From 27472730d85023f8b2ed54150ecb183f97d9509b Mon Sep 17 00:00:00 2001
From: jborsecnik <v-jeffbo@microsoft.com>
Date: Wed, 4 Mar 2020 11:23:19 -0800
Subject: [PATCH 01/30] intial input, Markdown

---
 .../windows-sandbox/images/1-dynamic-host.png | Bin 0 -> 33888 bytes
 .../images/2-dynamic-working.png              | Bin 0 -> 18568 bytes
 .../images/3-memory-sharing.png               | Bin 0 -> 20533 bytes
 .../images/4-integrated-kernal.png            | Bin 0 -> 50049 bytes
 .../images/5-wddm-gpu-virtualization.png      | Bin 0 -> 26778 bytes
 .../images/6-wddm-gpu-virtualization-2.png    | Bin 0 -> 31102 bytes
 .../windows-sandbox-overview.md               | 370 ++++++++++++++++++
 7 files changed, 370 insertions(+)
 create mode 100644 windows/threat-protection/windows-sandbox/images/1-dynamic-host.png
 create mode 100644 windows/threat-protection/windows-sandbox/images/2-dynamic-working.png
 create mode 100644 windows/threat-protection/windows-sandbox/images/3-memory-sharing.png
 create mode 100644 windows/threat-protection/windows-sandbox/images/4-integrated-kernal.png
 create mode 100644 windows/threat-protection/windows-sandbox/images/5-wddm-gpu-virtualization.png
 create mode 100644 windows/threat-protection/windows-sandbox/images/6-wddm-gpu-virtualization-2.png
 create mode 100644 windows/threat-protection/windows-sandbox/windows-sandbox-overview.md

diff --git a/windows/threat-protection/windows-sandbox/images/1-dynamic-host.png b/windows/threat-protection/windows-sandbox/images/1-dynamic-host.png
new file mode 100644
index 0000000000000000000000000000000000000000..ef004facabbf421b931df442f6320777437c7cc8
GIT binary patch
literal 33888
zcmeFZXJ3;~yETlWpmYVLN>r3$p|?<i6hV|Cq9VOYFG8eOr7I8-kroIYQHn@!0qF>Y
z5~M>ABr&uAp(O!wpZLG7y`R0W`vcrBo)^OJ)MRGPV~&|wYaMHheW<6!%)rAyLqo%?
zeNW>N4Gk@hhUUbLGjzb;_;OyM0>4f`A8D!4l%e?Wz{4pARb5pYnhF@>f%R$N`Rt2(
z#!woXOVP)FPQaEnpVQEU?`UhNKK8R%%RCLg^pg~I^PVZg?F+&Wb2vo2O@v26opR`I
z7jXD8bn=?LRlHtj`t=l}s@hBpyRX{UGoHS3NU9QMmLREE-#BSkSszG14ifg(C(@+8
z`J&)^6G2@OY-(q&9RDzQY=?^c*F(%z0jTJ||Am7)4f^*Jz>nOX9ysH_AMR>m&HnlB
zl?Y);N!-60x}uSo2<H6v!<)GN`v2;}?*H%N|BXQ9-rE12q`!ssdSZqUR{5`4d9Gg1
zYs5|5y8G{mHMkhznc3o(pqnNG8IJfiyj`E<hTrN836}h`6#MUq&As)k!mD0iEO0@C
zf{SnYie4w>WqOUDxL%$_AU9tM?wi}SN7#o1e=#cGEfyC0@7`2XiG2w9NfVgg*j&am
zCQ5I`y}fWx*ohf2+|KXn8()pzdvA$Z*0)3To%?qVY8byO2ZtV93oORaj)mILuSgUY
z?C=rowZDu{$gQE|L@UOEEw@(;2mJl7{yT?-8Aq^9q_Ak$`QNCqKr@#>%A)M`;_Z6O
z&#gykL`kjxe%l`S+eiPE)dm-P;2wN7Repu=2LbgBZa>dax<V>ERykMDeM?dQ{q~NZ
zuu5*v)bUH(K{;-!KBfWS2R`P<Ux>5{jOgu3n!9M1(s%m5Uts8+3+jv1*A*Lgm-Dh?
zw~fDbm{d7hLvg5`=VRS9U?}!kG|MH|g^pOH*&jIit7U}$TJ`wqPb146l2u#8S$<6J
z-M2yYL;lGM|6X%3-?DSkiO<$Yi<4%3rrl~@{8F>*YArLV{(*~T;<hoe46Y8|_)d@P
zhv5C%o)zheP1~ABXr04t<I!&A&AZ?BFrk<fW6<<mAVFDi`BPpAFc@T$*V2#so*kYx
z4K|$&2#XNX(r&cM!FSQdRmlv==Wk@(rbfr1Zd!bv5xVKpy(wTl@6F_^|8qp*9o>A;
zIJf$xkGlx!L3fHoN5$G|<zUTV5LRle!P~`>rOmI1TgLfAwcB)!O|i2$u4TVd%(XvN
z;(`k#QvQfE7}`)AwJI?pm`)PMH4>14$g!ZQDyQ9W&_QcgJg<XC^UlXh0e^D*p;<D&
z3S58C{(qu8G(g(y1`)arOflq-w=Iz~A4ScVR}jIw#*G_ojB9}yN>=l}jVMc;w=|eO
zPF&_E7nz7s9Ats)Tb1u*$$4b);(Rf|;{iL%&)cI}2gm#MGZlXB&INk#id%)17x_Ta
zGi_1DcorzqbyAX7!X{#efWc_O_}5l)yA=Du)obv;#jg0ZMVQL&3WL;Kg{_tx#S;}F
z#sT{9*&yZLJLHGc%(HNi?~Lc}pFG&quolRT6|$dQ9-gG9(3=%PcA|8v99io_NcrWB
zzu!Mt%?@YT@|RyJsa%bdLVdMvkD8QgA?Z#BtdzQqoBQtYtmLRiPhE-TTd4l6NNB1w
z_g_jzvSNc^%DZ3L_2j?T8uSH|@kNxHL;<a-U(ulTLZ0=yMHUJXL0#QkZJ{2Gm6<DA
z>RZ!T?E`(<mCsUlYg;ls#*pnSihk4`QS*j<5_*qsy<w&7{${lkx@)|<S@^CU>aIb|
zNQpkg*zL>H^7r}g4L+>D-ylkg$av0e9$c8RV7TvakHJmsbaFs1l1**Yh^GPE{Xu1K
z2D;nEC{`Cs=Uk0%k00)giw3v+isD_Ju!ZgT*Ui6XT(zW<QwG_i(syat`K6skI+#h(
zppZY+zel@lKfK~uEe~FEv7kjAV5moXL2im&mlj#~W_=MEq1klsl~@<@Ff7E*qvfz>
z&@f}L;^M7m^VRzua)G<9ErsSjlbv*|{Hwo&V<w!xlm=z(xfUZWpQG*$KP-G4vtY11
z2*O#ij9-pmvuPh08UWLNRi+*g=Qx6DXMKn~9&|D7RkXT8h=64gL<<m&CRo57!(DM)
zEheNfGhn%RZu?Rf3`C%<HV-}A35mlT?bgn@UP2$NSW>5I+vB*Un(*N8I!~6+!xhWf
zJBAssUI@^9^Vp@u(D_&N0ceUi){|Lrtttsd!^**MuwA55O(NnN!PIHY5mtAH&_WG?
z!JvZ3w_?Z%7WsJ^4+YB~{-@HQ1{@2o(i&fUY?cd2jpvgS9=6i{+|6T0(B=B5zaetF
zFpX2U<o;c_SYB}#W3xU2a+G_MqXzkgxYP+^;*sv5e7nG4YS~HB6co&;KM!C6MPR0i
z1P{_2vNlN>?hU<Kj~p)731#`UjjvS>LP%?=Q0H9QIHFTgCYHEOvTq41T$TnoSjjps
zIa%mcdP53!+d)U-7*;rO0$5AI;^1@yyUO7Z7_vgyU0bPM-oAj4ad~>w)N9(Q6v<F(
zQoZHxj0!y>A{xQCOZS6-=6}S(nwT~Xq!97t9007id*%EG{`Tp~CxdY3+7_>z+2Mt&
z6vVZkhO?xp0-tqS>emZjK2C2f-CW(eDY{o^&D5YqEs+{js+@a6bQ%4Wm||i1a`<kI
z-=<Bd)28H7r>P@?EGT(8#Uh|s&ik$YXPPu7@^EsS_eSXakzxCb#dtX~$<X$18Vmzz
zP?%=oY?Uod_CUijc-;4w#6r{LmO1=9DmpLj?k~co)mfE)4-5~2aeSDrhD*LP!x^=<
zA$Ua;<>S<gIfqdbLui5%c2?*1KCefUH7+Z#Obi;rbXm(HR?Uf=B*j2^Vr2eYIdJ!7
zI7nt69ykR@W0W*qibNm-L@-P6INlcGzh##Jh87<F7E-CWSytD!X#1|wu?)2N0oZwS
zg-a|l10AQf1AE<rNUknK6m-npPRfO%XQ=(z*I8=8cx6i!s)!v6cAfljy~b|yJV<&e
zD{y`DkqHFU7L&X41P(f^1VZEG|9u$rmQ!-zXIH`{(-$q|YbG~n3U)_No!U0aqw=Ih
zs!@Il4eup{cuOzYN}FesGTGE(n6=bpa1}wo`U_;1+CX+Qq5GBR6>;W`K0E%q*6-xw
z_5@%`HhaMSIX5AtMj4R9tR4;(FA0jNR{GF6HSSKi9LhIM|AFeU`)zS`4D9})*Sjg<
zTql9QqvCZ#rswStCKLIm)!z!W$a99B(x0g~o>5|`K1j*Jt{M#8xviAU+Mxvv)KSm~
zDv0T?7iQSps0MAknME&qt;ppx?;s{54CsL{EGr^2nKR~Q_3DW<rZqOPxApqLVqb)R
z-oCJ3CK6n^kR&|q-ssl(apcuVfF$Gh-DwX5RY#}zP87C-U4PsE_<Wi8D*YJBZ_mNr
zr^x?I%Q~n*Fl`K4p`1;lvS1t7di0yyCUnmD<!ymmZ(fZrD91VJfiey!gxY9tcYWGP
z2)0rFb<S$vHfwEo0k+r~SowM1rsWX;xHuyHvZr=D+<lRru{%7|KiEOqpJB`3UER=n
z#OS`SJE|C5WO-5dTNvlL7Cia0pTVQlJ5DcCp^&7LO{)xRMhFhESwlT=!Fw>y^po9<
z?4ghy?cs>bSN_L%E7u(WDSRVc(k_pTQSO6fjL%ZyTZT4A@)xhT%FZn>=tP$~Lv%~Z
zwSx)(U~?S22rxmp>?hCJch`P$8u&>IKL`5nhND}~ir4O>$+wJK1eRul#Uhc$);8RC
zWnECDU6Ikf6i<%#LkIfDcxpK+$^wd#Rs{7u{OM()n&T$(#D}`-^#s69cv8vdsf#NQ
zE*$SycBq0!@B95X|5646_7UvC(h=)an0Drm!bt3tGwLoLpdxQx_t!tZ{~jy``HL@{
z)&2pF7ND&NU@qIa#vNPp9~lWX*6t)jQYCxfDMH7qp$Gn;;944S;V+lT6^sD4><=%l
zR*1?yi#8CO$Y{^1dD{NKQm*M`Ve@2BnkAzDFJ%1ReYO2~QeU-;951VINzZckZ4RlQ
z-CVwYy|hcm)Xa4p;@jX2nj0(k*a5m+`kQ!?xJM$|*rxrzOzG3vP0>`zz}L+x))B$-
zo_4vuKh*MsVBbh@?=NNwjj{e`2n>JB*8NCL5&O?KC=7apJ*;?+>f`*+Z?Qi$Vmh-o
z%#NE3gNC?<i_J~bnQyO*j7J7ez3U6Lm6{9rSzbQFc$w$Mf3_=FVv+d3h~BaZHsI+0
z`gY*nQ&XjV9#f^?Q}4&M_V}&XO=k(?d%eqK>iWf%gyZ!1U$1D5inj32zRmNpdNMa<
zz#ifzyOK6Cw(8(!Q@QBs)u?qyehjt90<d-NWvFQKdpp!y*fDyJNoT_b^(50zyoRJ)
zFWd!F>_+l-dw+M|H<4ZP<fZl-$kwk308|5aOf~+a)8qlt5*TV>?f$@k1VxyTu}X7j
zo!&r=BY|dq8&jX)D<jrDgpD$0#JTBb2n!?gpiThTa{w^B_`@}*MbKXsG8z%(j9R?Z
z(<nGc+1YGPRW8~%rRr1P;1c7eQ%O0-jN?T_`JbInEZ+e~k1E#e#`Rt}C+IK8l*zd=
z4liO}?g|p>sz|kYv#9h9_l`x*s+ERU{zbN!)_&?P9^D<q%==U%=t+L<&f4_2d();S
zFC@sXGoA0YX-!pyZ8urz*O#~D6aSac3_Tq1|6OY7zjPsRrL-2nCyFa+?>W!d{*ZjL
zXI~<4>z56$4R|3cMr>DCOp5s`;hbmwqIJNSvBP9NE^DRlL5k>(H&@{NB@%#*YDXkS
zaHn<DHvo7!iBcrEI>0@nWIX0(nEk0ohr!bTWpEf&-h&UaBR}si(;jC?N4p3xRj>bh
zs*cCg)JNU#RtexQVEf&&Xnx8Gntt7_@D<5*LX842hi2K(qacJni17@lEy&XQ=aUPj
zULA^?0K%(MT(8S}w4eP>mA-#ZEM$`rflv;t$%LZ7yIs5<`&;E9J2wYuRb>aeycCc&
z|F`w7E{E#|g*MH;XlKqE4*|{?H}W=K)~<(bkXB>hC5&IW#FsD!VFhSQ^)a$-i)5S~
z8d2hlS=<@7tleDfrby~!DNQ!`tfde39mDuJf83=|dPCdhoiS5NV1sF`J2KN`v&L<j
zyxAK{LpdfpbEkrjnFcWY2>`DJ@k%?7_P95$)f@z760b6KGsg(j0C<_=Gomdt2@Ba4
z@Q`T*`z(+4W^}a=h8{sZ4A{ON0=TIH0OVxJ&CwJkjm&i7c4Sx3mCoHq*8-U*m%Odj
zI}I5+XlI88{LRGB%a4V1e9RS)J5S6zO_xoKpjp8oUreL6gRXp@@^zz}Ua>`?Jsn_a
zPfJXB@n2UO#7fG+`XHfZ<&Ws;am@h4!;<o|$J?X9p7cv-$f$wVB=GVCLdr2r*q!yY
zqyXU4nL=o3x#ZPz#b?H|+aJ2sygSvG6||*|aR4~iZjs7iFN^Z_LkdoXinsr`$3Zab
zhgeIH!;CQwh~O<kc~Mrt57D~$lXAcKU`?kzmB@ecWIY!&6p8&(YsYzZ$+P3!?jndf
zk%4GWHnMPPTyOYtxaJWGwQU9te$&A$<>2W_2gDkdkB*t=cj<}sdK^D&@q?jW#c9Ti
z`!#jgV}h|0yvU2$I3(|^IHZ_)#UA5s<RLJ$;%dj?HeA{f0J=6`94F!d{EFM|+g{CL
zaQV7gB{!V>!f-5dyPm$fK57+N;G^RFrk_;wxmSjhp}hggK5g8h@g&liv-3y??fFx7
z&TEJ~2ImaOLa&T1kwiI+bd53T#B{hv$(LS|UHhmV!YX(GoIfsQnL+$Cfcz)0J#bt<
zm;kp;0C%yd9K5j9=bs0H+90PWv<e_UJL+C26*n#3&ou#r8IvN0+_#wyp{&i`5(7B?
zfUM_9nThSSt~lDlG+!dX;hVr<I(WKojhIE#giCSWQ@C5If2)$=vsT%;NUo(MeaK|3
zfnRIm`vXQza#`d0)($9SKj-ilYv|WP-3+o<lTq3cA(TpdeJ1<iJV2SMyFvQvrfvEm
zTkL^5KaG_64hNmUG^1tIb>9}^cYOBegPE>;)PTRPl&JOCnHJHsO!A!^qB+K;XWhto
zFSoD<9{PDzW{(?F^L}K7qUY!kELc^YWjj};idLMCXSHx2$AlJVbVC-$2}c$BtK%-N
zE-I+7-b**!V5F$eQ=@Rhk(oMA+feHZxq^d!5x)wy0IE-By!cu2r}0=fylC)kp%owJ
z*u|O~!1BRHK46#r)QkLz#43%X3+kr-rer-Y#)H{dJPAF*9eqk;<;=T(+59I(I}~io
zeyz!pi;tPe1W;<I)XWznG0Q?tvV#gGZLkGME%(<>SuCUShPM0!qjUs1nzx5y^=<KR
zr$+#`?<tPE(?S4Pbt_Kdk682e`|%$jzxh`+llB=)^!9ni6z_3!9PtG%(>Fl=GOV-l
z{hr`y25F;iKSRZ1+WVV1q{-;lcY4tFnm81zQyvd{0nm~I?utWzG&e<01N^cnk|y%}
zuo-f70GyWG!zJS~)=%|3u+>*NeCe^Uv5nTJuwD<*aSFG%kw2I`ay?yB=U6aV3~*Lc
zfQ}dH@_H;w1Z+E6TBP{hkE|<<az{x7bNw2}gmj_merqTm{BD`F7CQRLqWH^-(!EK4
zU14I~#ix=vZMZXwa1e8eNN8WJ-(_vk4)s+Pn_lWxob>gb`W_H8I^r_y0;Nv)&X4Nx
z55DzKw(rjLuTv&F+pfqJHzOQ!f_dHm^FrTrOLq39;mTZdqZk_VcEr5jT^HRnp@+C>
zao=F%Qo)!@UJW(~I3B79!GypI53pk9_nXj&JH>dJq0v<+f?|ezi5#k6tN>=REYl@E
zMRurmJ@>8Xw{rrT`(C;zfg?+4>a<ti?X{5yVmr?h8f#YQj}OpKfydmkMyVexkc$c4
zn?+_#Z35xGh2exJ_U}#DvLd?SprDQKB*+w(V>%2C;){WW%!f_R0c3NFpmF@mCw=^D
zQuieAWuoppK0Kj<ACQv7sDNtZL#0n89;-RH6RdYDy{(k}uWx~WtL#^qq}PpYH>L#L
zZNlLl^lu08y;X}5$2GN}NwQ^m4}&^$^#=S8&~+6bA^?dBQE@C20H>oI<vVMLl_hy3
zCFl~BhVClOZfpjJoUn5I8XK`hYt`^)h(vsyZObzddO`(T`Rm(?EpM7A+4P07K|2Sx
zMB8IuvwPil3sW9t3U|gHvOT_F^kgM`xh)?jpkspHc*o4?88JpjQ3DP+Wvv#cc6;Ay
zie=qT*~#C;8oYhRRISfMSIz8EM$Lc^W&{7k*TPZVp?S$L#L~gs=UcN>d31d0^sEmB
zkE&TjVS3Yu9bdZ-ZQtZD6%br<0(IiSg-z`-DQmx}d}}Q#3EubfY@4jY(#fk3X6<ST
z9IMK~*Wh1_mOU*@00?Kv6;Iy0)k#b;PuLg7VMr+7Eir_+4}OCUon3=H7;ibM4yIBt
z<<EXxsM(@qUsImvTd23UT(AQN>ZL*%Zu0xhpRi0ICTysZ_aB-<k!v;6Q@|b-h@f{K
zsi)HnKfM5Rxtt|mB(D-fTwFRzE)VKF))Ou1+Vb~c-cEn1%DU4ZEMHPEu!S{J7tGrg
z>BVu<X9*J(d15VxyVE3J#nWRgqydjD+I)jW9q7J@Vd1`{CJ!x3kUHFcZQKkR-~DQ{
zKwAL|-{X%$Fc{Ol$vdl5Jthq*5&`S}$U`XVj<--|2@Ot#y<ovC)u}Kd5?`1Rl=b?B
z^8j~i!uPom+R@HHZa;+74aJ9_?idC+@4Q-k_>ksz&L3a>zE>=l6rMHutZkL@qBk$R
zjkiJdzI*s+3s5<}J`()M!+77f=kl=tgcJ>V)~ZtXSw}AboFSp-uyvKsdc>1<<=d|?
zZ@m0u7qX;}U#_{IwZMC2jPyuwp||VwIm`ZTX>73!#^&wqEg3ibp#YTgYrL)9ID060
zX5j$+RTM>g1`#jx0PY|win_vU<jux!hk|0^JkD9+>?nmc%DYN_Ylh;1b(Q+?YS8Zc
z+3leVy8#G?14z8dgbOoN5ANR6UA4tScx9+au5$R+PnLHlLn@Jkh??E0Y5i$Ym8o9j
zx1FaxzeS?!R8`hqFS>5LOd~Q|qw+%82f1{AJj}s;8fu6U>jxj^(byWzR)n9aywVR|
z@sDjLVKXek`BqLQBwJt)(Bto9a1pTW%l8N%S4SwsW$acUX(`1G5U-JNNVJ-hK;JnP
z?7<hyL+3eoB~oyl4gcks5R6`8{t536jCl=Zx>Y?fDu}+y>E~<fM-S+9eWUiaxxWA{
z)khs<4<BolmSRQU?-aOwB7ApkIxuMi&=y7pWZ$Sxi8uY`_0t*|&E$Epb$i$=z0O~2
z!~?EIqjXufuQ-u)y^#PJbf6)4GMxN0^V~{-+^@w>1~!B;7c<(2_`b%Ai_9FiG+b23
zt<YH}O|1tS>lfIJa(wr??DJBgA$+6or24#YNWRoH>5SIY4wXpInKa~tiaQ6D&)qTA
zGDJMF;$*sb2aLg{WjkI_Jt{UKJs@U{$>dJq&1`>#UzIPI6S*TM5H4>{us%zHh<ZZH
z@cSbwpI-W<dk=lS>^v2QWCzZ_Yv+xE)Wzo^&?7wMqcST$-@4e|jTjwA1-{J}Ooazx
z!iR5k+#`x2;sQHrE(h!WJon2Ebu)vA7K04Cd=89r$J6l|##Dp^2Jx<Bac!`)Tkg8`
zx72>}eGW}1)^C%%o{%7r-k9j1@Dgj9>^z2EkWbwgnyc$`8L(VAtl~Tsv|EX&FdS4F
zqx*sl3Qr|+z53vmPrGSzB5U?f*U3b^)0<6pE+}KVep%gt_JaZ#t7iyr8=Re!^8Uzc
z?nECRD%kv{if4h#7|K6>(Mg+6E|8gb3JzUg<=kVsXNY&cumSm%$*wUWjvKvphc9Ji
zNr9oDn2pj0R2DU6haV1rA1AX8mg$Qb)iRItHI09pMsozPmNRykqZd0XQVU@j1L%C>
z4VSlHAYTmzz=!N3)jvEd|D=RT<iwtMx0(C$TAbI6UH{c!kcjdLh=smpydcZ!gM-!X
zJIc~a^P1gArV4$Lv$}#@!SCL4N=Dng6KLm9UrF-M-%T&%{J>!Su{XaW%br&{UVc7|
z_D1ps4JC>6R+TM=llB2S^L=}H(e5H{6*}$({({hFkwEr4$_^?(qVH%Xy}Dq-p_cBr
zWlT$c4u8>hmK5^goRF^5V&&OYN}uJ?2*I{N{KO~iTonfHP2rqe>9>@3vaDu`-9^O=
z;c5@BUI@SUI9WoMef&1mViHbWX|gTFbnNbq1(utP?^#xsfts>di5h*4&GwXESSm4O
zSpc_JVu#}HDW&G`jvcmt^uZPYRAg^rpmy!3(tO4aZI>xNv-l7moiXT?>Gs%WpI!(5
zCm00=r4iw>b^~BMKmG#VNa^NiE_yT$ml0wv?O)W(g*WB+p<09GyC<Y=`Nv2zfOgWs
zLp>duJ(^i)J1oso*1T&%z}!ueC&wjT93G8Fx^w8!S))WQu*!>#@TT|C;?;L~WUIhM
zBK+ZF9j)?rN@?&QO!!izSR#v;o59x~5^eCJjA|nFdTE^fR%97KssXVm>zIdUwl_xk
zg8KT4h)cJ$_~A}|64=R$o?rC?()JgEe<;)}R!^wZ6zna{UZhApPx~6PRsuVGre%hg
zpAZV1i@1{YvMyB(F4X}!N8jCJ;oHH9W4|GL7tkaxp>^qErY^fP=n9F`!IVE9aIs%C
z`|`9jC^&AlTaNIokN_IMI>~wtsnU}gOg)-^wr{|4G^2Icxh*6+g2od<E=0UljSbsj
zdR#RiJM9;Gc0nLdQ=Y8wRi!&Wjb1ZjhpCW_E$a}SrrdTu!DC-yFwE~*@FyY!=I8E^
z>Ca)6$Z+;30*gD6gw48=fA;KYHYTRKGuyXgk6@e@sVgZu_6m|EtNPgB?n}PgYi2??
