf
z)}ktSQ;t2K8NDW?d>3~$Byi8YbgHC}JjaAPOr3tmN3IrUSymJOluo$LgiKqGT6n~X
zPZ65CW|>Rn`kv9S;2^@(;^kg38@Ekn|GPDfMNuxmaU`?eK>%fnUyxb+mnvhCGA{p0
zy1ddUBidJMlkrE2%z6~xMR?z=6n*6LJ2PqISpV^Okb<Uo^$e7vWc0=_S%WFQJHPKi
z5=8{+_pzdN_b-S2;6#ZQ82K$+hHMJACQIklBg8sHK7|9mzSa`dyeD@ZIKqFhzAdnE
zB@kgfok}lhy{efeRx|H^lIBs<L^4VkBdM|~Vfn5+BIdiw{kWT9mdl)1SghZ@_O3bM
zfXdG;Q(vd*D$8S27)6!&{LdI9Z%4H%Wa4cpMam7s9|W8odb$mKE$16?;QAHRl}>Ks
z?BB(IXvUUe((!&kZspOLD>6q(7onpyH0kDYs`II$k8Kl*kU`u0?Ct8Ye6#ZuD_v7)
zvI&x8k1_O7F<sg=<Hraq>lTlnxz@ORzx?)+%tcsdp#KkjD6fOaXmqPonS~}QCQXlh
zLbR-JzVJPh7N_=G9aUXO8Xz=a3~9Akor!Xoj|3QPFGoCTWxrHES?as+jK1J>6Ji#v
z*NaXU8Z2Phr`)GGWWEQi<J3*pXsY#nx1b_@Zzb>(y2@ae-SeQTPjP9I2{e3#AeJ9j
zC^F5i!1}Kz<_alI#5K?xwk;2a#>8iqf!>?#XZj8tLHMSJpJD~n2VObLGOl$`?A8U%
zRKy9bhE+)TSe7^7>sF{Q#0nw>?kSkEGfA;_In=)&6Uz{A(a3DxrYdZe4XcBX#ndM1
z58Oe?slk6KN`d+w4XO{a61fw}eZ=Jc&7Jf?L(9}NMRmB(2_?Ox`ZX7;Mq`{mm6HnU
znZ&gj_|4HUO6yhlxz*x!4(ip9fBt^o=YQ5EY_pllwg06u-Y>;@EQK%retmp9_V2N?
z#5T=*>-FdfdvSb;E8XpywB7*Y$mgkh3om=#Gry{o@r~4*wyZa)7Xoe1&QG#vR5&NX
zWZK4LX=p%*+^7L*jjVq{j&DAs4ZNVX(flSZ-Y{SzUYR(xFu$IusNBCB&CER`16RFq
zx%DmP;B^h_hwZe1D)8V}-Wsivg3Dh78bFxAi)>kNzL?5Jh2TO}-iPUJ&yeoh;C^{&
zWvNNM<lY`L30>RW*6}<)bHnyU%%p8I4Aj2cOkq1B^Ss?}lLD#L2PLmDC@%Re1P$#3
z;a&58lCNHsbwi*SdxL_yXL`2@ru#Alrz!#y_@qVr#iknvIwtR3Ui@^Lmq?LlG}t)=
zTGd1{8NK?{YTK-bGip9M(yCaEMeQ~=_L=V7Fq1oZY|9tqiu=Zjk%6T^Z9H?cJSi*H
zddt3O3CVzN0df6Cr3u&eLb|Bi@4V&nTLyH;@6H(0y?a&i$X)zqI-T6gjU3)9#r7B;
z?X8TkU1a&GO)O(X@Dko8g7Vr?a%L{eHZcy8-0p{&8gl8u-FmwAitn<%%6fHcru~ZI
z!kkA9Ed8QDW)^y)mx?|l+Llv-Z>H|`*uCiqs@hKzPz5tH>k)744zYjGw9(s0<goGH
zKiAW@tMIdoSUlSkO93ap&A*M|llxsBfoa{8_I#=&p*NtC*FZ5KE<SL0Xv#kzCMq3~
z+;Uq$Ovl7Cl6Y-NBX;%`yMA$tq??;w<QxIIG_@TByBe)D4)E7S)e5Pw-!c}xkA+bB
z6SSIKgU5VHvTC%;8M`uamRW)A?)91Jb5Vh1(4=kn9pc#O5pS)DI@?VM2KuK^l-Wq7
z^k#R9-^#ca%J#pEA~&dY``+(a2w!>NB(6eGrM|H+JNgRd?~+%GQPY)Je>Fnao*~-s
z&dhyJ!XG6xgZ~n&4|ep-;^Zq8FT+)g$@t9_C)DjFx3<g`Pp{HDt=-hxw=Nz{Qj7P8
z-c!Ur9ex-V<>tN#eHNiExZPZwyHu~O4{VSxSj);xP1oN?C(JNzHMm}{SBTcQxkn5r
zE~i9K{YmFP9It7Fx|iOetPSVC_iUv6b(*0!U+F5G3Q5}c*B=ibv8s1MEp_vfb4b(0
zoj&Goix)QN$U&!dbVujO98u&25%1gB*y2Am`!;uv)d?Te$rOXPxiCB%@%&sqP1sx|
zx5>qCLO-d?mnq3B?PHa80j6J#3(up!oPbue>NwI>@BSJi(tT){4rpWrfT#ZT23lpO
z%il$HX`lYE3#l<_s!(Mzp8J(nCde_uY4YLs3=sS^;YzRkxyba38690`ei@(qf&8^P
zt?Z&3ReN9a(#D4V4jOR62^rnSCal=yG&%KfZhVr{y-suZW0&h{nG|+r4RGefp|gZ;
zGeqQn<d(LGwU8DGs(#<-7~wxKVVqSX;dDSqL-X(iUa+8B@wC1_Vv$Q#h(T$wEGhl#
zJA6nCSN05p_%NyAQi;W41u24~KA+R2Xqb^NrtGt3GxjvSk@axw5hx1I)^Bw_>!AM|
z6<O}e_<$a7>X6T=$@e}f8NxYVn!89NO`H8K2z;?V=jr^1M(-b;QJlv31uUDo#%@|1
zlIETmPoDEV^4Y+zzk_4C^VqG}u)42;G0GBF^@0+X{ZE?xkzV2tVhnnf7xP4yitKHg
zkHW|1k(^^hbxTXz{zCJ=uY{t0w^~JwS>!4P;fhK!Pe(y`IVMX#WIdfEM3>BdFw)Q~
zN<B@?VN4g#8CCD^s|{=Q#+=*-+~Mc53K>QzNcb+{sNi#;TU>HLdr|RQsT{ZOA73}f
zh5#2Ehee;aZ%8|}Ins)fN<=c+V34)193=s(%76-(TZD<*lAFFb6sr|dN-AZucdSe5
z)}uhbW{sJafLttoyWhW2nNfP?70x|#B1)dKG+OpOw{v6vv2a-5bhmn1M}xd{zJd6T
z;`OKe?|2d4+hjlTiha%OXy{AgmU<_AI{c)%Huh{qX2`wsWI{?w{qdM*K1Ijbwo`@N
zN9E{rsY%frZwD-^9F_3dO<9m~OO4+~-aLyAlk0ezGCr^F!=om#<vMnbDnOl81S|0U
z$~In9N<+xbQE;+sk&h5)+W2zfAomTwoJE`QU(fH;PS(;&D`#)Yy=eiH8*5W|5~d5W
zMKhvJ<@&)H#4FT-=`MW(w2ygaWE>L~CIby}g(g&Uc?;BUl}Smblb%yL9XzN<cbt7U
z9M&khfrI<VIH$ebH@6%ljcl4P1wVmJ499kR=JC_zTE?U1mrA#zb6o;MHPRrqrnL=<
zynHde?$kBel|<f6g)2m&ZYnf8oM-Wj07aeUuoOpVT0?7fz1lKl{>4l#{L?}oY02|)
z;V>m><AoJrat35)6X=He0|E0$lT`UyIv5v#jmum5^&DHPd=g1PRKYT@<)d@<U^_U(
z|7*johYI1RAQvfol472O4w<UudS2NHNn$D2b&7qBryb2m3J7BEt!==W8uCChB*Nx5
zKiAWHTMI4U><@l(8L&Wu#&Acxdb9683~J;^>+;D3v_+0)KW@)Zn^M3bow!X`Elds9
z)Hj6(!=D=0<*G7GzGt(2`i%+DPxZ1|-ETzPAx|Dm`{PZqy+PEeGu&n4Y4cvPE}Few
zig~8<b!bhwor+R1Zl%0*eL$bzGa|=XyTE^lGNT?P{f65;#Hdaej?y=JA#RU>LG0U&
zs@8NN9u9~0X`#*I&%6@vJzQ0ZN>F0xeK%53_l7&HTb?D?+leUUebMT8M4lk#C?_W=
zLp1wkMtbH{NT;0EGo0W&;g1((f(5HpK9NjJ$%`IN!DO`h`#f*P?XjC;7m}QzMrGn@
zgKSi<%c;dSQL!n?5nua{B-)jfiGR3SjDelEVjs@qB|4z~ge8#1v~f+fmCSf_oE9ck
z-~oSatFT?2w9fR$X*<;8|MEz}+fXKWP?|POOezp{|Jk)uhvD-W`!G~YI*^2YtV)pQ
z_LtZ>Y3h$1;*fWU*Fk?`H&ZH%N|Fy88eeZZe9-6lH&$;`G1f-;Fc&G|h#KsxQGV7(
zAR3i3-q!Pu^}52xK-$Ye(%5R-VneE&#QhM~zO`eEsrTXMFagrXMl$bGz7%y(3E@hk
zKzGb<jX(KF2A=HRql6jf+jzFR@5jsECW0Wg>mj~>6<+rXlO}7hN8C4%%9W`8SI44T
zN;p74yc+~F`n3V6H8#P_5QsNX@P-0ovh}#VfvpI}M?r(Z1D!oc(E_7SY8weKW1bX;
zr53f5II>CX{FnkY52vy}R~=*XewtIXcO(}#8s`c8^c?1Eo@G+X=(YFAOX4V-BY@|n
z)SSrV<aJ|?)R?FBN@=pd_ppmrt@4I79i$eG+{wtx8Xv0!ZeSpCymjhl%WB+*inbr&
zK4JQd!g?^8((2KY@5?d7SdmU<r#ODf!H|!rJ52Lte^9^Kw>z1O-jy#qSBs#SvJqH|
z@Z2gUo;y8<loW5wcNjV8%fU7*8^fb6mF<EXzIz33^Uo)B0gO%IV_3`_fXrnC*5uuO
zX}n5uPdUeVTF7N<oxa&`jI3x+z)Q}1*@JyRabS1Dsl(q0vXCi{*h2W|`f`iP&TLCh
zM7NtS6WT3}%Lj}cW_#^FbK)eP>g7(nH5nq<L3dx0CFRa;uo3U4!kdhFZ6jG$%mjHS
z%RyR5X<LWXIDU0QhXA1{?@N3(6T`ss<WI8u^O+f&;N(`C1DAI>pb)$Iy>h**-yF*;
z^%V(XWlFPU$8GyF#EYE^Ku1Fs{>SWT-Ash*XM^7y1fKnLDHo%{i+JMFXjl1LX0Q1P
z{Lh3YmA1~8YQbx6{%j;qFMB-!mULgY<0586f;;4Us3i;1AMq#YVS7?BTS?YaYiEMp
zNGJJ!woX*j_V=#dYs0<}-hINn+Qe>qt3A0FWw!qwJ2Y#lf}pq9-bXV{!h0bk?@K<F
zl1j)PuGI-mAlPIuBuUTdsVUlp7s+*{=-#4!jF$%we(jgXcX%;#uc|7rn_M$I#mRYD
zGV%@mkAL=6p&$$gJrUp-9WdA|kmz|k?u6zmCjn{|Ag&lI`uB}1GdU|K%uX>DHqt1$
zc*q-U$&A?z|84tl0nj+Zw-xS*a4VO{$h7%~KxSwCX611b-k>jUI(_igK1j9Yh-?oC
zw?c}cqAfgqv3x9NN?bziUox`ixl&e|`*j7B$*Qa?pg!$Jg?m?JvDN8zBpQ}u0^gC`
zVZAfD&iy1r$ykQ6FUHx+dp_*NLNhP)LDdhSL53Bw*GT8y`dNRKbZDvN!3b%{rGPBY
z&>mT*o73r{$XRdC3ZOSCN2u>!vOa^T9{d=chQ35ax%cC5Tm+PR1Dma)xV<^<192+p
zn((fuI=oO+4f5;J+;aJZp%Mw0NzgMq54UwLs;*_R@$s$7$wKyW$wo`x@rbNXuwy>r
z=ok0rUBf08?N9a5Vs&0kW8}Xx%bJTawV2}o@5h85<cvM2{1tzcWvM)kmpof|>2;<Z
zPv>x;7tu0yyhUQ%^y0B%bW`5!&1SYJ`VWxLBg-zd?-OK@7JJT(`n5`TpqxtBGecqh
zkB+$CczTjk`Dy&wV1?Rgr^NFZsNuzpEYygNoM(qrD^A(tH63H8ImEUdMzE=3X!6F`
zeR9&mIoJ|gNZo8IEtpSnh^V{ArontU!RmA&mAN;ei`8IWOBy&lFfH;7C(C1ww<);r
z2AdQ=GHUl@-{A=*#lY!Bc12|$Pt1=O%!6{B9)Y3D4~j5X73Aj?Ol{oTv1(^}sGge^
zgD7HVW+!aRrQXajp6)!|A4(x~cCRAf17LL_@}oYV@K7wPc$DmAyf7oE;6M`Joo$eD
zH0Uq=b+_lhy8FDepE;<#RtWUK9RTNv?5`Rq8qQ+9i_4Zk&)Y!g2JKf8m*7J~l<z0&
z$eh4Kw+!U<QByB)lI!e5Np6kSHtk2dh)a+dM#qSmn5L8|!n&Btvh4k9aPoKhuaac+
z1mvHpQxOjK`)R6t>;INGCe@qm`G*38p;4l}O8B;^sYLg-j&0ZO{ncIPq2J7|ggMlf
z=C8E4hN#(vnrdyr1@F%_LA-u$buB(*d!&=S%;y_gXKIL5l$7~}<FNK!x(h*@BEIU5
zSTbnGmeDSKdrqiK(3z`wlk8wXau~!pZ!cll9pnAdffuY_D%q+MCSzO}^|=3w1p727
zC^ul*862l;Y`iG5dX)p5BVEgVpu+xh5o>hCh>I8l{e7p%Il5KVf)TzoD0^pBzMDTv
zi{;r#t87-a>hNt5)>Ouh%JnB%T!!ps2r-KOlOAXI7$o|bmT8c8CV=dzlFHH<WMY5w
zFxlS!K_VNsTGdi6AWfj|oo)U)zs-vEaL9(FD~4-TdLR-$#zK&hdVjLvFB^c2(P=!+
z!m&Zw-)I62CU<hlN^Z=Sk++R3c|8Apua$xwQmrEWl>AH!#We2tXa3cG<|R5Ug6Gc+
ztfMOavb&dQA3wRg%i%_qxy&JuwdnfnEdIhuv=PQ0pTsFeO{?oTYmn=4=`Y>CLBlvU
zmJ2_YV{^b!J@K)&X?L`1H&*8K&v<Q2L@Rg-Nuu~nQ)O)xVZ7VPYD64!VP3&3aE4mx
zXvF;ZqqzK8Zl9~{@12chcpmwf?$H?YorN_>bh)a97X>{FdKMaAJhRL#%fpqOG2r?e
zII?8q^ez+ddgJAZmL}COaH**M6ev^co;tnDepbY}Pva~B4sd2?qt|*uCM))OL#*H*
zvgf2x%+rD8JegsdAEC|CtJ$IQ_&3|V0qdYKcX>^ctXz*j(&||pInuBe>A^K^lzP&L
zz1>&!hwgfT<>Y-L?By!8$>*#^I71l^WNx0x%Lk72wf`o9F6z3&B2Z7+=@61b^F{ym
z4Cz0GUg2t2V0~S+qV`PZa&t5`^&&)jvELNe2`baLVF5iX=(Pyc9m3Dy29J1r|E!w)
zw$Z2yuKSZMowTo&#XofdKhmMeIbO;#d&!tQv8arH`CI=7NsAz9^9O+v+gR9f$wmc~
zK>}_h=fA9joys6fw5roa93|5ru8yl*5Jw1av6ivd|H;jK&Ylpc)e8)za(Oyote(B4
z_h&+7!W?1AT%keGK1sf93Hg1L6;_~aG%xTK32>D9PC_BXo4BBrcSAj}N($HdOTW<=
zLS#RhRj?1+-jE(k)CkMcx)L%e-uTU<wYgh+{N-~md=|r5&aP)$He0Q@4iOf_o40Yd
z%Gk}X{>ms)=Zmd<9uTFi%9s@pp6vTab7$@Zr}C`7Lu<f%nrVRde!g%-p?!>|Exck|
z7F(8b7>*I^XKQ4#Y8GqsY=x{Gwz)OnkmV=qMU}wU0mt3<m*%O=KR%&GYz20G&9ByY
z<&F=9*16YtuM<15sb(bPlV$(zrHmMmfW$QX)LsG3I5j#N&p1l{ysx~VWB86f^!QaA
zfKELQm{G_Syt~lIlhszlh#om8Bs>Wm^?&<(cjRD`MSSEkA^`JTfr`XC_@7XEE)W`o
zs&&~~xl2&!<1n1frsedZszBd!Dr`?Hd7QQ_xqG`Xubol2YZkA8(R=T6sXG_03^~)t
zP87d!gG0~K3(zTH(>AXb`tZ!20ZUF#`8TG7s2}d!1+g{e79-#Gj`T9M-6L+}@L}mS
zpywuERo?tPp^mxt<evVZeDiSHs`#zp?j|eD7nROLb25BkCw6R%VaV(0B>{Pjml<Ja
zuE^a%l763)7F(^u+R$kBC7CLHxJ9<hn8mh^lKzVvAEbz`96@i+vTGI2gnOrQ*(VmK
zl><XxN}^jE2NPD{O0bUo=lhH^*2_sQZYQ(czxll9M^XH#2MvI#zz9iQy>zQ@zU!}k
zh!z_jEp$$W3MTx6Bm18F)OlA&Xpy4lYUcGnIz`sIOg7f_Io2%-^t36Io6}!v*!OJ0
zJ_#ZUf>r`-zpx+vMn6d(LqK^GJBs2W0U<qJX-_2&uVVUcP1+}iECj{9y8OuFymQ3*
zoH$vC7o?<5)ul9T>x7HmP*J36>KC4k7u6oiVw_yDzRm(PH{S+kD0Zxq`tQ?z0Zq6~
z)$-tJ3;gbQyD4~oWX+xqq2k0|)Ah1!h1JvH+i~{kM5>>42=}fK+y&{;e11QyAGqS5
z3f(UdHdVYS2k7-CD{r13_c8a=AW{SL70SJ)R|3#4ns@xe`qW|=)|S6r`VD(CCnXtY
z)DIdi&WRvp@CtR|$2Dn2MP$>%Tk>hX;u^b4G8ZKK7bOy~QcrNFO9LVpl>UKuGf1`Z
z5bluNhB{Rh^3*8+d@#R8#MBS-_L4*ZOm-4*L@O+=iGxeyF|9F(ar&-INdF>)ALoJ(
zBf~%Nk{Ws(!w0t2sGEsSi+f2t(z>)g^`}#vbw-!E`IxST5xT6pK<Uq^J%3Y)6*g43
z2>qN+LquH8O!$ds|K$~8<l(!DIs@YV58UhbVMbe_3VkN$%R-e`ok3x(NR9>`Yd`tV
z`R5uOPr8@qioSV<pD7@RsagLq`f<kBV7?nyw)fR97%_%Ci#?^5h0^NGYYi$|(?8mL
zS@W>}zM8Zn-5QWCC6}EM>{wsaT>QuQpzQA(dDB~+kq9L=k_)`};M_6_(XwvFgYi8@
z{?t|97#=8Qc7?hX@|^zJW`2!pn9x>jD58p?KmOv!(<c2fCfNuQ+*2rU=k<c1ZFr92
zFe`v5c{CrX>$Vt~>nw2;1cU0`Db!PJy%%eRcEQN%Hxr)@Jr;Y9;zYeBNa1LW6!mAF
zhe(qWq1Sr5GFaJg6S@69;WBPO^S?U&0VZk(!FBJMpXKOfpzPWvAw)w@OBi}c{<aUU
zt&xAMF#j6kcaK`b8Tx{bKwGAv#%%eb$8J5Wu{^#2V7!>tyW+dS0~t`Iw2n6N8;q#F
z{$BVEYFb_2g@xUGVXHS&s1*^%*!A*+zW`VLNEOaE)3SzE%QNM4c>JpVfrn^#IsE+;
zx!#E?{X-Aq(Yf7%S=r2QQ8J#Fy`<ve-WMsoSCI8utJ?hVKhdr(V4js)9c6dySvhe-
zKTV~{YCjL7U?nZB>W-TukxE`fG$V?q?}QAnP5s~+z2dmR*x}dB`@~XE%gawyL$iUq
zp7f1vNl~Tujvjw@ZuP;}=s;$%5jYI<-YBO4(s?91!2!M<nn0()_`Dpo?B5#bk_{5<
z<74m5-YB`#G*li`-V~C>Hk2tB!bc{LI0+0J<;bypN|&QdW8d<els6Y$>Z8VbQ?Clj
zm#cz8v_{)sF8(BKr2}pfKWU^BZpzCV;u?K%uciNxlz#;di6w&TV7$7`Z*bB!6fM=L
z*lBT|Y5Dt4gPFv+9~kbP)H|lMCV38O!#DE39YC$A6~Ecqf>rn8!b<n*-m`AouQwLQ
z-z)oJ#nJy`C={@2Ys332T-kQNVZF-zu$Q`NSsw95eyJi^*qoRQ;W`Mb8tPr43#gV2
zpt7!9<dgVZm(gQe&j#`e(mSm*t9{Sc;a*=hySTUMA)M7`CeLC!`#q@~V}sQ3ss4q?
z?l`S1aJ#K>`o^-zV{eipE?f&U0+d9NmOHCwvY3vS*|m&qbIv!Xe%pUGSUhfjKP4dj
zqO9(LF@1e*U{Tc55=m|HrDXhuMjxfVT)-;Xa|^SS?g%A|iZ4@b)?-gV>hm>bfm4N_
z|J>t|;1qDY0L7vr!(FO}R(EGWX=9f?dhsY`5rsRyPUVdOx^D(}{4i!Rgd_H?2r7XV
zU%6}NLVVVrMZJQ|?CUWhEHSZ2rQg&^ds6o*88|1z+9YA3SIh+InBdY4wNHZzTih>}
znV$p02Jom)aFs^2Il4AyU8Tu8CvM{8st|#T{D&LZcDwiS8jkILV-$JT5nQP&pe1ZW
z%UcU=xwM%*;$Xwd(7)c3F~$tfCIwp=K1c_Z^_XX<ft|=a54J!77WAbD+f4#Wy1JV*
z9`kka8&v(M?Z_$VnubBnC6{!<hX*l{x)Hj&Ol){%OhpNZ<iSOm7Xe_KEAJhTEX&_N
zKNLEXBogm1mcsE{pYU`XM_AhJ58LmLW@st-3TF=WyN8vfN^Y6rvm<+6a}-e-Txi%7
z?HxQOd5sK>&sUvd4xqPpNgFu+ZiAF+h$&0HxVFe$ER`KLbeL<~`!(h)1a~aj06qU~
z_U*;`>YRQX4~{`TNenXxKy|jR@guUSOsFZ_Fh_z1qeMJiyz>;PI{KVoNl2SJmV5t?
z6wrc-h$su3igz3vx9aQOtfE04`W`$~RwAq9x4=QWNi{dFz0xVSp{_4ao+k5VUf1Hu
zOg?f0y-CU5q(syRVh`b^VW{o-`GATQF|4GdcN{kuOlI@^`kHd#Q8E~moaE4V>Q((c
zLuAPR_Op);Lz${eYX7^SXx7EW(e1Ly87ArJV+G(k?bQ)p#>I+jzfa?ty|H#{+5G&g
zyVV`mJ$`N<@{Dy=5sIggRcQs+NSgOvCr-}p?cG3Ml{9182U{xUFJs@b578f}-~0^I
zn6K#yCwsOa@O!#Y?}Kp;teq{2=D#bqd{e@3KZWb^3QVP2jMs_vd9}K#6&&jLgqVH)
zQt^U~_*LBL{Toj3q(VNmxP&GLvDWL<Wyc<*+kI|rKGm(=_`t62kp-ZB!)tU%qvSeE
z7zHHVZFn{Pz@v1Psq%Z%{80VMFQUp!oA%<~A<BN>QIxC(CQlxf1w{@fk7bcR_PI!O
zJj$(oHPHA;a^XW*W)UM$ec@-@(Tx$031U#C|D@i%=Z{Dv{q<>usPl{MlDA?~O2IGp
z%DIAxR$gATXMSGF;v1SBZgg|>D~vuK>~e2itFBBI8zg&r+$(nicbp_OH-5P={L6j4
zuX;XBVrA1s*z6avH_s`ycbZy#&|$nGq_~E3ezU4@v!^m+O_?-8<V*H=^b^P<Ggzm=
zhauLvl8)kuL0AA*Nmz$v8bna40&<e3k$}IIere@6u!Osgwk3Pw;O^HvXZGj@{oHsa
zmFaZ%)2t01En_Jkzng1K#lQNVm<32D9VE-iuGaj;WDzH9F=!cQ|G<8xHOeSXmWL_`
zk?mgCYcTT~3RM@S0fCstFO`Ak$m!PaAN3Tz8a&X8ZL%}t(jJvXA4fe}`CY3)#l`;&
zuj(}CQ6MQsk$Yf~g@$M64-il;`75y91G%~FfgzGq;7y^NL|cZVE-u`nOH%N`RI^=x
z3{m$w{lX~0(wr4c+p#mH=+%yyJI+9S&=u9`gbur!0TuLD{4B5w2P8^f^?W9y8>Oux
zNKv*=Ga|d-UqX&2<e}6v23#P;8OApFgruZVl(O23IR($sE1y&^eY<X~oR*l)i%_`S
z=$LVoKT|}X-pHNBbUBj|b^SRfm@nIF3oq~w&xVBhjpNU$eZN-yxXfy^dq0A)X@Q#e
zgn%#tchd1V3{pxn40xGWcLBYzm={P&>F?@^@_a_n(fj_T^@||wuSb2zM`a9VWgr*a
zpv8g6bFx;<UrFsHY8E}Sn}h6n=U*|=4`f~Rl7(+oe7Nf^eEZ_^OuJ+*M#r36iKC=T
zU&Ek1^eJ{E5hG*W*NS!@#=1Sqq)F}qv^$HeqUSq;r`_lL^s{@=XBTxsjv{L`X5`ts
z{!Pu0O>CD^LB)ZEA<u+5P1p+&M}MojusYr;w^CIOavrct)GZ68<6_(DfG%g8KFTq@
z<1Fzp-!+}C`PEFG1LMy?Ceyk6{?_5Br-D6w!w=LGuKpP&WKOl}KD&SQdXDQYBEs@D
z^`a$9H7X%G&S^h)xH>S_w_l9mJe2y`U4mSQ(@RKz|8^!!OrkM4Y4R;KdMscR@&o=c
z>|jFuL6)LaMVX{|{uW{Vs3hiV%f-8LKjV5_^$H_}#Gi;DX}MFBQVB_hDDay8{t6jO
zUV%Gd-k%GQx?PjO#`)QM_byWz)D7SCB}#huZlEV|7u?CZmvWg;yQSMMX9W+gSMr@`
zJ%5@_B-OlL_**5(4G}b>E&qX=Kthr(C9N&Xcd3pg6_sJLR)dz>&;DfT{@#Y=lQSAB
z3z)f{((W5Xd7ouE896qJOYcIkg?iq9U!6^7i4}Ne1bLYG?MX-q*Pa~%W-4L}GBT7(
zf58EVhI{85AF~Y--`WwVr4Ey$mrf^bz0L0Dab-Fv&5u^NOED4znLl5`?&+m)!TmpW
zl@TSYOWfobF1#R~aaVaN6-s6sma%CL7K98YcKWI3@Mx5kjMO3X-NmA0Wuh3fLJkm&
zft^DthvpO)p-`Mi(+hMA(bEX!uV0l}ayzSZL;Alem=l`gs@~b*k1v?jeMxdRa7)8u
z=wuFfCfqJ66d9TkH9=yUD!rO#;iKT^c4YW?Ad_jD5BYO8?bFS5yJMD#$s?hxXMYUd
zGc*NGtpgraZgKu#cq5;8RA(#oFhoH$=+7#D=h=yAKsb59a>?O$lF#}I7PT6YkYXjH
zKFMX5GqFVVZ(<5re5Ac>^knP(VpWf>vXUfeau-DMk0C%VpoJ0Jza`1<a^uehXWlFR
z{el<y#C31IK)gIYVRN#X=rx_9;VMd}T;#JQ%Kq(me72OkpH9`o`8mr!vw22zI8DY3
zWb5KRX7wlwGwg?s%)@{Q=}KLj?r+*8&u)*-rz-H-msB&N9JEG@<sqY>Jgpy*)v3EN
z^J$$@c69|{k{3fYKV*a&+q|jxIy!OpnjyB(@h~?PNGHGXYx~6O9z2<xI7%`h!}fO5
zS*z%mAul7Q5Spwfop-B1<``eRHq&}#_{VQxVqq~Q7;hsj*N<Km{`1Ug$e2e;s=PNs
zC)m5iXe`r130k&!RvPT@Z@YAlC<S3X>#lxtkACug_tl~0N`<SX=eQhRBqP1MUJ<Z9
zRC{N~bk2NX5gQieb@hc#uV``fOM#qrGAG;LvmetIJfh>)UkXX{oExH_Q!3q~%Vlse
z-)8KTp$C%m;x0C4f;L0diF-O~QWB+l#1w}8Zzk^VF5$o4V=F|AAQ?S+U27E<>UGoM
z9QwZrsZJ{Egd^9-4v-aZR^rwiRP9J;l-X?U7gRDLAKr|Fi8oE;Zc&X&7RfB0lVs6#
zL<DQeQFo1NS>e+#{_CmZbHDjg0N|BIX-%ldF9#2?NNZF&dA(f~+CWgtEgxsUbg(Xd
z>w&*O8Z&kN(2&`rFiXDE&EnFnbJ+@=p{O-WwzZ(*4@)9ui#}m?c?&7pXJ-P)9X`$>
zsGAAlS`5f6Xj873Se7G&@O3Is$N?@98jA5FwP2pu%r}LBRgbf~<Cp~aY97LiU_b`M
zBh*KIT3V@It`F{qVS#CfR%T!W&u@{VU&r&K9wuCUe!QB`>YG6=chJY9F2xEB)iyxB
z0|Ug5-c1=X0Lvyx<AgMJ!a}|;$~@6Kmm<x`<-%PF)c<y{urdRPa}W?od=ImDLIw5$
z1O73I6$X>%NUN+Z)UxD1>tu%#PXxGMRC&Kv9~ODZm^PpoCnWB~$V|^~mNADNF%wu~
zr0ijRCS_odDZ*q>U|<mZwy4*dg}GW!4th={e(N{w&E!gyf#qoU(2Nv}8Zq85#L`9o
z6k1D$1|iNPUIMCD+iI#MYE*6>v6RE0t0<ZIcJE{%+NL%p<+bdz``V*;SDyE7j-YpI
zWe|scgP}bp#kOhE+fJ!o0mT4@D^-G|xR>*|&x}Vj-|3!4`Ri*|{?qc8tooY!q5moN
zv%4$9sQlc?g28*bOG#C!l66@&dk#+eJ$^HRA;#>Ju?`+LHdceaz?$#3BcCLel0@MG
z9#eUMEY@RCT$%oJ+)|EjYWGOFesh4^wKhrxM(s7e{pPWI9XIH0y9GW=78~$mAaG?F
z>#N&VD_1odH^#0ES>$v{v-mu3+5kWkZ%9^GEM{E>8}HEjc1pczD$MKbWwaO%1@Sde
zG({P)Z$Ho)aeI3|wugT>Kd48Bk4?wpuVx@e!2AOqXQ0i-wMF?y_1F{^k5%>#q*v*a
z;6JW443vXEc^2+H$f?>oY7MbUr|ngfR`T`v$Cc5|w3Hqll2h=R<?Mbgjh`|hWj+v^
zH^=z9@eR3!b0muL<CSqm&)_I4>B|ae$POuo@pWmEQ~7y+driGWbD1L2Z^rsbT3Gx>
zV%kQAvB{eH$TEcZwZ(erOCBzB`+*@|Ya)&xCf**N_OwGKpE<W)IW|)3ZL%AiC>@L3
zV7y=O@q8u%QscFMOe6@I<X)(vOicD-;f-R3hs$1J?r_oLiLKtJVpNy;ps)1`_Xl>s
z!&(KFXfqK#o=wYuMdO!nVUa}Ars2vJN3{)z9sszRSIlHKM~~Zi8y!{$fpEPDP}L5-
z36D7y8t4hiJ+`EwCU6^FustTECRRMX6Wo)85P(2Wm325^U<>^X(ez`<>%kbJTmial
zrDj2@q86QjU!Te-FRfJQFV+WGc}FHciPPt+<BWnLwI7a5ve5&j@(l{-d^eVAPzf=5
zJ~qTzZtF=hVOg3eLTNw+vy$bXMXn@IKT4Zq3Jy81f4pGp&U8dp$M;2spS({kdqo_v
z`BU6g!U{@8vcX{ICyQGkWJnwQBwXt4B`bH&A0b(#OCh2!j><%BHD?E3DvOo{ew15K
zP!d>ZuCyr(_U9L`ZU(r<JcW7K1P!>)7w-`OYF<}cXvPB9DV=D0iY)~&Rjx@_!|Tj>
zuz6gIPzZB&T6`z@S>h4{1_4A*eCsUVKdQoQhC18O$79-SLe|#S<AnNJ-AkAcEwd=e
zTL~T~pP0~I9wI~wANeWUtCigxMcI1e0kQFmyd;!!SGg%_N<Zv6N6Y!CHpzqgdpnQm
z-uHBI6`@>1g#5g9xI!7WK!T`#@XFQZy*X*LrV2Dj<6p3qkS63>-w!8Hdw~iw!<mU3
z68wuHmOJ?H=+ms*Qm7DsH*sWrD~fqjl{PsB2+R?PVnUM|?CrecUoVs&DkMMbWN_7E
zB9d+2c(P6j*+Uyn46tznL4RXgL_-7LsYBP(V)y}X&kwk{kyiV$J-us7U&~rgrB&1t
z${0dUE<|{oADu$@6T<B5L!r<-SArY$^sz77X`9UlGSF<~qk(TiQ7fNYP}9b}a5D;W
zq^4J3*S>z`rP~AYmJMDZLx}Lvd;j1t0E`f^dd54Ce?$N_LDv{MhsRN_G)eruC8*5e
zeXGG(66Kq**xF?FjEqka627vG|GRdj5A!8uBFHV)0}x6xj!xlR&hkRc0LEufVQSvj
z`{~bV3PTQ0{*M2hdAO5Nkkxfx#ObVZBNq$+1u=@c<F^`{rOL>WWg1JzUIjdFT>8go
za>U1ThaxR%{`4ktUQ`4}7+>@(K{|mOQQl}9o-1`FqwWtWF4gK?5{BNOGqLw6a0~D(
z`7CkZ(cI|W&$a@*J$wln!cTJPMy_xH!o5KErSP|jKzs-C;TV=qfe9QS#}AA|>_#z%
zGRpzb$Gp(k5m>mU+&`E$h}IAfj{netw)r5cXOvm-(C`I<K)Kd09KLuF0zH&@a+CcU
z>`L|qE<&%Oh7bw9nLy`P${@f(xVj?}|BxKggrD8)n+6$w@CBjI_5dXw9o}Om-lk}D
znovVS=P?{tS#VIr)bCIs6Fg&#%N<n3%45jx)FVKlF*H_>14shQ|1#P>cBznl1;-(?
z2Nn&AqF1_wPoG5}D_lHU3%S{E213jUvFDl8V5vtxT-aF888})7m#UhAC>t<TMta-l
zWQzhK*RaO&r*N(QD!n&vEPg=8nk<W-HHRpsEVp&~bNnM{tZ+l&yZEEJpP}m=llv|b
z8_SD_3_ns(T>rr{DyYj=2){X+c!Dl}-D)f0{!-~+sGY?lr(2x1oF5y1TojV>N@J@h
z8+q16ZebC69CmYZocm`0#T-0xH}Qy>*H4&P6Uog5T@Jmtl`Em2^Na(LVP2hg*&aL+
zf*QL9guhcLIN|adiYJZ{Z2VnjPTUilNDzGEs|fdIB7|xDXp|se{X|dtVxp??l=wO$
zW7Nrr$)$%`U+8eW^Zw`+5ilR}!()4`+9BJ@7M$8KXZktU0-h$+zvw(R%+jaH)TtH<
z>QGEeKnEQ$j&~AY2RoCplxqgi2B_T6^~*a85xHo`BAhUCpaWi+1OG0tj5~A72jZFR
ztNtKO_-N&^{8ocNepf0%Zi?oQx|H4?@$@Bp+<Jsdqrl)GIYP}HOc+KQj}r*6H}UW5
zX|FsQgvB#mR@?dbAAcKI6;12JDBfZ*qdaYJT#x_{Uu+B*859d9yar_XaWMaD%n7rT
zOPWG0w}{G(AP+SIfCRmob<ELXOcw%t=8F2ci@5+|W?Ehknq_&T^x#7i4w#0O{)RBq
z9j67A{a#TG7JCYIPVkORCZMKHIp!U#I~sI~C-Y5+8Q{OPFpKXp=XsycBNV*1$*H?`
zNhjY=ag1gNrRlyu5)gJs)j#sE(_4j@Ki}|@{Te{D5r$M$yCU6lws?8?e8~UPP3Nh~
ziJj1DL#4~VG(SHvIJVZ0Ru2rp!!Q<l$CE2G{)gN3yz>pw!*}op|9vrVv)?`zJ|RsS
zib4U4n+g1%OhD-1jtN}R@wbUpQk!=tIWalZ0pX(^vKQ2_JNzoV4p6vNCdcO9!ZFHf
za7Cj`mht7eQGF;&{K1{Jf}X<N?=pg4Oyfp;p05LB*HHu7xQiry|Kq^_8EhveeoIa6
zVA^LbdcZ!^8rRoE+D(v~G1}4mc!h<xEtY0eb!$bF1Nfj$V0j&E{yzh2XBqMbJIiCD
zS$rc_7L8LaWLU;m@7QVr!<ulBfOM$86&{f|D=Vud?5$BymU2Wm2g7~MraS0R$Zp>L
z<-g9M+&lxY7J@v}rMO%TIbMtA&VgcA-zBi)vNnNH8h7f*p`CsUy)y%f!FNj9h?&4x
zq_V6$xfGZ3KA~Awg#W=P6R+I|xrVB=kW+Ni^vAu~;%f`46M4MSta-EiyQ0@l<_S7#
zST-$mQ4x-R3)=p?6=i2ZyAn_oLckv>9NfI&?5xm;lm^H~veChWoE2$pw_csD=wnzE
z%)n^6yKfmt-JO9W<tbZd%x@OYZ$2F2Re|TR(2;pBru+GkT?Y$X{5}{RZ0~v;Nj{E2
zx?6By@{5_5s^3)vB!Yj15*sKWNm+QAJH%%P@E1b^!hwsFgyV~V_~YaE3NOR%4{B_Q
zk^W`A{Lr0pE`6%F*vs6V(oIeQ4{C>P0hw3qpXb~j&BewrhvtmH2)De%1JYXspufRt
z{EJ~X`*WR-SeTC%_32dHS7_o7<W+VvMzrEHk-l?E?n{TVUxYiZtFAuVP=^ep<S^fB
zS&GWpBuh08%sBEEg02C04PU($k_p1@^5RCz?>LMKw|&0pdX*&9dIrvZrKnKo{sWbS
z5qo4U%bi6Bk37c$ULe#Ig(B;GZB_ho@?rN+msiDsxiI$(>g+M!f&1<>o1iW6i!|+9
zIrke8Nt=e-9}3~?s@e~^7p1A4li2k{n?4|#DdNo+@jc9b-uZ<&%=2x6U}qv%X4Y-F
zU@R%Ik{tGuh&(%FDkDea*8iCI{lSk8=#z0YHjJh}Cx-ma$6#bKVCEL-(kD6jfX*X%
z%mU7ZK(+CClx?6o6oftveX-IhK#zlu^Q4R%=dguQ4U|UHp#lycA4P%G_t0B8P+4rC
z-P-+=g!hOSOTXRYsXK9Dgdo*`Psp=p)E5ftYAtG^Y19OSh{sF$*h6lpd0oD-xyS+D
z<!g)uu1_NV_lI7!P&(GAlvC!;RTSCyVmhGnVV~UzfHjegt}w*zCKBv{3xP80skQbt
zhmobsS>f0f6-f;KOIv<J6}{w=?Dqc<Vkw^eFE{qD+3Ww0My>V#Lveoc{|f%jUZKwa
zGxBNS#jbZ<Gk?ny0Kqu3M6R;(bfOKzw<{kEWho%P90BuaQd_D9AI)wn3iHWe`fqD@
zGrR)miM=P3b^Gh$bPvSsX9Tj17PjCb2$uD~eYtC48ceKHe=a^Yih1>}mF_HgaVhNX
zJ*CSPVk|sR;F-keft_645)7dC-4A9R?#NM#(wZXmp8W}2Fl_+y-wQX_@SEz1P+PhF
zz3KqJ44LN8>%r{lVlwuaU-5=kHE2cSA82qHcqPrY?eGs}SZ~$8qpyrZTpitWbKAg!
z_nD%X0X_DaEYx88<PGEWrJi)g$)!QTssHdOZ_DkSW<-o9IHZkgK;6jwx9a6dMC|}E
z@wx%4bX#g_keIVUGlPU&D?t?N*=frw!=l6V1k{f0dhGKNW6`0zX%};+!3<Qe#YhV}
z8m7{QItM0^%}uPz(216Owj=$ZKDJS;-tOd%b4Zq<vpfFxb=vEI*Y>7du&hl<8@4ww
zGBb|Dv-B4gp|&ZgsPSLkt8e(wnWq=brbn|sY;tO{5>N=yk)Bs4ZK@|S8Mb^Q?DpCE
zs6O{{_MR6zeeqF4HJ{zZMj&Bn>1GMaIxQ=K9<X;CBPl3j`h|_Lq-Kcv98hJ~g|L5b
zSY~F00j-f8^KP@bUjwo$JkscpT{$pxQf$;y<Y+3MzuDXZ^l)<;_Kxdw-;oreptsP9
ziBA2viwQlIshpM>nNG0IrnFOX$ZmAZo<Xfkf`G=mS-E%QWrK+qfUh#_Bs&n(R8%@J
z^UEm3I>cz9N#_I#VjZ!w&(=`ClWs5_i0eB<n@oJY5Qs%Vs|S|9$uQ?Z<oM%I8jjhO
zr0BLc4>P4Jl$B>}PujFjGSNBwBl?cnz;cK)NO>u<1RVxZr+<E%Y@O{W%lvWfR_1L=
z*}HY@=b@8h`RqfY_=T^Xd3NW7K4YcKD=!-5+Picu1GMSn0)`VALLwAyju}hq<WcUQ
z;X=o&eF~np@r>v^Y5iv9|3lYXKt=U_?cXY2MF~-95Jo_yL%K&rK)SoTyIVv`y1N9V
zJBJjI8e*iS1!ial7$gP;_#gBa&-<+RajjW8t{FIU=A8T9``Xw3?2vzGRhE2FXTXb4
z7l8d<H;{&lVb>%?ec-yyQX;xruLh#l;kSl!D*GmvBb(dClOWh<O+^Q85M$>W#fUnh
z1_~zdr@^h_NvG^ceP(8!BZdPaJRID+5MdR|E*0&r4)?v<Ec`pc2Y^fuQ)+Iz0E3no
zuC?0qn6Xe1cvXx^uxvgN$(734>6go$W=TE<U%r9xb(L38;Wc1zwSFly!b5%ABUA8|
z<jQ#LHFC*K2v@iWBv)RRh}EaI!QH_PPtk2%2)?VWdWHKCl%?2AJ7bx>ENpNjoB-Sn
zK<{&UzM~Qw&`6}s%d2P<k%_6Re<Q8_9Xoky=z6iyxM=k`c-eLJ)6-xX$xz_{Q^Z3?
z7#zJh=Zvmh_bPTAJlbEVf7`+%#|l%()S3}nSt{`ISEGe32do31S|)Ul6!4F9^iZy&
zSJF486>n3hb>v&)-|_Mvb6RsIV%zucrK3b3#dZ8dl+cRxnTCW+3k~TT;2*+G_do&I
zK#5be*+aNa@5=LfF3T$#<<oCP=t9JXkKX5jk(#11xhV}a@}$j^Rq+N#jvRD5b(y#j
zAB4gCKa>P;Qur(Vd?OaP113g==@-H0A4>#qJc8V51DrRkXC7=Z!$9N0*H;y@!t{27
zN7aXR)56y~Vw95=>yR?~Mb6K{osKtOZ;97v7if|W)mD)|-<x9V>!4k&R_SdDB(XEG
z2^$u&P^D&_dYWsX;DFryMms~ahoR!N3j6BDD=(O7FeO|y0$kb>*`YWyC`{$M?11wH
zD*>Dt1lq1FQ|ZaNSFK&!&g>p)-e;zib95a&FP|2h@3^DW0zW;iaFHHDWu9hSa*nw8
zIrPLw0nLmRNV;o*&`79SGaQ|u0}r7W2;@lENWTY~7A7EO3&C10K9NXKs3T|ex;jAJ
zLocxoxu7uk;lh&9oubWesCBb5HVmG_u!37TkL1>(M{ToBFwc)L>u4RsXUQO84aAY?
z$kAe<W5U4K1L`~MGGCQ$Gx)k!y)L`=jPAXq=eoUR?1y_yZ|uZNJW`x;MBelVeUuO*
z?32=**5Q42M;M6KofK#jmsjii`VF1ZZ9hq6YWC2?(j?lvH?xX<d+RLsR;sQ$M1==S
z5q&@zl9Fux+t8!KWStiCNdL-Kmqfjo|5m3S*_%vV8r^Jcln|eH)eoE}A9DwV#-BxU
zJ)j6tWLuy=%H-eT(YeAKgo|AXpCaRdbu^K??BUuZE;=vt*L=xfeR0V!J}&4JC>exw
zrG8tm?xm)kjqPM!*?lCu_6#d!Bb@&M`zP4Z!YMp^*o7tcEoxyZ;hiQ!{G)<knYt{b
zH_V0T4QJbP%Y;Y^kAOrwl1O!$et8dXh_GbpEe4Y_5)!2K6I6nEiC1<x{mX!7I@;+<
z>h67Mka82-*RtDEWF#J|_iO61|3Tho$EF}bw{nd}QbOO{*HFM2aM^|w1_n>rr0=<I
z^n7=?@89BGJCW5%zcSZ{2U|c%^@#+(<J>1dU>&rdDLCk!i+UfP+^wuz&>orPD~riy
zM|wL%Q|m)=0~scsBt}hyiVx5*4J8@C(O1$64>^B^n)xCjd2uVEqd>oP@ic!cmv1X)
z{<+Yb!rW)B9z9LmYXYQ1k+gDLF&x9XXVmPjF7p#|;p&;naE~vV>BpaJez){AvkbGG
zsau+bBfNM=O+C3;dM9m3O9;3`<i`hA>zGM@2k52?P@{sfk-BEv50Bc4D1Wht^$$UF
z-j&F3fyd+7M_LlBk{#a%_49qGGdi5)l7|;%d!BJjtW8#<-~!Tt)PDBar>>G%Ss5E!
zPU^G)+5A?yGO=KX?6sGa2E4;841$P({j>HB0i0ZhBH)!+o5F}87m2a~ml%!_=jHAc
zt!w|QZN`9_@gcqW`}ZS?vbWyoNw0fR;0(Id*0Rt9qzl1GNsA7BT5ea`!3ZrNU%|_z
zqd6M|T4W$}9Il{k@U%-5k5Y(t%g}a0ImW7Xk4=-s2d}`%&nA?+-u1noOe-ac)#Ngs
zR*2=^ZhVM3tV*K^e>(&n|2!4T`iJB8NS6NaMaVN-%zmWGCC4r_Qz|T(ccH;-;jw)v
zW$pX!-jbEa2JNCkXd#y#<JA84B9t6kNLxI#zD8}Ci>`C<XY&1sf<SriXJGpbZru=t
zxAm^iIs?G;lunJOvRoLtx|AU>ox}YldP)-XkChNBLM1`%>8zL(quECVE@Bx0O}3dL
z2#eIv`k!g$Or%!HpJce`1NyS`?IH>8z5WMwWF?Wx21~G-&K_{V=i`BK33vbYS}L(h
z-l<$1UmiqEu&}~dM|^#~OXjJ)D&MrCey#qt59iWSi1$LS%Cgpd66bHG8BG+Pscsiy
z2Rof}5AhFtIOq}XC+JzFxi7%n88b1M6P8dLA2rbm%h+hvXtMG`c01ReW^Yu43)8pN
z3)APwUFjb!Y(H3eRMb+KC2b1fZV`5HIiyJ$av5oTG?~yROR*~(;5J{EZ85&wJL{7U
z@$44%Ky8E|5cGKL;Qh4Z4Y~R#HaWj^CxvwZ4lj&I`*5R@Kc{a_V>=uoQ)lbjF}&Wg
zQ())RwjjJ82LwHJs0(2QE6S-(cG4w1?X<<LpSTu`9z)&7BWb<&=Q4h5ZmNN}^R%~1
z>(($tbN!mH^V51bSc07_)k-q3@N3+4%7zVwFhTpw&o0YfB>{0C^1C1|KQA9=jeJ#!
zPQ~mK0axXyojCIM@KBBF4<SpjIh3+Gc=384-Z~V|AO9dA(?G00#8WjS2~xZjMu;Xa
zHM}j&|9#*K9Z7B~=DUE2Ytn^w<n2y{eO=3SM3IKa!FP(1is8{cMgIE{rw!a|5gfxb
zA(|Z!aS{jHIYzL9kcF+<=mJsHEM_XIc7*lofzhkT-i4PvXZO~<LAs4%(p)GN$k)hX
z$0J9Y+K9)#*=yOtplo*7@#XuvM>~y8EqC>j%_mt=zRIZ^($8UhkYMvP;h8pfugZO+
zT<5qAQDWco7;^2GM=#-{D<{J)BtfdJUPf5ZAaMiLxeiq3U4|ITOrvZCP*&>?f=*a-
zuz7{h&4ptX3zC9+%^AlM>u8(Ctp~#BOFiR;f!$~0tL5-}jn3vDp}|S-vI(04g##?n
z59vu?UrF^aFHl50D)AE4KN8j~8~YN)<R!m0<B{D|V#~t4BLa(~Yi<6q;U)eO=0zZ;
zoz2xhuv+kFR$NjPCPg^S0f&2i%?4Ke-;(!w)JI%axzUU{T$&5y<wA;8_9O2&VQKV*
zdt9*_F_pHC=qZhC3(~}stPTG>E&J>```&e%K-iJvm}-;GQ5S9PqX=GZh-Z&5Sn<gB
zUF?SIPtD)retc-g3CS0z%#-MP{3GA5>uC7xbu?YN`KK|9Y=?2-nX)S3W#aEKq<_<<
z-Mjz!r!aQdAB6$X7}%dNE&N4AwSOoE^t+osCwIPdNB#NFpSb_$3r~y=9)Cb&Xv5d<
z>cA~LD&zK->Xq3b_Q9B6(`qQd8w%B^)MCS(;W5*deD_W`B@EjDKuTfdrdKYEZ_C5H
ze9hX0yuzwjomw8|(7@Z)YM)$a-m+LfBXs9S?+&r2Z^_TDe98fiViC8Lm?uK8PfCqu
zRZ8XY<BMl!lRrm}no5+3Jth|?m6ABiYbU8P_?_RE2z`zY`k7^nADtsU==^D0Dn)n`
zyq7vpeFL+i<qtv+v1hXtjck<&<pZDZXa7N}b{z;k^cHeZUE{nS*kk%m4iZ_lv#eFM
zp?6X&WFa(v`!u;)^2~OV0E~abkJ{S@2uuL|iI+pv0u_MCEJ3!;Nqx_!0%Xruw$_#&
zp<Vg58*)#_9n3QB;@=|;ZJTgZyo7j$s52~EE&y~WN&rD+>wn_m|Gv)RsIK!c${h1U
zArI62h5<lw1(8L*f$T3R_Io@4tRSgeoeA84SjXKObOVdpC11K4<@@BDzaQgkDM4^a
z1Z97Elknm>?_yqB{#3`i|Fvd<+vELE|6k_Q_1?dZ^pXGa%~xm~n_nC0;08dzc6V-`
zuXf)1+Bh-!?>E54HFcmr07y=g4tg&oJ;eWpxO6t~Nm$M<tG2yl(N8t|uCVVewX3@u
zgrMret>%&doJC@MgR2TWxRAI>!h@ay<S_e#(rYdWsh^Kh)qMQvt)2lwj5|QyTAmOT
zY!yFFWzvpA)jnZlWlQEQY%sH=UI%qTu0-6~ml>~-w2Vwl@i*N`{%3PoaM(WoJ5ir2
zS8^4dyjr)R*w36LB@Ai}A1<ywIs8wYjsgGqK5)?*SAA(K7|>GFWNyU{X1li)_2<0B
zEH5s;0Ek$e?wXKHQIAwz*9CsB>oh{dUXg4fDHX5w!)(nxA`p(iPL2gGAD+u83LSyt
zxid(pT3Ms4p+bAp^L>^_%xR>Vwo~AD^|1t%=28Uxt(0Va?7pg{^#1JMgr&_J*jF&!
z&7Jh-VW}Yf&qQJ!b|GU0Eb+NY!R_x_Zm7e$BB&26^*JduuXJ=Kr>cCqh%B3^QKl~t
zRXZOZt}O)8HdeBd8u=F@7QdmdUMDCETz*)oZHI`lwOb|m?xmZd7Be&k#^qR%lQjSl
z&Fp-Wi5y%`yTOsjg6i$;%nz_a*4S8)0D8ywXOd~!&6NR**XN74<#U9&cPV)9qR%Ai
zgnsg&8Pp{nrq2(5JcKp^h%MqBMfB#Zis|YB4rHZ-6$Q8)2QRLh6_+kTgG+y^ONZa{
zTFRp{8y}G7GuS>gqwqvJ8##H|6w@ycbx$S41ZRz&I@hH>95$F>fR#HWCr8USIL|K(
zN+Jqr0e}-HdTFE#zCwJA{8W3@yDzEs9-GDUl=?x(K8`crt_>#JYRMxVzP2H$i35Cv
z_h_oKHP6Q9-eA=-b6j&1eOQ*F_@n7|b@WOG)|Y*JJIe_}x2*M-jvx0_GNhwwm4WXv
zVR3&MW08e9n4UsSZc6|FrKv0<znSg|6chwY$ytDCH}W)=p$c!GTn&~1@E$8Av#Gf;
z1Ur$2M(CQ)FA{L`o~wOpiy)VOYXPLaXN0h+G*VA!L?u8H!Zj&kqFQ*--cEi^wH=eU
z&c-;c-mZ%9vP8Q>5L+YTlhb+i*(e?xz;Ss*3fp7Dk4@o+PDzU%<*sm=TSA~qFQ}-f
zMyn*RxJTQAx&RK_37*3<4Cc?>2)ZT7nT&L{D;&e$r+KR_>Q8Y(C0gc5soi2a9%k)z
z_&6U?s{u<U1qsZJ_^ejuHOPoMuD{zj=`uTZ?!k;G>(MAH^;u$p!Wo=5)XU_PDW_0+
zbrovFm9VFRl6zU=oEEYTnSvIdGF=831Wtb`Ib((e$$1JEdTUfHtaKR$XHBf(AA2Oq
z)U?Z?@}@UU<2$)=&Pz1;2mppws7ee%Ix1iXI_h&c6g=h5>kH<z@`PmaIDBezT(aCC
zZE_ve_dIwnV1m3~qU4ftSN((8tr0ug2?_N<0j3$;V_KE~E3yGWzf>RCmoN5S8zqDY
zpL9`xsiObV#+#?am^Y${{zRYptI0D=Y-1U4N-P*9ft75bAnF{3)MqvD9m5lF%ycll
zzzs-t)>>yVyYfV=z9Ib3U9HXy0v*`;emnZLZo<f0+)b&Y!^SRT9r;wGLOqETH&PH0
zbLtRl16nSSu6i%T`vR5G^z;`7^Q$q*c^)7zd>p~AvN)r%E=f*F9*|M>>iqRu%{2+q
z6D7mP^M~URQ*P<l(<Ls>6vK2C)8Y6zle<h_G@w^mK-x@Drb4>o&Rxqake(JhxW%u5
zlBthEbpOW~>MLQtkpC0F<VR!B>RzJVrssT#9TWSq;S>7Z+G<qP9ODm;)>gP|Qq-x%
zLw<aQ<CrV2xboStFSU{JDIlIX$l~}9wrl-*y-I)Mg!1JjHXdUCBv%sjk>SDNg$i;4
zeayOd$btw9yS&T2pec_(_X|l;zEbTI7MmQC6Vf%<pZz+JyPo4aGpY|D@Huo^Cu=*?
zW!7G1F?}PrL~B7-2IWfsNoykFv%qyP&M_-}USlZ|pB25k&!%Sj!aBTTy}1VUq#=E<
z&OyKPt>|G>FABn(JV01RVRl~3gl=Y<5qpUr*BCu~P<gR&*tMYmtem3KB$W>F3RiwL
zm^Wr(IaIF-r&)g*d#3d&p0duateaPP`PLns!qX+tgH$%Ej8$>VOLe2LJ@Y$zlc!Zb
zPTx9tSkee;SIjhJ3U@L7AShGz>vtd>Ag$EhCedHnWGApy3~qnh$lcHy?9Er^b{*Hr
zG9KN}M4q?h76?5Js7j;T7jcQVE#7y`3HVLI{&+6qcgW2R)(VBi+{7^V1RA;PArd)N
zm%9{idvBj*6$An$=vgW}QBf!$aH2TXKCQt)`vRK!rPCJSOz{Rw?GmGq->=XYVmoTH
z^)~0{?2NB81pHis>lU=9q!*?q3qSXF^X~Mm9(T5L?j)z>mo0GE*J+PAoFnc)EDqHz
zrbOE-r9{t)EZ{~Bw&c8`M;}@uonfCctm>33!Rj(6K=0xg5~~Ev)l~zkmpMgX30>+~
zqa6{^lI7fHb@fuKEpPBp-QM1*XNiy5&O|J9p5E5*tPM-A6jo^M2YTfdmLGsNkjb*0
z&k)SIdkF+rn`K0UZ4ahUKWeG$HPgMUNJ3s=`_6x?uuuG_x1***FFW9uBV?;5wDlpL
zL6z}9ix8LXo)L_u!h%}l6ccL>JGj>ki@AbC1B}ic!_+6t6;hN7i&(g!=KK?L`~N;&
zY@*V!Dyh-gys~VqmdS0X)K{DVcKMi<4mVWxGMG+7q(h2WJbY61EQp0{$xZZ__v>^(
zRJgcI=C4n*C)L;y9`s^IMepU)xQ0cpFZ1w6Q6`$HG}}0P^iid(2?p0bQEOm_X%2Gb
z!8U7#&H+1^txHdX+tiEgqIV(1wo#?K({>Inn0VTdG^LM=qn}wvG?!j@Z+P70Mg(tt
zOwumrX8D2Bt}w(>|AlZP1UBW6biNj$n){AtS23hpt%i`4ih#&LO@OMy8FE!3hoWhS
zBwzJ+b_>eD>iqp>)_J%-Fa6#Mre4I<Y<Ax4+3CaaGn$d?75q;*pud6D&y$$2tJ_1r
zQ>_~0OTIW>oqv-+Pj${nnb?G?+N7Hkmvk|wRz#5_@&`v9ZF9xF?}|a|`qf)E+>R?o
zWr~ZHe9Lk48wz_FtDlswziS@iZD<yg9|kq8pU8Uz&Xul4rci&}2$p_EwVmdr`Jvlk
zXVW?B$$GU#<jLn$SL?}T5tG-IY%}48k1#L-+t^N#`mu^wiS>jnTe!m4H(>{I6XOkF
zVCm!mII6Mv9grTLasQQ3<cDA}6C->HGI!CAvE7IFK%f_4;(hAWL|Z^VF^fT)V+&px
zo5$xnB7N0$8pdb)?mE`fGd_i?O4=+vHqZsfl2EHexC2;2(CuBJim_aU|K`m8*l>%H
z0c%gUVVHK@?5qw!r&}nlR*R~6r{HXrB1ztI(r+wTikJlh<gP_jJaNA*`UX=VdA)$1
zs1H&sgf_@TX9}t=dDj{w`5k?%kY6E%82z@@)m$5>sVEVvSTqLMgD}S;P5d%tX5Hn}
zbNZ&|`RZrE2Gkr6*j>5F&fwVGY}sPqU=%KP3B}{bufn<(vU%KF?@>H8jQZz4F>+V0
zq*b-r#;lthswD@O0=sglv9;fI?16xNdTu)p4p|It(jZF7diR9(w);M_xF>Ivj<Cu<
znCK$c(OFq{6OnzO)i%2<Y&Ug~mM>0|H=u^UV;0pAijT!toK(S^@55{8=CkLpQdU^P
zZcO5kaDs&adg>HCWd%GfAi}H6YH7Lg)WcLqSToDMXj=%XJ+wuB-~d3ewQ85oh|~yh
zefdZL=7y2bty}ctS2%w@*KiPgFP|+U>t62))u_^XS#@?uh&n6vo?+zH5@|C-zVYOM
zP~O8@w(R>G>lfI*0|L7~UOOxDB~y8a8N(<sZMw(fsKW`4volRMvr^mC1V0I4c9*8*
zR<A<g+AsPKvlZ#Uo_kNdW`OOtncU5Oj8Oe4339#9U8}BLjaVT()9IVz9pzw&Fw9_I
z(A|;1$E8(MQgOC}c;W<AY!jXSuaZIuG7f%TL-UATbDfh2FFdBi9>(QuvOEyq>={1R
zRLP^dOYCdmD)ONl{vpQLt9Q)AbS2~^I@101mE*EDWV=SrUjM=*K#!#pVi5(+)=TXd
zs@t@#)b6el@Gtk>|Du(y-eY<gVvg=zv_VvK>gQTPdKh;;D<|5m274QFpv2}XQAdA*
zYQI~WVw$fWV_~_}FqGfaM1frMZHL>Xb5q#%_gOboO&$FZJuGdVhz2LR7YuH*YdG>4
z{;lmb8<)Qz%+%AxU`|A5FEsVd3q6)^)>q7Aaci;3we`qlJ5#Xf(IBH@V#PY;#2pLj
zFqFB0T@a-^QU{FwN-mzoJ})A)_}J|0#9&vfYg}Y8W5OKtNvHC~@(x0Xk1Zu<u|XnR
zb8!=16Ri6^+-;c2wBxmFS6)7R_ISh@O;v{2nPE!+YBrlJUV@MH$DC*1f1oMRzxQtt
zF&O-I`6lms<YxWK$g0}fea7%=qWggr`pk+f(s#o0YLu3V<g)ti$x<OcDrzVBrr}d{
z+QA`#u4uZ&ud>-p?d&5DKB|C;CM1kq&^^<4<s-TC@A^E>f-kBPWxd0Ua$vunr~Q-~
z8kN#TKdErKsyQQyMBSED)mmQEn(MSy_Z}l8V_cZMyRvYbATBX-f<g298A_hBr-Lol
zMz0bs(k?0o9p9d*L3_8qzE7{8_?8S3H9tU*!eTo+jttQotpsi}G3?pQ`$8u1P{mzA
zLe1~OIW7b5Pcc0@8iT-PP0PprbCpDGERVsx?CS+IrNi^j*ZTU*?_ar+dh$5geg}<N
z*$GB|{Po{8i*A|X`+`tUpY4>@{$_H&2G77wz+s~AVd)D_0Ow=~o{ZqZK$uBd6Y}PS
zS{7CaZzu_v-6-q<0(~yYCI9Vr4e2uQ90G@UY&9>9WRIZ`Dm&C30Oy>ut8o5tMu9%o
zc^Iz)_Ws0FAA}g8kMbzXncY9nWfJM6nBAa9-I~cmQK;RHYp<SF+ip-R45u***vK?*
z;(%VRR_T+|+Y%e!Che*Pp8<$ZAzW(HidlPdzH(XCgE$mrQkn_%)-R{8T%jhqm^!rc
z(S*)|t~~??zF{5y!IAUvadXgcgaDqoD0hCSKMsO4`v1!^YlOZ6#Fu;6(|eX~MYvR8
zmsH-!E24s{k6wacOh3EI>vkFt7{3(&H2l(`vl_T+?0x?f1#8SZE@i3Nto=1?>ZFcb
z1Hv{jzl?dERxKg0?-i0!-lN4OYN2qN38$jD`8#93+q}-=ZBmA!3OTCUk~}eWTl-`m
zo@;;q84AA05yf(YySv2dY1X<dN+Ic5N>OiJ+Uz^sN|agc<-=Rdy3~_qh93S%$+sDT
zGvd2UO_Pw498E9ONJ|n_IEI=C*OW@R*SimBUS1+d<vivSfXMj?dTg%@{#lZDyFm)6
z-`3-{Z5~zPE;b5u=f;vWgk7eDR-ebcqHK~p%M1~TE26oFofC7(#q-MS)3P@4Dj%OP
ztpoqXz%aYqs}Zsd=Ip|!k6-b3-A033Z5n)$AGe$b-UTQt2E_R!bLP&?$NV+i-J=Af
zGXUFRHnMe5N|EJr_uNDgl8vumcu<BcpM~hH(FOMilVW1N-)y+jgA)iR{r18JgBysx
ztYBV<|JSFXv+RBhyRYdp7Enq`dwxQDJJsm+JH~Z;1Y>-kI*AiHY4FowsY%}!kHnSh
zvNw82Y-h2WV<qplw(8PY1Mv-{pcrMJBvYx!ltC$^M-Sj_RY>%sS>iFzZ*G13NQI*3
zHy@-X=Yxw!jko232LX_!X9tu2D@!Mf#B{t~vpRJ>)r??x&eFN<+)2=)lEfy~CdP!(
z2x^O8L-o{u=#?nHe}W``vi^=)KE(Jg$DvbNTjo2p=VDCl<G*WDg{{@Bvo(@Zil+vJ
zYl_Gx57fNVD0xqMCbY=Iu!a_^3{Qw!6{y2ssKbfwmX!l(^!U%0?EIF^YgLP*d~RBk
zW>!SqrdTw~n>1kNonPyJ8QuOXo1HO$BG>-;u^4pm^9;#J&hC@)z<S5>Lu{j;e<TKA
z;j($2;PHs}tJLYOyY~QwW011R<_tmEIa*`C4?{U}<g^}YBr-KLK){wTgGm=Q@>~%L
zMzX%fkS!u<2oC0%k1{qK)NER106eFxKe`VK0rVNgxe!n>?hCrbW3DQ$GPeK)7s&G}
z+{$V%zc2&^+tfPIM;~~2V&`Fk(g;TWiZMOTF92C6_KOnh<8s1~haULTmUANS{^(<d
za2>id!0Xh<83nu=O)>9_QS2*dyL19UO<Y^)&5luZ_+c^J)%amklbJ()latzBN8xLT
zf7HHx5LlIQ(5GQm+iD@65a85mzPA?Y{9=rh08hgIJ>~sQha0&5tAV(NSXx>far?Yi
zHWxJjqHYW5BL~pPgMc9V(%>8bTSKRY7M8S0lq#0yR@dWPNF~L0+5W!u&04>FG;hGd
z7~8k<#Da!9f3$&nbjyhnsE6fSxK{0lQPjLCR&o}i{tPC{OIOVVh*vF(a{5qd{^z@)
z&1vlBo@wp<H&{vxPZYAFCU5Z&)5eW_z@9j`%1s7NWDfryYcOldjqdVTle_nACNzs#
z6C1~doAv2`bi1H92Yh4T*B;$r-J%Ah$51M2pS~(ItY1<B7Y3I*muunsgcS3Nw?7(^
z!H&MGVH?z)j>vAEqd1`Z?O>$s+eZ)(>hTB)PW>19`afFT$B8)pFEJG~t=QAC>o%D_
zYm_5MU}Ly=`}5!{gaF`{o5Rj{0Mp{Y{j8zCzvua45J$(2*(wwk!tL*{Lg~E*c=19x
z@&CJ)-Xwk}kH6O?0)N^4J(*oy4|e;%k5e)5yDo!%eN#(>glgPe0j>9#JDCw4D3rnW
z)*!*<3oon{y8J^~{fJh+(?N@cjQJl5a~C?g?t3`k!8MeD$o8dl0%P0F%}d-@WN$Va
z1C8(;R|VoR?0Fu4-wP)6q}K#|fU$wx`uZT*fYnj*<kEvi0G{^rZG*%(Qc6@TM4|`(
zL~4^)pdb}+V;#Kx)%1f#x|_o*-XArX5d)%y2OW_AmR!Fibq!l~hyEjAp1!P4OzSnS
z`d3)xgDum75tjW&MMGU!{Bt!G`9rMHH{%stUMHLfTWI}Df&OWk1fJ};4ukU28pG&H
zY$qPs7~iOYaxcmfd;Kb20{6qR_}`zXLviM+8#k%ubmj-dl^vh|X3bEUOHtj?POAIq
z^Iyz>1&aR7Wj(?9Y4Ar9xdv<T4MIgATJd=Z2&%{gYpDf@W7!|6KMgo6ql9}WBDxO?
zt5zenffuzB``VmEVucj3Sw1~rLV%Y#m((zyn{Uz48aI7hI&3yVpwf=MS};JG*K6cZ
ztrydSDF(t~<}oFsiWi|b<~vY4_0N_vV5!mn@nf7ZM<gIUQ+Pf=f&cplVx$66mlbG*
z8uarO06x)aVAPR{ggVs2fQMdeuvY{i(>FQj(&X@4ls@IMvkaL714AS7<yZQuz5&{|
z{$!KuK!1aMHh&$P*r4&Z`H%ctAy}0Hn}Yg>pJ$M*XB>e`-o1@q-TOiDoD0GnKXnOD
z;Vu;TpW2ozSMH8)x(9N%=sk<FCw-qk|L>={>=gICr2dab`&c(_!Pwp%E7#W76pL)J
z5>5YkYQX&n6%RZj)%m|bC?3}k<i5Y&%dSg&5M&LbvPl`TJP`uq^OgM@`Ty^fiu~Zt
zn@JJCNDCE)PRCy+AF9KeLrLHJAR|ch|JOnN`|0_Yz}S?6|NAjR$=de65A0vZ`CA-|
zhP?nGsppm^gbk^v<2Xgfk;wo5Rv5@~yI;^woPFKf!?}rGXKtoW02PROo0|eb$JxR~
zUvh}M5eSK-RBp6(sQpmQ_*dDzc^#mN9vo-|_E3D7c8^OwVYAvX^pOq``E`H~>^>KC
zp!Bgn$)Du4-|yFFcUJ21Zl+)WHJC;Zw5o(WD^wlodaY{O*;F2|;!`m8_D^}{k^g>i
z1$4J((eA>^4$L0>4d-ohKi|KK5n!1eB+~hFMMeIE-ejIG_#|>U`|9)`P}<M<8{Jme
zLA|2wS8g1qgK>juA_?Stac*fPu{!7Tro#Wy`vIG7N?1kLHy`B>rUbd{qVI9q|26re
zy{BlDr{3Lalz8x9Tbb|O?1H?$yH)S8Z>N5iJ{LF1R-$wYXG`}l+7m%-T~T}tpzZ|*
zd4Idw>}#|qH_)I7Rj5p&`-<n5BfYRRxsrI`a(kJE&DkL4{5NC*ezP9}xI!gSw^8mU
zxAKlc8F{ebC!oI3d?B5<|LmRc%zd5h+s`VhgX@9zOkiM$yY|@8!qNhbPJ?nSbkcyz
z{(-=<;;=|kL6b#K<zcI8AgVX@hG*#SdwAP<tIT2uw9Kn8`UCoNTpw=wMQP(1T_UT<
z>Y*FLo)Vg~^h$xX41P*|L8m}*GhYSR^*juf@@!{cRQniCWgm2p*3tYu(WE)6qfHh!
zIBW6#$b{uK^eqV7tPVc0A(x<#Eu`juFb6@A`<eT<&t}~+zj`pyjo-7-?khMjg`lkx
zvCo|E@teSmppJn%!2mS(OsL)@N_St>?@QZ8q?B{2`;+?nW{Us20+W9&`ZPX{K-CZs
z`*!Dj%f*?tA8>8MFGxp{mOIR{G4NyT0rq9rSYR9t7F<PJi+)ng3Tu1O>yyzOmyvce
z*2aXRt1HQ%O*9oVpjJx&1~qsbF@7!J>IK-P>Sax0Ne8+&^rC5~P~YHWg;63&ie=%k
zOGsAfC)_9)9sFh=11@=PpOBQ891vYdVynD%gnPO>0n1aOPR47F-9IwqZmX|gLYAHo
zv&p(gQ)D@#hudkAwnOPqgqe$2E9PR>uGUqh&RtOmahBEt53S0g!;Y?+#=N@zWVI6N
zG<Sqtp<9cEa;6EEDraj?Fm#@u-tz*m-k7yKxmsJ3goGsdlTudJ+L8{r&k+}d9oSh8
z63xCA^P5`!mDhg%iI3=P@8bLu^-2644c&dhunpU;5g0HSrKe+LrgZy6om$i^Om+hL
zZBW-d4X=VJZp{KO;SY`HXfoV>V46S*|9JxL+5{oBwi=71{1J%l8p^{AKhj`JI>lUR
z?Gd{;r@l9lIN~dN5%EG?oSCV%S_~d@bAnj$9R7QPqF6PXX%T*Q(|e@jM1Fr(mX5)G
zl!>*Osa&v1?T1d;lz`pf1XF03v{qw@c!%SZvez1WPO`&NweHe&XfPo4jHCpJ)+&*d
zp#U&?_;0+<RvlKQ5$lf#2>n}aHV{>c5MJg`(JYxr!LW#f8gm=qN>;sYdB}6o5~@Ku
zG~|C)&~~j5k@=R5c?<IEVVb9fsVr0yBQD-sIw_;4{bR+&n-AM+pUBwYZ=tgfS=!b5
zff|zf?brImh0RR1sY}K_zPZ&E8YqGz0xI>{QgoZT@zJ{e{S=a5r)dta<5&4vABQ~W
z>7H2%-ZHTs(u?u9j8@kmw_(EQ+PQg^_}(<Vbk4A+w36CQ(N0znkHAQiPrR9wI^L!f
zzS0<enp!CL?)ou7=-g#4zr6!8ajsO^>w=LG&b1-uWb?H6)ue@B--M*v1Lp7S0H8&<
zy-|u-H+-`6PH7pNTh;~uRF?1XnPAd_G)zsAV&Oz8Ft%XHsG^B&?xBY7eC6i0n(vw<
z%yJ+yY<I6t<$4*-8bzh;P$G18Ji^oYph}{`{=)@pscTv-Ez9dPCE_iXefXB~_ds7+
zFDG|Cob-c6Yh7I-ZoT5Br|o+og$fxACJmQ{`uyr^dOf#@*ck1XHhJQ@Oc_XFMhZ+I
z5XFiUAD+LchzJw$-5i`(CbA8>uDkrFi^?I1Tja`NU0*}gwQ35b)a~q&#VOO_K!)8C
zwAn?D{cwhw(chP1EZ@%7>_tJ7Y)P&vj^*^cS@X=Q{p7vwv*yC?C!L`n`E{9Btb0`U
zao9bEn6I_3`pZkFwB#w>>jwd8Iq7(Qo-@iPJY<S|_o80t07a`%rhN~;Vo&?A)|>gH
zt-H+Ngbj*dV3-7uWc#F3J}jj5;WP4{b9s*&f#~SI*{9e+V6Y{JUiN-t61x%5*L732
zyT=DYh)I%(kN+5_!5`5>b#T!SUALPzwjKP6vwx#XA71XITy?y)y4Eik0C36^Ev9)&
zjy2;;C~v)hhKZFh74vFTeU7-Fb3R>Y)~>VUa&C$~5_*^nYIm>1Y_1BRQak{je1?E7
zfZP`f-dNGd?p*O&gF{cLndnM~3d`%ivwk?Aq9jP%Z}*M{Ry7Ex8Zmg|m==6|6~@?r
z+5s?S9;KZB6oEK&{V&&p;0hGWH$(`x$B2uIrjeUlx^Y<XdQaOuwo2_Xg(zj9RUzYf
zfcJ$kIxoSYGQ=YmBi(ZrbZ!)dJ<T<JU9ghmoE~zmSJ-|%ELFK@I3gK}>o9{dbp)ik
z8%@Xd?)mMA0g7Ay%^)(Crw~a=)3|E&NdPmA`nf^CmMq{$!k<#ar4fO$Y0$j!k_u=3
zrJ05(>{V7%e+jE}a3#*se-%O5qAH~{tJDGVy?QQSJFZyqY!&C6z`!N9ZEw=4QbW#X
zeraqa5zV58s+#!hjqb&U>c~^?cc{NIw=7g2c$m~hfU5%1_vrq|3r4Pz$)Z`eKQ4V<
z;!-q(4vlsvVYxVsP7{?C^|*3P<Erc%6sK@Zq;EfB@ufKMXBf##>UCZi&O-%q6+u(<
zx%Kp&zgsrkFIAI>GC=&s&+Jgqip$KM#(<anigmudQa3A@iE7wmE-$QD?8+YL5$XB&
zwW7%_o~?mwBnbUoBo^BTv~6|$LL@+`s5-DTRrJ3?UE6ezufz~{vGFzTj=ul~9c5)+
zxA$Le`&F1?N0-Gv0QOtc^=S)U+`;TDV;b3OS&^cLCSB(Zl#7*YHPovBfV{co9eudB
z%;NO{?#rR;4&z29hiy(HBB3SA2I}y&0s%LaiduEiNX5jHkIsAXfNKB|U?8dzou$7K
z;$FhpGl^ntx+h_zF!#cd$_Ac)BqCdJS|g?wZZj{Yx3kNX9Dc69d{g%^TzYSzc5N}{
zuGN&UCQ<Uy&Dm1G<PH7)<QKa^p@7p!84%Ig(Q#JgcyyPJe0s5cS)v1#B`AQVPnsks
z7>HeY0r4I}8eN_E@Rn8FpP&R!UNrdg5;Ms<qf5vTb_1#Rpp3=fd)8tCmWmWGxcN<E
zNkjM-oP;U-t>(x>MWJc6@7@h3w~~N)e<$C8JyEs77Pz8immIq_z4o^fOi=?ke~R2c
z&aC$!?gPz6N!m_D12g)9V)~`hm2KskNgMCInp!TQGGDC<$+lSZx4CMwL>!u*icA5S
z)m+U)Xv@kjq4~6QFjJ3t6q%XV$377c+oZDM_fi&MJ2Env<J<=gC<N(9Y)t7>NjWN7
z6$#a1V-S5xn{9}$Z@1?R%}SC?M1<MOIZ(C5+F5v;P`42kJ5*oWxm#Rg-&`r4<Yynu
zvzsP7Y^-o_bE~um$&;If)X$0hz&Je<#+|VIYm^B}PyqZEP~+NUCH1ZAgN8Z;pwGq;
zXXwBIlp!<da_21s08n$*r^hi$q<vn%@k50v(XC51khLyT8)eS=?(QNL?`p6)2s&k6
z`1JrTYXDBcUWMLLK}{R5$HELC->2LJ*CTC}8ZZONAc=cbN;|HIWD@jG15$wi0BpwP
z+{E<mpmO46sqkKDbHsw>q&V15xx;5oy1&(`i^S`aeSL_TEkN1dd1gCu{P@{sx!F>M
zTc<qGLo*nqU>E06!g+ZDXdPk!`p;)XJ9;68shGvi00~~88hhFH&v8sB-@tspMI>hH
z>X^x(OxN>_0exj-KIj!189&&=tm}8Wf3N^|BEed@386F?Is<-+2e)2hnSJBH16_+6
zP2adx5*B~pTr49!%`<%0TFg*-to1P!<)qg%FRo0vN)ngM*3+s5k716i2R$~@R8chg
z;QqHk+n0xWy#V%&vB~DlpxwMg*Z+coPvITx?9xKs)#tXB6=td|WpJkIc*afJC`3IO
z3J^_m+vhk*XF|^1(bM?MaO|e@&w~e3W=-YJ$N;BPZ9aOH@^;q@9c!2>X6b{c8WRxl
zr_q{(stxR;O&2<oOCyKi88cO`%(O7DYhq?$yG1v=p}0PvBOpJc$Nb70D0|qQ^)<H#
zaRYBsZx&$SOFuQhJCQ6}nLU<sKEkkC7w(SQy}72!B@~hvnwh^Ltcp5(Zu>njW{<O;
za;?vNGY;tL>Of*9ymB(S=mje?3W#Q#H`E(`@lM&$w-oQ2$G7wy?1a~a3Phk*5Xah`
z)6EZAlj)?LueR@@5sN#S7hDgECt9>u6OF=x(`S|^&s$7Q>X^h&pdQd;1zY!I-o3l6
z__uIhDIurQ68ejUb{l%%TJX40#Kzr?FE75wC)}X5NFu<TD){*c_RW}zd~0Y{Fm7|*
zQc&>~>X$d<-F!4?sRKHAww~~^*&9OwjB+~(>!^;v;bRRH`?Glx<QS2yQ;~PH|4yo#
z`jSyfqE}I82|j7EK+pq*LhO{O)@ZgI*59AGG+c7wWQ}i2c7K$;sQ`-nZg}=HZy)9e
z7<^+g3ULXsesKn?6N2|^SA(>a*!jTivm@8pMae9+wzifjRaRX$y&qZ)4SLkt9b*38
zr`8Yy#2pa7P5fk&d$Um~eZv=UO=;Jd7oR`4+BTGB8Gzh5_^IT`5;m+QZB!hyq)&DG
zAJ>>P&@d+J)N5SMU{4RBSnVn`Mn9GTgM0?nY}Y##M+-n=PHJ=aZ5^yrGDvNc*$vv?
z0oJWTRjU{NS8sX{;~KDW`R}HD2D=2F)n)8Ag5eG*=jk_ZGm%?4s~7WPl-ya#z;b#~
ze^cpj-kH!r{CXe;46EWH2esmqoxrOQHDmv(kdWp$543IL5>V6J*vSNW{5tcbPx7rr
z^pDQWjb0H+f2LW9w4Z&@xt*$O9EIg&MtYyh;wa90h=HitVbHy(S?05E5k;^Zm8Y>=
zyN;}Y5^)RV`p5$rU_6J=g1g89?VYUSktn-bbDxYgu9#hu->6)M+c;VLseOZT*z7Z-
zqviLY#e|M3g5FI>w;HW4|6w6B`M|_Xu0YZ8m2kpnSEj?Qix=IUB!lP)(1JtvfVK};
zU;@Ut*+&)4`?Im<8KDr5YWhFbc4Fv0sQbrxU;)SFV~#)R6QBho{@yzJIy7S-*t6&1
z^P2g4MnJ=B%C6p8W0eS!pKN@52~#qOyBxl8bq^^D+rKedlPfs+I96SJGaBvItFBaH
z?L4k@G%@><88VZ&=@MsK?vQY;VkUF9lwpdxR-11a3nVzk*Bszu7<A&^n%ECGIX*Wy
zM__iw@GHAzsgxMk>MayP6Fx_|!Mh&C<;Z;HoZl7~8f3s-PsTWA2KEKEL+FRewmoNr
z8?~U^PggCLioUkJL#mtABwx1AQDqC(jx*}5){C2duMpHhdb^jkt%fQ<H>xz5WEzTw
z7k(@+xm7<cGO_`8^(JS~&(d%zfFgbK$-%!TNOS5Rr`VHT?@G<YonN-^z{8V{*+xc1
zT<aGO^5_-<ae>714jncr$G?1Wzt*@cAQgiOi;?O>N6l7l@@YwB)CHCs6sDqJMcti-
ztJ~|tp=AvlN%2!Q*{u6{hx5!lJCE#awiHPdeG<Z>>BT0qYE4xV@)J{%t+P&R$t6@%
ztVEhTQ{xKn9t7N;zreI$N6hqiM9Q%N-eqp0sF}U{%1=nHjrW?d=3dxAxP_}eE&D?~
zB`s9T8^jRH<nMT?8-?RZ@VM%<FJ4GS#@F<a`JXZu`t>g^WC&|rr*EeTk+A@?Q|r)-
ziLiD@xOM19qc~GsRfT_lpcR#7vah#?(F^73R6Rn!xdDq-?o&A{uY*Vw%Unshd30ss
z#QMXO1dEwLqlAzFPW%mEHj)4{P>&~33j5&5Q2$|x-bIo@nu!&^=e}AW%L+CwAGcuP
zR(>CT`wH#e0~IaJQ3H5LFN)ys%)`u*kra>Tf_OND%}%NBA+w9~+knHk{DydWXIush
zPnVkZsGIo9hf@Q6$h9}}nDkxdM(&|w1#}+E>!3ACqDRn<3zRDil^5*m^U^>{HviC;
zcot?f;g!x?Dm_FQv1yrmiK9f(B&mi*cA#})haG^1T%cUvd{$s!<&>g(`f0iWaCC|d
zZ6oTjwii~o9E7~Sltsv{)HkXa9IhP2q6SO-EE82o7`$*_Rp7m*(^ri$n3TwJIUWrs
zgu)j!lL``&zPl4O=w$XHdL&Y`L$isYS7WOR-K#?=MwtPEqV{~1Z0$8-WN>Iq;%W9P
zC17+)rp|BA-QPx)cIWdwl#}s=zUFVVA9?s##O<iI9exi-^+aqm^X?7uM4{H^X9hq>
zo&E7P3!k5)e+pNhmie4j8kc{n1!D7Q@?a)f)rag99FiEVYy6}u@L2F2!qE@~11+C^
zIR!iSo{vB(JgmhIj0jD`ppXsrVZ=k+<par_UnlVx^74oaOTYWFE=~@##rrHg@UNwf
z52OtlBx9?~cG4$`eZfsso@joCL-3TIPfUn#VhXk445KSE9XmJY!y7#bEr?Y0Z{*{^
zjINfl>vHHVxd=wQX~|SO{ejvO5_)zmmm5f}q{4I~8~eiVs=$G1rc70W=9wz@J7+?6
zWv;cE0RLW6hCk3)ujyZ&)@-x#XOl-<G*u>|OP~FeI07<-LF~~?mQY#hRf$?fhS8Yh
z*@pQ!U9G~0uM%M&8<w^qV~pDw6mxouVn%LmZ)#fhY-qFSPkMs-)XRS@)FR7p11<?2
zakvO2o2j3_n|4!pMgXM}NW<}7DmNN0Mr;B$m*%Y!7XtE??c)Yuv$atI3j1z{x777b
z_+v#U>Mt+89bIaTu&44ZFm3=fC&uM=r(j?z*UQt8>tMB}WwO^#;@VAxJaANhs;$kQ
z4x^6nX~1~%2MdQ<1>H}#fNl*|(A7|#eB2MNuWvA;%;v57d3KgC>cBpK5%4e$Ln;C5
zd>*vm4T+tl`p^{nIK!S3N+zyO)~DM-$;O-+-|&og{?-}xw4g?DKm(QDT21=MnN=6!
zb&on<x%Fu9GRdRS6;762-i{p~+Wu2}{TG1W_X$wflJU@IIrt)Wc&Vdas<X`aOir-=
z(CC_){=DrhY|MUtc_@a0bwX03q@hzw^q?r%dCDZiOeP<!G)PAz%JNkLSPCsA=;fm1
z^-uNL>r2MlNYgmV-#%2i`%QX0#p>Mm?GU+zzJcTBdo_xAc-rxj;H=y8Bg#)VLMM<@
znEil-yANiihq(H7I*)M9F8p{&UlM$R1_~4}*t1rkw8tUNorNWG$#&N6SA!9cdCctR
zf*GHvd~l7=&1)+r{N5w&`>h{~jJ!_-k<$WQunRWl6vE!l5Yi=^t&pIuylVYCB0jq!
z?{#SDv?JmP9e<raEdxIkYk4*#X@t_pn7o;istbj<NAm8`1?X+6D+a7OL`>e-1kk?`
zb=!eeO^eD!`&WS*3d!v4o*|h9R)KdqRf&&oIK|PB0>XhWrMV^d0qTs%D>5{V-7`#w
z5$jv<>*ocPi#_^$u)d*wzE2nq+a8zxB1bNkyW!nu0EamF^vXZ)B%X316WMRT-%EuI
z_&u3tFFFwbWy6cnw~8Y%R=;zO(@TqIV8z0Q1rolGxFgzTT+u#UVGA3U6j5Nc4KNfm
zr0ydi9m!B!TUVF`Njgvlv<FpNJys302_6)WtM_n&NOXU@Lo{moLZ1l%z*_C!kate7
zQLuIAjg^!!C2LTNs9&LxV(=*XXpg87F!dZml{sZkR@s7vhBS{Jh9jd;DwX7<^4n$*
zFpYS#pk!>2Z)xaE)Szy2_`%3)K`tn#LIsP2$Z9_>Ft>Zc>wEWal6hdx_tL@8-8m`U
z^+fn>ZHF6ZcxA%-nhNFKv%&yY57DBS%0ve%K(ZMQBhu6UO^g26;Mwc*Fo|$u64G)F
zljIWslTwRnN2ltRai6Skdd%&qGY1@YlSg0oWAmNuNr*$T>^;;Q%lO)G%_L1Ga+3EV
z9R>U{8CZFem=ZdkNl#sjpsWI*ocYRaLL@Aok4)y=v-oYAp9*>vM=F<P`1P-as6kFm
zdU^I$RFs~Bn=KnN{a<GpxVkSodmUbj(0G)5G5ZuV#s=Ql?K!O$+GJMvX1MY{>gZ2D
zbyNP8kVtb-F(||0glyzJHNl*A<8TbDGx=uNoQu!WnfJhs0@+46mjO+!;n>Hj`y}>c
z{*`O>UR2-i;4$reW@Sa5YGFsYip37o*L@32Fbh#l98ANGcI{d|n^d1ULbm#i_E9mZ
z6YM>=6h{$H1yxhb3&P`){9kbUJScHwasFcTriPY|bXsU1FN=6)*$ZLY)bDs1%?r8Q
zsz3q8+jxUZizpeLM$W^fSx8O+OD>F52~VPfQAcd^rGY2Ju$6=)G=p-1m1FiktQ!w8
za)YPoGF-oCEgRB~CD*1>(qoFLT%gIpTo?oG0RB2TS{|BCBX)bz23zYc<j$AV%;r#_
zlbgwb-zl^0GBF%=oH7c`r{kG*BO#Xq0N>8g$QJCIfelS|AtERs`h0n@{vb4IfPi&z
zMX*O)yko*lyfZ{?pz`*L-ZO8TxjCYysZp@t4>r?4I{(nE+|I<|r)&{jmh4xhRC)`}
zt}iA8K>RN8n0>$!c*>T}yc}@M;<a~ZVy4*u4#Vy|Ep8izIp6BLlxZ5`*b|<ZeHMj5
zevWh$K^khH@OD}MW8KkHZNBz<J@^C5-&QRM^D9}+UO(B-BOye?(g=_A($m#-Lp}Z~
zuo~k?*6spy?1!`44qqQ=si<y6Ir=zjB_0E-!1z+B!3*>Z_RMJuh@G@urq3~+6~n1G
zc7^(O@6>nUw-G9iRCa0!rI;pID{UTAk(^*bkl>LesI*j|UM{4g-Ch^=`SPQxw)a5F
zVvF)}-bfZ<29;>^05*l$eC3l@kKiP{@#C!is=ZD#b@L6jm9F_>ePZaPlH`RKfZ(h{
zV(a$VW9d7ESJxXlxM_nW`e49K!G8R_Q?~+6Qjt?=Uy5KSD4!XHYkM>v&K^lXDYN<X
z^}V<awwRK^HtiU+UfCkaQ_6~8?8pBY@_5(gZwIfMs8y#d#!z_W+Ujr}C%g=0ru=d>
z!e2<0yH-{@-@elpF7^xBNj?Ak+U58OU)9L@htATek$M;;H1ft(4kagRg8_3`S+9LP
zgH*mH*;_7!?!-Oz%@H3RGJOPKm-i{fOP}eM`mLgN5PPIgnYrjA9V4InyPr}(kcV=W
zzu*#|JT9pIP#b#;SC3>1e~YMu=xP3Zo7XpP=jg)NVd#P)EaJOFE;VQy^4YYk(BXwz
zur13Ni*62MNi^q^rjd4>StvlLYdqE#RcIs$N@5+_e81}ai2IHjVRfEmWzKprT&nTy
zB=42j5S(+bOPP83v_IG$RJ9z_FS_>7V`&>;ZvZ{<(@^3VTh)j<O`xV756c9PxUsQe
zuJY|EZyEl~pcy^Q5>S%BKg4})N#tpPRkY^26JlmxNgnYrX=%r!8m3UOY`os=WdZ8M
zhVg!fa$#&eMINt9QDox+#ot-zgZhp|l@R_1TRK&#YyR|Iq6;9Kp3`95uVxg(S8HuU
z)JZL+<FY|kwQ<wm_>k%(b?7n5oY$TqFrQmPd>mwGsn`8k*dvBW932T_-+n@b7?nj0
zNSeSxGvn!(H${{CFBzPTa)l51WQT+=Ot+rbI7Y;QqLn{w%{V**;WSK4nQfDPPIYWI
ze&HWbM3w8ORhY~@71^x#WdNA=Rx-W9#&=#&!w5?efEydpA%9ZzGP?E4mL(`;a)~3g
z+Qj@l=cTQzEtq3cGA8+r%(Ju)Rdj{A14RdR${GST^k6`%%)SCdVeMi+{HDXs`O8;>
zCl>x^8_q)>OY!K!JU^wbo)H4p`22PG#K#S4(Q)5<n77Tw&R=RY*FJXMFl!duAiv#1
zx*OrZjZ2UU;`n)XlF`ck>A7T)I-XGdZHn3IH^g{iazLlY<VU%#UV`d_9#8K2FUD4u
zJCo8=t0W!=A~IFqS=!Hrb1d2GdyXZv>;{EdaXIWWJJtLvpz%vQWgqOs+JZzmW4^Bt
zHHoy3P>rnfGVs$sbyRv@*5uZF83@elJRsIzGop6yUFY@EWko0H%w@6+ytl~6t1HX-
zNsFs`Po1tVD;#U7%Evi^GNko#i`Bm4!KrqN9*lgJe0nYoPvF<3;V0Sg{%>`K#P+`4
zrmr;57NQ(D^!JZHO2iQc@GtY?Ybp}3EYi>qm%4z0$nNvk!a$?(G{3_YuinPNU@n89
zGajuf@O2dz^pE0?z!G9)=H$2jh*Ca}i3z7j?7hx$z6Yjyqp?P9(yx^pQUcmbEN!*z
zPi)nwoD>l3AS<7I90NQJmYPr8-+6Y`X6uSnYIOa1pEsk4NvsB3A4=TUEV)v*eEGp?
z3YnXUonq&aWxvg3_u&Mgw~@}3D`2^{T$)(pc=@A=fG0z=eWf!FMmxnO;N+flk!bQi
z#y-YzVSN;rHNW%UqCr+?-ERR!GR9pZT_&u~<0_V=pDY@pjZ(M{E`90TngGbE<5!(?
zyudT{$8)~Ql|G&EY2xw<RW^x$&qThXQe@1AdU>;vQ_%=YNZ2*dM|)o#0)#xFJAoF=
zk8mN<+~wX7WcY~v&tbLKh>5^vi$Pw9)s^{7!ij(JX0P&B{3eMP3Kdq4oYkl!?4}Ck
z;ErC#7#cORG*#5+tkb4?DM<=C*&LCqqSgo?nmLg_5yGPz@mqej*NwIF|2jMKXei(R
z|Gy(qwl;eR*@+O!Rz{Rvl6{RdvTs8MshCodJ$oXu@5@+5*|O6}mS#*7gOFi_!QgvM
z-tYJK_xpZ7fBeqxKF2xEF$XjEeP8!=y{^ae@q#f!@dvZfyXvY^r)Z&uyT?Y<V~FN-
zJKF>FdKL!Di)ZOSpLU&fPzxFqvz^NtnhHQRwm&_w-YcmG+2Fd?`$MGMz0}>g{jrhS
zK&ggZ&rNKLVANd}O2`Qr{7D(ecq|mbogr5+XrN=jV@W{8D^!-<G<+Qqpfa(_Z&76%
z_`cSFjD#i%T{*UK?a%If_*sNdpu8C6mhQ$hTV2%`4mSxF>nMtyImBrH)>({ff2a2?
zv*5z#GWD8wBN(JkUwyXeKaJ?92z!eAPI<qRb^An15V`w1V)9kQmJEN_vRE>JfVgu6
zZ$P*K%=iRnzl2&bZe|=)YK&#CAg_VO2+2dXvbO4eQ~og5_o?M{yFVk=eLuB<Xi9PY
z#yO|&02ZmukR|>%@T-D5Mul3oRGJY<oo%dGgpWw}&()~gl0#4EhcL6nuYu9(g)!d;
zB5KA+@VD18khuu}AZ^Go<6ymDgfivS27<zm!*HJVQ?%NgMpnwe9HzniIFq$af%AIS
zY+pMS@lyzn`Dz{%B@2h3!xdS?N@~gL;a|IT_9!JgPkVs)6#GfbB9xN8Uy=aZU*<xR
z;$oH|(*7B0D^Pr1&zXPrfDz8;*%_WId)$-44O?~}%y#@ldm8*A>3}z(Ii24Dk63P3
z{&h)e9tsa~Bp(UsYK`RYJwv*hrh1kOrG_90V-c%|7~8{W{Z4H&6XY)sMXl_{sB=;&
zx%@*6?Z8Q<#5wxiAt6F2@%dbh;TgQ&dMAkfuF1dN`b#M)Vg`y*?f=BO7@;PV-eZ0}
z^+LTPxn*mpi(^oye6s6u9N4c-=^HDvU0|QF-I_l#fgYd5ki{!xOPt9csA*h5jl2o@
zX3ec#2<PNquh^jnOyq2P?wfQT$?>QeFUY(o6Apu@si_zt3!o)L_N1AfXG_jJmTi_D
zJPsux@H}l~CdZ5qm?vTFD+!K|z$XjJndHH<{t3WqNoK2{MRcYn>rgjLalj#`KE5Sz
zB)(vaB+IXn*pn4EFvGZYR$A4MhxA}An};9Lp-*?Ay#F_=b^2=-Cj*8iqu03`YyCO;
z0&OcV_#3}*Y*Ax5)Iwq4AH&xYvus}fMm)%c)Ayb_rdZf7v~e2zBp=Wq)bO*zY`YLR
z8Nwl{c;fL{`f=VoHvbUAC=Z5gW=F+I`8{wY&AtK*UYjx`uLtPa7^dZ)_|W`06M9ic
zr3R<K0}`+Dc-R27@}TW@8p|1WS1Ug7dBNe3Zl!I9ImEx$lSqiRVuH-fW2*76dvPG#
z3Vv2v?TVKtx=qPy-V+c5fA3*1Ko;ra+kWeOcts5*f9#(dte}CFRh&Er=*Tr%Davpt
zXMtL~-u9uKeQ;?`R_KWNb<;yh51q*yXL?io`Mc<)n0A=^4d#^+hvrpz+BU(zF#{G7
zuaBIi4m|4qO+wp8Se}cf>U_w;6Q+4IQJ?8mH1rq$xlmlHT%F~&UVuw~R*|VyX&<^8
zxqPT~1e2a#vl8*St%5pERJ#U6l6KYn!fx4hB;;=o%yFd&^cd|Jq^-}2{^a|e!XL$&
z`N)I;*H)>*fQ`rtH-5Tfd}O(0i++oIgIda-zNG&ch2`)^fAJ`uspim6fQXLXeZSjY
zh=X@$T6FOF{8+xdRaF3oOt-(ZJWsDo79E<qcO_h@u*HiwwcooJIcw{R4H*N?9K{!>
z;IDVocu~me5VDe9wQRM3^DY5hb)FgNLmCTr_|Sw%ur><KvQT#p4c>&dqTA}>k5a6O
z?W(^|j@vUzTZ>dFOo!C(@Z$<hl8GZ4Gk)|xDS|N0&jmx7BCdSnrZ5qswCH2?ICxeL
zS3IQ#=lBu$8uLPi?ZZ4fqmOMOzatc~+7;%%h2oFF8YM7${J*ZVwFZB@9e(A}-rW!e
z`+6Xh+Hhzx(v!#(SgafLtZ!|!4X%?(pJvW+!3wE;@=x0l+&uJRuW{~)5IhfAU@6In
zUChjnrK?d*4{6g1oQjC`SP^gZWqvGsv<0^Lc6k>uI)Y6Ri#>&=sB9^$DG;+TYeWb9
zj)M2#s2W~~b?%Kd*-F9}<2s_8DoPPK(k35F7PR;psz}i!4Y$oL6K0FAWO@DkWM|v9
z?(6IDa>!IqhGk;h3>7`&76q)Ab4pc^HC4>3yIrD8=r(f4$EKyQusR#=Y#2=!>quhc
zUBFEEc6SKK<&@2dd(+--fV;njlvrYCJLxcSU16tA!#VN<|Bl@{%pzI`Y`t2q#&==S
z9YIj&k$wY|0(1MZYzRPsj|bl5d*$!dicE(KXzp)hFy+de!%lh~k791C_~`I`Gg&l{
zsKyE<lbJ9>Q{Jz3G7le1p`F!$Wl3OqXiXc!)}a7K&7w(DupBs&=M6osEFuL6&!LZ&
z5dXDP6|o$kfjrcA<u47p<0np3ZpPhepo4yX?+$ohRdix$MA!w0J77<D&c77_atHbk
z#%2^gkcLOa{2_yno<`o;q`EC^PdDF_5ET4@jIdS+`1TLGyNhG50dX`d70Mh2yed#;
z_>I_S(EfONzW+F_9ia73tYSXMq*)1PYlJtRQGEz{(st<aB{mk_WCF?Dr`V_4$%b2`
z=LLOGzXuD0fBxbH;O}})`8_yFx@6XXU^2#M9e}96t^z=oV_lk;wCb1N`%HdOE>Y@8
zjV^#$e;^-ACr|D^PdqwIQ#+>skkbDLe3Xii{?D%mxsm@Tq52ODO66Bk_s-4;L(k4|
zm3kjQ(vAgZf1$9!UoGBrBirT_z`opMEx;Hj_Xdrc{s4XeHT@f>Ht{=ysSlB|p}A4K
zp}-df{F>T~mDJaUs~q?-z;r-~stzHSw|joZfRnMSb-){+ks`8uC59s!Ir7YQjE@$G
z&%kvb01&L^V~^{Aq$x`&ZzdW&B@AZ}s%H6${T2KMzZpa2Ua3pIgES^t2IEhpxb>8^
z(`Y_UXJ<{P30Xd{Jj4;9^Cg32f@W^mwz0?t@*^X2SX%f!s#roJo1A+0eX&G}kO*rM
z*e()2wOEvw*D(J1+hsEPc-3^H2A(=xZtDEItl!%KXLG!GzTZN;X{fFCA;TCV)2!`7
z)&Zj)J_AD<RrrjWarBv(B6@QY+-53zF3N@I*ZTVhHqu^$Z@dl<bKZ5W4B6^<w%&VH
zjLJ{Ix0?$|FHJ?eVRjewSkh#*7JwwJpLTHu0MdFM*Pfvu;cfrH?4c#5>5-K`0ZXsL
zxjtljUQ3>w{?zwrC`*Excao@slBhLmQ1UYaW`NVFDs^3!ajEJiG`lxO_Ewt|+PKZ~
zywqIY0)n*<EJfqJa1DR}$_}V{S2-HWFr8Uo;6L_p^2T?SvJ*pU)KkVeGrqgyEq(TW
zhu-hE^@CoZaW$7FN?-;e+8>%=)acY1McEj1DwL3n8_Lu$0PVr@^!aUt7Xe(=@*LLv
zs1{%eRksW?)b!OUk9y?%{NMR2Gs?Y4nA04o*{75(pM<@lqOhVv8vK?rpntb*Sui}e
zWNNbL*lp(!(*l*Res@BftbZ;$;v;JCCezU9fSuU#ok6X6psdBE{LcV^(<ZUK_Mwel
z(eT%ai((YTPTGOvB)|((maO4X&Ra(={Jv~vqqr2kK0YxjU?1G$pQ=)31=7R`V|&i1
z=ARr!eM)8aBA_NE7`zALi_4y>)#kQR$$N`I%kvaOojv@izQd#oReid*qdKLqi6<;>
zN{ydxY-03h;@uR|_mFzaFdbLKi$ZC?)-mEev(0O6KiOT>-&uk1jh5ZoNCBqSJ2c@Q
zPJs6CDg>?m(i0Z&Q=W8^pGf4e4(O{WI=Km21?c$hF{`(zzCg*4a=6s~0Nn?7S!Kv3
z{!vZTqa)bk>OAOs0vpomjM-`5np`Hk-H>GRDyh`GKX5IpOT|+=Q=i+eu(!?(Sa*;$
z#fsb}rc$+T6D+2EzDvVE=+QGkT5Xk1y0*yuu15J=;@c103MJ_HlT^T1=)Uq7loq#j
zLh#f0(bj7vS2m-oY^Ocl7JYs6OHBJL1KdMImzyaKpSWGSgBqe3=j9WNt4eQ`>fSg+
z;k}U8A@0KRMQQ)9EsM`KrY0f@I=6aX=MW}SCF7#2oRprtlroH1B*tc{jlLVgREF8T
z#;-{QdS(6Y@cYOLr3JV4f6l!nySv39l8LWOXPL&LP^yq${2)hq+2hr7EG(d!`I=V@
z{gA>$%PR8@U$y|6cYs$8xT%_#fxRF)_Y=4mqZ)F?B>A!Pvk(()DNRk}6v{gtv%aJ#
zE+dYv>60)^JlEwc?!P<0c{n`%TVrN?X#3G=Kwq(@09YrH3b^JLjP<T8_@=hzf85&K
zMs{}w>^bHV0zSni6?|3H4G4bLjPLN#<q<CEFHI22|8hCi+}+bxH$9keC!aM*DO>d_
zOSVn1T(WX!2szK{QYPI^GZ)f$?-6G6nPQn#fi)2pYL{b|5YzO<hFXct@=2Q#lI?q+
zjL;Q^OScIsaNn2=P+!haZ8Cg`R?fB?J7-Xu>08uG?bJlY(c}zOxR{E|C%)#h%V$1m
zL#uK;j=`B<l6hf7|4YlDUVJk6#((GK%I{I#Ko2@X8yvpFqqMjtv1QT8c=TrW1xwT(
zI@NbOLg<!dQsZE^>mKrpxW(-!vHZ8sPrFHe5&V@H!cO#t5(D%&5wp+G-8`*o@B1z`
z>*(`JfcSV+M)0urC9NdhuM5Vtw}Zp5NAD1XWL^u7dXCCERwC;3K)UZsv94j3nP`fw
zg7u)X!xPi!X@r?_<PPXm*0baj=EEMQTXXh>nR<K6o5tqrU4{MAi@ljNcNOvs45lyL
zDb5t^v^9rSntr_#1za>>3(l2SL6aa6r*m839#ky8{Z=r)YNfWwJ>}e}#6nH!KvOPU
zvm=rMnmNAHR-qA_^FqP%ty)awcsZi-s&~RdoW2LouG;*euKo_4zHDISV0uC{=a!$j
z+?;Qt9=hyLWiD^``91k&x<hSh$|w_hYj69zHuRo{AN&1+Mhyp>T8Dn8P|uQ0|5#a;
z{TFCy2~x0pQJoC{Hnq5NbSXtTN`2zEpzBkchysFHiiQ9%L%`?u4%f1qyyvy;<ho`y
z6BYEa?<IF>vP(5ckjU(|iq24oY7%4Wl@qHL!q_h_T`b>bKKw;W%T^cHXbz~I#)A4i
zl00YB(-;2x31z8lbWm5(<vUCJFwAAI{<`!Gc%1#5A})MV?71ICN`!CDvXQ#%RfX%N
z#uqU5yW@9*KY3-xF>g<~Ej8t=hO5<?{4rdBsI|-e-1-Omq`}9wIu6%ekc-~V=59o{
zEH#dQ#ZtSQ;L%-aegX_cdut}n7R53eZZD`fYSB_u?~j-PQaUJbriX9U@Z|HGn2KCv
z>$lxj_(;<wNas;>t<rb*%>{<(ZuJB;i^n?elb%+EdIz^q_D~n)pjwgEFF=tH>27*|
z#agM%d)Z#uNP5w&#IS7u)&7>*0O<cy+%k9vPnJr^1oYPCyc@C1RSX({OZzpCN+>y$
zCE+><NgnL}Uwgl(9SOL0qu$zt+0(M3({i(<u54r{o8N*sFWS#7G98tC-?IIYsBOg?
zJxs{%;%W>S2{np!LrYbWjh~qv_m@C=)t6s1cb)f{(AXq)H@MN243^*9;)(Xkf81xr
zuWufr3cMAAt~ME+dUkCSj4{_utqb7z-gl%V0E>Z#s(*1{>SO&trxjCEJX;y!VofOR
zwSg6x2H2`%ZIFS1{26R%Z&|na7j3hwTsN*N7Xeex@y+vvu=X0Mr!@XFbycMWIRm@r
z%@^xrp;cwFSuJ#>jte_h<Hi(Or1~Q3W!^Ui(m!thx_8cxr+&0(+;TJ&dy0pUt|XOE
zZr`MT+XI>e_K(G7)O-`Wl76$r{XNz4;a|Q&R`BRVFW2n`N&cd=Yd4N|40zZYp17c&
zJsfO!$jieGHe`XYNNreSNbg&j$kq-Z&j>7Yy?YjaG4e<SyNX#{DGr}hV4sxnjpCGZ
zmqW1dnsrC=TTkeav#MXM-3`$v%e0;^Eff9<e(hyjhwS{Et#rS^-DAm{-w0QxyW7^@
zrMw+jTV{=QzEDM&4X#HYfA<bzs-<#z$n-v^B%gPb-)F;#ej{?2HseW`;gx?Lf4_0S
z6W3wanT10vCdKaqX$xpmu%*qf3O}t6^{J<9Os$i8T4j=f554=sNK~&8PS*T<==zyd
z3-f$luG;ZiYj0mQ{}7IO?mUstUNFvCL~uAdD$Mo7XR_Ms#p>X&G-E;4a;fQ+2asF!
zsew(6G#a4!v$Nivri5>;2$&K5L&l1jXQQ7(g;Itj7H%dnO00ba6O{qW!gAFIH8y+O
zw1iz({WuNOv;$CcT^{3Vpln>6>{;oZLUg{BZH-|_&42kmQKt1Cm?)Lf_Y?xMwc4#V
zd?Q+zG@@euocsGiEUXqjo_hQk)kMSo?~L;xdbdGQ$JA)6<`Jd~@W{E`W{EznWOsL<
z*trvD^I%Ok_$HeS!V*4b<~M^aF!Hx{7=Qa%PP4};xNK^2R_gYwQf!*l;_R@2fNMl;
zp?KkBTC?M6C!|#@(*#SQ^VLMf&#8~4?v<>*l;a0U2yt1%2wjPx=u9<<c^h>*{(An6
zb#_mCVwO+FAs<J=kJ7g#T2%8>Nd33$iG^hy{dMcN%T^5r>T9vWz<PzBIlP1=l*}83
z#(-5m;I7leaPUqk(1oMa)BpLP^5L1(+L$uGAEg@=?(4#$AkO?s@ox*AppyojZc1>U
zAdE>+mk<tedH@eWs-mhsmU8aRAWgA&79D-A1@;?B@6DQX-x-vJpvzg*T?S<V1%NIM
zRP3Y=(!P<BlHAbJH2z9YQBh@Tsq&)d{A7lot1@_pZe}kH)_-|kZ)zR52*C$4V{VaI
ztPO(WGE_reFLDA4lo@GDlD#;f@ymcm_*_2QP26Nw=CqkhaS<@V$!bl7bZKoZZJ84K
zX%S7k$Q0-&!hIlc*h%q(5$#O0FRR!OdT9|4Y<hQwi0uaV#SSn=4*pK-!srP6t<!Y$
zyWzhk37$J35sBz_9ZZ*qDYbCzylHDE5gtA+i8)$yu9foRr>DwbeiTc63Ji26RauU6
z9H)Z#XOzR9R-fB%2|}#-?d1qz`6i`f0Bst-J!?2I`9+vY!hdR=eKt^)i!9X%tGiIw
zV#+MkYVMrx{8O2HD)%Ix->W`9#&)@h($4E(zBu!6^&;t`d_hAyH%qE<Zf5l5OV^=i
zl1*^v!sK$Cb)O@@mx{}y3{}^Ln)g-v3m3z3zF?o%AuA|&j>DdEY&Xj^|L;(9rRyf1
z=Khfq{9#AXi-j7_dz>^>?cs;-cMNwLY45A=OAkk0LA__6s^&?<_PU^>q%SZRg`&a+
zeCr=Z2V-!cS2}V#6wxg#lP--5A2@>~<Rbb&gTWH~Gl|harSP5pMs4Iev^9IZsXR*<
z7u>0joClLTYKPMS{!19k`c0`R5ttNa;dBnOc)DiE)xTV|{en}sZn#P^2C476N0<fX
zuyvc!kX^klcyeCe8)TNmXjUbBL5B|gOqj6+w~g+4u}r48IcoEGQb6>V+sP`7%@%au
zFykWNDvWGiAc+#<*i>u~k&p{PUi==M_FjZzoYIK_75{sP!Xg+;a%N!hN2p6Ao>1KP
zTrp#jGXXu~`fFo~-8%bK!<lHU$u|sJ$3HyogLMP?Z(*aPY#c2(z?&)OrCF=bWkQg$
zIX#!MSKA+2T3~b0xQPU?Vz;f`&_xVK$laLIctBNXgA9DX^z|R79^hI7YOC3I{XOE+
zcd#}@^K0c(Q$@a((=RDu`|c1udiVOXeTfR0^e^8Z#<VyMK6*))8QoQ92&0GZ&VyD4
zwSLA@0LZ?9@?F2V_0zVPP`_D{w3v;ViE1=Tx1Osbubg;tcYOyLem;&q*#oxoP_j?g
zwt?%!O$R1D;@tUIwPS>T$OW;5jp`NBv%d0_dVBAZ{tVf+18Ie4T5D%1%`UM15MJGI
zSNo|k*tBG#6#J7$&nkrbc?BVli-D)#xi}3}49Zu7S-|&cL5uNhKY|E%=-R)aUGOJ`
zm`lX$3UxXAE)+kZh#mH8GL=Kvz4>x!Dvnkm+0!lXYpuBTk2|gB5f1u1W<L#6oi56<
zE0V^|ABixRduK*$-RD{7@Tq)Q*8Qt5Q>{+(YY_>D87|y=JuQs!EN}*%+v%yaAd@W7
z!6HBQC0adLH-NeQLlO>oK27N~-e3EXTBVN-pKfHUDn(*jtcf37yElo6dW>=Y*$3;E
zX?dpoe=0ULQiGJ0Awn{-S$M54r3%yxuD(!fWgSa9MBT;$EkQt0fezK85`9Q%xB;T1
zF{P#>AP0}Gt<T9ZV=ud(h)5pmyCb<c`pCn_@3ojwYtpA3!hIF9BIm8%VammU!QGJ}
zF&|c}r1f{gcO`_iYD0-h5})oViI>J%Vb&*}XYkpN&g50GoYDokT!;(wmdiJMm}~U2
zx8pq<HNAbZN~Z1phr!mf4@S7inCI3+mCJj5mA}M1rM8*5^wJ;8QN%3-mUyLi(GIF>
zO=~V}+KlbIQvYH4w`>?T9>mRCpZ9F*=+6bKBul7IVR}KQri)9}j_xZ7EiV&amtD<A
z_I45rsPR&Yv~=ZXIzOW`b~#Shetea*o<7tnG11n$y$MJ09nMS|4cnLOCiN*8o-U7E
z1#&o@)|HCSzVTLfmX*7UPS$qlVcN?3>|qb5aa9iK?oc=8nMxHR=N=33O}#JOi@Pvc
zi+|^6f!1tPb(#Fr9q*9}Ns6=Pk7R`#+m*O3`j(3*P~fi7+(lGH?v0Q|<jpxz0zB%`
zo2zCjGn1lq%5;>t>Vo%=)QnN#pU-SnN=%lw_~*NOx~FJhTkWX4ZeroPWj44MiBnBY
zJ$5*h`ycl4&%E&IxEDT&<{RvF!rlPbJQ5z0PT<F)boW+Qz}S`QLEZZAA;3!Ff&Jrr
zc&K+v(Xe;WWha>6A2ldgc_=Z{5)z*FJn4{z#{a(48pEo&?|3=ClLLKhoxhiT+h{ty
z-v;a%P1B-si%&~yt&J)40@dw%U)zFXL76t|<043(y+9C>vy{M2f%aS;kSTTj=bs!_
z&rLI)Xau_-2RTJ;xk#!>hAVJL9a9nE9N=aJIXW=^&$zuqldX;B?tSIiUj1R2Jqk3K
z(#VVSgzQ5-cSu8ia$z8=l!|Pth=+gQ9f96qX)Ma1vw^b}>XF~to2BvxYJa|4`b}2<
zILe5`(jV%X!KeL=tHJ4i4U&<++Of6QOdZ=9+M-0=Ee0|_U#Y^=Q8V2q`Jc45|CW8g
zsokx_8PkO9^qSZ3PtZyWe|6B232r#O`Fn`|n8oiTTXK?CJUhyW`$dXKD^+O5_;((B
z$1v&mL1D0>^zpHQ<OFaFexz5iImZv|zo3})TDjRqQL(1aYuQqW_58QWHJ<WaNEIue
z;_<Ic-@7o824FXbYSU$;th7Kjp}%Ec)EpVThZ&F#gY4&|pF>j~*ZgUjg!kiatzUs~
z#a~B*ZcwszX%yg5<^1Pf*&I=iJe#G!2EzN__dTr%h73Pe;D(pdjLik)Ki%pB?o+w@
z{z)rHG;+EK^GqxC#65cTkD%*Hr0V{+*oHey6XiYT4$)dz7u2WTM^g22X4%yS`2~?f
zEo*AvnX;DRI?Zi6qCFy%!oGJgY@R=jNFjp_H^E4HelMARjTq&vJA0u|H!}J*<$_T?
zV>}uIttmsGdzs8{+NBi4oG3I=TGI5!zV;etGX>KMh2Q&-g}q@aGjm^8Ex?tOSNNw)
zeZshMs{}K$$m47piuk7VjD*ecFS_8mAfkb<%Y6q4+szO59eZ0^7QFJ@sV0^9gW)O;
z;u<cKJDUIAr(IStGw}NGrb6}>RGX0aMa3Sv;yseyzqN(BunzY)4<ps`pp$O!e;WHO
zp1<~kH)wwWCW@o*v}$c-kn`dsn)h!KTu;Ax(4j#*{9rSdcF@?cD>mHltsE*UNeH|b
zM0VHEwkVylVwKX?%A;1BEr#qQlHH+qYpY)Pg4NJe`TaBGtBB)Sdqd6DIMfp!LyN^2
zR{dGq=`~xY%RF61dTX*qAtWyE%OO(?zgD&rnl-64wo3koRv=zbr&O<(D`6StXXmAd
zP&~U`Zd-ebncE(A$w{~LMVa&v`2`qZPQ77yi-8<iMQDvH5o3wHH6~`@5gu~}lp$WG
zU$|wMDUS)oCE`n|WI9Jb4_A^0SjAkqIgu~$|6$fX6KQSAWiAgq%~WUg(HY<{sL8#d
z&02gy(Eu!us0S0%JK;`WB8AO&5jK^UbNCp{8uHw|(95?2+ym4jf_A{l+U)$DDApch
z8t{Jq9F=p&ISj7-`2|aK)K7tWRC4^=Ac+sry-!QW2S;S`c6|5?95=2RYL#g^Jo+y;
CSS;=U