zb$Q9m6MHEJ9QB&%X+z!Ng#)YIkm0IGeX*}%RKqxW?&s_Dw0H7d_Pz)l6-na2i-!|m
z>M^~M;|M3iwM&#2#+JOzxh=s}O^E3B7`c#T1y*&mk8>B^mmk|iiT0=~UMC-|_-ve`
z50Iz((6~BAoft0SU#^~~KP1w?ZZZYH)%$Jl#72{h0+jHc0O_f^((nJ$@K=3@AMqeU
zBJW`wMfW?X@S_7m<v>FV^^o8XebC3*Cf+7I6dLz3nGm2EaAGp$0UQ%0iA(iD-KH}+
zF~TvzI3mX&CQ;0Bl`TP9pcU@%tyhp#l@el~pOJ4c%n-eOC6L*(T=oOFh{TKQ+N4dN
z4hHt2o!7<;ivF;NLwDroE}bZi9SKHh6Km%JTtc-pez`WSqBRQt$)JQNGpOi&M1VD_
zxVhkB6l@SZlg`A9O@%Du&$E(?Dp{mhM<Iz$SHn33Icc@A$vl>qMV-5gf5sS$zA|Bp
z!gi0+kN#!@A-H37uBJV6jxyFC@NR9T<C@$S4qw%eis#|Zu1W6~J57i0S46PAF<@Hc
zf031#c+(DrhkXZIZO}STK8yZ?Irmj%#l}uuG9pvax9sKN9lG>%g5yHS_OMnXNx$8f
zh1B8+3VS3dnPX;{E}x<W3LZ^ie6EA;@a_YsB}rWjvmX9E7)P0&CLDb$U-O-}s3DvP
zobsSH!C=3S)?a7&>_O$o%E+~fFK!##D3?^Cb)`6|o@c*OOr;a@Y@{2a)2~d2KrWVq
zR`lh~(PvW3{#aBdU<s1A<mxK};KB1UH5><b8!nuNahxp7cw&3e7<AiB9LMp);BvQw
z1YDTz#VfVJ*(h0D)zgKh{n7iaMW)YE^n|nt5+$h%_tf`yMVy36L;h5DL8^GpET%W7
zd<Q<e{e2NgAZD)SOz-?igUfBynAfxnphfDPoHI_>BQrQ;gGharyK661UVr}Adglie
z%paqS&;)QtoT1^lLrPi0@{Pf3);C`5NJqwbte%kRu{>DdBp!D6T6x{lQIy#<c+1;;
zB3-~HD>jA43w1MFFxs{-!y!pEPeifWIMJyq`~7e}8;t;H<C3bR({Sx}tWeg*zDbQM
zz7K9nHX9+@-4L)%lfl91tK~*(I;|M(j^yPQgpyc?=`#g!_{Bo05<5|eH9O%@$~1;-
zb!J!}VZba<iIPzpJz(dLNiq>TQjtE)Z=^|c>pv}HFYN(~bIOVHVjCBQ9u<Qzu0&lo
z3c=Nda&Tl+gQFg{g;Zk(gN_DH=t8jvlW=g$&hVEpaa^hc-FwANxWF2t<;+Z33*k}V
z=bh#w?ixXlxkZ^RpuiS;xR*dw=Ij0lF0Vh{M6a{TEF5R_QV3Dm^Nc{Ba9#=Qq)L`&
zzbKw}*7RQZ2;$`1MSDcEd<*k)l>a)o+%bx!YTf#B-(?*kyabLLFM(&p^U|emOPb$1
zhfTJ1D7RM6fYK3u^IXk5byQTsm~;tuS564hd_Me7(EhJzi@H7;b}>Sk<F3W5%&~y2
zF>5#pxBMuFD<~0P29#KRg8_fLGsW74B3A_Eop0vKUe)yUn64>xNOwHq7Vl8u&hOzk
z;W@(hp>P8KJ=U=;=G-h$UY!{dSjeNhaR$ndS)e7qcz>duORMxO_pP$C?G`<7EzBdb
z*m)3+CDC}1Z*fY1_z~4}K@!L1K#nb<_sY9VvuSwmgeQT^``wOR2Q7s2PK&2=bMKw*
z9dz4e=TQmPl6GmU8YcyP!+`WJQO4QcG`dE`BpcpME2WsEU=by42fZ(9SfwIY1Q7r=
zC@uS<7XMmSi&}RO@>iGN?*smy>Ck?GUn~kr<N24u^>h!gmJ_!m4l_s&Q_n)zlsWt0
z<<ZMiaN8duLBH$6h52lo7>-y|ty|%?{n{8|v%HI$CT5>d9PYQEdSrS&v4wn)0-dah
zk~QkAR=Or1(;0?U_U`^H6;~Z7KkZtlj5rGo-aKym4Y=s$395P<njzMf9ogUl2+V3R
z4MJ`x&fVr2S3UH7x>`G#owK~ul79dC%HaY327T*0T_2cGw`*q>`m81K;d<D_uXev3
zM-q$^RAHZV3!SV-y=bflAr#larmiqA>F@a;;Y<>m+){({_CRUu$7NF}3*TENE*$@6
z;`giVwX#suLuv;n=I7$f2zSkD&@H3qC~mXjci^ITCl`>3lXk(W&<5s*F{*19_R?L1
zh}!n)gaNHr+JFLc2$+GADEGS%qO_i~t(OC~Sv%{{kzrHf{mRvZ15ll%=Oz3~-+5|i
z8u17Ap#Op179j;K#>XD-?2M}S4LzV7)%-N7tqRPT`z=r=WfIsIGHCqe)j&|%t3`QH
z>qU#AqK@{84Bx?OvQ=1vDq4YZW^;0bS=-wU#jW#Rt$ZJ@l}ZGvrzk3G;zf;0ABKM6
zQ9It#al_7n{dT*PZ;8{-u<-qb)Kn*?ms4=VI;~&NIjl6N1|d%hK)h&pk*VzoM8S8s
zVb9rA=*T^CP7<<GKPVw8_;Ul@Kgz@w_FxM$36v$$2SUamY1{W~hCsKSCO>q$9-y@*
z@@rTrJH0@WiMJD;bS1|_PG;PImiOKFgQ;;Omb>NLg#jsn_WQTNg2~@|KNVz)$Y`M5
zo#TqnqSB$x9<gGYoDSKtlKS}X)8dJ6)^NmWF8#L6D@S23M*rB_<QWI1LK6~YaMHnX
zCw~1w-*bBwRHb4?-H&^uz|KkB%p`J^X7=;b!9zYvG$=$I&(&v1oZYIi9%~4_w2*EF
z)P#QM)P<NY52G^2XzfaR=Z&;v4b$%e`CkHt=@(n~)N{s=e8q7Wf>9p9tA@~{cEp+u
z2D8-Y-az6fG4EMot=;{9-v>QTsN>d25D{o9(sI#9(Dwmi;ErGPAl|-|PP%e1WW5ry
zOrgBR)VwlOcuEqfiOQZzhnl434}ed*rA}6Xg-XxlJxc}`J&aeAbsl(?I5f#mtD~l%
zdv@VqY#c7df9CWD)hkdv1#L2Y2dAe^A-C1-e(<bS-BY@QYnNiai%9gfhD46QfJRZT
zc-FIlq-;@ISx~+(-s)>DVs#eE9}M8d2nmN4u8ykD|6V-(q>UBU8de@ELf0_>9(*vG
z7+Z1M`;s-mtT9Cwzft$M#P`jhADqT2d3V(8-P!AT+MovzO?{}3r1GY=xa1c*XEtoo
ziLp;Roe^5`KB*5S!&4_pz(N+zDO?7exhg_}A9XH7(j1o}${(<v;gp%3Oo!5`<f(Xf
zXwflBsDTj{jDHaEo@=v>wPMiOQRj0)X^IS2#b>z44@B!b+BE=)jC(?}W&Mwbz9!5>
z7SjIo6Bh2qwin4HzfwOQmSdk5a%e_7u-ltmneb{qS4?<7-?)2cWc0)LL@sW`cfwV}
zv#AVi!=p)%)Q;#)$I(v)NPYV!Y3Mt^{EFjXO<vI$!}LU=?$)QXd*T+*IrMq}mX0-i
zvrEG;14&$0oT~MmnWK+rA4RJiu1veSSsqRqHDUbGEUc5nOi)DzsG%)Ep2W5yx%{)K
zH(}rQ$323WcW{3eVf)_EvuOT3PLBmWzD$f;Mb|w7^Ibqb8lJkwB-;ghs+iBbd7!oC
z!tp6_ohC1*5|UnRC?3oGe7-JBRpe~Dk?8ByN+VOK-jpg2*E_)%It;8Q$*oC8CpPcG
zgQgOt0Tu8NH<|MKboO(W)8Y9=)*;%UZ{vW1q<2NU^z}))*NaNI)h9I?Qe|-Y;Z0xY
zn7HQq0Kxf%4$s*G%Rjy-N{s4y_Cp@wW5=KOpwJhn)84A8o7<y|Xt(>_LhR}kjb0Z?
zw4VNC?%8_P0>);d2Hp^dg@ahQ-ya*Tq?AW54+ka1F=JMqKg|AgB|(RS65;=r=PcQj
z*7L4?)X^Wi<pp-jR;0AdwV+hJHsV<cXAD?SMtC&UcC3BkByFAb8;Ri)l=s~E9zIM@
zIk|7e-4;}_%J)id&}z}huE`W16~3!_%CmFt6?&YHm77~`LEGW6M4xo84yT4yS8;QW
z_{pp4`dw*pj-whU1~g-nn8eeJ8LkV@Tvopnj4C!R(tNw3wrx=KF@ZApX>C&_$K_<{
ziJp?mc&bpO5C^iu%Fnp+{q+Us4Xl#HT<Ru(CsqcAx$6c7NU1-t@WS=I7QZhT7f7+D
zA#`kwlwmocA6nfw4&Tch8jIg!_n3L!GDl6RSu#SdQbFVlb~(&FUnr!)i`j4R_p>0-
z;baZ#1fW6+)(#eCT%!xUNg26VUvai(a-DZ~{z0vO4$WzX3J-Myw|?;LP`{@m;SIyj
z>7f^$&IS+oi%wU&;Q9=pdf%@OK2<Urg`;0bos_f+jkA*$fsHBSw@>}u5t1z437&d6
z`#q+c#;0{>DD#XTaxryO)9@=7UI;JXv;kB@@O`b#R|c+TzI}Q(QS($afaTPgvd-pz
z&)@SLe3kxUWZ6~j1cSTC#u6jnohw4636AUh4>un0Josf__2P$x`a#R{zeWg=ZHTbY
zk3%w#q_;DQ^h*P4x4-er!cdi&4VxGeEpcC7Log;-jV)MWQL#Sa?bo=AdTU+{yWF2*
zb3WdX1T0%6MT7pS9uNmj_P(&V+c>TPEUj}?F*A(#W--Yc#p79ad)o4x_>>)8o;~*n
zckQ-};io$){xLhN-QbSulbcD}A%y0=t-d>58MXxkF*Y$ACr(HA;%R}7*k6Kq_q&w)
zD!TbsxN+Mwfp;*$k~O30Xr3z!^a~1~1<IOpGN5Ig>a+fKjDd9|YROJE&aL$WODy-n
zHiV6iIOEg9=+m7vZn6R#rJyn8-Kk8A75-lmiK{9$dcJ}9((YB1L)o4nar??%pkl~C
zV80i_PFZFVR^zyO_>&NLbg_{#$-6pdFV`rqSLAE4SxA^X<bCaIi*l-OBXUK?a7i~H
z-wAd=TZvlnE&;7NRv<_cSELtTw1X@%i_IP;s>Bq)T_`>h4`{{kZH4qD+Cj)^2K=Cu
zmvX*XEApHW{x&`&zdIjhX2|rlxBBYbxqO@imnnJwxC*p>-N|`IF8jiHeDDnPa%qv`
zqnYuEl&U1E{^%#eu-5vn#)!qMNKd`Gear5nSAXR~<xSD-NxAAj&x`cE2p`o5N(SW7
zVleAx%H}(XSRFIF7ndbvq%rx}7$(!4HPsTB6B|XNQ23shR;qLb+yarM4{B*RJex95
z2W`f?=p|VskkqU{PnCcEItjg(5tJ>WB9qVMiA;;*&i083Ay?^TkKJOpEx)&V)ato_
zv>Oz75a9wy)l2=Jro8gWA+v~d%yzR?mfNUVQAR-}>;32=!6u5<?ZZH9ghOCU?AolA
zW@>8GGgPL!5buXo^?@M0`sZVEqk?OW<^$l4%9O$(sKJxe>NVcMhxyl4b8JgsVETpo
z-6`f#YSyn`Dx8hnjjWCg-;u$+vltALHG8sRrEU>^9EdYlKIfraPy*p<SQwLyNn%>B
zy^W2s44O+*(=yt1KSt`K?ftsd0FGa2U6KsnD5?r(KrA{ga45LzoK1oFl(444mR>65
ztb%EXcxa4U1!SF5gAWhA2a47am_6a>ejg1~+%dD1&Jouv!8)$p7$FXd7W`Hvr0t0o
zJi{5KBGU&sV|JI>j|_RtAVo%t#{>tpJWfp=k<Qw1h1qXSzL*SFg6#HwZk6D9?`#Oo
z3PFX53_ehbX0u+X?<vzK@D7^ZqV1b}A;IbzzEcW@?bFs&@ZlKo;`l{Qh1ykQ$xRN?
z0W#ol)|$bu^v^**E%SXQtCXz#r6|Cy1O?gq1EhxY+&t+nQZ|aZGRB<ec|UF|cScCb
zUzk0^757FkeYpQa+@GihYGUz|f%?Y`CWv$*Sp$w~7=w=s0YkDlc6b1R)bJjC0A-of
z`KaSR%eI&7<h>{F29fQcs{Ie|huR0lodzr)t(LuDoLTUoU-Au4%QVeOopnVUNHA4y
zlzQhsK3;=0`ylr}d^2phGslL;|LH0LTK*4%j#`WtU{U{H)|E2`>;K^zIdkR5rT?%7
zUD2rjPe(<Bu<x;H_Z>LpzP2Q;^Is15rT;Yd{J%O#C+OUM{M%C8#7FnAYsHYy-KigC
ztsWIMfi2%37yeWR(`8(+EsF&YQW{Q_l`kC319k*YC?xdg;665pw6%14?~A@klV1g5
zrB?{i6a_{ArpiIisd9)@@B8Z^S%AXyw<2-o$`~+}9FgL<HTou-y&B|5{9tQu=JjHW
z&(w|tSsQyX%D6c_)&(Wjw4vrQ`K^GO@F4QIA`u@t3iklK!WT^MM*~jT#`j>1b@Zi~
z{g3DOFrh8~EZTpX{`mzu;5ZF<Hbn!;el8<BPXj+w)^;DuX@3rN9@&v~nWDHWE)*)e
zk$x1^yzG5M*=wP?;o#7OWA`=SQ+ZyVJSXmKU0&n3Zi9T0>dlTDuW>U4yx+vtfB7o>
z40i$9vY(MFT@Lpwa?c!8?YMcrlf*fPgyb@+66TuSj@{va>u~_hIsq8TOSO{(cgZW|
zoHHK5Kd&ZQs=s9>s@yp)oO=`IW{>?LRF$xQ-r(eMwml7f{{;+^sA*9iA=?L*43zHr
zO;2Ad=3nt?B<#4j{&Y?kF8|ieAK0&_yz{sbaCOgYyPuJ9ewk(N7b2jDk9)BCK}u|w
zq<Oln6!r<PvQ~v&&57pUvR}Q!zNu#IlE?TS3OQV5T$@0PR=yRzhf=98RQomdB%Vj+
z+cBs<He#$yRewRKd|fN4L~UI>F&R8&8NWKC$vLs<U}g=(%Kg>aics0Fg|}igc`%5A
ziiPU7`rivm$F8m`bnb0`ZkZ!HKHf6DroChGmi@MA#b{__439q9eGriG!ku>E^))t=
zCs$@dn|8RAhM(RtpI>2!GzWPi;l4_t+l!(cWwIt!FOc#4Drl1(J_jj>fnCAv$hOk*
zx~P{@K4ec$1|!}9eUyJ!33#l4s=>SYouj1?%)3Eln`OvGvf2m%cdcULqXCy2&yNob
z2C1(={k7+8IiKG8$?Q!!xNYn{=F-8J(R_Jatx$CSU`2sB4dNT=%_slG#;H9|`r+{<
zETDD@nDBL+?7m*tCU-n7{gF0_6mXcHXT_40fWelQW)G34oV~AdN!VxYaHmPtczZGf
zu1sDv?f#m89ig$k*~ziMjv~6u@3$BuEkUX}fA50*Ey!kly&(}kBqkA|4(U&WGTDf5
z%cD4j%^W9P-VBzP2)`7LT<J--7d%jz3vqaQG&OON`0zdzbbL!})bgJO*sy#8@_!D&
z5YWo~6LO^&G`+X_ua9|eFqt+<?>(ohNq!R>Pt-w3MKWKa)2WO_Loqj^pL~JH;0wIm
zfK55#Q_Ej1O8H8hU-`Mp66z;7SgabLhBCpIl%of?Ny)K^k&o&>%Ig<ew|46q+hx+}
z)xIJOR-6?{LRA+~^$Wb>|2AX!uV!@Swb(hQ!uGI!1GhfBpM*-8dLj+&Z|@vUF{b?1
zG!m0Rr$aC=8R^I)wd+zp=XjLbyYx-XDr8C2>%Y!&Qj({37>+N))%~lv{+VwVzLerN
zjAi|?k1Sa#O&L05G<3n$INC?0G}#|?ZsK@weWY%ghx0>jJxnXIFQaN%xD=l!meaSP
z2Q8}c$76fO`A?|AUcKcpiNjD9IroF6ekY%VyTA!=lE19&WF@(g;m?s~Z|E*91f^-d
zrF+)&vH<Y-W61I8ZlwYGo8K2ls#nd*ozcfLXTbiqIsS89WjC=wZAI9o4`*n3#@ps!
ztWk6;mu}vGO<BCrlnGvUN<zLQ-N=x)jcwlBJh`IuqCpwsuNKmA7<Q3u)#x6Z;qg35
z>-=kQU`F-6n6=GP=vcn4nFt$>XI#pD>#EDN@8|J+byu+h7lsjBe^AYa-R{AXtnIoa
zNN)b;dQyo~^ycnxe&hwy@d){mH{QqZ>-g-S;9b?>jw&Z+<4M?gr^ToDU!bfl8d)=)
zE|K;7EVX=0obv}k&%5cetzIMXM9$K$M|t+sNu}KYTlJDze*3X(oAT(>6OE3PrzL++
zZ_?j8UpsM*qO*mAk29nN_Ik@6@o<RV%lMH>khtYA#4XO;1}|*?aCOpUz=E;QjJTEj
z#qIY5$$bRjqB6&L3w!I?Iwsum0~g8B>7C#u2jQ{f>yEiWf91J=Q&BgWcm{GYU${6}
zM!HHK3)@}8>r)@4#F7NpozzX7$BkmPWuiaZOsy7-Ew71;HLY}LBsJZn9awOZ_+B-H
zG+0a+*);Oy`@1$m|20GQH=RF7xTi|r<E?mf6{Q%w9)6zvKC?nzCM}(EP0E5yS^T#0
zy_?KbD1+_XADKy$ml<}q19dk|c40-LyM$uf-`sv>Y%?m{KF0&CI`&b=1kgp@a89yZ
zk(kU-Ru|zd+pgDQKh%~=@r&Q=j@@MXQF^iY#*JCnhhn{U$wRavOX_+!-kV!`mJIt*
zU3dqiXXaR$gwf2QXavpliLXV(zKCr58-~B0W({RpA_v{>tS8ZJ;*Y;SI$hSdKy!+(
zYv-ZBf#zVZtWtefojuvUsQsfN-erluuGr$qL<uaTVWNRK)5(K5>zASCP7$SjsG|eT
za{|pD2{xYjDzs^@8~9E+>ln+*ivBg*>3>%`5uBJJ+9%`Cbtm~-?0rNaQ&9KbU|@Xe
zQWO;1H1lWMEHHH^%ARL2Agv)s^K`$0RR@Vb1d&+jW@R%H$b!J{ee=DFJ=YcNejzH8
zOW-K^LYK1J6z^2?ajLxedwp?KUHq<fT$i5l?>u<QTkHFX(6}j<AVzq|pI}U;c?A}Y
z{F4)P&rA+oWejV}kdDX+TbzY)PQ*wMS2HDuvvAunr;8XTD?O$kd*34>`Hh}L7{Ej#
zuj8TTfG#?s{@$ZpzGBS2{dgKi%*&`O<Lfstqb(G3?k)cHyu*u5!?aFb?wJ`mKqZr$
zulgRzDeN)9{^YdGs&p(!**`H}TO-sv{k!d`>0a7$_@K;+{G6^*Ve{u#xXVYDIr6Yo
z|L50_kB;SkX8r!us1CfMgTkd=a+AJ23HkA*?#A!52M17>AbO>H(Yk|gWeD-(FO5EZ
z4%Dz7Eb;Gi`%zLLN~YTO<GT}_iozli7c;!m=d0HVFw1#!wy|XSqH2-0<E@Sv@ahBG
zaFLyE--@!}bW`Nbtv<YyNK!M(YIr0Wa(Rvz3+77$>R6D-UG`*x)=ZJBo9`2=DN@I5
z)7_h{A(4W5mJ0&i-Exx>>tZjn=Bd2>N?rVm>)kmIvlrxLuA?dx?#dtMuh~CuqBE5`
zB+adU$|?MbXw>y!WxPw<EtY`L1i7^$%Ydov0^pkHxkzoy7q!nU>xxuH9lw}Y3?vrC
z@S)~8=r`rrbz6_kjV)95wd2i)`e||(H9@ja*Eb|}J}{bmZwKl)n&Sw)-5sfhGr6Z4
zU;%7L!WaJ8;gV!|>IoM5ME^Kl*PC)uZ98`5PLpq*xF4naaCxBZ#i}D8cm<DKN%u%u
zIsEisWbekh_0tvF@Uh{R;CTwP$zQ2@l|$5eigfY>#-nKH`Diy|ld<w5^Fx}*{SeCQ
z&YKXK4Vf@v91lh9#!Fp^3qY0}`>lcf8rGYB#+iS5H*<L)=GCC(=_MQKk(BQ;k>c~>
zPT2Eu_*5n55!_Sho#->1dsho>4)0;Qy?;(+*DKMYH#2v~19Wx?vxby}XYLp=IWOv0
z7?#Az$Q6D0b_hKhcdPR5gQrtlZ@!;*c_Y_ct{GWYAUJ;Q_<a6H@5V)lv`V)EqidcN
zua19r#AgiV0XDJ%7XybuOLsA!w0VqH_wUX_nqBQsUbqu@E`xk;H!H7%6p!)p-e}Ac
z53YbIwzh_G+<)HL>b>oc<0S}mqiR{-V@`xm703jP<X+3VZXuu#C8v*d(8E<IkBbhx
zJxhyM5)Og0DkdGc6%fI8{f^y+#K|xx|H9dBi@-BnX<l-)_>~8o_r(3U1xtYwV$Aoq
ztK72FH_R!qaf;!Md@9V{K8dP3wwjxMgeV*^UZ!iJega!OOhRuTC}Cc9&)6<dniZ#A
zmZL+Y2VH)ru^c+O7d&TD#=I%oa9C0p>nZwmKw7)dP}6jy#z=Cn_d~GyxfEbHTYuTm
z{fM4yEkmDlvgAFJQLaj5Q&Y2q{Bkk35hsH?%r`Vk+QXax+*rh4cg~q+uV_@88v0p^
zfTu1^UFMU)y`=Y7k-%^)Z2Jod=_uNm!>pxB$2W|}gwh-`qp!Grx*8Oq+_#<4J*tnW
z9JTK^f9j+ZF?F6UB>02eVa}-X^B=*z3^q4_yN8Q^&$H`l3Pirb4?IZO;6jtekb2dH
z*RFKUGm^7rn&fnG@e|`puG>nWn39!w?y(%IG%rw)&{D|`%i|+FP``2*YMSxNVY;DB
zh_M)q^9|n=eT?R}QEri82q(w&a|dgd6J%f7e-;cK;0f;7Tg<am4#y3rge=5e4{=SO
zmr^+D%Kt%mc6H(4rbr0r!ouF8znDN+@Nd?t<x3@54;7!w*Y;=(F)YP=n#?K|JC!#6
zlCFwRGH-H4JL6^RpC%RSSG+<D5>rB&ndt+U<IL@5a`@KY?r&3jq&W(2yDY1@nu207
zF#O>&o56k|wm~)t82;H?Bf<0PCBBQ)UuL`#0Tz+<h&B66fDEa7(IFpNQkF*r&&?{u
zM1Q>2@z&8v%H3J7A1xE57IXK35ji`cO35jv!^5Vz!{f#d<;UMx%KY^S+>d+N#j1Wz
z+-oOL+a3|;9~Uy4JAG|%zKA(6AXGS|$<~Y=-6K!m_py8nOO<vhta(2eU>)+Uqq+A+
zP3+dSLlwQ7mVT8N-OlX0ng!AG=jr53myr5`&0<&Y?fi5p=JjBpxyL%kix5tG6xQvF
zJ7<51s23X4<@`rd*obZD+xUlr7?S^WC+!durh>s7hQzsQ0AMy=-!5~kA5t`ExEw*b
zV}0qg@QkTO!^0H2P<>u?PqQl;PXDCAeFcG!sJLNFa-5K^ZE>eS9?GFO-G|T8>1&nO
zK+ki+gE1wEFupx(W(9FJu4&?VuEXyyE^2(9kv5r*6ZxTx#&=7dliMbQ(DA2RJRsoc
zpgBfbuWD?W9Yn{a*lE3OY0kuY=EGgtfUT>9t6}>Iklg9-#{>d8=R^~EuKwg%6Liyv
z+asCuXE`#p2AA(BalBxYE4{pLLxa1cD&nLgA-ru`qE`W9%MJNwN$V&;pP19VjoV+n
z#y$-IqFsA}NKI94*QXgNhe=9Ov!1g^y`0^r;>^Gb;wcXk9jN74k*VM*eBD)~Ym?ez
zEwZnn(Rr7IW>urhSu4W%R;~9&!n`lwg--KSb)`w$#_|%cfKWRXwD(jTBZoX&Uk28%
zXaqvE4UaeL@|T&v5v>{nH#-i#%tA{u{`?TP=~v<fyCZ8i(qug9LEVG3VIQyOzPn!L
z7JP)8#OOSE^A#w;{$2e)!d}wd_;O3yAvkZ`u3RMiQ!{W+)-1;5%Q~_nI9o*&qhC~@
zI`~UUIj_lTlfi=}gZ~mFCVj|tCNklQhWY!WH5rYcoC`r$-C~}ePkwCuNn#?1<%QaN
zlog8m#a9QLQKvPH+I(zmarcCreq4xNeR^P=vJ5pfz=W<TBQ>B4oNAf)wBW9_KyJaQ
z?wcPHo^<ozEOP4fP5~!IiOS!VSC}uQ<8(q-m0RfsgruQ)&L*(_J(6AmVUZFkdg2nj
zP9>*;{@0Jqf|Rhpl01<3p7^>c&tQy^@FidOIfqC#-k2YQMw^eBJ{dc}U%>=Lw_lwW
z(aEnrEK2`v3mfvLx7BxpIC0ss3~?e}cNbTtU`=Qq#~HUO4Qz?Li@W$#=1S&zL2|QJ
zXM>U22jDuG+L_@yJ@yG)u5Z#g(;ZH7i#Xm(E2?{31`ZBYvNfKE3<Xu2V~Vqe3tB{E
zo{m<bTatC$eX9H}BkvEmNOhlA`@pZ%pwv=rAez-SJt8xD`bnZiIb*6DAw|V0r#5>T
zU?slZ3(8@M4lk6kBx#}Wm7ND|;<EI3-e6Lmii)8#p7cQ|oYM>G5>C`D3eUQjYlo?`
z|D<iE_Cf0J;KE{b9@>TVI2s5rP3k;Szh0)Ye%J0s<z6JRi0Rbb0fn@gb#;dZV~~VB
zQcnN*OGnA_C$AFsbeubD>lTmHcb}=9IhT))eaN+2MH+B6&wkEU8bQ~r&m%Y6a`OGf
z$fVIxqFd;Q>WC6~))tE?zDLU)_Cfj`cH1Ryh;&1jgZc0OUg3C$<Hw(e;aj_kl|c~l
z)f)oaBKW|IX_(~G&OO{#ZwMw(vEHgJa8W8w>gkL_dX`>BbCnHD<`<VgI^hNuEIK`c
zyBfg;MBcqFRx7b9;-1UZ=3;BITCMO%rEmA`jdUN)R-xHEP}9vchp?tkkq+QPaLZn|
z*oOT!(+i_ZO(`R|)Z6{13Sx83{<0Z5O*@;bw3?dH=VrK_xOxu4Bo!lLDQ(gSYn{SK
zE4D)GJe>c)`Re=O@15+Pl28f=?*&Rf6IMge+btiKlI-xzz{>*g)=-P61#C8M`Dob>
zavPJ<MQxYIBlh9Aq2GtERY8vuFTNKX8Hs6oFw*9(?m%|HtI@I(A^v0MJ#rpjfZLLr
zM(~!doVla_jOd=7NzYJg2ls=Zu)3Zz73SO-)k&yRxk2_dSM#2oAv;R4p#wo;FAVjh
z9!h==W=HEm4ak8tD{?=zT(F_96N~)+%$#1?o&7D3h!;#S@&qybpZ4A>s;RDh_tu9;
zEP$Z+ND~mHiu4X4SP-O(sHiAN?;wO0Ac;PRC{m>NM5RQOD!nT$MiL@K=@4lN9U(wS
zLXy4keNVn`?6D8_;U0gE$Ox>J%r)1X_kFMH`rQisW=CwBi%{-!1lZ<YRCAX01~%FX
z8P1KIg@o|lFttDHLp(7VBmcF#Htl%Wf)So4<pdci%KR|n2`l=NqJ3>7H$P3F$9P|)
zC@P;~CMC!<aO%WeOqjddP(g^Sz%_2QHE*erUi9jFLrh~b3MrqH>fQ6%Zq^tTre2cJ
zibMYvR(#`LsQ@O)Vp~5IR3%K{bW(@6A!eaw6R(<Yp1FF&HhPdCZH|7rxHxv!N?M7j
zYsOOw^AylOb|Eeq>DgwA+x!=Ioh#?&XS3`NxmXPShw%x=7m11c1vt$c=VmXL|8>!^
z{@eWy!=D;DH_~uv??o1I67gdt-^bn<85Az1*%oMf=J0>oDoqWo$r@{%<CqX_b7KZC
zrjs|7nr#@jCbi$B?mCvgNV8PK6hbc?`Wpz{Xtt|H*;SuAj(q-n)2(+oz7hRXq4TIz
zyafZw>rT9SYm)j+`#v<K-dJB3Nb*&(i<}Hd{~~}joRfcs^bDPBaHv2_1{UDmqb;>`
zazAtM`fO}+o?CZWFFG^1pJ&wa<;d^uHY?I{?Ymz^C9g}1^%j8&iXk=rZKXBu!mW&B
zu{M2O7auONmKIN6etW#mA>rXK)-nk-TR1|zg|gi23*0E5H)D%5o0|{0ZjNskkYmVd
z-!xE>Gc`8AB6`5BCvwfk>gyD->|6p+rYS;oZE1*_>)2Gr|8vSsc5$$?rzs>pWv0|0
z{rk1%!aoU7Suc@Osvki3B{QAT%I1>YMe32BNGWaU{l!BH6m!Dlwd}u|rO!jP;#|5?
z`uBbsZ}atIeY;OOmwdeGmY_y=l~W0ZSX<dUUp2z|cB<|rJhAD3`4Hsg->4v7xD)*3
zg6vHhXKZ)iy|<3oJ{Tmp-TrXAK25^-^45fOn}}K@vf*@;g4%MCN{E;!W8gvMOH3`n
z##qYpZR5QxD;<|Mfx17@i>Pi&&Kr}HUKO|}Ac36Y?z&5I8wfKFD*kOE-}C&j(EHHW
zZ%fF)^ZDjd!x*!afs#82pk_3+g(|7U*%jU?2%_Y^gDROjd8$>|AF<8eg51mS`38)<
z-wzD6{B~-ICXiqfPjbI2d|nXpH_^J`-3OD`_P{v&{bw95xXZq`eZ#M&_4*AiR^C{j
z+Ejg8(94Bz09tU^igsVkX9gSMIuUg|Z?U&v;4KD7s;xG?mHu5s>%pYnOIZx>pb5n#
z6zOLp5k)9M?XmJ#+xM>XF9dW6ODHK0@*iU_kgS`(JPJ)<ro?KVE4Xv%Hb&swpLzZQ
zWE*8ooyKZFxE5|@1)XqlP3iyjy!D><HE!KGk(v0a+g~n)Mt3IJXxdVzoIh(;N)<X?
zuv!xNkt9ov&VpOIOqF`8Jd+H}P@le%uD(baB4)%>awyFLyvi6k<#9Q0?(@CjK>5Rn
zWs=+ZD7*GMHq}P%LefEVIb*5)wD5{<io!t#^`?e^amlq83`>2YSZ@JukXwRl`vtPf
z{pmXAAL(kFpgMQn)azEGKv{9*GmUb$qr25^)><h_%55lC9(JKvCME1v3jDiHfr`88
zX_E#i4N%)JyTDdcwUr`8Z&16mMDdAt0)Ga2)0q1yI20(<_0h`hdM~GQEhap6drdXZ
z{P^!WA&q`K#(I@8zK+|>4fFXffS-M-!H01^a6xAo8_n3g@?!8D(g8WIx)eLe$6eH&
zZTA|J9^g`RLO6_3fyRo37W2IW%Jx96o$&(KyKE@OJTi9a`Q;pL+obMwefTW$UWGt!
z^9K@Zh2FQyI?B`Pk<h-Hauf{(X?bZT5>5v7z2~tVD?&M?>x^PGd19lA1dEQcrV3W^
zzZP$HHESZZrEiXXui8)JkEF<{i>mI%G=aVDyh-@iOTGxPjI;MS=X93Jw;y0z?lvmC
z+H3j7Mapw6pF+-@{~CTq)sO@2JUinqis`eC6)3*U7`>Kq#|<?PB<|4rmuNZ8lK2{J
zUd>_O_{5yn_veh0R2LT`Aa<x1>VL3J#xm!wULwD_=5o>Hb>r7FM+R<~d8W^b9Ce>=
z0!rpNRt0T8G^T!JI{y&SLgwyVA=q_0c;yMa)BLrO=$Y+(YV8_v`$;IT1jbWhQJrc&
zY&OJLRnUg@55^0iQmw>XE_?$F`@qmyGu$O}USyGS?_%>6UC(x-i%>BU;CI@fKHz3*
zQ@MbWFS_=vW)(C3sz7ePSQPCS=htgE^NODBF?>{NNoSNI<c^|cC_)ywCfyfM){IMn
zyZ>Mrn$?Kki<@YSK=FU4{f0}j_p5-kq4)p%=yQ6}S%gBB4OUr}<ORxWe4l`b_ePa7
zw)Fa<AL>WD%@A|wBgjPHw&s`_b-dLCEd$lj+UY{ds3O)NyZWLqN9Nc!sTQXI$HmKf
zf1>kuCl`gls5DUnXv*-4?QDZztVy8IyOM55r)K$;i#E8(zA3vhZ_LIHP}!QA(CRcX
z3QsWjcWDNQ*0?u#G1Po`i7WEyTyA*50*fd|xPQO&bN&_Z6#n(3Q~ICmP%1y7G>z`r
zz33q>H!_Jg`qU>0!&F2^7d<4-JrvVZ)@k;;9piFT>X;zG-tA3|`Blh}tbgyl^>8q2
z>m*nI#+jS1xD$Alp2_o{<NI2|Q!N2T){jU;``2!Zs`Z^#ahPA9j!F&RDo}xC>#QvP
zey90o(oO%qNjXH|;p`oLK3>_s;KLbyAID<<>sU|8nOsRQh>NJv&z(@<I@|qR3R%2G
z75Xi{eWwk*`@UZX%tW#l(v`u-{}ym0ycL+Y(D%QN=FtpCl=d07u;~1IhOmK{^R2~v
zZY^(L4qn}l35=0n5B$!_I$yaQc-V2Ij~!wbXt409VYNqE<G><3aG#3e)(bs;J`MjQ
z2+_9ZZ}9t_V?Bp%xH^V58Qr_47@f!4EHG~~R&@T@vUQ7V)oPS=ICHkAZM89vdjtq|
zeybLVn+uwY{b$y-e(#Dl8VfGVgZL2mJL*yR+y)Rz?>jIxnx$BNp~9+o9t<3D*@nr?
zfK9xSjG8?Flmck@5Z+egHK}iTTL$3^agbGhGySSzU@TrsTkZB02Szb22?^hrhW_Df
zT#;4>C~ej!Q~#;Il4@?u9-qI~<WpSkSUqv4^5RvQ;kpY0Gd&h7b9u}$HfPai7_4>?
z>S90kZNBdtqxrnQ%l-Ocg`ZKdPE9(CFFL$=a_h$tCMLsh)gB#M8>77D(E%>3;e(<Q
zA~xA`P~3{5*|neX?riv0h$eQn+_A|8uR0j{GQ@f22YslNB;B&|R;r#RQn2!w+C1in
z4zJHN^d7AryCZM)-eH63_^^R%_8S0|u(dbxky^@qzSSqLKDt7%=WCcIUbv%q0LY89
z_}{_R0-oMWTjN>nW`gStRfJve&G@pBbH*%b-h}sJ!m^(@5jC84-AOo<Ezm+qG;88>
zDZKQ>?x7Tb9qC+(#|5IoTSjD(#RC&1Kok8@3tx>*uitF@c`aFDwvLkNrVkE)zv2TS
z_{E|(z}gG%oU+i$6Mft=!{N&cXuw>ExUFlM^Och<wAYzQ$XW6xZbFG^%cS#7>^7d~
zSw)F&p9-zGUsYz;B{l~;EhD~64Y7+P$6#`2e1=hwjP2$Hn)cQ^r_&QQsqt^WWJz}r
zYr<+alme(BAzw_nRtp^XYo1bMyce&TTj)IFmR+A`Q`X(jE02$xI5wfSby=95uR(}U
zzWwcE%@0Ce^L2Rfi`{)>RJtP?y$HvyM+xN_7R7Md3uC`N-=|~5{`^PgLpihk(J%;+
z+XkLH>Z`Y97Iigs>8+#WUSplu=#QkvMf-X$`pKGq`c?}ug!-2R37<ZbDW6x|5B*=o
zJ#c`F;<of1^gmQ9VO6qFr}-Mc-GPT>Z8L{6>%BUeNNpvg<`|>kQ*rrjRkf06#O*IE
zX>V6A+sz53Ga=<l;*kaAaEiWz+EQ4a(Pn^y<{V=#r?uo4IJLIA&g;7t($U&$lhXZK
za(;24?CI(%%Ygle+KdXch$G#tUw`f5Wt%GdTD$BFyr5h(^rKP)O~OHU%f#WG=38rH
zu=CGGrvKbegYoV=$-C=$%3`5_ib(z#@W5t=%dtA@{zGS$Tv*k?G<}&Rd9!V6mTXAX
zv_|BZLb$~1Y-*23U)K1Dr%L@jagJ;KZ<!hq8=0opp5N>=1o2*}d8fx5kLPASAbr#E
z`${L-;OK{u+RpulQ4NKo@xzdDo>e(BF*{HU8zj4kPmoKaqj}=eid<fh<~N7^JjRLs
zbK-K5`ub6i<;18X1NFf;Lk}u)I56z0g?DE!v38DqUrY?P9_a6qhhfo_Aj;q30YL&o
zr@?^K*d3YZ>)wW`%Pfj4MY@t|pQag%n<XN$G$@Lh<Jq3dpG5roub*7?^xy6_T}i_x
zo5_6mDJY@su=R;AU~3W(LwrZH17GMG$<fQmELFPn3O4Hd=~geI12R9GDhLwq$xnvw
z9&un#ad0I@?kLO1+TZP|w+MBS(Wy3fcXDA7!vGuM9SECCoqDN<0Kkd?&$7*L!fsYp
zm;2pt>9=w0%17nQfss_+I4iT0zNOOh<me#k1svU?Y4y-fnzUJJ@Fwk1s-rbR!?j<s
zRF$G}5`xUmzrq9#l11Ul?8|?(zqRj!SF#%1`en>gedGX!OTG*+3V@5`56opMRWD20
z>_Y*-5(>@)u4&YNp+Zm#@&n*2g#mAWy9a#Am6ZSJUFMZ?AZDpWV`ji{J+b+(J^?kK
z|2e_`%@8@df$4LC_BdB*V&A)+uld8)L8$EKgUiKyAA_|iDfe8OBL`hGGKtgs2M1<F
zv8TH2)o9t`!89CnQUOK+J-j~kb9DRW<OgXSbgXQjSefA{M9r>RsZTUxGzKB>#o8vQ
zI``I4avxSGEH-BM8Xk3T(D@tiJ)7q(IlA7zM=-V|E*b6+RsC$%H6Htz+Ur+r-`00b
z$}tSn_q%GRkWJmP$Q7b}c$s|q)-#8Ue8@#+bE!=>9wv*uWVrbJ?96@pYkQV2<&t8S
zKGL)FvX;yjNl~D~_j;(O2};gX0%ip*XjnImG)uBw%-Pel`YLIcI&@W?qGdP1g)q7U
zin}-8RW$f)ue}DTo=4r{Zpm6~oQ<$_oqVouUHVZPr*}#{burZW^S^xVAfid8Yf*Ad
zJLa>rkjr#u?9M)qXRz1;28GQKkbzP|v{s^9a++gBU^fiF?X2Z8t^GW&dWP0bLz+il
zG)*dc|4L7iC;{xA?QNX7;{m5f(e53dtBLId^7=Sqs$+|t9c(nT5}^IaJZ?LwCjZt2
zEec&oL1q1#m0;Xx*{8cYt1l;Bg|llsc#wUodBRk8Nh7~P=7bA`)G_SGNL${%k_5|U
zsHH~i>7I#l4lbK(T`Cj-L}E)f*#?w*zeK)*)8wJbUj<rDP()<>K1t@#j>ZHuV6U!?
zoFzz?On7Kx4QXexTxD{i>*MH^Dukk2k*R=_X%GDSqB5=(oplS8h1EvHndH81ZJ3?1
zl8B6hfqrQt0*8Ubm~9Dzhoy%90;SFlX|Dy_nPpQ|qqE2Md6od@a+5pDzZ&)}U16vt
zJkX))(NmSc>xJ1#iZGmJHGKYChW6uMmzGCs(EAdl=Fnvi!^o|wByoeW!;*9At`?aW
zH+)4jJS@Q#`>qi%HHUC_xZ)u!Ct@h}g&Zuv6_Zp4kQ>LFLl#}mn<mx%qZrJY2+7`-
z5yL!xQKS4?kMMGN)!=PGs02M;3rdxUn#(X)0X(=hagObi5|-Ut+h9WDi9mz7Yy8B3
zg;$O-U?1DS@p)5&Q5yWW|MG^dMY1Ps&1og(pu2v^ki*bof&I#Wz1Vmj3snQ29oKH;
zSllVT0|9&g=9E#yvYMOQBCA6Yt0z%A-l0uOqO2#LTclNZ8{c|xxsoKR^>HeW@hizb
z>OQUGBPR#+MrC}ny9_;BS-J;$A8Vt|5@v@tJ7%3>o)r5reIZYK&sygkJ>k+*)+;Gs
zy{t%&l8~TXsciSJsFJ9ZBe-pXdNr`=IBf!tNh@Mp(SO>M7DbN6j>P$)*Wq0|^q<yj
zOJy<IjW4ccR&-B)c1``SE~dX1+PBO%cx6gSrKXw{fcJN>p{kfk<xq36Je{eOM4B^d
z$bL6!j2L755Wu9hrBZ@>4Z@+>8(e|3aLSAtfAeL}$v`-Zi#epz5KL@$={$cZxmx)f
z$0l`G;m8~yCa}RFdbC-D;0u7)gM5s*PZ1giphc#YfLti{W!rqFgO7Uv&(mpMqMrAl
zbe<8Sop5z1p%-cm(4E?U$Exf$x&3@^d!8SFfUNIs^22{~In?{*R7R0=JXb877^!uE
zq^Yc7${vxj^}CCIyrF$tX&eAA_)+mX4JrtF-%cfh)#riBo*ti#9*)!P2Y5Yxn{!yP
zA6tQ5!0NN4$FLI9Zuw~Vd#2oXPx-3QgYf5VEpN~d;ST4Wz_Y1oet@ye@nbua5MEah
z#&Rsj=`Cs1*YRafd|_DmdD666M&X-%ldQWO{q?(Ipu$)C4C5~>(RlN3`En+|25UIC
z7IjWBhO`|<zXlBFDMfv0->6ezHottCf;LI!J<u2K7-hWqqynXv40&YkG5dxK?&lEg
zP2Jm|?a^s|yAH$68}DsYVEb3RHdS<^JE9?C2Db-!{nItT?fz&fW{uKU35I5hEy}n`
z);<g$>xH+_`aM3LgtQ|GMMj=xz0B1+Sxk+_`K*pd4v1|Fcv)p&TWs6LmL5H~iLq&E
zUM%<LYIkR8*0cobez>VGFc$m@zl!(l-}YpWAXes=BT$j$k(+SNWP8g<cs)tKX}C^<
zveEIP^RHun!RwjF;jOd$oVrRm%i0g#3l|h1Nm3-=$~Hd$1`}#`#P8K=_!Jb)DJ(60
zuG%1Mf;%spEjw#DdfG(2q`M}X9?TyzA~z$c6OhjWfK$I+s}dgvO>D7$1IXX;@DAof
zCV+`rG%@(GkJqU`UgJrq&kJlH1z@*Ht<^pGfz690LvODh23RHNj7#}K6vu^;&(Rk<
zHhRV2Dr`2bBdUBKjkd~WuG8F)aX;Fa>GAFEO5fE(zeuJx$_1_HQatdvqx&qgC_ozx
z(>o@5cE|mpJfrO}Ad8+!@J*Pl0mD{f?^~87Hktr_dp&e-bea`75TQHQ5JsXlj7$=y
z9)%l1uBx{U+~@Q1i2<@34{^zQE;d6<XOpWW#F97ChB<8$UN0Wbww8e;sS+o_(Ou23
z-_JvBO3uiw`R_=Wc5DJ{hx+q2^cMemddbeL(~1Z1C39HJPQVbZPAPWpR{<|4@668~
zBJJj$FN08d%Kd9hl+72~$k9V~VH`YW<eDdYz$2*@(5HH$0N2*kKeLh>_gjiz-d(qP
ztXMyvocA?vS|-Rw9FAr=xyZveX4gm3!VBE|QAPx1UDl;!M1!QCZ_QL2`ld#k3lMI7
zP>j_JWRHljE!oUQ(p^lJa@CGX{yO0rI!oof{8`_nWorvw#`peV>BVn$j*xb05~-H7
zvK`Z^m+Tqfo~q!P<C&_^SFOZ)Fi%MfnNF?YxS5J?Dn{+JBSx!~hsSDYoIc-Q+N5Yf
zv4L%U6@eF?4yi-8f$cagkJ^J@c{`p&4WIdkLx0tQ9`AUJtn(iG>RUlcFrP}{LDuM?