literal 0
HcmV?d00001


From ec95935c3c874488cd36f39fe020573257b8b2ab Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Mon, 7 Aug 2017 12:53:59 -0700
Subject: [PATCH 03/37] sync

---
 windows/configuration/images/sample-start.png | Bin 0 -> 94324 bytes
 .../lock-down-windows-10-to-specific-apps.md  | 154 ++++++++++++++++++
 2 files changed, 154 insertions(+)
 create mode 100644 windows/configuration/images/sample-start.png

diff --git a/windows/configuration/images/sample-start.png b/windows/configuration/images/sample-start.png
new file mode 100644
index 0000000000000000000000000000000000000000..8ef9cc928c9559ee98d7e7801bdda01bcdf68049
GIT binary patch
literal 94324
zcmXtfV~{9K&-U83ZQHhOn`dp?-m|uC+h=XtwvBJ^=dJI@)YNoWPfd4{E4h+Pgo2zn
zEEE<L00022q=bkP000mL005vQ1laFLz3lSI?+wsNNn8k^W*X=0_W{IQP*(7FDh~S7
z5cKyM(q2N-2><{$^uG&Gw*WZ+0N|%sQbbV2UGLHd)Zf(H<JrkaXGQlQ5;Tki1l|@9
z>feu0zJ&Jcggi8A5p9xC6l&@|NUDI4zW_u40wG<eX6oAA#WVkm*NofCWVV<2^<?bT
zwTJ5t=ZSaC&5O6=G;F??6DBACp%ifvC8E@74iHFMG!wRD5^Pa?S_iEvp}6EY<a`;{
zQvy$M`F$EJilz2Z#YWnsSs)VW1eY<;kslW>La|IK^)W78p_B}+Ofr0WWh_o43Ti-5
zptEnXe8>`nqdI+!nD2RUIU6rvEPj~}hm3Zdb9`wHv?8a3{5e)}&SR$b;9PUa0G}mn
zqaLvKfP&*vsny=NxNGxQAzRe-+QoMBIg5b*nqZ8TSWv1~ftI076zO6FDc~`>shZjv
z<p?s2l~%J7cX(Mf)kjQI-sRCqdqSJJx=Hii#}-#Y`%d<bkN*KObA>ot3Ind(yyerR
z3;v79OS5kZ!=nD@(f&}fybZtoF<quhL&dc+esc~^J~ToeVszGOE?K@BRh=QHl9HJ)
zG$YJKTbJ80xzT~snpRa+L|#%EshN_gG@z5JZ7dJVa-jGY$D9-K3zc}Uc5f~KIXe*v
zjv;GkhS<fV?95&Jdd*T=Q%1qC^1+EnU~V0UBBMvyj*AK&6+Za@q>dQiF_clgtw#f<
zVxbZ8A`Rb=8m4unL=rAD(t(fHkzUNLNak55-!a#bj>%N-<tEJM*N1xmH9In2_|USA
zwhKY;y5nCEj=Q{fmj)C<CZcRLXmdTA6%<*#PvWNt2tQxzf5JY2`wE?<TX{R+5cW-~
zmW7HWrd(qREK1@2B&$eUi6!{n%T|#IC{miZYB9655m}P}ORDLjVriDM1l$XcGnn2P
zd6e#!E=MP+oB;#n30ALsitUo@qK{c6h#QH>*6N&6{(qsYpsc2q5RrK4B^eA|zl+dv
z+B54gk|Ibm6F>zacrz!K294zO%Vks~JY7u>;d;a8vv!B*`h@&rDmFcvV&2dtvI_1B
z*WuO_bh)dA&|JVs(e-GZDP)!IvkkIQj!A;b^V`lnEG^`s;<?gGWhZ2MM^~fs`nusX
z%{1=u=os|%%$MftTgJ}=W1(?2VIy->%L`h|Fj5i6uq;puIWiwV_U`vHQO8D`flVd*
zwYgk`5!;b9%fY$bHGq4S{gg~=mdHyVKu(r#rt=j!0MXzpke5O#;eXs+d4$edZE1W;
zCpo{4XOeme*#M~v4=NR`AR=ukOldjC)`j^*J6j54@)D+hwMWy!KUVP`OM~*e$IPax
zA3*tqpa!d!t8QkXdC60OJjT5d1H0($a-W?aO5OrR0QmJ`ca{Nyi>~so<m!o#mTHEf
zH<)O}y)nl<o)ITUV1Z487)Ws*D)`&exJO4>rH7NLGPskFLX%cW!=C7&h*(E$t55Oi
zu@HLuE$VW;31Q#9(9@|s(PCjo#?bVUB~vksR1&9~4N+l@&Sd5QmoF4~upAN!YGCo2
zF_n_*d?uXIKI63O*7lVSMaZw}E?TmDRJZWLFW*=&SQ-?E;GP$G*!(!+)}cAB$Y>|~
z6$?|0{l)5l;bCK;$JI)x_)8fOd7%Lji5{ChLU1>G9#B1dTk&-zd3Mr>h_dAwY@jt8
z2i=Qzo}7S~m+o&!!8@H9Db|0!wiJio@bJ3CC}>Cx*Q$j~(5Dm#J7INs?)4qJOZ=!T
zsHdw>DKWzkeGps}JS!KdBwNW;!K<5?kVX$oM4_0`t|`MT#V_E0mUpaHo6CZ;x;iMt
z`q4@kEfzE(^RX9PwwBQB!nh>BeGyy3aFUj{7)mUZ@2j0DR$WJ-|1|DIg(0Z;I^}=n
z2vV*|K`m;jIFRr+#J_SoB=ROWfV!={4+hFl?|dQ^-LHjgs6HHaXujxM9lEwx2Aova
zFo`2Pj1zF7H4crDdul*j;nBRykyhCfQ}B-I1|qW6Q3n@h-o%-+m0hf9R^JE=>PADs
z$h0`ECYGzT065EE;YP`;DxL9EP1dCbLW(y$4+R?`T$4VXYVSc-!9+a5LN!o|^72VG
zyE~zv!3j(DSsfHr>6KO6GVtC`+sx4!<~DJoYP!0kR{alCrK}vUn>22Tad)wGvHm+N
zBk(-CcC-Txg$L;B@H4V9_QN3Rrw(exx*D?K+eN41)(l2ZSDUsAx$G$U(3}ZYDpivA
zSpWoci8rO6v^Obf@HDMyreb=-ea|K3KQj<f{c;j0O0~3?e^Oz4gKej0GXoDfcOZui
z$#9QHcE0E<dJh|K<dm9JdpdxA56|oeJKJ9Y{zX|Rx7Ki_yo+X*YG_W+*D<1AFX!Hl
zT=cj5OKK7Sw1Jr`7<2283cV<OB3Q(;?axCD?M(^W?0Eu>>>Au%J2bMgbSz94N3+v#
zJ}R#)E3+~*h+LPU?6$|9&=fjUoRLgL)dkN~5-6hRuB2M28xBB$7wczwP-Z%lxR!}2
z^}m<l?XPNUbGZ|l^3S`&_7Fd>I=|7d)o5FZKEnJyK)_sgX3UCQ55@mpnFC=M+3;eF
z+0DjT<(HvUXE@LX*pFEdrA62WQ2BMa?LjQnIS<~=>HSm(VUDyzDD=pvS9GQC2D;sh
zAQ96LI#*HRXM<AJcS)76HB!kch%FLzWnl9MzI6S3x&M>?hDqgnF}1j|=qILk2T*Gi
z?7e37n_|0Q)e1q*@1<xC;!2}ML^e9`B+eVPe^L|ESq~nq{D;Um<CA6?kKK<xea~8H
ze?Z?G$6Be*lujbdYfWtnl(l=iuJ6L4g#Fa4{nMR=b@q(%<_%ND_S(tvMo?I=&a_dJ
zNYeHwvwClDnNqyMUXkY!V8->R1uGJ-9kMs6`*{hjl*6@B_-A7Ef(!LVOEV#aKstiv
z({LpqtGzYAnLaJu&4md!>)qa0cm4BtD)=C*Qu*xxJ*1|F!=?5WW#%q80N8y7yv$ht
z9Y*JUpjUv}<(wE_2)EM_RPSZI_wGzXk7#nY{#2tI$8c{{7RH*rY7oBXb;tc*=5_!&
z|Bt2nxoBKpVeYr%Wv?H8X8H;oN#MRMmP}an_T4focT}p8-N{muD7rW=g;pw@`b&q@
z=N>y~t~t6n?+?`m1T9KWFYj2~`a|@7mU!FaqR^Ss*Hm8SIj|u3b#VZxkcyCn{uy`B
zzVu@7S`PdeW7m1JUx57QOD{9LGrnFmo9-Eer`gD==eSyuMmlv0?cg_XSlz|4cKy@m
zL!IM4rez1n6}<^efWaI6dYp-OPluB$xAYws>=jKEuj{n{<!L@(a5(r~m{3$R@y@Sl
zF9zpZ1o8~Z%T*6zzUL6TJ>H+2sY`tu5{k-6egD6pu<K^Dmj|}nRyn1)=pa&hiarrV
zdFydSOTkzndFF`dHu+rKZ*wV$HOr(|ao{1ut+vCI{F7N;Q>*+I+@z++2#6^BSv!^l
z<cMHcYB*ghugCIo$buN3z91*H%id)69@Qbzr9nyeGQ)HKhF3XUE~RfH;6Is{h{i0q
zp9;n$nYSxqw~V+MsNcQnb3GkaXx$7hfT#0guWC<MceeW+DLlAZ!nmGoAGj4qa>Q`C
zgPG-a{_q?<ce*K!#4>uLt-2=`g*wDt8Z!*KpJ8uD%=mp%3uLxd@KM*{qOIAw>@F;I
zo=ZJxc##Pmd)BCre7`@16>=><RE+`w+dDvgdx8I)N9gCqJ1vFq(-;n0YJs36X)Gs5
zH|DXmN<icrC-YM(3!m_vzJu?4L-qVD=<gNczcOHhVmk<$s~2&wHcA`s?%F=mUG%&8
zIivD@6xSZ?CIEV$K<5sq_kQW}oE3;4lxW`!Ipy4ubRBH{#P)tgspmJUQxhnD?nX{{
zfacu4LOZw{AhhmuB6qr8iOI{;w=^2_Uf#_N6G%cQ0<YR%3)}z1s5f2$1tR6)EmrXc
z7Hou&Q21g<DuAb=J-D#Cc-mB3jV(b$nhgcR)t-BYf2Qf(QiH#(SX54i=W$TP!3fJ)
zqjm&VAffna$O@5+b=Op#qUP+|3$_OciC#_Up(;TK_I~Pe40ta_@qZq~WTnN@9)RnA
z;Cug=_YR5kzeYeQ&ZZ-vnk9j%jT-FU>YiTRjJWy9;C>w0?Gi)`yY<}eEY|ZE#QK1^
zT<W?{FXTkJb)5vgZme{JWb0~cz#)F_n&-rJpDHfahm{+@7_8**o}OI~Jj+(z)s^-X
z6c`uMa5T>Wzc6qXx_?4{Bk`N+SUjztRpoWn<3@IMwiI+Ew7uUK>Up8*e7$EjPCn8o
zW>z*^gPcsise3;SxY--NZB!FeEKi^I&G+$7S2L%kE6{HigPcKgKlcY`#O^;3B_yT0
z=(^^}C5Aj*u<fp_=vkY7heP8>bY6F3g2P?)`T5=VVi<udmBa8!wtP*N@<I1@Tzl$#
z7t8M+`Ms^U4_fQRT$%IXr0Tpv=sY&@Gb1^gxDP?&V3?98wS8pTb->d5UPs+7O6P>L
zQm5`UobWU|eit>P+l(wK0)c1{SoklZ%Qr*i2W&@xeNuqq5t9);<3-*RFekuesH+=5
zY*`l%)ySPLt3^V1=+aO?rl{vm%5+ZBs{Dz{4qX%AYUvE)a>aG|V_N)%80SlI-Erf#
zSl@ck%YWy~mg-tGPkFvde~>Qk3+Qqg)Al*BSa0Xfy?tA;V)(&{zMnY4gM!X`A<E$`
z!sVI<SSeuTeEDmN)$Du!W_%%Y-rGuzry`HqE-~e+PBp5-@mGW5{H~#24{Tm`OVvNK
zWan4p%%QPQlF;NYg}st2aO>$o<q5xicXOJnO!xzKk$Ksnc5X`8`1~;BKA(LR`G{~v
zT?llw3+QN~#E;J}uuk7L8M;V;HX@&$lZv%F!Y%bdCaXRg98jS^OZbDAD%BW&z2G}~
zZ$G8>%rJ89mlDt3{)ooWAr$AP=gHQw;o$lb20rFUZEY{0g+Ab+((80w?a%_=kH+DB
zQI47<YLd?j<TO^#mon3HS_;Zw+um_!osnj)%Ps(*8I0f0N_VXNq`0!u>USHKplwrC
z^@`P1RWvwl?M5ScMmvXT$&v4x<+It#`xo50H31v56s-xFC7JAkP(a!2XTVvzq9E5x
z^K;DP3B-8qu#$c~9=m}LngpCs)k#Hc_c2#i!%@Hc{)1i!xz3}+vRfKgiwJJ#MAsjU
zMzDjRK~&rgS=`K`*snFaa$|f|P91B{=J}l1^HqD%k?%C*DY+KnP>(^{`T8#bvZ$76
zxzC%U+>wwt9|k=8V^Eneu&Q<n1+`ed0gIqKw`{2{XL*G5k@Ik$%><+1Y$7)%r#o5F
z>8YeWuk5jQrvmeA+4^dAUCz7>yQp${>(9hfy&&Ez)mSKb^;ETpC#P*XQi)!THw&Vs
z+X&?`7Wl-t$6JD$&!d^U+?y{i0>5}r*_7l{0cq(dxA`u|BGL*>;vjl7X^R^R@l}*+
zpfN*HKm6fD%fxJ=fqT0POU|J+OkHrQyY-zd-KT}#DrjP(ZzysB|B}4n1K7YU1UdhV
zgvn#aXccF<9hD3RV-4~<5s<-lw_~Qi^9wY?G?W>|XNriY3Pn>O)N!zed#A(DgY?X5
z9QTF7&eOR_)FtHQ;O&3CZgzE1V<v$uW|?rkrfPpb)t5ZJAXZgZIjp6Lq~b4^HCYR+
zFs?RLL3icC^ttMJ5?4zrurcMi#(KyB4#Sdy6yXpjbB&5u)YQ}a*|gfFMAAoUb>HqN
z#F#D$yY3h3rsE1+mg8_p-~H1cVP)0^vwViGCBdojtL7IEr0(Y$j!SNSSP|Ff4|cxB
z&;q~=5aCMVmh-bl<{u^}8%<D}P@4LI=e%htw`VE7f4Wba@YTWRq6ppNwNUq7+DHc5
zA}TaCvZFYLX4P^>Gf<uf+TWO^wp-CJJwJmc7u*4t0AgVyb4&k*r-fqw8Ff*dLR|OQ
zkw4?{_``Rf=wANuvfn1A8$hP>W!b)~c`>rLhq+j(Hq3T0+`>FLz?Am^;?_1Dk|<?<
ztyKTQY@Z<f)4R*a@z8YD_8BIgipe?%fsn_zsIjET;(q=KDypxTw8}2aGv~9^H7CFg
zOfjDRD1V|hwRR&vgETc%gh2Yd!K>WY8&_NRNK+5osg#!^<SeDAEyJut1~Zb>I6(X;
z7W(#*LoRsDS-IHo5<JPuWCuV?ug*WkFT9AfPz)#ACn2@-+Tx}>QZwxJbI=<=%$>(h
z-psnNv^MA%<-wI=6Xf{f(^>!0XXt&p<p&<U9rS?rVZpOE5O#oj^GN^}rmWFx1uEco
zG0hD=<GydK@R)M3fO)>Et_K#q6?PTp$uZ4iire#gg}?vP^EI{V@Wa=2Qtc=Fm1FW5
z)I#N?BcL1nk7+QW8nW(6bBp3uvuRLF!9K+-wEQ9K99hfs&W@jwi#!VSXv^k>g_!ON
z8A+dd!T5NoY-Q!1G_f3kuKiHxf@P3c-2UHD?qJl<r_17-xcy2uHv<EMi7hj+B+u(y
zs?lI*G6uH%zB>Om)pE`q163AJ&(Bir?#<2@zH?*d%TJJ<?+^KEqg$^ive_&9jwkz9
z^g)aM7s84Dr_5#B+p*Lq33<B?8n^3}V&J5YKfvF9x#C!Z#zd@ybRYLgbGA&tS$KLb
z<gFQyX&)P;A`FpX*%HXbJM<7jqy71UR`}@ImGG7{GoaEuT`rpH4m*Tc=}t-)e5`bN
z(22i42KImJSn$keE0~^)DHbE8b8aopSBV$vy&V3n{D9N@K4D9s6&br32@Da+;c|0D
zgX_P_{LyHwDKPGRVXfl*5DHZsdg*<o{ru|vf@cEu8+!S95q>>J?ahnj9hD$L#r695
zdSnjXsClQF_S=tgI851?UD}Fxm|l$}7XDyhapayK^SV>_dpa+cSJF{ddB}lpbLCD|
zu>WS!<|p@9u~uyXB@<>d>Qu8uua@onl&8*#o$YR^!y13YOkdOHQDchMXr!m*k4p?z
zDW&j^bq2s~T42h5-ndL=d7tCH#>5SM+H7%YH1=p@x7kQ4a!)geNNIZOGT-5KAG6*G
zt?c>o$Y>lu(#-;4`eUjy>#Agha(Y(F^P6I#QP5TiL;BE{aMvAocQp-by1&dj(R#hQ
z=ui0TnTEjjapY|GQl_&R(5^Mx>0;?oYs_n|ptpHGD|148&z@_UDgAmOV_MO`zrRxd
zC->?Km6t=x2dfay#)T`zR&3b45@x{({i(RcbumZWGRKhD8d?H4w<Y?u%X|j^HnFt}
zTHWW(n&o7&yRxxCh&DT`#LKVI!ki}&02)FSAUV(#^-_KOt%|JxQrt#cGg1MonD|^M
z!VKHV4w|(O1~O9M<egCvHv_5b+dx4=4wEBfKWvk=kR}wKI2V5yTK|jv^*#0b1!Jch
z9w86%H$&rdX67}d1LGYj{Uuc3^+I#H?c+WrXq-HG(eL8i+l{@kY4k7H7ZV|=U0n94
zZNyXbk1JmkB>vjNq|3C#%ruX@Q@ZNb**d{(ImAmo;9(>8-9WD=c+dAgJH?T6e{=t0
z=#{zEv+?!F=W`vO*#v+Um_<6APuam8xzFP$P}%sVW<EC%QMt9#C*#0#5+UNieUw6c
z$Cb&7nxq1aUNa~y%XA`OK%hz3)#Ij13v-r?;EW@k1Qc*TWp)0#;_Zy*8!+o9Qccc+
zyiBu?NZ3ElwKqyKN1~Qa_*PCcaFOanKg_Gu>5M3)3*_JTwq%viQVK~5q~p?Qc)FXu
zyp(CmUkRr<L_`!|W>1Ob@d&^!d7wo?_Q6WQLIH9vwpNkPRV~HINMAG&JxtiAs|WBE
z!Yg>r7w_Q}N>id!!pEL1l^0dP%=$8uxPlIH&MqLuMoOwFa7?*T(b{{+f+LW11h?xg
zxMVgB(q)z%z6|sRB&M;So*VtXyV5>!38Cc?o2kaI-gL9NoGwkhi)Q(H>`M551M9rK
z#wR|xMaAaA4rzSb2~ld^yB_ulP8$BU*EHYFu%h$~U!CRIG^W>dOkznT5o5A~=H1^3
zFF*Uhl?s>=ATB8Pb2%ZxjC`Bau;+@%b-mXqN|K1)Ee}~H$ju1=<9eYyMcS4NTh?3!
zd8V{qgiXt^YthEkb(f8;wzH&r*}uJHPO(Slow|!3NMsUF(6!Ek>BSaPpq8xnFx?Ee
zfzEUE005>?=p4B4dSRtGb+~9}KY)pud`(?glxVou0+(PJ(6l=WJ6)+-*D0>+>@0Q<
zx2{J7H&AiExfF?bZ6;ckmQc{SX~<tcVGB#e^&I?~7>C<b9}4Nex4EU5e`xAQu7T}A
zm&q?@y93#7Z6J#BTu1u!^uD80Am6)gB+?#_<~lPK*#8b@l9;(8@(U0@|NWAFe8GQJ
z=IVzvy^|ze#Q=Vs6!7Cw8Oam5HfIfU?ey<h?#bO53GE4MKz)yB#5N-FQJiGOmVrde
z*G?51pqc3)5OoM?CDgBkrO>WrDG98}EUwN^F1^~Y{!dBO#l4OjEQh6eeH1A#W+@CM
z{(+8X_Uh~g+B(S_kjK(!Qgx3c8^Shva%2=YzLQNcQz&$N=yB8^X9^e7u!n(-m9QTo
zfujLFw*8$i=8lXH)|P}k^9AzI>$0F7FZ|prOz;T1B7t0@jScYz-sg3`=}CBzbb*~v
zScgwl^~zEjK_xYwEtt{BydOn~&KhcV-lw#@Q*A)63d;7%$p;Y-N9tGO5$oB#FwQqa
z{dR2F4mKOj*7-S|S`P925d(9o_Ag7m`(rA%VO!CYps}PfX9ynwN~X(U86%)!5`T&1
zL?Co8Cd>?^<eT%g=7y`K%bVi;W)^~=NHhc??Hh!G-UF-iaDW%(my(yN$tm!)R`U&3
zBI2k(AC&E+g~~$rw%TsZf#04+itRTE2%UbQA{i**r2(bN`W&0?AI~JWIs_j?{3j~#
zYxqpmGxhy&p&Y5bmRg}J6|+0o6l*^ZSN@T|E)b+kV%G<a^R<a%!$TJD6!+(*YAvdK
zB`M%6Jl9(8-k;5@VVf=N*?Xs=upV=}=VZbf)9v-RnBWJiAa$^(Qu80sf)*n!Q+K};
z#AV_w8EOVXkq}S-%BjhSDlEDz@}E<#c*biR_Mikp>)V6mQ3$8{if#^>pB(-BgzOP;
zxj=cBA@D;h;Z<FfCk~+=we1<VP^*jfYIWFt7o)&r*Zvs+_SUQxdUFbD>An7p=jWeu
zzLGyMB<6>^KiQmt{!CZmpT#IMPhT<7h+D{S@x~G~WF?}A*)NCPAf3_Yo9DJ&b$xE$
zTaqp0IZ7kblB(sLnYPpAhX#(zt1AxPR0q01L}@O{$U0{vpdbh9dd4sSD?>`+vimw!
z9CzUYy<|`pV#Z!1nS&9bdVH_jMp62r?p79xO=2WnWIsT%q#WxiL6jBODk{?L(D^Qv
z9aQqKWw2QqvIZW%?t&|ef-u$ecu+5&#Cfy7QCJLGZ#`d6j{D?jZ8qd;v(KcO5kq7L
zMnq=iK@UYL9D3iO+iOP5zZI6v*VD@gN!$(H(pqFz*LfNj-)p=7i@j2+^9s8_0Zo6i
zR4em9<p=vUNiU(mmXK!=HKH2tc)(JkP`hYZiWww#56;n(Z{;dwoPf3G07*<i!;pZI
z>Ef<{c|M1ErfIji_%WLvv~wlYk4W?N9JaM^sj*-CMO5^d)pNv1sBp7wcX&^C>N{46
zk}847os7*~*qUWh<^A^1qH&vgrc*p}REtJOhZ@1Zt(E5Yt;jyx?X*!g`T4vc1X4&z
zb`V4wu2kDUHXU==@!rah2H89`K-#-aBH-#9xSutuv#&5>&3faBJeBK)o)h5e@-@x-
zyNkrUA`f-!La*nO(Ezh|G${dvSU;H!17Mcm+_c4k9iK~s^485ZmGM=1h4W{J{j>!t
zQ1wP<9c)$B*kUCHWx)t_Jq=qfk}C0Xfta``Siko7sCnso#=#JJJccc+z;WY5Y%l{8
zTe^!iRsR&bV`x2Wy~Hc!w_4?XCdZ>%FaA%tZ1oc}B{Uz8+R$=rsVg^?V@N!~J(*HG
zWNQf0_(<CS^keZDEw4U1OF<uzGv7=dbH=%V-R?F?W(#Car#Gugz81Ri>Nv+OsCw2B
zi!9sxxWka=`Qk__tS0a}PA>&b#ca{*y`wg<Gifwpd?Go0zSygFG_IZIYj1|D7fJ*&
zGY|nh4NwKsD!92aiLdPXOO)2Urn9q!kmIH%2U{p5dWNq~jWHe5E{*dy^+eFuCDg6A
z0Vo}l2jP3A3Y;zN@GRAeC(MkYb2#~i{8)vlp*rObha-p>P|ps<VT|lxg)+rMJv6NF
z?jAwHF|BmN8Q8FT8(FW!&vYy3%1lTBJCUVC|0!vK;vWQ6HJyJC&=`!B@AXk5cT~ou
z^I@-kA~WL~NYs4@A)B2SE9A52RK)JLXzs#aoV!MBfI*JDSVIDc22S;HmNJ5lGEem+
zf=;&BqjwSEo3Pmp#DTmB*#UIZ|20sfl2E<gq^N22kp`UJ0xTktH5#))l_=BvkF8We
zr;8$6&X|sMs(haljlvH~ILfEFpuZBU2Zs%*HuiE|;uw++k{nm1gzAAS-A(P=n%Uk|
z6T2v#lAvJ;LG)^XOs6TWw1?v#W>R?`h+@R4ecC*>LFlb|N$;k)@|f&$W?+hPgt#X<
zT+ICj#I#Sfc4`DEkYB0uS7}RO24i!VngUK2pRbO<8spJ0cJ-fAH;;@Z)S8Y%{rwzk
zLZ@cQ{xxo*6Svx#+YRw79$_0n)g8Qo*R5&DB!<XpUq;|}#@_P@5NQyp*!wGMJ=IaU
zBaKWGb-Aa80{g|#BeCZS_8{ijr3hsbBvF+Qu}PkMy<58M8r&rzN$1;-m&^}FZT4of
zr}=e=nEiCL`!e4-i}tGFsv(iFQ8fkkLa(LH@#$i9_4JR4g`KeKb5wsdMGHf_FP6w&
zFjew}PS|{7<+T*c3<x)%XvsO{W<W1{Ob$Ji+rS`D6VuXiNX4&qFVrmNl`rRb{AQ%=
z2HS#roo<Nl4-fIePqsj6@QB|237xRLl+gfI<$W3BU`r}1?SYFiws6X;U_VF|ZQzcM
zfE6brg=L&1))yVSSxuO>$8dzzJr2KpY=NUf^*UTbC)MK`xCS+QTOH-(j}Z=aJSz55
zWtAem`t>->b=go`tKX#J!k9Yhed%DGOrCABTtt>c21Tex*nEBys}(g}b>QY3WYoB_
z*|jFSn24xQv3inS<Yn^{n%a+Y$&utfRsYtEQ$U+DRz$_7+FpSg)2IEL)0D`IBelcv
z(`*$sdXCe<dJS@KrdH#+S47Y}m+>Om;!@Q4d_Y1{*L$;#jw=VJ(_Oh=r-4byBcxO&
zwKjUy+nwzn?G`fMwM;}iA}QblYUUmyU{>6H=k_8#A&VWIoB>~}SLj9fkXDtX3#B0J
z)h_xY!W-WJwUBbD%rQbH*4Q&JZ+xA)#_F53zN3}<V)GsP>*Ww?a2GsQs}r?jtV8qo
zowwj#yymAph)6zfvo}*L>#1b=k#-$jj@PNp?vb;Mz=7-=KJ&9m*;kahd&QmzO!vkL
zb;RWmdV;NYmx2WH<W4@WlOSTrCxt67Ukb<cGi-&NY&s@a;P?vFmncxb#N-gO3%#SG
zdA|H;U9gKYe2>}ZoJ%aV$<F~&$u|{WbD%fX9|Rp-D5hFW<;r;OR8>>`YaPy&lzix&
zT(%Q4GRtJ`2<g8M7qzkJ!R87?A|N27EzdFJYwf{QM3G+>W#)%=2XyiS(F=Qm-@2Mw
z-nJWUzW#*H@p&At&;^K1MH#p+cvu1s<qa8-Hzp#g4vl&DW8+JCV26~CC3)*=pewbT
zq`*h&=1@t~S^T}qf-$Aby1b2`0>LqybBgUNwQn8Ic5emq)7(S@j}dhkf`pGgguU(O
zE0j|FNu&vgcZ{YE^Scf_ftZS%GEZ1e#G~zxVdDZXp0eC?*SuwQ=M?C?>jB!4C{@;E
zMC2{7hXm{mhs|6U$|6jEPkkd*Wz^}R#K!FJCP^2Et8!%kQ{nnaI|UQT1#FW|o9iX7
zQ6;+H=NpIc&xj0KzJw&zeIUO9SKxgrDQein%DN9X!=!oJ$cnhoQF5fCsB6|+cHNkf
zM{|iO1No<XA4>M*HEg!tuUJwT?meeXOPt>(9N84!D<$m%l;kTutK&Y1SN{GYi^)nE
z5U5Mm_EX=%&N7Z9<SYOU4tuz)2AXpISXT?;QqU%zwY4S%%lM500Br1FX8`rKHX$bR
zdT%PdxDd!h>3L|G`L+eyO@;Dp7yi%fxOs~Lr-VbyC8+O{AsoT`cr&Jw2$2=^_yv58
z^r}^)`0kNP@DR;azGE}jJoCS3(_>BO`LJ)#J8F#wu^+@Kp{?f;Mj@^ib6Weoi?v}Z
zFiC!^LPtw0u#}ncE0ak<yklsomp^--%M-2ZtEaxZEBL1PCn6QrtheF4X%b4GF4r{+
z$sWwM=Yrol*l3@s`|P<+EQszl>t;dgOml*7hR=7@`~rzYf!-*DkFOAs45|TEwLVK{
zebhZrMWH-{0F8mv<}17M&N#JiOPGIwTY+<ZeN97)pMM-%ewtRklj;3(KEFzHJPJQQ
z2JgZg8idU~;dWrXk5mP;;bC?5UT1_^0CD%D-hJ&PhKk0Mvo(*5EKsV<=D$0bemfz=
zs}ZLAcj<6DKT&o?a}BVu?_hu@shfnj?CEb~*i|HM8>;&n`9Vy?c)<aWQO^&;R!8_>
ztn!+h=S!=C&K@Ij^G<)u+e<-QGvmqu>b{i!g|%>H4>(<avrqn^1{OU3D7E;BD*#Q>
zN9Sz<d%raca6?8urrZIHAdyYCm58V=jNwa)KG7t>!Q5~2Gbd?lJKPDzIUYQos8mih
ziVA|5V%x8Y0|hoH%u<~tWcMA}nd6@Tto1^=ANR)RMSH*jO;UgQ@RUe~=fS1a2)})i
zIUb<*>jHytoaHG>Grycmpc@bp8s(|RQ6=0`mssw;Mo%M%yyhh{etr5U73yWHb)Q$*
zWs8jRnBW<TIASMzMYfzglKs8DiXj`<5fqdZ@%-G70z^ZoK?)quM^X7G4R-0{<4VXI
z4WKct_{ggP0x9b^k;69#Ajl?BnF$ClKh5&5;j-RGS!RipRy`FlJckjI5dy~bT)t?!
zE_5*L9xF68mx?YDt)x@UPnM8UeY_l#A$WnBpa%rX`eXl<x6VK4nhs;kfU*+sm2F#+
zO)uaN@Y~O1d+S;&gyjq-68TG+3(RqKmaG-G1(8cfnnJGB46)9b&UmXc+LDp0QzRar
zWV(|{kdO%tBdnf8MZ^~PbTP}?3vc~YGeQC#-k=c(1b_pH$_hCOl&G1{oB@GAAQ)2P
zZISxxRw5{$1K4^c1jhna!*3L_8&i@cBK64xzMHRviIDbH@z*j5U<jz>iAaek*WnUJ
zW2u^5y(|W(qR4+=l7<!o85zXYq$8;V{>vJRgc-_cILoA(6o>})(4?y}N)%P5wQP@8
z5K|ykFVzg2s`fIo*Q^(=x?E=?Uk-`L8d_`!ZQ$?vZQ$3I<6C))9%ya7%B0i|XZ`|2
zMg2+_r-Yp1_lzEA{R?Ue6fFiQ&<yGo>=+Q|?4ik22lDwF%7FP9?R{Nb>>f|qrK8^#
zgD#O!65%C-gGHz**01N5<&yy0f_`1P)7*1>PqA?&9T6jnmu&iTVxA2x-Xh$PC@wy1
zUE6Jkuz<pUyIIupydV~VOj?-_Aja@T6p`Ef0*L~%mm|5SuE!@U3SG4BHLWgrH63t_
z0pFqqXhB4_^P;$p*hXkz52JW*K6WP;H5qo&e;)d@k{rf&^#>q_T)ZSTBGZab()<-^
z36NJb7>x@~j5J^hTUH>leqAwwx@CvkZ=~Y?$w68UUR{E6s&Aw(m=c~BUPe(>VT}JM
zLsp4z>_koK*;0)!-=vCSRmwOfl{CX>W$eR1lQsa(v9{Y0_nw1X8wCbJ`l~nO6h&vj
zT0o4jpON!{yZFRZD7d55_t=_|MW<C#Qvo`H%hRI{@V((-tJ(r2l!V=wB6DE_mu{72
zX~zJ7v2H3mSr0jDZvVy60{+N2Mo=RF9&SXA1xrm80V-u`s+-nROqBr=ky(qk=uYR;
zxg2wq<DRmd0{(x&tZvR>NKRdO*YW?iy0MJ;8AL<K-qW_{Lh>#=>eR{}@m#CX=djA;
z@-w0;P5*1o1NjTWs8YV^zo2~#Ok2q$*RXUB+b+pJ?^iu>Sw>$|kAP`lExcc%^4`-`
z#HStMb|J#{?O(un!$T}4M(Pn}0_fyGI2WuUNhf$YUZxfOL&ACqK{edVE?p#as40og
zlb^-_0D)M71l(wG%jj5AxaTR-i>5wfk1=dThv2zO2Sk##2(?~RwaFiMPYAdc3W8eS
z5!E(`9Ip@g`v!!P3zDfL)S7{4=oZ_p{Gxs<M!#o7ZlRNa<`mS^sYVzi89D+6O8#{=
z1n=c~XQ?_Ap(g2FHOz@9S>8iP=H^HYS$Ats!;XQL3WoKCCjYw{2*<8W9OD?82qV^O
zF$CvTv_h?tSW9*8VJ@m4G1-%v84wLZu%DjwH_Z4?m|(G)A>cdkSRMMJu1GX_AROs?
zWSBYsf07JWN7qVWzsTcjgHQ5??{~pcDxxz?_!j9eCIiWU$53KPZ!!h~L;>$iTDc+!
z#y@LYpfT$XEF}3C(QxUYTB`g}Q3X5(KTl*t>*xVIbf)RF`aeS`xJQYx5scH+XbTwV
zE?1^z4s6QPGtM#(WD2mR0FIpLCRCEAs#O8gFe$SG_wi2X<5OC``1fAWuyF#zw}?g{
zfIJ)i*Bn3NB!E`HSVDPeT&X%%veAxIg;<|A^e7b|3QF~_iP9HnnqS%O68K{M)82q<
z=Zf-wHX@qWoWi3bD&3M1_}o~Of5(Uci;lk>riv*ftw8#VIUIrrS@2K@yRX680uKAK
zZ2zNtO$s*-ReXJkAt>4kvcHF%i+~O3RYl_dpUBMmZI#sGAXCnOK_Czet_i7-N+V;G
zsK8ASVd2KWAQ*Tb&ok3}`s9BPtW^Z}SM4zc-ji|32O<ne`n?j8cU#?oKrG<;mj!>@
z<k*N}uq>8-tF^J=WPx3wI1_Oox|IKE#V?@Nh1(zM&33ykzTqGw{cnW9DXE#}#>VHJ
zv~NCGZ--Wl66edMq^1ic%ugRU^8cg=m;#n%%ZE2z7oKKckr^I}2p5JBX+g0EP^NFP
z>;_A^tvTY~L<1O~^(fxp{(YZ$mvxPOJ9{dtp@wC|Ti@gSY%D2YIrn5y2niwO4={qw
z!hur$1r1HWhJXv67C%`CWox*%U!6<_2Ed6N3+_l{Z{T(6xvP(_J)m#16SwjQyAOFK
zb}x|CBdfU~dO<C;zN0gk0Wvxv1*jG@uB%Q{^`X<GuSs+7!s+7uEr2w&&lng|N}eVp
zF3XLb?>#*Gb@GjUFUp!fZslJO*dcS1{$=RMGor02tA%Np<=i=(i#!Nz_sye@OdOK7
z`Uul*mw99T8TsI^x9&$YGnd2zwEd=gQpd5l0iX7G-*5J_JMO5j1-<w{(pbhEysvpn
zXzq5vkxEvea}d$2n)$rw)3HKmy8;)G2^v9BKzbTZp6YChpe?TS8p9EuYul~1pn6im
z+<esZB6lomk^wwXm1Fg6eFiAin`BG*+dm&PKT*W{v`8|2jUncIN+$w#J$P0PysFRv
z4}ZxQSiKrVZWF%WRD*-pR1uwQLwsu5qO}%6R1c!0iHZZPRb<8rNLWJ33$^*BO&062
zybk)uk7R5SiT1}+AzNk7&j7G8T2f(sfRo33P|x|%jZjU7SP5g;gBIMs-|G%MYo_IL
zX-r7?DA(}qrY%%glq3XK&@=UnuzG#dJ95!bEeERWQMziDaE9R*d@($)u4Z-n(Dea_
zHUdyf0qDO`Hh$_(3<4CX3Q6&XTfhJC<}~T{sx$U-yaaXHKlCuhHY@2x`7=!T?c(iX
z*H*)9E(o2=SfZw<i<?&F{o}6yu8LCU|70I@&sIlFGQvCE0O7gXQdy^YDF!P}wn3mZ
zCD~~LRoDHnhAA4J%dilx(GZbt^CuQIUUk~V<GGA>x_j8!@>iB$3k}F8k=ts4ec9~A
z#@)Jl{mkyWX)tHtShkapriuz@pmwxixBurw4Qz7axjSYD+HjB)L<+Ssc{$F1ZDl`H
zbWegbi!8Z60sl!#w~8^)m&1#Jk0)g14paWsc{ldBaNGPFe9P&+PVmq5v#4;Z{tuLp
zq~r5Qj10X$NH6Y0kdkJ$86ua<WV=sbM2GKopB(<&#Nm&Ch*D!dK!_@*=E*dUABel$
z=26fXmLsDiAd`Ix&uGM~@HfGy3t=9RP#hQ^jK=3(;$w}Bo<a=&rGzO_l1P&JtxjW{
ztkzeNhRz*wME(OZ%I<Fa>iM|q^<pDl@S_Vd=|P9isE)e?uK83b?tZEQrSl+$l$v*{
z1If3dxR)=Ae%8R$Ruir7ppE29aZoRqw1P4Y7xi2TAbI}Hjh0m<Nx$Bf_x3@z;P-!j
zc_m=ti8@*!tnJa%;O<1ew046X%-M4382nNLCYiwd1wZ4~E0aenXw*Q|{}82Q0Ev`B
zOVHz<@(QB++%+#-*S)62;L;oVHs_>vcmr=O%1J`OmXi)5QrXzqPQ);0q4G2~ByY6+
zb3CesE~{8ZA?er%@}w$mkK3;Waza~Zbe>{JrfHaX)JbO|ITB+6oiT^fh$DMgf-1-)
z!-P~_#PyK@4xU_52F`FP)T!=={3pV0b0^5Fwa!+WGRjDiAdsm8|Mf^b4YMWpnzhgP
zCox^q3M2&8z;3^cXneJ&AR3yjW!E8-+u{0LZRh~9DG3b0Mmvh-qCi8!*nlOfTNqTw
zVTYl|%NmXTtR1gb$Cox#Y#5PLlZOLq*pD<f7<<s%fS@D#O??#_Ci&-9Z?^(oO-;c$
zNo33b4^8soKRlO<H$b;FwX;npo`VA&SrsYby2k@I=%^&_QdxH>TE-FNq*I_gG0&Qt
z>0|<90xgo@5#yM>;$eyA1s>$!;Rx-oCvkkE+0TcNx?>Qssg`JJBIx>q%f*%xIn)k6
z*rI{8=8U)J7$8U&0%U+SV3QSW?;m}B@}0aw3L=YhS?7Q`;W_SpHHh@uFU@vvAioh>
zn%#_K?bTV=^9ue4^PQpN#v5Dh@(Y72@?dp!ApqR&d}v3%0TACyik!~pFeqN<M+XKL
za0ibQlz!%m*B7l91GpZQCh*^M<9_KWj8rfZ?0^2W4`$aTuNY+E>XVrC20cvc;q0(2
zu$M2%6_&=SYF-DWSqUAMRt_d!I;)#6TAim3SvZ|$OcJbcjYw*bLQ8x9c~~w~G=BPo
zF>QMH)*UNd1*}{J?Ux6nPjbwUA^w3zt?wuVe*45AnjIfQvUHPf{_>il8V3B>zcTdR
zTeH6XmTooFmFI4#`YRK0@OFDMtNDpcjxjNZiz{}6TRV8o?H8lM87b2eo!|^<{wzM5
zjyHV$0l(X;6gT*xR6A@?mi@MDXwa?K9Imh?ZoFMV!hG4yi}63D2IY?1-mTvWpG6x$
z!VmAV!7@p+?T+;p5^^DU`sc}*V3v8{>7Z!Oq^>?0fZPmSY#ge<JLS-D0-7>K^u0IW
z3uERqiar4mHaObggDZDr&yYT-(Gv`0{>FJ+t^o6pbA4}kC{21OteMd`YvHG52Ob+u
zjyQi&omecO@Fzqlxqe6@a=cq*xIu2$CeE_IG^ZU9USlV8&l$=sW;1X@thRAy*&4GG
zGal!SxKUsL(Q-thArBP&P*EtM=(cZLmxF~PoOm!y;aW@H&10Mh`7f2qH5a>BLe3JD
zR1wPmwivS7-Tf@4S=ETa3<w?xZgV*R|1)Fe-0ZN+V<;I(U_{hHkPa?kS20cw$=W;B
zw&l+@$TFG<%lF*Wl<#~z;r^*ft1-6{sQp}8Z$}Y=Gt%$K7nLA`7N%s0gCTEBktr1L
zRn!+yixXLhu}q*T7BN($Aw#S<n$Nl%SU<-|5=q&V%Ic*LWkB|%<-mExOOF^2@!SG@
z<N1ev`}P*r;$rk*C5%7l=E|47r}4z+bvV{-Z+Y;A2wxZW@*9@Hp1AHHQ@{}hl#MRi
zk}l~ULk^A6(E|T^%>jPAJM(T|+~!}p52ZG$HkW~UUF}8#eu$*ffX(vKe;gCHsEFDx
zg-t|^$WZ5dU)6oSoYwsZSslo-WJ8;Y_pUDOZ9YK5hI-1;ddwlS7zUMIyuD`|A;;Ma
z+_#rKBIt|=?g$El79}ArY<3G%JS~_uduES7a(uhr5J$3v+U^BKY7}*Vgq+ljJrI`K
z%VB(+4kj)xPXq}WPCa&wj<1WwqK}SBRvLh)b`NR$v(A<0W>fWi8G{59XAGVIPtrho
zgmUyGYBbv1zUYSXb>aNQ(9e>ZX^q2G1TRR%9T+MErQH<d7cRqzKU|Gy(1kZDrdC^Q
zN$Iv#$Y#v+QUk3N?nXG)X5B0vD;ghBf588X+L1xu^Rzf4<$3LRmtCw)0o{*4x7^Qz
z-X)bHljUy0Xsx9Y7t`oHXbe0r#7KpEvvzkW?!sXeO&&aO<c{r0imx&dhMhPs@y8Aj
zNR_6EaiH=spoldmiL;NYvYB6CzD&kBO$G_0V@m4lNn^W##pB145lTPmwzV3P%K(rG
z90&MkxR`_0`AtyAX?kg<)(dTDE-;>pT=#vYiWVa=_9^c54Ub6Mev)SP+%kItGh2Lt
zzOdzlV?j#Hf9P*-57}>T=je^4&GGI`FC?&}IsAm#)x=Uq(K6>1VjHXfNhmdC>m~e0
z(Pn8<?lnjf6X5sk==35|`Rf*#t9Bb_G$WMRTrI0x_vLO!B_*KpMOf`O<55zlJ=7{9
z#S~@Mn>F)ZQ=!tfj&S?Vdzh}VDGgXu`w+%#OX5c)=weLRViKH@B(wPq(}y@dXoCwd
z=+PN7VCVRPyt#rB5?ESZnvA#ZO(~9`B$7Ft$kQcfb^Wn4kf{&)FNj_{M{GrC5(E;C
zs%Xn3%3vc#!7ioo`mTjvj6LoYEh5|sC5V*h%x342MBTRrf1A{)M6`)V<KT^+_Hv2Q
ztOXDI;DRr&FqYv5FRreKTAqu}Vnju4QjI<ww9oe<jWQxYAncL)Sv?dz$ffJCO(NaT
z-zIKr<<mZ^<G))N_#Q5kCG4NAsL6oF#x*OsZ%f&2he0#7p8%sG-x5Rge@+>)x5JiQ
zQf|Rdb|=ZwK47y$umXDaD=%Oau@{xXwl_7g2MECX0`6d*OB*m`POfx>>rv+CP)r^`
zFJ;XbnfRpc2QWPdql5y0&D#A<(t`-4FeYLS3aYIcdH7<3go7ZMH<k4854EV6Ur9k?
z$L=gJQ?qwsV5zy|+m6L8K8AV;p7UFYdAWkYA9>*Eb>1|2ypB>G`qxwQE4yLKg<?ra
zO^51bi2hP1QlJr^%4`KqfAU4&^e*&xB%bfYI!b~heDNZQwsy=aSwvX@O*WE>Wexph
zpv1HrRl7V%J(5xe%a*Wn?nQC@{SgUBcuK!vF{5{0xB<~lepfrSx-4y}e~`Ut_h3c~
zI=Y@-n)7JzbvbI~AR1NC`wjGhIyU9dP|H-|T|7g@ZcHLJfpommwNHmZP6wBJPEe!s
zZiF_y7%vIEREo3_!l*y52{quFP7*VyP&3*TP>+K2FbZ^IU($^751VK#Zn+}{sNMtV
zw3n!!gwa3<&^-yu$+O#>JjfN~^lfwEh^Dt1IOkJF#5hTxVx7C3Hr}tGIuJUq;KNP-
zhTClhzUs0Qe&XASa-sD{=HON7Ek&_XcOcls5F$|)qD0u|D0)OyNQ{MO&+>XB$Kwno
z=yp1^9q6E_XGO`BhwH>%OInS;;Y|G2hWy*YZ0-~)w0Yh^^5iDO-ul3TC~l6ztI&_Q
zUY0ADG*caCpb!l3_Q2AMfvUqrh+n_-ZGoPalibhVuH5g1KLYNEzCRUxR(q-%fa==G
zqbKy+v$bLX+fY+T!PzV1|BjvIT}sAq7VOqaZ&gajoX-04$iB<L9gU4Kmh}ItSJ`6)
z{9-!@Mb+H&pa>#NObl>F3;T;Xz03>|HjZ&1k+v+TnHYcPjX0(QXx!8)zj5-A)gQ%;
zK8G2%yJx-ZIG`uehVn0*FF-yv)g?D^r4|RgOu$s1<{$xky}q~?w(X0Ir1l+-srQFf
zXfTYy(EtOukTVe`amW#o8y>Hpy`~2-Ro@Bw8Qx3*D(sPsW1b{pO$SN)`3vD7ND^l?
zbKon^hdk^K1IjWHneEwxEQ;pB#?s%WueI42-x`{9QPxDUzLme`fuYdlCJ6YK+0)?K
zAKxWUu<c!{W(df{+3B<(o#d=X&FJy^3+}A^%XRPsy78XJLPB}A+j!>f&!b@-Pf^Lx
zrpS?}@GchQ#!f7*l1gt;-6A15W5gjk<H#B};84y(QKUlUkVc0jq#S$5*z1${@NVe~
zs1N^BZ_w*s9g@hfvCuM2H&kGVgDFjvEp6=W9sTSqPJ~<!q^We%LC2@@d{R~E&2RRp
zC_l1y?K1jxY>pvm=CC9EgTMceXWYb(GqKN3#|{4bVI1)DgH=<<V?!{-dJS&D40E&u
zct?<tKa`mJW^gN0AEat^{5iGhss%x^?{pO6nN;&xIv@A^;EzM(d;ZV?ZU;^XQpH%m
z3e%kUZ_)t`amK?0KF2S1+L$Fw&GkEu&xtfX{9uZo=P+IE79QPgkMhJ>oln+-NWeH3
zxwO+Nxqgzo&w~T(^&p$7P3%}2z(#Ruc0^L50q5|Z1kEGb<S)h~NdgfdWnwhRLYMqW
zLcx~?VVogc7Ny=%i$LQax-gKfn)C2NQZym+0$kk)2B<Zh@urF6P{gSC^0m1@09E_C
z?O9Y|3h{xJwWv$zo$wF6H@(m2nVq;A8|=B^c8Qdqf`3fccyPvTO;}^2P{GE!uF=F3
zo)pK>8m%YfRhbB`=Gygc2Y=U&CM1shaV9!xm4*`r4>;0Ft~DO_)x`}?nhMG0dA-%d
zD3}YerQ3u-A?%s<E9w7uUl$?bwa~@N>$affeoO)Qwma>IHT3+LTPK`G5mzt7jWFxn
z7kmHq9LY9(LTSFJChotmNK-&~)S{+;1i3XV=CPy*ou0`Ns>-QPr^Gu)V-r#m{iVwz
zo;0t{G2tDX&6+{%7&{r~s+CPt63aLwNeDM^vcn#3@W45Y_L<2ye5WN$#t|bat;Vy-
z2c@P!?rT}cj9Z6N;mZ|ns)VnW?}f>v^Pm~0>D*I+`e!uCC**zBeo<%XMV|B1hsN{V
zBo{sJ(}U9AkZ>`lx*62J^>VP?6NRYP9`ZzVuOS8<VdUwK!@kvsPrOHm6j01WI7h_*
zsjP`q3{r~;4#B{D3K58Hkpl2|6|uH^1pjB`pZVjSuDYC#C}Pc5l+Eh7kGQF&L8yl_
ziJ)fLlo%_;2nNM7u_clq)trxa^_V`HtG!_OZCe|uDv-$Q0;y(rbulIp3f;jaEaM-|
zxuE8+>{IKw{BF`e%r79|jo&FO!xD7E4IL$t9P=$M%rbMV!rVShw47|A;#Inkj#!5i
zpw6wNv&ja832ldB;0TmxbBNkh<^(BdkADHV29b#oF)5E6Mtrz$pK`zPex94HZ$tFA
z!}k6_N;0K|{ka}C&)JSs*PD%$NE?y|PdoEH>emM<^s0AqXNCLIk#yk84rvCNV1ZG&
zF4Xq?u6?^PXhSh1p-=(qhM3Q1fDE}^27Uej{+!|PYbA10-d7>ij0}3iao0JojrS+D
zvAdk+@}DW=`+^zL%sf6@jb<e$?xNMB(k{hCIlvJ#tX?ZsQ}pwR4Y@$gf}9R_%R!T*
zBLTxpR3EPzIHk^_cWpM+?z=6f98SXgo+&N{u%?>g)KZ=ff$7sn6Bsk05-N_*YViLL
zsz6o0|8qhfCI`u5TTds>Ska5t7zY{-Jf$)R+tG34i&3OT2GHIWM?_x_Eid&0ISUMy
z)96?V@kAV>tc>gbv=dkS;#Pd~_eXHWp5?f6yxl&ws`IVmxeP{fMU0btB(;K7iXt?A
z7=1(6WBf=4ceZRpcExs#7m|oF+`i5>9N2L`ZrY#1UaVkqZ`5EH3D!^8nLKH(ySNS*
zAV7c<27R1Kef*ir@xH5uJ(Hu*XSJ6G+{iET;2Xr8vG|04MM5GaXHK2c(t}?FU28o$
z&r@KkAO%-$a_2;lxf4H}{ZfJQ!ZiN+F5sKjC-A?&jAGZGJT|np;rx}oc*w>C+PXUs
z?rcXk)`CP!8#-D-XyuHzR1RaPkip(`8tGyVkKVi<_YEGwfuV5>C39$x7E!Q|w3U%g
z9YT9+E84;&Ck1bdXQ`FNVu9uO^&1Z12RGb>Z(sd;T=k1v@Wp$gxF@^~q5ghccxn&A
zF}+TlrW8@scTIA9E|Dmbpe!4?8EvBnu=~CPxc$u6qYw_0oJ6s4Wd}+Fhw)2>`|IRd
zpuL;*z0?X_={ef5YP(BgXeCavRJN-E1PE}<c<6=}Jp0T}eDzObp2-pgXMYn8Q|eZ_
zOp|YoZ+@AuYakV;?HU~<cH*{gW}uwq)agzIS<7o2QL0Ug6Q#2@I+y+#Bx6BfV?)S3
z#FokeH}6Q`OIPRctt&Hl%l4JHxU&_HUq;!wl7n6kIy!m~ZEr_sS1(p{_n@Do<soa<
zU|m-Sx)LNIZ81a{-cYKDJp+fV_zENY(b1DYq{ITq4$`3cq3DE$%03#xkM1br3qQLT
zU%GAxmk)12u5%N)a|BO1jpe?rgG4Wf4BJ(?s53(P<_wTd>r7A{%LlJP>hNCtZslcY
zS-lx+`x02)5y!3_cj5cj+=1^6tN}Xv*^ZaeV9t!&Az2Cgr=3G-ZIYl^p?MOtqW}R;
zD7^lWUD!EX#E9NcT#AtX(UNcVN5nj-vIYs^h{L2s5YK+5@CUCj{ZbFktqt%s(g;)8
zEhb#LU705M5DDR>-_GDOzboU8eH=h`jpKQ}A-whcwRpi9oA97z9av66vb?<w=aRUT
z$_0$tKw4z=mC(gHEM(JYiI#Bha4)VKKMQ}#oeIP|7zgWisg}h;BUHwbNIS00Z^4e(
zHlRZXS=q3{WxVXXu<`U%p=2LqOOoG-sEp+@$d<Aw<+9j#;2PXl+=!tEyd0bQ==jJH
z+<N`Z_{dfJ@#C>o$hWU#97}B=XL=$DPncJ)pUo_l>U;qL1UTXFst0yr*T{sWhou84
z(*$Q#Q3(e|NldFCP9bSz<Gn~r(UW6UR?fQ{pmmj;%!6n=iklB+@$DVJyRJ#$l~+db
zxNn5;{Eyy-dv3TLPg~c8w_UIeuYce+&e#(e9M7OsD3DhcY$YX%5;CbQTEbcUEcXEX
zaM}OGwQJwVx~-gN3E+daUNlfg+2D+r)2tZ6uDwa5vITU++tAw<L3c|Soo!+Cx3!|L
zs~6`*cA#`*2X5(n9EQ_j+<eWA`21CO<5PEquqV6?g?K;1R6|~3<*k0@`j}622@oK_
zNshkO2u|sX*}=Od2N4tz5-MfHIju6GS%NdmmUiBgu;^J|pwzTWU!kln7t_4D;?e-J
za^i=Srh=R)De;FlA>0~6g{!S03*T?IgrNabKaUa$p-jSZAX&z>$yNA^->$>@f7*>T
zZ~6|t{_Fc}AZ;(@u&h0fR@O^_<mB+se%v=Wiue6^KMH3&7g)ZTbr@%sm*~pfQi9q@
zJcPIZJc*C}_-_30x?6F>od<E(j)T~@YZvamb2t8Y%U*Q<=@YnPWHm0|zaHQJ(<nZ2
zR~vqp--cwzR-nyWoj8sV5R?D`0vHlej+YvcmmH{6MKH8y9^r^C(QAktAfdNFL|9@S
z%mB$sE5%3)B|-_4)R-R*g!&C4M^^lz*{W7aGzjo^T8<z;`VAS8Ih`-@kFP4fx}reE
zM%>#%5*LxKQpIv8H%iPBhRVr_C7bDwvoQL5ky-OF{LL?7c+zKg;qhNMfH!=77ryzs
zL)dpPjgMY?2p_p)1#a)Th;_s~mUES|Tq<yNwNyt%mUjki`0lPQeEP-+KJfEF{Kr)X
z@qwR?;6JZT;i{W&$Etzf;`7<Z<0sKa;nvU=pnE0Iu0G(k{iO<j(v(i`CpQ9u5+J~F
zh?r)v3xK7eAe4$$iVn6?%0AJ7*AU4`*dru<5lPYc2K}gvNK7lkXyLt{?f1v%U83N%
zEo2IuqTk_(dDrT8kx%sP8I`~6HK4hw&{bhIl91SpSdGGwK`lgDlpqCqJc9YsE5jX}
zsrRkL!SZtaXio?J@eeI{`q#$rmEGHs>^rkk7fWr`q_*ysD%9rUVT{MSF_>711F?13
z6I+YH_<B6D?JndF9l|%do=;N3wlA)0dP42(c!1iE(#kYjvdioVZOh+jcFmx~&eh%z
zobz<f9P~5U0Ro)h(Dp)V1i0-gc6JViZOec&p1}66?{X{x*ncD85YAuQhAt|qJtGAi
z7%R?;XuIc=e;C1Fii3_mptKlJ`DaFfyRTu!byh*ji(=`a*qc2y;<h2=Mq|C+nGSQ{
z_kJPO2A~Kn>_DE(L<*Q$-}Z%ttGFfpkxQ#BC51u%IvXIjGOL2mbs=-PlW1@jS#fTi
z9m`o;Qms9}sgI?TiC_6WzQFw0ISS^7QdSx3>_emCSxi_P8wYm%zS0)roxp|%u}QE#
zmLgP!wZgVu&SvrZ>>0SB<>53tj@pj;kod&Vear{zLj6n=2=a{(mYuGi(HzuaR-6L7
z_)|c7^0yNL1UTWKfo*^t=NoUP;vzv=wgq_32P%W+V!)eWv~w1k;9xqRKR&Fn<w%+X
zw`RLiB8vf)|IlvWC+`Ik-pAvdQdZs@<zISk5-Md^7n*$eA^xDU4*3Qt5tA}4#4o~f
z@BD}biR3uq;h}C+4dQnhDKd<{&A`+CiEV6&zxsWmKxA`xKXA>**v3d&J68jb{69d>
z_iLKR1Ik)5(Nz<Q%I$Fh5k&EcyRT$dVqK`qso$52Gt5S#z7-%qfQ5k(g|dA$axj_4
zaBBYK$hc<oi%3rVP!goABrZ9Avs&@Phz$RD9H0U-JSrNb{G!7+b|}Z&5{m1}!7JKP
z*`ly5qE;$YZ9Qpahi0|sM=WT6VkI^4Rz;A#NKOq|3NZhu*KUqCh)he4$9!nzq?LV4
zXUIBqW`=zt7Ou&P`ic6-RO0$lfB*p&2O<o%eX#(t6v)X;VPr&#%DZZ-L9;ZQm61@G
zP#M}AJ|Y$r+1oSotE<j~$i0KyMJZI8NYK9t6{!jDTWF^@iQ*(H_FWGu+7Qj{%na=;
zKE<oB`8-J!m)uK4cmf1CNuaJOu*)IF{+D1MY44<T%#drjfC4N4RM^u=fB+{G>h*yd
zF+xJMrd1IABB~IU<`dzFRmh5FXGXwC1at;P_92R$N0HFK-g*$+TSFoZW!mXCXtb(i
zB*>e!=_6x0yC8RQ3GZXPwlWR6*Y{gQc67i|ag}JN<#-c?Dbc;cqniK$PDa=na<+eU
z1NBjLW3zD3WJxBCL`45MoKPJfkit{tP_z%N*BJGa_qhflJN+KFRVc+2CM7_C6BbTE
zc`FlBtu%;eggEG%J1Q;_5<xnwR<B8_x{o(TCTc_qQ*QJ{PpyoU7_O6|CyFcNNt6<C
zuRinI#^-jXS6f9|%GTRN35r%_6sCPCltEY*<{!HT2yhZW{Yvd!#6;)3>|mYPO2N8B
z^9VZ4+(V>7ge0emk#Y>9hl=dXHEnq0)@69|S<7+hIm>EfIUapVKh9g%hBdu0PSU7A
zt98n-0-_S&goFr(L}xVA&Uw-Ac8IXJtsDOq3A;swaPTT6=%gMRnL8*9H$hXFT8ftV
z-x$*UgovEz!o-xA)|gLp=-R&7qH`@25gCc>0%f}hP?@XkkT?cdcvyed4f{-<!tpS8
zi)S(52!vKYa%HSomcV&y+VSWutvIzmf%POEn|nf7(N3l2>9@%!V<cV1p0PX*jg|3-
zy*b>lKaHFBrE%-tG_9$`wO?*JvSA<rrh{hBOX)41lMO0=y~T6IdpT}!@ODri(pHXE
zD>U;`6ZcQI{Pzx%G+pzmZz34kY`T=vIU!w&zb2p(XBmBKfyca&x*_Qq2AEf9J8)EQ
z@qCmzv)g-%=VdJa<LoV-;}z=1(x*FqMY2zV=vFz|J?eGi0P_VYRf)E5a$&6N>%!Mw
zu?@d@?Kb@2&sXE^kL|^C&Thj6>ta~ZF%>xxLg;P{<IEKaT)4FbfBon#{O|Ku;y16}
zgzvs;JuW)4ucH67738*n0t7g&p$_3Xg*VgnH*0A#C$*?;{yK}oE;dPY{=`;k7`CFS
znp3Lq`jho3Pwd$&8)HJc<k;oK`S-%GkHZBBaFW7XAXWFM*Oddz2c&$8EOAbd9<aF+
zUwp|r?0(yNJooGtZ0!pnswLt%Kvz3(>8TyK^5tuA`(JOzC1>^^s(o$|6;r4I0vyk9
zZCD@5qZSi+5TDR>I;e};E)m1fwrGeXC#1J+d=e%x(E(SjKH8f&&YTjH(4YE~e(%Q)
z;(DU6MS7}4!!L@w4rFdyQ(pK{rYFp2`!Tlw3k$0ZPXa6&+%PDTa-6;~eSAR*N-G$-
z61J{t#lJjt4SxNa4S3PHzUAsBpl*}a8Iu{{wB<2e@v^n}((~8h(IhRlucz}aK_{F!
z`~yyaMS{vcP7%w{3QCh-%ak{1x(V7&4<r_5=@&n0?Ib#U%eX}*Y&lv&Qln>m8>RXt
zkQ4Sf{f3ag{W!5VifCtV73rDju_Q4piz~pwLG3~19t??#4kP;&32I|LAtfX}kSXFX
zFI<6Ny?Pz~?lC>~$%Lt}V>plhx^@JAarq#g@`ZzV%%>0G5ue<L$9-}q?+@cipE-o*
ze)%BY|EqCavonjL;+X=^JG&iMzj7l!aoKvT=;91bX$llz^UxU{`<Z_ZL>iESvRg!G
zsl>?)AWb(x+s%;eH-d$$_MlG9H0jLD1W}u5qm|l^UudR}yy*i~{&ZQ>3fkA=fb|t%
zNg+5SJ6{lKD3sAjLhzAGm*d6fd7tTSfIsce;$y!X#y4*p!-2tKWjjdgT=q$ALXZ06
z$cW9rI9O_RCQ-tR&g;izjN_pj66kN8poy#a!@dmu{OgDDr@iCsiwegA4KNk#kmerX
zr|+#S?{{wip73`-mSq@V{$b_sKP0O*%YogRZ<>R=cUEL7$gRensyo;A8P04V?~S0Y
zXA^)LG~3mRBu?F{fyW$&pISd&VTWW70M~q$eLN0yt_lvxE+p)bEcwKapR%87oKz>O
zjA8XhvH-^hk%w#vYnCPOg=ep6OioBH{`aO7Uhw4uc*w_h;=g}>2nU9;tR#|>1Qk^a
z!_jB8CHnNX_Ql<^eTJKE5_HS>zI5FoJoVE%ap5O-<3D~qgu~-UwPcFC^267S;Nc(J
zi9hWg3CPKez_QZ$ApL+_>oS&occp#<EF##T^<!xI>Z|yB)72q|5^WK2AesrBSBbg~
zyP%0QsOw7VS8lt;i9G14Hq(q)1OWn^j8JFN5AjGUohl$Ga}6n(TnVRb=)fQUVjG@*
z24{G6aOHhDJob}&@uDy7#8+=Pg0y~=t&OC^e({r)W3L7~&DQ|Vod!_t8->caW!E^~
z{G9`M@W*!HT~`j_`h6KZ;q&|OhHvddF2guPZUS;LGic1nb3n|KJciYI0xS;HZdDoD
zo}swMrr>wz*hQ0YUZpLy661)8#04dCqM4xH{?WFM2`zLkMcX(!lxx4=<G-hydZM!{
z0Ro)VP#@0(1Z7Ska#ASc;iq=vs#k2niZ0LGhYam6{oElu?!WKDFYX?#C^`4Br(=bE
zK#Bo!#&-XqB;NVMLwLxCcHx>k7>~VH*`T_sv$p_~!7|k^-DXBeJjZ}^ibiu#R{>@Y
zYp1&UL{-r=XH@%d_pUR9ID?3Y;!|JpCqmC=rf|(cMf3@K^OWFYjKX_u%i0Q#3#=B-
ze}F}SsxiRAL*;IZC+as^{pW;`hO_9Y0UDxMMo(7)|Nev(SY2mV=k9?5p7fc6`2HUU
zsH0d3nvIE6%=Lh$@I*%999TnSqH)Gm`x>(&C3(6jQCZrLqy@dRE;RV)XZDNiL8YV1
zj{z16EPt&=*jq6i+@0urikhs(`spB@XS<%WY~$=E70AEpU*tnX!-;$LAZL!RxW48@
z?a8))Xjhx3YQAV6VBw)UlLW=T@NjBX=Px}82+CYRukRKk`0k4~;9(mzOPYuu-JQbY
zKfMQ6-+82RHg7(NNi7t<#ZeQFDN0^*VVt_E8((?JCOqS;{>rLapcp4ZWm3@Bd3l}h
zItx$-EOV`5*^dBn@OBd62+zy31VvR=B`CAR1ahMQ6>+V2kTXX@^f190JHHP0+7=M?
zgou|ugYVCm%mOSNT(zoxRP@29xOh<4Qhj*+HK>ZYfPJYogbzPw6&|%kGpULA=pT}J
z@+Wp+=iwwLS*(G@9ON{}D!n8luYS~W{Q7n4@%%Fr_?IViV|5>UXz&%w`p~kYz5pB)
z&jN!5ZbVzZPgAGgG}Dz-XL6?j=vZKNPhw%;%b2Pm(9V9B$0JboNq(kZKQd_P<sUbB
z(6h))oT3lN*+=9k0Tvdj2b+lSDjlfj0E+|b6BP*v%CSO?nhpBW^Sbeh2X%XfM{(`W
z9RB{t`zjCi+c=BZ@|D(nh!eB~KJ=WG_~_I7&@X*UoUuHC*FLo0R#nVh03TRq_SI3A
zjh6Zsu?kOG*dbK!ekM>;mcL^mC-QIo+`CQ%S({dsClMJ<SQI%eWGB(12_K>)zIuJV
ztnDEup8Eg`2W@eOSyxeSn=R0RO9BBwIaZX)=<9C7J09JSR;`ZsaA3HISA1t528MHN
z_!I3G6zXjHm1E8hE<U3RH~r;Cyq;tvTtk-r--Z3yww5!!JlzHz)CZM?&YnzDCYpKW
zSauTktJ1dh7nJ3qK*g>me#|Qp^sjKH3r6<RsMQ@B8R)^cWh1^~TGu(&%8(-^PJHfb
zp|+&{>EQbILcztSRoD{=%9ouln^1w1QLm5JqPC6#Ob->KD>B`C5)hPQ1sm#R59q{$
z*Lh13K0NYM2XOn&bcLKO*2;-G5c^$wTNEFB)&~6S<!f=)8Y#s3`0|U^A=XMQdZH<y
zV}{BjL(y-*)B%;!re$$F=K<Zg>_I(v(57~p0cWgk$L3|6Nl!;oWUtr21JsAwv5D?|
z;!w}b;0$%}Yla_Y^M_S-WTJt}lv_t)s{ZQqdD%%3JF!3hh^7GB$QHJx3s38;v=x>|
zOFW84ZR==EQZ!KJ=BQmUzBqN+!?v`eEx~d)k#vM@w^4^r^|C;{KCU|UyQiB|SG3?+
z=k+uuDXP2a^ufspHB)g!6`SrU0YNzysDtY4$&;6P21oI)R}bOdUBi`+t<4oVY1DBV
zLGDSQ&fL&}pS)}n{_0`V|NhT|)<p2~2eNYo2WD%aI-H^&sf=Ft(0;t}kt=c5$^<Td
z@h0?igz?r#uffaC@2kwXRGzL(byfS3P+6_&N#MOtTL<WSIL@83chAmD*OLi0c#z~t
zTiI{dP(r%;%EjJ_q1YQ&o|vXnooTB@kXe&(VOm&xjzlZZwUCkDSPLN5Ok`MjRdRwG
zDPZ-j0v#Et5b5;?Fa_AgUiQFVT=j|#=<6d{BJo(;(}r)nXgz~rSW2tE&CvbhPwU1D
zAH1SMQY<e%d%yVGm3yu=V>?~e9>wRMw-#IbHHoQM9sgk7^a^;K1cijpK8jhdPU`gW
z%{sTIvuVEa>S>K&OCKkJDj$`bD^FcXPTqCtDxA8KaV_M^*OCXz#`+68h~7L^KcY+|
zC~^~^Iap&0;f+sRH)+`V<K8^p_nXm*UOX0ZqBz8~#l$7*2zI5Y!A}PciZ6S_D*TcP
z?Gbg}ED}cREC{^n!QJTWV(SR{&x}xFoqXx0B;NkNyYZRphwzq1uEC*X9%CXWY6hxH
zm8t4bSDC3AIe4t>h~u>vkQi!9NOh~acCUu(m#F1l{$->#rM7W0L2vBXIUp)_o9R+Y
zA}!v%t}?eD?sK9yX6UBOwyff^GV?_Dwc@wakN?>>O9VdK+cmuPs>C4Yen_cSAxkP-
z3%3DmOIRYsESVk!wvAuyOyk>swiZYgk!PD2apXj8#s%r=iidA#!xOi6SK5xu_}}c+
z#?+={rrE06nz`{BrfYj<FLMgbON?iTBs$-W{yCnYkLk6xb3)lkz0GTbdaLc@Z+Zml
z!Szddp<H+0IR5>LLu?N;^q0BrStqZ4NbgaCH&y#M=^*CLKBJ#|FcM$sauukY^c0j=
zb6}&~u(}m*dDz6Su@z|k{%ek4aB!T;(d*<hg&M5}H7bsk-7!3Pb2}cgr2~)J-p~6E
zY$5wj=wO|e3QbWos5GYK30o8B(@JCw((Ej6yJ8fZ-nY}@@#BGO6I5ziMNtn5FcWA1
zQN6Dt!Mkp6ihQGt|9fE{Zhq@FWZ!cpHmztwFYU_jI|DbqVY6LNTi=PldPFZeIi6nq
zrmeVeTNkc<!#3Rd#w{ql=M230qGeQYAzbmAQ?UDO+wt`mQYmUsIvJq8K#~z&z7^qR
z>k;l<g>dI;pl>xo9lab(SZFOG51g^;V`z4MK#EL+#tHkOy-7o{C464>Dz9JUt}KyX
zqL87Gz3V$AF?FB@eN3c8(b}%5>x&9Q7V@Wfc@fvq`ID;9omP9QBU^Lz*+x?Hq3e<u
zOy%&_r>{qn1D;5O`tZA+ydER(JRP^P4c*0dvUzO>Ui;8qTy|~(|M|Ri*s`h}KYP_C
zw!1C(=AUmfKSTd~I&Ne;Q(GJVm(!VCPP!hk9Dn%BO*r(9Q}Cb9-e?5+voF|){qHyx
zKYiIoEN_chyFQ_y?5Nu8*QZq{jp6U(Ke=}dm%nNwuK7QktS=|n7GHniGF<nTZCKS4
z#lC+y4L7lD554_Vyyq$F@Rp~n!m9QNzVd=KIBhLSbf98AsLb`Io3>F|E~*bor8m0D
zv0vp3FfF7I*sw0y)`@l9l_GRFFj~S7?iM-W!%SCCOwlmlWXSfFKlL1)8QF;6zIGF?
z`-_eE<*QfWy4P;R)l@Ryd&x#T?}1d%C2B@nNv2<kAMr5$_Q!{@dw8Px{?P&+|LJ{r
z-<A6@bSQ-n{Cdc<If{$7tMf=<*Mu3MA(Htr-u#G8T=_TKu(>~i@83LN%e_Coa~$XV
z{T=wpT{&F1u?63I=|(*3%Lj1YJMO?~AGi-cdD%Mr<#!Ka-!SmlcifIMSF|8fj^oU?
z-iq+w-HvxYZY3VNsSA(U5X0j?yC2W}z`g9l6WiU1j1UP#OLqqn-MvV3QTlrkqqLBu
zMElnux}4W#D-r5l3G}W2I+p`ooH(?1Q|IxTpwerhh|Fju#J)Sie&ZMWV44%(v&f5H
zF?apTFH)Q~L#AjJZAzAYje+PYGY{2U-AF`WBpRV~mHXzfvOS8Ie{(Nh@_=q^=}RC*
zlCo-jJKplhPISNZ4xIV6+pu%6fTx|_&HjG~|MlB6{_1nP@X@EOB$+AU*Y~IKtkV<N
zx+;z&CqnQ0<si=d>s#@iJ2Lpk$FIZ(zqk{BI*`Th_hj(Avs<v16QT!fXvOM(z7vo9
z#7<6*Dmgu&V7i)ps#>@8QQOCVaO+{b;d@7L+o3FW4Ce9PC#=T7u>y{yipa7}BuHc)
z{fYZ=&WG>CQ_g6|`>!~R+YaY&@uzm-j@|mP%M-37j~yx!PmXH2DmiIfIRQMdh+>H_
zF51dLyar#oIf>yxHoR$A_#~)P<f%jB?Rd{~*Wj1`XCq$zkPe(hCE_276zck}2rk*4
zz*k?i7FUzGpTChawE~q~ZRcX+-!+iIKmGD30r~bFX*}rT`*6)291ZnL$!%r)*Y!s*
zuDx*|o_7Y7y9U9aIW&y~$FlFSd|&a+{dfuo1g&yJsQ7N!%b7SUZvPmcS(`m9*I(|W
zSw|Fi-Z9F_dk7sQllC)7u`s$@BDi5c?b~QDm^Eeh+q;I*`H#2b!<VkWRsZi4Ti%~a
zk)B8>GoR@kC0jz8C73RUIg1S=9Sw8B)ruHNNR(tG(L?F&LulDD5|&j!pM<1kSwGOT
zjKXVo56KIOeLG1+3q@NwA|xR#BZ@4jOj+)>@}l-HGY8qpj|hlJg?giiJjJ$}+;$Sp
z<y0bP_7;&7!4VRP?p5)U=Aa`Ig9o$t!ENJs3MVr9`HZ!l5e(}5Qkw0Cq<F_*kwl_!
zv|V+^(49!&zpfp|KV5Yg8{T&}?%kC}ngj0ckpkOV7{9nLhrwhSSN!v7`1l{v_~MPD
zwtdvbFs{674B*5@IoLCjM|h_C?RbC@Qq`sEw?6!R{PCZ@AIrKsan&o=;x(7=$Mt)1
z$Z3M<L4E&Tk`{5Fc9vnjSVX8bghVuiR{PC0&tZUu@Q;0j@05FOp9*jkr7|042WPdD
z8}i$Jw6~%`X0m#sfrbkBsps}%=ihF?+a5Lfdn%3am@P5f@cNB-`^8km>R481UZp7w
zOv?ZKc0b<3S<<t=wja;@^nKWOh{`5GJF^dA$ALUPdp*s3=q2Yle|?9y{S!2TX3#;>
zdN@_a&b=9=IGAb=x{ZXRQ(BEZO@l>GYZ(82%>aJ;>a}?E8J)Q0U1#H8e|Z>(NJKPF
zKH{N$xcOijFFdCOk3GK|AO7=A*v-L4_4wpdI`Myhybs&@+Oc_kr?tbA0wf9L4BKaR
zoC9!%*EGsmmPxjZd|Kp%T+oxOj(xD`3)-sD>{NZRmF>8z9f__^wDhk;>+<Dj>0OWT
z@|6g$kgP&@C1o|Ge-#Oihz!e@?$PP3z{Dxq>e1G!^&4JeBqUM+jKVaj3G2i!T3Hd<
zsXEdUwulKqEBn13rB(M$pd}WfRPy$oUmd}#FKDxN^@qFD7$CX$+h=dYB@gVz6HjZy
zzy4wr!?`@3a#|EyR>tx9KOVw6E?R@LS0!-HDh|YKpFOQny!-*Zc+>-W@bRbi;5)aE
zU~7K@g?t*9Z0*GQ?l|r}lEbr4@5Y-hU5Qsds0R;T+j3%ZV-ZVZ4U+m9^!M?6u4JTR
zbw>>6uW8|U&_Xg;As`|o;vn6ej6_N1B&w$vuLEOYyyhXjXlZ8~I$8Q~Q(&Jid*UI2
zw&m~i?kja-GX`})UaZ4WJR|6H)9viM=RBPnK&Q`7QgFud;PowdJsX+MRyq9ao-DpV
zB2eLZDzGM?o}Lfkv~`{M=_}TtmkfJ0c+A!o97+Sfzdu!}Ge?kgWwl*(UkbNtCNDc<
z@4k3gzdh{<JmZWu_`i)Z!dd#yZr3s-)9819GC{NG^e}MOl`IDiEUlb@pL#Ldz~n=X
zqf}UT9?s%GlA~lqWeg0HsN8%Yh5cg%4ChO@V<3Yc{dSOJUL0qwj^Vo98GP_Z2ds?m
z9?s)o8(Q)8KaJu?caPzzr*>eRVZQuZdq^0gc-EO+Hn_ZxgyyE59IWkagA*KTcey06
z?@yJst3s6?(l;y06m7w9kU)uzSR(x;rLXfO(sR;Xy3(o6-s$Xw&TPmyOyUsIDolje
zM1m4WD4syLwF{9p_J!7Vlwu?)tt1s3$Pr`5Zl&ngh}H46*CE29{-I|b<TZsr(bY+n
z#n7#P;8T~9v7G2$R!YAJ(V8=ucAXTQ2(_`>53!An=aEV0al@gEt<c@NH;J#^ks_&x
zV@qEg@40#yyAO=v5J_B$ewK3({p9aQ*<^}1m*hlm<NT7k;*}Tl;`YNCtm}^A-B%Cc
z_jioqM$Y=5enuB=qxrXP9mP#|CGqopNjzj-E3!<|$A34BTMlGw<>rLY3(7;D<JrKD
zN`0xGmu+VGtKm$<gg(x;lO4_4ik?0*@%39q@eAtNy9RQ&hotV-gIVkMHy_AaS?wOl
z<4-jE6YFnXcL+D`&tO~=nUhtwI#~I0oEf;i!riqEYh_<zw^(+1rN`J`ufgfwBl!l_
zg>@h)<rSv@FaA_TX`igf6!G#$t;VOGNwVg{OTV@spTF)%WgV~?h@4PiMxqJ){8bz9
zs5&b$GXcjxT=0?I_~VWd>O^)lf5Z2$s`w#uwuQ4eE4rF#=x>t}t>BOQvUtG1-^cuT
z?c!vFI?Lcr;Cp{pQCxkSfTz8iZD8VxlffM-76EkdoB8jx0-!2UvAXs`<!ALFdkwO7
zu7OZp3aVfk*~)+~juRPLeHcFo{NWoc2a*MCmw3fu<k3Do?+ggts;%k`3ctC5?rnR<
zgS@Ng<xKZl@sKyV;hdK@z7Xs{E1@cs9}UiS_)B#{(QCtY<s?8qbS7)LmFQ2A=2a+?
zqnD$gC!HzlSPq=~<VskzsBL4eO{k4%dqHn}39gN(4atuy6X#xWb8y`I-ZSySFYm=K
zZl=!AmahEBjjjC19sek7g<*umGgDY6$~KSMQHtZ)9h!u&-rIVC(=K9uCr?5qmA_E!
z%PbGI4PDiLRR=0FYm0=tSJ_Hbt|#JF*-T;OKg9C?KFf#wS>+e5l=IP2RyoO{5m=r9
zJg{*+W}_{WR56??;QGB}a%z+_K`D&CeQf_RlM_L@<+ra{&l~NB*HoD5wqE^OV*u_O
z<V^qI#2Le?&M4MvDOjB;!1R#P@+&UEZ|1)jDQThj$*dHXp55Rgdx?~o#Q8Z{$jJnF
z18a%pAOawTr4^H6l8QgYXIk3ouiUX6=Q-8aV67&t!NP<ODbCcgbf4plS#Lt=O*nlc
zBuD!k!xSe-=TN2_3GxhIzhZ4)1g4ncEFr==NU)#9V{McU#M|2u@90FlcR3QvmI1x}
z2rutOcv&|>{apz4tpK`L0-fEJt)sRM)+Z%OiBQ6xNLed;jo@!Xg4%*3uv)cqZN{|`
zwI#J1HyHZc9o<}YZ_-xj&`NvfM_1>@g{?UKW+&pn+Dw*e%U`ILsb}Z<ugb`kmH*zA
z?}=E3#{#wAL<pg_2*U9=!fjnXf-)Ugp4H{ZlO0rc=dD#?9L28DA_lbUHIp_+y|BDH
zg4bWr{F#&K5a$H!wGZ#2qNT!Z7EE(0SHO;ui8Ho7Dy_3tk~m2x2MDleU<1`5)(~g3
zw(Y@ZT|`#2ByR%-J70+Hw<_w4bRW_3uk7ho#72VxCj}MaLU$#)DN;0B&eN^zv>KB4
zB+KU%%`<c>8JFZxB#FtUa>(WK6vjk?lOvJWA<1lkfk(>FZ(fDt9h3w@tt9##QN&1M
zV(lG>b+#ea-Hlj}u5BbPlrBzs+Id~5!|AON{Ml!B;Scwdgw+nZCmUGR6UMlODE|Nz
za55c<MbNdTA8q}8<nYT#@=5f&nk6WzJh^moQbRMbIJWh;k2qCu-;pAQ#yLBiY89#$
zg%X~6MjuvpO<kzJ+n2?kfBg`i_QeDE$=!@&8a(%O?+qNy8k<F?fCDwJBkQo&vUY}3
zyBZT9z(PXJk0bzj4*W(U*azHFyNHI!ihY^Yld8g^Wx;bVvE>n(h15@ZufwTwuRd!l
zBn-&De?rlj1d*1q0%rnT*djSHVt+w_LV{v$Gx9@sI;4@UxG7}wlr;HI86|~p!IUW>
z6e3Yd7=>5|3i>cuTRS4{U1;g*L0nr5wi>hmAW1pt$%zB2tttT)6xPMre=2i;QKXZ@
zNT-wR#j=q!i(s&#vJ0VYB0s@Enu<q+U?z>574ow4I=qMa_{{H9xZu6_;B&t@i0|Dn
zfG2+V9z6YXdoaxS8ev0!6r1}v8*7%JNI~=ej?u~F=M?wJ<^UDwP^P`j!I|!y2<vG{
z3TOPY5&MEGJI7p!-jvZV%nI)HUG3$UsmXM(4k_M~9O%Go)n0BXYS+4Iu$SJlSBXVZ
zWGJFC&MO^jB}N^<mfY3YX)pKM5)vWG(@#MpM_Wk>oNkQNP%JLbkG74poFd|qqM5c%
zL|PbxZ8_zNDATMg-ebb&VwzDY{UkEQ95M_$r!UOf_gSKoMc;6lAZ(9KNj<+3#nY_N
z{d7_{?s_7(4WwSUlcZkyjzt)zwF^RZs{`?~if5*2^t+z}saKvR)0DZ|!33e1dj(zx
z&h<?!NzuE?u9|*bwbCv-g~fXlUwCrk!mUj+%eutLLMD}Bmn)#8FGTB=eRVUeIK6E3
zqCTenDd^deYF+J_e{>dM*>>Qvj|1ruvp)I2G8l@W{Lxdr=L+6`Z4!U|-QB!Xsk(xk
z1|xYSKX?w>Sa0=k$3Ov(`S?y8($<Tc<%o1-OZca!t;henu>RK2P`ZSRKDh@s?i!<l
zZ*q2&E#gHFS&lD0f2C(o!Mm;;z&pQxpfb}s8KDm34#~zzOj=mxTOQ87peg-afZ<QY
zYGvj6=CoBQN9y!!Bf8~f_E3E@LKkndVVU~|4cd<hc~RhX%0X_V=yD_n2kxj08V>Rz
z=P|!u?_NYjew%5sA{UB7ex*Paj>Rj>8Yp;kN6V<Er0vyI!sSPGrScbauvUjI<-}HE
zbR(f(i-Y$Tr*ki10Qx+C=NcM|P<fCO*~_2qm1PYa_7z;-%aH#y4#~<)`0N&%Duhd`
zN#>Z)RisYl6%&L1-Z`}!y0bSYc(1pXlr$BAj2$d3GIa1+>Q=$Ha*}~aWi>rM$gMwI
z7kxEtdQf>1B8hc^m;e`+uGRQ`ux&r~=iz<4(t+x>XDjbX995V8GMN@ijBBUV+jY;G
zFifSz4qmgas|l=ut7~0V-nuHd2F|PYewcq(FM1GL_Mk_rF5YPMP+8}_hL|#mM1ua>
zTB7J;_s|%%jPn*9vq`bc?>Lmkkx`L+TC(gyxlug)>~#n;oZEH}U`#8Qp;i{15*4>E
ztXJYvS$l2X&Rg+WeNg%|$@2HNA34D)5)@T{3c#N^S{l^a&71~B2Dt1L5|sZA2uck>
z`41A5H_w=$aK`lEbFI?r;mbEB@xrfoVfq_-zKB!ScH+)AZuAT$Vw42tNuNJ}-`veQ
zYW5Xj5|kHTupD1_UO-SLz)w(Gx>yzLD04<m)X7>X4H|%|P2!Z(lvSXx<VfME&Uvvx
zj52F5EE|k@+f+D;mub*%;7sK~X`7H2xpn2>`KzX%Hz5*3y~68<oXL%i1-`h<yp4W+
zX464~w0Tszy}GFCy&72f{3CmFAorT_dGX1}yRG>59`yEx-TK@K_A0V>Z((S_(!DC3
zkUM|YbuTmX&p+;22@)A%SoWx(cq0x|jn}17S9`0-Jy$L^4#-#m$jp+U2N^0Lkpf;d
zTh=%yE2|@lpte#?k09db<<I4@3VEV9zkcYPk$c5jX_5$XYXcf@?BKp4(#jUE&dpSC
zUTUE<YY-2!ohjOKlHtiQMRl#)rlAPDNJKWRop^BZ>$jr>3wu(*9EG{9xk{8?KV14O
zAC=pqhJ?LEBq4OjTV>@BgH~}8u{iroEYXT~Ho<TrgpODUJsfv>n1@vicRP!xGf~C>
z3CfS|PvNHBDP-~;2xrrXjO@Z|pYuR;vaNjg#+}$x>_morw^(XHR@<Rk4OM=tTd;(Z
zXxpZ|(W>DDa!b&tk{w@Os_?>?Y*){5fZ3uh!S>Li6V3J7FB{nEPJhdv4AXDw$Ww$L
zV3x2ggSimaPgz?O65ZEvBZVSG=f3gLP~^WR40~<)Sj3xQ>%KZtOd)b>uK`aZQvUYV
z3`P3H%&Ej`-DrEn(!l}4^bTjVCbf-P&z|T~=AfkkR3dLm-c-<_XF`YaFUX&hNuVPU
zCmY1n(O7>WiPA<W42k*o9$Z*1E}5Hm#;MnOB^I8S$1oEg77?Zb(6V}w{awrFy6UUZ
zc|FUV_IU~Y>$T)u9_3t!#aR)1GfCG1-H5Gl5J-@8#}i$M$GZ`4p|pCUukrSGBh=Ro
zbW{2{BI!r%x=GBtcyB))&_TsSvrdN9PSIy-wc;SLttrOCOXZs|tkVed5Y<Y8vch{Q
zJmp_keM3gylJSdH$>Jo6nhdlst~TDc@?Ia?Yh}DGv~S^Hm*608*B*vLaqi8Y;p!Um
z!gEr6roDc(IN`r4O*$-0QTp^oiSlGy5T58O!T#`^XvI)hy`i8tdNkvd=()PJK{2-q
zgKn&RboIiPxr<BR*>TqiX{6YP0(~NPX2-BBy)ImqjlPVVplFLU!un&mg!vrq=tNZK
zomj73eO>5X-ifaM4kUWJ5Ne4aLjt0+;3MND>^+>uo<k!zGBAXZbO|}OKYc%_x3dkA
z)&!$q+zh|Oye4QK54E7DdlgnL>&MFeek|{4!}4WaY)%OsvqHGDh)`UFrNAruj^+e9
zFBxW=S0A$TWt3v&8p3jK1%-7|7wR)=T)Gk4Tdpmhj|3|ywOc&DN#d`+H^UW_(LDCQ
z=Nzo+^qy-lk}2acpV*0;bjsen?k6Qy3gc@p+l1$yq1v5{K{lkv{?8uVvS*A9!SgpA
zvPHb`A<OZlV2fuWq%{0nJZ*iznNMNo@dl$gf!a%h@>TVze+pApr8=q?j&5CWx}P=Z
z*_5mII4$Vj7&ptTSyc0+gfcFFf_1BbBFlEX>pG@`%2tVy0@h%mekLyyAWsU^TS;=k
z`O8lCb@QZxreat6{r+mJ#@Pw7v#?#f@?QhLdzX%SX>jgj?(DPzYK|%XaLkR&nE;nQ
z^Fv2^cK*em{OMO1(g~_p^X>~*?wnueUy!|PgQ{9>t7uDr7Ezj;cm63ANRFhRY<8sj
zk%j)~S?*OfE;4~}yR?W53vw<ZWh-W$TbWg&t3X#hyP%CM(m)4$%+kA>9mPTJ&A?@p
zP#I`u?{v059>H@~F{g!li_Af{a&KiR1HWgbix;IskiFafGk0odYSV;^N8!2P{Xtm*
zEU}e~;QZ)n>1TMVAKgoDIsdZPJ@Xm0x7sSt;>Pl2a{`fbP6o8a6A2Y)7P4-(GNKif
z5H`1@aN6>2tZ0uzBmXrAa`^4eaU`?t<e(XZ#&+R#Pd^_Wr96Im_dz7v`%o;#koVe`
zQeRL(6w6lC9NIXPm5@!R?Ja+i=%Onuy*;P&QbOn_K~XBFf*k9Q_UBfUpu8X;D76IT
zGk;9t<zFX3(M)%$Wf4D;1$^^W+wiQj>Jts&=6zY5`+@sdZ>%^4%dp@1ly&%r2Io(N
zy9SCRD7&zKn2b~nq#2|Oc>Uwo;X_aA^$aTbho24LAAb-Kl<J4t`nLejd_Q~GsOMm=
zV4dvvhqT>XLRxZkKk%FX;eA^reEV`M35X_4QpgjUxZ+nwk?3BQ92jfUHHp{=&b|60
z@Aar=->3_@AQhEurOKg4j2gl3M`^DIzjwKF1{2)VtgK8><VI1~rqj|@xiwfY{G*i)
zl}Cu>65?o~*|zNDzg{=@hhym><edXyORQY^<cExCrr%A{RWCE?OmbGMSsH-kL8~}|
zo)w><JlWvt3<&8@i%;%7Qsc9>d&d*11V9hknxP-*V8OYOdvoI;Ly9i8;-@&=-WDN$
z!i2h~omQ!|x+Q|<PmhJ88^56kktc;W!CrxSWZU4G>pYbXe_NhuCuc5x6{^0kqBdr~
z8ALOAR~lU~&aqgdedN!xuri{5^D8r#K|ygVT$y`RfaR~Q#pxLOA_a6M3OI%7KYdw;
zeSvtGu70^Mh3oH6A(`t$B%d~d@~Wpl0G-7QuDt6o2I6hxJ0vLVr<r07@n{Rl5z}PR
zBsjmQ#1&?~L?=~c`k9JsCWDgF>LoE;Nl}wfUi^7GSwR+jI5n{#mbZlvYnBW+P*HsD
z4^t0x=d4NK$UmQsk3D|_{_)b)xa;j_PDxILTMp*2e~5~qS)!!I&&IpHb8`CcI>J^n
z!)%?<(3XRiAl>Vzb0+M(CxYmF&YTO|ApckNINP+er`~*#QdKuJa|g9~8AvPZs*y>{
z_I#F=>k<?EILK1|ytjK4zJD;4l^_1FY#T)m7}q3+KFE(mev~ICE+6vh+&Fh`JIJ<a
zIBeua&P0UtObhu@I;&;mLHGXf9keA>@@DROV?urvmsUSi-r7=Axb~_MCplVf*FohR
z@AYYR31`jaToUO_3Mo#s^sC4z=0D9ybJUNCwld;vCB$3X(b`67??7vJ8``ur(A$P^
zR|~?_H=!1a2$RRPOti{i`C`J#tP9)XlRl%wC~?+(JM9@h+Ucg9W*tnMCQ<q+f)3_Q
zzcr?x4bjT87?ge%!flbb-%8V#h{{uEAM6XJ#v&?Yf<~tI7)_<@8HduKa?*;6$b`~q
zt1ogOkp~UyBGSAn4>A`Case4BWcu`)yS6nnXxnxWBed<B4hpaOkel)&b3JRTtA%OQ
zHkB(MtyC#pdd=O0WuOlW>i4Q_yHE{-qHSWOSHxvPKVVo<rqh0Bis_1yI3(iM+{^*%
zC6Z`GtKQDD2|*=?Djxl|P+VnbD|{rSOlG^~GsdC~lMl5ZTMTR7Yu#dy?c`v(hyzJ|
zFD!`>j-SI!=P)e`wv<!0H)H#|+OVp(9c!1jV|ibD6GM;URDzj+N~TVBun@vI>^#Ck
z^<hg-9DVI<MAj&qL^O;m?j6K6JJt9bqmOOlH4p8=J1*?U_K6D|b@8EVN2pX(=}lG`
zlN@1Z*xc<YEf3?_GWLxyoMwqmfB^Fe*9@(T`P!rgSV^_($*xv3Li<K(xp$C17lyr6
zBDKhY!{&B0R9AQQ=7!?nf;aG{y8YppK`lG*;QTpJ8sw}|_~wR=?DOj)gS^`7)_fFX
zFZk2x!gArcWN1LO^DNA#i`%(Xm^!y&goGY+@4~RWaqu&tJ3W(_70P+!vssRjlvEa3
z%Gd}cnPo8gkexngR}q>p${fPcBBC7lS`v~3$KM#aMI5ayltc_Id~RurAwg1+;Gn5-
zI>Z4vl&AlE7NH_1cEvG-IUvVb#_<q^18^dmrn)NI!e=xVuN)82z-i=%`pp}N836-i
z`gQJs`aB}yW8{Z<j!|^5RLwx+p4vn?#_>9VuvRbZ=MpG7EF9OBk=fQe-RaFAeE`rt
z7RYCvJJDGZ5hI<MX`}mgnsszmgv8Cx)@XE=9i7>>mrZt6KNQuEh=>bYqLmiyl~^8V
zZz6{b+w?vYZgs?4SN{gtInYu|7c5h&cRkyc=}<n)QG5F)OVK|CrBo@1Y_Z58#tUEZ
zvdHAqLT7n|_!MH{hgpurNP=~c;Fb6COWP#FOfs%iCXFGsmqE6b!Bh@I*&GJhPKMaN
zlO)I%UsGt_<%tg#^mTj1>W|{IWzot9*CsTEX~4?LkWv1Z2*n)X=KWdx@|MGFV>75Q
zD!#6^D7Gw9FFuOlObNFgVn+z-KEP6f+M{Vg4FbH_;7QQ{EIu#^awG?)O=VEgrp}*4
z_f8Cogo@h+bNZ3FKd!1f53;i`<(3YNq&V@#+X%9DPU?j(OQl6yGIo_29V$*cOv`xe
z9070Tw^juCQP_g+W$vEM9SyazQsRuLDjYZqo@nbKq?t6OC}Cvs=dvhK{1U;w#+&0n
zmS=HD3Mi8F6nHJ<Nn8pUWH|HB6tl?aAOg)p%tI_DvJx}Wva+)UYr5iC-P?k7eQnsf
zq66C~Tf2Gf>BN@K2sU;^u%V6DwlG$c1gz%$>W&ty>WFf37plA_+fw2TKf?ht!|{Kd
zI(&%bMsh+z5{-@{LP8L=?Wj?Nb+{LF$MzK=8HzBSky3$tAcs<Nj8-gfeV|Wup#~Qz
zBcc@!#>Yqiy}-b+Ak@{0md*~ebdZD?5z%S|b*vrM6%%3MMHrW@5;AVBf~eitPb>Ju
z&evFl)4fkjFRQSbL90-aE{3fwt0J!@KC4c}dWs?(G}BRmO5@>$_qNi)z>E;l-d2%Z
z2dfYb?;C^Fk1SiY=S$4CDqrqs!Apq$NLA@Bf-J`rojI}Qp{gy1QMR-Y%#x)k6enSc
z(0zrt<QQI>Z6KL1V1(^NVp$9@Ly(~S_I_3LQE03Dq3hHTT<>fGV!E*~zIwwTzIY=W
z=rLkHdCtY3IzT<5*5WmW>7ZE|ThaFJR&48?*c^6_<S}3brOB`Y1Xu`EyO?*Q<|)ym
zL<+F##z79GE;+FXX#nE0y0DDo)*nW-YpXwqq;Npf;4cfg5#&bkNSu2YhWehAvHM)U
z*0{A*qPKnOzJ=t2vvT1pJ&M{OODD82Lc;Jg0%$gEGj~4gCjpd4`(m!=Sy@(Cb|yk*
zUOCtd+Ord6uUWfaR1Vr!vn?hkbXV3^h6X{3t{NZ<l)NW)mWOWgl!CTCL~iI$@hLqV
z<jS6un2t2B+Ahi@Qy3dgVSFToq0uCU$C$5l8G7kMzqZ~U4x=X?#mYpO1g67e4P|X-
z0;l(fa86&C62j?yWt_D#f%Dh4;QZBLoW3TE^ZK&b++D=h)*P01l7uAk3^Rk?=rA^t
z1a0dqV{2y)r}PvU-Z(aPk73jDF>GH+*^tF~r}p7NXLaBKXD`D!+xxI>Qx`U@ZAVvk
zoRho+;v^~&t<J>SnAI3EtoMxD#?^-fZ5xK7-;WaUV4e-8uO;3^&t}H5)<xT3cEhr?
za`lz3u@#nW)jzLQ5s?&GksH}tBk)AThT&WN@=}G;q<3eE$VDn!HfHSwuLp6HqAxt%
z$(O2D?Ob0=&fE46y@~To2%oO?hMuLHX|s00H01cKc40y{yhhNr{GEK98j4-{5Y1`t
z2hP!33~V$fD_FK|tx;Tdc9(5yI&A7~$47rgf}s7wW}&iWr@eY-9v5#*aJJwJa0b{n
z47})@2XLEMiXEm>z)gb6^l9hz;#p^^u^+|1T{DK??P5o=1AsFK??i$Ww0^n!F8$Ie
zJ5y^9aO%Zu|C+T1n0KiBvm^++Zsep(Gd!9(WoN`$3eJNboqa{eRz$kX;2dzIvsDP*
zo0#QM$bHpJHxj2g3G+)w&Ps6z)p!VJXZHN#W{)zE|7rsLo;)~z66egp1>+nj{Vsf6
z6}D!@HoKJ*rdej1h$zh#o#$3(7<4{Cb{ZfoF6B{X)I&6$kT-g%KI>j^>6=Qb{&b^&
zB-D{+uefOL!qGMWpWW_3k?Bfnxt|89ToFl<v23=8v22+Ge~Da+!m#xANk#9K5Q-F-
zof4vaPQ*oK^!<(~`r0DsYj45YjyTqJw4lGg4g8O_Eg@_tIeGB<UYxO_8(WsOVC%|G
zY+2ibt?PQRa!oH1J*~)xqZns-kLSubJTivEV<{XN%V20cYpX!nd<Mlrghj|<T3-{^
zN}84(ls~mq)1efl)9Q+kT9wjPk<P(bnaJF`w^at!gTmld+j26VDJ&jBXIE6P3e)0X
zxYmAnE0H@(BOgctLnOa#te7^IWjl>mwMNjv^2{=gw-05pKUrk`#1R(x$|mvfGgkAy
zfE`Cj%EGOzTGeeCIjyGHEADDrieLSh&uRwMhQ%~#t4!sj*}hhom<DqaV1{5J?i@^G
z?^uN|I-Ip4gk|eG**MkPnguI_1Yl@%3{UvnL0o<-D|;5W^ndr^>N}29D%cuXlTcfX
zhj7U@vFVBU`b`5&o0Pd{5Fo%(fZC(Fn5|Z7<xy83WbfS6?TWILveYE2#;>4}agwq8
zNL|XG$f+F3%)2NaS=EbA_U49vY<*k~CB85kq3V|+=gzAi&W%KqNX27uQEb&ieVC$W
zmoF<D+0($bqqO=W;l0vl=N%-nr?rdMFE05KL1A0CH6nK|j2zRG<KUz3xabvIt-NSZ
zw(SU&F9R_G$XlYw`*JjD3sEV`7{eH4nuj?M?#~o(Fqy~h(KL3Z%Gf!U#=h|!rGP=&
z>1@MDCQS(;r7@J*i!!{{SP0#m2yX0&;-PEX@aQc)c-ZO=Y)KTcx}}I-#@9-cQ5Z~N
z_wE7Qcke;$xMvscx_>|J-!qDxhXyf_%99`!tq3F05Td+^8Ie$XRA$viXsLYoNrj$O
zCJy!km>fssMS<CJgTx~c76$JXwkrVlKnTB-Swmro47oTIrUwPBv{?Ezu4QduE~I!#
zZ0)x?RV{R9)$BdngVOHc)w!k(A?7D*B(2CQR^`(|@rWq-%S3SIA}10{Ta?b4T0xOV
ziVjr;D=3BxJIOh0+z(i-z1gE!))~Wh|2V`7P-9T3Hvze0(WcWmeD(T4>=+H>F<V-!
zBTa=7cDk?JJc{!_ybJped!MzR2{{p%kF%MN|9r{{&!B?a4&?B!KObhg)Tm|{=7|Ki
zf^z4TEDLtKwqONiK~cMcQia+ib&@W27C>6kZ%=qm%*xzR1S!#Ko0eZ6Id{g4wt7DS
z&QO7>4R~=XJjErElX`y5OztS=#{PI>iJ~+>t(A+%T^)4q#KA^UFL6@-em6>sZfw;>
zx4bvugITeBG&<QU%{9>KhdvQ+ulAbfiXVf@M^LyF=@I{cC^#~u)d4GSx|25>sHIm~
zFLs!haoaY9B#r{xM1iAcf$^p}CS~$vq_Rbf7eW{(8A+1O3}q4+CJ7o!6>%tCz(AIy
zC6~dzWDa{XCG4W^92_ZNe2DqWN6?apShkO3!npU~e&{90Jk!^j=s|a98&>x8W7CR$
zY+KfjQ&)CjU4J{)cO|f*EryP05s4_nh=<V{4cl>!1oNG<PeZ6cyfQG+W0}ShZEc7s
zD8ICj)1w7=6!POxJFw3Ln!KvM{ng;YHZ%Uwgj8=gvChM+hYt3+HnyFPPzF66ar7p_
zNHUDO2D2n-s)HywZ2@ihaXj#x)hMx??;J{DIMRwVtK2xLwxZOJt#TEiBS&fzB1CfK
z#PwylQFf;#C@MH*ij6~Ick}^g2Lz>@D<d9{;8|yOu-=b0sx=*9eC>`5Mnv_kG1X~s
z^<ZU8AsfGGM~Y#L<KBTh_KuX;2}9V;&a`W!h+V@a{C-ak-?}x4xBcWWKKAQDCWdjj
zSLbE|b(mxbA9>z7oW5eB0{YnXN&NhdkxDz6X}Bj6)Ui?|D7TZKXlYUe<+OmHEEtTS
z=tFJSvn^`S^4g*<Qnn`Ez05S2R+S&GX68K#aw{i7)sG%zC`T2=Xs~eWi27;86XE>v
zYR2q`deptH=APo<yxJg4OFIC`XMH)=EL?aJd6bz4=T{;>E_^+^dnbOkGSGynGOwL%
zZz6Mw!V&ysD+ijOsxIWtM1zT!R<~6ocr)h8@BVoA?stf^%&+jA(8#1}CVQ5@ZD-Je
zUd`U6$+@+>%B_ec4Z=|-HHs1k%RD7VB9krV?X~A*AwmL^$FLo`EMp{F##p9^!DOD~
zC6DBI7W+ptNVJBrtRqH!Tf`ssjN)KEhW)t`_NBrYpx<$J_i<Gbq2m!MiZ}=B&W;GW
zx?8cTn`EUYfqq_B^16ayEz=?0co{3&!{}y~I$}k%mUD=)Y(gY=5nh>6s$peRZ#O9d
z=F2kZ6P+Vc{n=#ED?^n<vygk&l-zw4j8lEa2rTba&lacbLZpZ!UL2D;S?9}IBj{wF
zIRxR>BWaSjGKzYuN~>^%Bp!U$YNRt+>>W&DEZj!kT1MJdMMN~&2CQ!?U>j5@ipy&o
zRj7^1zLH4Bdb(USh6XX!hTap`?>8*pc9MUn%|o$_7zxUqZ`z8@eJaqS_=lg3;UBNq
zQ>pY>4es=(N|*N-S-HrERb~Zt;9WmGuUU&;hnr0ts#kWv2XE`c@BU(qXIMdsabNVw
z{kZO4k{^rvB!>1ykL(04*Oz2D6X@RrJoDW^hJ$8+`G;ow`cT_7ALX=^lcR~+)z>Y&
z8@*B*(&0f)k^Kh;g{oU0Y|QpssJ)X2sed%W1TJ6ePU)kW4v;!KB|*kDNk8h9H?o`1
z)nuvk`#o`FFi`@ko+sQ^;l=<#dC}^s9Y*vVJG+UhtAa`4(LnC~tHOG<LqTe^7F-!B
z4`$?<8)#?WZSk9Vn2=8I>fm?o(mBbE%7Y1UWmh}iS$gEAHf}zX7(`1sa;XtKd|f*(
z-r9}d-=D#iJI7ICUk^n~_AL(`hlq0wY+>1#>0U|EaWtK4iI5nzMZzQ>9Li}%o>O_V
zn8CMD+^&^Wb)IFGqi#)-DCt)oq{mYnQgekOa+v}~vuTS@{8uT?v8=;%qb!%K+-YjR
zOXUiIf!o)W1^IA`1}bZ{fBB*4tsb{Rqx9(NVC{jC=qCwmg@un*`w+T92`rC?u_m6x
znSF7bLZ-DVAHuh9AHjYywrny>uPo%uVf@t#&gWci4A<Q^h+W|hWSO>c^+%FKTMg6e
z=@y?#P=%y8G|_XFr}R&3^UZDX*dWM2#Psy3?_dSRDzlW%<KEE-UU;rfs2|1l{s_K%
zM;1e4tPp#BYo=g%tFd@q^PCCfNr;@3)Y@gIuxCYp2)5@)OAKFn)(ULwlfpZStM1L>
z{l7eDO@7wlpC}MH*A~wm-XU47pqw78pez_v{@UW%{Rfu6+M=|YuTARK#Jf?yvDv+#
z87Xy^8{MjIJrQgG^BbzwYgXyaEbTy{1_t&yxswwGDQ6N(lM_J-n6Ni#6bAjfl?e4&
z=S--2l|98)RXj1&<kbR^-c`PwQkVP6r7A*gTngWQCx=&=d&#VHazgGMWbYSuBfaB9
z{*~S;oEs;ekzjFZ23;e{hum7+&T$Q#vC3SS<jl*6)dwxT$I6w4W-ej5*{Tl9&Cb>^
zK+8v%)>-sN^EhpFH}2dwg1spYn`}n~+xiQUl+c~Fk;p1Cyid_jvJkc{_9N*m4yN)r
zFq*=yp%nIwrLcc2hdrZtnip_58^Tbsh+&eGJlnG7JBhY1+S?-N?+9aUZwTvpBiP&<
z$A%Sc*i2cwEQ<AA5v*)0qqn7iM677rNF8yJp(42^NdbvcnE5H%nI<MguOnNgl_#}3
zy;)OI>RJ2+UMo@|H@w;k6x~_btBv#7+A4LNoehd2!FwG(?qD15Wce*ml+fQA$1n-i
z9sBY~X3A89agwMEB83zla_$=BQ)S#eTt+(7!rIk==L9*4!e=xryEvmSasr@|700dA
z2NNN&*Py*Rv~*Q|3we6D#t~p55)pj=_lI!*kV^U}){$lY{o}eTg{{UtTR3H9WTi%`
zN^BMoi!GIK**V>K)aHqA?x=PA_iqQuKc$>KqW}RG6Y4_N#nd3Fj4KaQK<@l91t#e>
zzrV@=Rhi|97%*O?MMh3@PDqO1uN>&=24g~Q8ztR&Q+gzpXZo`PwX$$<VJkgKmj)&;
z{DzPprQPS=5f#tM;+!sRP9IgpZ&ycLUM&1N4n#gh;zaiK){DLU;u9U-b!k(1NOW&o
z3VwGqwDT~|-n-i1Em3)Ckd*M*24mH23$1uh){x9+?bX<!OwP`@l<lkz2TVIu${?*e
zX%^)KCEUgP4iv-mAL*vFAWJER6G)X37|)WtWXsq)TEsnvQn+Ivja&AoaPyu~+_XD`
z8+K&yr~8xm<L)eOKTyEEgCXqVz&=DjMP{;vadvjJV%73)Y+tt==Wkw#2cNPM7i{an
zgEn>HL2Enkz}4+IcV!#SSsB9_D`MEvQ^Km&Jo>^J^pddXlk+W}#92nsd>#?|#tI8b
zKRzi^V=GH6Kihg?x!9XulFFmLWs(l(kc;G)w-E9qfckD<CLcoDH6@xAMP%q+>lk^K
zw|?%Rf{1+tw~BC_VbLzEuMO*&!lYD1ZgrKpp~T0g4#_fRQNLgXWg=8Atc<&dOL*aV
z9Wtnx6X&jO!FVx>Ywt+HJ~J%0O9D(wp@hEfc6{aetI*qCZ4HJm{xOaB{_Ietv4{wr
z><Cs+78h;>WykN?k1B&jW%N-4t<yfG8z(erx$$dBA7mx>Qi^rq{A$FL;?^@AJ7f8k
zv93zeq;TZWb6_9Ps@$5fq#k5$?s#LbX-XKs4XUzKT3i5fsPKiFJgN-jL@=lPqruwF
zG02aN;1q=|dwOu`leG)hg)tjgxHaO!u7*!XMjB{PD}p{8=f0Y1{#g#ngMEgdSF3AY
zb(mIpRGdyMPrR|Xc`rBiQ9D%>@8w2*Ij(iZ(>Q%yAMV&YhC>BT+U!GWawpFki4zt7
zLbYsV&+=0`#9$&KHen9t5r(P{kkNg-ok<Qc864b6(o)4R^eZXjIUVc;22&**9xh^E
zvWUTvJPr>ead;$yv1ACDY#vE_>xq#uiYV((KP27N8byC=3@dt~ln7S$MX{<kj#WCe
z+u4GZJuT>NZ9#8W3px^%c-X!l7b7_+7cxwKo<mX*F_OY^sfchf$6Tr%cx5G0ti!V5
z0-H?6K4O<38SZ7AJsmL|NfvPHz5<wJx~B&c#7HrTN1VL|NoH=>aGt~_$`Ff4i!&(k
zMh=-_m79H8m)D5Oo@Uy|GLodL(xGzIbF**p*sPs_1_Wg?ST=Vb$>G!$9XOk8){n<;
zZ^g}n1vdIrr3@FFq*!C(m7Qq!+qPp(w|d%9WY{(y_@R54PBxrbZB3nk2nfpJ!V#4F
zNl-MKwSFWE4H^|CR)x%^V5Q%xkm1CBISJl4V~~Hr`YQW@#p43iUcMgrY%8Odkjh2L
z@E#|^JW$wPq@?w%M+L1eR?m;~;<t3GDQ^43{5pGGedQq3hHdxqOR=Q$kMd#W8W@~o
zcO_gpWu#*8Sy_4MSyz`HKm5Ttu{`-u4WE`um!-ika=?g<u;^S7>p-u;+QD0r2-}XJ
z*h+`|dtP)ETrg(t8QNPj49CnUB7quwV-ajy)sB1i7jRglz_vnE=gJt{ovzmQG{~y&
zGhMb##9IYsXP<QMgUZ<4(2=Ffa}Xn8Az{*wEm{)7Wl9Vg5}RZ+gfY4w$Y-&agZ-iL
z4DKIE<G#@p?jJ8<Kjr@MF!t$ZNO(Usrt>RW?O?Ff>m4l-bhm`Dyf=i^oP2Jij^EN1
z!**>U^(U}xSpr*oquAI%Qqx|-iq<g5Y0!Zz+L+xI<}FH+5GN^aVY#$Ma_A&^Xep(z
zJQl-pIzB{F^{4$QTl5N%aD_;4qQw**dd?b*XN%Y~oI{EPPpd9bwlQt>SU<MI(gGu*
zKPwxzx@aXK5!BdJ?h*cLmY|3|YALOg1m&!NpiDragoEi4o^?hST55FRS*sHG*?oB&
z8DcB)A2M5LcuF<V(uU7IZ!I3WVY1TxtM3iq`W+-wrbibkol6Y?L0Me*35tFnL<2&V
zq)3TPZpUUPcTV4#Tk0+|ke@n`dnbbYSRXLYK1iub7?#cS2p6P_b3(j=FAN)Obwf|;
zlOir!6>tNnbE>Ne|G0GMs<>Pn6SCqF6ld;vnE+>It0@#)ad7v{ldY~W0F}AL>$z9H
z6sE3D1S2>arD!0+W@iaxUa_vaQyA`APn;iJCkQPig3@R1X<^$gN~6pvax1udU6o!x
zykLxT2+p0tE9cSOTEr=<I&jzi3<lM;^?Nwhwmgq&K2|mol{H1LLhF@WZ3ihlYY#rL
zRRfBZvooWAl@*O#_Dncfm&zrSNmNYq3)5`x`W+i>B^9GF<AO;#9?zFBl*wZ(UBFms
z9EX$o=1U%j#z<&LY6iy(AfLfVreq(pOEbC@%S+#bjmN@h2}jY|7Dabk3wpW}Sl^{p
zmrktfX~p_(l9%o{R&^w>DiJ|XB98t@1S?q2J#qc?KpcmXCEU6%g`$0(R^^mIyflIf
z&f9>|u`CV^Wszmt<Ftyf9of*seCwBswOC?p%hjh=wp@7{6sGQV4Na=X$xt8)R23iz
zFcB(jvfgX%9>puaz27rDiZfTl@wFGP#Htl!{23OcDWwI5;?&+_xfTEM)RlPgd9~+G
zfFInE!KeRlgn6Mm<tadbr3Tk5rKznONg?UM*Ip;+D?Zpthh}7Qr>kj5iU;RjS0|J7
zoDBWp$b*Dt&V4mbpG<%p%CAO0`Qx+oOFk-{3VwQRTya;09yGh>VCKgJH+7(-IH{&v
z5AvuqYVxUc%IxT6f<F_v_sYab8x3VHV}E(ngQ9UVA<R1B>QU!SOn)j)eLsVNSKW9b
zYh4w8E#yw-{<KL{?n*xI?WbzATVPN*$deLDORFc57B_%0G7E#|TE#JQPi)Yo8ykTA
zc3Oqgn<}3F32@JH?-NT;oYAz9>m(Q?!w9$8LEhnL8wN;d_7?Nlqg9t=3U`mEaL4dC
zZaXrD8;&IL$AKJfIg-ZBN3yv4PzLuN&fqZbkBk80BV`oGVA@EI+DTB?kc4b$kKx>|
z2+myAiU+P}$C)cTaLVfCSk={mHfA-WpC(XY*~>Gkha#(mWyGvTdEXi?qq~qsqL4ug
zMXy$Ovff(grHxrkXiJEMC!+jnTq-bsb_PlJ6rCNi^3mUB&!DKlwIma)piG9!hm~{t
z-Ib-SOSY*29)*6i>h%xl#Vtc++_{$(st&PGBtRXS{W+S5;t#Lih)YkKm^R`1JsCXZ
z^ZSt2=BWCDb;<ySU<GAy;a@?~ugJQlsX@W|kwz5Ng|1TQgxol>l?jULZ&mjd1z553
zZXNV&1C@7g(2ZZDL^V*-p=~kvtemx=Fsg8tUK(umL4N7Txp&s`Co_$WE*;K|fe)sa
zm1kLcaPFw*t67{1a___r^-CClzF%P<!1MBGfyt4e2&DgO6X%f{JzCm4W2L25{BX|`
z%8HO*3rphN7)hXo(r3y_=HA6GvKBn+30J@9{0Im4-j*UZav;8Ee+I)kL~5&a3WWLB
zY~Q}mLNmFyJn-JG(+T~XTSZ1#x#(Wysk-w-t3rCSMu)()m1jQ^=!w0Rqqf4UxmUVa
z{<exF!oz0~7lu(F0g_}{HhLjC!@)nvdQInBFh+tmoXue*m&I5<io=;aM$!dd3%2?)
zk}P0&EQf)l&d2B=EQv_INa9vPOC)SRw%i&I+b{XwIhbZDL@Ze6OmC!=#3ko$M0bv+
zBus5>G5d&JPpph~N>?O={%{_NaL!WL#XN;cTv{V7NQAORu|wf7L)6<wMFy#GNo1NL
zC{~jJL75V2bny~?$HD%L6>-YMS&dc#AGfU?`;uYYvWE&+`;yhAYWp*Huvvz#6tdm3
zH+JAVFW!g;u2bWlh;g?2M}BlK21iJoG#Q)gv>fjU2+HE3mY|qf<zh;ILLX9tcLSye
zXRN`(krnf&!PN{ssT~~&8Eed_3m1pGY7nmprzR;!Awy^3MI!y7TO~<WHn>p)nL97e
zo33h)^%CfJ<L;Y5)jj{%U`(+A)g{bkFNE4Y&17FKLg&XT2O~}djgE@UHPF(N2@OqX
zr!Z>EOI1{xJ-IP=vhWd<TDUMB8aT6bkc4!_i`cZh13M3rpy<0Da<8_fFhp4F><XW)
z-7t^Z4ioHC4|HVbE0ibY(erPjd*0|?Vac1bt3@>&&%G1*ljy++3*ES95gRKc3DanV
zw~~%BMc+>;llYV<c@iA^9Gu>!VO{CR{?b|n;WbOiv0r2;<HZuv*#gFLMU3ZC7|&)f
znkJzjxoBxkVAnVa%3-aXFh07|+g4E$l*f>uv=@trw!{!`i(*B46kR&3+n(Tk9Q}M=
z)fy*pNuZY#=Khu_I+^TFot-IX(ap(2qNuH)655!e2+Lnp9bm4&#!$%R@uu$|z|Zbh
z1y01Wwh+Gf{AGCmv)5tWiY}66HY6=)IYKcPP*@61uL<Wuc+16W@RL7ZkB6*x%H=2y
zkTqZW+5Omem;-?66E)TV0geN>rmFGKJ{G1%uNh{YzEsh{6)U;dAR#|?K++p<>a~5j
zmy=p38iPMx7tTx||2{u@bU{k|&kZ354Nx!b&A`Q3^)CZGXi_TCy%(=;Cy6}kb#Uk2
z6TPvKXE{l%ykt%fjq*2HWzj7iYultU=Qg7$p|Gpri&#ng{wl=7cBu4NFD+Wx5XrE6
z3Dd4G|B47GDLPOaWw=`5&}xU<eyW9wwvJT=bfE1Yt%_LwJkhg0wpOIrZx%7lDq|~W
ze}WZvilVZW-^%c=uk2d0r~d+piBdOA@-jrf`r!G&LKy>;!*n#v@o0=e4lquAigJwU
z87;RVN#ZeDj4}qjR?H+RKt-b{yd;R9CUZFq4-eTFdb5;rE{z`A_cFfaktjBG#&Aks
z1ZS;i!2?#d;Q^~!@G$+_^qMZ5y{Z%Etm(vqcs*@JFV5(VHc3#F0L5M{;Q)1^MjQ!Y
z&ygH1`RERO;}$iR$$0a_y0Pmm8}RSX*?{)ej!H%AXSc2Md9^)L$e$W)wuERjikCcW
zE$)5$HvIdO`>?ueay8#MP{89qcL-PCc7$zN9V4jQ0LLLrH&KkFOw)#)6N&t2OT$|X
zsLcF*a6zeWYCv)E$o&Mk0A~yJP3Z|mBH{3%ef>uLQT<#qZJYTjaY=d;8JI&TpMoak
z)nw?#rO`8V?gSZ`@Q>0ceO4<P*)$Qd$&m7`Z4F-KZ$exi>OI>k4a2Gq#8bfBQ{-G@
zx2`r+%P+5bRvQSlB1y8Erkj-9DQTuMT?V~`Sa?c&8>6P^w}Iq7PsfFJ+R@D3Hqth_
z0#F33AB#_-`zg|F+dwYz8nNvhiPEc86P+VuJW8SygTjy~K0)_tA8J!1HevZw+FOw4
z1U9YLor@8qS+1iTKZY32XgG#Zjv-^=R*aP57-!{V3Sov6sfKRd#mbc)Xdp9n!NaWM
zdq#@bKU&0{!{gX{WE}SmO48Ufl*GNf-aDkXk%|~h7ZBB|49VV#)-pDAlyO>r8RxEw
z;6bY+c+}c<%l*_)#>EirQ@GVq2+#;>K>Dn7tc>S=We@)Ax?#^^BGlI2@`x_{?zQXi
z_fJ}l&194Ilbuq4?lbm|urw06(V-%JGdUMVOFW9Fo!gBcy=)^s_uM{g={HR<3AZ20
z;<2CDhg)_qZ3(Z@2MBOHflc4EqJLns0Y{qCMh#CI!1>Xeby`U&ONp!V`TBxxB{qTZ
z#6i(W3`&e<;!2DUmLBiw;QYyp#O|er6~9D=g3?mUhG?fP1>4$@XrSWNwjY{=KP^*1
zK`L2-OQ!~N6W+VLDa#U<Y{3T68aZ0v6a}t9+$%4|<Kk)x49m()<)cJQ0T;ET$np}Y
z&}xL<I5P7}W}+-djkOc<qCC2fygB&8t0xm61J#iet!nrSss>Y7O@e}!d$mm`)(#Yh
z*Dma;a;BM9W;A9fyEc9>0BxD7{j*Kw>9;`gl`KUuUMM2TaV5pN*7sa;w&fK^kp-k^
zbv!1jI<@*|oGd3L#hL_3mXcBm$2mN;Aj@m2$gpTQ%JFR^UB+lSg9GCk930JH*P%3a
z42)26*g25J?jy7t%wuenl5FZrvP_6Fq$Mp86{RG=^w9ogA&)oz;4t3w!$YjR`UQ8!
ziU{6yQ7``RmmBbf7jD5T9<d5%tnVS&V55*i)Yov*HIkx?71%bS*x1*KM{e)Oe?EIX
zZhXTQT>fY4@VKpNr1kN|8<V*3lLv9&$XKQQn(_z`;5dah###5$;Asa8oyJxNnx=hQ
zx1^h}R3ZD7Z9CLJLHNbu@<h=XG&s}@WO661t$PO>^eFPHYgGf+MxephubySbXT8DU
z-ViZ+4n+1*u_oc-o(?W=5|>uL$jl{GG8N3;Ig%$0o_v;(lHN>u99*1Am#ykIK~fy#
zyvPXk4GwE7eAauf9E>AOh!%N__Xu+9@~Rc9SwVp)ugatoJvV@B%gsW;I}ub2R%bLQ
zFdi!(rCpiw9JyO-K70^CQ9sey8nq)zzFcH5`dmGS8<mOD9WL9#l}fun5>m1^s%W4y
zFXcQbP>DGUSq}Bqb%BH@OY0=sk&+Z6BtI>lw34v2kg&Az+J>=QD@NJv28_UjF`%Cb
z7%X59NlOzy7D!PZ^dTBm?6U2^Wx<aHHU(p<ypmL`S=oyBK4}&H?0kK3c6#VN_9G-B
zyHYtE7%ErvC!x;>ceF;ax+{wH?IHBHg>5xvI_wxK;6-0Kglq2|sx(sXa8!V4pjZ5Y
z9}8SONZXC<2Y&G}P6U0wdFAwyQ|fwl<5bn0hDN}(>@Ej&;EdHL?BiT=uUTgkaL#Sa
z(MYCvWZ;8y<3wrH)tO79Pk>91CK=3xd$bRMF_HF*&P_soEnoIjiCf8Zka;8B;o@~r
zT5I8VQ_o&7H~gb~8nM!>$n&U+OM~u}K3)B3ZUnirFm)qQoi)l#4dh&~^5?*uFJN6;
z4(FcMi|g(j!hlv<RHyo+zE&mNf#11+;;vioa{!kw2P>b-Z547e!CWL>tVWQf+Hjh;
zEojvb)$*yAM5jAEhRvN3Y+u)o>uw&w)%T2YETXNxpj#Y9FAm}jfBq=!**}W=_NS0+
zZL=deVYXX^o+UACW&MZC=?dp#$ofoO85v6DFsxd(Wr1na*<w96S)&1F1t~|Zq_jn_
zZ#ajSetjRF^X0=hY~Ki;8eMI`=4BB)W<x8Ue{LI|dv-;hcTPK=ygh;QS4Oa`qd9W&
zzF&;s{QufPax%)s$@JJqh^j3#K!D>9YQEBDHe;l?f!}Xlg_LmZc8Le)M_RKw<J2mO
z{OH+1<}&jubU)-){$%I#>w;AHesZENIH~W-LZF2PM)x>jK&jqL4>@)5N-876QJG2&
z`Q1qb7nZI<t$i(&emg+Q(WaK1sEp)K;mJtFrmM^pzH>GeEFDuNpaJSRXZ*%>WT%Ox
zD=SO$aROHq_44P3^5*K$^5@u~Ji4|Ws=N%uyIiPXFJFnK$)!HouYVQtuh)VrP1#+u
zyb0$+$gv!CT0s(KU`77Z;!d9a^hS|>`=~(jSET5g^(0rO8HrDl1aVRqnHoxhB*2WI
zie$}}O9g!M_lI!qhj!rqUNMN>gHmMk1AX`ACwFJC{R8*oZ9m+Lkuk;<V~Z1E3J~B#
zfKx|K9IE%a(Wq0qT{0EqN7`G8+PB@KV6?2Qj%DXu{1FN+F7;{oRh*t1U7W~?k|IrC
zO_B^H0<Rh%-LoSn_Q*el429`(qBmn2kuO1h-GHR~S|}^cK>p=cS1)OH)pIRmE)hAg
z@2Mza4R11ZaDyV@(oipbjo|V%=TLgJ8l$xO(|dxz-yRIgBO95{Gum*Zwku>wMD&Zv
zq9P(8^r-gAy37?bBrkGDGyBzUZ3tB$0-`7~+7b#!`CR#=e+c^eNsLiwGe|#*s9yw9
z$ofLA-VTZ~#wf`Ng=Dr6i<7vtG~H_nMXMK-bdXE;0cHesQjvpr2>XY#crQuAhWFls
zhktwz{{G5A{C;l^Ssi$tC33|w_6`^D<2%Q3>E{lh`ycPa6F+<p?%6+nR3Vz82oT^T
zfSS5=s5GWlMr?ItivCq~?;Zr_o+Kboy{7{T78cF*V|8*S&0HPiW#B{sxwkjumluh%
zHaJ6tD@jna1>9QcuNu>xTlHPrGFIF^k<OS-Z%l~O2bsyM1}4X=T$21EH+~Y~;}&Kv
zzs_FnwG?3@$J&;2TO=+(!5exsO;<kZrEekN;#Hn3Uoy}bCwOT*(V#4<8dPsq9n7bF
zomTf^#B77Cy8<gd$u_5|)%!=H!tz_zp>ox)+6%iuxmZGr%w<o<DI?e-C6%{+DiO+y
zHgk;XQ1n(%#in9gX=ZwnNiTb)^C6_!Cz`JTYozoY406W?m7h-Hx3M9RWnO#FDE{e+
zLwMxJ?#I(Ue+X~;@ezFfkK_2$!92$8Sb2S@I(7_}@Pj+j_`t75@Vu`a#`z!FjVFC>
zH@^R;VWhGollrA%y-}n%gL(^avO!H=T}ULwRvD&PY4AfD*@y@|7paz|F{QWNAg18#
z8!9x{eO)a|3u#+Nj^sve<;REyMFx6pRm3F1S$l+mYsEov$i1BSMebc+cKumrq^h50
zp9K_*6UE_3nqO2NUUUW<NjwphRvX*}1wzMB=F7h4VF~vj4>nErfo9r2a16)u-ZWeq
z%)i2^j=Igk>YAcB-Mt=kwJ*EYrgx5@bbDDocDRa~0Vb6(^J;I0sV#|$DDNdU-GY6*
z&EEN-i4~8PlLDZL_ZD0<9;q(;>Bsx+UhSU-wql}Z1z`212Zu_bhsp(VRgb*zPgSNp
zBr7-<MRxEtrvNYb6e&*q*JlIF5LT1k)qdfT*LcXjy4RTqp^XGX9K&BpYAoZq62{n$
zhSEjk^j42*Q%kD6RBJiFu_HJnySQj{NOmSr=W&Nj?daVUa2?H!`8p^m#C-ipMj|L8
z6<Ya_TLoPU^Qu3z^luy3VO*ty<~sc@zY5;mHvyLv=?op3ZRQ}_T%k6NirSGAv*RB-
z%<J;&hXx}_?YR!QlhB_o3a^<g$*s!5>dM8XtKx1V0Q168lY`^B)*Q||r5C@wX9xo&
zmp(c$J*x2L5H6{LTU<IOxD_8?Iu%E?Y#KmrWbfKj6(T4sgHjraa2#D^6)VGeZ0QT*
ztaTmu>96<WhTR#G4wVxFNe^OkZw{|~&IP!8&nWIXltMDzfw0~rV)*vL6v;<SRj-v7
z^+iTnV*AZ<0#I2^DX~YW&KRb>z)?Xn&7hKjNtp;RCva3zib@q{bza7iu{?Gj&f>Ox
zY236sjhlUP<E}LBIhe)4ksNY5fh0eot=6%<@B#z~FmtHuNU9T3XW$3>TD?9dy(`_W
zSz<*8AN8s)j2fY!#twB<u9|tc!Cme&SUJ(aQ7g{vV#DQ2qem?{u|xQ>G=mz*v6NLU
zTwva<2C{nIr-VE@X%aQgbG)Bi?ekFRHSr!h>IA6A>B>-Ul;LWo9YmgKNm88;m)$0%
zL0*#nEjh&@r@YFjj2uN3D9}XaWrm=Sr#LgK>&lxuZFJDW@G8>=bsQZd(MqQhm1>fp
z1XvhU$qGeFXL{R4B1Kj!GM5`iNK9c$0t5(9g{MI04$`;`P<!@HeL6xSC@#O!7b(%|
ziB^K*WEt{jt2v&%g9wO&!je9B;W)7wC}p9c^f=LYEpddYYR*5>Nw!i{kA%z+DpSc+
zP+2H$S2i<+OS_<?^L}#i&Ou&|SFoLjijiu$Nc83nayb;O5759X_k>rFI`~@ooSR4t
zD@MC6Y$*EKKUdVQs`NHbQEzzZ`zvZsy4TjA(Upp8uZIN)5a8qhJH7@@i9Pb_{~~ea
zlaCeAm#a<$NXtoQ&KVS#MrZF<#iXkSN(U9M%GC{U+VY6-US~||!B0pOUcFTmM+oK<
z3cpsAH<t!~S;|h&B3xPlwlgPl1jW$|>5x06W2Q~j<;#tL?m8QybHaiJWIxKN!m2>U
zqaPLY84>!P3G1F_I`b?_qN25Dde4!Flt|E>7gd#3Wb|%Ot`tVL6tx#b^cC7lf00Wz
zw&IN5;t3ESz;OvjNOV$7XDYNQtb3VJc`WOQVf)HfJob!Uy!TlfvFBgTLF$9&;DS?n
zP8^a_g{jV|!D5*nHIAf}WmFAb<;#oCW7vu(HMO3dI5J~yysKXp1BzE8f`6;Y5hbP3
zUv$o`#;>Zm-$9e`=h=y%pcHpAs7=?5;EPn@%-H`@fG-bo4mIqG4p0m_##%0F)5k0H
zviJ4ac({@R{&5;ZWJXdd>vxm06)zNR1L><MR@~tj?@3^y?a0}^%Li>qdS^~hPBeWL
zAi#+Xkr2HNRt}@1Erzq#cHv29_v3;sBp>>gHO-%PW)JRq%NG3n<!kZQM|WXuH|({+
z_3czW^1tX%8nndVmKmgkW{@s9wV5$*v={C^hi|_;TN92Rr4^+;1zjg-NjZ>8_QCH~
z*4pmSz#ZmnFwRj{D+^lc&NIFoMc-4=PlqTCMixE4P6U}Lc@o_#+s@qtILlg*M_p$C
zg{`7hkj-F1T9k2@;3ngBWo>0uBeOxZSug|koeozHb)dA%t-Yzk!8Kgw4Bj&rs_kC>
z=W)=Rlc3ceYucoPt527mMyQsZA9@3)WTlv+o#r%ZuGs<ulv};j5z5=jN7UR_N-M_u
zvQ|x^VcO|ej@Spn1tuehJd0b~MsX4wxmR)9H~a|k(Fs-0IA-1y=A=La1PCyDNIOV$
z;Z<7+(jHpvNK>7Rdm@dSE8$HSF2na<vI#$Y@n&4{inX}>vgNqqWovQ%HZqZ937`Jm
zC_erB@k)3ev^2Z1iz>t34_s_04VuYG{pqTcs7<Cz8c;e*%g0(hDlrTrDW22|#|=_~
z?lp!P<W}1lbp`{!A8A#+;S<xcH?KM*Xz{U5961tE(YI8}X_`^&_fwqEzeEFzMg*DZ
zo|lP`fgCCywc-MpArxe@I=<>oo>Vsecqb*cKIBd1TPrTeX44{AcD*vOx^*HbU3H+d
zLD4)iVb1XxmtM-Ucnhp!dr*7x%5fIOIV}{XlBPIkjRpioMWOJgDnnP!b@QgJn<7h4
zA6e6@z?GzC3fi1e8MEE$BW*OdpY-vdl!Qn?!X$rDR%TQTgoLFKDX{s65HHb;<i>60
zNUY0HCV+-A4-g>0aRX0Fm{L>M4xzmziVgj7Ja}^l-u{$LxZ(|4@SC@sijKC*zVHw4
z%;20gQ9NpE6stPINJK;EqSckJSd9mt-cF5^!YjVAA0Pb9#NXF?&;|~!Iy<o>R#Bt@
zofe$Qs6{xh`gQ{qrHKse+5o0yDOIiM%0L622+~xbTYL4FZc8M7Mjk2li^(J_MobvE
z>d^8cJG!fio)x*?XwdT*h3?FKE#$7A5Dcc8Y(Es%oWmEd<w>9R(x_K20UqRB){aBe
zqEY(mxpz^UdzTg`+LD+m&!uV;KN?+a7(~6a91FZ)EnL^9=Nc}Kso>n0PO02Z1lzkv
zGI8{;9IAdNM<5%OcE&5zl5213Z#1%|&1)?onH*9;Pyz%vzECLRj8$zoe`6;*IlFkV
zgtJ$*<H}cU!S7zX5&!(SPF%9B9S_?W$2VWN9{qg@+_`HE7kz3kZrD3fv-h@!@R{eV
z#RIl<QRx@(_A3VQzc)*nSI{C2Qcr6vDwLpECTiAsk)oAnu@<eMcn4qWLK>LvbZ}IP
zSvuTSp+ru2HG;&Ez`mf$dnx|B%=|*Pyx5P_g&3D)#)+4E#m~XTPcTbNkiA)Pj8O0j
zR)d<xA8!mgnoeC6kMdo$Yz#T^CDYI-%Z<#1Np>=jxP&%<;%*|Da}Jlh#fD461d<{{
zDgl}KQB7~1gwwAxRa3Tuu=cH!$!;6*Qa=KM5+K0wgj5l?zIhX_e)(Fw_lYZk@eqEy
za~yyB<0GDfqj>!G1itpdbsST}xM$ZWF8bUa9IW}i;+e}MxbAfuv2|@bQsYUy<ZB1<
zrtb~m;!p3z>%Mz{8lqM^ooJ||WUFwamUhQQ5_Fxyy_}2G=^G~^AGT_u!-2eaVi3{s
zRIe@ywhA{o=qh(EZu+gAayrQAgn`9@e#$kg7`FA{(s7JXFbY~xOc>l{;Y84iQ-jgp
zAI7}FpOzZfS(U|LCO%B6w|Ro%nJTNUh^lQ#25fY-#V7j)#cBS$`jnH3)5(sH+D(ms
zpackToMB+RfUeds-ul=ceDvj;sSrZA{MY+&!N+%ESQAzsF51$H-@R@N)~;^D$l-B3
z;FCLW_0BAA++V=I{bGbfWIs0l+uhio;vk|!ZG{v*c=cXfb^9>(4Qr2?+NL_NE(JIZ
zcnomf?WzK+DKvvDr5^R$I6gwr2rf(&mA*}sPtr_eKqG=16<nB=tvBNywo2tZYjwu^
zEgnI}PRt#p5gHCW^yHS<wUVN&*q1!(z{NEaxHQRMU6LUO(*)|m(1<m!s3{~%8q?-a
zUNfWST*Ad|^-{T=7bstnNo2AHb?QRSt3|>ayH_|$yL0C`&_x@Qu02$nb{$m1oC4t~
z6B{5vfTe{<2-oa9x<vnf9@L7rKW+ukP9k#W7+(5~eaQG$@W;tJO6=wjS=Y`1F@k-E
z)41^CJ8=F7?#ADK_ka<RJx6j#WjUB?V3ou<i0W&g?jwLp0jBWuN9pla6l^tMhENdV
z2qrFXHF<P8QG-`Wg*k<m^+UlZT+PaDqn*$;&4iI#Vbu#y?lnSrcDhv4={?tj(ki>D
z2Dd6f;nm(+spD8-C<(Gwd^3T+_!N~ZKZ63Ej$IMX+WB`P@9y3eV>9Wi>qddp1It74
zyD~6m{A1s-X#h7s9}8U3s5&hFGEkeIMZ2B~wMDPAH!2FD>R#z7@^1(QTWP8o<=HRn
z9UPZt_QPn5nefP-jO+gT0=+222~kf|j?EF2DFO%(Aix5G3hnyc6BXD$U($oWd{iIr
z68P@TW4P=aNAT944C10s?!q}Ax)&FJdM7TwZOAwHu+!VmDo{J<YF_|#T8UTPJ6S4_
z4zdACX%azUnya7Bo*@*L%A%fLQ}8mkH)nJ+)AJhgM`f;X^oEH27@#8r49|YCn74}G
zpa)5dcRhNsx{^C5wNM<=-xB#z`B)kGAanO)f=Z7OCYPQ%aB<EQE-i|G(wL$E<zO1f
ziOYiv$Dc1fYn-$;JPqo)aRplomWSNa+M2xL2{A(ZLC6Mh={Z&?-fGb(eU6|sQC>5F
zf^#A?mG(;EN9ifgHXS0N53ztmP^^3umXVSYRY=@!tKs_FkY{eku8^&sOmgOSPO1UI
zQ?*rt0<nbHQ-A;g788*$e!p)F_Z}(YtG6ccrXL)}C7(HfU)(za#HiRJMSS~){rJ}_
z_TlGuj$y~)43Zhm=-Gk&#KSMg1DqbJDk5pTS)^TF6vU)~PMXpS+quyyh+gy6tH71W
zr-pcwJX*R$21rJvUnQo<TPt?5w%`<rZj=x&F*4Gvc!ar`267`mF8LA%*?Egi3j!C9
z(x5TcpO$8!Fs72}!fa?S&tesI9LS2Jrhe8;E-G*lHo!F2v&XyzJPW8HssWYQY}uB*
zZ{F);_LY8NjtKjFo4L-?SWR(4F)KT=R6kHSvZI-d+(Kg`$j$Vaj>H5A5MW^t4dIG=
zQ`q(&ci{z}--QoeJ&2#(GKgFD=)8!hG_)e3ua~;tY7%6wCF|M9Vna!g*0Zw{8oBkr
z{LWS{sYn!*NQ#28Jl2e;a$`luKlTZ3Id+D+_d(uF+qwrSb&5V~Z(%ri;hUmX#LA1#
zowQMCCu@Z>(-jPtEC&VcMb#8sypm%@Z8{{=LJ2rZ4Q36+t@s)SB?k@ODw>PDA1_cb
zsL0ifn`kF?$hDNETd#7p;^Ey^kY{UmKlnEd*tXUDTX{9r#D_>U(Xh!kS1mRDF+hL-
ziwJ!{N?Q;jB>HM;LcN|nU0+w5Yte74OtsX#V2~!23S^pWkkPZYMP>;pM+Kq5%(B-&
zQ_G#%yM<{<9fhc5Ss1Jb)sK-7nbpADDL~~#L`Eu@{^V7+W<N{#^VBT-@#;EPaOKui
z(`nk_^l<UkEdy5}HF3EzXb3qt!Qk3T6VO}mM$+Zp$%G>Gejsp?xq~kv){A;i#=8ol
z>5_T~VcF?E-whxaN@RhZbj2yai$BE)OwId>0Ro(e(Ek0AoxtUP$MK{U=-&)H^IzD*
z#ykfLjBE+7d1Nm>_RKY&!Te(PND&+U;ciZOsCj0yrE;v$xryPuz||jM8kSegidrq=
zh!XZz9*za3+xSO>qU;fd+I;%m2=;|h5)3&rJBkq!KG-)<sBZm1<XCq4NL!eMDkclX
zLwEA)pdgQhocQ6wmDabdJ&~aXBe2}gB{@-eu3Q8wHzmXsUOi}3(>9vkUYaH$3b)Z{
z=HTLXWm-*({^&s>a!Ut#(<)p<UuO=dtmwsUyM{1YWc^rO(ur0gEfA((BdW`W7TlcG
zY+>P7ZVh&rS*sJWXqSOZ=MM^A`SG_^2ieIy%8V9^Se8xUVH?}9bz>L)=Zn8WD%Zzu
zK+k%WK6eC<+17_AUvwINdEX%Rj%QF#bR(OOF$e~t@A|km$MX8oK$S25v+V3ew`j>$
zQxfXaF3Vn;RK(N6a~vSR$qDru^(1L1$>Mg1w3NaEVJOY1j-7s6Oh}t)Q0G;9-_q*(
zgnU(-9V-~7eF~owFnzbg>R9#dhv&wG1BsTr6+a&<N?wDDZfaDjjO9jBwW2>IU1p9P
z9Lqpg3xz9a6~R^#oIwL9ElOvt$nR{5xOP;rf!CF(?rWf}105!wGM)6Vv?%O4K}>)@
z80WTnm8HZB&qhh!Gu%+5h=S@?qot)s^{IBoYi*oL$5hFk6&R=vQCqyTDfn4H`I0oM
z>mtj?`WzjVRX%d2U*4%08K@tk@hEFo>nL8q=w~+UgM@OxGAz+t?n!E7WOD#H(Uk<K
zTqwZ4IIDnNxP(Fr5Fo&mP_NMvzod5HI<c`pYH}J-i<L-Fw5_E9MnA&m|M8Dw26L%d
ztC0oeSmeVOzHVjg27D_Nzr75YCau8On=%z+gHyKpJrdh=m&(-u<Ux;fNlqLTmEu;?