z42P4zTlU%|>q<?^^4O@f&SvrU?Vr(jD2Q656+8HM(!HNB+O}DKZJ2?S+ME+(#$zW&
z8c(M<(XP+*iEtJWQ{Qg~17gNTU>~{jL65&{2e7{r5YdYO+HL2eccC!m>%VG$<F@QO
z7`Fj@FELv0x>)xMR{(rc4`^^lj>^rQOt^SkToDKTkq?32{)vnWN~CX{N&;<OXZGr}
zI}6HLm)%X{iV-^`cKIzU=0lR?@;X2)=>Qzc-A%W{NpAsWXE#U1VyAi7<XM&;A%}`_
z^k3oBaQ0}om|jpLo$jli?ekVRrj-whUx(D&sIacSbUO;MF<$R5mTv>dHxo2tx?xpC
z$%&2wB(z@4L#S%go}Tow8q=m7n!Il~51SXKjDKuHe%d$rg)PxBrDTw;cMer<We*|g
z<utnaYA1juhRXy8YOm)!FtRJbhOI~W1pfY;yknu|8yJnB#&YFmQ>D2szijdxT8#0i
zl=exH{;U$A5H<G3UO&!F%*qq%cX4mw=>(itGb=mUXph9t64snQ{~(g&V*Z~ggqYvZ
zSOxf6`G%ncY?G)e(zH99S0gXtV0L-50)0O8Te*cgE*ql$?H<IsWE@p$lPfo!<{5nZ
z6KMqvSx$4U*s#1~i9X(<F^tI2bT$z*nku)KAQRl;gb1{4c>6z0^TFop<W`UPTxwh(
zAqUdjuv<fbNP1t{gl|1&C&&T6v@#8JpaC`Hd|lQkx+7w9ZAbH|_hx%CrRh7&v!K!@
z>E{}qI+0C+blIBiwTw7%ey8mLcv8KLB0aQ;er}fQuXm@j?t8(bV*x8%SJXEJ^oSbf
zjO#x1x6XIC!le(r0f^N50I-|B!QAVspfesK`@HYUYR)(Nc9(tjvv}Bu^FCg1p3ghG
z`-SJ;?nXfWKHRFg2_s;N*Ps|jln6ORR~ypj(%ShS=L5Gd=+Vx4^RlwR%!~6Y0Is(7
zuw=Aqhm!vdBGt1XG!wS*3P23SN}*9v`R8ddom`B?t7Yir&sI8<b4q_7;Rkqi@0@s)
z4p(%rBRc|e*Y+8X0Kb{6{u!}1E4d2r$#;ehcsoX|Y8kM$h^y}lll};>_o4Alk`!~N
zJu1P7M8@ZNR(7zPB>~-ae>Fg!|JmR=r*PnrA?B4R<3j>MYGw@BK1=f0lY0bfL(W~v
zgw=AIV@-f$>zWqnnMkVe9Iy<2GLmTSFq|ZV1L4+oG$2X6;*gwna1I&4QvQQOTj!r5
zB<aoz1b#@u+R!9zZ0^}~(5zoh<qUV--||Z}0thFAniS24#p|M6RRd0V-!`?0{N)6>
z)u#?g)l_SPv-UnnH*Ua?|MJA|_Su*3S>TNqZL2RjSc3sgGm_dBoO0xe_k+9wa$J+r
zc1bPI*ugxg8e$SNQF6BYv=BDmg6|4Fmx>`&S!vVrC!=Nu*b~MUr+6DYJJWDFhwfuo
zkje*Ek*U?>CVU=sF2_w00axrqLT3V3B@y(dh9`?GvO7HgO3ub!bZRvvd&?VrAW^p~
zKkDhd)KPnUQ*ApCHRo)STi=oQw$c4Nw2K6fqN9#?8ya)khUWYbfz~2JBM!wI*7#hA
zil5EkGq``{R=B=*C&HT5*3j)NNkX2{$&=mP{E<&*Pxq5P8Lf7-;B5wDCD-fQ#2FOS
zd>4S5xD`y^13-^WEV51qmY?xljb9MH{j-Ue1Rzl6`^qp|`(XWcIACI^;X1DSxqdRt
z!KwGR$pnOq+YqG(!l`)yGYDD>33~bSo69j}P%60|2)3e(f_EkXCf*-XeaRXCg0h7q
zeNp*)TH(PP53xc?raNA5Yk8Oe2jCviyT|xczveUdLG;`Oji3JFes}&1CGqlcdHE;%
zknsk)HwT0GnOlpq%Z0I@5gew|xL*x^1&GW(iX-+mrc5PbtapKPsvuMpRHu=)zYb{T
z7%^9B+E7g3Z+s1a8w1w*WFHbg)eXoqX!}%_dVn!Ef?{vUjRRbQm3@TY!>H9dNBPY(
z)Lu77=h--d!=iFa#z+i1hy!=CJDz?otH7`D^v))m)I=x>4R!^otIZ_lJ)k%TME(xe
zS<YTirA!J!rUG4}bW-g1)?4Rj)upSAec`Kby7;Rk_a2)9Zb_$Fi$J|$D_snJ$}`jZ
zv}D~nzD1^^hwv>w&U_$0ux?(+?=Ho6@)YxZmF7zebqf2PRl@c<ZTu&~#&HZO{Pc<z
zg=*ADIBu{YRF9<?c^+PA$P*7Aajc)Lcd9Pv=&-6-^mke6dV?lBRaka)3**<AHDk`(
zbSz`C%RN?aa@op2kRa2kj{ICTq-nYv((ruy98@wPh0=v_zphTsz|lWswesr+-Mmyk
zT7qgou^%5cSo{iG@ib!83-ua?(y;7SH1ll<$_%lir>(V$t#<Mc&P+bK(E<y{!;0UY
zgS}TF6yLhPKW{&g^8=Kpa-W9>UCaFyV>G51HXwrdt;+jri4d>}C*)CMtst=rL{zOT
zwx**eE7)pK;W~+#MQTv-Yk!IUXC+HH!~%Wv3^i%4fS?9mg4A?S&Fqg`@xq^_=@Ckc
zaC*;A*Yp}?UY=eU7H3S++9_P9w+l6VKZZ`Sha3X8S*4eeU|8hToO-jtvwOv|LaJF?
z;%IGg)kWa|p9%%(&vU)d*vkp-KK&vu_#mVrGr?g1D;8jtr@cKud>T<2TC$_>^Rz1;
z?Ypfu&3h66`aX%*LhZ<5My_bK#ns+R^kqy?z!dJBfnT$C^ErSW2d1*}M3piSh+<wD
z0p{JZBUOAuU0x#Ix97be^2GF0CihmQr{VZ$*8PZMm*g*g{)*Y~D!A0R&lco4b)=8;
zWcHH;Q9|idV{%yw1u0!qAaID!_v#-<H-AU!GJ6Aom>92Up`C2m+cBx&Xt#gX?-=jQ
z`$S?*BubF$F%_F0OWqJ`&Zcusb0j3BbA^)yYa41?K3wULJfO7tBnG0DS$<fXDjKo|
znONRBB^YmpD8{5oI0B~_RHr15$6|R3aLk_+Nk1D>RQzys+KD%WCb6f|T#vt^;7c)A
zpx%3}mUw!+kYOQw9095G;k|K9&|!$ri{>=Gljkt1V7l5uuD0u|?#E+S(6CE+DsX4w
zT%!>c_c!p+rSdLNe_Jw#LV&PvAG*1Fz(&(QFqmex^K}&yh0hkcqXe5;Yg5y?l+Hia
z_}<$cVjZ5EW7T@}qB9U;@;7aqFEN}xZ@`&uFsdzRrzK9v6R<%<5g$Z<s-<D9TNaWk
zH@;!u)Bq$gL)z~7X>LaCYp*Mu(~7oJa8Udy^4=GRq;1cp0q?^j5FmOa5mRJuL|Lcp
zd`u13b)H&=7IvT&b0E0L%?XzY1vdl6ddKD!?KL$eSNX=m*GQY9RO_-7S?OgHT3Zjz
zUEtoaBO)qf3UFWSFQk+%)29!wa!46KfX|&Vc9-`&9_8H*1Cq>0;sU_D9rt};5V|xs
z{dDZE53c4$OMmj~v3qaKv}7}LXLKEb6$wG&qm`nO_p4=1$9U0rJ&X(-r_BKFyJgsr
z_qpQ<*-27{K+*ziRl*K$PUn>@+O~+_aJ7E=cOCADo(;-064`kmcf-!>3;la5&?=x~
zYtX_!%}N_9<nb5*ESRLIRn1u82mJV51>;A?JDLM!U<REEZFxea?{|`*8CphIHj$q3
zcd>xooe}(F%~U8Bwlj(uHl055{pQoqz4fQM#Nqn@jYTh35AmyK9LSyf6Ok?0lDrX0
znx$X|0pC%T)3!C_y0g~l*n2j}4<OxW;i1XW5<X)b$WQP3QF7j>UHRH};5$JhVy_MC
z{xVXF;$3Y`j<(83*Ru&()I;>MGJ$P$nI|uBsqaTL0k-alz)D8{vT1dS9Ll$gUn7H{
zL9V<zBmf62>_bWm-Fj)TT*UHk@o!IM^4ht8J{4~UDNp^alasng3M3SO*tUiNkJFq`
zjypij@u32a-j|G=hUr7OReOX($%xwJFzq7ZPscpiaHuJxxlE754{5)sMgg{Xh&8=H
zD3~6eB*OFWtTe&xl^kIch8>}TDhJ;6<W+)w@Dd=rwZV=K`1hHh8p1SUvP)wgMEM|-
zHe|nF63nJD1N8MbbWz)_Nc7P>_!P?2#1e&n^7y4*$EShI?aIFW4Ve6z{35|{CzRq3
zu@UwK8@W9RLZ24I6F?(-??^m!e2wNeYyMKhNt>*vMW`{UQyqlE!Nomi$|paSv`c*~
z!a*Z1HNJlvtLimC$sfQ@ckvt5mN!g|B^mDAb&`FM-ECWFG8*1a6|X#+EP5BL(aYXa
z+Rtm-ppl=CP_iMpo<Pf<iR==*Ufqi3JqqXqC22bGet=KPM|H}60}gke3<cFUw?Eq;
z7<M{XBcO-MCaaaRnbi@|s9G8%ArQo!9g@3M<CM)BC^TiN<9DTUYwe;WTK5T%?=QVQ
z%xW(*LOeLEbaEsv^U%TJUcH-DpE*2f{pxsPQ^PZK6_-Thf)qbS2Ur*X{;^d9erV9o
zaRs>AeJGXT>~``8pxUNDDr>t|agV8xn6yzs*<!722JlGkCbH+E^%GOZkJ^3Bca?}r
z^macijubn=95)D{EYrF5iT(`)_s)t&7AUZ}AHd}MR^0R(>Zja&UtTgQ#`-FppUCzL
zDDpI#=W363?^7vr?q?ZLh9>eFfi4LV3o-RfWm53@%Op)4*lN6u?$3M6F6elWgz!N`
zsfu4N$2gr<J{z$}EkFEcHOt7Y3*2myJ`XE0iu(~swd{=$a2paycuA4=?Wav@&<d!r
zSn!sd3@<^NFuT^`M<G_iLV0vJHl(!HS80~vn*Pa@iyS{$S#i2XUcP;8k`(?i@im~e
zBGxEmB)RqbmZ(zH?nk|n>)-s#Z!pFjNJu2u>(JZT)VWDZ(Wh8I<)d1})ubs!t0;*T
zi@CvG|1ej8yii5;G=lO|!5$q#672A`5i`aWB?FIw&ZzdePN?zNz;{l#Okls7XSE^F
zvB6ISUntUa=7>;9>eC+8$o<sff(VGAVJBz<(qtx)=YH@KJ4CrUwD)N%rN#Xxoj+<&
z${iYZ+;hJ`BzVCXoj&jWM6Z79#L)42f5Qj){6&?AMo!la2)k4)@*{R*hEusbQ0$fO
z02R8@EEzl<WC#G-w=XY@WOe?PB;MUH50E_{RLcq>$;%;zpQDKlMzFR01|jVHMrFn(
zhO$1xF{d2@CcGQeXI$ZIik_2^J2M{@gnj8q#A|a$bje4ds6ei1j9_EdS1p{_E-stN
z^*ohE#QqjCDU4l*9;Xi%q~K5il{BcVk^BQ-_e<BEk|6aumJp!97uz9VulsT;XTLrV
zynf*tr2S`B$7@A16e}daux<*gt%Jk9YVv`=BR1W%8`M|<8|&{lb8+KL&tb3NSMsYA
zhlNT|PzlY(!jtT}gm+atXht?_Z-URdBWSLIvi@Y&MEu45`r9pRzMP1AbJnf~hI;p{
z@ZKWwLT+80o~H=J8c(;%lJw!9iY!AY=3FMf4@JD&c-bVny=Zgi!|FF9Pi*zO?>LPm
zjXY@ry*yxx9<Vw0Haz0X!$>Ey52gFF1b|xA<NN!xY;B5<PL;KBlk>y<vmu=~Evyfo
zUH2*BpNxDEK)RLt>rgmP9s~W44#`hYMYCv!4SAV;(*DN`wOy`lhBLH3EqwdCYO9rS
z{s8Y&;5gTdw<X?Tr@0?eC9huVSbbm3r~0oSy5x*Wg77p~Zmb&bAX(M7zwpL^BXQ>}
zL&>1rI^tomm~WTDZ=YbA?5Ppx9&dj=r2+`T>|dvq?l<arY=!v@0SN9#PBv#^86iMN
zr#*h~SN975ef#^{t1uC-P3v+n%`nQT=9YVZAsLi;ncN!oEq5Pj`o-w22>@OA>t}bq
zAmNFEc=RQ`PSB6NFtHY&H*x3Tj50)HnG^hT!xc(rq)EJ|q$Ox$kNHk;PxsWREi=og
zt4z)_^Pl;&K&DgRl_Zg*tdAXUK9=gyJXRH*HgSNPn#s40AfK<K(u-pW(C42Ir<<z_
z#WE73_S{rc6A+r%7HaeP;2i#R;f#n;G)=Jtc(&Ml6KK0q{9I42X2n%mdVD4)0T+3j
z9Nl54$jB$a##+(^daZO(mNP^P5Gv%_M)kQ1h(l83oXEGr(-d%8lu1_GFO<WCb4%rz
zO*rXGNpfQ!$|?uq4Fmd8Xt?8{%O#u*&3~f=?|;-w22-%jy~Agwof&ma>Z6qH2f9-~
zi$q#KriBMF+L_dXqRZ<$jbD(61x??bU!_x%^YfVg-v<>tTDpe)Dp3eR?nLO#ijK&W
z+Wm?!aXu><0P*#<K=gKkLpHd+C(Or-KJdtgi&0#2TrkPoL$y)r>hlqasFmrG*W^{8
z*MiOn;9XzlejS)g)X8TpWbysrb~WEG21E&SUwZ{P5+h6jy7weRH<LkP+z{(>t-2ZK
zDv_#0_SV2*5F-F0k?qBBvdPoN_a=zUdW0Fr9!%Dq6}B9u#4A?(_U%cx^X;#`n|y-b
zqd$MKoTpI|fT_3fH=hn!n;1PDQuy-#ZJ*5|kwo<n5nf2rExqUIwkQ01Z9dCsXM2ku
z-Jy?ioNc%5vhI8Seicp7E382uo{0fy;KTJ3!F^gdJ(?CHAE3A8b><uG_ym0K&`<^s
zn7Uwid)okb+v|1j$h5d7*2YIFc@Gn{;$g7PhAp$F#n@I`Li&_mo?W`5QGHf3I3REb
z(SP`<@7T0di_&QFV*vTo4dQO?`kht2`dX-sz$nS{_mRtoJ=3WK9swOP8a^V%)H;=s
ztLJ&CaldB1Jx{%keWmB~A*CZbjaOIeF==-!OA$xcm|D*u9WP$32Vv*rmMhy-vxWeO
zqQ)gMY~~Gz{^r(I{f9Lse7k7M?+Ezgj|fScnAk8!TSz6+XQ?Eyu_k!;+@E@DF<uYf
zFY@;V|Nfjv4_J^!;M-1(80X_aAElq9^%ma>0(}Kt*7Zs#BD?T7Jp=ZgDT~P5g+n>@
z_K`ZLC8d>bdu1Y#!CUPCe}ki$9*9i3^tt6dkq#-WnDdAo^ZI}5WE55kM|_>&xJ<c_
z2kGp7@_6{cuD!~SsE%PYdG9l6g&d>L*jz#T-_7!ETi2iMx>2PQde?RT;S&NK?hUtH
zv*6A7Hv}ao{;ujw3jg)NGr0|}xMa{=7II2Jwl@i=|BFD9jux7nhM17%RsH>VAYw6z
zJ?O9R^)TP5EdL=QCZA1+7EL%f-YM``-P(`))KXQSXzwZf_314w{$0(x-Ce&Rw_)ad
z8s@qTufwCN!u|{=s#(1*BKJv+Q(vYMOk_7*l&jYE6%M)zbgu*VTqp91zbge}Ud*ai
ziN}1dmK^S@+sM%!Li4F$l9p%E{G(~0{u8bQ*t_k6uwFW^XwcvU_|20ifAP#vS{Gyw
z>{Ti^FPtOE?Vw8yXh|O1wu%I;$1A`yM@De%ix=?iQIFLJJgDB71>X+snMk1K#Z_<k
z12jDL6g&lf?cnlt)=_{wd8ln=N3LQ+b(j=hDi+ZW0Mn0?YAgNPGV%hrBhRm7gy#p6
z7(3d3XnCt0HRT9%|Gd?9XQ$m6@=%a5b??dJpyR?e?Ro5*!x+D07<`FE1mbvLLb{A2
zXbu58sA#H0;LMZ&6O{!7+v+3HoNSJyioat;1|F)8YW+^5|D+iv=tQA7Wm(NN(UaE@
z7D${u2=e(wC5A&C-kDd@rVTiUPkM{3_x1kLI(6W+?R8Ii&{`9r(fg6)%s4~Q=~E?a
z+XC#fVxI;bq8k46^M<Pd+KitWt@Magdhwlj%F}^t*qdTEhdnk6a@_*ekf%a`xrE81
z6dnxX5_dA4rY6FeU+R&zm@+}&8JB6q^tet(d-3Wf%RkzHFoHBI8Pk|C%YM)5H*&?+
zeES@X0{4wGK>ExgRvK%K%G<0yGsrOCujNu$$apo`F-`xub*nY23Dg4=^)$OJxU-eG
z-TdHV)*Q?FsW=R)wi_^$77i+G(=g#({A>2hN^a3n-Z4g7AYxK>Q|ozmz9;eTOa+kf
zRGsY0xJtw5^>HUip^a{5S%q%pNafo<LWPi<c75TPuE*72GJS6tXxf%h*~Uk-5M~59
zg-?ct0j%?J7LBxCH!k4(f-B~_m6}$+4FJD@1A+T|aedz9vE57>7eD9*_7vunvt?-y
znyhy{?jTsn<V<Bd!$(FVnrNj1b%Gw@>I-s;T$C|V@!4FY;J1xeL%WYILb)RfM|FpB
zX9I;<XDh^n6A}-ro4lhmyBLu3?i@ao^@Viqcs&NTINngX-waejmOG3`{(!R>EumA;
zhg@g|`i|z1^8)*YLX4e4jvW|;5f2vj8@jr|ezg}@He8rtYllFR7H9LwN=!qF)nHz2
z^Dy7zX7WU$^QQ_ZO|DfoZ!9PmRkOA^E;`zyvoHKTI_`PJVHwp;3vR%yc8c|Xa%ID^
zSpdL#B{i>qqlDUhtx*dHJt?_CEJMPqL6qwT09!u#Nwcf95sukO<S%GEpY&XsBbg2q
z8D<@8tn75mzbN{@qR+`#Lh8pkQP~97bTqHOpS{!Ls%<z`U1!;G*4{R4sEHmM)+G}+
z(&Nb*2xwlp;mi13+LSVu#)^QN?t!fmF!{8#P{AvuM)*yyDK?3Ee21>crV3R`%{4Ak
zFZ|ibQ$1g#kr>(S4UP1YU-6W95`2%{_WPpRZ`ge&=PWrwoQ?{rfXUV)#3MTLJqHhm
z%!v5T<b;BwzGfc>*+oBp$r^qB#o8zhj4I-ZmMggYX04I&xMcxnH1_9#Ls-#4HqL%U
zkfLIyl>t;E<_J-n(RN2L%=96zQI+i7n(XWiWh@ms*@K{d8I3R*-Ptmfqug(l2@=R!
zPxC8u2RxZ71~dY@=XCD-j_q&P=;8jMw5bM}#gm5)M=zyhf(NdZG_yog%{%iC-#ee_
zc%18Ww>oj9{w&Ttw1^KbHRN%8)NvAecr-Mq-y3rO#THzR000wbBR|o&h*pUa(f=y%
zSc&awE;jOr$IU_#mey392Pwyc97kvG2-V9Pj{x0BY%8mq+Nai);N#p@>kq!~eG2%T
zp0qRlshy40ToYVgu&^%IcfK1JDQi+tRd{;4en64I1OpY*Pf{8!b6v%=Nuev$FN5HA
zf@vRflxe|`?t{T{w*4p%YM9!8XZ)*Y3TRYd19#ffD@T=2^)nOXoU_BZQrwOUhs2iz
z+Y;A`$$o|1>@+e~kZG>W%ObR8md7_@SBRR(s%n&4dA8Gr%NOc}%>BSDoil{JOXO%k
z1CFtF+Il0WG@2+fQ1~X{G{JVWwMPTn-h^Wjn|Aj`&5b#ObE8UImc4M{5YFD%hq<N%
zPd#Y;OO^H@01akQS_?#D5IV#h5{z^{_T$)u5TYMS+swaHbQI2s;K;6jj~JqQ|7Asl
zu2YE5q*t%+R4y74;?A?B3%+wcd;+dVoZi*!+owE~hPX<S#>lF!)kyc9w<g)Ei@DPw
zphZ=jXO}VPglQycC4CjRGPkq0>dIF4Mo(ir^u&_9BayS1?QVKe16SQTfPlMw;7C>y
z`h)I=V_ngocUIUzPOeVmd#JY4oz>vXr_iAuwY%1VmGLiH-sVvo9W7O?h-yRC;Ch&7
zNk*teXA$0@@IBh}X7cZDqTxN8{1>X4P(p7GQf_JsoRMCZJX=EZm%nfb;BuwhT(UkI
zQDzbN3TooFO%DBM89G2TR`&lZ8m3;{n^fiJX`bk)uYoc=ZpZj}qWyL2(T5kJtN*O`
zGdf9h@~D}P7y+yUiULWd*d|ltnXRgco*<TGv2Q!kIp-X5BVuhdPJs~iwkox@V!v2C
zBQb}frDOZSuRz3SW+WYC=z0V47$$vpaQz{9mVW%&nR~^vQtU0X@W=5=sZwcN(@0g3
zm68=sBn8Yp@anIZ!GFkHz%0rda#E+HN}JWC0lfnIQ}qI$6yc#izFw{0X$Jgme>hkF
zKi!|sqe0o$30|n^|5io_<&wea5^r4068kT;s}=Z~W~sLffX6@cKwf7H$ld<*7u*CS
zhtg&@SEYf5X*B?aXB5C~?KipWbNK&!9wB$2>D`|uhJnBlQl)=d1IN_^Lb!Cp|2e^b
zF4_NKi0(nAAS-zRIJL`dCkvI$w#^JNwY7j&chn4chrwHuLx^~1)oXmgs$7)w+VjF;
z9Y%jHIr<Avz5eKbgslp4Ix1ABs>Q(kTci0#(a)5`LR&^_Wp}XMrpMM4&9)zY1Y2(&
zwQ#EAU!MTvpy_f@2>4CYf7*vu@3#-NO<gKxSbGHm=!q)3HPBhl{w$S-YJ#I*jedS!
zc7qVUM90jMLA+V&vy|qc=-BXuvJSXI_ye{KRTLV$u{&3ofV|dBZ$sk2PA=Y$x!#?R
zT3D1PN8?;gN52iwvhn`pI?5qhMiHX|&?mwM$4p2}gm!fupl7{$r_ynrSkH2*e}w|D
z8D8NThCkS%Q8xfxHt?d(aENYVut{$7!^RiCOmT3QG=x{c9%JCztBHv5bh6w?y1jL(
z`K>f3@E4C-y>SMzu~-SYmx8vkC`qaTV>c6qJQ@G}c>nmoT~Zy9?(37E;u4#erEN?-
z`4`>J2TqV=L6B@K*s7C6$*+C=uNHlN*589^qFpo)rrmT^kOKpRx}Rp!Y=X5Yl9p$j
z2_4(7wU#&E*vOQEmz%6<qvppl?^M?3z#MCW2u}X9c_cT<j_8<MGoqYtcy02iqThU{
z9#XsffhM6BU|X>}fU(j_M;8(vEUlZ~RS&JT@`Gk2Mor&mHqsLh(Nc<T4(y(87+F9o
ze~NW|&RA!r#mD#Z0k#==Q54Y6u18Zx1-Pd7qFGB?U1l=x=QzSuXBIe$!2Nsmc2O2G
zthd(1(Yy54<|e6%QwD3Q0Q{%d3Y8HfSANJa<}-E7^8gk}n7sHu^9jHq4Q5R7w^Gfm
zuqdq|v-$JIR)3b6LEF;&e>&Ei0YDr85ZNc!Jd;=d<KO!8!Z_uR9pyjo!~=)<^B4PQ
zCbvJHvOoXx;@qF+r2GFXaOIT9ADhRY7w^9A<B|SzRDo-MyiNaeivJGB|MLUYv%)zT
Yf$!>vUOovr0Q{I;vo@}{^620H1-WH;g#Z8m

literal 0
HcmV?d00001

diff --git a/windows/threat-protection/windows-sandbox/images/2-dynamic-working.png b/windows/threat-protection/windows-sandbox/images/2-dynamic-working.png
new file mode 100644
index 0000000000000000000000000000000000000000..8f94ffe3967133baa4ef0d2ac9358b7dc715f821
GIT binary patch
literal 18568
zcmeHvc{r49|F@PqX(1{VAvZ0SXu(vrP>7Iy8B$c%F?aTCQ&Ng-2}MlyT}e#VX%i93
zo?)iNlCeydnPHfj_q^spJ<s!dkK_IGJ>K`ZkM5)9y3RSz@A~<EzTeZ~?m0u9%^QR^
zaB*>MKBIfego}$C&&9R++4?o$NzZ$Ieel;RFB2V2u9DW>qu|3@Ck+D)F0Rs;jf)rm
z0-r<9oi#fR{+2h1VZY+y^6%tQx93uI<x)p;DZ6l~fPXk~DZ6qhJ9DXkKQ3G+z#mtx
z<L+GQ;Gvt;xrlv+cX&=--J^d~Og~iCI7;BO|JKvjcIX7j8AtCvbDdAiSKcT_-ZVze
zI7;3)M$RN!+B`zc9wTdV@1Sv%+_`9Qw8Br?TJV>&w~3)C`~UPmt|NKBY{9p9{?WDe
z;^NxD5B<NYY2S=G7nhFRnNu2O{^utKTB7?;v_JWFbJy23HHTZ@IM2P6wLMQ`lD?kX
zb~^4s!IAry9%!c1OBW<hOO-uPzjxutAQ{8j_zH{J*>~M*ljkdmX~b8No4bGAS={X3
zu!mdaZ_FCv;l@=ljil>-|9$;mv-~$4{{Kz`+{Gr!W_0kS@ym_5N2hB1b0KK(Wo9l6
zA5dSk+ZniPdi0};Jkj}8W=j396M5H~PJXLA<>F<G{!nujOZ(JOO?!N^j!~5Cbr#uv
z6wBQ7_D7V;r8-LE%@@OJT3kwJdC&KepC}!DXD6$YAnQX_shysDst_*cr`kVX)OMXw
z)QT%;mDi1lw+>-Q`_#yg%Gl!3SHL$d&Tc->AU~m<zjKsn_SW>vL~#CI`upHytt7F2
zBKT?;xrpr5uavc4PSx<z@dN{MfN7m0UE=Y>xlLC+h6z5J^WV@$Y-;H|Z~wTXG5!v^
zHtXAkw{42pe$V7UFVs(GQ8m`r;r(geU(ThOdqq>yepNSMTrkgwIxR7WW@`4Sy~TB^
z`wedlF8wvEKrw0~P~QjhhNltBf9x)@I^U*8-qGZD3_n7M@iS9<H}#Dsh9_FQ$IRt!
z6SL7`zNw{_gx%b%-oqTE&6ufu8~&Em(qpF`R@RhT{vtA7mLNb8WhanNF$Q%W2Am(I
zrF0ox9Nt=G;lD4Xvx7cPd}-wMb2^jHPi?F^%6~e$Q~m+vpO7}37$q<0&fB*rk#DqL
z@vV%U&w-b=Q)Q;Q$1>)nqh$=`uzAxw2tK^~uvo30olEom=~GF*<q0;LXwtWhTSaBm
z-*wLD;YdXx8z`#jciTd$ex3CVw0HebdlftUX^2~FGN{{6cxq5T-~IsUBHn3!3tF9M
zJijH~PL)_u+n+N$S%elU=k7MfZ)s`voR;2hm+mrGnU?BY6&&0*bhMDKgn|_9@hDDd
zkl@wH)=vMaJnk`BcVaBibn0cgH5ygyU9C7xyQ2F1CHj+lHsR|FYq8+|^S6l4mCN~b
zO1Os{O@GYY$&H~Ye%6>#bP5QP#s-dkr3e~&s8(mkwH`$f#qs(xzoxhm>Qh-`ApzLe
zA^0FRIsLtT65|`WqhIOm#NQPNr{I}9)o0O+TX_}V3%6yp?D2V**174soL9uw=KZ_S
zNyWX5svo+et8c#iELxg}qcKl=@goZBw2Yi}T#kx8^V#0g)yJPT;UCjkwum;ZxJ(Po
zYLG@42{rSVmVOYKQvcAmW3Z+CYM*U1@?Dg9S>>H@*>+k0y}a<4lHWUaR$BazinQ-}
zC<^h!oOgH$<6hk{d?t>U<?(H>{fl{Vd3xrxxuFpyyL@?6zd7aTu}ae5j?93U!=<>E
zf2!|Hv{;i=T=|MJL&PJB=Y;m6EXyy>&I|5OH1e#pQ_AQsJ2Uapi(ffXqMP{hlGntU
z;sYLn)%3JrFR$@4^r&{?6~B&h1yiSS!-M&ATabnR*K;s#vIC#{%0-j1>z*G)H)s>i
zBF>CQCAaLM717da5!8fmRI0w?0B?869+bSNj>mYoqS`=up<1SVE9GbLO+0eSWF&_Z
zRExc*`)p;AK5ZgYwVUw^1|f$F!Z!*#A@%7F>W7HMqseC`ZusoBPwBTIRPrO;Bv^hV
zrTk-+%y*d;`;|g{Ef>*bJ7JdwU)%n^1$v3OSAV*MLbrv-yKdie50bBr^jRy?0%b9d
zj^+y4({|krg%xBA=b{PkvIErxty&Vq;UA`fO!SF;EQECcA$mfIDqqatr&ZSzXfJ86
zs!CrJ5RPIg#^%^|%l-bpx?htHKJNGRt;`R4)AF`K3`rLW+-DqozPQ6_&oNkda(H3I
zw6=55bj4ZKgwVb<V^-(yHW9HlmDb*;>p!ncRk`8+e!g;0yQZbM)-eIsEMe;C<9X_Z
z$8Gi`U0-DAO4o*{&VHnm-?3_)N(}nL(84?IT63JHgrZlbTG25N)X+dzU9ENhi|;p_
z0zD}qCq1_DSx`lMDR$v?!EJZteO(IL^80LB1LBl!c9za&bvq0=oxSFOJW7;Pc95V;
zA}OBLcT&S8XcI5WDe}pYFAK?$!k61T8~;WPuc;`>sI*Zg>*&_H9la}JLvDyhHn$;_
z9cAta7Zyv<bF|0LZ?FB_hx8jHc5cs#?l)Dq=_-SM_alb;y@v=0FUM<pr32}GeT37N
zW}=R5A)X7@1f6Qic~t`&3XVM^#tn(I@Vj_X?2rWCYu=xePSCqQv}O!=i`sbBOO&t=
zA_^^tIQn)wEVbTu5-H?@b{(A1R++wJKPf}=D9#uw`{7XbQ@YPBv)5;~Ue17eJOP=W
zniXA}>yDv5mNQH1?Y8wuVjZBnn<!7-Ya*7HAOB(-Xd+`ne~^l5@O<Y=X-plv@?vsR
zJI#S|rna<FiqO%;mliVHSE-cYgO07p?2q?QI!$qyxCcVmk3tw%%`ZRTyKSP}eB6fM
zhT8xjs<cKRp}$s1&?S?+k(PPTrd5uxU?PK{*XA4V-nyOpJt33EujEoTP>V{^5nIqK
zbhf~KwsvyPjUt~*pCINUBKuWFWvUDpcvHXSjBY^GPu;rQ@S(2Xe4LOx^v$UOHSxUg
z#53M!I`$K$X4uZU^2b-*(YQc2N=)MBz=)&GE!q5pF^s8^``Y|UiXMWnYP8qebT>{U
zPPouV=gSxGBJOdVn@q(I19!RNX<h=6EE?HstL*6KDwQV|G+$ciBjNX6+d~e4Bz0RY
zgra1KIjrx#ZgRq-`=}_Kfsu*(WDE7@bYrn2<&i$fx=#61#Dc00?Uycma)_wAPAOR>
z)7C@7-3L7AnW4UHV`9hd`$}&OsOwv<c(>yaS~5zJsk!vIEK}KmvDqteDf@#@_qf;-
zD*Ly!98ic*evqgdo?4mP>(yS4Gdj^+;vn%t&}HnS<-)e?t%M0?pc`t^uF#k8AgG(V
z^?(f$<Yoz!A|0&W2zJ!O6BP$kQMYmtd*H-0rdhiyA-OamWlD)wTwE5oEp;ev1DV@C
z#DYi^M%ojr6=-$k#xGhY+h>bg`nS}s$v0Qfl2Pbkdx(r-W?skVbCA3dX-==;_h@Fh
zzJ2UpVoY8i5!K%>bXmuP8(BS0cqg&rnis05qQ#rwE{Dr5mM5+Y^dca~`w{2;BC-R!
zVvJSHJkn;j+vNtMMm$XwGCws=Sk%gR9IPnz7k=zLF%jSTys&?Li)Y*CBxUNm8R>}u
zH#dynY0FNJl;`R<$}H6AT5ZHqY2G5gOV@O~PE|D!3GNhS&!hd5%FV;wcW@eCEPX|7
zgvdJbZ5NW1>9q?t%<WxMiI?$49-VaSp|mSKA-T2XiiOcsJhH(ZM)zrpE<2iBcht*-
z<aMd3wx2CkqrP839i$bLeRssz3`Lih_9=Cs$}0O4E9(4($6HY7QZG{830!fNsdT?g
z|3Q);Y8zkI_}z*tpMCmp=%T1OQby&57Kg$_`a8$_#S+AI`|Sc3vdYG#5t?QFUb91n
zs#7(3m4T?WNc0z+GtNND@C0_4*q4IJJhrc|g21v{SfBE&(j8Zgo9GvNJUh|yDWYXU
zsju%csm_>cXsI61dt&|~5?zTv(CZw~9^r(JR)66K)t2+36D2iv<GS2Q)$P7&myW>n
z;94PBPD%49dg5SYt6|AcLW*0Vnu<G$fXr0ebEm<~uO-U71COe}WoMw#w=LW){CbrN
zT3?vcKh!S_Dfb{XYMsgz+oEL_Xi?>HtoW3aPv$5}g~-$$Zwj?>Lh0COA7Ov$Wy?zb
z<e{`oc|Y>q5%Z=2H^(?7T5aK#j>Mr$i2Op8Zy-hpSDR64(!CXAqDh^Wmo6FYhe-K+
zhE!@z{5CFX?(|vNj`?#$-A(zHC)$IO>QvoaSJvu^*%n|pDfD=vmyv9T#I0V@NNsnS
z$MEelPWvr^d8jTg!k^Z<WmXLguA!;6i2Ja=<qiML1FEKPPw5h=h$=WLVnhGX<)@}%
z_FJ1?D_q2|oO_Q*N)YyiGS0J&C|gCNopJhN?jF|tH!5}B6`R4x0>M#>3L}(x#DA|W
zF){LaQ&}l;&gXG|?s)U}^hkgP`;eHj>Rwq?@RZUqrO344%n23I<Mzy7;bIk!Pd`v{
z82KAVZ!H_ROtN;W#+0M#39>#9n1t6zQeCCk(Iimo^6c-_nEN2)yDN5i6ow!nAGxK3
zzr{t<e9O=y7GAnv>}}g>6g_p)|5OO26znkCx?pj&Tf<{VDspE0<#RM?eN@Km!0z&6
z-jZ(YI>d|aD_6tgOKOALt$h`_Evk9z`f~Hs@=-GVf&<qaM_Ywk?4t5p6{JqkuDF_u
zL<SdD4b*2s@d{L`8lVZn`P*>ia~aw!HCLzAk8w2qSwi+iFTQc2cE;WB3(oyrafTOK
zP8osJscA9M`GOaD?1B5!PeC`DXc;QbC@XJY&(roDDx$U2ZMZJ+g)1JxKBvk{2Q0$n
zBTC4;rIiD6p4C5*vMB~h{nJnCQ<JXDpSx!1b+#(F3s;`h9dc^Xe&|!_h5>z`mXDd=
zfhykM%Ol;gRS~}K52~Z<db9J@av5QWdTr<7;tWC>Q^D_a578Fc_4%R%8XeVNdbh#7
zBF#TVfjMDJK;{2bRw`6>7dCh5D_9s-UU+n-w>LZbrDGf+aOBJ6b4t-sgq9<Y`i>ww
zA+=!I({1fO(eN>w_UZ(AhXYBPLFkc2<CM=HSFW7dzdbqfMfsP2=`?0+?*Rm#&Z#c`
zF71xq?RH%v-NRpq8R*j81n=7PI<HzE)=?vd=2+y9Zl+72^JG(6!7c=?Hb1jU%Oh>K
zAaY`|{}}C7N)6@fjA{Yd)V0mO%Ok6$fRG%Ncq_vVUBX?VvmD{k;ro0rL~E*2M4e+<
z)!PbVA35a3vdI+6ucM|ijl${t$RVQVNZ+vmJ6fvG@Rcveb|<_`E2vg`*)PqTtjDQP
z@9Gll)1Q|P<lOXpn^6`o!)O{vPsLSOOg2>~r=h$m2V$&*3xkh}nz|3ZC*lS?R8Joj
zvs8?x--)oJMEbSTOK=fl=Cg^xrRDvJ!ERoZ!sr9Z&DvF8_y!P(+U^Os1%Q)-!xdhY
z2N!6>-g4SdcRD}1EvQb%JXjCF5tO{$1MdgRWVhL&X8xJ&{!H|sO?*0`nl&yjcq@YF
zkCbLaw~%=W+Fg&7QtC#@4e~geuXFvdZ*^l!?bF^A0?4M3QkfULI(tiV$#Q%pq(oX>
z8Qf|ds7Oq5?(ls#(H~!N@3?Yl#?$^<mAjrg_i;VirTb}FSGLi2glpFihn)RVJL}=u
z*5}MeK&F)E*65f`1|ow;UYe^|5Dx^<hdteW+mot79m<>qxpSjWlkY~Wy7l-1{C^oZ
z<6=4RD9}?vtee5<E249Ezi_HWDGgM-*k5~~DtUP7YjN(&V%{%^nY17LE`cry!UUAh
zT*l86P~c5Gm$y<%DVZmWo%5KOfUw;+E+x>u6oGp?;o?-YIodAW=a}@}>VnDMcx2c6
zzGOp~R#cYPXdCyb`DUfPxcKqQ-R;3$lhf9+6V4>V;+jIDtx%;Sswkp``qI23buhZz
zScyKcAkyyZ6JuUZx1*+}gf}5i`wiGWrcQ`NI#l<UzsP)1s~4<6?hSBo90Qeez;;_O
zq1$1?8j#d--1m}B_u%fQMQZ6a=4sA>t$=;rI}YI1J0UPhi;o+vdd=u+V|y<`tMIsY
z!h&O=N{!2SL`ggp^zs`Bs2*=B-vQt>waECAD*5sV-_P^rB;s}(lx4+uVF115<;bs{
zGk{UtXLzR+(=MMF(>>_bYFPAB#t+e!5t2Aj(z#*!eYd5E4LZ?JA7{)gYvn79$)lW8
zxA`<4Vmi}H)fy_!s8*}1vMwJH-X=29ro3BtcK~jp7}tvwd8p(`>O01|!{C0<@-{ui
z$nR%?{oP<0^_v;|Xj=4l=RjIn|8~0};?Sp>M`%+cVtkA>y19k+$$U~iMk-pGQGvCg
z?M_(`Dd_IgO;k02b(wBEFBB+)XpgHbrEG2*a4Ie@Ma;Bj$04UGw)iF1)?cYCbZ*U|
zy*igkcbN-GON+GIQTv{nf^@%ir5lb$cPJVQ`>S``OzKY4`VP=QGi;0Een*g`Tef`9
z%SI3azN7x>wv8qfsSaH<t~AnTZY?OD`+-1NIuDnW$NA;>ju(nursx&d?xLdso*@s=
zN+Mc3Ek8dtn7EOCdaC2sgo^5pw{ihdV+dTo4Uv8TC8lg*)c0&?{9QzeEBe}a`}v`X
za^vxW3Yu00;nKhtrRL1UNlCw=D5K=&xWZ0j(F$ol>3qzai!#zxJ<*rF#v%Yow(LKP
zh%EPtJCU3kDAQy|KuL+7J5bSVcR3I+jN5{>d~fM9v$mV6f1dUr4!FAAb!j2SM|Zv$
z9(>mnf6%X|&Ebo5%z~?Be{WS&a3uLt=X$d5gNi1dx!KmCsV-Fus>k*gBWGOqz-csD
ziqTX(SQ}3CtnRNw;BI;v`6Ojc$bhq){8F_jap_sC@qv`w5r>`f)0cM^pL?h5iMY6>
z@>&~EyV*ZZ{>SLnR%gX<zd?`n>-~2;oi^WD{OKKXH5j$yH_Qts`|ER2b`I{~k!ovk
zql{L*d=0<4llwr2p>&77_E)q9um365x*EsWHKK9&RbcUTok8>~<#oru^3MzZzxTQt
z6A~Qs%W@7;dqpT2>rEwjTj=qsN8_<fgQr&Eti|ACJgg7~qW02%yzM1p`E;3jPaoZ$
zl_=76%9dnqsYyIv%FCQrW;)ks>pon1VBSb#bN^i+cF`35R*d?Zfe}AEt$lBhGJE{h
z#;`E!^*ov_!c%Qe)kj6%Y%I7*eVUEapt_y@MK@v``tBxyK80Z^QLPoCVh?Q;*T}mj
zF~>TXbK)=N<x$kR&HAt9_Ysarpx@~-m4kVItrov1s2O^0MtgDQ^(CZkWp6@A#9y+B
zyTEzRLP}zmcVJz7elYvQUy6!RjAB(QYuWhuxfCGxn)wu|+AZ)FTLrAtcbKMzhAbMY
z*N4Wv5T8o=Q1MZbiZ;cb?pV)LwnZR}mx|s;&@3?hgg3I0&FtOlZNMaSI(=5qd?OpS
zHeHLE@}VM@ysfiSL9e`M$GLF<p}WaN*f9yokD9t$Ts2oy(TBUFerC!kW%uq?xG%<-
zL5OQaz!LKCbmHq@_Ie9O*lF(Q!t?NGE}2Ount|K7Bc)ZdRR3o(<M$Wl8;#k5Kw34j
zgDLoqgjnT`MFZU}f5T^~dH&w6rxRbvvW3sN!|;<|5y9J-nL_mv=Lj!OCe@ndK8dO7
zec+Jv2`HU7m<8*choPJNJ_h~n6&*c|TQb><_PIZW04G`BkB3FbU=8T|Y+&R?8c6x_
z*qO1foH4w^Q56zFPAT;kd`yXY(#rbCNCT&IU>N~LYxN!--G{eg_jHD>C6gS0!FBB1
z^-A@fCDms~(3+tS&g;(2&wzie=1q=0$wc0RzX>T6yC-YAfF_MK-_hB0K>YQcVF{hz
z?+u{$*;@rPCt3WghsoOf0{5IbruwaVqmIWO%vOOg1x?MxNv6ai1(y%3{`&U6?=#kx
zJsci3JFqYkgFywe_et*5U{)uQx6K;wNHG}~sLErtFe+m;b*;dB)aYetxulNnvl~m+
zFHz6s#7@fI<5CH+Tj~Pj?O$Pin8(F6mi$vD*u1j{igAvyV-0oJS1yn)Gy6?0fpb3B
z@B`;^BxXHcahA8{o9AIH3LmoLfMzII5SVYMAqMuWmrIW%lVm^e<cEb}uktWSY&9~&
zOEYu}m2%z|qqY&ecO#Q*F>=}b0wK2-Yh}~b3$wI!x4`~$brs6C8Ra|R%M*3Vpu3GK
z6&CieE(z&K0uidDAbx{^dkCrAgEa-g{(+A<57~E%fC+>5EXO9FSNwM{(U@Zu5TnUr
z0<>Aw*a9#s?4Gke8(hh#Pj$<&ry1Hg8+$Gb4eQbZr2ury4|)Sd-Gb$8&k2P=2}CTE
zCuLf1V!VZKUA5wEa$|2<cIbnr>g<_|w`mT$Ruoh`F6rJ=QmppoF>%w1iBQZ1^w3I-
zGHsnbb@STkWhLtSCD$9XCt=8FUy%%C#qjO06Tw>r{t1PhDX-sgfLecKUE#+@;lsa}
zDT@ac6eSf#7p!}*Ac~R^p-U!$qaugZa{qDX$JkFfAa)JU!3S(VYA(ZEwc;p)O+3_c
zw~eOyo?&YxpzNz-sW7)~e6gb$xWUepJ<RaRzb5|eVcnl$_rTuwUS?e02S#Nb{B8)O
z3BQ5v6Ap5gD_SM&Cv2+@)1KDCu=Yvn8f@g*Ke~X&7#NKHrz1h^LSEV~(AthGZr-w<
zM_WPcI42FynI1M>;NT5Nbsip*c+EF1jD3<{PtC+-vJTRoP`zMVMg<M7n+90rY^Zyz
z(ib(AH`WF`1v_$*I$~tAoB$w;a>Bxlz&TQ?;;+}kAe2)#1N-=A1_LoRqG_u6X8$Om
zn{ZP15N!0kVsOw0CD^mFAI`L_=fP&9k<ELS43-)?z0h`5VOo1r5PKhHqXBrGgAQRI
zH&j5c<zR4L{=@v>QmK^<qQb-4B1o&mSLwisgW6uL@TW^Qhlk0xBk=6q`++~&Ygzs6
z3VMO1_f{ZGh?mD6ge#O401=_6VN$WPrn2XXXSpG(XY3mrVQ6c;u^c5>0Q2vJ(;~w3
z6ILC=(o?Tr-KB>)`5WFkFX+x437!EuWN_+&cg_=WA9>cunaImvH@N}`pWbV}=^0HS
zVWPKk%-Xvs<=iw7$+n7k)VCaJ2D-6A8+h#Psw)mDM*R&=4I0eDM7Cf<Z`Uv-n5E|9
zCU9IYL!LGfYx!?mHWH>Ncy*LPMfso67Z>|WdN~DdNjWzX*|*1;KXQxhE3#m#0>ml8
zZrmIemh^|;qNILK4=GFj!d9&K7ZfyoPZOs2Hy<d9)&fWpGX1po8e6z7M12gdYfBh-
z&QEts)*n6u$Ig8h!DECYf9nfU%M7jSe{G^KH1@g#h^1j8jUNYC{M=>54EmxT1}ZtH
zp~@B(pcN{~u`h_Hr(aAzDe$m&p$!Z&|0Ty-WB2Hh!qz^1!WwX!-lp(0ooU6I0g(*q
z84QNhTWhTu6$y~jIZ)W!FXe2yx@;xaa_({Puxq<O7;IKfIx6{W=;Qqk*E1-<0l^tz
zTC>XUHfFNUYyh7)l|AM7U#j;m{#&|<P>jkZX@6<1j!ur*O+}YpGyN2QcyURjrIgG2
z!Q{_{4aG^?j+`e>rvI46qbBN)0G<Go0WvdokI}Mj-P>lp|C)fYHRxXw4;>zcX!mO*
z4Lzx$@rl3Q08F~iK%*`Em(I?=Ey7ICIAw>e)F0wz9!eG^wtf8FTFubyAdL(jg@*Xf
zN95x)0-u3`DD>zEFDDyocL@yklpJJP1qegP0@aY-dojOqC3-svzjPKHwnx|<fr&(b
zykt#M9S_ejP+5Dzs55QsiQIhL4TmItP#I6M0HgR>8~f`#3_uVQ5yrC?BUibDQgR+*
zX8-^ITL26rKt{6W5wsCpI<-M<@SOkHNjP*d`<p(TQAe|P1nifrN%_5Mo%$PlOZ?g3
zk<YBl(4vxjkak(b^*m@n{2Jf_fCNG^t7>=RD+HU@Sqhy8%mwBjk{Aqe#khHEXI<y|
zs(Q_?JvUfpaC$6O4R%?tMxD8#U%{RAIS@{$c>+QjyGJqvbD|v~zG^@0W|lzgg{hC-
z4qs08#Xf<F1HjEJ@$~&mN%(Z~f^>ecD$E1{d$d;HA#giPY?P)NwstqDVqFXTf_7EY
zOI*wp;$nJ&0w+rBkXr=)ImN8D97z)Y^0mC&Dkq2oig9SwH6;88l4eHiC)jSBGHz#o
zJL@JL<~K02-Fhpmb=E-l)!luP!2DzL>mx^qOB51LG)eJv1SDj}HBiYSeI8sN)OP~*
zdcY}0z@lEv$_INSy>p>z$N}e4`i`Tdoz+X5Gzz~41+7Q?+YGzmb<%pCW3EI{BOE9p
zVWcXLTTsaZ+$C&nev)`Py|4T)7{6<+R|lYf_Swh^>k133;N|%`^);g@vDdeP(5$sw
z9pE+0T(Jizh_wM2ZH~!-TLZ=<7AG5*eUdSJ5<vF)T7S&#KYZe+cM=_Ai;TRy#ziZ1
zr4BGoNZ!j{s_c9DazrePRsM7e<A~%Y+W=91j?t6mB>KHROX0_N>cHX7ke0mn`|WJ=
zxt>@5gG=mhg?;{Q@~t7e$ilcKYw31gV%m~+h+jO$F*&DnoD%y+G%x#&Hu|2L*zm9^
z&JM#-fF10UTII8&*8O0jlu-r5)M0*Mr1d83k2O{w$MJ(p%vR`{gq3;^-CB2Noi9p5
z_mwfH2?%8Ji|#C6eD1g#>;UW;EFh4RwPXou!CD0cSJc78%~_jyR{9%kjk@WI#f?`B
zrFg5uwt}g}2&L^YBmoZqojTTfzLG~v@hxHO#Ubd1B<vZEL*e?DwD-wp4L7$^_dO_G
z(0Nq>rbQhwaT331IHkNt@+%<LPoIX4{(89NR!~ICLgc)Gl*|62&g=NUdB|Lt8o?!~
zi>(w<h_9W|eVDkMuetWOubiz^X9Yc+0${~yy+{G;>M-&6ThZbdVKCY%0D?W3cG<Zp
z;!*zm{(3nHm;vyvx$MBGDBtu3&sKsfyW0E_1*gX3WQ;3^)I#+DcnGEY@KGJ=;7w;E
zz|J&5z@{2%IN6mrxU!BvcbCzCh=MDPgKVyvZ))6n1atnL5gP&wN+XZs^j5*6xlvZ8
zGe%UZ7a*n}6?0}aeRLnDK$`-J3@X}~<il3s(wt!|=7qckfG#giYh)fCRtYNhkvp{e
zyWwVJAkx4fn4QByy#>2~KAXxqYe=d{)X=_iUm$EP)HU|)&B|}S40h_{uoG?KdeA2%
zP};_4QEs~i+bCeR0NQ;{>FbsiZz=YDl#D5mPdsdOS(|u=)3Ztwu^;LwUqKfEF=nWr
zE2``Dp7vK%WOs6a9JJXf0P$$Chtz`!HtRmuu^z|nfpCl3)FN8aiN6YWvgxXlAB{+D
zRm*QHJr83_?=cX(;2_o_#143QHbCmFhZ+wk_$%6iwh1=pVSYFdM(vzq8L$NVG()u+
zN);g`b|w;%jeyG~IH_$IO<^DmZ8^9peQRw3q*xdU;{ov%!bcs6U{m({yKs|LEdDLr
zkQLHN9f6J0zRk?#nF;&->qg<vSf~w`zP&bKKInoQ)ApL4(b7<$^rdIIqE$ZT2jqU!