z3N`uh!?|;L^NVkwXc`Jnesz_IeCX@7)^8-buYueYI56AFlpjifh>ZeL-=kkSX(nCr
z;?I}LL1KPo>4mHMDtYx0E+Vh<NLEiGC=z)hYU8xFQn@`Q_=`i)YD?8t*cJf(GOEp=
z?5xaGKHh_s53Q^%(@1_~Ma04}TTH1IjO<j7E*v8|x@TKtIMuq4laPL1FiK8SA&UO~
zFc(D}Aizlg^)x2|793J&Qe4wbv}XcSsQjaEzSx$L(~j=rY(Ds_U;b?BCvng{HLjGd
zh3kjY<j(y<sa-E2nwd`VDrYrmwIWQ)OA~N@9jawjYvDlyRxC+t{meownerz<<v0Vl
zC>6w{e0Xu_v;WSHMCoYEv&r}@ut3o?ge#+ZFmskUuN7yWL#26ARZNqSN&uc;*0HUs
z`B7#w@xu2ZASeL>1X$XT-V$G^)n79luO>i>QsJ2f)Qy(%-NDr<l&x9Oef2A`guUIs
zfi6@-0-Rf${rjecQ-wcQaIcj|$mlq`MMQa<A(V9g4F8y+0JU<V@^DZDeo~^cQQ69!
z#1H4D0pzt_n`q>%j(N3aritq00qY>5*NoXa+*@g?mYVWWbE~2BHBiZVrE3T9YYRAp
zVktanH#s0E0RjX#zMw%!N^-UYMM_ZmQExzL0I!}@l%Xs&U`qT0DIqKI3?2B>0YPm^
z$gGN5tt}C8p(oq=@f=U^GoN63jGQQc3l`~QOe!Nc!ik)yjCJosj{Vy~GHVj@I@4_0
zK$&B;hHQYXZmwu#oI%tlE?gmm`7dh4lJl2~%3FpkyeV6m4v*{Hm{u#JDrGMaug*fD
zFpBn-<B13eN`L?Xjt^*ASexK(R)4Gmi20XN)J>A2Ee5?tEapSed4$>(1d$AF2ico3
zgy~voS>K4J@mEGRzA_vegJnQywM8SLoa#E?n6#8W3n)J`ftOXgDxVX^9cL-Hw0Y%b
z(7hAE@7{l32daX}W84&Q;gzZ}1_NRv94(!qwW*rAptY+pvvUv5nTVjRoY;dI*~M`c
z&r7C|L6+hW)JK2-0hTzZy>x)CNX4aB7TrKJqrs>Sq-Pbb9pdx?lR|Z0$rP!m)y3vV
zH-1CGOO&U3E7qRpYC3rz;w(~j&fUC%5zPfb5o*h!5#&Zi;dkrG%sz;x!f<nK-Fu_c
zBsep<(Y@H5H(be!!mA~Z&0xZa=i6G+MI!sDimcgkm<g)oV^0eJ6`WY76R#kxFH~-;
z@bYU}_NppoZ>)KZ+AF?jD2iOU%qsTkO4hEdb(OeRjs5V|p)F>GqxSl;OGdczdlp_S
z0RjXFu+$)>r$e4L*tQ-W*JcY((Hara@8%dm(Ta%9p%B%u^=658E67|)aN4s9SvY0S
zdp+uRd_r0};Z@4n!clm<QFQ)r=M7AVwxW&&%8SzK8%U;wH+D_%E3tCZ9}yI1Sr0PT
z)LM1ojdK1sq-0bLZ-(%Kt3ZKOU@4KE3%eG|(@e`@I@B$ng@D?r+eVY{S?r)5L1Frg
zS9s;F+o=7X6YrckZ(?j`w)QA95fu9!D-XI=xIQC;o|SKB&hSH#3PJID4vmy3{WQ2b
zsX|wJ7p$NH1PBnI8E}9KbxJ#W&vOI?XF=)@NsunpPt@~S<GbBYg^DVzTs13~|1|af
z|8MV204&?8^8R(})?8gZ4{x4l-eV9D1w?`-Dk=dK6*Yf{n5YqrA!<}KQR9%o**GP^
z5imwUL^LXbOoE`y@Zi12o5$|gbJu+9-uwT4>+W@W-&6Ni-Kwtcu72-)-K)+%d#}Cr
z+QV6UoqhH>S4V6q`QtH=hdV4=0_YLc4{O%H1m=)H)EDr0i+535YMb_)NYfB)#Ovcd
zk>W$Qery{>R&QL>VuL1ql~0^tv&#-3_iV{t69X2!f~}=XBySuwmD()-v|LvzC*AC)
zk=H-*)FivDn-Lryt}3F`AsQ_HDw-UY;;y1Xg$fnUH)NmK_ra#t%>ZIBidaAHj0?GV
zBitP(itj!2L|D}Tcl!v#ZpyU!uOXv1X_DVp&e?>@ZOL0GO(q4(?a+s9U5I9hW1u)!
zfF{xu<K%BZ<v<B2F@;X(x9M#t;p}Omj9fpD$i1uz0lvL9-(EcZ>lgGN;o)H)X83lr
zAf80IXIEYLfSGifUVm!KDoB3FP-pW>5Yp)wkvl0cSEx{-!g&O?X;?E9Mr<>IW8%xz
zJWjwea%5t}@D<i_C9uRTU(oJMvW|3fhmyWr&e0PDoR>`i>g3c5MVbmnPi{QdLQMYQ
zr1X<L2*}&d*`Yn0^0tWrA=;d_g47p$%@w`y8#moKK>?LlQ-7mR8NK4pHlhi(GV-qT
zkj6a+T}P~Z@TJ+FRlu|9JpUO0boQ9lS~w_O@RB+~z;mR2-gkuxPdacdRM*230)?4l
zHsu6|V^-ZO^UCk;w{cXU5`5yqE;6wxh&ATDOY(6yi9dj^Qh@PthO;X+7~%#p7I+9p
zd`^CoDWY6{)fy$2`JI~_<?{sCX%2vhjbhE}N_cxhs`1(>G}$?C^V>=^s+6Go6!ha}
zU`3rW!L;4^M5wZ+8a=1~4WeAwIvX0t5vN1h__;t35`74wYEduv2GG55_z}RX&1HDJ
zqz*~g5Cb`itWe>}46XyNNT|ZO1#REMSttWGY+!8m>t(u#%O_&Dh{*O?zhh9t0a&fC
z`DQ~ro<LqKb?5NU<|Ct*A_;5RYz#Y_L;ZtmAxp$w9KLZ96dz>chxzK_gII|m5AnrJ
z5f#jkt4CdeH5IjPtW_s3KywRkWbwm~tkyT=)%nIs9K{U&yGQhAPT5$XEKZ@-%B9HQ
z$qA_3I==?qRap{MRzXUmZC1{hn*)kQ$3lK6OG0|8;d;bMU9RhTKq1sMCoTr$rIkJx
zt@8PeB01ia7DED+SPXGTeMyYVyp=X&V>(6KVs9)N+-c^7KV+2dI5hn90<yi1B}Dzb
ztw;MbH}bdu_`QpG<l`km6)HSgfnkUIsylD+8{>0?N&ofTt$;Q3pi9E$v6rrg?dw2{
zezzQbNG9wXh946fj~F0~cR!^37;3Ub*}0jdpZpP0AWsy?6KbpmU!9R0pR9F`2=a1A
zIxMOapN<IR8!h}^5l$9yzQ=}%pE`2nTtbjT5WSHXV7`J}e-S(pUJLL<+mo-0^d|_o
zy2{X6(q*Mg!%SS#Jth0Gsd(QXnGv5#ACkh+J(L-=8bY@q$|p|8k&&{~CWd;<eJT@W
zqFvT1rvQvJECme+SozUPCUKw0X#^Udg3*O@`Y{@5P@oHW=zl5?c%%uXh71;xms8z+
zC9&qYe27RtK1pBa3~z*Ad**j`bRet$Y!7In^RN#=&x@1HhYkIy3^G+m@9&O$&z!2s
zknnG|b;Ons1<)rAo%kjqDZ{R7|Bw-lQ=!6>5$iBCXA8Pw?>wT*Gi=OR#%up!Mn))%
z!ubN_uQXL%fQ31R<M33Ui9}Wqhr+)At0O<F4`WNzR308N_z%`W2<QWsAzA)GDcMAR
zL&o<qU}ek5AEyw;hN6cE88{a4>(ulqLo62)Wwn$KM}>{I{zyr2Ox_HHcqGNK!NkF%
zD)F;V2K(*t<V85dRD&MqEgobc+h-s_;=7uFb7(yvKmAdV%3vHZp{*blRHOZMH}0FE
z^ZfcVqJAk8D@37Z5a+6@&*MRPTY{)dP(qtF@IdF_iRj`?j1z@vIzG#>Ona-{*nsR|
zwPTa^gn=<Z!6?GV|CmSt^Ck@pPmeIpCS?=FE7d+0CzPae8)}dS<;P<%-j_i)fP7@d
zF=Pg!EObFP($S4L#v_#RQ(XX#KyknH;5vYX@h6O{eMVUQh^#P;NEVLbsLB>w(R2Wx
zM|l@?Z1F^<E_wbq58V?rRUg+I-8$p3t+uSS=Ou1I;d#{(eRGON3ZNhgIVp^SUW*D9
zo=jlObAkI+OT_s>y=L#dZ^3@-9mi6{*~4GoJ#YW@9goPU$RH#`we^6pVnRqpYFNao
zFOR5uflqD^F%gRD%!HZ@Y9e2H)~VaKGQuinGP~M?Forgt7(npo$gQPYaQ<M7b@b#k
zX;1~kQ&d?8%7Qm9)594R=K^wyx@0^B0rX%N!8uUjtlJY+s-}avkhpSuKTt%}CC}%#
z#*~?n_lI-{2O;L&kddMXMpQ2l<@c4<$uKGvMk$;6JJ3&K#EGy#eVA;y^T)yTRU9T~
z#rdym)BhAgXA%zYjI>yhqmVvf*vbSr!iwl<%L0sHBFi!Z5s#C_5ke=<aS*6q&M$bm
zildIMep@xFiG1CpqXxy+Rd-$$r(gAdK?$TmMBtcslBlWkwl^Sc!}TfhPX<u73Sp(O
zC0ZVluRmgSoG~41Hg!oyo&#wN78;8S4&^)1-VQ9U?Z3h7n_e%+>+BoI3Kh;fhIBz6
zx!3H?uhw;>yO%vzo4xGkbv2$$4CflUT)ED5NAmQG$86_>?lD#vtuq4#rO|BLhaX+A
zg?S0z>~D{(2TWck9yNQ{Z_1W&=aqwsGr?yj%qL~RCk*Tt20I`=ET%^(jY$zUvWE!l
zcUN^ep$r5Q#-Jvd<ROS{EKZWK=M-5uN^SI31lfu6L?(wQ94MRxJA7w|nDhg#D{%yv
zpi(_@M3$%*=P_v$CflIMi>FQ=ks>+wb`yNQNpnq}2fzoF;{k0{I23}<Q6hM~JR#4w
zqHlpREHBy9ZkV!5wh!BTZ$E5vLp#iW7lzl&qaXb1!dwgCg!BUO(YA!6f&-$bSe5Gz
z5#y>~xdR}wveM^`MnkO9neh9nAbvp2_B0mk1vgCF_UQ?G-Rs_K&9UtrCLHg@llC?L
z<QBW`s_pi-_s-hPV#^xsrY#STtE5r+H;aCyj_XDTpU!3bb+JvfvQCAnPE!Zkp1T+<
z>DUWA+r9L2DhH*)lLtIIJ^Wd-Kl(Sip5>tIz0T|vzot3sL}EA}z%b~*UH@v=>zRT{
zo;$|#2^^H;51YN?7d7|GparOROi+c2S!3XcFd4@j>`6?782XeUj3cKp5tZS$fbhk{
zBXEir=SLB?(?#+}Jn4?o<&UVmSlxi1J5mQ7$Z|bMX~-cOpiju>2nY`fcfO?au*xs$
zNgYC1KPVmj1JN$DGvW2<ki&IQ`9spjHxHLkv~dY*shhXYit&&TqM;S~FI#Q-gnjM}
z2W<EDrv2mXN9=fW${Hi|qlo@u-iz19y*+TIdKI!lxX>@Y1ZPv{y8|SC@4q5}Kp&tG
z1YaQdQ=E^-6t|YR9KNk%NcSf-+qHbkzDQ2o<it*U-5cIz&Cw~jcEeU{w5;AbX5aXt
zXV|q@PupMIHEX97w=4&5dAO~k3R9m9k4)GIkHr|^l+Rux?+_{EdtG&Oy*!bC4mEKg
zz>Scnb`E7Kpc6Lkbj4Mu@B{{99b*yC`gzg+ypMk=;7iTAz<WN^-y}NU&WXc2pksG@
z^J^kDN-n0O$I19D&xmFf=DE81iN0dr1;ic<KK|4`C2EM22OfVEBw`uLH=~xw-x`q)
z*i6bIpKsJun%|9z*b4$5Jf2RNbn@%m??MwldlqD|>u#Je*erP~jx>KeMR_4)pl`gn
z;@_o8<UH`wHf2ii2}ug+&e!+KxX$EH<pf1}g-q$=FGeWL?XJJF0d$P~xdXErROJHb
z<L#loK_Ayi#6B6HxFE`<yo@M6Ca)-#BhDO6=ng}IJ3*0`x`>ge$V+stlLH|mnn+U_
z8uJb6$BGG$?R;Di20FInoREf`LKcNkUP5t7fWGfhubw3S785s4C7uys9SO6_<j++A
zItR!{+cBPVqRePl=|Eo&Wjd|}>dd20R*=1}jN_VyBwu+QQuUP98uqPE{%bjimil}c
zc+s1zt#%wzmyi4B>zBpQkf3G7%O!N`R6~0Cz8>kxW@+CDox;mYVo8EKpd)&a53Vd+
zp~901Og0ToY)edl+*MT9z&Qnz;_PwJiEf%p#~F?%Wf?X3EvkPO<fP0W)$y3(6A_+Q
z{EYh0`9+Jw!6yp7f)qES<DBHpD$jywQTdVG;9TiTgq03?xx^DET^E&(!-P(AilZ#z
zm!#+XqP3UEr?e%;mC_1Qd|UBM<ZNKX+44`ri};=i<B#$<wk5xdB+DHS8T}wRV<YWl
z8*49Vx|`F;WfS6@&gX2jJu7P4s3zetR^wXIlL?K_OAJXqGm|?cF}V?jG@-CTlzjxg
zf29{ODKcMZ7IMnNC1UdBO%UX}Lz0nCw2~EsTzB}=kqIs0nA9lS^FU0hiu1gLsiXA3
z!EjQvJe`_aW{FiDRN$aFdC2eTMec;8Fkmu84o-1Ha(O-4zj`VsA~lf{`TU(*PD*v?
zMXsl0k%zsW?9Jg#7?($RatNShIW5cS=<<7kc-jt~(Op7(;+K4nFTw4b`klJCbAvuO
zHY!J=+LF;u^FKbOza++o6Iq>uMQutvTU#66W;!1ov!Nli?U=&#5p}a%joP?cVnW1m
z$d-qd#^Yo9nVYR}h*)J~Ps;GHB#vFwsU@A0>eCmz{&dkTX8-b!bkXTzs!-vH4!$q(
z*d1oC{f5pXh66X6ecS7+@qezsBeussYxaM>(`;f#iUcxd+=6ij-P2B&44I!|ZD9^W
zr*Qnbu-|DWc#@1Ht4N;ae@=rk3&1Sif`>fFRnYmc;EE$XY^(zw^iO+X27&Xdtb#q&
z!J)8!88@9eD3^9h2zHL%Zk)iAK>Uaj{2k8>lnWb^Wt2B8xy0uMa+--d4f3d-OkTb>
zNXW7kIwjEs;HP~Y<-`FH`jFLEL<A0y>#0BNGg&%r&wcupwrBgIz3qbsHRQJ2yzb(e
zm{03~5RsqL-vX<89#$L<fMY^p#TQMuZnaSkkdZKD>QHn^r0a-RFsOX;Q)e7BoY5S)
ze8vRz3i)y%Cgiy6)y>&+uis(YM)uij-~2A|PfMP7aBfZ<vv2vzXV_(zPT3!S_OP9t
zm%}kKZ3`-gEv@)x@=ttNO{x7l8*V%5@copcs>D#fy2SUYpn{FdL4lLO2a{h^eNZ_l
z6`pLsK{+S~<+r|3SJPC-LHX9oK{;oj{oO(NH>VwxFlZ$^+X0anw2~nsiiyL&?;x2S
z>(_}R3x*qboQS(qj4S7|!G81!8A^G=sFUWCw*vk)LW+YmluX$?fxATR!U_9ZEs19>
zATyj0f9$~I7=p3r$Ra*Rl1((MUao+SppFBjBk3NefIC!z*H4MO{>w4nJHp-|W*t5Z
zx0Zv2Y<PIpG&aNL)uuSgPQ{*v7?|OFb_?bnb>uV%8L&p*cs|PIwOxfhd&nY#7?+RR
z3!nE?+rP`~Q+FS+Me*aCE^18p+uN<W%`de~|E-}r{RWSHe7<a1(;t&jC}T<pJqr~{
z3#9@iMm~<w7{Q0~tYRqMS5^`{Nj&sDedM!v-jEp(mBaIfQpikU+JZ6bB9_&~ZCwgV
z^ZG5>sOq?FscF~m8nLHeK50u!llHrB{2Tf2JFU&DPyEpEi5dHruXwIqdgZkJ{ryMn
z<l?;4+vW~Ri*j_$!AcQrHE6RvBK6v~q<YkJEi8+#?e${Cq@$UC*+9+QaZqRv6yiui
zKU5A%g(n+g1?6|-pp42vxmXTLwMqQkf%ZQn2j%rRC_6j$DYsWWQ8L(ZN?xDXOX;g2
z*fHe(HWQR4*%e|^M7fCaoLa0<5Q&rFp26CHJ#4h=L_p->)F3N#5`v#}COr^*K3S&|
z4>GfnAqNS{$JbVa-`{dkFj$EuYdCzUQ-&|&Cuawq05WI-=J>p5m%|^Ce-58;u3r)o
zr>Sa=T#kc$;-`K%WjK2J&z#+C&D)iiPTTdD?6>Lt`^2K_ys@n0rp+xa*rMt(yV$l9
zn*L5TTXw3kXl<SI5xkc4Ta=$LCV5F4mrL<HVQYA$pbRAP0X-j!E%i#>Ri_Eqrvby5
zj-AIUh13pG9Z6aA{GECcVy&#htur2%fV@pWe9SMP^dXhcE7q;yrcIBG+vIrLeZq;c
zA)6j*`TJ(K9jMuUF@5T;1$*6F-lhugRv8QOb!Ke5K5k$0WnXB|c*=G=#n)x!a4gE1
zZ>Ybx9ccS^dgP4gUu$_;j*GI1ZE2|{R|!`|@bMz2g};ixF(je;5f61;4V8mZ;mL+r
zLHXU}ps<2cIVk52`3lO2929`j<>nC#V**z(URXD*_j=(g6<BQ@SzTeWU}DRG?9ioL
zMqX~$Btb$B&T&%8Gf4^MY*g7Tc?z>{fs@i)=!hF_6bd;k-vd4d7K)}N{fsFc6DV&)
z{3PS3(DZ>q{ZgL%)WyOma)*y|!R3k3(+362I6J8T+JLZcfL6ajg-#{-#13@S<mz9H
zJ^qNU?`0bv*>B4Wu~$R$9jvSp*)|O^9o?f*8pU(YO44S5veqpwYX|bKHHVi$TZ~Eu
zVv@tufx_(>bxYgEhR5y7i?6ipBQ1OQ(Zlx0<8vxU1+gcJ@v_*kF*!98W8!Vkd&{+I
zlNyq>&bI+Iu4+q*?&z_i;@gXqjSaKIy3Q!I!B`?tLT3d9<pBK<`cY9=I)y>ypj3FW
zAsm$7&K#8L5zo0pI4FPcU1pQ{9+UwQ_N#~S>xsg^E2F<XA%j><LOo^=<cI8XILeK9
ze?&rnnUgTUoWqz_WmZFE>4zvU>Ht6F<;Lt4O!<sJJ#}D%ssE0G-_8o;i8`mk)1ebk
zzF08{Q9Qn)45~#i;+;o-5KkDyx&K+K{*kE!mz!u!z)V@Z-pxd(Fe?o;HV!YzA6>Q<
z9|+?^er&jHvuPL|sfe6NoEhFQDJDte<(2G(K6>{;-ZnIQQqkiG_ZWViNgEv!Jb%A3
zrDvfkeXJA4H*$IX#vK&aFm&`Wqqbq}FS*O1VidQav~jfqD|T!Wmrbm<TJqV*H>YgP
zw8aJ4=%y3YLv{=+K)p!w&D^AE>_uH6MFD3kltvGPK!oEw!d`HN3QsaH?iv4pYo)pl
z&M|0kCWd&+AgIr6R}PXf?qS!~q5@=;eBWb$@nrz?C@Z2+(G9Vmod)Sx*&-_eR!o?X
zQH%_n_mEu%EI~Oqr|hnB5{h%miaNkZnXCxqt3nF<tE>^9&xqs`aqH_uoMia-EJVE8
z!G=**ok;6BZ$~}>M+irt&|@u-u|!OItZ1-V6IFAfiV*N>WF5mQ3lp&C)w!IJw$5Ah
ziSO!^KKz!EPyQmYd7a}GcYkw8M;t6qOzF`sT}0df1T#lgBp|}*$I<JT!d*mLtD*Ba
zcv;=(Md%y)J2AdRJc2<E&WNuXN=A#L_~p2as9*iJibm8v!*byG<O1~{RU1i86DNa<
zXJ}Gws5pNcNBlG)dLxVa`CDCye1k3V=&y1(r!z>S9OvuxYsNWJ|M+0*Ip8W(coKkd
z&&8ImvkK=LOa#3M=YiK@!+Y!l`fN4IfzJaW5{jaHf~Tx-lzJf4aDE|t0`5-POW|Q6
zxie39=dJ)Uk)2-cEd#bPfzX{tFO*S~lZXi>CQ*MJ1gR`Oz|}?b;z>uEG}<7DI0v$V
zxENH2kiqZ&EU8_h-9k<PU0qKFm;l*?;J*{3Ns-@~DVLd3$m=RU5p|@_{=0F=;V4>`
zTwcdzMZ|x{W}9eAS#XM!=C2u(SAy9<%f?q$O<X3gY^z|&9+%_7(>@2U{njO~&VCqV
zF&QhK$+T!+@!&YEmk>m|&_2BgeOJU&FCBBBYoSYtD8nCV$tk1`9_ENcp}q@8XjBxx
zzs06t<!#{5@U0S_&rB&_66gKr?;Wch>qGiKVPk5e5gj|f8zdb8{D3?V!`vS;G9Kvz
zMHXo|fSqv4ouIOO>4uLNb*EIQP@%$k0>(%N&sQCCB91$7pS=bER<cAGZoh-eh^1_P
zf5^Yd5O-$~Wnp-A%nd(;tg;*@$>A{-8%&+J<HK-AeK5MIF2#=(D&K1QLCl)y$<gnc
zB^xTr5%EC}pD@LP!AG=H#$S;1;^+<y{K!q@Gc=P4x{8OR|FEBqUHM58pSPcg9|+9r
zf)4KK=XEdf^didl&7BmWvUu~!-+qc?v|(yTC;EzbfsMI7rzwBlKK|&AGL~#u^WMnl
zkWEZTNt_c_7uqdbSX}BnzToXI|1L|);zWfY)x8K)zx5D$LJG5Lvo50U8vFk3n?#(`
zcl3>~umr_9>4`50wc`uF{zi|8-^D==Z|N)@Roc7_*X6+S9Us2UL;YK0@+(@(mfGv&
zBT71Iiwh^LvB<Z8j)_N(55L!g)8XwXa_0|9?HOatDV=+BvOk4AD1g7x$)8E#%{WI1
z)gF`zPd3CJl;8P!*%94^?Z46No8M4vl08?T{dtRL#dlBwVW&D~Y<0jZ!`_S6ZC@vN
z8fk(n5DYq^7atcZv#c<i<k3XZC7Tndq`T&iP7;BnCvy<!VUD{*cxEAqD&P}yitLin
zt8S9v`))ch9sXP(Wh5a!i6|U87vKaQ^bh0$BZI;?dZ>{^u0+aLq@$lsqD>qm_UY3c
zu<<Hu7iv}?9n~Cq#Gd)gn{D5LNgI<&i<&zZms>uM&o3|AoTj~ng}N;?*z`H1xwd9=
zjRk8YhoIeR*-~SvGw(<B0lE@b0<Kn?n#IcmP9vaOS-%ay%ccacFee#MPH7y9HiU1%
zM(g7mb}bu|GdCn>u+FMTea?neuj#3AyZVxCHrj65?VotW?mr|a#eZ2*j^EsZL@wG@
zmru*TSduSX_tF<sL4KsWsr>v>G%r0d6c;I6d<-8Jx}4cpf#meCDilCR;q+TP0Hw)L
zu2*mu4$2=_4oZb52i!rq%k1~RRo5dQYP;U-8(ypHNp}bp&OW$HJbaJYAHQ1d-@`%4
zY+7&R3<~>)*-o20ha2lP1$E{R^7=%_U2g(eOCr0#YQhR|w=a9@$5k>To8rPQ`%#fy
zSztn+9&(Cmx$>uNJ2PaFCJ>*W17;E5CsIzxu}YfDB)yMrD^QZ<dna;7C!z31l1wjS
z4f&odJy=DczYBKdT|8|6?2DdZlRIj5>{!#^Jeg_MoNYnQ%KY+>%`Pt4?2^BO(s5i`
zy1QpThpSB6=6WhqQ@Q!s1IqC|C7qNmJtc?Xw506J_r7@5!=WLXkwOVxRnV)yKp~z0
z?M@pijEcY?<D_r~M6p$5LTx@gHfmGKIwHQEqb=L6syt<H-42Y^?L8klYJdHnk0?=*
zY143BmH4)=d6r$jf65LmH8n)}9Db)Na@$<z_|=IyjXR#~@Hu=IrIw@*3sdvr_XR2x
zDeA!KMCPFQQeF>uG<OVY@QZGigYt)!gHqwi0UVUa?>74bUUQX$a*-UAulZ$Jt`mu&
z!dV3l%F+AH-uh#j%coOh0(J?*n;Ysd#6U*SjkK>I$lAi^;Sw}y4a;%y8`+T6i%o<L
z?Ic1n&`fxl4oqsG!w2BgWH&sl8|n~BL1~siAJ=mwygbQ9rswn}ee&g%420|wQZe2R
zJPwKaM?INE6h<{}VDSf5s?$R@a;SUHr6&n0zV!m&)q$C+PJxs_L{YN@WJ#twknqAM
zD!<B`XF-fNM??~lGvrWt{wM~(!!PYN<Y*kX=RE5wo1Z^qpZ@G&O`3eBJsP5IO@D+n
zA<@!<M_J@8JcWdMNk@lxn3dU|5l)mpl1h0)L@p{1mx0RVCR-If81W8#?*|1zob#i6
z3ORdc&kbErQ($zFpGR1>o3_>LMc41QJ0DoEx4iGu>MFGlds!A|ZD@YR{_WR(j!kYG
zw|C$1xV4(gHZRdb8dMEkR}FbSeE1GfqK^OuTvP2Y`^pAoSBdhYevnYJZ8#{M|DEi3
zT`4tC?8KGJv*$*$Z+l(kpj3Er0ONE-ckpl09sH<_)She1Uj7SmP);U>3TG8ePW+nj
z+tucL$#*Sa!Z3c!7Z^Q2od03(M{e7a-P7%By)6eN^5I=zC`&*B#<c@7vbw;8sssBi
z#1PZeX}%8Xn#^VH6%rGsl(G;AksrznkRZ3=O7H~}=R-P-*k~evj(jkSyIG&uR{{Cc
zL{T7RsVTrdOkU>bFNGB999X41CT!{w4HD{lr$oL;45WB(pHA>}zCe#M;VD*HbQ9fF
z`_O1BP|Az5(Bwnv$Lw>Sez`3+j@ccbeN5wFuVy;-KhP@bH=Gg|hm*ou26{6{P&B7r
zpv*K7UC(lz6MCt8HsE6feN-T;DV(!$+QX!0if90GRv%ij%NAzr#ZNt8cOPuqU%l@$
z;@8a@D?`nO9F(K>9WQ^XO-)VM+wOea<|VVCu~r|htCdFF@j2Zc6cQL#OSWB1Ct81M
zqv{q#_?tw0#?4c7Lga`pVE-jkHDXS_xhM%>xzdGIsPH5KcZ#FBHikqzBB(Baa}U1*
zWfI7Ue(}wJ8S(gq-wE*#YbB~dI5(0Ja&SCZ5gQ?X!kQyBYYk7xE>2oYcF>O{YKr`g
z56F}cTgloy{(`^8IV_&35}!!pra3$=`IIrFdp(hK<r|_c8FD|yxh8fe>F9D)k7j$D
zwOS(S*^)d@M~;(Z)`?FtyNI|%lsU?)v?ARZ`w`NuD|fR^_8hQ^<PJzbV)H5O7o<A-
zewjo*Pb9*-Vy<vUjO!&R<#W=xPmm&C*$EPGZeaBZH9(lgMvp{%Xs#w=KalF|ZH{x~
zW1~#L6NEfDA!*aIf0o^ySf<S>olh!S_2%sz>d)Bm*Q%KeX%Czt!ld^A;+gm*uj5=&
zrVhR6Tp;w}hyED5cn$Ow^FD7UdAyi{blx78gE2I2OXEt@wbiB_SxurkY%*D1^k(rE
zpdPHM3{R`c>edin+x-WPMJJ72U5}?}R6N5rul}1C@4V9IXixfv>saG)sI#M)!AZwZ
zg9;TYbb-qPgUJzlRN>qL!-oZ2LFy1DMgJNq23FM1j`<`=Kpn^%3;r84#OZDlXQh~Y
z*FcE&2^A~Nghf7%OjwD51LQ_KBBGp_>^YK;aGVF}oV!`_=4v6LOU)>RgpAniijEQG
zItYYUu&ZH)HNb;sy&xZQynQzS^l@iFLRhV6Qg=~9ZNowZ*B&?hPGU|A5)Sglwb>An
z#(6)$2ZcPqkK--ZI*%EY*z^kVC`bL^Hzev;%8h)3BG-*Dc?q8{gbuVR#}%aZ<~uko
z^@AUEE`3|A<&IyY{vD%P*ev23Th(sDm=Y$%z~$s$wO63#ZP>P<<sqAs<G$qMn>DG9
z8bLm2Xp=<vKWwmN@6UqHb;?D>$bw@NfR_G#c_Plw1)|(?dBk-duB{FD;IB|22Uil8
zNavdCk6z=a-?;3D_44N+Ur;ZEer3wbf@jd{<y--Eda1+&?yo8?bg0GmJg~H@fJvKv
zbSUhvS2DY<v(9d)^E@p5cTBE}BIuJp5rJGcn4qM)8~c<$$C_%92f37=Q%N3jVzP$_
zyKH!f=u>_#gz6C2#hHL2Ll*6cDg~&AK=lfpiNh1=19*|O7U1*lKyc?#2I#Z~PGel`
zB6h{{nk=u<t``W*o0a0a>UfS3`h*@`MElDhXyPQ|lqr(yYpBs#)KLGl{H8zxun{zm
zg7rEpPMu2P=hkFT+OaoD&I#L%`DG*6yHOXf(k0tTF$@77GkREm&UAQng9@rXH(xYn
z*X<v*Yxm*&sFaNu+w}nXs?DXlMs!1!mDgz5-tEJ-eL}Tg%jhb7=j5<myI+HodQ_;8
z!>^c5uqQNrrpD`bV27?Q{}`8$#^EJ9N4v*mKPY{;UbE{p21mGES&Ki1%G|$w#BMw=
z=EoIdSo&SOW5lmZu9ItYZC<^1RQh5_1j-W6_~?*bME<p|mvfDnP|Adp!UV#{p4gDs
zz)68hz}itKKFq}jr+6dLJG65b*o}xsPMRch&@}$@{U`tr5rlCx2#X@BK$#!Ri3m$4
zpMCl88FfkN+|u&_F;2<e<?Q4ju?JBc#Jm~~NyHH*jx?u9#Sszh*N51zz})S7ZbXDB
z?o2^@Quh%lGop5Z_!bSq<C`jcK#U!nta?Qoa-jTh1_`Gj-4mqe{K(QYHK)GoG!cmi
zP4d05NJ+;!;nhH&(pHRxXtylP#$Vd3FBoqjqZjoWuj@p#SrF~ji?BiLnW>N4cx_V6
zKWvl!{TszQ4=XG+TN)bi%L{O<DV=pE3SuaC)=tWx9@JA~p6iz8WgzmI6UL*rLvs@y
z6dA-_+lK8IUVgd#?2Gr?fBBOA_Sx^d)}D9GZuM()_F00;zHIk4d*}zRx37EZ4%J<i
zRNS~6lgD3kgZ<){U#d8az$y^`7hbi^e*BB~tAV_=DpVL8OD%iN3-{S$KYWA6k}fMI
z!$#X)blnbn_=m2u+YacGEjtZmDEWY{p`ZMx2kg>mS<gX-A!Q8@+nukz-u}}U?X?H~
z!}Vq}GNg?8C{ttlo1VVge(S3)_Uq*LUU7;2zzg=+o4@gL`_^agb^UF=X}|u@FSTF!
z$}85sUd}cA)(RqAq6l!{IeNdDJgg|sw|T5xJf_LP1O$<m_{$wZv|G+dk0W_xUC|Se
zjb`NN1Rnt=8jLgNK?2$M34PtM`YWm!>G(Jp<&iasUK5CfH}A$Mo+I+QNQ`_`%QHor
zkPz)z%;;hf?{aFVqHdy%B2~Y0XRc!q&Zj#<p#wL(Om`f!ijg0+bJYih@{)~58q2y?
zmf4HbiOCRxH7oP@qnz9YW^VLDP8Q~oTl~UsUqmC4FK_dl)?2|<K=&fD7pNocsvD-7
zocal=gn#H;X?%P`$}9(_UK>fSgyM#4x&()PQBt>A;;s2*#)DTlI&i@vF|l02xhKL;
zK<(h;elr~uIR&r!yj|96F4>p=!aerYzkZ+X|Eas|p2IU5$0~3}7ac~E$)DpXNO7Fw
zX304EIkccKPR6Ww(w&{>!P6p+yd1N;yhbv_|LnS5HZ-nE%fNp9Q+L_%g_fN_9tN0~
zumQ3OlP7eM6ZNMbI%41W>-VT-)hy&em(aOFg*7n47!$tp3+3bzUTWI+Ja>=ZwEOtP
zQTK5#@^PgEj*R1U4Ltnlf_?3;e%9`LT$2UyeocsHKJmqPWqih+w&HI%u+8pxykTGe
zL$@o7${w%VkI6B=a<49W${wrRfBEZ2?VtVjgZB3iE!fxm!9(_)zx9Cq&WBFecRYJf
zN8iaYd&O<j_KH8a*ZH>&u#9r>n6UEMfnav(*32gX415pJUfdD-<e{(|+ng8q+_^yr
z<{aMD%p^R4j6b3o66&ggJRzq*3RA5AYO?y>WhqQj<nIiz!H^e|#251$$AXl|FZ!~%
zG|DWFv`<E~FZ&bxgKnaY=+z78=du*=eh!5JlNjaG5795grC_x2dUYUg>e}}5h%KoJ
zhTUn+K|hF*iPYcv>BRO2deV-eV>!IqSR$=Qn|D#F_eMa~qIw*uOS!t<h_Wvk>YCGc
zp}L6ApRg~y(@fH*IqZ*qc%|57$$?w)Uwf|UK48>pa!^heL0jSkv!aAR>cjX}`=ATW
z<ZaFM2ju9aPzPMVEU~Ph(?#@z4B*8FM(t&{Znt0g`(tK1N9^jWCT&C>@uSBU?A2d%
zvEBZ|x7vL_aie|i)!Xd--+!Z>_}N=*`4^sQUwFedH_ZS2WtUmwmu|E9pTEt%|BElS
zZ+`A>`@p}yS&oD>m%*J=e0_Ax{`PyXwL?F1v;F0(ZtzDk;iRw{b!@(E`=(oV^`2oH
zn;x~Vx^=gG`mv@hXkz%f7wofle9yIJ$CosL?6tpo)wMP`F=QXp9q-)FKgE9IYp=4e
zf8HK@`}gbaQxm|CzxXm+lzxYP`WAbs9G%KZsh|r%)LFdjg~^ec{pY_uW#9ez+x?p0
zPW{C<jN6-UUsBGt-F(HQJ^Is6@v(pJkKbZfU$WCq{p_usv88eTcmM7t``K4qW*`2K
zx7sCpMs=-B+2NnL%?|#|P4+9VxXO7x^n=&y8o9-O?Uh&RW<!JCC*7LedG|59^^#$0
z|HbFq*S+CEUH5hS!fUqKcAV|Fd}Ud7jt?oRX4~17zpZX>yL;ZAajC+Mw!QeKNjr$+
zeo_X4yV<P*44A(Sz~)KXUlpQGs0c;<99<`;5jKoFv{kDXLIZu|^+n?65TXX1Q>Z7a
z6Ae~ZFwG@dXD~MvShG4&2<1lwN{Hw_$s0y4D~cZko1sI`wncE}k(^06<XyAv*9+#P
zc=QvKdIrkN382Sn^}spwWfH>4jo_Nme>XKc_kGIvQ9wQh?C^DpIK7`|<*pO-h2SnJ
zQJl(wAzS*{2g=K!l=y|iE>h)vgHXA^)8HAq|0=Usa2#0fe)xy3x9@quUca-Pl5xE1
zyFP9&y?MKR_VFd#@vlE-&-tJC+h2U^m3H-|6ZYjdOxws0+-{RU_8I%m=k1hHKVetx
z9=3}wp0fY>wU^s}d(UzEZ(q7cH;#4tjz4|WE}b^}vYRv!q{m0Y80jNR_SV}^*~?VM
zQ!kmYdr!>S#}6*}if++ZY9B&PIW||xk*cc+CcpQS_8tH8PB+?1npkeQX3D-scameT
zx!v~v;HT`(AD7b=Uz(}#Bn6`;jiElkA;10cMLRxQx6iw2m%a8IFSFOY?S#gD%}y?~
z>`mWrx&6>z9rCgN%kMj3Kl%kY^e62%zUFct=Qkf1vG4nfN9E`Y*%3J-fB$c;vOoC5
zG5d};KW5+Z%xU}OZ@AJfnI5)@@4v(T&1>)0T&BUyq&B~7|3hj2^_@rTOMdrZ`@^rj
zQqIPd9XYjRcOBMs+i&RV!no(YllH*}7wm<fyWeixKW@MBcc*moyhX=4b`8~{8!&3?
zQPmAC7B!upZJ=L1-w&cI{prWfp#XJ1CpcG)(+AX>IgIHh^9{}kdRD#M5nBx?&A?*C
zD?>!*#28}Hq8~hu>KkKF=j@Z6s*iP6NjkCVX{-LkY7+^bhmKoTF|3-%QSrqM7y{_X
zBf3>QZC0rem3){evjZ+*p3VBN9p;plVfsNyhi9dX?&!GDIeu)(zU?>fwcr2PNnhX?
z(H+}c@06D(<9cAaW<T}r$INz(*oPiovd50=&Qs$5{4ND%m#w|nw)fn-Y!^+9*zbLG
z#=iMkJMGz*OxsVs<8ixs&!oNmE<O-fv!BrU`|j7B2FsHP+cXip{^PUu-Ot-+|Mv6t
z**`uoZzmU<YV(?tFSCo5<kZx4e!J5D``?|g_y6Dx_PsB=!XE{}GOkX1>z&evrSvH^
z7~hDg@FWIT8COiYdtU`R<mCRxcRXyb`6s*VE3V&Z|NY$u-8m=MsK(WuhjoXrW5oXS
z_M^6M+ob*Hw?A$#yk?ty+p~Au_y5IXwol_NZua?A^Y`4p<k!zjUw6O#(t8fs%U<`O
zJ^JIf*!RBVvd%TR+_KB%t$*t?rtK$w?|%F1e>`H>{oI}Q=ihX>z422gZQ%qC$|~b`
zd`S8px1asuz4naDM(uCzKH7CnZ8_u?i*~{$t_!R8-=>11Aexim1Lf#90r#@CXF6Gj
zE?XVwNFOtYmD}qqflsx2(_AQRRDf}!`PnH`Jc6`ij5~;P(&D@qa(=!fTU)ka9jD|2
z@EFH!ljoH&ODnjXdXfCm_2@p3c$ekfIR8NAgbSHfARYlJgFoi$zTEo*W`0|sUrCBy
zlymWOGN5<9`Z}B5Ic&SHoUki*j@Z%prj2WY-_A2_8NLrZuw-xlmg{Ux&dQIzXqP=Y
zvt$QPwe0_U+8+CYXY8~ux@F3qb7|f4{l?!Pw4eUs-FDCMIa@w7Yah7pl)d7%UH0d9
z%-DPGo45OqEfh7t0bz1DsXM}t%kg>s)ph%wzk1XSK1=Tp9c$XNE}O8S{bTmLE5;Qs
zedIm;jU1kr{{92@-Ou0QTU@5Z`^br=>+_;#?zGEykH~=%Z_FAMo`hhKVFdij?2A#2
zbDWXCyMNaH>9te#e?B>*>t@+kM8=f%$wwFM>z}^UCU*_ne|z!e_O5%6+597?<S^Il
z`=7tl{^G8aHX+^#jlnTpD|a1T(lu1Kzr1tS{_)`jyZ2Z_4$hK&=bt@j|KjP>wtrgs
zXxu;e@Qgiha>>5y6<6E#y`%OsUwV=2^OXJLwtKJi#_LYtI+>6zg%6_g-u}UZ_RK3r
zZ1?22-F;Y2`DzZ$`2gyKadi+7r9;Oo6^Y#lo`JD0=H3XMRxz2yKHNco40y@29*`#p
zFnpOk&}*xs=+jXCECKPuYu|WmP0&asn?yB;rl0$bJ>ns*so=@0&k~8xt1TN>cuL`#
ze>g3%OLiOQB*}5sgwxYxt@G)a$TJY+g~QCs3r}s_`5E8!W1YlRKqlIO^`32e&7S^M
zx>(rgl7Ppr^xN;5vkx6wwqO3r1NM@er|r~2+kWH^9<-giNA0nhW&7AcrQdbRh9-yX
z$G&K<KMVirH#}gcWO)Da(4y`-_uA)NGH$PW>tlBJBMY`Du~RajKls-Nc^S$6?tw+S
zao>pjyXWt+ue@=GoRm2`!5$SE)Vhehv44B-tbOFjvJCd3edwVDo1PxA2Xz<u*7qOo
zI7KSsapigQ?WgR~g{J-AS6*f>yJgzG?M;u`sl}G>S9$wKj@v)#PWK1DaF2b-_1o;8
zqmp+-p50b6+!f9~SXG=qVRq*`HO4i-CU%<L_(F~U(lcLOnA_waKcKO8=e?)wqemO|
zN1r(Ads}gwKk~?&{jYyGZvR}@#j8Glm(FMGr{4Uina1bG4ma$PQw{rnpPBW?krTs1
z_V*9Y*>8N{n0?<D?6Gfn`gXfsj>fV1maeUf>=_qN*lYg!h<)avId?Fy5O29-$^OF&
zrtPb5+ir*FmhCw|f4BY1&);b;ylUG1?BmB}gga)0N3oM~qF8<OO}&h1{U0A2u{V6|
znBDPklDSnt`!CATd*C0{{_)^jz=&cE^VJ6bfPxHB#9=H6vJ_1`8)T6Oh<7S`5!}g<
z5fI;FHYZx5RwD6pKm?)!c@dz{&CmKE(=GDDUzXJiAwTpa3=tn`D?ntA`VNAS-&5{7
zKz?sK{b6?VZ`4qU@aSk%s7J$*ch&ang}R2(qV3<a&6XMqHgjs(n*3~lmx(~0H38`n
zv+baL&<kghcP-F7x%@uO)P-CZni?5=YevVB=8{dyAn{{?7f;mu@$#|eklk_r;}Sh$
zZNA>yT(pU?QG3?4JH5F3k2h?YFCFW;>hu;5d<KOVE}fLaiEsPvyqeg-fKfhhquDpT
zUPimmZ}DLC;yVz4jjU_}#F(%W0pj&Xl;C+cMiL(1h^jE}Ght8}q{zcya?2Oz96?%@
zaS%s-;wT?cGQ`dg2=nFxe3VO>Ji3Y3DJcU{oT5`NeJVWpfPv)4>i+D<HAW`Pc3)}s
zlK-T!bSg1q@bMxrmI$ZG-@}X_!n{GowLqF27YFHF4~)?`M+U<@#%GMzB_c(nLjlHo
zjP<y#D2p<q91zzDd6605+TdEsWo`xFRGgF}_jkXc@KmQws2>{x`9_HUfDDXE;LdA!
zQs=1-&Z|HEYr;%AS>1@jals?(dUQt{vdj!fW92LZY?SBg*g42oDgy*R#(!NPV-KB?
zMR$6gR{^|ag&0Dd2YTug8A|mX6p=j}YG(v@J|(bN-M~S~D_trGmJPMDGBu9cEjL|m
zGn&&LJG@{^L;Pws&M*Smung2LeAb_0spm$3j_8+HW3zy45cS8eLf1k1qsS}8eBnW3
zS#_Myb+%9PcIi5~ZTFDfvVY9(n;W*@f5+`IOOw`W=ptyGuw7H*_MQLqa>cdm-S^Mh
zjNeGK)ng-4gAcV00<Is*hMNZN^!rAex<4?oI3+;<qZiHzz=<G@52%HagvawJE}Vfd
z;^BnEdB~1<Kw7*SN&YbQ93vcgDHj7y{*Xoa<Rc#R(x*a&)xem6BFy-TaT#I89^)!^
z8sO!e^x)^1k5AGWhm6M<uQ@y|@y2z<F)s(?@^ipfmbsM>#@&%-qoN8rXY%mh-O1|!
zALrd)VK@y0<c4vhpqw7gNg1#OZ3L*ep1f2o79PlZCRH2+XGMNA7~`1s4cbJw!<(?t
zzB!*jXB_7Iu@22uy7X5dnwIADydCF+%WO>cVN%Zhn9?yrY{kUwfUP4|2{3wjX>Up=
zxK5BEC?7zbxJ~Zq3Kc3;*koX<xFcl3Er3ISsZ?Uvw%oq01$dE1UjM^PUcO6T1)gsm
zfS;9&C?+k8ty|8Z$g8oQcG)sW9n|I(S|-kTofe7}t_nRt(+%RBz=sFmyy;@l`AA)k
z$<UanZX<G1Cd7vihZDjp#k^?aH$>!Tg+y_=kJmwVZT1C;T-Xp7MUKw0U*(`ws8C_+
z0|SW7DhwgUE%u}k7H!0u@rcMb5woW#jO8kzeAuz490x@_W+6Wms~cTT*Cr#%x?qu4
zfX>A!<q=f27wK$)z6#2*o<85Ih;fJy;m!%@3{VzVN9x1==HO_3#Gm@GusS?6;@L+1
zv8eiiN3Z@EZq&xagSgX8qflFY)ct{!KET_7mq%zEM<rHeDKGBH`uCt*bhFvF{ju3x
zpFJq&9HD*;<iOz7x}cC(YfDu53EIv9_MjZO&+N@VqAPX6Y|m9@FZ;>fdr&rvGibvn
zMDtULd@yH~qWzCQZ1%VRLvzzqicDb7$ufHcCOcNN3=F8pud=TqipEYlB7);8c}Xso
z)Hw-0?)FQMdq@Vou2&3r57j$~Jsukojjm-`gMhp%>Y8JXwptCV)@1|e(v=gwpRo#Z
z{s_l$Rfu8vsNHg7+Jo|V+JnLubA3~+#uswDT~xV^*3o4M8|}L?LSBHexEAs})PcGb
zkYnCnw#nL%O%9KF(so^6JBJo+hlb%TdnfIxiMBn|s@reA^8uT03|Wh}SQZ<0>Gqa=
z^9!%A`DV-Bb02$9q)ctnmUaEHO{Ip<&t9;86^|sfjsF}Jr|2i2X?+d~zihbuVzcM|
zE7d1951mI~fM^WfF2Y#FIur4}`}+w9zc~1#x|Z+0Hge&t2aJ@iGKg5Eor4!PXf+h|
z67g|B>PL5`E?rZGe>7;FeIBw`19u8DN6bF<md;q4+GF<gmuURQz6CDj9*T9f(^^<X
z&RU?H4P<k0z4-5(3@89L2z3W(yR{H9e9btwOj+Y`zIfd1)9;iKE>E5)!^#JD)IAi!
z4sZ+TpTF<ZAyJ<d$x7f=%AON8nNoU@m$(4+Au^8(Fq5Qs4zNKh)F%;MC`07wsq-2j
zFWv3XN!QvuiG)k#4T@Z^0O9<6JqUHYjymx@Q_*&Wi;A2^=nyO%gN<+w(jopVpR`+V
zy2y^7I&O!KCI^M@e=$R9g7%^5ztJP%k<arEh|r5XUY|2W$ji~AIl2&S5_)&>Gm*%i
z$sxl*nHnCq30*teYc1PRTeLlLP;TBcX%|hl?Ez){{lC56jx3E>dr?9b=k1amE&G-)
zl!LO|vUfc&YjfDip)p%-4p~Di{FdkG&)0|ID3Fv1-IT;M?xSAkKBceAK>;`^OIyG>
z0ccKR0KRk^jgMg(;cjbvRon8QI-~qiPd0VI_>YgJIugV#p6x1!58!I>r$;+;8u|dv
z{UZ0Xl_1@Jr4%Ee$)v&RgqR~g*H5X40!3K_xXa=K=*OG^7UcKSDF;r<2zRpr&agWt
zfU<}$l~=C2U!Z>0xh_|zhn!v$;Q&A$+1Cw}P{x|{r|ky;Z1m%x?Y0*DcW|VGJ1BIr
z><VLm*ST|**yPR<aA2*n^Su5R5Au_p0FfSYa{d4|#5dRX=okOxWDKs-`LJckp$M1N
zOJINw1Mny>hraDen`{%6<Z%i=`PPd<lmf0hb=)MB)ZDO+fn1(HT1a6Z@I9_OP>zc7
zlmF|0hraSQ=X##8r`&pp9X)*9j+~T(Qcn&_+BE9?I4Eqy=H98uJ0Qrv;p?;qkk@z2
z^g)q_hCq>A84?>Z15LiAYTM+{kL#KoQ~mdiv~0KP`_z4twri|ykIE_kpYMFoj?GP4
zdr6gAIBr+$YTGxx@CrNCY}w!5KWmMlQ8^bi|KY`kM0b4P+=z3eL9z;@Bo53daFe_N
z2Spvaywx@-QPI2_3ge()WS(dUJIgrZf^h??deQ`EVhjcW%^77dg4|$)4ke&Z7!>lY
z=AeL_KgYm%VZ=dMjj@E%HPROt@nP=51%I_QzZ>XN_h_fkA4EKH1vo)YAA`FV^0L+q
zmFp9~%8hY#&OlvxyM_utY<`q&k#Y0S(dXcHs-?K7=W62tvC$^}GZ^$;)<=;J@^FAS
zfWzyPcaQ#c9{s`b^lx?O2m!`ac^t=ZK__?W0msZn^=yCA5S*Oj0MSv$je>GF+d(M<
zJvU=qb=8*>Km_6FqdY!=sC>+T744>k<r8+(jaS-<6UXexiR7U8nCao5Acy=}F>Au}
zi_WCKazwq>tAqCigR#dTZFgP@o*tRdsBGAz9F*bOlI<U<+odB*cK!Y-+o7A|LmDr?
z^X`Z2kp*45^HN~`gk8D2?T>g)$TspFGIvmPUATiH(fQ8>o<?uw;fx*y>wLtcD{?}e
zcijurQCoZ`HSc2Q4hq5bbm&$Eb%4Uf^ih}U$>~|NH;#~xarQA@(jiCaLz3&e3i|23
zuDs~M$$%K7tuWwAd?@Tg;+Itz(;e*<pQG`g9z*rAI{oU>7k%Um3i_c(^RJCkx#fxV
ztOA8``l7#RPsOp~5i2Wz+pngamq$J$cDJydNg}e9f!L^4*+I$E0CFM@L>QuYe{K$Q
zDi;I~>5NOx-BA${AGSYa#>5EV3CmlYNDx7ai9B5(5rIX<?y`F382}fog93=i5$Dt;
zbLNPSb|oC+rjP>^iGy;39F&t~2Zb>yqJMpLSMrh3x3BtOh5l!Vyk3K%(1FSj$opN1
z?Ijx-s@rsZSq{pWO~}ER9-6o5;bFUMqG8wVp0b@Ia!`hc?6=?hkUcsl2W3uja8UNj
zLHPnXD6F91plI&xc2Kxb;*mH&8Tx7E*dvA5813udBzy5w%>LDzw$LWoei*!370v+O
z%unF9=5fQ}yUpJ8Y8l%Jv%S}vz5M5Oz3~`oGwXc@vM$)>&lS(DZ5HpFWFInn*DuRz
zvErb(nDp~30n&-bfaeZM#OISbap7D93d5iBmiM=W9FoY(1dRP%O{V~P!}1pLGu<e=
zCtwK0(@I`sCwe2e5F8Zp2fEs)oRAliH3)1)e+tn@UF|HU<>Pka&6nHBqjFH<5s$B!
zDr0-D)6c#qMQwE<J1BkgXaKht{LSI*^_m=%njDldn;vP}PPrHdWcGN(GgWWfBcnt1
z2k$><51tsYX4yeml7sS4=@E~lcN`QJG@@{ni3@?W(+$(MCAD%*shvJuzk{;Ymt-qc
zcp`xb^5}hLfA+&22W9tFW-s~a<e*eI>tO#6Uy^<AZ*&}#024(R{v2V=n5TH0!m_+C
z&+8ms->XzYOgd$GobzZ2Cp8e+;UmmEmWzyd&?{WX=LF{<=>}ZqPH-iHKdlgOx+;Gk
zcv<`r@s-xC>Y$J}+A6}{4S52Mzl#2_k|&n~iar1}8)_W2+itzw4zYp~Uy@}7o{hOU
zC_X-(01isOzG%;DD9JIAQ^ub1DLE6Ypllca{;{_0);N3m{z?B`o`*(;?2kWq*zP|%
zWQ};lv$vHTly=8Ksl^J)xEz$WB$roEKytJ_?X+U3IV5LkjJ<J${cnW|6)IdPh>4~j
z+zyI~?=bjVN&z>2BCI>{I?9k1vxomK5AkuXFrU#ZgDC7PtV~$kVF!T_3Ci)k5b<l(
z>rBzH{vs9VZ#ni;XbYjIibT=@tLRT%%gLOV<9Jm>PH;_=Z&y;eFPKMRIFlI@8A0a~
zz1pG--xNILS4OAm`l~#xmIk?;dVWR2S3?xtY-m77TX6KfkRIr~P%ECc7@MAh3xo>C
zwZ#$si0^hz*h*L*l5@g|a3;-Np+bcU=N=d@sGrd#4g2TD5Xym(WO7TyhuT~acgPq^
zh%}DG!QTUv5%xAGK-pftkjJlue)Z`>#)N$j=Vwr0@o~C*LK>*R^8-|)jaN+OBoN7_
zY8X~Q%$uu19fgA;-mY#c=c7o7K3{LMMP0&KT~ViVfIh?cbbEFNEL&*v>NQ(!e`yV$
z#QoY<&1M#7RSlg`C)&70%Vn-a2*COGE+QhXIe3YTYb}GKxu+P(bj_qzs8FH87DpKR
zUT|Y5gzXDM*#($_QAeMZFwnC)<w&M5i%fzW00y@2gs=)ityPiqM@@pK=azM1pu)~C
z^8PEr=uQ9dxNkG2uhWIB*&=7+SWrw}pUuFgbRj}`oYE22dE=%N*J`w_(P~*uP6@s&
z>mht#q@@ec7aoi9i-7ltS5pjQwP86m!^T%(PXpfG4M{%k7upn*P&p_SDpc6|z<OcV
z!WOy}%s@PGaT{Dt=Nzlb_ma8{B*s&jGoyGK8}Tv($|{$?7T`y%zIWKcz!cG$CW>;X
zJ5EZp%@YODr_53t?23UA&3hrVA-dAv{T%gPD8^K;N)9QeEq9!FHnVoTdv6k5GhN)2
znU%ZhCzNXK&L@pxj5_GdK0n?mzS?rrcdK~eLgk=Ts8Hd;0Jat5n2eVL!xzSncu&hC
zOTb#X#SF-T`p?6Il9$phEkU1cpcZv3CX+Ivf)Hjr%@myWsqO^}>O;M7OwP7*a-o5?
zSx>vrj>VY5vnda-T4%3`<ktK#4DZp@{3C08_GwYn5Fv)FeoSbt;UsatFxnBl2GB{u
zYRgvhZ{v4RIVcq>RJgE!wF|;X$0HrLW?_^{xc2}6a9Bx1K~xGmhPD9FSW8bXKe|bL
zx_c`C-#MB1b8|l^B2P)Vbv^3YNV(?$t|s*i8UU~j(su)iTSvL)64Y-)UDzX|x0Nmq
z-qLlax8wQn1`coP<D@|Fu}PMzXP}~KHjT-l;<Adiq#Oj65%H(fDhH)Pg$fr2u!>kL
zC@duQE^Jz1HSt#PMiSuhGzI*%+AJ+lyxEeiqIBJ%MnMUjo-q&-YxO0HIz^FL(We1#
zQlzN6u$pdO4gKLKOW6HbE_cfTh3SZ#2AH<;G13c&C0*2REl6r&jy$CMhdwnX7#EC>
zNZTk7x0YUK6NR^-aCtnrPHNkBrzIAoY>l_tc!r~hI(jSE<Ps^~jMI2gJWa#i5r$Pq
zE_slpgJ^+xrMLa@kw3sGfpG^@$UTh#db&b|3Kh;X!hQt>Fo@W<E`!_S(F}R8yu%9c
zU6dT`0OT=`Kk7+&;l+30=%4^aaE>mdoe@G1ca0hGqiX!5YxoOcyUP<wp&*GFdh#Za
zg_)!&CjYsHGNlT$PsjJ_Y!xso(l<dp`nL?)V9?o3Z8DOYk+)U6ouUo-p-CSbip<B|
zMuAS7AqPFz1L}ms)l6e+#TeneoR%#q%|EFo{)YJZ=^mVn(7D0bDXyP}w;Rq&1AfI&
zOb6;Co$xdjS>zzCtp;fOS>8G1Wc+moJO2WegHoYFg$oy_E#ewDZS=as03kh0VV7*u
zGv@^n*wixug36Qy)9DIz3k1VD;Bu4j<#Y@=l*2EHv$_IpDJNx<L6xa5B>yM28~KY|
zTNX*-&>eqrJz({))@Oq%&WRj^X1ifc_5HjGX*K1vXsj$S98$6FtoTw1sCB-1q7YIe
zwhZ18qQvp^kwLcI!h4#={n*m=H6}^p?!a`=OVbJ!Dpc4yz<RCsj<F{)Cu7~nCUOu#
zoD}o}n>M+H=@uxbb7Q%=2>nAYx4O%!K<<>_tZeNWdvy%bW~w%iDDtk|dY~e#Yq0wR
zBD~Q7(XXP4Pf0P{*Z|@{9lw@BNlgs_KEOsg;Tl7N9kl)kEP){Tdx&?ZCSg*}2kT)(
z@lj|0u(PL6D1Nw;-8Zs#;wuNGLWK%j9~i9l-ZA!sTf@yk7-RH;HpPiTC^}}7P?U2v
ze1({e*q^{1Ha{&8@Vy36_yvS$!qj}LVMtZxe%<F<{?z5bmVZtAyaVNuhu~9oblMrB
z$9P&&5slWe{EwDs)LQZ`c!LL`<W89VDKS1v<3mhcnsLG~N|79pGpYbTQa&PYWmHGb
zd3fi}3?j)Rg11723Kh0Kl94;V$nRujtudzP)x+5L2FyA2LI^FT4_wANkvmrDljogJ
zs}e?+3lsy)<1}f(LS0!w%AK?=0jBAAG_yv920;w3E)Y@k6_WX8+m<0Ys66VKXUnXT
z*=I7;<n`mWHDT;RM<9Hi2RQ;!D}3AquLY|p4yEy}6mN0(Nr1>BMtCb!s8Hd;04o(8
zTi5|%tXP*N%V*piFz1;C)~<d1x-6KuesZv$*(BCwfL8<ZVa5WJA1djy89*fS$65{z
zs=ym6aQn*M6C4x&alA7CGB<5@>DLddfZd%mK)*IXztnGV@=LzVt~H#KWt`8m1j=2j
zU-|+i88b113(?O|^y8p_-}BJE1mpxU21G3t<$I~y<7&zgn`<_`o#vLCHWYi9Jey*h
zVkQm|Dcau<gN-=IK}vSr0MZbgMEW^(QJnuwl7bZ~RH(4^5e5u{#*uS?6@xHrjvkvk
zd3(h(VI;#EDno0jLtUFm05W>Wagdh@yktJZxULHF#@i@NG-m-(%{6rqqAB>p4+$<W
zDE}ZC&lOOPesCoR1iXtns1ay~)u5{K*kWX)(`+L=;#pT&>i}X0?U$ZFw={ObAwXVE
z#0>&;DfD0*GZqz58<W3L_qUmNqi0@D+fr@BnvEqJ8mie`qtRJZ^Cr?C-a7NVk|BPg
zm;5g)Q92Ypc#6wGd|b<cR1dbHjObXp!YWj#P+<!LI~NqdsA2p18E1II82YW5?vR}{
ziMfwZ76^L9<tP=l8tV%5Q?w6){Ve%29jFi<>x}RlH|wfQZy;jB6LA^q)rSU~)Ikl_
zZ#xMhVH4qM#>a)*JfpZ!fX+E>SamXoD}YBaDyL+~7S$HZt)}mXU39NRoN=wKxZZRk
z7NRCP5vSpz$-sa}o?z$<;;4AvA1m?=wCcXfL8(w-5Nw*Ut+1)UxMA=BeH7uINX)EV
zvndpZg_V_l6F;)nlzBElf#@oV;JE<p;l-Y-0yi17Rnb?e{rVx=RWsmeu9}*FJw_KO
zsE9k^1H$?7IC5yf<G8n4x=hp_?PXg~9N%|it;FBp$(yysNjM*U;Gdx-H%OWBgW_oq
zUWlkI;+ravzgd-%DpaVj8Zc&D_=WMSu%&=8%Z;XEMMMXD`-59FCShn5yXx?7g`7*o
z%*lOyDjO?(F4QP(54fO^IUF92^IpiVV_sC^gQ<aY(adKZYmMnH$hlzOQ2`ooTyaCT
zB<FppIbw}g!x{?XH1IgA^SD&tz`38U(sJ&^@MtRA*A#wH>MK8}FNVbmXPvRAaOI#>
zs4xh)#^MgM!qx`M^o=<kGfPdsC1bdv56d@^1%vXBq+bp$5JF1m5w&qpzNn|nD1Va*
z%te*k<$T~ws+O9~!4b!!T&I$3w%rsw3g<n2K_PFqbyY%@=gp<uNhxHtY*}edR#VuU
zBu9hq&DMB4n%eAi^G4wvgoqA_3oo#}tS}$ZS5SZamlouW;F$2bH}5I=BP8kXk9riW
z9Fz(b1_4(J#8p#aYXWQOD<tY9x13n&%=;kD<4d4VVReTF{<K`?t1R4N>$Cv3c2Ez%
zw=RoX_KZ*j*_n_ybsb3OgqfFwv{9F6DD;G-$g>I}Pw<~_l=UG@oP$20y?RkX<d1wL
z<&$-!NAoG{Z_6rvT5&bJ760~255SkpIwPnqygBAGbW)&Pm-T?`(Pq(ZJ&~6KrH#aZ
zpFW7M2$QDxnmZG1e>k(Kc0tpc;+Of7Y}%{SbPuD`=<FMz2}v2&-?~!0snw+IA%1#L
zGL^4hYZZ@j;DvZKIqoMAH>A?)YA32wp+be#!1agS;%cj~wLxF`5;VlK@$Am97huCe
zdLH;O#}JXkmEYE3*JZz*mxBPgAj;#IgF%+bkNL8gH%Uh)2+OYnB1nhwFf<6(!#fDj
z3EJrF68ezen~O?CzvPtd7l8%d<XieV6JD?GCykjj)tTRup~X9=gnC@)$VwCF8KI^=
zXOBk{-Sc`tjE6HswA~6s1My>hQ6A7Z;`fI5eI0(M$N6*|TC}!2h=%l?kt5X{9`QZY
zZB|>@!<ANCTD3*R(_TY1rs!d{5vBM89h@+)XTwHo!!}YM6Ajy_^n+;k8148w{^7QI
z%|_HWBkd(muN;&L71jb*9JT{WHyjnVFv1oO3iuraf&yy@A{pv4ubl==;aC99b45c?
z3B{a68s?fp6fU!ql&gKd5IUhx&xvv!pgulBh0t=}5Y8Gsk|DB?H}myQgTy39JZ#SN
zC>#)988}nLSA+ER-^0ljWBq`4Ut(+k^a#S}@NE{Hi=gaVEmS2ODEx+k<Q(v5CiojT
z7rdoK`B5Hq75N4b>A`nkh7>;}o}rp84^P@ct!{IY&1%zlyVhx)Y$NruA{KNCA*R#3
zHER!#+VIe*YFf9t^cZd~SzXRdTWP2|G1Rhc?Rls1;dz@DZ5y7m$@+pEoVHEWs}+<A
z6)IHd82Q2(7!YoVMPWrx+w4`4GsQPILr@P7r<Y9FDKluGa?c^q$7it(g4v5Yc7X|<
zNfn~f+@mwmu3$XfoI#vNT+zh-P{AefxpkL9I_S|2n}?)SP4!up{yw7v#qn%|x;sgu
z_(qR^NRWI{5r};3k75O;^GL>t$3}cSt)2E@;c)SuFytR$Ll#6KCE%%1R!feJKkni2
z4Oz!@$^)9V)o@};pl4W+3aO_xZFU~#h**6Ym1D9^j?%XFf@oRsi?&@3(ezNmrsTZT
zL?bGDTo>XF37wWu`lmvL3Twgd7@!JINMKPnI;k?Dtr!{|6WvW^<Z%e#j<#fy%Q}$-
z7UFYS5BjOI6@Xryrw0k4EYo0w<IbOOLL}v&ort4pSF}@ynZNuF%&^jYD+SE)mP!s}
zZTf7ff}7MUL--GTowccYLO2TUkU@A;N^9dhke9}iL&0Ms$RFL{v;YQXo>!F|3ZC2>
z7e9^*k7JzVX7IR2;re3J#(0BA)Omc<X}7|^(JB5A(s5lT)pWGw@KDQ!+e;mi{PB9j
zM(PU7@tM&1#L$vWtF7yDpvKg<6SYy>F*;$}$G6*oZBw>?`>0*Mdvx=gyh4R19Jmu{
z%<3pwITKZQqM)ZWT%*5B^GgR9aq>l81ar6Fs{nYJY#^+Cih>HH6Ap;znrPRFkc%AV
zuQQRAV};IZAoz1aAE;>4h-B4-aE3fzB*B`8b5P%|t`uWilRpQw0UI_u44R-@JQ68^
zbmuvXpm;AsO8EwjM0JrTNKu>;9>LH?!}`-!+d#vjA<;+*J1O10g+%_9T*Z4HoIC;1
z?&!$I`6>+M#MqTPqO!--ChRpSK29Q0oo@+sPF;llk<3p9OzF5y$8Ezk+acPezSvW5
z+P?9oT{P9UOLvail{;&8{r;Lg<)Tr$>C$n#@v?Ed=F(BS>Y}>s+dFJi+lOsvynfc3
zyh4R12Dl0<oF~xuSi^O8!bbXxJlq`y^(&XCRjnt+oJjzt5X!A_4$_z;#mfpEr#T^_
zD2Q1>6AN&?&H%_o97iwX41tQs>C(Fo;4SzSD2PNMbSi$<wuitxDJXYH%Fanw_LP}b
z2qs+xX$tbx{3~Q4pNR7n2F3X!mrk%CL~Ru0Emw`WVd*rI_M6loUg=d_EUn-~_+uE6
z|K1G(qzoS(41q+Io!ub5Ny3|M{%sP0x{}Suxx(=1fS)p?ewnJx$hTRt+6b=*>mQqZ
zmsOtcn1y**?YE>ZY}r)3W>-$u?aGNEIUvJ!?Vbs{df&KReqhS3xO|UYcF7*wfAKEc
zwP(tvc1&4oeB4eb&tt72duXm@pFX^7pLlf9{{F#5`@4G=?XN#O+fl7Tg$fn6E--{W
z?rK*9_E+|MLm;0o^D_%EIZ%FvIQ5yW7ou<`8jfT@4s{?cfoR`@AT!LNOx!&?KaLKh
z^Nmi7K4E!*YtR7bmnGLd;5_;hgfl{9T@~T|)B31L-T~+Cl;lL+lebZh&dY+LSvkU!
zgY+EU=A8_Dql5JWe*mKLM+iB8^c$qU<7=osE=p7`YY;>p9MgL42!$gOl>t#9(nRqX
zhet8~!;Xv{9qT$DT2ed?goxLMmwD6^vUF7Y*IG+*IBLoUpYk<lm3`J~zJYehMoE|K
zVU@E@j>%3n&fc-M?HX;_u$;6p^%uV&;BWn?t#~}c+dH)3?$IH;;=rU`v3Jb&PmkI*
zvDAiZHrs65;p2;T|FK28{jml6@B^pp{db?VcicN`e{+As-hTg*{p|w__MS&h+WQ_?
z`s0iC>67ALq<3~+J$MsS;R83Cebei8?Hx;z6)HS|!7Fr!?=gGRtIfuB2fOE1vzPs(
z=9*K9;Q{~?152{ls?J*Wg#+FyIPtLAyM9q~^fpCM304vYFk94ng!*Dk*8t+uT-aH<
zCND=KJ<vfE%OqBw_zJ+3>&Ox31U-}~qNxhvIgfdy3nZZb_-UTdaXp|N{7yT<lIg!z
zjL<TAD$+sD4jbpF7egwtc8S$V!J|J+Y_0?6Ak(WSQhF|%aKCm4G4MpV=srdGD?8GG
zPnIsTk#y0nn3%B_ecn~}?%R*qgPI&0j5A(M;Sq^DO`WVR6uFF#kc}S1t%cwRt{YB;
zoC3a3<^xH`HV#E;tny=go;USZQ5FFl;1t1uM?rZx4lk?|)M3OLHdbreko>K-obXZQ
z8Ie!MW0^@EN91HojgH!cBDX1wk36Ne+AS5YnXK6dA8y#|-hZDp>$}trYM;h&yKZ0I
zzVQW@+DxNmA3M~v1@-03V$0^5%QhpzZCG?2YSxs%CGYDoxne`54>c37cE~O_TBkyV
z3af#OsJK$fcQ{)dG6wabn%#QYlwG%fO6qe9exU*b2IVtEACSDBZh|)#>&^$A&b@UB
z@OpYbMBzcmVGoKjMG{dl$#T8|Fv64`>wrO=6S5VgKae{llEWJqBhn+Bl`b8F61wCh
zA{mvaJGwBD5RR+`pZ>5?!f`|ltdj6*t>1N%o-(k4P~=hAA2*b#!|LTlnX9z}ypYQj
z`6^T*cTUs>uCvZ->~VleNs>8a{0^_KZ)VM|Hj*RZkADP2g&t6_^+Hy(^HDr?8b+RG
zZO@Bbo%;%j;NKZZ<f|p<*;W_I8SxFSv(jHQG$U&H0*d?yjnZWsZ!FoEoUW<nj7_)a
zZAWd+_DaS+IYO6@HSPMzrag7XkUeeJh&}DnZT9)sZ?`YFd5=Bsx;^%sTlU&**YCBb
zT)x{b-#2BuwvSj#!slB}JGQuNM@}x;yi{TDZVg9@M_x5uFw{+P3#!-A<)(f3@NxU_
zky-o9+@jsL*tAF0mWS&Tc6<~Xw^Jh%wm7<7G-1o58V`)ex`-PIejRXxt+sR!<G!vY
zs#Z|WFHX_PgLlC|;NqH~!$lR&46L9WxyS5JUM(x23u({QW-t2%U6Cgf!xo1elB@TQ