zfOJL4qNjb{G0S@NOgFh?qsgRWS2;e~uB92!mGgs+{Q<>v49O;;<T?Wp4YR^G3z>ra
z?terMb3TS>Rj$a+VxiuFt{!w&4fgf17hG2q5M!SK(;S^HJe!1R=X=w$>=eeFeT!6W
z_F}PWHru|t?J~zNXQ>j4j~VnftU6mP9`$IcaSSl0#h0kF=kfS<9Z~yC(D+l4qo!n%
zc%X3L^F*lkXWHue=&_%SwP6GVvY?iRx&2g39;RVX<e$>~PaNBT!GXzUo|t*&h`!lZ
zhGII$KeY5~JPm8eqy>Df<MV@%mlqFa**HHh4=JIab+p|B_h?lileMhcU}|*83==sF
zbIK-hanLi(S_pN&dPN<9a!AVJR#c0+lX{2rHSV(&w;%wJ+@G~upxvnSB#NnWdYzst
zw9F;(x=Ih8Fy3+r={^|svyIal!>dLaGrNTzwr^B~yP?R-=f_Aug+pHiVNA>w5)l1|
zIWM}KB_ME#Q@Rg#MH<+3<Bj6|UR^@M;~Vnv9&F)9vxuLs?mvcl@UrK9QsGoe+jB%b
zsuTnfh?{}f3og4(eS2i_?FJZ5fi+c;ms`ms?0(Ai4;9dC1`I%4bq|$qI>M%7dsc<s
zPlgs1>_}l0U@!?aYru$#Ly$n#%D=sq)PqHchmuHt!?TnVN&iSjlS%d=)aZxq8>4FY
z0Y?S7Wu_H6Hr7Vi^7{Vca~${@Ey1QVk(f8BKGVEl;gS~-l5@4J#hsE?_qT!pK_m&o
zx-ZEwr*_5_48+JHNEqUf<k@GE`#a$=g}f4g)TxF~SZ@n7KkyN}7wF3JZ->RikTBzm
zkLJ#{y;%!j4_H56E|F<7jZ46bTs)J;(FCrI?YumRS!F`Lq6grU_2(TrW?5FhXh(x(
z0*`(XtOnzj`;TKibe}0iCDYET-`xf#9*R)6SDL@~Nq5v33B8YFy+)l9bq?zQOJ|in
z+PKWgT0p{bS|f1!0F{KnV__SL9S2ATEC~9#5tR<3n|}crImKotp1t@4J~s!n%CRQA
zJfpc*hlWTP4F5q`KsU*Ub>43oeoo8Q1I~~F^CDB(hf~ajLVsXq$Z1WHmq(eUCy!WF
zb3z2*`ty(y%JH$0t!bl4t8VT+4k2ugUFfyp^Hd7!DUm-Ol^&OOoHO_+5PuCQY)$*G
zza1bAI20{j?%OfHOa}b|=h&!IEdcjG83aqa*=+h(HoLd*;cpkqB|d5**#{NxY$Kkn
zsE0BlL@rBMV7DEHb;KF$2_Uv-D~5gT==c>$j`egq$J@Xx>C9DT<;StSm5uVxyStXL
z?1sk9d{DlylBYrf{a~zgR~UE#nxs@&U3tzDIpQlCFvE#;03Kkc(h#{l8+I=(2`tUe
zU#wN@h<%PJx{1EBY&sBDx(G?oFEH5bhD&ivR?$w3J^$Q_ef~N9{>zbnb1ujZs?w|l
zBfAtVPUnp7&ia&oyuefrVV*bfS9$#iiv6HLKx7&i^Bcc^g;arO7|%$Ux=R#{c{|9*
zd>~`kS}A~S$twO!_Ru{P{K1x~oK5+KNd0yS1`<%V9%yMYqy)W#*&!0%@XDlV2kQWg
z?E0HN`9bVCzxm8q{3CE^rzIF}(jQZ2qMaDsO(IKS4-80_8Etr~c#XX{uP$x>3R*fC
z&MA)o7ITQV>6Su7nVM4ADUC_#NoRxi+Nn$E^TtH}oLcMT0L%_oNi(fCwHWq%N?8bK
zbfIyDo$OI66FKu}-4g0?eC!d#oF`b;K8N@73Sn2eT5W)gayAQ$r9o3}iwT)zVqUyi
z#skR5g)G%MjNse`C<yO%!h_%*ESCJz;WjWcrw1@)TDU%A6^Fw>1;%A&+)Z{pZ6x-z
z$dXwm>vN14EC8=dWTy>OMb<)Fbvtw_fPkoN680IaD2UlZQ%NC#$@zu01<qS|faGdX
zX3p+jwBd(<cfPR{O!=uZ7WOm{CPkdyIq(xjy(cJV6%cdTflqxx=6U}GI-b;qw8Aoo
zYv>-A%)&a{aMmMX>p&fXMxWP8Woy+1^KNHDklU!a9?WmjKz3ZqVSXW4EtcJbhJOWz
zsOa4*UJ^L~ywqdLxFJtk1-uH6-fXt#09E2{#V+OHnxXS}c93i^C_P=Agay!^sD>|S
zQ&`FyFpnRI{U>*<jk{yX9;zdBtSMW`VQ>MYC4{hJZSk+iQL-%SZg{wA9R-(vz(9fT
zgG<!Km@CF6JM0270!j{jkvdZ!HVa^K8&pzuq=W=59-iHwnjiq`1=KX&-wGlPqaMO8
zof(;VG#EBs`wl-F*U-bM*A_x$ISKeqeALeQMk<GTg2nhZClw@9&E4K7QLaOI22rXU
zM)3n64`^k<%}0lwI$lfn;RDF3uAD*p9CM@$_zlo=fSUoW>SyLJ<s6ZL>~R_zpBFsO
z|4>2hiGZxmA)K+Uy3fib{e%RrTt+)iwH*O)=)I#^)}SIEBYgPzmN$$_wJtzs9z3?g
zD@`=}Efv)Q^NWBlfq^uqoz6OOuBZp^lmp#qz%-^@`YclzYP&$}>G?eAwYjgX((&jE
zn8zQ64(Mq+7#w1bbpb`&d2m4l_}+{=BHy@Ots~#QZVgB)_|ky{#^+EfQ2am*-FrNr
zn;HK=QPSNd(3b(sUBIE@W@SQ9kObj{IrI`3ZQU429aD5SFyN0xJ2)IvQXSk_87WHc
zEW)ri@dQ;`_j!SQU%CPz=`9gN5L*Dw&odVqrkToCZD?so9%vkNxC@;Pap7ec2(4w%
z?^kzhV7NoI5aukLU7QCc8i3sfs9s*;;#bhAYg?Dm?>$8wduy3vblzm0(euywMxf)>
zS$6tg%V6*UPC5d`lo@FAAb#ORrNmagO`@=krLF@vf|`*u$%#5Zm_Z{5R=80q*$gJy
z_N3+9I&c(+to(<Ay6{>=7GlwOo&gbc4h6}#xCL}}z9gOnmu&LM!xrrGbs=N6fpr(o
z7{a~I|Lm;dy_J0BogypdTV%~xL(GGd2;}2z$<u*)ZA+qX@<%&k7`|%(@n+6urMBwv
ztR(S?zp`OG0`&^0W14wtVF7B>09dJxIG9enZdw5|sL<YjJWYp&jL;<EQ+-Y+9`zD#
zMhn2K3jxiIOqlCI%ka5TCz|RN48CH)L>`v}@CdVzsf9Kta9auaF?J8Nh=eJ*3-bUo
z%Y>yE0Fb39`A}$YpZE><703zD#eC&l5b7yPf`B&V<yoq#Hme~xjaxhfvxYUdfDlV*
zu=W&40|`<9fcze;em?IukTvi<B?u0EtbLc05C>$t-$HqILldm#;M#JWG~&`YjTICs
z8>ndE<t72jF0d`!7Mp2-i_hJP@MV#J0F(}c+%U6RIj&3U031^wae!*)*zb)w<rv)h
zF4-Qg1wcu7J_>F=S<E@dpD~`Lkq|<2Oj$KHQh&XM72~N3g$H~?3OdPMB^E4KwT|E9
zc~bq%@lDMe*{<PhVLzGJX|{`sp+Bqbg0T>E-38(r)q{(I6Y&?p#U()dq59{Y&%XXJ
zay<ZiqcEL+foY3%)t$R64TP;ohjU&3WX?VU2P4fk4FZ-POFmhum~F}N#FGC0&lSH|
zaE|$nK24;i{cqu5<g-z?<h%ve1LOpB6z&H<NMSdv#9~mXi>uX1CgDz;(P>UO(3{6*
zW!?UZ6A5q$4s3;j4gj?oeEk72SknM9Y3aVsHR4~Q899%fzqC{tq5InZ4CW6jk(nP7
zh8hB$sM5V4>7|f~wt;*I-=U7Yt=LCss+WWM59|iuVO3|Q?H_@y`qRO5DE@b7Kf&D3
z2s#2sDfLODL4wike}(<r-*4*y@<YeMMuEa$+2r6%kYbRw|2vca!6r_eb00zj88|+D
z%3X|=!ES;e9IXnfmFZ@lip0SOMk{0nG}&!$pc-Hbns-pbzC)jv2@#|XEE62&qO(RO
zc^JYcxF|~{f-D0APJoDj!u)Y4=lXq}3^+6rzLo{v(f8y80L(yh82sQ)As<6HG@ZZH
zex7gzdA}U@e1v3onH|*}0t=ag4&A!Ng2D%XeK|EbZQ?dSHUxh|5jbUq^1vXWwrlw<
z1lhvcYTIEufI6~NclPc<#-o<>oCcQ_x}aPpx65!c2Tpe%6=MKq;5;yCHxW5dF^!vs
zLI!FcZg#i9PHn`AF7;B&x^fVH3F<&P0ZjqAay~C3yQp`m6f6@wjOJtPmja%4hJTJ?
zn?78@;km&dhjQ-VZzjNz1hfO4ZSmgY9G@?lkhz}FM1o@mz8^3VDTfq>d%)IkaNU&<
zX$ROcY>vQBjLJU{Whp3@ei#Gd086D{CA#6CLii(f8yIvn>kccAlRi`iT?~BK6eO+P
z-PRnVicw={o^TbjU=PRqG@6N97_t0$<IWYHpBJf=n4$PaQW8e~0|}Ev=N3p_Q{VmI
z{BcQHY~^rS8>tMBVk!@Ow}~mh{166;JiH(SZYa(=#1dXzsJ9)Yqy(BVg@bnvD)j<@
zsh0~{Gfi(%Enr2dZSoWrHD|v^?7@&8bM9Rw*Hv!r#2?-<zc36URWtMqSh2I{VdP@4
zS0{c-;Aa0i<a~-l4>Jyrj%FavgA-0Ng}uP1*6s&su@|5PWD;k21qhMX&~}?FKAvXP
zfm>t$yBZ!hix&+_$5@Rdgbq_!{%|Ae2`j1+d~$LFGq6Ko!5S)>vm6`)Z?{fn_-_me
zkeZrzdvLEUSUJ5u7@$!mD=G;n1j+-XUzuX|e#wVm0Vu1`^2gv9c)Oe1A?cQ61!gfF
zuTlrvgE-X(s^wuE<-n&e$?dSYmX(37W;xrvj)0_FlJ!{vUdnes4A=&s&fY&PWdMe=
z`~Fbo->knRD=_}H>dBbjrd+mE&TQD)c%Y2cLwC#~lNy&L+7CHE_MWC@=v5%4oT!)>
z;Sh5xYjNZUn*2T(C^Y$f?{UpHB8M7LFOOiJuA#Px>Di{mg6B=pa|7tP`*RU)=|V>q
z^z^yL8QqtBK;oXW73!?pSDSVd_5!`_;x%}9aBueDzD2xdU=Nu{xm^RUs+36_T+f4e
z3mz}b(2um#UAi5E)&S2b_V*<u`+0Bn-=>HnF6Nnh^Na$@kW|%pco4w$-vaj&nuoGG
zUj|8FNd5GE;IjT8Fv?u_>nhuf`^mo|pv6_-r(a&~2a=GE1-v<%qHnecEk?+F;1`&T
z(C~OmH>h}fR=ND^E?|H<^kV@5k4W$oXHfCTMSU&w>|nltz$EkxvDrefN%SVP=?iGn
zqtK@D_)6WO<G^KfRq#U-VMxbV!moqzsQ2WXkQtEcWW>J_fu(~QE~S(*BthgXM1R)P
zeR&*wm+|9HIztvb>fop;3PPD0Hyc^Xd1lIaCI+5Od{Dygo^k<4<fhv3@bCgtpG$K;
z+7+@J7*vYSS~HXzxXhcoL!Nba<Oev_(C<ui?AO)ct6hsNKGJ-rKr(azFNN}fbqf0l
zXUnm7fD*~O5@Wxv1*_^mDBUX2fr9w^v%Ql3ulL|I&?l!ba<gY4apw|*I`{?pFT@g_
zC}mhl1s(vW@(cWe60i7!5_?3`2ue06{Qn69=|;R@uvujju-gl{yW*0^fU7lJ&K<T8
zgAzJyEtFCkPS0Dcf}t!J-E>|vR0arTcDqX~<n0ucIEF*_cWQ>pLy}G-*xY{^X@lK0
zS3`;a<j|Ml6CFCheUCLky7+^5xyZUOgxIYv49*+27tqrECmi@`Hm=?(_}Ge=w?`p&
zyoL4_$K<YqG&vOLe%JyV4MZxFhol5jU7Y^vkUu^J<(}><C{u?GE7+c?qd&m+JUr_5
zO1^{^kuMBk?_OUF_A`aPHwQhs!Ww3$iVac-5|Uq`6x|B$7pt}aH+XzM1ca>Td<)nF
zim!d=fsDVPsH@?BZ&e?<Vv~z~mlm|XA@YCR1_B@sjtK}X0)-E`Ju?}714VHe$C&TI
zUhO*_3!=h)f3fva3T9vEX2<~dE^CIm0m*Y@J*V`AVxgp^hyl}Gh!sA3G3}$7u<|s0
zz~EuWR)NQku}FUHv9D&2N+U$(7ijBw{BLM@G<<cwT$FK=<$FE$IzY<J^U6nvI|~oQ
z;Z?yU7I2gPx*UQShLt4<w6g<`Hg57XedAq?e#tBM;<d;$jt{?{XKvfg{)csuhL2n`
zHCQz8vk+~E8jDBs{SD@l_Wg5vablhLD(r>Wl&#vtK&_bc2#IN&82B*<$5`Q6;!nq-
z?`!7?TQyg=9%?+e;fIk5*RH~2S}fmN;O2CbXUe;`38fLHgJ>sk7YkIPS}NGqI|><T
zv1qqruM6JnFN#rrs{Q@Q6Vt7Ead@V<<dgS%5aVM!IQJ9L;eTTSPwAcnXy13_n;QF|
zUh_F-Lf@-Z^Mw7Ht9>_l{!n9W)gB^Uv0~ZXmd1<l+wZ{yp4NSJTf@VC=fg;QvF2CI
z?LCcFd*5yxL^pKrJgMuivTpuh(He#Mw`isJ`h#ea$ssF#0nrGJ5Q%#xcjEBa>#@Jw
z|NGlD{`=cC{`=cC{xA9M8eG>G#4&5Q{z0&r6gD@PZ6<d#ao0cKx9@PBIc<2VMDs%E
F{{k+b_0IqR

literal 0
HcmV?d00001

diff --git a/windows/threat-protection/windows-sandbox/images/3-memory-sharing.png b/windows/threat-protection/windows-sandbox/images/3-memory-sharing.png
new file mode 100644
index 0000000000000000000000000000000000000000..bad3e1c0b38f14d040f691b71e4771514e48ff0c
GIT binary patch
literal 20533
zcmeIacT|&G*Ds0{6$J}LML<Obr7Hqb6$DhObfhUALzNPG6hV+GN)-VS0qIhMv<MiG
zE+C-<h)4-N5=sbZX9e8bcfaTR{y1aYbH^R`dmTfG&okFrv;5{<bImo$b8Su4LkCVC
zU|?W4bo<s#9R>zQ1Ovm)kNb9kCj-rDYT(BXcO6wlhN7-hv*16w?QUq?U|=YTVIn`+
z1K!=xR@YMo&qZ`%XrCDvyuT|z;5Q$A!GGFsVCS*R^V@}cZ>~Rhomn+f-hxf~&~)S&
zduV(i#|f@`R_+XP4|8jVyn+(<?qxj1bMEE4+9xsD46^nN3KnP23)r{@$t!CMU6#%)
z?}2zdFKYPV>i^=VnjwSi!_=ZS|L5rpG7bzf_7)Dlx9^%qrj&E2`d`!z=NG)9WoW}7
z>%idkjlm+9;ik8~xs#OqEe4r~3<`Evq;4>{w=vvHXSnXlpcTmgsb!FU$aIjI!L6A=
z_a%dVJcC0u!wnAx>tcpmfedC@47Y<AY)To7-Y__SVUTxb&<JDj=wh%eU{DKT(2ij+
zOlENW%wSi^pyJD5`cCj}6q}0QE;&aA1s4W|hYZqyJqW`!M-i<U5#1Q!yHO%{!N1YM
zI?<Q(!+9)Vf;y2xccX;0qk;BN>7-)t1LC2hsZ0BR?GJ-@vhp}scE9T_V|NAyjwAHH
zJK8R+C@?T+?!A5UhMu?i;;2RpZ%h1#@kZ035N^M7J4RpbxrMqVG5omS-r>Qa?=m8_
zzZ4%A7aNw@hZQKhkZG{bQMkykj<Zi&k9B-)A~@t;`Dy(!UfI_F%|U~;Cd7`JmFs<b
z<1%A+ofHe)HQe)cN7Qk|jz#;)$10JS$6n%(uJbm#T$ed{?d_2X$+uilr@n<PbAF3f
zVYdIWamZekmr>l3ytn*6!~dhY|G?&dn#-^htoSvV;0~@|e&2UQR%FZp#0s37+-iWk
zv;xI^>v1f2Y=1p7b#2@xC);87WlY4eJOg8hdxO=S5(iK9^r=mO?mX!hZHS!vEbf~u
z=BidQw_oS0@74$<2CKtMwY~x}S6hXht)@+GE82I$6BWpB=Cn!QhMp!`?&9x$_{m_m
zmc3k26lKnQpXnvJM-<(T+kv4BDrbg$)(pKKCVILl!Sbg~lGRJJA3__f@{|@iig;>S
zIThUurmi*LnST!F9{7@WhgFf|4vQ(}Ak%JylHe=<8g`Gs&Cz+<W+ah$VWE`Y;!A|N
zj{C3A7>M*Wzt_4w9Gf4~#sbFY1cZZ|U!?1MMkl8I%4$g$mm3<k)960!V;+PVS8gj7
zAS$|a)L!c+l}#^J{}3yq3;gqx$^(mT#W2Y`EJlHo$Zp9*1tfVkTLcFWnMZ7tNy~e(
zOff-wYAl(#H~dmHou#|G_)O*M3e#8)HNMf87BcD5yetB*THVkMKW5A)_jJZ5WHBlp
z6ErDVF0_(*^GxYdP0bIn{)~0CZthxE^dTtz(_xo5?vLcJ5$P_%u<)Ti<l~{P`d%G%
zb%fp0JOA^-zGlAl;REfO!m0MyV?}9W27QU^iu~VIUZ#H#;;7Jm=&`&@^RRc(D(gEe
zTcxByAX8$1QV^z2Y9&=Y+laqndo`witR^aV85X{^-T__VG!fLI1S_AKnAm7qRSZ7l
zgLy)T;YFt8pPw=Fz0aR568pLkW%wWX5~7=Dry*9gBl<vyI(y1u5%-c1QaDbo_+mnZ
z(E+s4t+lT_$#SR<4<A4T+1oR*p4~TBT=~1BR~fUclpatcBf7or_1(bdT}g!rbl1%M
zFuB5q?e1c4^vP~KKg^>eS4V2>H#FV1*gcH9?`!JozpOWa5T5Fb&pDBA3;Fb@ob^@T
z;&T$eMcBJ(^YgrVQHNb)wZ%t@#;y4hG<%(#I@xs2h1tN-uJN1u@(VObW$&i)lpWc{
zZ20v0c8JBX$?=FPj>?_Axj?&X?tDe=tgNBA8UG-!>6tq_2!=nbRPr_(Eql1_K7||V
z3qix!=BVTHaa<`omx>P?O9`u#X8s(@6<=A1u5Y^{?H1_H!Q~H`o@^XqJ8v<Q>FZ1K
z%-0SJX)`aRFtc;>ku6!Z4CSB&uM4NzdUVt^;e1P({%1;G`$Yvw>*?*K1eP6B<8y#l
z{(OInwaqzaDro44{G6a(z`3|nhMitovAHKZdB;mM2Tc}>6f2Jh37@)CIHLPSXMMN6
zEW6|2@)?-vQA;1uezOeWXBt1=Y3g4!{gQH4SNsdU$?_Y!|LCtXyx$91Z-vZ$Y%7!5
zywpAOh1hB4@vG2A#PgDu{P^7LVq%42e`&?#QdJ1zX-La{#BpR_a+^-)v%=ZygpZfb
z<)V)f#9&T3t%<q~@%{}Ix&F|&)De%Lnp|#sGRLN<%y%vJ$^3LHl0fFXFyxYCN(vIm
z3KBp*eWUFm6Y!B=J?10rQ&1wCNml3vR^XvcE35xC#{yZs-FAE68ZDuvG?`NqRA$F=
z<}XfRXdU9gzNV2%`6Bs`f`d9GW_WU1QJb!`XV8^x75^N{vfP4wz|duhn0>RG0sZWV
zr_Zh!dB6D;aaZ2#t{R)J_q5Xyxp;M;=BE0iAs4yt<R*o@S(w=&<iBevvXAicfOE<n
z-Op-k<gePl*rQ$j`^j>0!n^Sg?_Lhkesf2S#mM(&J?v72T8vvrsX>DJ8CKm4SwWeu
z#NH)Kj9!PtRp^i2G}ct+TOkXr;e(C@*4M~vIVR18xm?+tcedTb2lRP&JD!UZM7W3&
zpCjL)hq;PgoV^h_TsRd}#+&W?VGE01Y+{D3yz7Sr{z4;v`k9*nVy;ij+pu0&No)S!
z;tv`wTb@={Y6z(loZGNJajWO>WyRCVrSI;3*FkbAD0~Yc&8&Y37&Lq*8WP}e$?goF
zf~{;{s|GeX)lIPTtnTM_W<lsV2UX9TA2jb;gs+ij1lfah9Uj;j6a|&()GVB!V0<e0
zvjTJlndCU!r&!BEK1#Cc)cuS$9Za+w8Z&BB?B>FT8}kd06e}T1Uy9P&+}j}8r-DDT
zwzlWg=Ny{iV~_BHOlXGR%vkV}_W7RpE+j7|_~is)vO)TO%&+Y02R8F2peHk&HDV8Y
zBKbuk1kz>w9e7svwBW8Pj^2*__`LMP)YC53<afG)ug_*!+sKrbirCcn4~5qJmg_}h
z{r!+TN3LXNs#<poCtGI3h4+nVe~or4-8Je}6!?r^Z+^5SjYlpfS;s)IvP<V%oKlul
z`Cb3jpUroWAx7-?B0Ga@bwfHX$jDnk1sBvZ94!Q=Lq)ha+I>DqeO$PY)m)taAe)<O
z+dUXR;dM#Ft;L}ERjTo&;UEDLLg@=zr1l%H5DnSWr#K~s+?K=ievzYPjrNdt^q~?>
zhn!4%67Y;)>X5vGhO0L?n6sGM_}~_(m3UT<5WVu0;}Ls!u2^<DDaoRn-xUUHgdv^S
z_Lt7-t*T;Gn?JM0_HV~7J%PpyONq4xA5YOG$ESze5cztMA&xR!Hs49u-n6+F+E-J4
zp2*89JDd`pJsCdKg;bS2=E%-nQB|Vjb|xW&-OBTubLl&)14FwWd38J5g<JcvE9&~3
zNeV3uzi6CMIr+Uly79S2_J$rFd2zCTE#rNeFycu8E0c4IBHaT%V&X?IMUIoI8$no}
zAGGKvt59=(#f+Idxigi*(`srlUxSFTTya{?2!lMWkmG88P7lI~iU#+5Z?UZ)_3V8a
z6)y_BetB^dVfC4o%FK@XTc{GtN}t*f2U}9}kL^@3xQ#UWx+~Z5%OmcHkywMg%^;5a
z2PXQ95*${}5OrjgB>I|u7h_6@YJ7LBoc<-@FQwls3z&yB3_R4&#6zZp4a<Ncqe8yv
zneUs<sI?3yrhR%PLvq8$r!>}!2XGjF&7D_Du78rHBTX>2KHxp{WGedH;)m#cF-h<A
z1BPS6ZDkfaB1(Q#s&KbIEz@C{D#O}|-fnQfdE7t3l!XjckGUO!7c&pntI1~6$TAY#
zNyQz1@kbP&?|3#tCgcvGR8w|=`Y6W<HI$w}<uPbn;?DXX$cKXl`Zb-%B=kvLv87Hg
z&G@s&AvPc5ed2tKd<#UZwe%O=EXA0FnzO@2st{%G?81!;<JPOJf{weISe+4%=LquQ
zFHW+ow_BR*3LNp7(i!B4Jl<(#V8(ODt9MpBr&q6lX-G`7U|{(+<zQ^?uy36VN_WI4
zOhZ}s5wgnD@>+~W{Mk!I{$9E!8<t|PaT>^r35yywWo8Gf3uAHXy}WZ~xoM007_l{q
za$IK%Kp?+ce>m45xGel)_ORZ`p59iQlH3`!sqt*~`4VmJ`&Cxqq1i!(NUMsm>C!<x
z@$-g)+=m5}MZdQh$q=emf0WwB`PCYkN(;wmuvzSbWm#G)DhC{eR`E7wQexd8g2CB%
zMNyV1Hr)<FN9xE>j7+iV0a6g#r9SiGyl7;aBda2De~zW#mx%=lE}Jj+PIP85>V*b-
z*VW`nGnM#=!9Mr$hTmsrGn6Oc2f}k+;54Q#R+Y=d2<?fWL_Zgl{cbdT#HzpO_|n_I
zC9!MSczEfc!|WtrcNL=&P!+SOSQ6E{qYrq`WqFxA>ETvO-JUqp67TB;tPQUACm@FM
z-s^f(+#>9W(d|~cNH%{V0ZsL~gEwcz9zZW;ebwvucMocNb*JL&DFNFWR_>QFh9Wn^
zk7**kuOBh;R_9h5$uKDR<aBtVf2rVggc$tlG*a-g{@f4pEuX2r?)oG-CO$pWZ+HHZ
zVxD3SsE_XSk>x&RrRyoJVz8YH=oIcV6fr1x?R12voo<q9DH++lb57#@y1CNlV(ilG
zqC;4}T9@S7-zhSZJ#7$v|ARq^?RbN(kPL)3zU;oBFjrzrcKAhWHBA3ql;Giwjq-sw
ze=)z$iuRX8cCToA-Y<bngHX`+D*S3$XJf8qQ?8DjhbS_6ukrm$&vcG_%)VEWT9pYv
zi9X%jB(c<4`RTa3iIsWBS>3FC!rT{KmLYqy6N0NFOmb!SBzj@ROx!92rPvm``1g)T
z?0+K5&BBbX5_l#<kK1t~H}j@Mw9PB=PyHX<RO3rT=KUnk9B-{ep3%J;ugP^+?`Ngd
zNSh*Zm#LU@p<b6|LZLy1*ZS=;MzkeW&%w}BeK0KoSt_KVT18_jdu-PzA-{O&$<H0e
z_U!FXOOirLO9dutrnh%nd~jxgWq58vNXwPf>2pjP$`+TRCF1pBLRiB_#O_8`IcX#3
zGk;1XBBzl*ca-StRw|5aHQ9XqBv)PW^WsMxp98{+T~=xhdg39s0rAoG$>qc04FwWh
zy!qSk(iMsrDAvy#ka<?>@u(dWckx~ZJMz}>6|SELd_28^bx+;Z%WFKx#K!UqnN?@p
zQQBgV!4$_L3~9G;KVy4`FM5Tf1h9p_b=M=_!DSyS%PnL`lWFc)>VcJ{q4xn-x^c64
zvRRvvb=61nl)c4g1+N&}U)tO?pBeC-Bit#DIf>_F+;VwYm_g}a?Uvc!7A8MD@k)~P
zI>Y*X_{A!ndP&SIQ$)?mppGcpO5?(Z&&uJhKCb5N%twE3FS!Zk8MTMu<8SqjZ@IcZ
z{9?{M!7S}zePzpj=Nw-DhLpUeq=J_RbOoKQ&Ix2sgg26pXjaZYT56c>u@NHa7>mbz
zdO12RX7R=ndBnKKpwU*^BX2NBU<&P!jy{=t96Id8o$^k2(kfS6plb0Ymf)eErjy4u
zJ|tFu?-}E(uFJ1N=6){B9RC3C(UZ(VD&f7obonEyorEJgBapi+v-UlE$ac(79%i1>
z2KF~MNY+o*_Vw&X+$IOQl(NNTF1f~@eZyl~FSKTr<>B{JzK!E-{!k)+-mapwvl$Xe
zS;yKfiOwXANtqx$LWpBbMDV+bb-Pe$V^8S|ENJ_<v-R3M67gqwT6xANNx}y5gZ-u0
zJMn_jY>OqWih{wB1+Ur4o+^DlaKw&#Iiu=o_B%9}9OtE{7hfKj{W!dpE87RQsRW=(
z?uE4Iq?gBs04V?X4dumTo+ERWafaJyUa?$$Y}94-tkB?$&lJa3i0)9_7QEkpOiE7z
zjeLtfx$@#-XY_%QqO%KUbM^H6Z<}trKK^w;)En(|M#Xb_d&@j5jSB`-VH}kU>TB9}
zYTELI-ai)cHty%a>W`n^<9|j(vnGcz*mrqf@t|KWzM)??>mIvs1WL#8fRV8r#-?5K
zgWnn3;Omi9iU+F-@3I#PvO^MLjLy7J)NNfnfE;#T?rJ-Br-FQQ-aUGaoHQ;7wzM|F
zu#z2P%dO#8T$W6_{c(9pb*#`V@~=G6Rz;>QSc|PmpDQBo^l`eBQ)aX;zC^pN&G?s|
z<AG!yt~(3$XQlN=(}vu?&aZz-jmt6VpG$POc=%3}v2=-G0<Ne&0$)=A4S5-RNzCBX
zJ%g3dkV4(S!l|Y<-ZsX#Zd<(?5j{C5Q4hFq`$R;PVR~`wp1ER48B~(8m7Gdh9r8)W
zOUrsu+EJj>h%%*2JLsx@{ZU<^07l~mr|j!qtKQjVZ>%%?i{-@i`y_7mrg=nSru#Rw
zMUX32rJ1Eh<UAj1^EceuasFpM`sKZ-!ZS@)tX4QZxRj+Rb(t-@PNm*2calk0Y_U8<
z?-4o@ovd2+uwFpm4iIK08`JOV_qsmO&1v;yqKmV^736#7D&O$nVWR|1L8d9c#SCKf
z>HdH-=!vr#Gss;d61SG$C2`qgf>2UeqF3IcEdP>cdXnUO5ute3-9kQ3DLYBA{)N}G
z(unx(%OQ#mm#QiB5Oo1PZ`1E@Xb=Z7jvlp^{PAh=0FhnjnXAH>ky={}l<zzC$>II+
zC4#9&?3dQ3TZT&$=jvZ9UV7Mf#*K3$)l*EN?b%b-Um<qk>$gO9<C|*z?f9k)lltEX
zF6^p2sZ{inXjXJmB7x=J8STY4cQg+mow~SQw9XNWY6U?$keL|B(X{BWX}-6zC&IL@
zM!9p{p?@soI)Ak7_!s=EPG}+~q;RSwb$IHMSRAe_TuG^cAE0ci``5zLm5B&d@2Mr>
zykhME@{-`mv&Mq3Tf;ID(`)`%y-3EaTgxxrM%%3U5A-V8toqq{=$QMFvS<BH92ddc
z+854*L9JcXd39FO!0IZ^5w#~Y45bP^rD}QoltLe?Enjj8L4~Jzt1*Dmw#fssidOA;
zP~FByC7sdggcQ&E-F*t*4a(Z}M>LeUn+T7+wdjQZ(+YaKhUNUF0;PVz(6sTZ^ABd*
zoi<=n`I_wYr)eTI9`h15R1AhGr-9Z@<}okjPN*MwMhh*QvmR%{)9|!$wiWJZMrt|b
z+G=g^iir5<bXS8^Yl|?299poUW60VBbbX5Gj%P6oid$e>#;&IS3in}YnSi}*Et$8j
z!M?J{n}<I1mm>3&S4~G%S(3BW>~AKX4iV0{yQU&rD-{emVt2|<^M+ryi%9R)LQ&=x
zSFxYvkg>3}2}v_Wf$H5CJ@!ZCN&XzaZsp|ReZ;(syLx?h;+))&e6JDO@fED^eEB=I
z7mA7BK6D{icp59ht}x4qjKh_#qPqB+I!jdsYLCpf;Bs<YkrN01O!gdEq@txoS4KhW
zI$C>X@|KlTStrH48E4?JUuWj%$$mn2dX+Ki1H_8!VM#u;yTQ^h6H*i|AdhI?7!4D?
zallM5b1u(&<MYPoOfL3(N2rDvymRvp$8&4A3AC%w&&VR4hRLSvB=j_u_~d+r%J%H~
zF1r<IqXqM<ajg>5UlA=Te<|c6bu_ZIlJx>Qs>p}8=qth^Sb*E^+xc4=YW8|{M+#t)
zeht<p`(7=opeHfvvnD;;Z?KpG7+iX!GgKqlk;O8FoU&ZQW){R+9jxL>?c9Xs7e&Q`
zbtKvlL}JNr4*H3buNDmmD@|$Ym5e1C)J~yKe@RZ1oW~SaQ{|N|pp(!SXwwO%zpXGw
zPHFYZFG2)`f!Qis5ueTvgl}s?nr2%%8jcjcs9wqG^a|##R`h3m>l*!mi~O&gI{xvZ
zpR-{TdWF5_z37m0`M)g>7!&lm{h)Nz9*AP{sBq@!`)}vP^Hy9gpbL!_UN&0S^hgjT
z;gk3N7GJ&6#4|PM@=){0KVEEU%&J7~z_!9hUP6?&6`cyZGUSZ3Or$INKZ0yS<^P67
zxD_`0ugf2>>)-!hTEJ5w!mLi~S*us36W+zSwc>9_PIiP_{vVqyZ`+;zVb8g!`;?j!
z3JVuQ{;w|*VWyMhC^`JUIgG&nImoLuZzMZfIsXIwWBX8ul#;>o|9=+5MQkY0-*0e1
zOKQ&!5CLYd4F$SMIj{4*33>wn(yCH+OBHq>M8i*asdcomj4lL8s}e?e>eF9&)*Jc+
zgdfTUG|k)1`?AZX3N7T-i_FV3R4>nQ5ObYh!XPtTbL1M5HEAFwl;%%FM}<XW<Z|As
zS1Q*^aZA>s8gGB?NrL6ive35)$yUVGRpx%q<zL^g(Ih(8Hk>xNopHZdHI*2EoqaVb
zVS#QN-G_=RIB5H@XH*_g3v(1iL7W;nO+)p_d?!M2Yq*w)XPs;Cml&??5gNNj9Rr>2
z@e`rD<S0*WB%YqyON2+$r3k_C>jzSrA`W3?r}dAip9e9n*RIqFJHRRN4I?iXax6Ae
zn1=ekB}g?EbI&(4Wg3H!C|eY=D97B%K59mnqPTKuE@AB^H6S{V`uVNei(WY(yNsU8
z&4D$Xg#x$y@T&5$RF|^B^I0v{=#FB^dX%)kVH@7XY>SsHcOU_@>H*cs4vpBKgE)dh
z3=B?K`%R#&_7Vvv+BSDR6~1u?OE%HMX=5=I6aq$>m=-xXkI7$fDP1&xSDG4KWiEiF
zzc1WUgGVRg>Ke0TJ3`W8zSM|jZUuX_SZD|r#N%FlUt`=0QiUQSJbNs|m$$kQhPLSY
zxE$AVpW+u)r%|~`_9a0U3;j9X^V3iRTQW;eW2${aIj1nY3OtPqV8tcy*7bcW5HK0*
z`qpI8M0n8_9139Q3Smj?koV7~O~OgiYeyH_kWS1R4(qV6W!6!=i&I^b1|E0A77bKQ
zUfS}s;!290nj9Wym-{bNN^2?}#x!A6wM4308MUrC?E-qKENgspjC~%{-7~b!*c4_H
zFgA&4>ZpX4Qv=8|hP#OTZ}j<IzFHJBpo?qAzqqw<D&8faPAL`EUJT2rDBAInTBm}0
z6`SIyl`b?&4Y#8BC8M^jcAkbBl=0|B%nz++i*U_jAPaUSkfbduoUPb4l^V6M1o~lY
z-|`wxEU@c}C0%cVUc~;wyG0TxMB>c$id=Y?)H)?B+3#(IFa+%A>XnAxu@sYDG+Y;t
z+Y?UOGH58-#Ex#z(s>LM#4M%WgRb3})=G=f;d&dD0$8`h(iZzaiEz|dh6_~=<%q6*
z7=$sS@92vWQ!DdFUi=%8FK_Swf<=T~Ui9Pm{8zdak{o%|ccls!E^-RYW87bFtsL%6
zEv$gfq`-KX$2}Mu0GUiHg0Tkm6@e8e&~3^}B%3(=X3d4sub&PgJ|e+>0ATLQ?>YRb
zh2>jwB$`(U;S%=;Lbp6Y#LJs=%-W75V?FuL<$%t{*IYVRoIpgL=|C9M(sa{6{&?$d
zIt&L)P_EBNM}3PmDL3hXOAOgh(|s%29O*_>tTTI3g=(mEQu9Ojz~mqPDInM=5(#3p
ztzGNTuST@AzL70NOs=?O)hS`fHKv|}+;r<%mC6lQs8Ho{K5aXOIc;pLXaFIZLIoIT
z=3c=qmi&3yg@D5WS|{$8anm`mqSjHkF5_|6I{(E-KdiWnui+YO<$$SfQ0w;oQRybx
zZ(tsS9u@fu*B0vY2MlcqMELX;wi-8~nR8Jus1$5C77fDdkv2qnW6FXfEHrWrcWsI&
z`Ipu|-lo=__^k?ukLf}e{ub}cic29K#u#ggUk%A7XiJr=UlH(@O~RY)ReG<{#<&$|
zbjIk?n*~<-{8yF;Gbx0*tnMrYO3=jP8kS!CQNvd(=8j(|sSOy&+=}OwQy`6adlJJ0
z5a0kMN+M|fhdR?GZA#R_wW(&N5H#itu-$J{#dag&*O@`2F!>iPIF^q@|C=#EuG0;Z
z1eqb2LvD~y{ckAzJptzf;8p?ZmF?-jMySjuh<}N97C{HyhZP(r;NKIW?pogo(#TYL
z&iog&H_0jKH1nrxxT{_-VFG63Z7*O<fW@o;kNwGhL^81xg^*0%iYavS<Nif*k1oX8
zDl;J-Mh`gh7tom$bT7a#u(WET>!B^pudHC`Iq=yy7|S|m!oLBp$(BfvAhhpB)D-Dz
zUqEwA5Yp4deW`V%?bvdShUx=50{!R_3Ggeu;(|h8<FFX8KYphlA&TjK=+}XOt5W5F
zL47^;4}hRd*Y;xVpeNat?0S5HCO3`whstN)z~*PUmIP>HJ)4AOS1IOSEfi&H-Oj%?
zrbr$A;LGd$iCWii&R%sMGajk>v4!mC_b0l5V@-82*>C&Zw>6oozLWGdcxh=sZF1GY
z5c@^2bpxe3_j{JiOZ74hkZhB?$SDA|+n%8uKrIBEMgT;D(4^-5A;qRnf!MYQ<sBsw
zy0!w&fq6_+o?0}R14W-h$7;02a=<=a)COS3hpLfydV2>P6s3(Z0OYRL8>>)9Z$YVb
zJ5UJ2Vb#PJpAyNWXY&}75s_nWT%gnk-LB2NbPtsSI{Y27PzcUZLuy^h8aSwM^lk3%
zJ4l3olq&=w##9M{)2=%LH>1@P+pD$-IGvt#{_QpI<Y~4*)xW(S>_ykW$4s><x)&Yv
z>^wn_%Rp(slm4hJb;U)lt|^;HSp1jRr$P<r<;LU8wu2}hr_#?^(w<HWqzqYL2D53)
zO)*8>a5|#EbTx@0@}!MpWj@4YMDtIt9RR}cSr&6S|IJ><F<Dvv2l;L_kJoVVUTH8W
z9^V&Qys$pnlnBN%troy&)A>A4T^#dkM&RkPvg8JKZf@$#PB$6J^-Thakn!2tFC;-L
zsa|v7HN;M!*4KNZ+0i@{BIwKkHjJyQjF@_6+_xBo`U4qia`LjZ5}a3@Yn;zGa~woa
z>q3Rk$f$~?uHcYk<5N71o`i{s>L>hbdo2|F=jPmMt|K?$ekW)fFKXR-A}V4qR>d%c
zq+)FAI`W?FAg(dQc91(T#D!de5)CY)$_@1L_@5j*-Lyx9kO_k#_Khlz2p<om_>sXP
zN;ga<G1(5PF=sq7208tCnis3g-eR!`1WR#pNvT%deKI?FX|k-BppdLkFZKdvQD74?
zKku4x0<k}XiIU+%29Xgm%hE`)l0_3!#ilUp2DgXlv!lKC@j~~nF9gns2D+3`orF{D
zr&7}gIUSQ=7;g%?qpEX*>k=e+8GZHJvt^TCHLold@KFs{4e_{$3jfB{_Wa_C^<{wX
zPYKi?<KrZ4<8~~@%eZsB$*snEV-5F>_u%mP!B<RN2_L(N1WVj~;gopE$C-ni;*%I(
z6hgTf*G%?XU32L>?$4}A4Jb(<lSU7<xZrW0D#;`>{z5jqi%cP$%M)k<MnN;j1n%Z3
zQrkBgPZW7m@HPtXLhAW0@MY|WISP?#5{(I^RcJggQlMDU%A9`gAri9gp%BI0AUfBp
zsKHLh!_dwRQ=@J*KU@zAxtKaI&_sJT0{kIbt#1ZJmPVSP-UsZcvhG9sqA<`3su}hs
zrk<KPYs*tlwjv+?A^5`I>SuZ&p;z;x(;9h0XpoK4GOq01`DL*AKDA8fosDR9GS?)A
zwn4HuDgQva8v!FIEcI@lF}qiG-MYA<8{yZA?Jn*~fEi8@IB@a--Wwb3vsaYMuK!wu
zPRniL^JQt3<5gy-Qwlw1j#`G^r*h6=SgvAnukk^>rV*~CL22f}YUX#8aH8!93+l{f
z5C$F5n!M+o)>y#$ujQJ763MFcHJ7H^a~YFaF*^cJ8t~da`C+p$xtTM~AlV?V5Qt!N
zEY|vI?9hhjT=NU8_LgbFViaiei7;wm77UnCfh6!XvZFZQRob4QMA}4C`s>@(b*Pig
z^w2wu#}zBJ`VdoLQ#{;b#F$fEJA3ATwXQ)G-Y=s^6C%)iTx<pqG9LRYl|*^ppEw&@
zeIEJ|GfN`C#B!Up5J}WK!+qmC<F7eN&(Z={N)Tz>@_tjKAmh`Umx4R5Px?NsxkoE{
zbe42aHW0trkL#QtfBDw<^yS5kK9?~v(Vf&=5g53rEG4!>3$Gw}xzjfEB!aOU(K$mA
z=^Hi#skGXBie#}xa)VDbD*U>2QAPI(B#P`8&qjp%w9CWRrV$H^F&k=PdDpFX;>-i^
zsq@zP%On*d+&}UDUR4F(6!?Sp%QF5s&Kpb1#0tJyWKR140+ZA}QzKcdP|~NIC<Wvd
zIOa{Bj3?c=G{8C1zX?q~R!5$1YN4(Nw-&*S4&1~9F2Fi_;n_DNi(zWh82kjh6A=(g
zuIa~6XH{I>&vOh6|Kuv&yhrM=xUtk*3bnF(GLw~jshVr~9^^PZ!>f^{QBzNJjrtLL
zJ5m>l@22cI+ZR#IQeRiO%lkNDg0g}|A+lC*AY-BQiPTH!CBCTdGbh4VJM%Bo%on)w
z$Y}93g-=1BKFV7hyg9AtG4UyxVPova7z(iqO;+E_3cH%%5IXHCyvtZ;Rb%*pG`g8g
zy6sAqZ_}#GNnQY)wqj`bL`0~i6_txT_FesH)br%$Noo-Gu)r{x1?!%KuLwhjb_6fF
zwsU^b4!53FNn95^ocw7BXF6`um;P*72H0q*JG~tUZ>D&%PL&HW%E}wJn@gUKTN5f*
za>Q3tvt{h*j`M_8*%$ufe#e?*pUxjza-zt5By@JD9Yeo9kzfH!VXSw5@^v9_7E+Rt
z#)H7fha5ZhZ9G)23H4(Idnk}fvY-;-+C?iko3)DdWEK*{>CEBe2+_#t@iKO|k!bWD
zu<uk%VPflc;fKUkV4J^6h<@y0@|vkxvnov+ix<q`?T8w${h84i<n24x?q~&~Q3zh$
z_N8o6cR|<AyX1}j@0=s(O#)w<lZS;SrW9sY`uH}o?Ab=ZoTHVJoI+s4H0Ed2)h29r
z_a+gCu+D@#WFRXl-?$Dz7B#9-^5FcSP~%r(^BE)PUhlsF@oxO)!P)#fq`4EA1Msb|
znvjUq&FW--wxp$4|CG|Vj^z5~P3VB|gM#x{mt_uR{S_;V$su;QXK3r578uFGdEARV
ztg+>M)F9^wpq8kUn1Clgv3sJx8u3!sj+67D<8U`2m$89dGq14TzDYQt&|-s|oc#$A
zBE65JRS4RgP7%=L$oRw$veiN%T9-UxT^ThwDimvcx@~O#t6TaLaJ2AYP^$3Sf2er0
z(}SWJ6@|ww6nUfcH`D}3a_4RG(}kOkBj9T|?b5dKVULWm>*Aww5yuub^4N==$A6u9
zlk~XAcvgFY;7uf8sKj>6Jdfxn^1YNp1BWKy&tJicQ3)`+bc-t*G89rlcDlcV!fw;O
z?-o*%Fbasf)KR$F@rSny-4k8?IfZ>La=@sv^OriZ)>1XH^RJ8ZAaDREaRm!rpORVX
zjQ8E_n^5278Q|pD0EB)CoFc={;0`rFaXq6#Jvm(vqaadTp_LO8yD1C<*4N@VGmjal
zlA=*H);Fv7lo_A)y%tbw--a-QABHmpui%Qz8nqFyLO-g|sJAec?Bi84qQwAQG*ny=
zx#dJkt(Pk{E+xN9Ht*iqLj!q4qDa6I^RB`2beyg-jq<I=c;VzF8dbGoA+?|y^>b|!