z+XueuT01n`uv>rPGo8<7UMN_xg2J@|VZi!~@3@?poP5(?c30Z#Qp+cqNavcw@|W*u
zNr%6<%PR}yJZ7&FB5zFUUC87FA9d`!TGBxek&aviWET-hQQDxGa92St2ljIF5|@kV
zvRg`k-&Y(6qpZTd0W;^z;QXE73fXI+kH{|IB(X8n+mH-u99B-E9O*x@JY!c)&D-aH
z{>AozPaL)T4lUW@@OH6^-yJHLHSdv^M?;7yw@WX;N7kHoD4q*JAQZ`wu1)gGc^PUg
zic2So=EwU+<+!kYq^))ym+)~popq(xhwC;ao*~t5`-q&Ckzu8^ZDM@H#_Kh!*N1FO
z`Nrf(@WwF<stfXs=9d~ax3Fw8^K-VOspzCsV{vC*wAiT04{6#`d)98%eDbBYUTJq6
zY1tpX^Rr^&dnyv5OxIsBWUqL^rFQ>Z!`}SalafDV4LKrwHP+oaACqNJPZ~#wFwqp$
zxzx6mgK|D0=j5LMe3MP<E~B|gPKw5&9hq<0*Zskx_R$AVX&el4HC5<~u17pLDA&kA
z`S}aSL0N9u%@<GD?f>qY&h`IYA2Zw0V^v_QqRT<SC<1EI$3Y<}j9u=aa9%(s%$v*;
zu~{(k1S3Y(m*10vlIMq){2m!R>2B9wwoJ(L1Uz4$#NemO@4B#juR5YX@vaZ?qNH+%
zUw=5q-sfo!GN6w$_D4CHvXIjyONjCUq+@W(aj{Yn@ti`v5M`8g=!;TWA;6>cC)DBS
zZKA&EYQvPsq202H)~sE=ZOLBvoc;FB+mGA*k1pEcIF7KG-MIoV1LaG_IkIR+oCk2$
zaEJ=9Qi2k!j-VWlkC5f#_mqc4{B+G2PUUjj&}Nj!FOs)oa?&P8TcR-=(fAx6m;0jX
zP2hc?GD0+$ENW~oiCBo4TWtIH+D<Jr?fA?on^{&KIR$Nv{dRNF7UZoAjf}X1LSDWM
z+m>U8`g~Na-d?mDCztHYpLvme=HQUM>D{`?K`S{hwtPYk%1${b7s)|cvNzs2YYRAq
ztc)<Hp%8B*@zJ=#NhXqOCI$uPIZn4(<)EBToLI8vuRg8swYyQA(tv#7|9;Rue4iW?
ze+FM+!w3iEjdD=NbkXg*@EnwzE}F1Uzxo=#a~gfs1?Zq0PY%ks?raNChcIMVRt&y?
zH6!RzvcfevH5f`*vA7(O>E4O14c<tIRSKWHl;%84PAQ(~{4z>Koh~eRaZ*y-l0;Mz
z;Xp=l9t`NBFtdz*a$I3oPig2~l$C+3!0Q9EkPaPiLdIb1fjlYKvrA4wS9yt%Hgnx@
zqQW@?rFP5p&&$lw(?r1>N(G1$Gi8&9jTFJhk^o2l8C>@~m6ZAhC&9CF<l|<#j%jX%
z#~Tg1Vn@?n^sK%1cefw5J05M=(!>rmy?ANcXx{)u2E^jzaVnFx;T%xj@Pf){d62$D
zW#kTPoQ&yjeW+=}!*!YHnvKcX7?qyW?EBD7<@i|L_kr+qY*aEw^~V>4B#q+O)4C|{
zV_seeLl_5SuF<p;b4_b3%-hMihK3NoMyxW?OU}p=H>>^?TgGV8x1(JK)z=G3<G9xO
zs_S**r|jiVzsNp)ux4+3-yO;x4$5&kD7)Q3d0=+Y-gNhz&G8XB_BhdoeDG~J$yx!*
z#%YV|mvhDsE!Dy4P=)gX|M}`oMx)hs+g4!{L3?8Nwi^8PN6{)Bj$H=)*2StoM#$T8
z;6lN8apwi~s0?Z|pD>a7>WTQN6Rezbw?Blj49X`Tr8A+`CEIz#tEhq~8XM{pE)nR%
zNf=-9D;)fkiTIq#Dr3O?TO1<pI(e)RDiIEw9R$4m1edD_pG-3HM-j@9=PeVKKlI9J
z1+V_N(-b86kZ-c3Y_)^yp5kfakX6<{FQ=f8n^VZt5j~w0&x+QF%4Io$NsoT=c%{=n
z3~>KUJMpxs3UGbI!|S>1oj@)QRejMX?pAx*CP#-o`zXAMW7~|?#Xl-OWO_W4sEAGG
z5O2Zw#0t%+s73j`GvZ_Oyr_24MwgcStEs!>C|^2Jv+H(_+6{X~?CE>A+0!l`w$Hs{
z(w=+mw7uZEX?ymy+wIv`P1|i3PuWxUP1q&dMr~3KOnYw0jvZOBJMKMfAG`Cgz5k9G
z`}<FyvUiK#`H2~O*X@h;t~(a(z4tEKhaYa*-N(%yn47c{wH-DywA~t`)3!9S-Im7o
zO7A_=dt9X2LhcZ&lY+cIQ@g6k93$hlBqw8B?c&{`rtm5Q+T8~=hOy;OutvBn{MwPn
zG$cm)sjuCnkX#t6ZZ5PywSsa!abn39e&uQMo;#<{`=1Zn!IKSt4QxH&*Cj97Hf*o|
znoI1;T|;(szGYwh+K22T_g5<@XN*`u`QulsEp_*C@ik^I-6AU}>h~dyl@@o8I2Fmj
zc0p;E?-{j^zv?=B@I=d=`ZJ$2+lDzVfr$u1BI8_>j5hMZvpJveM?8<3z3bQIm+*)u
z>6BZoP?I>n%h!=fCYJZHy`C6GFw4x+Gwa>Jos)FExU6&}e{mUw92wrCU?CIfWs{U8
zpGIQzgXH*xp<plG6*3hOIswkhM!iTA<@xFI{2b(EdYb+qDic>ACNP{TbV*HCI3WQq
zmxv^s<^4$aC}$vW8vaN~Z6EP2A3hDpdU_1vO3|O4vkq_KiAN=;6Hg<Gaz}<f^MN5&
z@wVn{a`BWs^Rh{M){Q&ueRn=?AAWGwYP$~DvhEx^Yag|aziSJsmMZPnm*R+QHf^l6
ztZ>sGzf9HYwtd&6?H-?0w+`EsRK|ZC85TeOK)N>DYM({T%l>AsM9yh0pOqtWYGKx9
z7ix+Vsr&^#Ij^cMsLe;^P%NU3FeIVFI_I>(H5zj~pzZxmgjCwJQ)UNwxCh7*rhzc*
zBWmBp8GGigC41>D2kc{qYWBzPx<hH(#3P2r3A_HlHhaYjF0qGBF58>$nX{8PIrMvY
z_2|bqDZ`!L6n3oCuX0e%CrS>=t{=bOj-S-Tx87GlH3{w9Ic)#%ombm+d&epVWiwHB
zP!7mJdHEJ`P>wBG``4dlcRs#sFaF&J?CyiQKK&LZUFbL&I4`UL&nb>K5%|O-MlE+{
z+&LMtS3Yy6z2R#wvLka%+xs7G-x`}~3kT&lIu1%$D^!O#FX9yNyJhYG(~Rr}7Y42a
zC@e6L0M^EtcxVsqx-q(eY|iYUhnz?ceVG4xA~E^_Ch17~_cYw;SjdcsvT)+1hfnYc
z1j&;{^+bpSUQUYe-^T9*I}Q<(x`Z)CC>~zYIfBRsigIC0x6PiM^u|dDFBoR>#%fid
zOFm;+{lf`yT#JkcPa~r2m=Kpir@jSAN7Nru*=*c|i!W?Usqgo;X6@Nm@3iZ#+HIeD
z=!pG;Y-Xcfx7NsrE$ccN(PTTO>u0R3ysW~F$|;cpvVFX6qZ5-hHY{gBT`*2LQg=x5
zd5v~?v1yIPhBU0%k{prwrMAt_F52w;qRlPMi)YvxGzB{9z<1VK)Qz`T7`u!ODEg76
za1tXGa1bDOV)ABI9OF3N3hDy9w09qbIL2gz`NqoftbOj(l6~cE2kfJVm+g)3kv(J&
z3Qi=Cc=mT5@jP^LaeWR7-G|Q9D_u@yMD;6d0q|4PzNvKsG$yAeJoE}@2{doAyITTs
zKHqcCqTR4>*xvRnSGtqoh6QWPHhfJspMUKRd-=0=*-O7*r@i#~yX`BVy3206Y+A-a
zJUm~7S5C}RF4<<k{Z$8C>`%W-Hy>+04>}K^Zm5M(b5ev)-W*jICRcY(n8=7zk^>$r
zVA%?$83LjHs6|H%DTG|wrqiGztf<=8y_O^=Wj(Ers6Z*NKX#FBtkTpp3AsZApOCXc
zg*=^5FF&D7%4UK|<T^`8S%;9DBbU#gqTL|cjy97_+Rq==K$4H1&O<)I+g0Q%5`>lD
zD^JqTAE}A_5er9A$RaL|L7p$QLocFiKGFf{f9DMxIV`NIu+kNI(Z@dx509cmEcoy=
zX#0fOj;WgMo2uI-+uC-?_L^PJr`C6m*fkezw_C3{U{~##v>nZsUAJT0KL66)_OyLd
z_AJqJFWzR)xqRB5f88E?{!It$c{g5c&$#+hyXB%?wtI5S>hnu>^2kwp=z$~lsXGqa
zC+<3I|8V<Jd*3H!?ESZ&vcLWGDSPjor|bjwoU)HUG-G!iU9v~!T6Vm((-wIAGBoYP
zuhO*YyQTO}4Hepkda5prKd#e7^$$xeIMO&t^cy!D{)i?K4dg%Wr%HqP9Uq9e76jh_
zkZ3PIpyEbUE|<rM#<1V>Mmp-Og?>E9pe)eGu2w53=M$wBl<EI;pUs>+r3)@a3<^y!
z(>sUlL*I3cUB7p<T0z-N<SQt=X1w<rv#;JFD=6ysDc#Av?rW~Fmp)~}YTtK<#*Q2l
z8MS}?{QdT-=k9Vtyd4{bO_M?32JGm(*?mVA?O(j<G5gE|JTEu<;#+px+rIS@`;osq
zZa?+5hg4UMo2}sR<|`<pQyR}ihRI@Vi+qw!;~Xo>ojH>g74wR7;u$l@GO~n@VI(h;
zCE%Ci0&eWNgXfs!7nV7p5S!%#zN%4roJ3yui3%~1%(*)OiYSU;LdnW46;YsEwLllY
zPLR)pz)cNx^0w(Dd0-&jiVUao0lu>m@sU43wD(63<h<~O4uL2xe^lgwv_hctI*&X=
zn9XVFNpIoXj1rbSisp@&G3CP#+a^Y~qD-lIcZ%;K9k(fsrdbr<vf5=%<LHFC{^4V@
zcKG<bojf&Tk2iRvGH!hIz1e7|M=qMU*^Z)8*#5dixpK^ED#+7)?@II`gN+J`$yc7z
zxT0WwwU|Kk3GEGw_g4xt9^#E8cshSh!+8XvBMkEM2%|<XkcPTZzU;~9@{B!eSIxfk
zmR<JogG=`2_uZ#9+NSDASmU@|f1uwAO1ka{mQ;1nG(N5pdhk>Z%K1deLHQT|_i;Ni
zH?Iq=S8w)5Q?t%q-68zfFWGMwZy%`~l+DCec2KzTF%o?BlJHQ&MkmJYO<#Yxefdoo
zzqRo_Z#`<i@~+1flC@yv!GD@mGPi<r0#-OEn5!7mWd}gOz;pdDLt)){(_jQ^oGc;f
z<l)hdzoikp;&Is|!>e<DBmt$oWsrmoF7x;#!`m&yCs0KBQY4vpvU2nYm^dMfgW?IN
zlXCQvSwJVG6X$w{j>^btM<C?DM>rMfDDo<R)5V?{k4)eb>$DYhrQITLuO@T(>JuMZ
ziLsEMAum7VcwSNPwwju&hiqKVhW{p>`VQ8e;$u$7ruuK>>71XBfoD_+RC7qemi4c;
z%&~3P?H#d;<>)UgHEfy37SfMbcw4faO<fBOc^xO_hwS+LtUYk-lz&D3l;RfWn>M$!
zWQ%zH{<e?$%bn%qNC5N>_;}Ni@j*OZQdE{POFVOI8MK$b2@}G|6H5-MoE)$vv5v@=
zgY<H{19&@)Bpx+bd(lRli}u1xN9;w{ZL<$Q(zHMMz&+OB5f9#2=AhhvYQf%kFRvN1
zLWnTxrvM$&L(L9IM44RS)2JMj^NEs!vRSAclug8zc2IyWU#?&o$srlBUwg>``}XJL
zuj8(crDof{|1XZ(FTe9(XM)BU`UJ8?(9=P|vgQUmfm46%fc}hoIa@8|k4cpYfZs52
zCq?j;6DAY!Bhn{XId(ig2oWog@;XC=Im#jNRg(mgdrbfVcVcwJkaKh(2VFBcQ3O$L
z^h=0zN0M1&*9nhVh-YP~*uNo^>xLZC3Vkxc-d-fAZ4g&L@&55KRg^b2aBxF@fUJ}i
z$F5(@Edib`9ZDdsh;Lb4&U9OS&D@Spja1$&ch_7eu)2>a)p$a}K9BY?8&KtlH0E{5
zw5?fh*skFr+qGkx&77FCR%2N5h9rB*hR51AKDy)|KpP)#+vxD5P4C#QW*pbG#&66l
zTVr9t4llLr_)Oat7VCC+reW=d+#lCdeaRj$2im0$Br2jK5cTrY<hT^gq)7h^eqw@$
zl~O;YwoLLd(Ua&cA?gEIVC~03I%)1;H*92i)?R$gls*5lQTzCzVf(`me8!r~+tiK{
zk~=7~3-+eFW^I0)F-!sJx?_c@Yup5okAoY$s#9l4Q`AA-#&`W#3a<@*L2=t&v!{QR
zWU=&F;f%1@v>$o#Mcv=>*#yk%O8mW#oV3T}0CkLYg$)B^IwxoR_P<hF>MEPuWp>M#
zX#A%o=JSr!zcWpH&v##MFS}Jv)H=Xw-Iv`sX>*!f-gn0d873_I78*0O|Kg0<{r}i$
ze}DXmb5cS$9mV8^!Its%$2$S>@B?cF#6vpuO>>8XiJW3qAeB)DdrQLFlMh)Odo^R|
z3EV+qf*~)ICZ@;;D?yTSeY(`p3E4<5h&qK%DUz}{?WI$|9n=&q9#JV1D^T7hN-WYv
z-flP?L{KKj9!M%Up+`T)Tz1U4U8Dr&FD89Cn!IV&UT&#NTh@@1u*91$3eU<LnI*i?
zvXhG~JEgQ)9p@L?Hor70vn$6!V`F(}%$l{j&CZ*h()BaDJY;hVay*viY(`GT;ZrSp
z{P>(be7Io`AF11eM_YE!{quJBeTVJtM~>M8k1pEdM;GLnjM|Q!+id&xVcWlB#CGo)
zw_V%EY+|CW>bBG!eA{GRm)4Th$I+1O@JBk3#-p$Jse*jh#YvU)aVp{$i}}30JIzXi
z{QEBn{D>j^?(ixc<IAsM<inc}?gWxa;u!6o!?VfxQ)kqhOLo&`({`DL>IpfzAHDa8
ziW!y9tBmpk_H3K5r(C(sPRQ~5^y7=R%y=nQ52ZIjx_t#m@aJPfI48tWc!zpst8jks
zj(g_q&p$I~fAoo2d+0=ToY@B+T(Y++{!czNYoFmkXu_utE!v-bdd~jz_F4PDLtACS
ztZ>dD<NNaG?6c=x#Z0v^{J;x#+SQkB?->6r2kC^t^Su+vWOb>@iHv2wLQqW3DS{1#
zaZ|<GKOehb7bO#B;qM?vab2>@zyXAi&8o?iWH5oJDCPo+EcD0_lLvb8yEy(Wkzmd#
zLpdr{wX;$r@)c6*ts|Rn(aqmr5|dAS3UW$wkQWMFX;Yk%Akus@FX>D&YBRrk5{1+1
zJR(k!>4KPCm<)RWKIR(c9@yvy91Y@F(%?&C-1s)jBxWYxMNQ6f7@QjFzlO@;wU~zV
zYz%u9#>76#=1n$%VjdS&s2q)DQJe6*<oKp=<!1;$4cSXJpUxp?T)}Z$u1$C?meh_*
z%c>mvYDN#JZ4Stp*&!Yr`Ei?7_|*KgotkUg;gdCc<dNg{$q(OYAN~7#?4$p1zuo?^
z2kpMQj@sPO<2E%mWILzLF4{e5d-hM;#TW0eOE2DS2QJ=bdoP~0o%<$iVmlvfQ^_@X
zN;ob}DL5qJH+OtPuypkJAlgUu3dfqT?*~ao+RbZ1M~T-PMezZGB;}MNXC+PN;~EZh
z+XTl>QWqca?KUnf5|UsaC;gDdZ*dg)qh_wL36HI?Meyand(gh(7w)#NdBelD*jXcV
zeCJyZ+E*(6<-h*0Kl=>)?0b*dOMd=td+9IUX9u^+6Nd`t7P1=ksS*1(&)t<GHio^E
zHGApJ+d8%-zsuhW@VkFaKE5g-3yFHzvMx2HIBzQWYDQ38D>A7(+KF>)Hl~lsxR9ei
zOzi%K3g>`?C?t-^k@0WioOok-Y++w}f%ar#W@RJZYKaNI7oym*OutJO6(60GzSNUC
z`x`xqBb_`!I5J+oD4ZH6>BEn+QRg7q*WcXXs77L92{o0aOKvggD1c+c+ak<d?BQ?+
zL~X=ZMETY_AN&YfQ2e}((4xXP9CO5}T_GF?zPYX_Yp4O_ICS1XffV*PQaGwysmLz^
zEXomCnq9Jn$ek0q$VuS^$y(IO0&=AncGV|y$)+r}Eig8gmZY-MX$R`TtGe*<iayVW
zAo`3pbH`3RK8AGQ>#QR?)fKu1hjyvj+vHc(?dZW}d*r@D_UOIG?Y?`C+r#%iZigN|
zY)6mI*{tfnr23C&R-YapwY|G=T(;Y#m+i32<izaSHErV)+iYTN)M{fR>K640Z!`G^
z>eK=B0b>f?hg1g~86KbEP%<_c3r^@sg=kRsAUaTz6W4-Y4?W=fagqqN1=U}YC^jGa
z0vq`g2uhQ_qI!c|s!u`mt&UD@e_Tf~6}AW%_Xn;RvwwKim3Hl(!UCupmu>W-G5hQ9
zzS5q3>FIbMI{QcMjo*E(z2p{kZiOc<m|!rLyc!(Dxh~|V9+<G3H4e@c&%JWoMp#*p
z*sgM*^S!ddgj85d0Ufb#oYOYG8o>#c8w!Y#w{<*UvZySZL(ZxMpTJ2_L}7S|kQ3tY
z#LmI*?wFlY9DqNGE)Y%u<PMf(@ra7ar59XwqQVIgb;(g0&7h#^PQIf{R&Z23th(pR
z(g}JR^}@lzDUpm35fd*fOE@vEBX!KC2l9Hk$kg3Et5MJbBrl;MT2gokk3sD{r}mxG
zgvjgeI0^13a8!O)O&SXOY6>z{4tLBreaoVz#&T2o__&iJvn*bS4~O{1OvTTs3}pJb
zWVkaS*)!6CFQ4J;ppTaePa=u%d73=%oAjl<T^ABnZ{~9J61z8nHv=b1U!D<3E{}LU
zjW#4n`XU$S%<H2_9LMD;m8G${sPvg3Wv|=(kp-K1bkR=oi0HvZJM_Q_(Lp<S?@>E=
z|3Q27;Bom&E!#FRZU=Ua+m-vq?BYENi?;8XupK)_Y(mX6K0YLWMdkY@a4GELWv-)p
zF_<_gg3a$f?o)J;ta=n6Oyv`F-SEAbaq%t4nZrR@R&)7NR#xXq@alWW1rGpZc;j|5
z<G}h#mkLoEFV8RJBe25x#+P0{W$*cp>+D&Vb~_u-y>gqq|J$##e|lqg{L>Ch+S|V6
zDtq~DGFBCyxX`39B!lp@%eUDV@)POTP5be4uiB=Ixn(=m{m_|WmyDi270_MSbFbkO
z+?}#ssIsowqp^41ofMVt6KF<EF8&6Ez@f`-Vwg3VFz<K*d8nYwp1*0Jb0!leWL6LS
z5fV^*K{Tw=aR&HZALm7eqL~*UB{^XCBLVTi>->`2YsIACPk)L!i5CjpT!zT+-ZhaA
z(NW5h6ME!D5XU*+DH-7opL`;JJjFCZ89LB7zB(Y{v5GqwkS1atiQpJ4DLfxEYc{Jq
zGl}?Bx>@nfYGMp>heZ>e6Ap$7f|#_u9a0#F!B;fUNBPhNC&3@(AOj~u(Ks}|s-p9`
zQym>}&bgh3d{svIHKF+=+)`ebqdfk&L-}Z9Z)ZVG(sATeHpvixmo`we6Y+T-?+;xE
z9#(=oPAUs0D&&)o@endt&G7Qbt1-q{pzf?rP=Ahc6kE+PTW*YMULLdNOv7dm9=5~x
zKVtWNR`i+2?4bvb+2KPo);clg{>IL+VcWfZ*!Ia`*{_R#*X}(wy<^ID@7!jS+v_&I
zZP-Sp>Q?7-0s2p|zIUZYJBv8-NXhrL=*Uu(J2H4~3Og+;>%9ECwtN-2D(bt%rH1c^
z9^w&OQ>5|O`Q~n0)#k%?LpGxETJx1CNMZnOLs;F?c?_o$Xf_dJW?uccpuXiNm5+&Z
ztlr`|pD4Y>b7H<_J0{XehT{uNLM!9x&xsy4&edByn~1IO7LOc*OLmRgKfLNXyF@-o
zj@rNel)doT)AncIbeV0#7@Yy$cK57(>1!Xbn-7fHC;zSLnc+`9IcG2b-*;<%i`n=b
zfyw#AV`lIBZTSj2bS{Gq{7#j0kvk|U9>hd}H7txS5h8v<pO4V_T{DbwK#FT5;;17s
zL8>p=OT~CO5r^URyn;I!N+{kQ>O`*q4ifpCU%VXQWm03}LM`fxd<gXGV$w+?zqg6V
zL4@kS3PS<SFgRSkgs%w!X7qq?Ak<{uX8x!~VbZCm$BVk;2O>fYJ{il2a%LzUU?~qD
z;-t=Lh>`b#Ng$60y>Uh95VD94ptn0Za#BK<bm%CYZtjwp(;$x+$?s!Ar}?VW3cxSw
zV#zACLViND8I<!7-w$Oz#ust!lyj~>!*T{x{D_=a{GU;cmyRFA2HlRMP~(js*hSo9
zG?w{w<CZnl$8E+1|0Tbs@z9p@(rQtknz~%+x_*Xh%l3k+_t=ZB8nur-)UrSOhtJA)
z+$R4@W43w9uH09*SAM~z_Q=VG{mI=k)}GvE%grH`H7q|;t_ubG*ik{8u!o2UR-$5D
za`gTaaUfd9)taZmIYuw%1oU!FKriQ{!V?g>SmzsU`_RMl_K0p`ACPbKuzb%?KBkL3
zy+x5O^D_qX;Yk^<&mJ**NM%sg!BZ{!=s_8ia1PETFm4o!&Gc7UW!x}wzMq3gksH3m
z3$dEOky+I@u(IMHV~TUa<nI#^*OcNpkBn|fSz+M9O0tQ^k$}Rf2_nrMr4;ro`a^lF
z$T*+k&?m$dqy$uOepWYhx4}d*tor$ntf^mdSOCreyuHo9X(apZEA`CNPRhjH>6`{m
zL1H*{Tz9VO+!;A2(41&Vw4hFJh?b>?f0-Ck8!>_S-F`a8xlinn%7Os1;Ii(}8{DlY
zL>hCYlN60dL_Sf8eC32y6V;s+6MqaO@_I=Ck8@%V2}j~WrzN!?`(6rtM7^$xh%QL=
zgO{cbSw&heg1_9E8G7asMc?35aRd^zDk3i+54w3o>KBS`H+4xgZE1ed7EUbM$)gK)
z{IO$p?4hG}?2$uu^vH2Ldia#h96M$6qNUk6WgD_RyGQJb0~2=rRpWO372|fvo^ji^
zcig6@CTz!K&9+Z2+xGFA?HO&_?uoiCx3;T3r~YWxr>r?LZlhxw=NkWPj;-n6k{q9z
zR?}t{n*L3h#^Qpt+52-+G%K1vp>Zc-<MSLVCaToDq(byJ4hnr6W6Y&iD=6m=r4^J<
z9&Fg6F78ELynGRM-()A@&ch8mxugN2!Enj+kX^n5i>FEIL{k%%I#$>@TDR->buN}_
z1!WVl6;@CH6CoFJ{+NZX9jn{(ubZ|%|E9}iP|mEc|LU$;d+F~#sQFCg$jG?S4zM~i
z&P;iZ!Aiub$IL$PI_V&T$i4w4Zl3-7l6&F{gz@jpIGW^i@JBirJjMAZ{N<>ynGjxI
zwV+;Uvf<pTNq%^hmmuia%+nwqUXJMDlN-0Miio(fegT{pCOh^I!0UfxU!#B`PGAB>
z4wJHPidEk*!3Te0^BE+<RGif#-&c`j(w6AfIXQhObkqs2v%15DLzj39nF9Q|h>poA
zA<K~G1?BTHkm-(xj<l_hcb!DJ5beQhxc(|G2|3a^hv*yrxI7)%yTdsvbL$4e5L5>7
z^aYMBjaf8kH()CRJy*%n6S<toOB}MIIp`Of$H$qD@OXbJlJQP86whNDzUeZ#eZnR+
zhfI#vd~uC?kx|_MY?G7P()DxYuD0E@+w6UJ&D*;^d{_*Ufpa}~()Yi;>;;$Ey@wa<
z|J{Aa7MAO_D96)3o#!_KI&yP>!|VD{a7Pt~$0bDbrZ{p}*dln@?;o^h{f~R?#lQ2Y
zZgNid+IPS8pgmjhpZ6>G+rg8k<A33O$Lw<z|G7VVzkN1){kXyt5LgVp7`0s!S`fcV
ztmsE(TK1T3O3oAyooKm(?34L)Rt|JNoRb1FQ+_9}`uiI&GIpG!5;hlO3<00KG+FRE
zCO1_4w0>a;1%GpgYe*S+ChsyeY58x;P<K(Re9*YQ=RjrlBLBLl$X83!(PbzaeO9xs
z=*fhEp1keSV#NW+L%OnZ;2TS&A4m3A`2G%c@(JA-o;a$oj>NGagXi`$><<yKiL(Jw
zf8-)RNagY2x|S4+)d%Xx5kJPyRbSe-aAbtU<^<vh$hU&T5ESJE^@|T$mTt=u!bHXX
zmC!w2u_ep~RbI7?)sHSxJ_z;c_Rt6C5!t-;60+Dkg1k;=uYnNCcp^_u*j_rDW1RPp
z8M@^JTeMqD&TAp^0`e90%m_8PmKnb|6O=>0H*}MQljg6aPsoR@dsCb`G-n4NK4tgb
zbJFg+<D}hl*Gaqkt`m0mJ%{Y!dmpt=eCh#v$44HuJ0D5kN*X1<lo)Q?a(&F^bv<5p
z>7>2#Sy$SZ-m=?1|LPrf+hx1#;@x{}d~8xq&`A0ukrZKEvQkD{`OQY6xc=Zt2U@kl
z7Qv&ZFh&jg)vvfn9&3z1vt#UpKiaVW{^k4ZS(k?;mYu?Q9bL8``igz_Ww+?=vci)O
znr!cRc*Z_(pC+X<fsDal-#Ke-Ha(smdRqhN!wQc4q^|FF`09t^m=AcfgUyj_T4aTR
z&3}MN3oD1y!Kw)>V*WuZ3^k8<<W#tU6pzbGl@BMRNE1c7P-Yy7bG-<t>>(yVkx!!O
z=x-5aaY1Y%!@*!R`lR}A_LMGa=%m7rCpseHag1m|v@Bv`jc<j-8!rBahKR|%_>PE<
z#UzftDicS@H<3bW2eB3Y8}-47QMOK)$PDmBe6$7Oo+KTSj{|^SJig&;sQx@aLVN>m
z4{D+pc@_3m5@e{bSoV)cJRVj#IiYtz$-PN`Ale4`=+^yAtPe>qcRsp=Wdu0VKq!Mu
z_}4&Wr_E4>tcVyCksks@`zP`@V-$!V6687{jyZ)_y&F3BHq|%@@>j5j<U_RWnC!v9
zlS}s5gAM!W-G}YbW2zI*3Hj1Ks|SxQ+gtzsQG3h#58AyCFRMu>ZU4UgcFiR_?Y677
z*>i5%Y0tQ3huwVbPP_b)UAFt;9kyfdHXEMarW+q!k4$Me^(xlM9ef&rcZl*wJe{}>
z@=6D)M?9O0(j%Uy|I)+uniuV|SKP*P@YDFJ*FS16xoOhA>6trHOb4&|>%+ENch&#?
zc{@`~2h}5<O~h7t#IqWfTQ)g0W;6fsI=8(W!Q1Ydw}1BA56Y0qaGj66CjH=#cn+HV
z;~Qkm*dffF8^HL>@cMIW8Cnc4lNJVyJ3I_6`xj^sUO{Hn#ECmf8S9v|b07l?$zu-s
z-6t8YA1r1}Hp=UFe#%S|j(|VfQJCyJdWo>q@^W}X!e416LHy`T5RjLNiFyW04&uUi
z2jD64!=OY~Z#Z(ABh+`KM9O5JOv+kJ?Cy*ai7e^J-8b^#A)0(RIT7!xO|(l{X(40=
zU_nM9i#X(^a6iN&9tT3`6VCApi;A5_tQL?Iaw)SPoOd+^1d0v)X@k{Jlm#=qwB>5@
zvpVE#WF={h;)<r}i%cj%+LOsY<kC;UQf^MKiz0Dg_$Uc)#If4QwdE^^>6*Z1;25{%
zWV<u2a}_YcD$U54O^y!R)b<^^4C|e3V49P7KWIqT>jH24G-|fk<dKlF<1^_RT4Mi_
zu8EZnieFTICZ$Aq162;n=Ayg@<*_BZm7mru;m*TNyJ0U(-J|v3siqthUhC?PuN;(3
z#FlqZbkTC%E;Q|{pMAjo*UR_z-BjHVcOO}{7yQ;k_Q*jQ7{<#+y_~ZFRsd!Wn|<j2
zN;e#oq#FmfXlcUgQduW_b0jRAUmwItRvqV`1QE@o153{Yn;2s5?nzc8-ya%L`3*TF
z?gua#Ac_-rGIZjr89Mq~FJiz@I}iN)0i=_ew(S^i=P3Z6^iBGBB71E7aa+V?U~XQK
zA0Pk+PUl3yvtp7<3BDI2703Y|j*gHg`09m@<;iPMke8|lqK@<lD?R>w4o~R~UkPIt
z%_~8;PbRNdsnLph3BBsETKRzDm<!>f`&I+;yV?=Tbq^4a(3SSy5!oVZPZ45bM(>%}
zrHB9zV^(>5Fw>?CBtRP@C+SjG*d0){WjN0Mhdk*#1y9=wl{JKe5`6`e;#jru>w_|M
zWEIh`!yy~h#5X)TZo_gAYYNwR+$#O}!2Q(Zn6>M<gMwT_v>Ba{<ac#w<)CaXN)F0q
zp>j|*5nI|p(M8I2%0$Lw*sj}4p1#}u_#5`Ga9aD}Q->P%lHYyI?s@D)$JnsSz>wK0
zPD<gR{E5aglTU_1MH-<D>e4xM46*u=yFfV`nBjEqcN*9~;O*H7Vx()bd2JrYxPcYI
zPP&l?9C4Bo3RNhd)tZP%%DNnc#N-eVA1ttQ<Z%>sm`~zI90+ke=QR?kv=R$BqAo-N
zq%e=V^8F@VKmjJML69q$WCwEb!3LbQU)dRO9H|zpL5$Hn>}HOWynqD%Y&vNI$p!y_
z$i?<4!jX#Tr0ayS%igBA>yO80tkCiJu&<yJ7&E?~DxCw$@*xz3_5#-nWoJ6XPdTuP
zg7aCl1LHEC6n&Bkj4_|XWr%!_7xEb^;>RKB>Ql-^c9PX~9VyJJOr-f^RSDH;eW-42
z>DbW-=9JF?KSUhz%gR+aE0|eo8DDEYG2iy@9|iaUtQn1iQ~cPK@80i#xAA5c+fMu-
zR)r@SxGpsYo_Xa?`<Bl?Ap6p?w|wk~z4HGYvb&Eq{f53Dm|x%e={bAx??3F$$(~)~
z_KnZkZ<p<sf$^VH*g_XQ>WnOR-WY~_iJA*U<UgFoxrlftMY%H~aw8}{HOA<I?(h~C
zY>8KGdEIeFPUbPuQPC;Fa)gdOu5hB`k6Zhsj=lkv4XGmkO_*89gV--21DlHKK;=78
zu6QXQK0biP$H#DXd>;l&*vcEWHUi-o@<_-Zp@;`@fs|a>{jRb}q+Li%$nye!OydDR
z?R*DCx;QD^j=JgGH>fJwN&G!2rSqtZ6%qC(6t4y+QdB{CJiz%NPkiaM7m<(okE(^d
za@gl7@fHPTR8#*^PuiWa;ChOX2}@b0$QsDS67Gjcb6%Zr0kYpC>OeZ5t7j7S52Iz|
z?M+`R4|{QV#Ni*S6S3-m04~}f&S^JRCtPrufbx3d;Et0AD2-&_$D<={;3QWd!bRH?
zR@uH+N6aAte+0y;q3`DrKO5I6j=Y@HxBk-v$WmrEND4#T2=V1&exaNjzhRNTSp{F)
z_{Hg#=DV6rU(HA0I)#%rJZ{cW7DRltg0i_Nt)RU8^@r@SlM6PiyWijb>Pzg}J)M#8
zy?=4YK6w9vol=MY_E#UUXI<R6efs71pS0J1_?R7U)a~cKY?pn-jp}TnT0z-FY~>Xc
zd9kl}=3aa4SM9fHmPo(vPF<%m8jCI4zi-OE^oB`$-j!2!V4Gj_j<yWvL&ux;&U<I=
zPd=sb!H#<2OK#a~fB7vJ*{2_G*q8s#V|MT3s$cPC)$<6Jm}d^z&_~{2qodP0l`)dB
zY&Kh}Q`?qf4@jzC$7tyULkVzP2)jYnM8!QB_KbWW@=;anCyAsN@)DBm?4&8+4VtwN
zr@jd{TN!Z~DO2ZC?!dD}ei?8Or=CZE-|s{-o*cmk&<T^^ad{rX>R&uNcYH+tNI>zf
zLjXSXCY@7w;S-Zj>M)b;1!M^M;`jYN@R3&y&T{>r@W)=g_>mRmCb{0fJ@g3{2;}Wu
zAlF}ECeL!Y(Jr~Xh&vM?&zpyGbz~9`U84+lJQ4<7!F0J<J};va?6eW>l?rfYIrTGb
zNq@1@>JDWwfKuDRBS)#YkjOuwgZi8FWy$fqCL;ElpnH_<V@Q<4>zy2}0CgNjAIYQ`
z|LKL4?y~q|3j!mLSAc;j5KrH6tZ+{7S9i?W`#*WY{^@m7g>wSld!OPzbi_XIvWdbu
z0Uv*K);{>*qxRGTHGA<59p|LNlL!kf`@dg*kvk_p^>#TF-0^bJPYm0k<MZ}=A3S2;
z{wELFOMm|%d-?A?XfOZW2kjMac+mdsTOYAM`Iv4nxSQm+cj`m-{s&Il+wWPhoA-^_
z>%VTF%ic1O@oUX3+Tz@t&Ckq=PU*(-q&4T|V6h5v>adQ9cn$aXQN=yhp_59VIiVY>
z^!7{qaGbx&ijhtfch){xVssO^ffxB(G3n^-ruG?DIA}!V{3ZCEqK+8cpd4X)v9n>=
zAw)rhxdU~;kjfw`q5(I_m~QS`osYY5)zg2!Mn~$s$ep?JL;NmILE<4DJ|0*3%8ugM
z1WA4m6GvK^l#V=<!D*vi{ggZdl2180=HxO-U=@Igk|ULr{I2*!=*Na#svgZ0L>rRD
z9j}bMe2!Uk<o9+LQ5?rJ0Wv~u|Lq`A$d58eb6pY*3MO>MM=pyo;B{vX!3oox;lFPr
z2459Zzu{>3CRc@Fj@3YZMcLbw6*cA>-VRNk2Wt5q6XhKiKl$-5d_|Kq5y{kz^PKqO
zudlPOB@qtdl5||w(H{*djAP4}Y}0QWsbnOIe92TLums6cOt}yWuW(i|sy_M2S6pI0
z`bE1_Ob7h7!4G`Z752Ygwl~Fez^9D=<%=(~KYHb*Tk6G&CoJNc*ecNEcgN$4_WghP
zxc$gqJ*WYs%Q=i2s~=2`nlv~(|Jo^g=H-*JO<c&Th~MoeUa_8>0h26j(^<A}_&*2j
z|9;|>efp3L6q&XHPy?qx&PIFopqvlUiKEs&al+asdG%Hf3Eu&M{LzaHD-$z!bWVzk
zM;I)f`^1KQ6AuoHFQY5oUxQ6Yk0WntBibq_+NM0&`Pd+wfm6(CU!aHTMqUuvIWi{@
zz!vj3hzZ0e4*Czu?6yC`N=L|lqejVouCOn`GYLV2i7S)hX=ne<8wfcme|*_>1re`w
z^zla~@JnZiiFi;d^ZNuYQV|N2Nb!zxyvTo71}Y^Xhd8Nsx<80OcP8jaNQorT{z0%I
z2juM>L>%?+BJl=A{-CG=jw=&<&_>}aWKxvf-h7Y8-?Cz|mmVM<(NJzY26Y`!hI~3<
zrQLr5f&_?)N0_}Vk{OM_!B^D;9u1{vM`Y=VNK8aoh>0;1?L;!Zm8fP@2il!wm1rR<
zLy8ol0RhQ0G#=AM)gzuwL+KIEAADraUil0*bams;KeK3Gdfiy(%ibB@`{1%YWpB-P
zP0*XCQ9a_>MC6Zn#?&|auQ7Ys7J7?^F9|bg`j3KfWtXtrvKua%usdFTjo&Db|J#pu
zKD@R9y2#mVivxq<D2=J}2HOAV{bv8~XQUIa(_@T4sw+k<hB(I_O|TLn1N6$EbnfVQ
z+h8DhKzZQz-`~kVQOGD=yPX6ShCkCM`01jEW`ZS5m&9^@ntKZ5?cmG^kkNMI?~#K6
zJ<D}2mlf@dT*@s#gar7+6FQWItpTzjAGz6_xB|3Ev?*c0Jm#+qmnuOUFpfg!0O$GR
z5l>9lM$wiiA^7XmQp#7*N_ARsse}#)VHF}PgJ9IJq~^wv*FlI=%JCbGL^v$I!X{8}
z_;6})>f(2!)`Vm@8_MGpa7;MUx|EBT{zIodCORf{PPm+LVSr$(aMsYvIRRgO(@N(A
zJpc0H70yY8vjnb#!f0(FY}3HtE3d08p+ypV(z>2=cR@@{u>2U{RvS~Uzl@=8NaZMl
z>S0Y9q+#qKCeoO!Rt1@YRssE;v#v$}9r_`+rGo(5PoBI!UOyEE`LcdS*zw|Aiu-Cw
zssL$&5_@%`jDBSWkMHZriE^bRlen*@usXrSj^eET5MBckQ?w)Ov_mg~ha>I7aD{xJ
zQ|A~6iCATFy>%L61@d#^$(QoF?uq=7-h79AL#Q(F4Un!ni;Da~p#uuC@&yr}4pF~N
zLteIse&p!w!Jv!Eat;(nlqXTo6gLpm&^(I48Fc4HQ9);dym;n1NX5{S0@AaFq=LQ!
zeNd$<Y!s`^D;ow*^H~sE!Epgz6G`RRD0^W-%DYjNp=Bl4!&p|4$LUD@Alclm$%wdf
zg>qS3h`C-+7Y~YN<d1B!x;Sr&hjPB0R>Y-tVNxBGD3=2L(O4(gc{HH3obtyT9w)wn
z^d}}r-bC`p9qKQCQ%7MYd;bwZ98Agfaz#-u5V8s#dQhaJGK4QsK#5&W1Pm&(rm~#~
z(-DgIukPyTkM(qfm-^#$@TiHmCOuv3IAzS3IVs8!x^Q$vLPS#Mggj4<kg=(tu%HZl
zCx|y_Ms!omhYZgrq8)HDW6>?Cn;aC7S3*aB?2`rz;I!PJ70wL0kbN(hz_{ED0*y8c
zV>*lOtguO-g;}z_urTBkhOT`-T*!k0-E+bq#a+5)5T6`VG+mX?dmFJ`A!iUoxxLB?
zb%VzpD4qDk8Tx1B4jA=;6!!fxI-U#i@}ul1KM^Zdg?=gQpY7);UME#B+MEi9!xDtU
zz_jChDKBq_`XdzDLNdbJ@J+1PG4YneF1vH^vN(FXCL&yr5^3*(C|_mxS5H+guhNp=
zH~s3|N#_8ax#M%vd6~G=XBLgJInu`t7upGSg$07}m&aG=e^!8Eg>uqWPNF-9=MbSn
zPP89wnRz3Dnr*uXmL5<vDYXfaT9eESrs_50&4Vt|i*}3@{j?ci+#~DA+_G*C6r%4c
zY#gx%<&FQ&Y+{$$p6kqB_EWk6Je3%>I9hGnJvnSY`Ohx0LmCr5_SQ!_kAyB1#2%DC
z|8cX)?J2ShH&lrT_t*yl;tBSePzLs(u+f+aWT56E4@Oe<ve<;U3PPuze32LsQ#oo-
ztffZ)`F>N{3rUFcbb<vuOP()d@LzUTo6vqt+)U<yTvnG{ozRTFZ$#nPL*sENzD}n^
zL;~`ooI+Lx*jYjxPM`P(@G&MhFY<5#v-&^yV)EoX>Jj|R@5G0U$dmIFiNSy{jZs!=
zh;rRTAo349R{H=sWgUn^e}_)Ew)}%}XBkl^fIj8xsn9V)%Cm}t0+i&x(kTf%pT_H~
z9F)xkPQ=*&gT8W3&Kz9CN93UV$q$*0PRl{LQVz;bUpNj5z%cvfSA{Pm=LCd<@@H~T
zrsSaX9n$%Agk>&Sc#_FW(wcx-`FZ7$>&UMq;#YxBHe&Q&HddHs_B^Y!cdqhUD9Vpa
zDT0ZO$1EsG(wRInUXMP36~$#ja(TY;Aszj9kn)7oKIO8JOB|~v>}~N!OP-=EO7#6T
z<xHypdH(74q;O<qJcKC7H_gHWF$PE!q8s}yI3%$SL`45bIRuiZP6Cfr6j7uLMCZdL
zm$_bq4n>(na5Cs-*iAwdMbU)Ib?k-U6BX+BhB$nQZ$X|H%WoAn9mVqDCR62{Y$CW!
zxT<vJtZ~I`Nib=#@%2J;PI937szaK@V4#!EWc-ttWquuT0MZkO)j=MdK-o%u(HMK_
zpYaa6$uTT%0`h$ihvGd<Tp#j3(y4eP#5u~LCvg!Exz{3EC!(x@NPprnPglJ%Cg+K;
z`otX*=^2lT3Z2!!@kog<8=?IXOggf1&*K<>lqBNotRZ_4Ds)r6A}kP$>p2fQSXt1Z
zi|jZiP@I=32j}pzT0vJha%S3r{hq3eKTcu{q-gR4alTQ64lA%hp=67!c{oQN7d*5n
z*Di!JxS9!yJiLjOsH;nQLp5b^(bB%7ne$Fcg$hqPlwUEdaBi@!W|z_Tw?-gkbfcGO
zU{D|vs4&Q?3+#-I*yq5+$X*A3n}r)Z9gFX<B;EWI=S;fgcoA<Y#krHx{p}LjVVA`@
zlRa@t_K$E8&$;4Bk9^($040@1x#-f1{Cg|G-wUL{15q%fe1-lTX*bGBAjm{r>;Vz^
z+d*m{^p3Y?Al{<!H%o#%V}}<(-WTXVSrC0a0Nh!ToFboy{z7~g6zB4(19d?@c{_)J
zk@FJnnrS0K^>e2wDG_Bv-W9r?C*;FntuRN3I)p>gRreBtKl0<4cvllKI*5akKnJsQ
z>784l!jlb*eHl34R2CMb!Z`!YKaj!Btvi{RWE4mAy1Okalwcr4m-WfZDEJlOzn?{d
zB6(9J$lnlA9FO2u#AoM0z8@oqbLH!b3nD)9Azy942kZDbe0OeAdM|Q)c;kdTnw<SZ
zcM9W3`A6lH7V_g2TgvdpfC%GIs4RZdhq&Tx9~=(F`zO+M&KorT77y|={bS{$i<AYB
z?%z6zvdUqo1oFb-AAn1|J^@lk9m2;UOmg&<lk|%Z{rTJn198r{HV{E|p`Ks{@39Xg
zbPhEJEN)W~Wur@4P;zh{PJ7P7Q&o<U&T%zFK6gk&?wk<da~q;|eH{*pgUoA{TA{)d
z4Z3hJ&@3~@PeD{Tw@7nZ*W7@C<D6p`%63Xj{<>*89SG!C1|He?qXnHu`Ap)xdBU-X
z3sRmkKNGBnbzCv=u7{8n)GMx>mdIBuWa|B^pQW^3<Zro9H#K@5rp_)$JpN{k%A)Pb
zQ@qkkJVZW-_S1D!yzQe|jw9Dn@wt5Q#2Z8Yn5PdUwrIzqvUDnr1ByVB=c^JWj{sKS
zD>v!H>)Htx<13D|Q&9$_x)k!IXZdka8Qv};CiPWU5ke-%9*8mP^%mu0m@N7EW}>V=
z=hPwUlBWd$9FuTfRzq1n8_W5X=h!@)%In)~6)IE!x{A2#TGHJhzg6Ntd(M?r;hZ9x
zJd9%i16`VnP6I|+Iwn5<t&#Qi8~iHJH)v`SbO%)wzd^$>;{3yLDvK~H1_i&4tXOzD
zVd>%%yhI0KjB{|_YvSo!&ow|ba#{=Ucv~grE~h3%Lns-KhL#es85{kB2RY>D2oc90
zoQ%AT!l_^uj<`V(GJ+^P<n#b6`K%XpqP?Td$%=>-eomADC`V(eS4ZXjNm)V2&C?2f
zDX1%<gU~Cg65+ha6*4y&=p9uCQ5O*5GS6y2*IZxEM}&m%<{Uxd(&M2hszQYdy}-r7
zMdOnX5&6|s;hciLV8WmuIObi^w_BnEp|qqQ^Ff(%!`}tT@NaM=a^@trh$pNGnrNT&
zvUr>oPbaJy#UHn*0`XWS_LX=Vq;n=79lR(I^(CI8Q{w0MaC}uqM4p_d7a}d>cM&p4
z5QTp111Udlg8cg>nnj97H0gt1o`<8z+an_oNAz?jASJ?2zT)F;oRk17d{IYOaCTzf
zPT};Bfba~FmuPpK;E@vvulJRLLGTsw(-9EY#ZUrKB*)Ae`GcJ><Ot?ie&~THiX#L<
zpNL-#@C5Hh5cxL)p@Ta#I)NgRL)0;=YvrI+sIVq<_4wNaB8+E+^9Kx97+ks{8L|})
zOBcihACst0h64O$3d7GasE|p%L_P_EEUt)$Ko;*SZdushXwg_I9&xbhqI2ILqA-s@
zNN2n)Cvxb>BSw#7B}Tj)heW<dMC6Y@gwP+v1QT)oct!ztYE*H5ES1YF5sznbT?<lv
z|9~2Gk_>my6px%JyB|<9san7v4WWzV_+uN%>IL#qr@YVN(M{KkMnY*&kQa(}a7T!8
zq;rnoD|j<<ktF2D4CoM#E&xZ^;_*k9KSBa~F4k~T0uhdSBd>=F4&tMY)(i4d&#3d6
z0$I@}>@^u4(UDCn5KtWLR%)NhL8(w-O=MRpZx-~m2o=sAvNk6e1mZ~7&{Yt|y9}RD
znM5H?NU^-1QyBiB^5g{dip%3Ee@*0tMo<O1PHDXP<S+8o794^s&L1)1=#Y_mkrz_k
z{4o=gu87Ak?uev#$lqX*LxMAb)8mebWa4~>%rbT9TPBc&onN3mptS%yZSC!r<aF&b
z>47{sSjdkY2a%jmN1TsfN{CZ;QV0-H;t51jp<|AapMg3D-wOU-P#^dvTx6|*f#hX~
zDh<*PWkg<_hRp!&S9ly6Z|<B(c$;stWFN-MP&p_SDy$2Aj97)U3@j`bt`{jSx&^xj
z!H(T0?1m2p0`PN$A-%0qkj~wC5l@gm<`6Gg{82{I!_Oho5}(J5{BcdBCt4Mu8$`H7
z?j#_;6d&-%D-kEY&^_u(o&1=k;RNya4MldnMblw*O4&CAbk1e<LsGezKskqewMz*&
zT7&399)KMB-FaP*h{*ItQI5!ilj3E;!+<IA1%kgo$j=ljWF{I2<X@|TLL}obFmtca
zrw>9+Kwqy1<c&7vNcMG#aD)ziP3pw;;F<$EXT0=SM5-K=3Kc4BabV22yIhTA`F!HV
z*y%Kgtl_W}k6`){=CD*&@i;?5eAR_8N6I5E=gG()!$=>DF=Yq!Md(lh6SY5%QMey5
zw-x8`uR?_*BN|R|(Pq(BLCD(>5R}@;_19_W*$b2%6mWg?$G?vvS-eH$y03y<MwFS?
zw@Azo(XOZZ-yh?$BGQ9*Rb>1j6I#>n$e9N~Jkp8BB?Cj5aGrU5xDh7>qAq7NE(GKh
zUI!-`dZ<-7C>1JHxBw7VvKL{-u$)XRtQN>YaAGxtiBdc<iNh8YaTvx3_m!`S%b5t1
z0RhBu-h;nzXn33=UE(dDynH4K|KOUA{$qSnfc+O;`#;FXq=}4G$Tx{fj=v5s9Z=Ot
z1;ragg!4A=`erCs1He<}TNPxC_7U;x!91dh_9dF+LEw7m4{b@`@}W>ZGFK?q2cbfg
zS?I5JDnE`1<azv~aFoeO2GVf~RuoSHdiCI66XeNtTBC03Z9@=xBimQ_Xooe*>4$YY
zMkR#aMez!7o%r}qQ5ooo3Kc3;xWIwM!}?+6f;h*b%OJ-i5298h*vL{2bBFDe!tMk>
zi4P*JfYL%pJW}yTElgxQT9RO#6VI#o2Iow|;^VEEoH~UnP2u7ZO_`E>-<vWk(k$lj
zI7|Hg4Ww{9jtYXum7t;}L>0=kCde41451_Cke>;5U633^d437tV{x=gzc+nAR=l(D
zkv9LJTtsjz!OP%}<ocr}%IG7%Kok;k6F;XUL46&HJa2$H^<+NH&a6#%y>PM0=zE-^
z?Sgvre?L%ms^+>7I#U!Yi!LNx3$C2vI6z6Q%0a16p~4dc7`<ME0mMm>1K<;PqeHAr
zuvyeUuP(maZZoOm;hc!?1@d<xmG6%aa+2BgkCkyOr}ZG;BO&Ul(`tlSSG|grq>Rds
zqPo(1R19&{YpuHX1p>%Kd9=SrZUD;2YKpgq6zY1@XBD9&1^FL3lzb~Xs{>f*FaIDN
zV?#OzNTVwK`nhOx%19s@&~`nGjJy!}a9}}X?12!EysW6cKoojM-|<^*MW5$HT~{eL
zmy^p|4??^j`I91WnppkwzU@ST%0a16p~BV%hBzk3G7Vy&3qyz?CXtlcofSxNzWN{|
zT@dGKLd_{axhqKW{ljG(F}BJ;QNAjocwZ3-UZru&WkY}?dkxC8-aQ8^1cN-BgLoz=
zW``0_Sp;>WDWf?#u8PQ<3EIfy23$nQNwR!WkBNOPM7~uf<6Lz2$r=bgbu2p4F44ze
zpmu_A7Gh<g1d@?MAAmJwCWL5!SjHw}ut>laAc3-ju?I+sI&s`cKSo~az|kXA5w63i
z5b>hQL8(xo!qx|Ns~2G)!{^|9RbU8v5l9xXpeUde&!dX`5lI(mlJrLqaz^~^9!)YH
zhqI&jc+}xUoTwjqsR^yCz5y8VZZP+R5fqyVaw46Ho5_(0pJOqLbh42>Cy<BNgeu^7
z%bj2s)+GmoLI{I69|VzaP^Sh(GsRZb6WMeSkJ-c&Dse<iYRdkA5he;?d_;z<u|oa6
zI;?^`Z>d_Rm89RHJ_W!QN7SRbnQt)=LXWOCiN}x%Cfa-l#V^o|dSSJ+GS<Uep~Cq>
zjMEsa{le=(<l9KzCn7Lv{fH)FE*)qRD5IA^2tnLYmZ)o`B`29v-_+TITpm_jd`>7#
z+&VxOR3cl12L=vEULK~u7lF{1b9BaONr)uc8Op<}0!9>O(v|XYn)la0a>@vWHiEVC
zg_5*E0#S@Js4qe%`Z)tpQ9q9KVNXPUh=OQ;+Kpo>IG43vgy^1#M5v^HFXXZ|s!x$G
z1u_+4L~agP;^ec-{2oJ4*|>5J544uyB^{XyQoJ88ukux>a6aMVRL2GV;TU6_^I{CA
z@LGV!zsW#8oyTvR43hWBj4*1n8Pp3jVN5Oqkp%W4_Ce%Uw4k-ni?>I<etK?n0`M}J
z+z>#R0^+teCkpAIPp>$lda<sG$b>E;f_Z<%BF={EdA3k??gmBFw*;D*I#bUG_XK&P
z^J$m}D}J-g0XpyqvI}wENB_-0xk$gJ)DZsTl8lc|x!n#5nKoK+8R4ON&Hn34ue2jS
zd6PZ*<2Tt|ues4|wlv!0Z2aLjUE}1A$7)c+J>!ZU*8ch1%x37A5@g7qbM>SjD^xgd
z&^Y~^%O~vkPv2@+>=`keZ`rSX%@y|WkKb%|vSF9(p0f5Y+-i2J#~98bCuDqN$et!y
zT!)`~<)nT32XD2Vlajg7>+%T=uKO7g?Mhe_k6?J?g~u%H`@jH)ZHo`9!Rz6O-vrta
zuz^XR5HhSV^&oC23!^u7JIY$u+yQfBh;T3Jht<*&25JZ71Y@d~*G&h&jD$Zh2tthK
zMJ}?|K$No{^vgqh6uE*Y^ohqM>2XbrPd_ROVhDtP7;!-^C)z$_rZJBU+AHTLc~BsZ
z8y|j8sklZsDuJ)Nwni0Sy1qI}t%S=GQJ0?eC;@&beN5Ix^QILybG&ZfP@6U8dpIcT
zsbCJ>>3z?0_t?#Q&GvlHC+*@N_>}$dUmsH8Ds)yFW1Klkf#dT{Coc~tg)|%xUbUN}
zh5`mgJWFyu9;c0HxVa<;UYwF64SUbGUuAY!9v2OaOwu8K%!<mAhjO_Stx(}?V5nxF
z(HQ*5!A09PTC?HlVY__SuwAlU7yd%azVND1``BY?xiqc?AOG2yWlS%%Z2z{pz2WOF
zbHg*IF??vYWyeWN>7FO98Hn>Goionkx_Ck&>V+kbu<Gk3j5{tSfQ<YXcGcz$5gS&Q
zL=92w{b18-u@P2s{85au4nk^jFFL1n13}b-aRE^WbW#1{v-G^`%J1Mr7+nKo@3!7&
z5mcD6Irc!_CIca>JCDZvcZd|Xo_0iphP~%0)Ka^x1@f!~<aJfGRPU&7I2BOO%ML~;
zya?4b>Wr>F_LLrMu!KAaT}wrG7$uLq>}}$DkG2b1FNP!!{e5${WHrY+M}Hle@~CLi
zd8I<90V{HP)q{ABWnx%yB(D?Yo~F$i;&KFb?;f$Qd)jvUcYkrvOkvwKYJc<($LxxW
z#_dx-e3KphZ#Uc9zUNwbOk-+?cBh&$s6Y0V7g^&MZ?$`W{6_nN8~50ozx`^(H|)|q
z+w4u>d5s;D0mt{yt);#3Uted(|NAZWiPv0jSM3|Ow|xJ#HloSlvp;*QjgQytH(q&}
z&HemSZ26a-Vz*tsL!S7s{pq(~XCL^1>+CgOvR`f7a}-smaAwf8G<ULLAAe-to^jbu
zyL7s)o10;q<+|QKZP)60_~TFM0+-|R!SB1lPW<dG_RC*&h1uha_Qrp8wH?#7ao>;K
zVxtqo_SSE{!fx3&YVDuC*$&M#b%8G1C%^9+JNRF3u@~RA-R$_1{f95P%&&vRUwn$$
zqYL)U&)H|M|E6o~(Vx26zTmoP8HFd>IF|wN4W&?SEU|uW)x;ulLoH&txcE+q^7?Pg
zh<6BnOkPU!FmYH(?s5lgH?romVdO$Ea+EK9dhTUWQeIfFm(eeN!=Oxr(oVEHZPf#r
zYJ-6cDU)v|Wy7izXR;a;Q6}|8#X*!<(LSX-q!Yzmy-(2e1-JPnz!QYLLWh3HGeC?z
zDodMko(?&!CC~YkzoxOv7y;<L9*~c(=f)U=_-Gmxs_6!6DC!=Gr1cpCAlP!E9#l2j
zsZ0#5oU$=ME1gCNTrZ@+#ORQ<b<wvm6d`21ZVwz>u&4jZXYF%;?LON#S+{@jdDAxE
zXxpj9rhWTYUTm*?+D;q!wvXD?Kk{k2=UBs@cJa6rY}?52klnI>%o+;&YuhtR_SLVu
z&z}9O_u4z}Yua~x-fnxzPu^(<bw_&LcYoZz{%Hs7Mb}Q+q+|{M=)Lyw@43uwJTPVd
z<eG8&iMJoIpL*+KW@Fvetx#c8kS^|zJ~nUP{;Wy6YS);3;DHnN>mN8`zx0y5_Owf<
z?SFspG5d%d^mpGsYd8Gd-S!Qiv)x|)Pxjka{nmZ<yx+Xv{_3t7`^}eKZJ+zA_t^U$
zT(H^?ecE=8583mt9<}HHrg(niKKu7CIAEXmjEn4tU%1_F{Q0}>C*E<&-u)9d`_=YU
zw@lf^-}7;M&u34`NIk*ExvvuG=s)w%QRg03&HY@2VZ#tYAYRR71$RWG8=1n0cOl}i
zlxKh_JIY@-&?9IK1WOqGC^roJhIQzN&?^d|!8Z#bS45Edtk+3N*_~DcydZD4eucps
zV`weGp##mrG4B(?P*0GN@^MmnFp(V14HY^EqF^XFDTs@xF5Xp8To*~6KT_0jIsG<~
zKk^|eFE8>809gA`h|7uMQ=L~jC>ybD%6ELe<$F+S{%lR9Ky%A>(VkKJgI8W*-}#)~
zwtc)NKLZUqdhF93<IlWP26dObw5eemmtkGt?oW3;bK+}o_apcX;r0>x({H@WzV8e6
z*v<QNcgk}2MBPU5UgUWE6B+Wiep+``$U1t;K5=NtZqS|Usim6z`QIHj+qPcUvO<M*
zKx6k$KXuCXPuK0+p1IHNI?}K=-M(O7_ta_IHQuu03r*Xnw9B^-`xySY_a3rEIp2Tv
zudfx)b~)x_c2Z9J4ml-b8q+)F%#UhveaGERJGIcZ3CUkv9I~&zWy}uFEZeI-Z<pjY
z?C0Kn#I|ev|L+g$4s@r+{u9kP3AjPipDv2{5@9wl><|V!jCNm?1*{Wfp^UuDvyD(S
zFE{GAfhr6Rgb%t&WKe{{ss#Oty{BFr2SK!hxBD8EC)xS+hiwGD5{LIo1D4<`aG}f^
z2)RtGxv1zHMD!eku8ashIC37DgpeC-L4_<50!pC$B0Gfo@aAn9GI}Bv=8uqMOY+A@
zUHXR-O7}fqsyM{sIzE8t8IZLGQgQugbF7&J&7NAeKe_#+-TuATn;nya#~b!*Uw@fh
zDTm?s{IdP~U%J~anHu%gkP(%NWAW%r!+!LOrqiC0w%vXI3A=HxjO^%`{j1N}*7>rt
z8oVz4E9K~1zGK3^{kI;JuTn4U@JL-3%g%B8%exlrpFd^XWsP67!>-s-w?F&LNjXJg
z8r_^~R;bVy8qY@$F32~o*>kTRv$x;3VDJCfQQJRNm*Y{hg%fg8=34f*_srY(|JDQc
z(|`1cuMR%*@-h358q=RTylm5BHFw6hkBoH2zQk_R#WJkBe-;4P-}06_mgL0L?MMIg
zuzla_9<o1u?_rJcy3(pKUVw%R3gf)0Q4Vk?%cBN}j1XZa57JgaUS^bcRzLw6@^T}I
z@<V;Xn*xN5iZG}>#u~|I1eB-I)YiU7NQ$ppcQP<B4hU8R{C9UKmq|72G{kU<TKtC5
zpcRZhAWNtcRqHDT1_(!qv4$=&$!CBi`V@JEx{;8^Z|t+;v6(w!iq83|@|xyC`4Aff
zqIruC5vn})OZiukl>qtgE^(Cp{<UB6_-|2(*iV&*y}lv5H#Wzr;kC(l{+B;}#J>A2
zhwRj^-DanL@m9O%h}rFj7VYVmjM?$u{~Y^++fUe$xu)HHbjco*Bk|h5c+B4Tky$(S
ztGC(RKYF8W-(9!=^U)bQ_Ft~I=Uh2z@4J6a2D@b+d~nh3KfYx59zSVEf8i<iz^Qr3
zPy^@=^8*jg+C4vdt^Ls_AJ-l1j2-{gr`qw?TwyzZ;$AsIZF~RyY9zd(3Kh;a#)j+<
zKY7C5bKi_T{^*P^5C6?QbM~fB99Lq?KJVA>v2TCQ4m<j5PqmN#<Sq8T2bSzDx+Wg~
z&8OK@<bZ$p;dwi9vT1*Fudaa~y}=$l(Xfv`Iw#Z9wplswpMHG7-hKOFd;Ldr9sSJp
zcIsDdvw#1R%XEz`*qw(p&hcWN@Cb(i!oaNongqgr=LGVwGhu-tB7247d;o;(oX!ZL
zABH`2>49=xnUq59pff@r=Oo(sj1YB1V5;N5I;X;m-{*l=LFnr2I`MMUw(M2P%VY(C
zrvZh`0cD4bC@12=_sB&OE*Nv!Ia2~`x%`3@=}#_#AJRGdQ#>w3g`+|qRkg^!7K$>X
zoFED1=qs8c93prqgE!DTUBn$1PA7L@5$2^Be_IFAb&azVx+c_Y+eH*R81R}dy2b2Y
z{*l?-u@qUtq6$rqad29Ese`u;D3_H%mQT{78yn*-2b9z~<6d`yo?rhvUY_zJgUzj^
z!5eA53?t&L2tYcIeemwUq|#_G@=R8bcPeZU^%1i}cbdKKUuwKfneD&9>>FRJc@n3i
z2N=JM^$7;M!1#=@%5Lwt7IbRk`m?Aw;yL&I62yszVLd4sT*RX~GOQ!a^$_En>w|HQ
zk>GlIqG3qa?%{jP{`l2u(;X>tgGf!b0_x(G2xhgdgL7z76mhGdToze2#SG<ov6|5b
zIa^tmp7k9B4BRnMX`CT{)9M$HP~Y>QIwF_gT5vt|r_iI%YEK!_KCsq%)RFXI{V8-H
zqDMOniYPDO*M2A1ja)J6Qp#AC6F{w^+Au+Mx+;L3h%ogD3VxZGp2&FyL0LEQ_d_^1
zT<dL79VbzRssGng<Y2%^POA`zFsm0+=^RG^15A7vQydG@;DHyOILFBIe1|xkl{_t$
zv<XLE_(_Mz7kMgFI9Fg?hjRk*v6^2CK4ux)+4v_fV|F6(z(1}dad|i&=j1_tTu&AH
zLru4W`l8Gb=d55rYarNzFxcr{>db(!I7S#Svt+AEd2)nv_5gY@Cl3S!P>B#kM#{_t
zphmw*ZoOdA>Zx=ez=~7Ds)qyJs36438^<09c0cl`S4R<_Q@I`1(Ya+&WM@?+#1)7L
z^rkNHSR^5r5d^yWlSu3j`l%3qr9O>ew<{?b&~Lu)Mm+xZ8|R5gLqsp?DlZ}Q30e)_
z&nk~SEIj^+A8BkZ4(OoJJ}AKvs!*Xqg(nKIY1sW<hPDeB(y-WJ5C=rE!EVsc*oKB4
z;V4BI!O$AIg&vSkN-4Z1@^U%qoF#dGO_*~bR5)X#vY1Q<(k&s{nK!)LQIccA?;){D
zxtixhK9YOsP8vE;MdwMnMLTfrujU35v`QnOPY%Svj<^*%L}D&C!cYmpj>7{LvPcM0
zzM2YZ&4_3AG`0BsAjSFjS$Hc*deX1nw<2WqB6OxKs^2SpAd+4<Dlv|T)VLaQ;VT-Y
z2XbK*DpaWOL;`jjI~ew{FJQz7u5w4-50RB}&KL-b2@!A(aULrNeE=J`rqFN}UbF6i
z%v69fC|~DwO=!@jgR=5E4hXVAtOmq4aomZ(10Z1)P?Q%};^Q>NhpQA3sU5tWv;weJ
z`xh%b8HfszO!i$>jzowA%7FT`d9Z@enPWjpbc&7_u~~RoM4UTd#8U_ABJ%I8NHHhX
z*PRI^<peuzvk@xvl%R}iHg-|xt7+-6)T&?)%EeDH`&V!7zX#<BgH;Atg(nZ#gL3dr
zv)}vw%=e%ixY6wY``!L~P%50hbk?#bgMjvb{Ih0%_&s*Udr*1-U74gYl7W2LyD!K%
z;2wuE$hunFkT%d0I|Q*80_2l##P`rG%H{~lVcKF~C?k`Z@6Vttl^N~0E;*}#G9;I;
zoo?hQCUv7;o>wzqZCi@$gV+zjelVXDS82njBYASCqpouvpLky0e9EEtWjVLQ6AJgy
zBch{>O!R5Mg#6ftgu@(+9O-}YxU&&n00`l!zx-o#LPQ5vlv`#<`FkrjAdrazBpEKA
z_NHJwl}>!k#^s=_HJGRyJUk=XbB)<Q|1Zja%9C7hS;t;+7aIJ6JB!Hs`$BK4F3@gy
z<<`JfuR9yJjy_=a|NgVC9~qV1SD1a-k7z#N_ZKciM1!BDhA)d<$57~rA<ZnuA2xf(
zFUlS=xnR5~1R{Kf*D3ljd2t7aNX`)%V*54|jAa9jQDqbD0El+!C7-x~9h8^=xtk7Q
z5zl##_8~cECCrieVZC5-W-pcRBT$)i3FxIiW#kAQR)sRPB^UXW0|v^MfpWc13FsR3
z#|V8I7#1dNl51<Uq03C+eEa~M6rV%XsKs2OINA&1>&A827OzVW`5<Hg`iAo;!|Osm
zMetiXJYsTL0!iVIP=%1=dJqAULxV2J@wz5G3VspuetzzV2#$>RUhNqTvKq*bW1T~B
z?o@$TK|!xR{j~x(DdC&|${>H}jO-YsdHjV0_n>L`v!py?V*t@!YdMG)1Y#ic*lnI8
zPonN|;caE$q>N8@!cBGDVmAISIM7Elya<CeoLitX1Y!{F#yy=g&IyB!7Q-sa6wV2{
zhv6fP@bUnnK2hL+2)zR#j<{8?&AeQ~RD6{?<1!)(RoO6dWpfaZ;5Dwt04!_Pw-=O=
zH!or)q{x1A31w`^?okFu96}Yakv8-Eg1_a%3F8JKJ(LJuoB%ebdx7wk+Bo<?ujc2E
z%b+YV@Cr1q*}_ZF@F1V|i#J;X%t8KE3t<r|&~{yIoAPi;lof!F_;66j>$>RZ$oXM_
zsAH_W=#ZBSdNjf5ys3@_a))^}BpyWIH*m`19h9#%b&7+666@{owGb7&(11tjhC7zd
z&H%K551t+%4bVn(`~?px#2{jT_W>;Bx?YH5<bp;TcpQA3uhL%|0dm8h5XQLC$ApQ4
z)(vGIc$~mUA#ta;L3sO!2EH~ULnz8|jkYDr*|5EivOYP8E45Fs2i9ei$V>)JQUs|_
zF%f1UEham#uDX*M`AIQ!C4aB#^#dY+mm7+%@u+1a(kN)1&L>$=mkqj+jnx6-A&*N5
zMY;my;o7Wa<pqE6l|g!r;ETRsUkg0pu=E586fP#82R-sM|Em2}7Ft%Q1m?wZ7C%=$
z|6L|wxveuE@sQw+;?Wxe4igoCE@W)BgOXp6IcRIrIi_pw!UmOL^saKpMl_Cgh4YVM
zoNuy&0;2n|1sI~RD-qB6nc9iIwu(X+hnrBZydHfGbB@RW;#yb*p(@n3K4*elpBxm(
zg;=UoKlU|kR8#~9LdSCda*iE@E$SI%!AD%guL^FlnLI;p9Ye2y@(V>B72q3PJlZJY
zlJ0@f*UN~L0iBd!hvJC>;JjycMRGlkXxwsbdQ==GfUmZ4t-9k9f(JmavSP09DS`}i
zikPCEgD;Xe$KeS%IXEwuxnd54Au+Mx)`hBmY&?$qo+lph5E%t;6c{4vb0#vj0xAb(
zgNVxDqBEE{FM+7aLD?GU8s|OwYBLZ+qKx$x7cwH>s@Dum7@|$A7h)LF$zHFG&|!ed
zERw_i_G+(92Zcg3B97cDI+C<%dj~R^Y-$aedEfP_+raVzNp4Y=+PS9V!1)urT>YV&
zc)a3rCe;rL=XyFHq<}x}!M+VR5XcL9$qNzTz<a#@L_FtRj*Xc7npKz$!|Xfp@OmpQ
zAR92|pcQ}tq92hT83cmpnCljZdXbi8@puOTJR7hi9-S9*6pp721wX;F^@!&}#b!Gw
zy+C~485<a5TN6}_3S}cK2W>mD3GG_p%;Do){p4>etOn9C%I6Vr9fhj-FvE6nEd`HH
zFu}Nv$z(MYvPA=l%M}D1G4`t<vVe1D4=9vMMgKBe#NGi&@uAniI+bK{3ZiahMEZv2
zATlcx4pFF#oIw#~6L1GW!C0lp5q$o*hlV(VyDUWHZIPcxIf0xn;5>=Z=PC4w=QqR;
zIOd})vOz2QHyA<|=P-%<+c%|g0wN3WbUGt+3oynw7c&k@_$$EKlrO%LZD#*JWK}C2
T7h)D%00000NkvXXu0mjfK$-&g

literal 0
HcmV?d00001

diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index eaf60f5ed2..a92afca98a 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -43,6 +43,156 @@ Process:
 
 ### Create XML file
 
+Let's start by looking at the basic structure of the XML file. 
+
+- A configuration xml can define multiple *profiles*. Each profile has a unique **Id** and defines a set of applications that are allowed to run. 
+
+- A configuration xml can have multiple *config* section. Each config section associates a non-admin user account to a default profile **Id**. 
+
+- Multiple config sections can be associated to the same profile.
+
+- A profile has no effect if it’s not associated to a config section. 
+
+    ![profile = app and config = account](images/profile-config.png)
+    
+You can start your file by pasting the following XML (or any other examples in this topic) into a XML editor, and saving the file as *filename*.xml. 
+
+```
+<?xml version="1.0" encoding="utf-8" ?>
+<AssignedAccessConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config">
+    <Profiles>
+        <Profile Id="">
+            <AllAppsList>
+                <AllowedApps/>
+            </AllAppsList>         
+            <StartLayout/>
+            <Taskbar/>
+        </Profile>
+    </Profiles>
+    <Configs>
+        <Config>
+            <Account/>
+            <DefaultProfile Id=""/>
+        </Config>
+    </Configs>
+</AssignedAccessConfiguration>
+```
+
+#### Profile
+
+A profile section in the XML has the following entries: 
+
+- [**Id**](#id) 
+
+- [**AllowedApps**](#allowedapps)  
+
+- [**StartLayout**](#startlayout)
+
+- [**Taskbar**](#taskbar)
+
+
+##### Id
+
+The profile Id is a GUID attribute to uniquely identify the profile. You can create a GUID using a GUID generator. The GUID just needs to be unique within this XML file. 
+
+##### AllowedApps
+
+AllowedApps is a list of applications that are allowed to run. Apps can be Universal Windows Platform (UWP) apps or Classic Windows desktop apps. 
+
+Based on the purpose of the kiosk device, define the list of applications that are allowed to run. This list can contain both UWP apps and desktop apps. When the mult-app kiosk configuration is applied to a device, AppLocker rules will be generated to allow the apps that are listed in the configuration.
+
+>[!NOTE]
+>You cannot manage AppLocker rules that are generated by the multi-app kiosk configuration in [MMC snap-ins](https://technet.microsoft.com/library/hh994629.aspx#BKMK_Using_Snapins).
+
+- For UWP apps, you need to provide the App User Model ID (AUMID). [Learn how to get the AUMID](https://go.microsoft.com/fwlink/p/?LinkId=614867), or [get the AUMID from the Start Layout XML](#startlayout). 
+- For desktop apps, you need to specify the full path of the executable, which can contain one or more system environment variables in the form of %variableName% (i.e. %systemroot%, %windir%).
+
+Here are the predefined assigned access AppLocker rules for **UWP apps**:   
+1.	Default rule is to allow all users to launch the signed package apps. 
+2.	The package app deny list is generated at runtime when the assigned access user signs in. Based on the installed/provisioned package apps available for the user account, assigned access generates the deny list. This list will exclude the default allowed inbox package apps which are critical for the system to function, and then exclude the allowed packages that enterprises defined in the assigned access configuration. If there are multiple apps within the same package, all these apps will be excluded. This deny list will be used to prevent the user from accessing the apps which are currently available for the user but not in the allowed list. 
+
+>[!NOTE]
+>Assigned access multi-app mode doesn’t block the enterprises or the users from installing UWP apps. When a new UWP app is installed during the current assigned access user session, this app will not be in the deny list. When the user signs out and signs in back next time, it will be included in the deny list. If this is an enterprise-deployed line-of-business app and you want to allow it to run, update the assigned access configuration to include it in the allowed app list. 
+
+Here are the predefined assigned access AppLocker rules for **desktop apps**:
+1.	Default rule is to allow all users to launch the desktop programs signed with Microsoft Certificate in order for the system to boot and function. The rule also allows the admin user group to launch all desktop programs. 
+2.	There is a predefined inbox desktop app deny list for the assigned access user account, and this deny list is adjusted based on the desktop app allow list that you defined in the multi-app configuration. 
+3.	Enterprise-defined allowed desktop apps are added in the AppLocker allow list. 
+
+The following example allows Groove Music, Movies & TV, Photos, Weather, Calculator, Paint, and Notepad apps to run on the device.
+
+```
+<AllAppsList>
+        <AllowedApps>
+          <App AppUserModelId="Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic" />
+          <App AppUserModelId="Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo" />
+          <App AppUserModelId="Microsoft.Windows.Photos_8wekyb3d8bbwe!App" />
+          <App AppUserModelId="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
+          <App AppUserModelId="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" />
+          <App DesktopAppPath="%windir%\system32\mspaint.exe" />
+          <App DesktopAppPath="C:\Windows\System32\notepad.exe" />
+        </AllowedApps>
+      </AllAppsList>
+```
+
+##### StartLayout
+
+After you define the list of allowed applications, you can customize the Start layout for your kiosk experience. You can choose to pin all the allowed apps on the Start screen or just a subset, depending on whether you want the end user to directly access them on the Start screen. 
+
+The easiest way to create a customized Start layout to apply to other Windows 10 devices is to set up the Start screen on a test device and then export the layout. For detailed steps, see [Customize and export Start layout](customize-and-export-start-layout.md).
+
+A few things to note here:
+
+- The test device on which you customize the Start layout should have the same OS version that is installed on the device where you plan to deploy the multi-app assigned access configuration. 
+- Since the multi-app assigned access experience is intended for fixed-purpose devices, to ensure the device experiences are consistent and predictable, use the *full* Start layout option instead of the *partial* Start layout. 
+- There are no apps pinned on the taskbar in the multi-app mode, and it is not supported to configure Taskbar layout using the `<CustomTaskbarLayoutCollection>` tag in a layout modification XML as part of the assigned access configuration.
+- The following example uses DesktopApplicationLinkPath to pin the desktop app to start. When the desktop app doesn’t have a shortcut link on the target device, [learn how to provision .lnk files using Windows Configuration Designer](#lnk-files). 
+
+This example pins Groove Music, Movies & TV, Photos, Weather, Calculator, Paint, and Notepad apps on Start.
+
+```
+<StartLayout>
+        <![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
+                      <LayoutOptions StartTileGroupCellWidth="6" />
+                      <DefaultLayoutOverride>
+                        <StartLayoutCollection>
+                          <defaultlayout:StartLayout GroupCellWidth="6">
+                            <start:Group Name="Group1">
+                              <start:Tile Size="4x4" Column="0" Row="0" AppUserModelID="Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic" />
+                              <start:Tile Size="2x2" Column="4" Row="2" AppUserModelID="Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo" />
+                              <start:Tile Size="2x2" Column="4" Row="0" AppUserModelID="Microsoft.Windows.Photos_8wekyb3d8bbwe!App" />
+                              <start:Tile Size="2x2" Column="4" Row="4" AppUserModelID="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
+                              <start:Tile Size="4x2" Column="0" Row="4" AppUserModelID="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" />
+                            </start:Group>
+                            <start:Group Name="Group2">
+                              <start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk" />
+                              <start:DesktopApplicationTile Size="2x2" Column="0" Row="0" DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk" />
+                            </start:Group>
+                          </defaultlayout:StartLayout>
+                        </StartLayoutCollection>
+                      </DefaultLayoutOverride>
+                    </LayoutModificationTemplate>
+                ]]>
+      </StartLayout>
+```
+
+![What the Start screen looks like when the XML sample is applied](images/sample-start.png)
+
+##### Taskbar
+
+Define whether you want to have the taskbar present in the kiosk device. For tablet-based or touch-enabled all-in-one kiosks, when you don’t attach a keyboard and mouse, you can hide the taskbar as part of the multi-app experience if you want. 
+
+The following example exposes the taskbar to the end user:
+
+      `<Taskbar ShowTaskbar="true"/>`
+      
+The following example hides the taskbar:
+
+      `<Taskbar ShowTaskbar="false"/>`
+      
+>[!NOTE]
+>This is different from the **Automatically hide the taskbar** option in tablet mode, which shows the taskbar when swiping up from or moving the mouse pointer down to the bottom of the screen. Setting **ShowTaskbar** as **false** will always keep the taskbar hidden. 
+
 
 <span id="add-xml" />
 ### Add XML file to provisioning package
@@ -54,6 +204,10 @@ Process:
 
 *There are some Mixed Reality specific bits we wanted to include. For example, the IT Admin needs to include the Mixed Reality Portal as an allowed app if they want to include Mixed Reality apps in kiosk mode.*
 
+<span id="lnk-files" />
+##### placeholder for lnk
+
+
 
 <span id="1703" />
 ## old method (pre-1709)

From 96ad864e478f59d4163b6667c7469c7336cd21fe Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Mon, 7 Aug 2017 12:55:08 -0700
Subject: [PATCH 04/37] fix level heads

---
 .../lock-down-windows-10-to-specific-apps.md              | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index a92afca98a..19996b5275 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -222,12 +222,12 @@ This topic describes how to lock down apps on a local device. You can also use A
 
 ![install create lockdown customize](images/lockdownapps.png)
 
-## Install apps
+### Install apps
 
 
 First, install the desired apps on the device for the target user account(s). This works for both Store and Win32. For Store apps, you must log on as that user for the app to install. For Win32 you can install an app for all users without logging on to the particular account.
 
-## Use AppLocker to set rules for apps
+### Use AppLocker to set rules for apps
 
 
 After you install the desired apps, set up AppLocker rules to only allow specific apps, and block everything else.
@@ -268,7 +268,7 @@ After you install the desired apps, set up AppLocker rules to only allow specifi
 
 13. Restart the device.
 
-## Other settings to lock down
+### Other settings to lock down
 
 
 In addition to specifying the apps that users can run, you should also restrict some settings and functions on the device. For a more secure experience, we recommend that you make the following configuration changes to the device:
@@ -304,7 +304,7 @@ In addition to specifying the apps that users can run, you should also restrict
 
 To learn more about locking down features, see [Customizations for Windows 10 Enterprise](https://go.microsoft.com/fwlink/p/?LinkId=691442).
 
-## Customize Start screen layout for the device (recommended)
+### Customize Start screen layout for the device (recommended)
 
 
 Configure the Start menu on the device to only show tiles for the permitted apps. You will make the changes manually, export the layout to an .xml file, and then apply that file to devices to prevent users from making changes. For instructions, see [Manage Windows 10 Start layout options](windows-10-start-layout-options-and-policies.md).

From 7c99a65fa5a3e3a692bccef679db8e81b1f786a8 Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Mon, 7 Aug 2017 12:58:09 -0700
Subject: [PATCH 05/37] sync

---
 .../lock-down-windows-10-to-specific-apps.md  | 27 +++++++++----------
 1 file changed, 13 insertions(+), 14 deletions(-)

diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index 19996b5275..543adcbe20 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -18,7 +18,7 @@ ms.localizationpriority: high
 
 -   Windows 10
 
-A [kiosk device](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) typically runs a single app, and users are prevented from accessing any features or functions on the device outside of the kiosk app. In Windows 10, version 1709, the [AssignedAccess configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) has been expanded to make it easy for administrators to create kiosks that run more than one app. You can configure multi-app kiosks using a provisioning package, rather than creating rules in **AppLocker**.
+A [kiosk device](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) typically runs a single app, and users are prevented from accessing any features or functions on the device outside of the kiosk app. In Windows 10, version 1709, the [AssignedAccess configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) has been expanded to make it easy for administrators to create kiosks that run more than one app. You can configure multi-app kiosks using a provisioning package.
 
 >[!NOTE]
 >For devices running versions of Windows 10 earlier than version 1709, you can [create AppLocker rules](#1703) to configure a multi-app kiosk.
@@ -26,22 +26,21 @@ A [kiosk device](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) typicall
 The benefit of a multi-app kiosk, or fixed-purpose device, is to provide an easy-to-understand experience for individuals by putting in front of them only the things they need to use, and removing from their view the things they don’t need to access. 
 
 >[!WARNING]
->The assigned access feature is intended for corporate-owned fixed-purpose devices, like kiosks. When the multi-app assigned access configuration is applied on the device, certain policies are enforced system-wide, and will impact other users on the device. Deleting the multi-app configuration will remove the assigned access lockdown profiles associated with the users, but it cannot revert all the enforced policies (such as Start layout). A factory reset is needed to clear all the assigned access enforced policies.
+>The assigned access feature is intended for corporate-owned fixed-purpose devices, like kiosks. When the multi-app assigned access configuration is applied on the device, certain policies are enforced system-wide, and will impact other users on the device. Deleting the multi-app configuration will remove the assigned access lockdown profiles associated with the users, but it cannot revert all the enforced policies (such as Start layout). A factory reset is needed to clear all the policies enforced via assigned access.
 
-## new method (1709)
 
 Process:
 1. [Create XML file](#create-xml-file)
 2. [Add XML file to provisioning package](#add-xml)
 3. [Apply provisioning package to device](#apply-ppkg)
 
-### Prerequisites
+## Prerequisites
 
 - (latest version of WCD -- is Store version okay at GA?)
 - kiosk device on 1709
 
 
-### Create XML file
+## Create XML file
 
 Let's start by looking at the basic structure of the XML file. 
 
@@ -78,7 +77,7 @@ You can start your file by pasting the following XML (or any other examples in t
 </AssignedAccessConfiguration>
 ```
 
-#### Profile
+### Profile
 
 A profile section in the XML has the following entries: 
 
@@ -91,11 +90,11 @@ A profile section in the XML has the following entries:
 - [**Taskbar**](#taskbar)
 
 
-##### Id
+#### Id
 
 The profile Id is a GUID attribute to uniquely identify the profile. You can create a GUID using a GUID generator. The GUID just needs to be unique within this XML file. 
 
-##### AllowedApps
+#### AllowedApps
 
 AllowedApps is a list of applications that are allowed to run. Apps can be Universal Windows Platform (UWP) apps or Classic Windows desktop apps. 
 
@@ -135,7 +134,7 @@ The following example allows Groove Music, Movies & TV, Photos, Weather, Calcula
       </AllAppsList>
 ```
 
-##### StartLayout
+#### StartLayout
 
 After you define the list of allowed applications, you can customize the Start layout for your kiosk experience. You can choose to pin all the allowed apps on the Start screen or just a subset, depending on whether you want the end user to directly access them on the Start screen. 
 
@@ -178,7 +177,7 @@ This example pins Groove Music, Movies & TV, Photos, Weather, Calculator, Paint,
 
 ![What the Start screen looks like when the XML sample is applied](images/sample-start.png)
 
-##### Taskbar
+#### Taskbar
 
 Define whether you want to have the taskbar present in the kiosk device. For tablet-based or touch-enabled all-in-one kiosks, when you don’t attach a keyboard and mouse, you can hide the taskbar as part of the multi-app experience if you want. 
 
@@ -195,17 +194,17 @@ The following example hides the taskbar:
 
 
 <span id="add-xml" />
-### Add XML file to provisioning package
+## Add XML file to provisioning package
 
 <span id="apply-ppkg" />
-### Apply provisioning package to device
+## Apply provisioning package to device
 
-### mixed-reality
+## mixed-reality
 
 *There are some Mixed Reality specific bits we wanted to include. For example, the IT Admin needs to include the Mixed Reality Portal as an allowed app if they want to include Mixed Reality apps in kiosk mode.*
 
 <span id="lnk-files" />
-##### placeholder for lnk
+#### placeholder for lnk
 
 
 

From 53f8bfb3464bea8a375d85651ed9c4914dabc0f3 Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Mon, 7 Aug 2017 13:06:47 -0700
Subject: [PATCH 06/37] add xml to code sample

---
 .../configuration/lock-down-windows-10-to-specific-apps.md    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index 543adcbe20..e76ce71a80 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -46,7 +46,7 @@ Let's start by looking at the basic structure of the XML file.
 
 - A configuration xml can define multiple *profiles*. Each profile has a unique **Id** and defines a set of applications that are allowed to run. 
 
-- A configuration xml can have multiple *config* section. Each config section associates a non-admin user account to a default profile **Id**. 
+- A configuration xml can have multiple *config* sections. Each config section associates a non-admin user account to a default profile **Id**. 
 
 - Multiple config sections can be associated to the same profile.
 
@@ -56,7 +56,7 @@ Let's start by looking at the basic structure of the XML file.
     
 You can start your file by pasting the following XML (or any other examples in this topic) into a XML editor, and saving the file as *filename*.xml. 
 
-```
+```xml
 <?xml version="1.0" encoding="utf-8" ?>
 <AssignedAccessConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config">
     <Profiles>

From 8e09327ace3db1b69e7ad133eb67f5b2cba9ae2e Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Tue, 8 Aug 2017 06:53:59 -0700
Subject: [PATCH 07/37] sync

---
 .../lock-down-windows-10-to-specific-apps.md  | 48 +++++++++++++++----
 1 file changed, 40 insertions(+), 8 deletions(-)

diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index e76ce71a80..c732e8f652 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -54,7 +54,7 @@ Let's start by looking at the basic structure of the XML file.
 
     ![profile = app and config = account](images/profile-config.png)
     
-You can start your file by pasting the following XML (or any other examples in this topic) into a XML editor, and saving the file as *filename*.xml. 
+You can start your file by pasting the following XML (or any other examples in this topic) into a XML editor, and saving the file as *filename*.xml. Each section of this XML is explained in this topic. 
 
 ```xml
 <?xml version="1.0" encoding="utf-8" ?>
@@ -92,11 +92,17 @@ A profile section in the XML has the following entries:
 
 #### Id
 
-The profile Id is a GUID attribute to uniquely identify the profile. You can create a GUID using a GUID generator. The GUID just needs to be unique within this XML file. 
+The profile **Id** is a GUID attribute to uniquely identify the profile. You can create a GUID using a GUID generator. The GUID just needs to be unique within this XML file. 
+
+```xml
+<Profiles>
+    <Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}">…</Profile>
+  </Profiles>
+```
 
 #### AllowedApps
 
-AllowedApps is a list of applications that are allowed to run. Apps can be Universal Windows Platform (UWP) apps or Classic Windows desktop apps. 
+**AllowedApps** is a list of applications that are allowed to run. Apps can be Universal Windows Platform (UWP) apps or Classic Windows desktop apps. 
 
 Based on the purpose of the kiosk device, define the list of applications that are allowed to run. This list can contain both UWP apps and desktop apps. When the mult-app kiosk configuration is applied to a device, AppLocker rules will be generated to allow the apps that are listed in the configuration.
 
@@ -107,20 +113,22 @@ Based on the purpose of the kiosk device, define the list of applications that a
 - For desktop apps, you need to specify the full path of the executable, which can contain one or more system environment variables in the form of %variableName% (i.e. %systemroot%, %windir%).
 
 Here are the predefined assigned access AppLocker rules for **UWP apps**:   
+
 1.	Default rule is to allow all users to launch the signed package apps. 
 2.	The package app deny list is generated at runtime when the assigned access user signs in. Based on the installed/provisioned package apps available for the user account, assigned access generates the deny list. This list will exclude the default allowed inbox package apps which are critical for the system to function, and then exclude the allowed packages that enterprises defined in the assigned access configuration. If there are multiple apps within the same package, all these apps will be excluded. This deny list will be used to prevent the user from accessing the apps which are currently available for the user but not in the allowed list. 
 
->[!NOTE]
->Assigned access multi-app mode doesn’t block the enterprises or the users from installing UWP apps. When a new UWP app is installed during the current assigned access user session, this app will not be in the deny list. When the user signs out and signs in back next time, it will be included in the deny list. If this is an enterprise-deployed line-of-business app and you want to allow it to run, update the assigned access configuration to include it in the allowed app list. 
+    >[!NOTE]
+    >Multi-app kiosk mode doesn’t block the enterprise or the users from installing UWP apps. When a new UWP app is installed during the current assigned access user session, this app will not be in the deny list. When the user signs out and signs in again, the app will be included in the deny list. If this is an enterprise-deployed line-of-business app and you want to allow it to run, update the assigned access configuration to include it in the allowed app list. 
 
 Here are the predefined assigned access AppLocker rules for **desktop apps**:
+
 1.	Default rule is to allow all users to launch the desktop programs signed with Microsoft Certificate in order for the system to boot and function. The rule also allows the admin user group to launch all desktop programs. 
 2.	There is a predefined inbox desktop app deny list for the assigned access user account, and this deny list is adjusted based on the desktop app allow list that you defined in the multi-app configuration. 
 3.	Enterprise-defined allowed desktop apps are added in the AppLocker allow list. 
 
 The following example allows Groove Music, Movies & TV, Photos, Weather, Calculator, Paint, and Notepad apps to run on the device.
 
-```
+```xml
 <AllAppsList>
         <AllowedApps>
           <App AppUserModelId="Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic" />
@@ -149,7 +157,7 @@ A few things to note here:
 
 This example pins Groove Music, Movies & TV, Photos, Weather, Calculator, Paint, and Notepad apps on Start.
 
-```
+```xml
 <StartLayout>
         <![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
                       <LayoutOptions StartTileGroupCellWidth="6" />
@@ -192,14 +200,38 @@ The following example hides the taskbar:
 >[!NOTE]
 >This is different from the **Automatically hide the taskbar** option in tablet mode, which shows the taskbar when swiping up from or moving the mouse pointer down to the bottom of the screen. Setting **ShowTaskbar** as **false** will always keep the taskbar hidden. 
 
+### Configs
+
+Under **Configs**, define which user account will be associated with the profile. When this user account signs in on the device, the associated assigned access profile will be enforced, including the allowed apps, Start layout, and taskbar configuration, as well as other local group policies or MDM policies set as part of the multi-app experience. 
+
+The full multi-app assigned access experience can only work for non-admin users. It’s not supported to associate an admin user with the assigned access profile; doing this in the XML file will result in unexpected/unsupported experiences when this admin user signs in.  
+
+Before applying the multi-app configuration, make sure the specified user account is available on the device, otherwise it will fail.
+
+
+```xml
+<Configs>
+    <Config>
+      <Account>MultiAppKioskUser</Account>
+      <DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"/>
+    </Config>
+  </Configs> 
+```
+
+
+
 
 <span id="add-xml" />
 ## Add XML file to provisioning package
 
+
+
 <span id="apply-ppkg" />
 ## Apply provisioning package to device
 
-## mixed-reality
+
+
+## Considerations for mixed-reality devices
 
 *There are some Mixed Reality specific bits we wanted to include. For example, the IT Admin needs to include the Mixed Reality Portal as an allowed app if they want to include Mixed Reality apps in kiosk mode.*
 

From 7c6c964ce3f53611d05e560a80f7393a593dea4f Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Tue, 8 Aug 2017 09:00:36 -0700
Subject: [PATCH 08/37] modify toc

---
 windows/configuration/TOC.md                  |   2 +
 ...change-history-for-configure-windows-10.md |   1 +
 windows/configuration/kiosk-shared-pc.md      |   2 +-
 .../lock-down-windows-10-applocker.md         | 119 ++++++
 .../lock-down-windows-10-to-specific-apps.md  | 114 +-----
 windows/configuration/lock-down-windows-10.md |  15 -
 windows/configuration/multi-app-kiosk-xml.md  | 364 ++++++++++++++++++
 7 files changed, 502 insertions(+), 115 deletions(-)
 create mode 100644 windows/configuration/lock-down-windows-10-applocker.md
 delete mode 100644 windows/configuration/lock-down-windows-10.md
 create mode 100644 windows/configuration/multi-app-kiosk-xml.md

diff --git a/windows/configuration/TOC.md b/windows/configuration/TOC.md
index 876c4c17b2..4166b7475b 100644
--- a/windows/configuration/TOC.md
+++ b/windows/configuration/TOC.md
@@ -9,6 +9,8 @@
 ### [Set up a kiosk on Windows 10 Pro, Enterprise, or Education](set-up-a-kiosk-for-windows-10-for-desktop-editions.md)
 ### [Guidelines for choosing an app for assigned access (kiosk mode)](guidelines-for-assigned-access-app.md)
 ### [Create a Windows 10 kiosk that runs multiple apps](lock-down-windows-10-to-specific-apps.md)
+#### [Use AppLocker to create a Windows 10 kiosk that runs multiple apps](lock-down-windows-10-applocker.md)
+#### [Multi-app kiosk XML reference](multi-app-kiosk-xml.md)
 ## [Configure Windows 10 Mobile devices](mobile-devices/configure-mobile.md)
 ### [Set up a kiosk on Windows 10 Mobile or Windows 10 Mobile Enterprise](mobile-devices/set-up-a-kiosk-for-windows-10-for-mobile-edition.md)
 ### [Use Windows Configuration Designer to configure Windows 10 Mobile devices](mobile-devices/provisioning-configure-mobile.md)
diff --git a/windows/configuration/change-history-for-configure-windows-10.md b/windows/configuration/change-history-for-configure-windows-10.md
index 2a495b4f5a..6e279b9adc 100644
--- a/windows/configuration/change-history-for-configure-windows-10.md
+++ b/windows/configuration/change-history-for-configure-windows-10.md
@@ -19,6 +19,7 @@ This topic lists new and updated topics in the [Configure Windows 10](index.md)
 The topics in this library have been updated for Windows 10, version 1709 (also known as the Fall Creators Update). The following new topics have been added:
 
 - [Create a Windows 10 kiosk that runs multiple apps](lock-down-windows-10-to-specific-apps.md)
+- [Multi-app kiosk XML reference](multi-app-kiosk-xml.md)
 
 ## July 2017
 | New or changed topic | Description |
diff --git a/windows/configuration/kiosk-shared-pc.md b/windows/configuration/kiosk-shared-pc.md
index 21d8d0d394..420e550a78 100644
--- a/windows/configuration/kiosk-shared-pc.md
+++ b/windows/configuration/kiosk-shared-pc.md
@@ -20,4 +20,4 @@ Some desktop devices in an enterprise serve a special purpose, such as a common
 | [Set up a shared or guest PC with Windows 10](set-up-shared-or-guest-pc.md) | Windows 10, version 1607, introduced *shared PC mode*, which optimizes Windows 10 for shared use scenarios, such as touchdown spaces in an enterprise and temporary customer use in retail.  |
 | [Set up a kiosk on Windows 10 Pro, Enterprise, or Education](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) | You can configure a device running Windows 10 Pro, Windows 10 Enterprise, or Windows 10 Education as a kiosk device, so that users can only interact with a single application that you select.  |
 | [Guidelines for choosing an app for assigned access (kiosk mode)](guidelines-for-assigned-access-app.md) | You can choose almost any Windows app for assigned access; however, some apps may not provide a good user experience. This topic provides guidelines to help you choose an approprate app for a kiosk device.  |
-| [Lock down Windows 10 to specific apps (AppLocker)](lock-down-windows-10-to-specific-apps.md) | Learn how to configure a device running Windows 10 Enterprise or Windows 10 Education so that users can only run a few specific apps. The result is similar to a kiosk device, but with multiple apps available. For example, you might set up a library computer so that users can search the catalog and browse the Internet, but can't run any other apps or change computer settings. |
\ No newline at end of file
+| [Create a Windows 10 kiosk that runs multiple apps](lock-down-windows-10-to-specific-apps.md) | Learn how to configure a device running Windows 10 Enterprise or Windows 10 Education so that users can only run a few specific apps. The result is similar to a kiosk device, but with multiple apps available. For example, you might set up a library computer so that users can search the catalog and browse the Internet, but can't run any other apps or change computer settings. |
\ No newline at end of file
diff --git a/windows/configuration/lock-down-windows-10-applocker.md b/windows/configuration/lock-down-windows-10-applocker.md
new file mode 100644
index 0000000000..398e2d77e9
--- /dev/null
+++ b/windows/configuration/lock-down-windows-10-applocker.md
@@ -0,0 +1,119 @@
+---
+title: Use AppLocker to create a Windows 10 kiosk that runs multiple apps (Windows 10)
+description: Learn how to use AppLocker to configure a kiosk device running Windows 10 Enterprise or Windows 10 Education so that users can only run a few specific apps.
+ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8
+keywords: ["lockdown", "app restrictions", "applocker"]
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: edu, security
+author: jdeckerms
+ms.localizationpriority: high
+---
+
+# Use AppLocker to create a Windows 10 kiosk that runs multiple apps
+
+
+**Applies to**
+
+-   Windows 10
+
+Learn how to configure a device running Windows 10 Enterprise or Windows 10 Education, version 1703 and earlier, so that users can only run a few specific apps. The result is similar to [a kiosk device](set-up-a-device-for-anyone-to-use.md), but with multiple apps available. For example, you might set up a library computer so that users can search the catalog and browse the Internet, but can't run any other apps or change computer settings.
+
+>[!NOTE]
+>For devices running Windows 10, version 1709, we recommend the [multi-app kiosk method](lock-down-windows-10-to-specific-apps.md).
+
+You can restrict users to a specific set of apps on a device running Windows 10 Enterprise or Windows 10 Education by using [AppLocker](/windows/device-security/applocker/applocker-overview). AppLocker rules specify which apps are allowed to run on the device.
+
+AppLocker rules are organized into collections based on file format. If no AppLocker rules for a specific rule collection exist, all files with that file format are allowed to run. However, when an AppLocker rule for a specific rule collection is created, only the files explicitly allowed in a rule are permitted to run. For more information, see [How AppLocker works](/windows/device-security/applocker/how-applocker-works-techref).
+
+This topic describes how to lock down apps on a local device. You can also use AppLocker to set rules for applications in a domain by using Group Policy.
+
+![install create lockdown customize](images/lockdownapps.png)
+
+## Install apps
+
+
+First, install the desired apps on the device for the target user account(s). This works for both Store and Win32. For Store apps, you must log on as that user for the app to install. For Win32 you can install an app for all users without logging on to the particular account.
+
+## Use AppLocker to set rules for apps
+
+
+After you install the desired apps, set up AppLocker rules to only allow specific apps, and block everything else.
+
+1.  Run Local Security Policy (secpol.msc) as an administrator.
+
+2.  Go to **Security Settings** &gt; **Application Control Policies** &gt; **AppLocker**, and select **Configure rule enforcement**.
+
+    ![configure rule enforcement](images/apprule.png)
+
+3.  Check **Configured** under **Executable rules**, and then click **OK**.
+
+4.  Right-click **Executable Rules** and then click **Automatically generate rules**.
+
+    ![automatically generate rules](images/genrule.png)
+
+5.  Select the folder that contains the apps that you want to permit, or select C:\\ to analyze all apps.
+
+6.  Type a name to identify this set of rules, and then click **Next**.
+
+7.  On the **Rule Preferences** page, click **Next**. Be patient, it might take awhile to generate the rules.
+
+8.  On the **Review Rules** page, click **Create**. The wizard will now create a set of rules allowing the installed set of apps.
+
+9.  Read the message and click **Yes**.
+
+    ![default rules warning](images/appwarning.png)
+
+10. (optional) If you want a rule to apply to a specific set of users, right-click on the rule and select **Properties**. Then use the dialog to choose a different user or group of users.
+
+11. (optional) If rules were generated for apps that should not be run, you can delete them by right-clicking on the rule and selecting **Delete**.
+
+12. Before AppLocker will enforce rules, the **Application Identity** service must be turned on. To force the Application Identity service to automatically start on reset, open a command prompt and run:
+
+    ``` syntax
+    sc config appidsvc start=auto
+    ```
+
+13. Restart the device.
+
+## Other settings to lock down
+
+
+In addition to specifying the apps that users can run, you should also restrict some settings and functions on the device. For a more secure experience, we recommend that you make the following configuration changes to the device:
+
+-   Remove **All apps**.
+
+    Go to **Group Policy Editor** &gt; **User Configuration** &gt; **Administrative Templates\\Start Menu and Taskbar\\Remove All Programs list from the Start menu**.
+
+-   Hide **Ease of access** feature on the logon screen.
+
+    Go to **Control Panel** &gt; **Ease of Access** &gt; **Ease of Access Center**, and turn off all accessibility tools.
+
+-   Disable the hardware power button.
+
+    Go to **Power Options** &gt; **Choose what the power button does**, change the setting to **Do nothing**, and then **Save changes**.
+
+-   Disable the camera.
+
+    Go to **Settings** &gt; **Privacy** &gt; **Camera**, and turn off **Let apps use my camera**.
+
+-   Turn off app notifications on the lock screen.
+
+    Go to **Group Policy Editor** &gt; **Computer Configuration** &gt; **Administrative Templates\\System\\Logon\\Turn off app notifications on the lock screen**.
+
+-   Disable removable media.
+
+    Go to **Group Policy Editor** &gt; **Computer Configuration** &gt; **Administrative Templates\\System\\Device Installation\\Device Installation Restrictions**. Review the policy settings available in **Device Installation Restrictions** for the settings applicable to your situation.
+
+    **Note**  
+    To prevent this policy from affecting a member of the Administrators group, in **Device Installation Restrictions**, enable **Allow administrators to override Device Installation Restriction policies**.
+
+     
+
+To learn more about locking down features, see [Customizations for Windows 10 Enterprise](https://go.microsoft.com/fwlink/p/?LinkId=691442).
+
+## Customize Start screen layout for the device (recommended)
+
+
+Configure the Start menu on the device to only show tiles for the permitted apps. You will make the changes manually, export the layout to an .xml file, and then apply that file to devices to prevent users from making changes. For instructions, see [Manage Windows 10 Start layout options](windows-10-start-layout-options-and-policies.md).
\ No newline at end of file
diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index c732e8f652..bb01d18c03 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -21,7 +21,7 @@ ms.localizationpriority: high
 A [kiosk device](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) typically runs a single app, and users are prevented from accessing any features or functions on the device outside of the kiosk app. In Windows 10, version 1709, the [AssignedAccess configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) has been expanded to make it easy for administrators to create kiosks that run more than one app. You can configure multi-app kiosks using a provisioning package.
 
 >[!NOTE]
->For devices running versions of Windows 10 earlier than version 1709, you can [create AppLocker rules](#1703) to configure a multi-app kiosk.
+>For devices running versions of Windows 10 earlier than version 1709, you can [create AppLocker rules](lock-down-windows-10-applocker.md) to configure a multi-app kiosk.
 
 The benefit of a multi-app kiosk, or fixed-purpose device, is to provide an easy-to-understand experience for individuals by putting in front of them only the things they need to use, and removing from their view the things they don’t need to access. 
 
@@ -206,7 +206,21 @@ Under **Configs**, define which user account will be associated with the profile
 
 The full multi-app assigned access experience can only work for non-admin users. It’s not supported to associate an admin user with the assigned access profile; doing this in the XML file will result in unexpected/unsupported experiences when this admin user signs in.  
 
+
+
+The account can be local, domain, or Azure Active Directory (Azure AD). Groups are not supported.
+•	Local account can be entered as `machinename\account` or `.\account` or just `account`.
+•	Domain account should be entered as `domain\account`.
+•	Azure AD account must be specified in this format: `AzureAD\{email address}`. **AzureAD** must be provided AS IS (consider it’s a fixed domain name), then follow with the Azure AD email address, e.g. **AzureAD\someone@contoso.onmicrosoft.com**.
+
+>[!WARNING]
+>Although **Start** &gt; **Settings** &gt; **Accounts** &gt; **Other users** &gt; **Set up assigned access** only supports specifying a local user account, Assigned Access can be configured via WMI or CSP to run its applications under a domain user or service account, rather than a local account.  However, use of domain user or service accounts introduces risks that an attacker subverting the Assigned Access application might gain access to sensitive domain resources that have been inadvertently left accessible to any domain account. We recommend that customers proceed with caution when using domain accounts with Assigned Access, and consider the domain resources potentially exposed by the decision to do so.
+
+
 Before applying the multi-app configuration, make sure the specified user account is available on the device, otherwise it will fail.
+ 
+>[!NOTE]
+>For both domain and Azure AD accounts, it’s not required that target account is explicitly added to the device. As long as the device is AD-joined or Azure AD-joined, the account can be discovered in the domain forest or tenant that the device is joined to. For local accounts, it is required that the account exist before you configure the account for AssignedAccess.
 
 
 ```xml
@@ -220,7 +234,6 @@ Before applying the multi-app configuration, make sure the specified user accoun
 
 
 
-
 <span id="add-xml" />
 ## Add XML file to provisioning package
 
@@ -240,105 +253,8 @@ Before applying the multi-app configuration, make sure the specified user accoun
 
 
 
-<span id="1703" />
-## old method (pre-1709)
-
-Learn how to configure a device running Windows 10 Enterprise or Windows 10 Education so that users can only run a few specific apps. The result is similar to [a kiosk device](set-up-a-device-for-anyone-to-use.md), but with multiple apps available. For example, you might set up a library computer so that users can search the catalog and browse the Internet, but can't run any other apps or change computer settings.
-
-You can restrict users to a specific set of apps on a device running Windows 10 Enterprise or Windows 10 Education by using [AppLocker](/windows/device-security/applocker/applocker-overview). AppLocker rules specify which apps are allowed to run on the device.
-
-AppLocker rules are organized into collections based on file format. If no AppLocker rules for a specific rule collection exist, all files with that file format are allowed to run. However, when an AppLocker rule for a specific rule collection is created, only the files explicitly allowed in a rule are permitted to run. For more information, see [How AppLocker works](/windows/device-security/applocker/how-applocker-works-techref).
-
-This topic describes how to lock down apps on a local device. You can also use AppLocker to set rules for applications in a domain by using Group Policy.
-
-![install create lockdown customize](images/lockdownapps.png)
-
-### Install apps
 
 
-First, install the desired apps on the device for the target user account(s). This works for both Store and Win32. For Store apps, you must log on as that user for the app to install. For Win32 you can install an app for all users without logging on to the particular account.
-
-### Use AppLocker to set rules for apps
-
-
-After you install the desired apps, set up AppLocker rules to only allow specific apps, and block everything else.
-
-1.  Run Local Security Policy (secpol.msc) as an administrator.
-
-2.  Go to **Security Settings** &gt; **Application Control Policies** &gt; **AppLocker**, and select **Configure rule enforcement**.
-
-    ![configure rule enforcement](images/apprule.png)
-
-3.  Check **Configured** under **Executable rules**, and then click **OK**.
-
-4.  Right-click **Executable Rules** and then click **Automatically generate rules**.
-
-    ![automatically generate rules](images/genrule.png)
-
-5.  Select the folder that contains the apps that you want to permit, or select C:\\ to analyze all apps.
-
-6.  Type a name to identify this set of rules, and then click **Next**.
-
-7.  On the **Rule Preferences** page, click **Next**. Be patient, it might take awhile to generate the rules.
-
-8.  On the **Review Rules** page, click **Create**. The wizard will now create a set of rules allowing the installed set of apps.
-
-9.  Read the message and click **Yes**.
-
-    ![default rules warning](images/appwarning.png)
-
-10. (optional) If you want a rule to apply to a specific set of users, right-click on the rule and select **Properties**. Then use the dialog to choose a different user or group of users.
-
-11. (optional) If rules were generated for apps that should not be run, you can delete them by right-clicking on the rule and selecting **Delete**.
-
-12. Before AppLocker will enforce rules, the **Application Identity** service must be turned on. To force the Application Identity service to automatically start on reset, open a command prompt and run:
-
-    ``` syntax
-    sc config appidsvc start=auto
-    ```
-
-13. Restart the device.
-
-### Other settings to lock down
-
-
-In addition to specifying the apps that users can run, you should also restrict some settings and functions on the device. For a more secure experience, we recommend that you make the following configuration changes to the device:
-
--   Remove **All apps**.
-
-    Go to **Group Policy Editor** &gt; **User Configuration** &gt; **Administrative Templates\\Start Menu and Taskbar\\Remove All Programs list from the Start menu**.
-
--   Hide **Ease of access** feature on the logon screen.
-
-    Go to **Control Panel** &gt; **Ease of Access** &gt; **Ease of Access Center**, and turn off all accessibility tools.
-
--   Disable the hardware power button.
-
-    Go to **Power Options** &gt; **Choose what the power button does**, change the setting to **Do nothing**, and then **Save changes**.
-
--   Disable the camera.
-
-    Go to **Settings** &gt; **Privacy** &gt; **Camera**, and turn off **Let apps use my camera**.
-
--   Turn off app notifications on the lock screen.
-
-    Go to **Group Policy Editor** &gt; **Computer Configuration** &gt; **Administrative Templates\\System\\Logon\\Turn off app notifications on the lock screen**.
-
--   Disable removable media.
-
-    Go to **Group Policy Editor** &gt; **Computer Configuration** &gt; **Administrative Templates\\System\\Device Installation\\Device Installation Restrictions**. Review the policy settings available in **Device Installation Restrictions** for the settings applicable to your situation.
-
-    **Note**  
-    To prevent this policy from affecting a member of the Administrators group, in **Device Installation Restrictions**, enable **Allow administrators to override Device Installation Restriction policies**.
-
-     
-
-To learn more about locking down features, see [Customizations for Windows 10 Enterprise](https://go.microsoft.com/fwlink/p/?LinkId=691442).
-
-### Customize Start screen layout for the device (recommended)
-
-
-Configure the Start menu on the device to only show tiles for the permitted apps. You will make the changes manually, export the layout to an .xml file, and then apply that file to devices to prevent users from making changes. For instructions, see [Manage Windows 10 Start layout options](windows-10-start-layout-options-and-policies.md).
 
 
  
diff --git a/windows/configuration/lock-down-windows-10.md b/windows/configuration/lock-down-windows-10.md
deleted file mode 100644
index 0bcecb6b1a..0000000000
--- a/windows/configuration/lock-down-windows-10.md
+++ /dev/null
@@ -1,15 +0,0 @@
----
-title: Lock down Windows 10 (Windows 10)
-description: Windows 10 provides a number of features and methods to help you lock down specific parts of a Windows 10 device.
-ms.assetid: 955BCD92-0A1A-4C48-98A8-30D7FAF2067D
-keywords: lockdown
-ms.prod: w10
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: security, mobile
-author: jdeckerms
-ms.localizationpriority: high
----
-
-# Lock down Windows 10
-
diff --git a/windows/configuration/multi-app-kiosk-xml.md b/windows/configuration/multi-app-kiosk-xml.md
new file mode 100644
index 0000000000..a532786d85
--- /dev/null
+++ b/windows/configuration/multi-app-kiosk-xml.md
@@ -0,0 +1,364 @@
+---
+title: Create a Windows 10 kiosk that runs multiple apps (Windows 10)
+description: Learn how to configure a kiosk device running Windows 10 Enterprise or Windows 10 Education so that users can only run a few specific apps.
+ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8
+keywords: ["lockdown", "app restrictions", "applocker"]
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: edu, security
+author: jdeckerms
+ms.localizationpriority: high
+---
+
+# Create a Windows 10 kiosk that runs multiple apps
+
+
+**Applies to**
+
+-   Windows 10
+
+A [kiosk device](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) typically runs a single app, and users are prevented from accessing any features or functions on the device outside of the kiosk app. In Windows 10, version 1709, the [AssignedAccess configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) has been expanded to make it easy for administrators to create kiosks that run more than one app. You can configure multi-app kiosks using a provisioning package.
+
+>[!NOTE]
+>For devices running versions of Windows 10 earlier than version 1709, you can [create AppLocker rules](#1703) to configure a multi-app kiosk.
+
+The benefit of a multi-app kiosk, or fixed-purpose device, is to provide an easy-to-understand experience for individuals by putting in front of them only the things they need to use, and removing from their view the things they don’t need to access. 
+
+>[!WARNING]
+>The assigned access feature is intended for corporate-owned fixed-purpose devices, like kiosks. When the multi-app assigned access configuration is applied on the device, certain policies are enforced system-wide, and will impact other users on the device. Deleting the multi-app configuration will remove the assigned access lockdown profiles associated with the users, but it cannot revert all the enforced policies (such as Start layout). A factory reset is needed to clear all the policies enforced via assigned access.
+
+
+Process:
+1. [Create XML file](#create-xml-file)
+2. [Add XML file to provisioning package](#add-xml)
+3. [Apply provisioning package to device](#apply-ppkg)
+
+## Prerequisites
+
+- (latest version of WCD -- is Store version okay at GA?)
+- kiosk device on 1709
+
+
+## Create XML file
+
+Let's start by looking at the basic structure of the XML file. 
+
+- A configuration xml can define multiple *profiles*. Each profile has a unique **Id** and defines a set of applications that are allowed to run. 
+
+- A configuration xml can have multiple *config* sections. Each config section associates a non-admin user account to a default profile **Id**. 
+
+- Multiple config sections can be associated to the same profile.
+
+- A profile has no effect if it’s not associated to a config section. 
+
+    ![profile = app and config = account](images/profile-config.png)
+    
+You can start your file by pasting the following XML (or any other examples in this topic) into a XML editor, and saving the file as *filename*.xml. Each section of this XML is explained in this topic. 
+
+```xml
+<?xml version="1.0" encoding="utf-8" ?>
+<AssignedAccessConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config">
+    <Profiles>
+        <Profile Id="">
+            <AllAppsList>
+                <AllowedApps/>
+            </AllAppsList>         
+            <StartLayout/>
+            <Taskbar/>
+        </Profile>
+    </Profiles>
+    <Configs>
+        <Config>
+            <Account/>
+            <DefaultProfile Id=""/>
+        </Config>
+    </Configs>
+</AssignedAccessConfiguration>
+```
+
+### Profile
+
+A profile section in the XML has the following entries: 
+
+- [**Id**](#id) 
+
+- [**AllowedApps**](#allowedapps)  
+
+- [**StartLayout**](#startlayout)
+
+- [**Taskbar**](#taskbar)
+
+
+#### Id
+
+The profile **Id** is a GUID attribute to uniquely identify the profile. You can create a GUID using a GUID generator. The GUID just needs to be unique within this XML file. 
+
+```xml
+<Profiles>
+    <Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}">…</Profile>
+  </Profiles>
+```
+
+#### AllowedApps
+
+**AllowedApps** is a list of applications that are allowed to run. Apps can be Universal Windows Platform (UWP) apps or Classic Windows desktop apps. 
+
+Based on the purpose of the kiosk device, define the list of applications that are allowed to run. This list can contain both UWP apps and desktop apps. When the mult-app kiosk configuration is applied to a device, AppLocker rules will be generated to allow the apps that are listed in the configuration.
+
+>[!NOTE]
+>You cannot manage AppLocker rules that are generated by the multi-app kiosk configuration in [MMC snap-ins](https://technet.microsoft.com/library/hh994629.aspx#BKMK_Using_Snapins).
+
+- For UWP apps, you need to provide the App User Model ID (AUMID). [Learn how to get the AUMID](https://go.microsoft.com/fwlink/p/?LinkId=614867), or [get the AUMID from the Start Layout XML](#startlayout). 
+- For desktop apps, you need to specify the full path of the executable, which can contain one or more system environment variables in the form of %variableName% (i.e. %systemroot%, %windir%).
+
+Here are the predefined assigned access AppLocker rules for **UWP apps**:   
+
+1.	Default rule is to allow all users to launch the signed package apps. 
+2.	The package app deny list is generated at runtime when the assigned access user signs in. Based on the installed/provisioned package apps available for the user account, assigned access generates the deny list. This list will exclude the default allowed inbox package apps which are critical for the system to function, and then exclude the allowed packages that enterprises defined in the assigned access configuration. If there are multiple apps within the same package, all these apps will be excluded. This deny list will be used to prevent the user from accessing the apps which are currently available for the user but not in the allowed list. 
+
+    >[!NOTE]
+    >Multi-app kiosk mode doesn’t block the enterprise or the users from installing UWP apps. When a new UWP app is installed during the current assigned access user session, this app will not be in the deny list. When the user signs out and signs in again, the app will be included in the deny list. If this is an enterprise-deployed line-of-business app and you want to allow it to run, update the assigned access configuration to include it in the allowed app list. 
+
+Here are the predefined assigned access AppLocker rules for **desktop apps**:
+
+1.	Default rule is to allow all users to launch the desktop programs signed with Microsoft Certificate in order for the system to boot and function. The rule also allows the admin user group to launch all desktop programs. 
+2.	There is a predefined inbox desktop app deny list for the assigned access user account, and this deny list is adjusted based on the desktop app allow list that you defined in the multi-app configuration. 
+3.	Enterprise-defined allowed desktop apps are added in the AppLocker allow list. 
+
+The following example allows Groove Music, Movies & TV, Photos, Weather, Calculator, Paint, and Notepad apps to run on the device.
+
+```xml
+<AllAppsList>
+        <AllowedApps>
+          <App AppUserModelId="Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic" />
+          <App AppUserModelId="Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo" />
+          <App AppUserModelId="Microsoft.Windows.Photos_8wekyb3d8bbwe!App" />
+          <App AppUserModelId="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
+          <App AppUserModelId="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" />
+          <App DesktopAppPath="%windir%\system32\mspaint.exe" />
+          <App DesktopAppPath="C:\Windows\System32\notepad.exe" />
+        </AllowedApps>
+      </AllAppsList>
+```
+
+#### StartLayout
+
+After you define the list of allowed applications, you can customize the Start layout for your kiosk experience. You can choose to pin all the allowed apps on the Start screen or just a subset, depending on whether you want the end user to directly access them on the Start screen. 
+
+The easiest way to create a customized Start layout to apply to other Windows 10 devices is to set up the Start screen on a test device and then export the layout. For detailed steps, see [Customize and export Start layout](customize-and-export-start-layout.md).
+
+A few things to note here:
+
+- The test device on which you customize the Start layout should have the same OS version that is installed on the device where you plan to deploy the multi-app assigned access configuration. 
+- Since the multi-app assigned access experience is intended for fixed-purpose devices, to ensure the device experiences are consistent and predictable, use the *full* Start layout option instead of the *partial* Start layout. 
+- There are no apps pinned on the taskbar in the multi-app mode, and it is not supported to configure Taskbar layout using the `<CustomTaskbarLayoutCollection>` tag in a layout modification XML as part of the assigned access configuration.
+- The following example uses DesktopApplicationLinkPath to pin the desktop app to start. When the desktop app doesn’t have a shortcut link on the target device, [learn how to provision .lnk files using Windows Configuration Designer](#lnk-files). 
+
+This example pins Groove Music, Movies & TV, Photos, Weather, Calculator, Paint, and Notepad apps on Start.
+
+```xml
+<StartLayout>
+        <![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
+                      <LayoutOptions StartTileGroupCellWidth="6" />
+                      <DefaultLayoutOverride>
+                        <StartLayoutCollection>
+                          <defaultlayout:StartLayout GroupCellWidth="6">
+                            <start:Group Name="Group1">
+                              <start:Tile Size="4x4" Column="0" Row="0" AppUserModelID="Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic" />
+                              <start:Tile Size="2x2" Column="4" Row="2" AppUserModelID="Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo" />
+                              <start:Tile Size="2x2" Column="4" Row="0" AppUserModelID="Microsoft.Windows.Photos_8wekyb3d8bbwe!App" />
+                              <start:Tile Size="2x2" Column="4" Row="4" AppUserModelID="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
+                              <start:Tile Size="4x2" Column="0" Row="4" AppUserModelID="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" />
+                            </start:Group>
+                            <start:Group Name="Group2">
+                              <start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk" />
+                              <start:DesktopApplicationTile Size="2x2" Column="0" Row="0" DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk" />
+                            </start:Group>
+                          </defaultlayout:StartLayout>
+                        </StartLayoutCollection>
+                      </DefaultLayoutOverride>
+                    </LayoutModificationTemplate>
+                ]]>
+      </StartLayout>
+```
+
+![What the Start screen looks like when the XML sample is applied](images/sample-start.png)
+
+#### Taskbar
+
+Define whether you want to have the taskbar present in the kiosk device. For tablet-based or touch-enabled all-in-one kiosks, when you don’t attach a keyboard and mouse, you can hide the taskbar as part of the multi-app experience if you want. 
+
+The following example exposes the taskbar to the end user:
+
+      `<Taskbar ShowTaskbar="true"/>`
+      
+The following example hides the taskbar:
+
+      `<Taskbar ShowTaskbar="false"/>`
+      
+>[!NOTE]
+>This is different from the **Automatically hide the taskbar** option in tablet mode, which shows the taskbar when swiping up from or moving the mouse pointer down to the bottom of the screen. Setting **ShowTaskbar** as **false** will always keep the taskbar hidden. 
+
+### Configs
+
+Under **Configs**, define which user account will be associated with the profile. When this user account signs in on the device, the associated assigned access profile will be enforced, including the allowed apps, Start layout, and taskbar configuration, as well as other local group policies or MDM policies set as part of the multi-app experience. 
+
+The full multi-app assigned access experience can only work for non-admin users. It’s not supported to associate an admin user with the assigned access profile; doing this in the XML file will result in unexpected/unsupported experiences when this admin user signs in.  
+
+
+
+The account can be local, domain, or Azure Active Directory (Azure AD). Groups are not supported.
+•	Local account can be entered as `machinename\account` or `.\account` or just `account`.
+•	Domain account should be entered as `domain\account`.
+•	Azure AD account must be specified in this format: `AzureAD\{email address}`. **AzureAD** must be provided AS IS (consider it’s a fixed domain name), then follow with the Azure AD email address, e.g. **AzureAD\someone@contoso.onmicrosoft.com**.
+
+>[!WARNING]
+>Although **Start** &gt; **Settings** &gt; **Accounts** &gt; **Other users** &gt; **Set up assigned access** only supports specifying a local user account, Assigned Access can be configured via WMI or CSP to run its applications under a domain user or service account, rather than a local account.  However, use of domain user or service accounts introduces risks that an attacker subverting the Assigned Access application might gain access to sensitive domain resources that have been inadvertently left accessible to any domain account. We recommend that customers proceed with caution when using domain accounts with Assigned Access, and consider the domain resources potentially exposed by the decision to do so.
+
+
+Before applying the multi-app configuration, make sure the specified user account is available on the device, otherwise it will fail.
+ 
+>[!NOTE]
+>For both domain and Azure AD accounts, it’s not required that target account is explicitly added to the device. As long as the device is AD-joined or Azure AD-joined, the account can be discovered in the domain forest or tenant that the device is joined to. For local accounts, it is required that the account exist before you configure the account for AssignedAccess.
+
+
+```xml
+<Configs>
+    <Config>
+      <Account>MultiAppKioskUser</Account>
+      <DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"/>
+    </Config>
+  </Configs> 
+```
+
+
+
+<span id="add-xml" />
+## Add XML file to provisioning package
+
+
+
+<span id="apply-ppkg" />
+## Apply provisioning package to device
+
+
+
+## Considerations for mixed-reality devices
+
+*There are some Mixed Reality specific bits we wanted to include. For example, the IT Admin needs to include the Mixed Reality Portal as an allowed app if they want to include Mixed Reality apps in kiosk mode.*
+
+<span id="lnk-files" />
+#### placeholder for lnk
+
+
+
+<span id="1703" />
+## old method (pre-1709)
+
+Learn how to configure a device running Windows 10 Enterprise or Windows 10 Education so that users can only run a few specific apps. The result is similar to [a kiosk device](set-up-a-device-for-anyone-to-use.md), but with multiple apps available. For example, you might set up a library computer so that users can search the catalog and browse the Internet, but can't run any other apps or change computer settings.
+
+You can restrict users to a specific set of apps on a device running Windows 10 Enterprise or Windows 10 Education by using [AppLocker](/windows/device-security/applocker/applocker-overview). AppLocker rules specify which apps are allowed to run on the device.
+
+AppLocker rules are organized into collections based on file format. If no AppLocker rules for a specific rule collection exist, all files with that file format are allowed to run. However, when an AppLocker rule for a specific rule collection is created, only the files explicitly allowed in a rule are permitted to run. For more information, see [How AppLocker works](/windows/device-security/applocker/how-applocker-works-techref).
+
+This topic describes how to lock down apps on a local device. You can also use AppLocker to set rules for applications in a domain by using Group Policy.
+
+![install create lockdown customize](images/lockdownapps.png)
+
+### Install apps
+
+
+First, install the desired apps on the device for the target user account(s). This works for both Store and Win32. For Store apps, you must log on as that user for the app to install. For Win32 you can install an app for all users without logging on to the particular account.
+
+### Use AppLocker to set rules for apps
+
+
+After you install the desired apps, set up AppLocker rules to only allow specific apps, and block everything else.
+
+1.  Run Local Security Policy (secpol.msc) as an administrator.
+
+2.  Go to **Security Settings** &gt; **Application Control Policies** &gt; **AppLocker**, and select **Configure rule enforcement**.
+
+    ![configure rule enforcement](images/apprule.png)
+
+3.  Check **Configured** under **Executable rules**, and then click **OK**.
+
+4.  Right-click **Executable Rules** and then click **Automatically generate rules**.
+
+    ![automatically generate rules](images/genrule.png)
+
+5.  Select the folder that contains the apps that you want to permit, or select C:\\ to analyze all apps.
+
+6.  Type a name to identify this set of rules, and then click **Next**.
+
+7.  On the **Rule Preferences** page, click **Next**. Be patient, it might take awhile to generate the rules.
+
+8.  On the **Review Rules** page, click **Create**. The wizard will now create a set of rules allowing the installed set of apps.
+
+9.  Read the message and click **Yes**.
+
+    ![default rules warning](images/appwarning.png)
+
+10. (optional) If you want a rule to apply to a specific set of users, right-click on the rule and select **Properties**. Then use the dialog to choose a different user or group of users.
+
+11. (optional) If rules were generated for apps that should not be run, you can delete them by right-clicking on the rule and selecting **Delete**.
+
+12. Before AppLocker will enforce rules, the **Application Identity** service must be turned on. To force the Application Identity service to automatically start on reset, open a command prompt and run:
+
+    ``` syntax
+    sc config appidsvc start=auto
+    ```
+
+13. Restart the device.
+
+### Other settings to lock down
+
+
+In addition to specifying the apps that users can run, you should also restrict some settings and functions on the device. For a more secure experience, we recommend that you make the following configuration changes to the device:
+
+-   Remove **All apps**.
+
+    Go to **Group Policy Editor** &gt; **User Configuration** &gt; **Administrative Templates\\Start Menu and Taskbar\\Remove All Programs list from the Start menu**.
+
+-   Hide **Ease of access** feature on the logon screen.
+
+    Go to **Control Panel** &gt; **Ease of Access** &gt; **Ease of Access Center**, and turn off all accessibility tools.
+
+-   Disable the hardware power button.
+
+    Go to **Power Options** &gt; **Choose what the power button does**, change the setting to **Do nothing**, and then **Save changes**.
+
+-   Disable the camera.
+
+    Go to **Settings** &gt; **Privacy** &gt; **Camera**, and turn off **Let apps use my camera**.
+
+-   Turn off app notifications on the lock screen.
+
+    Go to **Group Policy Editor** &gt; **Computer Configuration** &gt; **Administrative Templates\\System\\Logon\\Turn off app notifications on the lock screen**.
+
+-   Disable removable media.
+
+    Go to **Group Policy Editor** &gt; **Computer Configuration** &gt; **Administrative Templates\\System\\Device Installation\\Device Installation Restrictions**. Review the policy settings available in **Device Installation Restrictions** for the settings applicable to your situation.
+
+    **Note**  
+    To prevent this policy from affecting a member of the Administrators group, in **Device Installation Restrictions**, enable **Allow administrators to override Device Installation Restriction policies**.
+
+     
+
+To learn more about locking down features, see [Customizations for Windows 10 Enterprise](https://go.microsoft.com/fwlink/p/?LinkId=691442).
+
+### Customize Start screen layout for the device (recommended)
+
+
+Configure the Start menu on the device to only show tiles for the permitted apps. You will make the changes manually, export the layout to an .xml file, and then apply that file to devices to prevent users from making changes. For instructions, see [Manage Windows 10 Start layout options](windows-10-start-layout-options-and-policies.md).
+
+
+ 
+
+ 
+
+
+
+
+

From b2ee56a3681b00531d4939ccff35d672c2fdfa48 Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Tue, 8 Aug 2017 10:01:44 -0700
Subject: [PATCH 09/37] sync

---
 .../images/multiappassignedaccesssettings.png | Bin 0 -> 5081 bytes
 .../lock-down-windows-10-to-specific-apps.md  |  62 +++
 windows/configuration/multi-app-kiosk-xml.md  | 421 +++++-------------
 3 files changed, 177 insertions(+), 306 deletions(-)
 create mode 100644 windows/configuration/images/multiappassignedaccesssettings.png

diff --git a/windows/configuration/images/multiappassignedaccesssettings.png b/windows/configuration/images/multiappassignedaccesssettings.png
new file mode 100644
index 0000000000000000000000000000000000000000..86e2e0a451e756326fa5d8891cb4e8d50c361f20
GIT binary patch
literal 5081
zcmbW5XHb({x5tA@5fnuZdISUkArL@Ba_B{BLKg@qB~qjX2oS1-&_o46i1c0zN(oI`
zkd8`|-diY&n1qh>P;Wf<(>wFd+?o5~+5f%Pv)7uvo@eiw-`=ku8bB^Hb20+}fXmuY
z4PyX+u9Mb>F)`5E{ea^Yn$US0L(~9e{oG45<ARf_zA6Avfn_<irKi~!J)!2_008Tk
zKMx&;uudod!0xWCp$dEUWG&0u88&sRGh`{BQkg&bJXiXzYTCiuFLszoHb?8xi>pM%
z$9wI<;yVtnUWy%5a$GXMYW;#ES&x?){wBcOkC&w1RVcxAkL4eJAD-Ua7y8Q<FU&Y~
zlR!%w{{40P*@2`v1^@Uo?GB8J1Ht<&N2TTHD0_Y*^L5ZpXG<A7ZE^riu;VH3pU$i1
zq@<)*T_{h_LCkrYJ?C!r=uw|cjPq@N2+eHeyYGcLJ+7nvDZ6oYb+%ywGZM+bUrPHh
zHjwaY5Y7GeT%-U^z5`GfXu^Fvmez)zZ)2m0XQ=Esny_B|Hy7Ok6U~r)z)eRJ#{V;j
z2<4uj9M<~E`);RA&7paM&r%J7j$ZJjBL_hPlr8IJA8Odtn;+x)>-)8hS+$n8Y>8YB
zM^ur)o6=&j%MNEfSf3uZ4KTXll-~lobjTb64^RuSp>rh(`v&#>1OF<EyQ_ej^t&>C
z_8DvCDB{0~kQP3F`*qA~0fkYIU~~lQl|~%zv}5RbpVQi#^(ViTtD0h#peGHTUpFQw
z{dDdd>W+*kI7Lvrjd@<`@CR_)H$k{_<xRa|NbkuhG2Ca=?MU(9Mjv!)JidF}QGT?x
z!gt1fCl^^Pe84kAZXrwWDR=s(<%t+AEVDA<?(-@w7PRJ1zLizB3f9I>)jgR!W1Tgh
z4k${SD?8&9R}4}IUa6PZ=Srtq`rx6_OLyfFgogG~U^!*;G-&5r*g<6t*Q8(h*!<-7
z@BO9fsl0>lLG=e=RMu7oilw=^xy*bJ10!Q!t?-?(-9)npDL2ghN{hVD$F`!(Y&&vN
zu8s+iGxD+bVmjFevUbDocckGZOKYi?5S0^Z9-X%yg!9pH;mZLf10T(pYr8$S^Ewtr
zW??+R`t5<`JBWAWoA&k;UZ8yDMU{egz2`TE$Vb-09CiNAZ8`a;&n*W$)4uF_b&tF+
zS+4<Nb<GzojT^WY=X6h0v+k5y1Zmg(Y(SjOxgNGvyM{iRZ_?N=smHI(Y|ko>A|K!}
z?t%9h_wa0=@K=^L=*)=5qg5r%1J~fCrx83EC#r!=syCG}b~Rl49-pjVf`c+fJKS$6
z5v7AjqZLR(=^=k%%S0KSL7IXa5kIplgI538GvY^-KHC4}>xU}$KkPs|4&G3eqlaG)
z%F*JQHw@PuKjAve4F~~FU7?5-7Z;N<w7?&CyNrzCt_>7*hmS{;uaQP4r5PQM^`r7K
zmt-JqAG1g9w_Kg87`T$E&L;d6{n?;5Gf-jPa9)<7`0>#dj+{o<*@T{In;7&M3!(tN
zH~jEK<RnahKW6uN0QsYOy<N+99+BnpOb)I(_<$$Zr(HDmRqv3a14k!&{kRTqdu?E7
zYzG79NMMV67u&SxVTT8MxDK)z;)JP~5<a5vr)cli%Cd?)eJ*7(wA||69raZS{Gcu@
zvhw2aK8wZ;y{r#P>ocyI9`Qjc++gx?uu7IdbAMLPswQ!dK_<YPw}==`He0UGAe63{
zmh4BYP7KKUv=JC7m^~%=WA+I-KX;4TFeVF6rP?s<JbYp;Iyo|q+evkyYecjm5@(h0
z*Xy~u&b7ob^0y<gUlquY0U@=HD!JR$VzCQWORWv3&ZHexX?)J9>#yYr%7(-<jZaRs
zQ$q5GLr0D<YP=a$>F-0$d&Y_<sNSwfYqhi^*_0YBLImq@jsW@EWT7}D@KDAr^Hh<8
zYj#*v+Ve>6h@wZjg+BJtZ_(=zncRO{t(P`{LOcmkCVMDGInjNDv;}iL8>ob=T9rpH
z&yXD80iO+!0|Vi%Cp$*8g$K)6#~GG*O+n$u(vr|1L)Hd1vx1?b$_H(X!VUAw<yQ?X
zy#gam>bCE!jtZ(>%*;R)_FFk_Oc4nGbgxz&rmaZ3B{gIa*2YA63G>m*Q@5&-2nCN;
zfoK$tK}oT-;VNhwz+!zwGQC0!YW+oRBYcLP%sxK}EgQtic7M6FzBoTAG2IXwx0JFi
ziDlvfe)_YY4)R5>o>9|z0^`)B7!E~F!APIwv~eA2g|+R?`EqpwzHIRBgoM}6%xod5
zd0!7cGw)42mszY(O@r0|P;hiR+#1BVo%QI3K)!rDg<sSaJit18{db;vL*5ON#?Hw*
zrPTxLV+ng}!iW*~p&Vqz!+AHyu>pv*B&OfRI!Kvm4C@mO${sl(Ewcnz958X0*56G(
z;P+gqD^OeN=^L@JmM%JMpg*F6zY|2kitd_!GD3nY2N#vF2Y1ACO>TG@*bG8c<V#E#
z0`0T{ZiQK+Ro3i-RwD)Ii&k1h(i2T%;scJJwTMLgf?k`3XU_ZkGApz&RI_hsHS*^t
zQXM8B<sf<6f|3;*Wfuc+{=Nwz^aLTi+WKI`VswZ|K;~&0f5<^v{x+ue14T@yk%aEx
z2Vn8YJZ)cdIn<fJQdp!>)4JO?qD;O7EZf>^+h`~h(kA&2v)k)gu<Yh5QcA#N`ilhR
zYq0cAAo7HfG7&iWP8Okr&1<1xG08#>=JdbBo+Walg6$hr4m|Efq`c6;N{mm6yiVQg
z%(wZcd}-s|>Cn(;(x3|0Yp(+k$KOOh9(NsS2E>&u+`^NZHG9kLrFi5>`62uAj4Cm<
zwV&rsi#Hti^3=dVCHLq18<3=BbcB~WTfZ?k-lJ>vu}4SDv+SW?)gk6zW=7x`&wpI_
zRQVm7@uy;$_<+qk72EYb6|0J#j!t#aN#h9>=oNaFV0-)1yx?Z}lpF^vbKR4avAVt<
z^orw5q+HQ#AI1=0r!I1S==ck#I8ZajB~I^|Pw<N4Hp~>(Eu{gi{-V*(u3g`|TpKa3
zl9v`4T<<+#FjjF(XL(3hX0HTURazAAd2<2VnqBWkbScxv4S05_)#@@L8-Ao-S}mcA
z*S-=l-P&aEqRI9n@VP<t@kVYL7r$vpt&K{q==<xm>Y`#46~CUPNUz`U3!b;^E;oQl
zROS$jidS*TQ7rL16+%<L1d6YzCrmEA9deXY|B*Ok+){JS#LRfhdGszZ!Qc12opaG?
zJkLTLuerBsd%+25IueaixWw5x+F0UOKSW*9wQ9(aYpnK;Sa=vQ$*Uo+%Uc#vt23y$
z9T9$iS|;M@!~W@vGlVCDMcYqump%Q51X4nd;Hvp{&%?w~)C>JAMdb&@!5Nj2mbz<!
zQv}n*_KBCIEqwWs`hZZq3sHWVdK`+(o6&NNtrQ^4dWy;Nh;c?apKm@}{=9karueE?
zFFRr#7*ggf6@mgfgcJ~X2QN!+Ds+m!f~2G6WX-%jXeP&nQ~{3zD{JY_{6pt5P46i3
z`)4ir(G!}g9)x&sO>fgicfj3Q(?8-;;((Aa8wCJy&OEoJR)+ZaU)cE}$FwV8>t81a
z)hY#OpdAD0{(T=9hs-iF4Kd~4amun6k>yqz-0`yD_}{D^xM6&g4EYaQRmauZ_5a~6
z3i$s;TyY_M<iVU%+h#hz1A&zkY;g<doHZT#)<80{t?X&L(Op{Vl;-GtwFM@cn}e8)
z+$8^``9hig1NvGs1pv8%_sEl6n7t_{64yuSR*ytq?V=on#(cSgw_}^aB7YX-1iKJI
zH^&}Xf4B~LZ%PNa^{%{p0CPTf|GzO~_3c<+P!1)p*?7z?q9}O*J2lz^q-fN+6TWm+
zyb6Trj!rznk^J2+@0PGTl#OW(BI9uNNIra@^rO?gcZW>_nCZdWUM;dm0Dw=tL%Ndp
zi&*a8$_ZeP*i{XSH{4Z;@DebyX_H>cb!zIA-eqh5FJ7Bz3vi2^{tR*bno4N<0zcfP
z_-l#DZig@jMArwYeyXV6-mtRxS534V;do8;0{RWfIVcDol&tm1iu9QKvYJFVuP$tR
zWW}d8Rnig=y6*KR-(3X<!SW2P6>(<e%+zg7dRh4TR2vm8k8y$JmE8%`+DV}3pJ2()
z`^`p3>qJ=jaLmv-{TorRGPig2Ziz_a(_ho)I9NV2@tKGXC&%0X0FVyCk8+>ZIK%?|
zg~X$OLO*lhL2%I+V?L8S`l`+t22KL~Yt9JW>W>d`Ka{g@Zf`)KYT4`pJt4!NKH>ON
zK5f_RT(6{!p|``j^7%$~cMX)RbM2;LX(x(FD>B@%fYq1UE7iCKh4-SgeUqt}AmmeX
zwcV<6mJhMTu&9~x*Ago1-iAr9cK43fY*jk(SRIFqlPC7P6%rB)ijHt6b|Y4iubzmo
z>pEZ2IWyiRdKmV(@%=agf!GAA>2}`FgJ)l>tsCQwIiUwQCsE6R2>S)G%ilV-#Ioe1
zbgL4~>P`2kB9j7(^l3d+PL$pfV9_=>VDS=tMgl2yb-(N~@BT>rabxLUr12YzmpGPK
z6taNlq?LxyZEr<}XFnji9SaZ$C6MN~FJ6eaj_r86o`+8mm1~sig+8yHwLa`5JEKv(
z{`ha5Z&HiNzlt7;CGcWQ%Z(6VC_DasMM6t;VUO?;r%CW?qxm9)yz_ha=3U^?5ujMi
z${GY8c`mqs>K7FVAw_n;_%t7Oe$r3TlVgTGRlNumZUOaN=Cr=QZ<RBC@<r`F=IKm%
zxB)zx0xSH!X1VaAQ;tn(c70?{Y5jWLZr+|G6%jQ1ktt4aLDDy&nmX*0T#0wLlCBFb
zgTfM}TXc=4Mz>NQb;$8BSq+~P-si3AHYtpo*U&#=0bCsjN>}{QzJx(W1*b?gygW*P
z4d{0JMtSkSDL9w~i%deWW$alK{4!v$+Wra&vb$}Hza@b0bxq4C?;q|OyvjoP2d_UX
zJrN9X(hSr5yEvd~gKhRMjPkrZeYU_CWe;o1Rjd@ZL24OCa7&<T`<;CkfoOXKx<eL`
zcK-N_fus=kQ%Q*%EX}EmzP6uCs<_)<;9~S%X$jWX<Xz7|XI(e{4s7JAq-_5bE2)HD
z$b={A-T^K_`as=rOfE+65os=9eW_-XfsqR=QHI9Uu?h)JjeHA{VrizeWG|Dnjz)5^
zaC3*@z(dDG`mEY;PRN>6*X>UB2Zpzwu8hmK%L!~A&#R%rT(-)(PS(&QV3!BZk+z(m
zw^O|_K1r14O~T|<!Q|p&X+!uJF28GNBmWH(Y0JltfG^7^A1}OTWD_D_SJzv<Zr;7E
zlo)D|y_KhLn>O#7uCxJ(EfCsZ<ZqyNgK{THSu7f1Oi9h0Sty0Kqqbe2L1bisnanGu
zmj*x0V~M)@oDdat@~GsR^)|Q^mk>2Q@iw0wqSU=$D{ZN!sV8(8ht;sxsb0_qg)}uo
zr`YB#E{o|zoAZ>W>2tByFggsX-HEolV^`XB()5>0Tk}<J`u-^+H`r|NyS{61L#)uB
znmQlGGIu^}o$=aC&O4qm$5%eQYZB%q*K8Qm?iG*?5(rQR73hi3^*{QG7<(EFMkt&3
zQKsS2Lb0o)J8wl}l6GcNqN7@$*WLRyXsKrQ)cCEm6mM42&U(Gg2Xn#azbIW2x-%6Z
z({9c5s&x@w)bbv`K#hxEf2_vMB(=qJpIE|28*{YxFUF7Sn!v}j#(jBQg2$e`1R-D&
zPN`PG9PpHWxqWcZ2jl$fLSLe+*FgMLZIUHQw=ZrKC$B<{H6}4J#g-X^yWk~+>hKRg
zl6mBc1mJ<ZM(;Y-Gtr5FWC$o!2;fT<U6lR3qK#8C$jR)<`Czf@ig)q?x1IHHxcIE8
zz0|tnR^6rl4gdHSYT0>f<+kx|998?)XNK*xttxicvdZ&r54klT$l6tpyp{&l{QZ6v
z^jEhO!{2<H*B1|DMNF@tqQWSSi0XWS#^z?*ddYqRqJ(a*Bv5dPujm^+3b)6PmBh)_
zK}ofZLHBdW1+Geu?~$~M-jikzyknge^XvKU=+u<|#KwBvhh?Vaw@Z4ca3!WlxtX25
z3Uv8>ts;l32Io08Y2|($`(17>m`Cp*I{y8dV`1v+=}!ODzu)Q3)%YoNj_dF9@qQ1|
zdOY@>|MA-d=H|2B9lN*J%HCW+jOEk*bR;m<TM<Y4tH9?y`MytbbA$4=%)mv(Azvwf
z;l(ZReapNzY`W%D9kJ?c>8LL1(uhu2S@%nBeS8i!^<-<R+d6)S($dY>Z()Yf5MO}G
zk6$JnQWe-dP;oLU7v;65Lz2`PgyW|Gmgi4RW3@KRz1#%j7osE4s^mglW*L4Q10Xc!
z9BKya*Bz%4AB+6Cz<%}RE)jBCm{W8?&KCff1S^4Jx5&hW;biSj`7p(SC%3~#pO7U*
zjhn782oSHmhp9@8<ax&eLQDDAG6g0r?EBfk@qYbmv@0Ozi;)7)EL)#*)5sy0{y)ee
zGRyk{AXIi$4gx@@70N*>R-mZFZ&2Dm8(=8C98DiE|3|=oV}*b3mqM><oG}WqK3T1?
S*7c;t0kky@G|JR$p8pRM1;fMu

literal 0
HcmV?d00001

diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index bb01d18c03..eec365b65e 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -237,7 +237,69 @@ Before applying the multi-app configuration, make sure the specified user accoun
 <span id="add-xml" />
 ## Add XML file to provisioning package
 
+Before you add the XML file to a provisioning package, you can [validate your configuration XML against the XSD](multi-app-kiosk-xml.md).
 
+Use the Windows Configuration Designer tool to create a provisioning package. [Learn how to install Windows Configuration Designer.](provisioning-packages/provisioning-install-icd.md)
+
+>[!IMPORTANT]
+>When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
+
+1.  Open Windows Configuration Designer (by default, %systemdrive%\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Imaging and Configuration Designer\\x86\\ICD.exe).
+
+2. Choose **Advanced provisioning**.
+
+3. Name your project, and click **Next**.
+
+4. Choose **All Windows desktop editions** and click **Next**.
+
+5. On **New project**, click **Finish**. The workspace for your package opens.
+
+6. Expand **Runtime settings** &gt; **AssignedAccess** &gt; **MultiAppAssignedAccessSettings**.
+
+7. Enter **layout.xml**. This value creates a placeholder in the customizations.xml file that you will replace with the contents of the layout.xml file in a later step.
+
+7. Save your project and close Windows Configuration Designer.
+
+7. In File Explorer, open the project's directory. (The default location is C:\Users\\*user name*\Documents\Windows Imaging and Configuration Designer (WICD)\\*project name*) 
+
+7. Open the customizations.xml file in a text editor. The **&lt;Customizations&gt;** section will look like this:
+
+    ![Customizations file with the placeholder text to replace highlighted](images/customization-start.png)
+
+7. Replace **layout.xml** with the text from the layout.xml file, [with markup characters replaced with escape characters](#escape).
+
+8. Save and close the customizations.xml file.
+
+8. Open Windows Configuration Designer and open your project.
+
+8.  On the **File** menu, select **Save.**
+
+9.  On the **Export** menu, select **Provisioning package**.
+
+10. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.**
+
+11. Optional. In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing.
+
+    -   **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen.
+
+    -   **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Select...** and choosing the certificate you want to use to sign the package.
+
+12. Click **Next** to specify the output location where you want the provisioning package to go when it's built. By default, Windows Imaging and Configuration Designer (ICD) uses the project folder as the output location.
+
+    Optionally, you can click **Browse** to change the default output location.
+
+13. Click **Next**.
+
+14. Click **Build** to start building the package. The provisioning package doesn't take long to build. The project information is displayed in the build page and the progress bar indicates the build status.
+
+    If you need to cancel the build, click **Cancel**. This cancels the current build process, closes the wizard, and takes you back to the **Customizations Page**.
+
+15. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.
+
+    If your build is successful, the name of the provisioning package, output directory, and project directory will be shown.
+
+    -   If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build.
+    -   If you are done, click **Finish** to close the wizard and go back to the **Customizations Page**.
 
 <span id="apply-ppkg" />
 ## Apply provisioning package to device
diff --git a/windows/configuration/multi-app-kiosk-xml.md b/windows/configuration/multi-app-kiosk-xml.md
index a532786d85..642995cf1e 100644
--- a/windows/configuration/multi-app-kiosk-xml.md
+++ b/windows/configuration/multi-app-kiosk-xml.md
@@ -1,6 +1,6 @@
 ---
-title: Create a Windows 10 kiosk that runs multiple apps (Windows 10)
-description: Learn how to configure a kiosk device running Windows 10 Enterprise or Windows 10 Education so that users can only run a few specific apps.
+title: Multi-app kiosk XML reference (Windows 10)
+description: XML and XSD for multi-app kiosk device configuration.
 ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8
 keywords: ["lockdown", "app restrictions", "applocker"]
 ms.prod: w10
@@ -8,128 +8,24 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: edu, security
 author: jdeckerms
-ms.localizationpriority: high
+ms.localizationpriority: medium
 ---
 
-# Create a Windows 10 kiosk that runs multiple apps
+# Multi-app kiosk XML reference
 
 
 **Applies to**
 
 -   Windows 10
 
-A [kiosk device](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) typically runs a single app, and users are prevented from accessing any features or functions on the device outside of the kiosk app. In Windows 10, version 1709, the [AssignedAccess configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) has been expanded to make it easy for administrators to create kiosks that run more than one app. You can configure multi-app kiosks using a provisioning package.
-
->[!NOTE]
->For devices running versions of Windows 10 earlier than version 1709, you can [create AppLocker rules](#1703) to configure a multi-app kiosk.
-
-The benefit of a multi-app kiosk, or fixed-purpose device, is to provide an easy-to-understand experience for individuals by putting in front of them only the things they need to use, and removing from their view the things they don’t need to access. 
-
->[!WARNING]
->The assigned access feature is intended for corporate-owned fixed-purpose devices, like kiosks. When the multi-app assigned access configuration is applied on the device, certain policies are enforced system-wide, and will impact other users on the device. Deleting the multi-app configuration will remove the assigned access lockdown profiles associated with the users, but it cannot revert all the enforced policies (such as Start layout). A factory reset is needed to clear all the policies enforced via assigned access.
-
-
-Process:
-1. [Create XML file](#create-xml-file)
-2. [Add XML file to provisioning package](#add-xml)
-3. [Apply provisioning package to device](#apply-ppkg)
-
-## Prerequisites
-
-- (latest version of WCD -- is Store version okay at GA?)
-- kiosk device on 1709
-
-
-## Create XML file
-
-Let's start by looking at the basic structure of the XML file. 
-
-- A configuration xml can define multiple *profiles*. Each profile has a unique **Id** and defines a set of applications that are allowed to run. 
-
-- A configuration xml can have multiple *config* sections. Each config section associates a non-admin user account to a default profile **Id**. 
-
-- Multiple config sections can be associated to the same profile.
-
-- A profile has no effect if it’s not associated to a config section. 
-
-    ![profile = app and config = account](images/profile-config.png)
-    
-You can start your file by pasting the following XML (or any other examples in this topic) into a XML editor, and saving the file as *filename*.xml. Each section of this XML is explained in this topic. 
+## Full XML sample
 
 ```xml
 <?xml version="1.0" encoding="utf-8" ?>
 <AssignedAccessConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config">
-    <Profiles>
-        <Profile Id="">
-            <AllAppsList>
-                <AllowedApps/>
-            </AllAppsList>         
-            <StartLayout/>
-            <Taskbar/>
-        </Profile>
-    </Profiles>
-    <Configs>
-        <Config>
-            <Account/>
-            <DefaultProfile Id=""/>
-        </Config>
-    </Configs>
-</AssignedAccessConfiguration>
-```
-
-### Profile
-
-A profile section in the XML has the following entries: 
-
-- [**Id**](#id) 
-
-- [**AllowedApps**](#allowedapps)  
-
-- [**StartLayout**](#startlayout)
-
-- [**Taskbar**](#taskbar)
-
-
-#### Id
-
-The profile **Id** is a GUID attribute to uniquely identify the profile. You can create a GUID using a GUID generator. The GUID just needs to be unique within this XML file. 
-
-```xml
-<Profiles>
-    <Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}">…</Profile>
-  </Profiles>
-```
-
-#### AllowedApps
-
-**AllowedApps** is a list of applications that are allowed to run. Apps can be Universal Windows Platform (UWP) apps or Classic Windows desktop apps. 
-
-Based on the purpose of the kiosk device, define the list of applications that are allowed to run. This list can contain both UWP apps and desktop apps. When the mult-app kiosk configuration is applied to a device, AppLocker rules will be generated to allow the apps that are listed in the configuration.
-
->[!NOTE]
->You cannot manage AppLocker rules that are generated by the multi-app kiosk configuration in [MMC snap-ins](https://technet.microsoft.com/library/hh994629.aspx#BKMK_Using_Snapins).
-
-- For UWP apps, you need to provide the App User Model ID (AUMID). [Learn how to get the AUMID](https://go.microsoft.com/fwlink/p/?LinkId=614867), or [get the AUMID from the Start Layout XML](#startlayout). 
-- For desktop apps, you need to specify the full path of the executable, which can contain one or more system environment variables in the form of %variableName% (i.e. %systemroot%, %windir%).
-
-Here are the predefined assigned access AppLocker rules for **UWP apps**:   
-
-1.	Default rule is to allow all users to launch the signed package apps. 
-2.	The package app deny list is generated at runtime when the assigned access user signs in. Based on the installed/provisioned package apps available for the user account, assigned access generates the deny list. This list will exclude the default allowed inbox package apps which are critical for the system to function, and then exclude the allowed packages that enterprises defined in the assigned access configuration. If there are multiple apps within the same package, all these apps will be excluded. This deny list will be used to prevent the user from accessing the apps which are currently available for the user but not in the allowed list. 
-
-    >[!NOTE]
-    >Multi-app kiosk mode doesn’t block the enterprise or the users from installing UWP apps. When a new UWP app is installed during the current assigned access user session, this app will not be in the deny list. When the user signs out and signs in again, the app will be included in the deny list. If this is an enterprise-deployed line-of-business app and you want to allow it to run, update the assigned access configuration to include it in the allowed app list. 
-
-Here are the predefined assigned access AppLocker rules for **desktop apps**:
-
-1.	Default rule is to allow all users to launch the desktop programs signed with Microsoft Certificate in order for the system to boot and function. The rule also allows the admin user group to launch all desktop programs. 
-2.	There is a predefined inbox desktop app deny list for the assigned access user account, and this deny list is adjusted based on the desktop app allow list that you defined in the multi-app configuration. 
-3.	Enterprise-defined allowed desktop apps are added in the AppLocker allow list. 
-
-The following example allows Groove Music, Movies & TV, Photos, Weather, Calculator, Paint, and Notepad apps to run on the device.
-
-```xml
-<AllAppsList>
+  <Profiles>
+    <Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}">
+      <AllAppsList>
         <AllowedApps>
           <App AppUserModelId="Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic" />
           <App AppUserModelId="Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo" />
@@ -140,25 +36,7 @@ The following example allows Groove Music, Movies & TV, Photos, Weather, Calcula
           <App DesktopAppPath="C:\Windows\System32\notepad.exe" />
         </AllowedApps>
       </AllAppsList>
-```
-
-#### StartLayout
-
-After you define the list of allowed applications, you can customize the Start layout for your kiosk experience. You can choose to pin all the allowed apps on the Start screen or just a subset, depending on whether you want the end user to directly access them on the Start screen. 
-
-The easiest way to create a customized Start layout to apply to other Windows 10 devices is to set up the Start screen on a test device and then export the layout. For detailed steps, see [Customize and export Start layout](customize-and-export-start-layout.md).
-
-A few things to note here:
-
-- The test device on which you customize the Start layout should have the same OS version that is installed on the device where you plan to deploy the multi-app assigned access configuration. 
-- Since the multi-app assigned access experience is intended for fixed-purpose devices, to ensure the device experiences are consistent and predictable, use the *full* Start layout option instead of the *partial* Start layout. 
-- There are no apps pinned on the taskbar in the multi-app mode, and it is not supported to configure Taskbar layout using the `<CustomTaskbarLayoutCollection>` tag in a layout modification XML as part of the assigned access configuration.
-- The following example uses DesktopApplicationLinkPath to pin the desktop app to start. When the desktop app doesn’t have a shortcut link on the target device, [learn how to provision .lnk files using Windows Configuration Designer](#lnk-files). 
-
-This example pins Groove Music, Movies & TV, Photos, Weather, Calculator, Paint, and Notepad apps on Start.
-
-```xml
-<StartLayout>
+      <StartLayout>
         <![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
                       <LayoutOptions StartTileGroupCellWidth="6" />
                       <DefaultLayoutOverride>
@@ -181,184 +59,115 @@ This example pins Groove Music, Movies & TV, Photos, Weather, Calculator, Paint,
                     </LayoutModificationTemplate>
                 ]]>
       </StartLayout>
-```
-
-![What the Start screen looks like when the XML sample is applied](images/sample-start.png)
-
-#### Taskbar
-
-Define whether you want to have the taskbar present in the kiosk device. For tablet-based or touch-enabled all-in-one kiosks, when you don’t attach a keyboard and mouse, you can hide the taskbar as part of the multi-app experience if you want. 
-
-The following example exposes the taskbar to the end user:
-
-      `<Taskbar ShowTaskbar="true"/>`
-      
-The following example hides the taskbar:
-
-      `<Taskbar ShowTaskbar="false"/>`
-      
->[!NOTE]
->This is different from the **Automatically hide the taskbar** option in tablet mode, which shows the taskbar when swiping up from or moving the mouse pointer down to the bottom of the screen. Setting **ShowTaskbar** as **false** will always keep the taskbar hidden. 
-
-### Configs
-
-Under **Configs**, define which user account will be associated with the profile. When this user account signs in on the device, the associated assigned access profile will be enforced, including the allowed apps, Start layout, and taskbar configuration, as well as other local group policies or MDM policies set as part of the multi-app experience. 
-
-The full multi-app assigned access experience can only work for non-admin users. It’s not supported to associate an admin user with the assigned access profile; doing this in the XML file will result in unexpected/unsupported experiences when this admin user signs in.  
-
-
-
-The account can be local, domain, or Azure Active Directory (Azure AD). Groups are not supported.
-•	Local account can be entered as `machinename\account` or `.\account` or just `account`.
-•	Domain account should be entered as `domain\account`.
-•	Azure AD account must be specified in this format: `AzureAD\{email address}`. **AzureAD** must be provided AS IS (consider it’s a fixed domain name), then follow with the Azure AD email address, e.g. **AzureAD\someone@contoso.onmicrosoft.com**.
-
->[!WARNING]
->Although **Start** &gt; **Settings** &gt; **Accounts** &gt; **Other users** &gt; **Set up assigned access** only supports specifying a local user account, Assigned Access can be configured via WMI or CSP to run its applications under a domain user or service account, rather than a local account.  However, use of domain user or service accounts introduces risks that an attacker subverting the Assigned Access application might gain access to sensitive domain resources that have been inadvertently left accessible to any domain account. We recommend that customers proceed with caution when using domain accounts with Assigned Access, and consider the domain resources potentially exposed by the decision to do so.
-
-
-Before applying the multi-app configuration, make sure the specified user account is available on the device, otherwise it will fail.
- 
->[!NOTE]
->For both domain and Azure AD accounts, it’s not required that target account is explicitly added to the device. As long as the device is AD-joined or Azure AD-joined, the account can be discovered in the domain forest or tenant that the device is joined to. For local accounts, it is required that the account exist before you configure the account for AssignedAccess.
-
-
-```xml
-<Configs>
+      <Taskbar ShowTaskbar="true"/>
+    </Profile>
+  </Profiles>
+  <Configs>
     <Config>
       <Account>MultiAppKioskUser</Account>
       <DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"/>
     </Config>
-  </Configs> 
+  </Configs>
+</AssignedAccessConfiguration>
 ```
 
-
-
-<span id="add-xml" />
-## Add XML file to provisioning package
-
-
-
-<span id="apply-ppkg" />
-## Apply provisioning package to device
-
-
-
-## Considerations for mixed-reality devices
-
-*There are some Mixed Reality specific bits we wanted to include. For example, the IT Admin needs to include the Mixed Reality Portal as an allowed app if they want to include Mixed Reality apps in kiosk mode.*
-
-<span id="lnk-files" />
-#### placeholder for lnk
-
-
-
-<span id="1703" />
-## old method (pre-1709)
-
-Learn how to configure a device running Windows 10 Enterprise or Windows 10 Education so that users can only run a few specific apps. The result is similar to [a kiosk device](set-up-a-device-for-anyone-to-use.md), but with multiple apps available. For example, you might set up a library computer so that users can search the catalog and browse the Internet, but can't run any other apps or change computer settings.
-
-You can restrict users to a specific set of apps on a device running Windows 10 Enterprise or Windows 10 Education by using [AppLocker](/windows/device-security/applocker/applocker-overview). AppLocker rules specify which apps are allowed to run on the device.
-
-AppLocker rules are organized into collections based on file format. If no AppLocker rules for a specific rule collection exist, all files with that file format are allowed to run. However, when an AppLocker rule for a specific rule collection is created, only the files explicitly allowed in a rule are permitted to run. For more information, see [How AppLocker works](/windows/device-security/applocker/how-applocker-works-techref).
-
-This topic describes how to lock down apps on a local device. You can also use AppLocker to set rules for applications in a domain by using Group Policy.
-
-![install create lockdown customize](images/lockdownapps.png)
-
-### Install apps
-
-
-First, install the desired apps on the device for the target user account(s). This works for both Store and Win32. For Store apps, you must log on as that user for the app to install. For Win32 you can install an app for all users without logging on to the particular account.
-
-### Use AppLocker to set rules for apps
-
-
-After you install the desired apps, set up AppLocker rules to only allow specific apps, and block everything else.
-
-1.  Run Local Security Policy (secpol.msc) as an administrator.
-
-2.  Go to **Security Settings** &gt; **Application Control Policies** &gt; **AppLocker**, and select **Configure rule enforcement**.
-
-    ![configure rule enforcement](images/apprule.png)
-
-3.  Check **Configured** under **Executable rules**, and then click **OK**.
-
-4.  Right-click **Executable Rules** and then click **Automatically generate rules**.
-
-    ![automatically generate rules](images/genrule.png)
-
-5.  Select the folder that contains the apps that you want to permit, or select C:\\ to analyze all apps.
-
-6.  Type a name to identify this set of rules, and then click **Next**.
-
-7.  On the **Rule Preferences** page, click **Next**. Be patient, it might take awhile to generate the rules.
-
-8.  On the **Review Rules** page, click **Create**. The wizard will now create a set of rules allowing the installed set of apps.
-
-9.  Read the message and click **Yes**.
-
-    ![default rules warning](images/appwarning.png)
-
-10. (optional) If you want a rule to apply to a specific set of users, right-click on the rule and select **Properties**. Then use the dialog to choose a different user or group of users.
-
-11. (optional) If rules were generated for apps that should not be run, you can delete them by right-clicking on the rule and selecting **Delete**.
-
-12. Before AppLocker will enforce rules, the **Application Identity** service must be turned on. To force the Application Identity service to automatically start on reset, open a command prompt and run:
-
-    ``` syntax
-    sc config appidsvc start=auto
-    ```
-
-13. Restart the device.
-
-### Other settings to lock down
-
-
-In addition to specifying the apps that users can run, you should also restrict some settings and functions on the device. For a more secure experience, we recommend that you make the following configuration changes to the device:
-
--   Remove **All apps**.
-
-    Go to **Group Policy Editor** &gt; **User Configuration** &gt; **Administrative Templates\\Start Menu and Taskbar\\Remove All Programs list from the Start menu**.
-
--   Hide **Ease of access** feature on the logon screen.
-
-    Go to **Control Panel** &gt; **Ease of Access** &gt; **Ease of Access Center**, and turn off all accessibility tools.
-
--   Disable the hardware power button.
-
-    Go to **Power Options** &gt; **Choose what the power button does**, change the setting to **Do nothing**, and then **Save changes**.
-
--   Disable the camera.
-
-    Go to **Settings** &gt; **Privacy** &gt; **Camera**, and turn off **Let apps use my camera**.
-
--   Turn off app notifications on the lock screen.
-
-    Go to **Group Policy Editor** &gt; **Computer Configuration** &gt; **Administrative Templates\\System\\Logon\\Turn off app notifications on the lock screen**.
-
--   Disable removable media.
-
-    Go to **Group Policy Editor** &gt; **Computer Configuration** &gt; **Administrative Templates\\System\\Device Installation\\Device Installation Restrictions**. Review the policy settings available in **Device Installation Restrictions** for the settings applicable to your situation.
-
-    **Note**  
-    To prevent this policy from affecting a member of the Administrators group, in **Device Installation Restrictions**, enable **Allow administrators to override Device Installation Restriction policies**.
-
-     
-
-To learn more about locking down features, see [Customizations for Windows 10 Enterprise](https://go.microsoft.com/fwlink/p/?LinkId=691442).
-
-### Customize Start screen layout for the device (recommended)
-
-
-Configure the Start menu on the device to only show tiles for the permitted apps. You will make the changes manually, export the layout to an .xml file, and then apply that file to devices to prevent users from making changes. For instructions, see [Manage Windows 10 Start layout options](windows-10-start-layout-options-and-policies.md).
-
-
- 
-
- 
-
-
-
-
-
+## XSD for AssignedAccess configuration XML
+
+```xml
+<?xml version="1.0" encoding="utf-8"?>
+<xs:schema
+    elementFormDefault="qualified"
+    xmlns:xs="http://www.w3.org/2001/XMLSchema"
+    xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config"
+    targetNamespace="http://schemas.microsoft.com/AssignedAccess/2017/config"
+    >
+
+    <xs:complexType name="profile_list_t">
+        <xs:sequence minOccurs="1" >
+            <xs:element name="Profile" type="profile_t" minOccurs="1" maxOccurs="unbounded">
+                <xs:unique name="duplicateRolesForbidden">
+                    <xs:selector xpath="Profile"/>
+                    <xs:field xpath="@Id"/>
+                </xs:unique>
+            </xs:element>
+        </xs:sequence>
+    </xs:complexType>
+
+    <xs:complexType name="profile_t">
+        <xs:sequence minOccurs="1" maxOccurs="1">
+            <xs:element name="AllAppsList" type="allappslist_t" minOccurs="1" maxOccurs="1">
+                <xs:unique name="ForbidDupApps">
+                    <xs:selector xpath="App"/>
+                    <xs:field xpath="@AppUserModelId"/>
+                    <xs:field xpath="@DesktopAppPath"/>
+                </xs:unique>
+            </xs:element>
+            <xs:element name="StartLayout" type="xs:string" minOccurs="1" maxOccurs="1"/>
+            <xs:element name="Taskbar" type="taskbar_t" minOccurs="1" maxOccurs="1"/>
+        </xs:sequence>
+        <xs:attribute name="Id" type="guid_t" use="required"/>
+        <xs:attribute name="Name" type="xs:string" use="optional"/>
+    </xs:complexType>
+
+    <xs:complexType name="allappslist_t">
+        <xs:sequence minOccurs="1" >
+            <xs:element name="AllowedApps" type="allowedapps_t" minOccurs="1" maxOccurs="1">
+            </xs:element>
+        </xs:sequence>
+    </xs:complexType>
+
+    <xs:complexType name="allowedapps_t">
+        <xs:sequence minOccurs="1" maxOccurs="1">
+            <xs:element name="App" type="app_t" minOccurs="1" maxOccurs="unbounded">
+                <xs:key name="mutexAumidOrDesktopApp">
+                    <xs:selector xpath="."/>
+                    <xs:field xpath="@AppUserModelId|@DesktopAppPath"/>
+                </xs:key>
+            </xs:element>
+        </xs:sequence>
+    </xs:complexType>
+
+    <xs:complexType name="app_t">
+        <xs:attribute name="AppUserModelId" type="xs:string"/>
+        <xs:attribute name="DesktopAppPath" type="xs:string"/>
+    </xs:complexType>
+
+    <xs:complexType name="taskbar_t">
+        <xs:attribute name="ShowTaskbar" type="xs:boolean" use="required"/>
+    </xs:complexType>
+
+    <xs:complexType name="profileId_t">
+        <xs:attribute name="Id" type="guid_t" use="required"/>
+    </xs:complexType>
+
+    <xs:simpleType name="guid_t">
+        <xs:restriction base="xs:string">
+            <xs:pattern value="\{[0-9a-fA-F]{8}\-([0-9a-fA-F]{4}\-){3}[0-9a-fA-F]{12}\}"/>
+        </xs:restriction>
+    </xs:simpleType>
+
+    <xs:complexType name="config_list_t">
+        <xs:sequence minOccurs="1" >
+            <xs:element name="Config" type="config_t" minOccurs="1" maxOccurs="unbounded"/>
+        </xs:sequence>
+    </xs:complexType>
+
+    <xs:complexType name="config_t">
+        <xs:sequence minOccurs="1" maxOccurs="1">
+            <xs:element name="Account" type="xs:string" minOccurs="1" maxOccurs="1"/>
+            <xs:element name="DefaultProfile" type="profileId_t" minOccurs="1" maxOccurs="1"/>
+        </xs:sequence>
+    </xs:complexType>
+
+    <!--below is the definition of the config xml content-->
+    <xs:element name="AssignedAccessConfiguration">
+        <xs:complexType>
+            <xs:all minOccurs="1">
+                <xs:element name="Profiles" type="profile_list_t">
+                </xs:element>
+                <xs:element name="Configs" type="config_list_t"/>
+            </xs:all>
+        </xs:complexType>
+    </xs:element>
+</xs:schema>
+```
\ No newline at end of file

From ecf0396ff22eff74f32d69c6ba54703b68b2ca03 Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Tue, 8 Aug 2017 10:11:19 -0700
Subject: [PATCH 10/37] sync

---
 ...-by-using-provisioning-packages-and-icd.md |  2 +-
 .../lock-down-windows-10-to-specific-apps.md  | 24 +++++++++----------
 2 files changed, 12 insertions(+), 14 deletions(-)

diff --git a/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md b/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
index c4a13cef3a..18f215ad22 100644
--- a/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
+++ b/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
@@ -100,7 +100,7 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
 
     -   **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen.
 
-    -   **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Select...** and choosing the certificate you want to use to sign the package.
+    -   **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Browse** and choosing the certificate you want to use to sign the package.
 
 12. Click **Next** to specify the output location where you want the provisioning package to go when it's built. By default, Windows Imaging and Configuration Designer (ICD) uses the project folder as the output location.
 
diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index eec365b65e..302ba40b43 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -183,6 +183,10 @@ This example pins Groove Music, Movies & TV, Photos, Weather, Calculator, Paint,
       </StartLayout>
 ```
 
+>[!NOTE]
+>If an app is not installed for the user but is included in the Start layout XML, the app will not be shown on the Start screen. 
+
+
 ![What the Start screen looks like when the XML sample is applied](images/sample-start.png)
 
 #### Taskbar
@@ -256,21 +260,13 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
 
 6. Expand **Runtime settings** &gt; **AssignedAccess** &gt; **MultiAppAssignedAccessSettings**.
 
-7. Enter **layout.xml**. This value creates a placeholder in the customizations.xml file that you will replace with the contents of the layout.xml file in a later step.
+7. In the center pane, click **Browse** to locate and select the assigned access configuration XML file that you created.
 
-7. Save your project and close Windows Configuration Designer.
+  ![Screenshot of the MultiAppAssignedAccessSettings field in Windows Configuration Designer](images/multiappassignedaccesssettings.png)
 
-7. In File Explorer, open the project's directory. (The default location is C:\Users\\*user name*\Documents\Windows Imaging and Configuration Designer (WICD)\\*project name*) 
+8. (**Optional**: If you want to apply the provisioning package after device initial setup and there is an admin user already available on the kiosk device, skip this step.) Create an admin user account in **Runtime settings** &gt; **Accounts** &gt; **Users**. Provide a **UserName** and **Password**, and select **UserGroup** as **Administrators**. With this account, you can view the provisioning status and logs if needed.   
 
-7. Open the customizations.xml file in a text editor. The **&lt;Customizations&gt;** section will look like this:
-
-    ![Customizations file with the placeholder text to replace highlighted](images/customization-start.png)
-
-7. Replace **layout.xml** with the text from the layout.xml file, [with markup characters replaced with escape characters](#escape).
-
-8. Save and close the customizations.xml file.
-
-8. Open Windows Configuration Designer and open your project.
+8. (**Optional**: If you already have a non-admin account on the kiosk device, skip this step.) Create a local standard user account in **Runtime settings** &gt; **Accounts** &gt; **Users**. Make sure the **UserName** is the same as the account that you specify in the configuration XML. Select **UserGroup** as **Standard Users**.
 
 8.  On the **File** menu, select **Save.**
 
@@ -282,7 +278,7 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
 
     -   **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen.
 
-    -   **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Select...** and choosing the certificate you want to use to sign the package.
+    -   **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Browse** and choosing the certificate you want to use to sign the package.
 
 12. Click **Next** to specify the output location where you want the provisioning package to go when it's built. By default, Windows Imaging and Configuration Designer (ICD) uses the project folder as the output location.
 
@@ -300,6 +296,8 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
 
     -   If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build.
     -   If you are done, click **Finish** to close the wizard and go back to the **Customizations Page**.
+    
+15. Copy the provisioning package to the root directory of a USB drive.
 
 <span id="apply-ppkg" />
 ## Apply provisioning package to device

From 20d7e2954a06b99f18c97b747c2f8274b14aa29b Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Tue, 8 Aug 2017 10:41:26 -0700
Subject: [PATCH 11/37] sync

---
 .../lock-down-windows-10-to-specific-apps.md  | 41 +++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index 302ba40b43..0aa83ed072 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -302,6 +302,47 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
 <span id="apply-ppkg" />
 ## Apply provisioning package to device
 
+Provisioning packages can be applied to a device during the first-run experience (out-of-box experience or "OOBE") and after ("runtime").
+
+
+### During initial setup, from a USB drive
+
+1. Start with a computer on the first-run setup screen. If the PC has gone past this screen, reset the PC to start over. To reset the PC, go to **Settings** > **Update & security** > **Recovery** > **Reset this PC**.
+
+    ![The first screen to set up a new PC](../images/oobe.jpg)
+
+2. Insert the USB drive. Windows Setup will recognize the drive and ask if you want to set up the device. Select **Set up**.
+
+    ![Set up device?](../images/setupmsg.jpg)
+
+3. The next screen asks you to select a provisioning source. Select **Removable Media** and tap **Next**.
+
+    ![Provision this device](../images/prov.jpg)
+    
+4. Select the provisioning package (\*.ppkg) that you want to apply, and tap **Next**.
+
+    ![Choose a package](../images/choose-package.png)
+
+5. Select **Yes, add it**.
+
+    ![Do you trust this package?](../images/trust-package.png)
+    
+
+    
+### After setup, from a USB drive, network folder, or SharePoint site
+
+1. Sign in with an admin account.
+2. Insert the USB drive to a desktop computer, navigate to **Settings** > **Accounts** > **Access work or school** > **Add or remove a provisioning package** > **Add a package**, and select the package to install. 
+
+>[!NOTE]
+>if your provisioning package doesn’t include the assigned access user account creation, make sure the account you specified in the multi-app configuration XML exists on the device. 
+
+![add a package option](../images/package.png)
+
+### Validate provisioning
+
+-	Go to **Settings** > **Accounts** > **Access work or school**, and then click **Add or remove a provisioning package**. You should see a list of packages that were applied to the device, including the one you applied for the multi-app configuration.
+- Optionally, run Event Viewer (eventvwr.exe) and look through logs under **Applications and Services Logs** > **Microsoft** > **Windows** > **Provisioning-Diagnostics-Provider** > **Admin**.
 
 
 ## Considerations for mixed-reality devices

From 7afa9eded4414290970ef1ee5326b906200bd5e7 Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Tue, 8 Aug 2017 10:58:32 -0700
Subject: [PATCH 12/37] fix image links

---
 .../lock-down-windows-10-to-specific-apps.md  | 93 +++++++++++++++++--
 1 file changed, 83 insertions(+), 10 deletions(-)

diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index 0aa83ed072..c25edb0187 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -213,9 +213,9 @@ The full multi-app assigned access experience can only work for non-admin users.
 
 
 The account can be local, domain, or Azure Active Directory (Azure AD). Groups are not supported.
-•	Local account can be entered as `machinename\account` or `.\account` or just `account`.
-•	Domain account should be entered as `domain\account`.
-•	Azure AD account must be specified in this format: `AzureAD\{email address}`. **AzureAD** must be provided AS IS (consider it’s a fixed domain name), then follow with the Azure AD email address, e.g. **AzureAD\someone@contoso.onmicrosoft.com**.
+- Local account can be entered as `machinename\account` or `.\account` or just `account`.
+- Domain account should be entered as `domain\account`.
+- Azure AD account must be specified in this format: `AzureAD\{email address}`. **AzureAD** must be provided AS IS (consider it’s a fixed domain name), then follow with the Azure AD email address, e.g. **AzureAD\someone@contoso.onmicrosoft.com**.
 
 >[!WARNING]
 >Although **Start** &gt; **Settings** &gt; **Accounts** &gt; **Other users** &gt; **Set up assigned access** only supports specifying a local user account, Assigned Access can be configured via WMI or CSP to run its applications under a domain user or service account, rather than a local account.  However, use of domain user or service accounts introduces risks that an attacker subverting the Assigned Access application might gain access to sensitive domain resources that have been inadvertently left accessible to any domain account. We recommend that customers proceed with caution when using domain accounts with Assigned Access, and consider the domain resources potentially exposed by the decision to do so.
@@ -309,23 +309,23 @@ Provisioning packages can be applied to a device during the first-run experience
 
 1. Start with a computer on the first-run setup screen. If the PC has gone past this screen, reset the PC to start over. To reset the PC, go to **Settings** > **Update & security** > **Recovery** > **Reset this PC**.
 
-    ![The first screen to set up a new PC](../images/oobe.jpg)
+    ![The first screen to set up a new PC](images/oobe.jpg)
 
 2. Insert the USB drive. Windows Setup will recognize the drive and ask if you want to set up the device. Select **Set up**.
 
-    ![Set up device?](../images/setupmsg.jpg)
+    ![Set up device?](images/setupmsg.jpg)
 
 3. The next screen asks you to select a provisioning source. Select **Removable Media** and tap **Next**.
 
-    ![Provision this device](../images/prov.jpg)
+    ![Provision this device](images/prov.jpg)
     
 4. Select the provisioning package (\*.ppkg) that you want to apply, and tap **Next**.
 
-    ![Choose a package](../images/choose-package.png)
+    ![Choose a package](images/choose-package.png)
 
 5. Select **Yes, add it**.
 
-    ![Do you trust this package?](../images/trust-package.png)
+    ![Do you trust this package?](images/trust-package.png)
     
 
     
@@ -337,20 +337,93 @@ Provisioning packages can be applied to a device during the first-run experience
 >[!NOTE]
 >if your provisioning package doesn’t include the assigned access user account creation, make sure the account you specified in the multi-app configuration XML exists on the device. 
 
-![add a package option](../images/package.png)
+![add a package option](images/package.png)
 
 ### Validate provisioning
 
 -	Go to **Settings** > **Accounts** > **Access work or school**, and then click **Add or remove a provisioning package**. You should see a list of packages that were applied to the device, including the one you applied for the multi-app configuration.
 - Optionally, run Event Viewer (eventvwr.exe) and look through logs under **Applications and Services Logs** > **Microsoft** > **Windows** > **Provisioning-Diagnostics-Provider** > **Admin**.
 
+### Validate multi-app kiosk configuration
+
+Sign in with the assigned access user account you specified in the configuration to check out the multi-app experience. 
+
+>[!NOTE] 
+>The setting will take effect the next time the assigned access user signs in. If that user account is signed in when you apply the configuration, make sure the user signs out and signs back in to validate the experience. 
+
+The following sections explain what to expect on a multi-app kiosk.
+
+#### App launching and switching experience
+
+In the multi-app mode, to maximize the user productivity and streamline the experience, an app will be always launched in full screen when the users click the tile on the Start. The users can minimize and close the app, but cannot resize the app window.  
+
+The users can switch apps just as they do today in Windows. They can use the Task View button, Alt + Tab hotkey, and the swipe in from the left gesture to view all the open apps in task view. They can click the Windows button to show Start, from which they can open apps, and they can switch to an opened app by clicking it on the taskbar. 
+
+#### Start changes
+
+When the assigned access user signs in, you should see a restricted Start experience:
+- Start gets launched in full screen and prevents the end user from accessing the desktop. 
+- Start shows the layout aligned with what you defined in the multi-app configuration XML. 
+- Start prevents the end user from changing the tile layout.
+  - The user cannot resize, reposition, and unpin the tiles.
+  - The user cannot pin additional tiles on the start.
+- Start hides **All Apps** list.
+- Start hides all the folders on Start (including File Explorer, Settings, Documents, Downloads, Music, Pictures, Videos, HomeGroup, Network, and Personal folders). 
+- Only **User** and **Power** buttons are available. (You can control whether to show the **User/Power** buttons using [existing policies](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start).) 
+- Start hides **Change account settings** option under **User** button.
+
+#### Taskbar changes
+
+If the applied multi-app configuration enables taskbar, when the assigned access user signs in, you should see a restricted Taskbar experience:
+- Disables context menu of Start button (Quick Link)
+- Disables context menu of taskbar
+- Prevents the end user from changing the taskbar
+- Disables Cortana and Search Windows
+- Hides notification icons and system icons, e.g. Action Center, People, Windows Ink Workspace
+- Allows the end user to view the status of the network connection and power state, but disables the flyout of **Network/Power** to prevent end user from changing the settings
+
+#### Blocked hotkeys
+
+The multi-app mode blocks the following hotkeys, which are not relevant for the lockdown experience. 
+
+| Hotkey | Action |
+| --- | --- |
+| Windows logo key  + A	 | Open Action center |
+| Windows logo key  + Shift + C |	Open Cortana in listening mode |
+| Windows logo key  + D	| Display and hide the desktop |
+| Windows logo key  + Alt + D	| Display and hide the date and time on the desktop |
+| Windows logo key  + E	| Open File Explorer |
+| Windows logo key  + F |	Open Feedback Hub |
+| Windows logo key  + G	| Open Game bar when a game is open |
+| Windows logo key  + I	| Open Settings |
+| Windows logo key  + J |	Set focus to a Windows tip when one is available. |
+| Windows logo key  + O	| Lock device orientation |
+| Windows logo key  + Q	 | Open search |
+| Windows logo key  + R	| Open the Run dialog box |
+| Windows logo key  + S	| Open search |
+| Windows logo key  + X	| Open the Quick Link menu |
+| Windows logo key  + comma (,) |	Temporarily peek at the desktop |
+| Windows logo key  + Ctrl + F |	Search for PCs (if you're on a network) |
+
+
+#### Locked-down Ctrl+Alt+Del screen
+
+The multi-app mode removes options (e.g. **Change a password**, **Task Manager**, **Network**) in the Ctrl+Alt+Del screen to ensure the users cannot access the functionalities that are not allowed in the lockdown experience. 
+
+
+
+
+
+
+
+
 
 ## Considerations for mixed-reality devices
 
 *There are some Mixed Reality specific bits we wanted to include. For example, the IT Admin needs to include the Mixed Reality Portal as an allowed app if they want to include Mixed Reality apps in kiosk mode.*
 
 <span id="lnk-files" />
-#### placeholder for lnk
+## placeholder for lnk
 
 
 

From 9fef01eed8d22124633263f9ba3634f8d14dbb01 Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Tue, 8 Aug 2017 12:31:38 -0700
Subject: [PATCH 13/37] test table

---
 .../lock-down-windows-10-to-specific-apps.md  | 48 ++++++++++++++++++-
 1 file changed, 46 insertions(+), 2 deletions(-)

diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index c25edb0187..61203cce6c 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -206,7 +206,7 @@ The following example hides the taskbar:
 
 ### Configs
 
-Under **Configs**, define which user account will be associated with the profile. When this user account signs in on the device, the associated assigned access profile will be enforced, including the allowed apps, Start layout, and taskbar configuration, as well as other local group policies or MDM policies set as part of the multi-app experience. 
+Under **Configs**, define which user account will be associated with the profile. When this user account signs in on the device, the associated assigned access profile will be enforced, including the allowed apps, Start layout, and taskbar configuration, as well as other local group policies or mobile device management (MDM) policies set as part of the multi-app experience. 
 
 The full multi-app assigned access experience can only work for non-admin users. It’s not supported to associate an admin user with the assigned access profile; doing this in the XML file will result in unexpected/unsupported experiences when this admin user signs in.  
 
@@ -406,12 +406,14 @@ The multi-app mode blocks the following hotkeys, which are not relevant for the
 | Windows logo key  + Ctrl + F |	Search for PCs (if you're on a network) |
 
 
+
 #### Locked-down Ctrl+Alt+Del screen
 
 The multi-app mode removes options (e.g. **Change a password**, **Task Manager**, **Network**) in the Ctrl+Alt+Del screen to ensure the users cannot access the functionalities that are not allowed in the lockdown experience. 
 
+#### Auto-trigger touch keyboard
 
-
+In the multi-app mode, the touch keyboard will be automatically triggered when there is an input needed and no physical keyboard is attached on touch-enabled devices. You don’t need to configure any other setting to enforce this behavior. 
 
 
 
@@ -422,10 +424,52 @@ The multi-app mode removes options (e.g. **Change a password**, **Task Manager**
 
 *There are some Mixed Reality specific bits we wanted to include. For example, the IT Admin needs to include the Mixed Reality Portal as an allowed app if they want to include Mixed Reality apps in kiosk mode.*
 
+
 <span id="lnk-files" />
 ## placeholder for lnk
 
 
+## Policies set by multi-app kiosk configuration
+
+### Group Policy
+
+The following local policies affect all **non-administrator** users on the system, regardless whether the user is configured as an assigned access user or not.  This includes local users, domain users, and Azure Active Directory users.
+
+| Setting |	Value |
+| --- | --- |
+Remove access to the context menus for the task bar	| Enabled
+Clear history of recently opened documents on exit |	Enabled
+Prevent users from customizing their Start Screen |	Enabled
+Prevent users from uninstalling applications from Start |		Enabled
+Remove All Programs list from the Start menu |		Enabled
+Remove Run menu from Start Menu	 |	Enabled
+Disable showing balloon notifications as toast |		Enabled
+Do not allow pinning items in Jump Lists |		Enabled
+Do not allow pinning programs to the Taskbar |		Enabled
+Do not display or track items in Jump Lists from remote locations |		Enabled
+Remove Notifications and Action Center |		Enabled
+Lock all taskbar settings |		Enabled
+Lock the Taskbar	 |	Enabled
+Prevent users from adding or removing toolbars |		Enabled
+Prevent users from resizing the taskbar	 |	Enabled
+Remove frequent programs list from the Start Menu |		Enabled
+Remove Pinned programs from the taskbar	 |	Enabled
+Remove the Security and Maintenance icon	 |	Enabled
+Turn off all balloon notifications |		Enabled
+Turn off feature advertisement balloon notifications	 |	Enabled
+Turn off toast notifications |		Enabled
+Remove Task Manager |		Enabled
+Remove Change Password option in Security Options UI |		Enabled
+Remove Sign Out option in Security Options UI	 |	Enabled
+Remove All Programs list from the Start Menu	 |	Enabled – Remove and disable setting
+Prevent access to drives from My Computer	 |	Enabled - Restrict all drivers
+
+
+
+
+
+### MDM policy
+
 
 
 

From ed412a7a5e6f06098c5a9d01216e1f4e798e04cd Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Tue, 8 Aug 2017 12:59:56 -0700
Subject: [PATCH 14/37] lnk files

---
 .../lock-down-windows-10-to-specific-apps.md  | 28 +++++++++++++++----
 1 file changed, 22 insertions(+), 6 deletions(-)

diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index 61203cce6c..fdc42e2380 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -425,8 +425,7 @@ In the multi-app mode, the touch keyboard will be automatically triggered when t
 *There are some Mixed Reality specific bits we wanted to include. For example, the IT Admin needs to include the Mixed Reality Portal as an allowed app if they want to include Mixed Reality apps in kiosk mode.*
 
 
-<span id="lnk-files" />
-## placeholder for lnk
+
 
 
 ## Policies set by multi-app kiosk configuration
@@ -471,15 +470,32 @@ Prevent access to drives from My Computer	 |	Enabled - Restrict all drivers
 ### MDM policy
 
 
+Some of the MDM policies affect all users on the system (i.e. system-wide).
 
+Setting	| 	Value	| System-wide
+ --- | --- | ---
+Experience/AllowCortana		| Disabled	| 	Yes
+Start/AllowPinnedFolderSettings	| 	Disabled	| 	Yes
+Start/HidePeopleBar		| Enabled	| 	Yes
+Start/HideChangeAccountSettings		| Enabled		| Yes
+WindowsInkWorkspace/AllowWindowsInkWorkspace	| 	Disabled	| 	Yes
+Start/StartLayout	| Configuration dependent	| 	No
+WindowsLogon/DontDisplayNetworkSectionUI	| 	Enabled	| 	Yes
 
+<span id="lnk-files" />
+## Provision .lnk files using Windows Configuration Designer
 
+First, create your desktop app's shortcut file by installing the app on a test device. Right-click the installed application, and choose **Send to** > **Desktop (create shortcut)**. Rename the shortcut to `<appName>.lnk`
 
- 
-
- 
-
+Next, create a batch file with two commands. If the desktop app is already installed on the target device, skip the first command for MSI install. 
 
+```
+msiexec /I "<appName>.msi" /qn /norestart
+copy <appName>.lnk "%AllUsersProfile\Microsoft\Windows\Start Menu\Programs\<appName>.lnk"
+```
 
+In Windows Configuration Designer, under **ProvisioningCommands** > **DeviceContext**:
 
+- Under CommandFiles, upload your batch file, your .lnk file, and your desktop app installation file 
+- Under CommandLine, enter cmd /c <batchFileName>.bat
 

From 37f226072848bb36e2dbad17d70eb95849e5f189 Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Wed, 9 Aug 2017 06:54:32 -0700
Subject: [PATCH 15/37] Edu or Ent

---
 windows/configuration/lock-down-windows-10-to-specific-apps.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index fdc42e2380..3eab3df448 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -37,7 +37,7 @@ Process:
 ## Prerequisites
 
 - (latest version of WCD -- is Store version okay at GA?)
-- kiosk device on 1709
+- The kiosk device must be running Windows 10 (Enterprise or Education), version 1709
 
 
 ## Create XML file

From 0b0cf6d2edfa9d1454141905f75680762e0935f6 Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Wed, 9 Aug 2017 12:37:23 -0700
Subject: [PATCH 16/37] Johnson feedback

---
 .../lock-down-windows-10-to-specific-apps.md           | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index 3eab3df448..47da3a434e 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -37,7 +37,7 @@ Process:
 ## Prerequisites
 
 - (latest version of WCD -- is Store version okay at GA?)
-- The kiosk device must be running Windows 10 (Enterprise or Education), version 1709
+- The kiosk device must be running Windows 10 (Pro, Enterprise, or Education), version 1709
 
 
 ## Create XML file
@@ -195,11 +195,15 @@ Define whether you want to have the taskbar present in the kiosk device. For tab
 
 The following example exposes the taskbar to the end user:
 
-      `<Taskbar ShowTaskbar="true"/>`
+```xml
+<Taskbar ShowTaskbar="true"/>
+```
       
 The following example hides the taskbar:
 
-      `<Taskbar ShowTaskbar="false"/>`
+```xml
+<Taskbar ShowTaskbar="false"/>
+```
       
 >[!NOTE]
 >This is different from the **Automatically hide the taskbar** option in tablet mode, which shows the taskbar when swiping up from or moving the mouse pointer down to the bottom of the screen. Setting **ShowTaskbar** as **false** will always keep the taskbar hidden. 

From 87a2d0a7d0408baf31ee5cf1532594df9c9c7246 Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Thu, 10 Aug 2017 07:04:27 -0700
Subject: [PATCH 17/37] Evan feedback

---
 .../lock-down-windows-10-to-specific-apps.md              | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index 47da3a434e..6f1dbb4855 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -480,7 +480,7 @@ Setting	| 	Value	| System-wide
  --- | --- | ---
 Experience/AllowCortana		| Disabled	| 	Yes
 Start/AllowPinnedFolderSettings	| 	Disabled	| 	Yes
-Start/HidePeopleBar		| Enabled	| 	Yes
+Start/HidePeopleBar		| Enabled	| 	No
 Start/HideChangeAccountSettings		| Enabled		| Yes
 WindowsInkWorkspace/AllowWindowsInkWorkspace	| 	Disabled	| 	Yes
 Start/StartLayout	| Configuration dependent	| 	No
@@ -495,11 +495,11 @@ Next, create a batch file with two commands. If the desktop app is already insta
 
 ```
 msiexec /I "<appName>.msi" /qn /norestart
-copy <appName>.lnk "%AllUsersProfile\Microsoft\Windows\Start Menu\Programs\<appName>.lnk"
+copy <appName>.lnk "%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\<appName>.lnk"
 ```
 
 In Windows Configuration Designer, under **ProvisioningCommands** > **DeviceContext**:
 
-- Under CommandFiles, upload your batch file, your .lnk file, and your desktop app installation file 
-- Under CommandLine, enter cmd /c <batchFileName>.bat
+- Under **CommandFiles**, upload your batch file, your .lnk file, and your desktop app installation file 
+- Under **CommandLine**, enter cmd /c *FileName*.bat
 

From ed13ede835e8e1b2d493cfa1cdf80e32802cefc2 Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Thu, 10 Aug 2017 07:09:26 -0700
Subject: [PATCH 18/37] Chandler feedback

---
 .../lock-down-windows-10-to-specific-apps.md  | 22 +++++++++----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index 6f1dbb4855..0f9c3e2e49 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -44,7 +44,7 @@ Process:
 
 Let's start by looking at the basic structure of the XML file. 
 
-- A configuration xml can define multiple *profiles*. Each profile has a unique **Id** and defines a set of applications that are allowed to run. 
+- A configuration xml can define multiple *profiles*. Each profile has a unique **Id** and defines a set of applications that are allowed to run, whether the taskbar is visible, and can include a custom Start layout. 
 
 - A configuration xml can have multiple *config* sections. Each config section associates a non-admin user account to a default profile **Id**. 
 
@@ -96,8 +96,8 @@ The profile **Id** is a GUID attribute to uniquely identify the profile. You can
 
 ```xml
 <Profiles>
-    <Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}">…</Profile>
-  </Profiles>
+  <Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}">…</Profile>
+</Profiles>
 ```
 
 #### AllowedApps
@@ -139,7 +139,7 @@ The following example allows Groove Music, Movies & TV, Photos, Weather, Calcula
           <App DesktopAppPath="%windir%\system32\mspaint.exe" />
           <App DesktopAppPath="C:\Windows\System32\notepad.exe" />
         </AllowedApps>
-      </AllAppsList>
+</AllAppsList>
 ```
 
 #### StartLayout
@@ -180,7 +180,7 @@ This example pins Groove Music, Movies & TV, Photos, Weather, Calculator, Paint,
                       </DefaultLayoutOverride>
                     </LayoutModificationTemplate>
                 ]]>
-      </StartLayout>
+</StartLayout>
 ```
 
 >[!NOTE]
@@ -222,7 +222,7 @@ The account can be local, domain, or Azure Active Directory (Azure AD). Groups a
 - Azure AD account must be specified in this format: `AzureAD\{email address}`. **AzureAD** must be provided AS IS (consider it’s a fixed domain name), then follow with the Azure AD email address, e.g. **AzureAD\someone@contoso.onmicrosoft.com**.
 
 >[!WARNING]
->Although **Start** &gt; **Settings** &gt; **Accounts** &gt; **Other users** &gt; **Set up assigned access** only supports specifying a local user account, Assigned Access can be configured via WMI or CSP to run its applications under a domain user or service account, rather than a local account.  However, use of domain user or service accounts introduces risks that an attacker subverting the Assigned Access application might gain access to sensitive domain resources that have been inadvertently left accessible to any domain account. We recommend that customers proceed with caution when using domain accounts with Assigned Access, and consider the domain resources potentially exposed by the decision to do so.
+>Assigned Access can be configured via WMI or CSP to run its applications under a domain user or service account, rather than a local account.  However, use of domain user or service accounts introduces risks that an attacker subverting the Assigned Access application might gain access to sensitive domain resources that have been inadvertently left accessible to any domain account. We recommend that customers proceed with caution when using domain accounts with Assigned Access, and consider the domain resources potentially exposed by the decision to do so.
 
 
 Before applying the multi-app configuration, make sure the specified user account is available on the device, otherwise it will fail.
@@ -233,11 +233,11 @@ Before applying the multi-app configuration, make sure the specified user accoun
 
 ```xml
 <Configs>
-    <Config>
-      <Account>MultiAppKioskUser</Account>
-      <DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"/>
-    </Config>
-  </Configs> 
+  <Config>
+    <Account>MultiAppKioskUser</Account>
+    <DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"/>
+  </Config>
+</Configs> 
 ```
 
 

From fff16fccbb7870a0c3303141f082f75aa1bbd94d Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Thu, 10 Aug 2017 07:29:04 -0700
Subject: [PATCH 19/37] Chandler feedback

---
 .../lock-down-windows-10-to-specific-apps.md       | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index 0f9c3e2e49..851affbd69 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -474,17 +474,17 @@ Prevent access to drives from My Computer	 |	Enabled - Restrict all drivers
 ### MDM policy
 
 
-Some of the MDM policies affect all users on the system (i.e. system-wide).
+Some of the MDM policies based on the [Policy configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider) affect all users on the system (i.e. system-wide).
 
 Setting	| 	Value	| System-wide
  --- | --- | ---
-Experience/AllowCortana		| Disabled	| 	Yes
-Start/AllowPinnedFolderSettings	| 	Disabled	| 	Yes
-Start/HidePeopleBar		| Enabled	| 	No
-Start/HideChangeAccountSettings		| Enabled		| Yes
-WindowsInkWorkspace/AllowWindowsInkWorkspace	| 	Disabled	| 	Yes
+Experience/AllowCortana		| 0 - Not allowed	| 	Yes
+Start/AllowPinnedFolderSettings	| 	0 - Shortcut is hidden and disables the setting in the Settings app	| 	Yes
+Start/HidePeopleBar		| 1 - True (hide)	| 	No
+Start/HideChangeAccountSettings		| 1 - True (hide) | Yes
+WindowsInkWorkspace/AllowWindowsInkWorkspace	| 	0 - Access to ink workspace is disabled and the feature is turned off	| 	Yes
 Start/StartLayout	| Configuration dependent	| 	No
-WindowsLogon/DontDisplayNetworkSectionUI	| 	Enabled	| 	Yes
+WindowsLogon/DontDisplayNetworkSelectionUI	| 	&lt;Enabled/&gt;	| 	Yes
 
 <span id="lnk-files" />
 ## Provision .lnk files using Windows Configuration Designer

From e216a81eb02c29097cd41a4670d5099b936d79f8 Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Thu, 10 Aug 2017 12:33:05 -0700
Subject: [PATCH 20/37] new troubleshooting topic multi-app

---
 windows/configuration/TOC.md                  |  1 +
 .../multi-app-kiosk-troubleshoot.md           | 50 +++++++++++++++++++
 2 files changed, 51 insertions(+)
 create mode 100644 windows/configuration/multi-app-kiosk-troubleshoot.md

diff --git a/windows/configuration/TOC.md b/windows/configuration/TOC.md
index 4166b7475b..e418e5df3f 100644
--- a/windows/configuration/TOC.md
+++ b/windows/configuration/TOC.md
@@ -9,6 +9,7 @@
 ### [Set up a kiosk on Windows 10 Pro, Enterprise, or Education](set-up-a-kiosk-for-windows-10-for-desktop-editions.md)
 ### [Guidelines for choosing an app for assigned access (kiosk mode)](guidelines-for-assigned-access-app.md)
 ### [Create a Windows 10 kiosk that runs multiple apps](lock-down-windows-10-to-specific-apps.md)
+#### [Troubleshoot multi-app kiosk](multi-app-kiosk-troubleshoot.md)
 #### [Use AppLocker to create a Windows 10 kiosk that runs multiple apps](lock-down-windows-10-applocker.md)
 #### [Multi-app kiosk XML reference](multi-app-kiosk-xml.md)
 ## [Configure Windows 10 Mobile devices](mobile-devices/configure-mobile.md)
diff --git a/windows/configuration/multi-app-kiosk-troubleshoot.md b/windows/configuration/multi-app-kiosk-troubleshoot.md
new file mode 100644
index 0000000000..9f065e2414
--- /dev/null
+++ b/windows/configuration/multi-app-kiosk-troubleshoot.md
@@ -0,0 +1,50 @@
+---
+title: Troubleshoot multi-app kiosk (Windows 10)
+description: Tips for troubleshooting multi-app kiosk configuration.
+ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8
+keywords: ["lockdown", "app restrictions"]
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: edu, security
+author: jdeckerms
+ms.localizationpriority: medium
+---
+
+# Troubleshoot multi-app kiosk
+
+
+**Applies to**
+
+-   Windows 10
+
+## Unexpected results
+
+For example:
+- Start is not launched in full-screen
+- Blocked hotkeys are allowed
+- Task Manager, Cortana, or Settings can be launched
+- Start layout has more apps than expected
+
+**Troubleshooting steps**
+
+1. [Verify that the provisioning package is applied successfully](lock-down-windows-10-to-specific-apps.md#validate-provisioning).
+2. Verify that the account (config) is mapped to a profile in the configuration XML file.
+3. Verify that the configuration XML file is authored and formatted correctly. Correct any configuration errors, then create and apply a new provisioning package. Sign out and sign in again to check the new configuration.
+4. If the issue persists, [capture traces](https://msdn.microsoft.com/library/windows/desktop/dn904629.aspx) for components with the following GUIDs:
+    - 94097d3d-2a5a-5b8a-cdbd-194dd2e51a00
+    - ab84611c-2678-5cd7-d292-c940f9be6c6d
+    - f9f7f27c-5e5d-5273-468f-038e61965660
+    - 3e8fb07b-3e10-5981-01a9-fbd924fd5436
+
+## Apps configured in AllowedList are blocked
+
+1. Ensure the account is mapped to the correct profile and that the apps are specific for that profile. 
+2. Check the EventViewer logs for Applocker and AppxDeployment (under **Application and Services Logs\Microsoft\Windows**).
+
+
+## Start layout not as expected
+
+- Make sure the Start layout is authored correctly. Ensure that the attributes **Size**, **Row**, and **Column** are specified for each application and are valid.
+- Check if the apps included in the Start layout are installed for the assigned access user.
+- Check if the shortcut exists on the target device, if a desktop app is missing on Start.

From a756d2c12fc071651ff60efbb189fd9143e22c25 Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Thu, 10 Aug 2017 12:35:53 -0700
Subject: [PATCH 21/37] plus feedback

---
 windows/configuration/multi-app-kiosk-troubleshoot.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/windows/configuration/multi-app-kiosk-troubleshoot.md b/windows/configuration/multi-app-kiosk-troubleshoot.md
index 9f065e2414..2e4d7088da 100644
--- a/windows/configuration/multi-app-kiosk-troubleshoot.md
+++ b/windows/configuration/multi-app-kiosk-troubleshoot.md
@@ -48,3 +48,7 @@ For example:
 - Make sure the Start layout is authored correctly. Ensure that the attributes **Size**, **Row**, and **Column** are specified for each application and are valid.
 - Check if the apps included in the Start layout are installed for the assigned access user.
 - Check if the shortcut exists on the target device, if a desktop app is missing on Start.
+
+## Feedback
+
+Feedback and bugs can be submitted in the Feedback Hub. You can use the Problems Steps Recorder to reproduce the issue, and attach the resulting .zip file to your feedback.
\ No newline at end of file

From 3b96acd451e306aa12d1c1e3dde8bbadff17e464 Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Thu, 10 Aug 2017 12:37:01 -0700
Subject: [PATCH 22/37] add link

---
 windows/configuration/multi-app-kiosk-troubleshoot.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/configuration/multi-app-kiosk-troubleshoot.md b/windows/configuration/multi-app-kiosk-troubleshoot.md
index 2e4d7088da..6d9ef040cc 100644
--- a/windows/configuration/multi-app-kiosk-troubleshoot.md
+++ b/windows/configuration/multi-app-kiosk-troubleshoot.md
@@ -51,4 +51,4 @@ For example:
 
 ## Feedback
 
-Feedback and bugs can be submitted in the Feedback Hub. You can use the Problems Steps Recorder to reproduce the issue, and attach the resulting .zip file to your feedback.
\ No newline at end of file
+Feedback and bugs can be submitted in the Feedback Hub. You can use the [Problems Steps Recorder](https://support.microsoft.com/help/22878/windows-10-record-steps) to reproduce the issue, and attach the resulting .zip file to your feedback.
\ No newline at end of file

From 9fbecd8f17baccaae5ce699651f437a03f1dd246 Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Thu, 10 Aug 2017 12:41:06 -0700
Subject: [PATCH 23/37] add policy links

---
 .../lock-down-windows-10-to-specific-apps.md         | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index 851affbd69..da932fc46b 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -478,13 +478,13 @@ Some of the MDM policies based on the [Policy configuration service provider (CS
 
 Setting	| 	Value	| System-wide
  --- | --- | ---
-Experience/AllowCortana		| 0 - Not allowed	| 	Yes
-Start/AllowPinnedFolderSettings	| 	0 - Shortcut is hidden and disables the setting in the Settings app	| 	Yes
+[Experience/AllowCortana](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowcortana)		| 0 - Not allowed	| 	Yes
+[Start/AllowPinnedFolderSettings](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldersettings)	| 	0 - Shortcut is hidden and disables the setting in the Settings app	| 	Yes
 Start/HidePeopleBar		| 1 - True (hide)	| 	No
-Start/HideChangeAccountSettings		| 1 - True (hide) | Yes
-WindowsInkWorkspace/AllowWindowsInkWorkspace	| 	0 - Access to ink workspace is disabled and the feature is turned off	| 	Yes
-Start/StartLayout	| Configuration dependent	| 	No
-WindowsLogon/DontDisplayNetworkSelectionUI	| 	&lt;Enabled/&gt;	| 	Yes
+[Start/HideChangeAccountSettings](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-start#start-hidechangeaccountsettings)		| 1 - True (hide) | Yes
+[WindowsInkWorkspace/AllowWindowsInkWorkspace](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-windowsinkworkspace#windowsinkworkspace-allowwindowsinkworkspace)	| 	0 - Access to ink workspace is disabled and the feature is turned off	| 	Yes
+[Start/StartLayout](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-startlayout)	| Configuration dependent	| 	No
+[WindowsLogon/DontDisplayNetworkSelectionUI](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-windowslogon#windowslogon-dontdisplaynetworkselectionui)	| 	&lt;Enabled/&gt;	| 	Yes
 
 <span id="lnk-files" />
 ## Provision .lnk files using Windows Configuration Designer

From aa9bb660860770c7285d390d73643f46c40226fb Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Fri, 11 Aug 2017 06:36:54 -0700
Subject: [PATCH 24/37] sync

---
 .../lock-down-windows-10-to-specific-apps.md  | 39 ++++++++++++++-----
 1 file changed, 30 insertions(+), 9 deletions(-)

diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index da932fc46b..41c14f7bac 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -1,6 +1,6 @@
 ---
 title: Create a Windows 10 kiosk that runs multiple apps (Windows 10)
-description: Learn how to configure a kiosk device running Windows 10 Enterprise or Windows 10 Education so that users can only run a few specific apps.
+description: Learn how to configure a kiosk device running Windows 10 so that users can only run a few specific apps.
 ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8
 keywords: ["lockdown", "app restrictions", "applocker"]
 ms.prod: w10
@@ -34,10 +34,12 @@ Process:
 2. [Add XML file to provisioning package](#add-xml)
 3. [Apply provisioning package to device](#apply-ppkg)
 
+If you don't want to use a provisioning package, you can deploy the configuration XML file using [mobile device management (MDM)](#alternate-methods) or you can configure assigned access using the [MDM Bridge WMI Provider](#bridge).
+
 ## Prerequisites
 
 - (latest version of WCD -- is Store version okay at GA?)
-- The kiosk device must be running Windows 10 (Pro, Enterprise, or Education), version 1709
+- The kiosk device must be running Windows 10 (S, Pro, Enterprise, or Education), version 1709
 
 
 ## Create XML file
@@ -343,12 +345,31 @@ Provisioning packages can be applied to a device during the first-run experience
 
 ![add a package option](images/package.png)
 
+
+
 ### Validate provisioning
 
 -	Go to **Settings** > **Accounts** > **Access work or school**, and then click **Add or remove a provisioning package**. You should see a list of packages that were applied to the device, including the one you applied for the multi-app configuration.
 - Optionally, run Event Viewer (eventvwr.exe) and look through logs under **Applications and Services Logs** > **Microsoft** > **Windows** > **Provisioning-Diagnostics-Provider** > **Admin**.
 
-### Validate multi-app kiosk configuration
+
+<span id="alternate-methods" />
+## Use MDM to deploy the multi-app configuration 
+
+
+Multi-app kiosk mode is enabled by the [AssignedAccess configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp). Your MDM policy can contain the assigned access configuration XML. 
+
+If your test device is enrolled with a MDM server which supports applying the assigned access configuration, you can use it to apply the setting remotely. 
+
+The OMA-URI for multi-app policy is `./Device/Vendor/MSFT/AssignedAccess/Configuration`.
+
+
+<span id="bridge" />
+## Use MDM Bridge WMI Provider to configure assigned access
+
+
+
+## Validate multi-app kiosk configuration
 
 Sign in with the assigned access user account you specified in the configuration to check out the multi-app experience. 
 
@@ -357,13 +378,13 @@ Sign in with the assigned access user account you specified in the configuration
 
 The following sections explain what to expect on a multi-app kiosk.
 
-#### App launching and switching experience
+### App launching and switching experience
 
 In the multi-app mode, to maximize the user productivity and streamline the experience, an app will be always launched in full screen when the users click the tile on the Start. The users can minimize and close the app, but cannot resize the app window.  
 
 The users can switch apps just as they do today in Windows. They can use the Task View button, Alt + Tab hotkey, and the swipe in from the left gesture to view all the open apps in task view. They can click the Windows button to show Start, from which they can open apps, and they can switch to an opened app by clicking it on the taskbar. 
 
-#### Start changes
+### Start changes
 
 When the assigned access user signs in, you should see a restricted Start experience:
 - Start gets launched in full screen and prevents the end user from accessing the desktop. 
@@ -376,7 +397,7 @@ When the assigned access user signs in, you should see a restricted Start experi
 - Only **User** and **Power** buttons are available. (You can control whether to show the **User/Power** buttons using [existing policies](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start).) 
 - Start hides **Change account settings** option under **User** button.
 
-#### Taskbar changes
+### Taskbar changes
 
 If the applied multi-app configuration enables taskbar, when the assigned access user signs in, you should see a restricted Taskbar experience:
 - Disables context menu of Start button (Quick Link)
@@ -386,7 +407,7 @@ If the applied multi-app configuration enables taskbar, when the assigned access
 - Hides notification icons and system icons, e.g. Action Center, People, Windows Ink Workspace
 - Allows the end user to view the status of the network connection and power state, but disables the flyout of **Network/Power** to prevent end user from changing the settings
 
-#### Blocked hotkeys
+### Blocked hotkeys
 
 The multi-app mode blocks the following hotkeys, which are not relevant for the lockdown experience. 
 
@@ -411,11 +432,11 @@ The multi-app mode blocks the following hotkeys, which are not relevant for the
 
 
 
-#### Locked-down Ctrl+Alt+Del screen
+### Locked-down Ctrl+Alt+Del screen
 
 The multi-app mode removes options (e.g. **Change a password**, **Task Manager**, **Network**) in the Ctrl+Alt+Del screen to ensure the users cannot access the functionalities that are not allowed in the lockdown experience. 
 
-#### Auto-trigger touch keyboard
+### Auto-trigger touch keyboard
 
 In the multi-app mode, the touch keyboard will be automatically triggered when there is an input needed and no physical keyboard is attached on touch-enabled devices. You don’t need to configure any other setting to enforce this behavior. 
 

From 6b9c893a165dd1f242f418767bc40f827fa31077 Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Fri, 11 Aug 2017 09:10:37 -0700
Subject: [PATCH 25/37] add WMI Bridge

---
 .../lock-down-windows-10-to-specific-apps.md  | 66 +++++++++++++++++++
 1 file changed, 66 insertions(+)

diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index 41c14f7bac..c8b830041f 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -367,6 +367,72 @@ The OMA-URI for multi-app policy is `./Device/Vendor/MSFT/AssignedAccess/Configu
 <span id="bridge" />
 ## Use MDM Bridge WMI Provider to configure assigned access
 
+Environments that use WMI can use the [MDM Bridge WMI Provider](https://msdn.microsoft.com/library/windows/desktop/dn905224.aspx) to configure the MDM_AssignedAccess class. See [PowerShell Scripting with WMI Bridge Provider](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/using-powershell-scripting-with-the-wmi-bridge-provider) for more details about using a PowerShell script to configure AssignedAccess. 
+
+Here’s an example to set AssignedAccess configuration:
+
+1. Download the [psexec tool](https://technet.microsoft.com/sysinternals/bb897553.aspx).  
+2. Run `psexec.exe -i -s cmd.exe`.
+3. **WHAT GOES HERE? DOC JUST SAYS "powershell"** 
+4. Execute the following script:
+
+```ps
+$nameSpaceName="root\cimv2\mdm\dmmap"
+$className="MDM_AssignedAccess"
+$obj = Get-CimInstance -Namespace $namespaceName -ClassName $className
+$obj.Configuration = @"
+&lt;?xml version=&quot;1.0&quot; encoding=&quot;utf-8&quot; ?&gt;
+&lt;AssignedAccessConfiguration xmlns=&quot;http://schemas.microsoft.com/AssignedAccess/2017/config&quot;&gt;
+  &lt;Profiles&gt;
+    &lt;Profile Id=&quot;{9A2A490F-10F6-4764-974A-43B19E722C23}&quot;&gt;
+      &lt;AllAppsList&gt;
+        &lt;AllowedApps&gt;
+          &lt;App AppUserModelId=&quot;Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic&quot; /&gt;
+          &lt;App AppUserModelId=&quot;Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo&quot; /&gt;
+          &lt;App AppUserModelId=&quot;Microsoft.Windows.Photos_8wekyb3d8bbwe!App&quot; /&gt;
+          &lt;App AppUserModelId=&quot;Microsoft.BingWeather_8wekyb3d8bbwe!App&quot; /&gt;
+          &lt;App AppUserModelId=&quot;Microsoft.WindowsCalculator_8wekyb3d8bbwe!App&quot; /&gt;
+          &lt;App DesktopAppPath=&quot;%windir%\system32\mspaint.exe&quot; /&gt;
+          &lt;App DesktopAppPath=&quot;C:\Windows\System32\notepad.exe&quot; /&gt;
+        &lt;/AllowedApps&gt;
+      &lt;/AllAppsList&gt;
+      &lt;StartLayout&gt;
+        &lt;![CDATA[&lt;LayoutModificationTemplate xmlns:defaultlayout=&quot;http://schemas.microsoft.com/Start/2014/FullDefaultLayout&quot; xmlns:start=&quot;http://schemas.microsoft.com/Start/2014/StartLayout&quot; Version=&quot;1&quot; xmlns=&quot;http://schemas.microsoft.com/Start/2014/LayoutModification&quot;&gt;
+                      &lt;LayoutOptions StartTileGroupCellWidth=&quot;6&quot; /&gt;
+                      &lt;DefaultLayoutOverride&gt;
+                        &lt;StartLayoutCollection&gt;
+                          &lt;defaultlayout:StartLayout GroupCellWidth=&quot;6&quot;&gt;
+                            &lt;start:Group Name=&quot;Group1&quot;&gt;
+                              &lt;start:Tile Size=&quot;4x4&quot; Column=&quot;0&quot; Row=&quot;0&quot; AppUserModelID=&quot;Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic&quot; /&gt;
+                              &lt;start:Tile Size=&quot;2x2&quot; Column=&quot;4&quot; Row=&quot;2&quot; AppUserModelID=&quot;Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo&quot; /&gt;
+                              &lt;start:Tile Size=&quot;2x2&quot; Column=&quot;4&quot; Row=&quot;0&quot; AppUserModelID=&quot;Microsoft.Windows.Photos_8wekyb3d8bbwe!App&quot; /&gt;
+                              &lt;start:Tile Size=&quot;2x2&quot; Column=&quot;4&quot; Row=&quot;4&quot; AppUserModelID=&quot;Microsoft.BingWeather_8wekyb3d8bbwe!App&quot; /&gt;
+                              &lt;start:Tile Size=&quot;4x2&quot; Column=&quot;0&quot; Row=&quot;4&quot; AppUserModelID=&quot;Microsoft.WindowsCalculator_8wekyb3d8bbwe!App&quot; /&gt;
+                            &lt;/start:Group&gt;
+                            &lt;start:Group Name=&quot;Group2&quot;&gt;
+                              &lt;start:DesktopApplicationTile Size=&quot;2x2&quot; Column=&quot;2&quot; Row=&quot;0&quot; DesktopApplicationLinkPath=&quot;%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk&quot; /&gt;
+                              &lt;start:DesktopApplicationTile Size=&quot;2x2&quot; Column=&quot;0&quot; Row=&quot;0&quot; DesktopApplicationLinkPath=&quot;%APPDATA%\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk&quot; /&gt;
+                            &lt;/start:Group&gt;
+                          &lt;/defaultlayout:StartLayout&gt;
+                        &lt;/StartLayoutCollection&gt;
+                      &lt;/DefaultLayoutOverride&gt;
+                    &lt;/LayoutModificationTemplate&gt;
+                ]]&gt;
+      &lt;/StartLayout&gt;
+      &lt;Taskbar ShowTaskbar=&quot;true&quot;/&gt;
+    &lt;/Profile&gt;
+  &lt;/Profiles&gt;
+  &lt;Configs&gt;
+    &lt;Config&gt;
+      &lt;Account&gt;MultiAppKioskUser&lt;/Account&gt;
+      &lt;DefaultProfile Id=&quot;{9A2A490F-10F6-4764-974A-43B19E722C23}&quot;/&gt;
+    &lt;/Config&gt;
+  &lt;/Configs&gt;
+&lt;/AssignedAccessConfiguration&gt;
+"@
+ 
+Set-CimInstance -CimInstance $obj
+```
 
 
 ## Validate multi-app kiosk configuration

From bc67748390c8a8b2da57ac3d9e895b48451fad55 Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Fri, 11 Aug 2017 09:38:20 -0700
Subject: [PATCH 26/37] Lily feedback

---
 .../lock-down-windows-10-to-specific-apps.md             | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index c8b830041f..cb6ea2db23 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -224,13 +224,13 @@ The account can be local, domain, or Azure Active Directory (Azure AD). Groups a
 - Azure AD account must be specified in this format: `AzureAD\{email address}`. **AzureAD** must be provided AS IS (consider it’s a fixed domain name), then follow with the Azure AD email address, e.g. **AzureAD\someone@contoso.onmicrosoft.com**.
 
 >[!WARNING]
->Assigned Access can be configured via WMI or CSP to run its applications under a domain user or service account, rather than a local account.  However, use of domain user or service accounts introduces risks that an attacker subverting the Assigned Access application might gain access to sensitive domain resources that have been inadvertently left accessible to any domain account. We recommend that customers proceed with caution when using domain accounts with Assigned Access, and consider the domain resources potentially exposed by the decision to do so.
+>Assigned access can be configured via WMI or CSP to run its applications under a domain user or service account, rather than a local account.  However, use of domain user or service accounts introduces risks that an attacker subverting the assigned access application might gain access to sensitive domain resources that have been inadvertently left accessible to any domain account. We recommend that customers proceed with caution when using domain accounts with assigned access, and consider the domain resources potentially exposed by the decision to do so.
 
 
 Before applying the multi-app configuration, make sure the specified user account is available on the device, otherwise it will fail.
  
 >[!NOTE]
->For both domain and Azure AD accounts, it’s not required that target account is explicitly added to the device. As long as the device is AD-joined or Azure AD-joined, the account can be discovered in the domain forest or tenant that the device is joined to. For local accounts, it is required that the account exist before you configure the account for AssignedAccess.
+>For both domain and Azure AD accounts, it’s not required that target account is explicitly added to the device. As long as the device is AD-joined or Azure AD-joined, the account can be discovered in the domain forest or tenant that the device is joined to. For local accounts, it is required that the account exist before you configure the account for assigned access.
 
 
 ```xml
@@ -521,6 +521,11 @@ In the multi-app mode, the touch keyboard will be automatically triggered when t
 
 ## Policies set by multi-app kiosk configuration
 
+It is not recommended to set policies enforced in assigned access multi-app mode to different values using other channels, as the multi-app mode has been optimized to provide a locked-down experience.
+
+When the multi-app assigned access configuration is applied on the device, certain policies are enforced system-wide, and will impact other users on the device.
+
+
 ### Group Policy
 
 The following local policies affect all **non-administrator** users on the system, regardless whether the user is configured as an assigned access user or not.  This includes local users, domain users, and Azure Active Directory users.

From 2d85f06145509ee674f5d7f339823568804160a5 Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Fri, 11 Aug 2017 09:45:12 -0700
Subject: [PATCH 27/37] Chien-Her feedback

---
 .../configuration/lock-down-windows-10-to-specific-apps.md    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index cb6ea2db23..f05e2550d7 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -21,7 +21,7 @@ ms.localizationpriority: high
 A [kiosk device](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) typically runs a single app, and users are prevented from accessing any features or functions on the device outside of the kiosk app. In Windows 10, version 1709, the [AssignedAccess configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) has been expanded to make it easy for administrators to create kiosks that run more than one app. You can configure multi-app kiosks using a provisioning package.
 
 >[!NOTE]
->For devices running versions of Windows 10 earlier than version 1709, you can [create AppLocker rules](lock-down-windows-10-applocker.md) to configure a multi-app kiosk.
+>For devices running versions of Windows 10 earlier than version 1709, you can [create AppLocker rules](lock-down-windows-10-applocker.md) to configure a multi-app kiosk. Avoid applying AppLocker rules to devices running the multi-app kiosk configuration described in this topic.
 
 The benefit of a multi-app kiosk, or fixed-purpose device, is to provide an easy-to-understand experience for individuals by putting in front of them only the things they need to use, and removing from their view the things they don’t need to access. 
 
@@ -109,7 +109,7 @@ The profile **Id** is a GUID attribute to uniquely identify the profile. You can
 Based on the purpose of the kiosk device, define the list of applications that are allowed to run. This list can contain both UWP apps and desktop apps. When the mult-app kiosk configuration is applied to a device, AppLocker rules will be generated to allow the apps that are listed in the configuration.
 
 >[!NOTE]
->You cannot manage AppLocker rules that are generated by the multi-app kiosk configuration in [MMC snap-ins](https://technet.microsoft.com/library/hh994629.aspx#BKMK_Using_Snapins).
+>You cannot manage AppLocker rules that are generated by the multi-app kiosk configuration in [MMC snap-ins](https://technet.microsoft.com/library/hh994629.aspx#BKMK_Using_Snapins). Avoid applying AppLocker rules to devices running the multi-app kiosk configuration.
 
 - For UWP apps, you need to provide the App User Model ID (AUMID). [Learn how to get the AUMID](https://go.microsoft.com/fwlink/p/?LinkId=614867), or [get the AUMID from the Start Layout XML](#startlayout). 
 - For desktop apps, you need to specify the full path of the executable, which can contain one or more system environment variables in the form of %variableName% (i.e. %systemroot%, %windir%).

From 7fddc375e7014407e015a982346103e87ef5df10 Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Fri, 11 Aug 2017 09:48:37 -0700
Subject: [PATCH 28/37] fix link

---
 windows/configuration/lock-down-windows-10-to-specific-apps.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index f05e2550d7..644d811400 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -247,7 +247,7 @@ Before applying the multi-app configuration, make sure the specified user accoun
 <span id="add-xml" />
 ## Add XML file to provisioning package
 
-Before you add the XML file to a provisioning package, you can [validate your configuration XML against the XSD](multi-app-kiosk-xml.md).
+Before you add the XML file to a provisioning package, you can [validate your configuration XML against the XSD](multi-app-kiosk-xml.md#xsd-for-assignedaccess-configuration-xml).
 
 Use the Windows Configuration Designer tool to create a provisioning package. [Learn how to install Windows Configuration Designer.](provisioning-packages/provisioning-install-icd.md)
 

From 588b2a64b717a578812bca04d286bcff0200ff9b Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Mon, 14 Aug 2017 12:07:14 -0700
Subject: [PATCH 29/37] fixed meta fields

---
 windows/configuration/lock-down-windows-10-applocker.md        | 2 ++
 windows/configuration/lock-down-windows-10-to-specific-apps.md | 2 ++
 windows/configuration/multi-app-kiosk-troubleshoot.md          | 2 ++
 windows/configuration/multi-app-kiosk-xml.md                   | 2 ++
 4 files changed, 8 insertions(+)

diff --git a/windows/configuration/lock-down-windows-10-applocker.md b/windows/configuration/lock-down-windows-10-applocker.md
index 398e2d77e9..d4422e7212 100644
--- a/windows/configuration/lock-down-windows-10-applocker.md
+++ b/windows/configuration/lock-down-windows-10-applocker.md
@@ -9,6 +9,8 @@ ms.sitesec: library
 ms.pagetype: edu, security
 author: jdeckerms
 ms.localizationpriority: high
+ms.date: 10/05/2017
+ms.author: jdecker
 ---
 
 # Use AppLocker to create a Windows 10 kiosk that runs multiple apps
diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index 644d811400..3d5708f045 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -9,6 +9,8 @@ ms.sitesec: library
 ms.pagetype: edu, security
 author: jdeckerms
 ms.localizationpriority: high
+ms.date: 10/05/2017
+ms.author: jdecker
 ---
 
 # Create a Windows 10 kiosk that runs multiple apps
diff --git a/windows/configuration/multi-app-kiosk-troubleshoot.md b/windows/configuration/multi-app-kiosk-troubleshoot.md
index 6d9ef040cc..def3c5d507 100644
--- a/windows/configuration/multi-app-kiosk-troubleshoot.md
+++ b/windows/configuration/multi-app-kiosk-troubleshoot.md
@@ -9,6 +9,8 @@ ms.sitesec: library
 ms.pagetype: edu, security
 author: jdeckerms
 ms.localizationpriority: medium
+ms.date: 10/05/2017
+ms.author: jdecker
 ---
 
 # Troubleshoot multi-app kiosk
diff --git a/windows/configuration/multi-app-kiosk-xml.md b/windows/configuration/multi-app-kiosk-xml.md
index 642995cf1e..d355221ba5 100644
--- a/windows/configuration/multi-app-kiosk-xml.md
+++ b/windows/configuration/multi-app-kiosk-xml.md
@@ -9,6 +9,8 @@ ms.sitesec: library
 ms.pagetype: edu, security
 author: jdeckerms
 ms.localizationpriority: medium
+ms.date: 10/05/2017
+ms.author: jdecker
 ---
 
 # Multi-app kiosk XML reference

From 2b87e7e324f520425b5327d82d15c65a7b56c880 Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Wed, 16 Aug 2017 12:22:04 -0700
Subject: [PATCH 30/37] MR kiosk

---
 .../lock-down-windows-10-to-specific-apps.md       | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index 3d5708f045..c9c2485ef7 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -515,10 +515,22 @@ In the multi-app mode, the touch keyboard will be automatically triggered when t
 
 ## Considerations for mixed-reality devices
 
-*There are some Mixed Reality specific bits we wanted to include. For example, the IT Admin needs to include the Mixed Reality Portal as an allowed app if they want to include Mixed Reality apps in kiosk mode.*
 
+With the advent of [mixed-reality devices (video link)](https://www.youtube.com/watch?v=u0jqNioU2Lo), you might want to create a kiosk that can run mixed-reality apps. 
 
+To create a multi-app kiosk that can run mixed reality apps, you must include the following apps in the [AllowedApps list](#allowedapps):
 
+- <App AppUserModelId="MixedRealityLearning_cw5n1h2txyewy!MixedRealityLearning" />  
+- <App AppUserModelId="HoloShell_cw5n1h2txyewy!HoloShell" />  
+- <App AppUserModelId="Microsoft.Windows.HolographicFirstRun_cw5n1h2txyewy!App" /> 
+
+These are in addition to any mixed reality apps that you allow.
+
+**Before your kiosk user signs in:** An admin user must sign in to the PC, connect a mixed reality device, and complete the guided setup for the Mixed Reality Portal. The first time that the Mixed Reality Portal is set up, some files and content are downloaded. A kiosk user would not have permissions to download and so their setup of the Mixed Reality Portal would fail.
+
+After the admin has completed setup, the kiosk account can sign in and repeat the setup. The admin user may want to complete the kiosk user setup before providing the PC to employees or customers.
+
+There is a difference between the mixed reality experiences for a kiosk user and other users. Typically, when a user connects a mixed reality device, they begin in the [Mixed Reality home](https://developer.microsoft.com/windows/mixed-reality/navigating_the_windows_mixed_reality_home). The Mixed Reality home is a shell that runs in "silent" mode when the PC is configured as a kiosk. When a kiosk user connects a mixed reality device, they will see only a blank display in the device, and will not have access to the features and functionality available in the home. To run a mixed reality app, the kiosk user must launch the app from the PC Start screen.
 
 
 ## Policies set by multi-app kiosk configuration

From b2e8ce08843fad85db358d43a3747994d3d702bd Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Wed, 16 Aug 2017 12:36:19 -0700
Subject: [PATCH 31/37] fix format

---
 .../configuration/lock-down-windows-10-to-specific-apps.md  | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index c9c2485ef7..522492d226 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -520,9 +520,9 @@ With the advent of [mixed-reality devices (video link)](https://www.youtube.com/
 
 To create a multi-app kiosk that can run mixed reality apps, you must include the following apps in the [AllowedApps list](#allowedapps):
 
-- <App AppUserModelId="MixedRealityLearning_cw5n1h2txyewy!MixedRealityLearning" />  
-- <App AppUserModelId="HoloShell_cw5n1h2txyewy!HoloShell" />  
-- <App AppUserModelId="Microsoft.Windows.HolographicFirstRun_cw5n1h2txyewy!App" /> 
+- `<App AppUserModelId="MixedRealityLearning_cw5n1h2txyewy!MixedRealityLearning" />`  
+- `<App AppUserModelId="HoloShell_cw5n1h2txyewy!HoloShell" />`  
+- `<App AppUserModelId="Microsoft.Windows.HolographicFirstRun_cw5n1h2txyewy!App" />` 
 
 These are in addition to any mixed reality apps that you allow.
 

From 1bd8cd5d0dd63c39a1547f9fe45aa596386b5d03 Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Wed, 16 Aug 2017 12:49:43 -0700
Subject: [PATCH 32/37] test

---
 windows/configuration/lock-down-windows-10-to-specific-apps.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index 522492d226..d306a1794f 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -520,7 +520,7 @@ With the advent of [mixed-reality devices (video link)](https://www.youtube.com/
 
 To create a multi-app kiosk that can run mixed reality apps, you must include the following apps in the [AllowedApps list](#allowedapps):
 
-- `<App AppUserModelId="MixedRealityLearning_cw5n1h2txyewy!MixedRealityLearning" />`  
+- `<App AppUserModelId="MixedRealityLearning_cw5n1h2txyewy!MixedRealityLearning" />`  test
 - `<App AppUserModelId="HoloShell_cw5n1h2txyewy!HoloShell" />`  
 - `<App AppUserModelId="Microsoft.Windows.HolographicFirstRun_cw5n1h2txyewy!App" />` 
 

From cc4b1ebc7ed0b9c7179b0c1a9d3a7178510aab2d Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Wed, 16 Aug 2017 12:51:34 -0700
Subject: [PATCH 33/37] remove test

---
 windows/configuration/lock-down-windows-10-to-specific-apps.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index d306a1794f..522492d226 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -520,7 +520,7 @@ With the advent of [mixed-reality devices (video link)](https://www.youtube.com/
 
 To create a multi-app kiosk that can run mixed reality apps, you must include the following apps in the [AllowedApps list](#allowedapps):
 
-- `<App AppUserModelId="MixedRealityLearning_cw5n1h2txyewy!MixedRealityLearning" />`  test
+- `<App AppUserModelId="MixedRealityLearning_cw5n1h2txyewy!MixedRealityLearning" />`  
 - `<App AppUserModelId="HoloShell_cw5n1h2txyewy!HoloShell" />`  
 - `<App AppUserModelId="Microsoft.Windows.HolographicFirstRun_cw5n1h2txyewy!App" />` 
 

From 326bea237934aad4d65430233388c1bad260c5a6 Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Wed, 16 Aug 2017 12:57:17 -0700
Subject: [PATCH 34/37] reformat

---
 .../lock-down-windows-10-to-specific-apps.md              | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index 522492d226..68e5b214ee 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -520,9 +520,11 @@ With the advent of [mixed-reality devices (video link)](https://www.youtube.com/
 
 To create a multi-app kiosk that can run mixed reality apps, you must include the following apps in the [AllowedApps list](#allowedapps):
 
-- `<App AppUserModelId="MixedRealityLearning_cw5n1h2txyewy!MixedRealityLearning" />`  
-- `<App AppUserModelId="HoloShell_cw5n1h2txyewy!HoloShell" />`  
-- `<App AppUserModelId="Microsoft.Windows.HolographicFirstRun_cw5n1h2txyewy!App" />` 
+```xml
+<App AppUserModelId="MixedRealityLearning_cw5n1h2txyewy!MixedRealityLearning" />
+<App AppUserModelId="HoloShell_cw5n1h2txyewy!HoloShell" />
+<App AppUserModelId="Microsoft.Windows.HolographicFirstRun_cw5n1h2txyewy!App" />
+```
 
 These are in addition to any mixed reality apps that you allow.
 

From 1f00f87eeb91469ce0400ee303618ec723ca8361 Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Wed, 16 Aug 2017 13:38:58 -0700
Subject: [PATCH 35/37] fix format

---
 .../configuration/lock-down-windows-10-to-specific-apps.md    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index 68e5b214ee..93da718408 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -513,10 +513,10 @@ In the multi-app mode, the touch keyboard will be automatically triggered when t
 
 
 
-## Considerations for mixed-reality devices
+## Considerations for mixed reality devices
 
 
-With the advent of [mixed-reality devices (video link)](https://www.youtube.com/watch?v=u0jqNioU2Lo), you might want to create a kiosk that can run mixed-reality apps. 
+With the advent of [mixed reality devices (video link)](https://www.youtube.com/watch?v=u0jqNioU2Lo), you might want to create a kiosk that can run mixed reality apps. 
 
 To create a multi-app kiosk that can run mixed reality apps, you must include the following apps in the [AllowedApps list](#allowedapps):
 

From 70c1756f3a73c5f7875db440c695afe4ccc3806c Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Tue, 29 Aug 2017 06:26:17 -0700
Subject: [PATCH 36/37] fixed MR section heading

---
 windows/configuration/lock-down-windows-10-to-specific-apps.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index 93da718408..173cf6862b 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -513,7 +513,7 @@ In the multi-app mode, the touch keyboard will be automatically triggered when t
 
 
 
-## Considerations for mixed reality devices
+## Considerations for Windows Mixed Reality immersive headsets
 
 
 With the advent of [mixed reality devices (video link)](https://www.youtube.com/watch?v=u0jqNioU2Lo), you might want to create a kiosk that can run mixed reality apps. 

From a7581f6be6c09f01f97c41ced21ade0e44449e87 Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Wed, 6 Sep 2017 07:15:33 -0700
Subject: [PATCH 37/37] wmi powershell

---
 windows/configuration/lock-down-windows-10-to-specific-apps.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index 173cf6862b..64859ceeb0 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -375,7 +375,7 @@ Here’s an example to set AssignedAccess configuration:
 
 1. Download the [psexec tool](https://technet.microsoft.com/sysinternals/bb897553.aspx).  
 2. Run `psexec.exe -i -s cmd.exe`.
-3. **WHAT GOES HERE? DOC JUST SAYS "powershell"** 
+3. In the command prompt launched by psexec.exe, enter `powershell.exe` to open PowerShell. 
 4. Execute the following script:
 
 ```ps