z+Oab>*)KHWTO?+k?&7UmVbqZ<QL%cWB4%{qAz(`lH@HeNF@@iUxA$FJCf7g`MSpa|
zpuA(=!d(arp`vR4DS0N{y`?8IW{)<qC<0ER2N0cV$ChF!!j$XAC&D_I5l3xdKl<uQ
zu`MpGL@x~4?|tj~bt0Ui0Z|BjG=*QodF&ZdYY*ITU=LGA9~v08p!}6?B*3tRBORHI
zEIuiO&&(~lKe`|IGj}kj?@gZdKLr$Xzw#s=myx}yC1-c3Ss!uKvK2Xx$+ii-dWFP!
ztAkv8aO365g)S+J*GtH?z0g`J#pzV!;)jJtX|g|#E<st+KXKVMI&l_|3caF;@X3YA
zzzgW6NeqlMK$=s6B;)UyXjZjBI?eAD+0jIFU7tg_H(X3MsN+^O6Iq|W^j4sx0$;(p
z&C*~g92-|81!=A4#@022cCObEHEuO^iZ0F-cbJH`BNn|H((t&N&G^GV(=8w*vX4X{
zy1w!1Vj?D#?8`37;#wDSqS9%U8AA<|F{f2_;>X)@+?^3@^1S!aR!2nl5K5C1apR*g
z>-vYD3??=&jyU6SCDf7(F+47drO-yW8?l%w;^#2rh4tG|(Ay#7T%*?B(MhRTH(S{N
zS@8(a34($WU+S)hksGLw?hrHwW0(TgJ=s6bR;KtTLl-ANPVi}-rEz1CS=1zvL2$5t
zlb}uL?#E)*L%(p#(<WkY9dV=B(Xz*%evHJ#CNnLJxAS!96DZhv$*PGp+>43h>Bw|M
z;jZjC3p<&|oEFI!w5X#!hlvDyDC#n#s6wPMYt5||HTU@9CX4alj**QErjSDul0?GD
z6cL_oZJb`6;=J<Mhp91#eSsBI>xuAFqK=y2(rHU?U?O>Vmvk)?Sm1^G)A+z~H1m&U
z=!J2wx(2gC7;RRpUcRB-FvbE#*=U2`Zr?o?K*X|ouN+s1#!oMg;t*mQYbmM&aXdVf
zHlvZQMLUY$hvsS@su`^);k;0~0&FcQ(0gzt5tW_?S<I&o)RlBEr1Y3WVwUeQxqtnb
z3QkQ$SqdA|J=mevc?I&XwHmTbASDzxR+look*|taqM%)9t4#z<vh&ZWn3(lN81X4A
zpDI&p!{k*#9sM;ts*dYUhjt-2{6Zxa<TWXeSCA7mP)uE$aGDl3CV--Jpf-?vN%qH@
zA;`z<+}Y~!hEw^f3J)UDdqDc>;vh*srpvCZAOeZ7Zhw2BD}R?jmaqw?gml{2X<Ge7
zxp~axgq6bKKoo*SYl1u^K}(}$SJ)^`@zIMK@OhTug@+VU61=sL#&1gV8g7oAp9M*0
z*61WAbfQl*+GHBDt^~>OR`Dqu&Et{>1sib8uY2MfoRc$V)>x<j3tU-J?A{~@0TtG)
zkk`+mr!aO3<q0Q*=x42^bxOl*w2#F+CPOsH$)&aM+iMsGoDv}m_7oXbm2Ye5`j^vM
z5hn6rz~Vh{7UiXx7efVV!<xI(W#D(d(2En`#0my$u-61q2SjMq_g9@sWTFtLWYAB~
zN}l`c_>O^7%pxwGex8p;A(S5MuH&d-2MKlxstYz*dz~6^lt>7Yo5Dc*&;KH>Y+u*W
zFAO>^pkXAe2<-sU3shBaQtRmFFz2!JrjYXP^n7#L()w9YIsrArTs%$<uz0b!0xSbO
zI~G<97QebQwSonAg4OBBB9kJR#YRTOK?Pbsuh}Ff(W?oZ{>oR@=#{6fD$T0-!fQOP
z5>s9&h(J|#*S8`PU%-l?hGsj{6<qYN7^MOj)b9w8cfugT3`T-EAsn1e%wzb#@GY+T
z&xf5@T)~pbgp*)qH*jpZLX({_&NPF7+C?2EQ?2F!{R~aqB)B_EMhaNamR1$%bsr%V
zf<{e5kTI^ei$E1ZGF?*y9OCIV%&6WCju>A+H3Cf7<5x2O>%kiE%1I30s1h|`xjYIe
z!xy^WpIUo26~<CR9X&)pvYRh#VhH)bzz-;-bD+iv#(u9+8|0_ekBS!gQ)>E{TEUC~
zTGJE~Er3(FIe&6sxHG4Z3Dg`nr!k3$c`)F;2ZiJnR}6zT0#Z3UDh@*<VMJ~g*?<h`
z_ndUq4XNX%j{)4$>myNt5oTVi65S%bMmZ3t;Dr>j-}B!EH*7a&Kap^H9+PT*3lPs#
z3{I)KtaOGK>?r}qba1XogwiGap05`69Y%fgyJ}SZrh_Eqs}_aX*5D*&9#BUmbf;s4
zN%f$tBrI|Pi0hF=w9AD1Qv=$)He|tJLb@1cL2d>>I|>Yaew(#J%g7@CUlP%i7^km@
z5MZyD-ig}dE7+(xvfqm}oF*u#DS4OVpRCKefCe!0U?CEa`=#bF0{fx+ucY`>$q9tT
z??4$oV!--JtJb!e@Bpf-n7K_g%6W)69h8Ywsdb>tIq(CE7&r~;b03hxpORrE3#qct
z3-&Cp0DCD@11<vVTT)1OfTZ*SlTL&g&?@Vl^U0s=Yf;T#>3CaRVi69&fkkfTsd+PR
z!w$go_rkU%5V18cBbxI~st_nu##>hhV{^N~Wj5|AU4oz1X*_ixhrbId3!Z^7!f7i&
z3ojeja3-KH27qIH4=D0P<=au)+sB?Sbi*)}AXtFf5gxbpZ0@L6J+&@?ht3$_&uz+b
zAh{=nTmuSzw-X6%;E{(-qAU9!j_8DjLSCs{b)D8GQ`l~B!~lT-Ob4OYbM;pinI*3Q
zrY6E)T~qMpETvHg`3c=1NfF1yT-o&6uM~wLff8_iOcgLBGa$5D>p(cHCcJh8g+0E}
z8`J=w;*L$i9pFsy;4Qs~h{_5$B-ynqxwR63Qfd9|ojGsS><6yWxHGmV61f5pQE;0y
ztm;y@Rf<f-wU~`q0hW5N8d@@e!W4)L{m>E!23%fHK#+Y&BuD|=e?<&fQAj5Vc;ZS1
z3W2=h3UE{9F%7#hw+K2B!pNjZHJO8S=Uv+*>>~hSw_;vP&fQZYY9wJUI&Oed#=_{1
zn*}NQ!aj+iW9u!D&8wU$_i`P#`qBm$yoOVm#597vh0;^J7k?MDo&aNtdr*Y}Gp!Wn
zF`=N8W^cZ5@2c-Bm?SSvexjEd2p;cMN0n=&tkf9M*x{LLI6Bcnf<g4yy{)?CZ`SEi
z=k-91w1`*87493l!*H)(5?|@!rhB<rB7r6cOrHyZ3nX4^478LgMAZTLa?gu(GcjLC
zC;fa#H(oleo?d4IL9aZY?6(%R@|aw6gbn~L0+9GQc-@;?0AsTIF^Pe^NprN2`IoW4
z@ajau@h#mvCHqC`I$&(*@sSAS#k)M9<EJxzFo;}34^$OYArRf7uzmIUx-OwxO5rn0
zGX{S7mz55s!I&@$z>_9EwN`e_Xn<}IvdMAakc-|Fzep06E<z-jLcFD&abZ5O?%0-P
zfv5xj3Ysl~lxL0&JthxJHMaJcoxq6I({~(uglOEnq<T<+98Uy+DoU#5%F{}o3gy3W
zQ<syK=*96D+gmI`M$M=cD&I<rvofR0Q@Up0qF}b4SVVDo;u;Pf3eS|Pl{=Nz_<VmA
zoQ$@`C}gpkzSN`2ea~87y-Ahp`=n5{@W~1G>+GAPNVr_65eV&W-gu6deF4GNxNnj)
zaL4;v;i>oK96bG~BLkApA5PD3^RQt*O@12pjE>BybP&PZ>qt-A)6libr9|k!U9bZ{
zl7{NqeqWznMER6*HFq5uyq4Bp2P+{$rIc>`eC1T=l@1diRN94iY)Vdp82{Qc%`vpZ
zeYaOM;nj)SP9DTgVRiq~!v3Wdm#J#6{RJ?qqAmm|xm=x>9^w|FRYEYfzbbh*KFnjF
zkI8<HsWrjc#~YSVh>Ei`^Z95zj$<hkBC!Mf@>uvIaP@zd#%+QXKEtZwN;f&^Z%PGq
z{L#5UJWgp-bFl?P0ZApQ9Jr#(0^Kb18NeGp_L}DFRJqC`Gew*UiUV9a90tnwQ~(#q
z%b?kY7i7&PR3XqT1@L%p5<~AW_<Nbpn}pLKMgT@Yz1iwCjhk~GLvLLIt_~&u?L9YM
zz+ws^iQh;GYsyA6?wecugp*C^?J$!VD=Uf#=wbp(R4nm<{vEk}U@_07qlyo9kG$mE
zCZ;pLD_wzS7m+Y%L`wi&R$*knLYX#1vSZ8>pb@j0;4yfCNTblF8z9!8xTY|ve$1e!
z2DCIaZ^G#fNWf)AwWytz1E;|=)F-ulAxFNQKlrW-_?|PJOECHFf1O+i??P`Piv53p
zbC*D>-{F7ADXmqRp2nO>9>*dWZ)|D3u}>9o@~i52fi&o_0tv@GkgsK)Xkcux-Wpny
zzJ?p4y%*h9({}F>u*4t$OPxZ<qa)S9H@<JTOKDctfVMPX8@e<=pV?~1!KZs>p@VP`
z^Hb?fE_7p#b_-n#JZE!wyDtkU67x)v?{9fUzhk?J@rR#+05BhY0sZ$VPbYqW&FD2;
z#UB>7o1(U11ndvSaHF|KUxM8K;MU{<7tp`a@&^{m080M~s%?b+K}6<OBONgDA1g$y
zxzHQ%!1c=-&Op5~3$$wipZ){lh<}4qCTInt)PNEpy|wD^&bEJ`_cuSF0}b?<B{`~r
zMlZ0WV*yMJ*Z`!u?0*mbjiGIM{su<WR?it7w_g$e<Oj5fp%5lwLkXZojBcjCA^YFR
z^S48BZnr=Iu*Smv$q&eXK^|>c`cK9E_wxK<X}j4FY*S}x|KtZWDgy8$t^apF{4;nv
zNNmgVho$Z2LEzv2jUl%?2mj%Ge+F;scUzu6Ed33m|H6=g(%fVCobm4QUuSD=<wl0A
zNv*YSq$XO+JAZ{2x@u5U&DP02R4t6~cozzhjyFtDXotz4vL(W2?^tY5ck&GmTm<7z
z{nZ2Z+(*nU?Sv|5t(iSK?6Gt-Z7E;vW7>v0zPsljMxV-6If&9G614fAdV+S;<2%iE
zcD;*@881R1+;&A`WF++j-m4uy7Uh2sTq8tr-Y1WJ%D8vNtTD-c62!h|g3Y*8URtxU
zI3C>7D6vlvx?*7yf+vZ`zaq{=Ec<~>$Bi9~oy5FAZq&I?Vx%He<oDuTzFLyUuHjwY
zDD#3CCuuDfh&x4;q_6vg%vpLI0gWbe+Vy;GxlTP~40uqbMwR^!TQ2ei3?`MN(DIaW
z?ChWjP%>u*TkrXU(JJ!KqE=k`ZUqQbz|>zIdawX4o4cGw4$K~1e+=FUt+)(mvS_K7
z=sy645<>HuHEMqQ+Vatuy0{b_;C<lghX!DVl&o5h{iGYbJWUcrLXTAKA+`^V;4%6f
z!ef7pB6!SBBs7TY+Ya3Wh8bZ89SV(IU=~*r8QoRpkmpN(y13#}9Xy%=kb)u-#=X5|
zdSl)wodnE`N`oLgcm_bgIR%#Te0`sSYjiX)=~5+q9${cr*FG|OjE_m#o(>7gP5{gG
z=YV(4u7DUV|C>|HqG0+%jC$3<b#x$l5#h-Wp-087fIy&<05}AoY3jtg1j<ip(n-O`
z>R<|;RE0=j9G(N$hhv{WFM`K@KNUdfgvYUjq6>2$m;fX}L2sY%g8=}hs@v3nA6K#o
zPXS0lms;QX1x|od_*X;>oO)ht@GxBxOY1DP!D~R0O*pT-wXX$`q6h{qtv~t!xPxXP
z1<}5G5isk399?7uK<F!Z9xy=H{TRKkV<(-i3qf2AgNA~2q$Q23cOL?a&&Y7tX3SFo
z_of)Y(2YG{X!SIP{Op;`7oZcf6|3sqTy(l*Sf2sz2;c=AS7wjKy^W2@u%dP%ggg@I
zyjTHV-tGZxQ}8a?!-VHxiA}oP4}r113DKyZv3g6#z+lgIFnE<d*pS+(M=}TYGcBgC
zdxXyN6owrA%#Uu1I-tqj%Jg-=f3VMo(*0MOKHqEld|+=a9HS#~p5FZZ0l-8l(H5z&
z<kv!HMUBo16JQ10p-(J3@sDo_7ZaNxeB%UIM0yg#=o~+Kg+BZR7;dk`%k$Kq+8OhF
zL=rrE)eRW@4#0H7-%{PA&K>BKkKQ6QLnrg5cH)ex|M|>=s$o(GrIV!sGX9%@%#|AO
zwq#5O%yz5`%q9*1aYKS;o5e(@N};n%r?LkF_e>DRo=*e0qyZRDC&Lunat=mf{P=*f
z&+`LtJ-rWzLg<bXL^q-VFyg*xOu7DX`b<fH$evDQN++Ug?Gc^m9v}*v!l*7=po7im
z!L8((dg5CSpb#CRq{7tx7@*7dboC;EdciLe6A3$x0Q0}mMgg)Dfb25BZVwM{OByiF
z8+E!iPlBh6&rzER7QK(d!0>2~{ZgSS@?jHe`FdK9(v6TyfRqb_YoNEra+E+$Te-eE
zutm4We#7V=9{byXbZ%1&!X&M?_p!$jY;V;*-xkL|ITd5*KN(jUerf`~S8L!PAe`&@
zs`>~?DQ!9iZ+r28Y%m^vP0lPRP#m9e3Kji>QQj_m=LDSDWnfGxN3Cj?IKH8P^Rsdw
z`QU5OK*){6$JlRQRm-L^n^t*ICnw-1J@$L=jq;but}vHymzOWB!7_IqN34OxFP|hn
zX66xg2r#6*;0IrGgbEhkp=LkHD{cDAWp9r`N$|1>TlH>10Mps~!w~+oW(0GXawMkh
z+xh#?ROCOfgjy-NUsc^E<gDKP-F~vkR~l`qkaW?9f9LsTmw=h0+V5gn7Fx?u*pz&S
zypHnaQ_U_>Ge=)!#<Fxu3``Nr>yo{YE^47(kr?To^Y;OS-#8VvY=)}J4=NYIGj<Bz
zC!@lJcN~fG_b;mBmOmwb3iDc_GWGStK}JC<vO%Qq4(2F-jt+mcxb}d3=d+j(KLndy
zMrV$G-l!AE&Ukjzb?*d0?yXvt%YVM+=|5j_^`Ecz`v2xvn=yP;h{P~3EOa7h6xxp0
Yk@Cl<o><erCXV5@vgXYq#rr}33$&PFiU0rr

literal 0
HcmV?d00001

diff --git a/windows/threat-protection/windows-sandbox/images/4-integrated-kernal.png b/windows/threat-protection/windows-sandbox/images/4-integrated-kernal.png
new file mode 100644
index 0000000000000000000000000000000000000000..fe3245e60aff9ff805f828ba090327a11f831c88
GIT binary patch
literal 50049
zcmeGDX*k<!_co5}?x5W^S}j^*wT4!Twy2tGrfQZTgqEry#26}uw$xk{4MkCN42dy@
z5ZY4On1_fd6g4HLBBmIA>Avs#`|Rg_-u_?xkFVpv@$tfEUF$m6xz2T7SE7v#by)x8
z`ICu>iB(Tm)0BznG=_=k#NOF6jK8=P6<aWVo$xW$QD?&R@GUVOPC2O=s4+2BCa@el
zIn8)J=c#Mu!^9*+{QZ66)Q6f(CZ<*{Jxw+9=eEn4%+D`5&O~-h(lZyx0sE?2{pQ#H
z(0foBo8_b^&)KN{C-COBw4cf6KlPXbH6H#c`&c9Y><x)?Uoof~F$00$4i@Tq7N7aw
z6Mo{9CbC9XYGJ<X?(fvO)2(QChw*AArjKetu5+zZM=XCo{r#h2R?X(*|2)1dfAGIg
ze`n)=Gw~l#{BI`yHxo=u|BHhEAEDq=&!<X|;qFSy4~^}L+?^u5ALZ%Jqk14VmV@8@
zfr;tyt9nK=dFfnLiky8x_vjiKC)@&LTj}-vvCgjtBA|op=Z<SWJ+lMMmIXP8Sp1vI
zPtD-Gd<v0zpvfBVC@#$h>OX)0=`vyH2_~jC{$TW?|H1YryTqlZTH|=Pxw8^cFNg8Y
zjwQ%y>?eC8Kv>y(P@$E{-USw6)l}>L+1i27%y%u;OHbxb0y@jwYLBI+=@x*H!U7}_
zv?XwQ%I5wjf)W56QpEK;;0K2$JGFUezDv6->hdE56OivT)31}i<3S_iKtlw*7LUY{
z-WU}C4%MW|;>YCrnKVqGfsTq9>ot}VsLq}G<$+!<JT1AnV~e)Kk`Vyh=PS|oKq0kN
z-ybSUR2VCJqBvJnJ06x%y5rPrvSE%nocMNDP;*W0j(2J1H9*K2FIGkzKZGD<K^~5;
zIos`6in?NYjEn${&L`SVM^W1il%lElvP;&9x+c&EOiU=jV$hbNt$RTlSH0&4PS%Bw
zEAIl!G;^yt&ke#sY(syr5KqA0Y=i9OpLX;}Vq|L~V5b&ocqgq{wbF3fR9Q{M-7bO-
z=-{szp4|A=GS*t}R8H*O*w-pgjlcmtgzOqdG*|ziOm4s7L|%c%5rp)T`QyY*ON@&Z
zpL$v-VTJd`2u2_<R84twDyAJ_?N|`T)pnDmZ1G^iNlW6oh6zNS_9wo`1zf@EJMEK*
z6auZ*&eZ%h5dPf&<on?dz;R_&BNFFbf_w$4c_9S|*>zjdJx_|uc+Nqhz*Ht<vch1(
ze=zo?@3ufJW9!XZBkFU6RE4>TG2n3`Nar~@rq+ao%HPdcTQ4@3v{TAi1P{DjB1XDb
z7AyF`Mq{X<J4WR`C+I_?6Ks(!q1G%N`kCzkciDnffB13^n6bL%pO*j}HHHl)spjDR
zThof^x-<Ki0X;r=Q<hNUy?jCeIA3?H@q$hKWX@?XLTwv1MSdJb+^>Dx=Z`CKJ<u%T
ztb2Cd?&()~C)c@6DF9q8JI}7{KK<b^Q7d<?>nes<&Nd2a(44=PpF4HXVmZonT#*~=
z?bM=b?bYYekqGjg*g-GKPe8RK_AjmIOR+P(bkCa_TwpBLx0bVx_ZU}PPP>jqMaG`0
z4GAL~kLI}dvLDcx_sJv=-1z%Wv2iZ}>j6`Z_zw;R#Yo&imVTe>;teFXc;gn1B957h
z{ZOUdYeIWo=T#3}UAl7(`^ZA-<0Ak<0=6h$9AE6N9_eV(+bvyozc;UTgEV~xfRIW7
zn*>-2ZtV|=j|V8p&Y;|FWB&q_cqrcQwTQEZH`j(wYOo5TGOi-*_;YLpz0f;my=J`@
z3zZm$0!8@wV9`M|AM7h@rjK%+F3HLDUFkw^-%}N_tTwEQInD?5YDuKx1k<N%6i4pE
zgr}I~SoD1e2T+gAwg|Ox#f7igl0(m?)O)y_&<#=tyehfn;+=s7`TEFmjDpNp&-7OC
zd${S_#7=^043J27vNK4;zkt)doP{Uy5`bsW2x8V!kxPSfmK$01Zv)CuJ?ojsOgLW~
zF0>vtp=oAA-GRN~)bYK+6K2-(f}<O@Sf`%+$R+fqGP{%N;mX8WrO6na4z+%NrO&7D
z-oABWQ1rr-A=69C+?<qJ%l@@8ih0hv-@o&-D9rmWEC4yqs6Scda|I$l(^L+Rg#h~o
zq_<q3QK`9v(?q(+0}*an?dlYlz{5hLnyLg&IbY?EUO1xj=bO^P>e&^h++JwXQ66Ve
zS^pj1TL#yzfa7(+CGhGQ(Q>$hUmT~hf1O^e2<!!8MV~n=9Z{6Z&yHD?M#>YgHT#!N
zG)jqBOG&ik7A6s&Yp-Fmbk?aL{#|uI&NsA+HQrxgYRqo-JydWZsF;)sUTe%Dt*3J?
zD4TA5kbU<U@)fI+x`}qSQ??71+-lBr7U4h~KLhvI_E3kYee#1?y~RzS#|eHr)_ir+
z5}YcXLp#JW9q21XL$L%;Nn5GDKbV-Jc!f1Zt@}N8XTd+ru0>PFjAN4%(5RW@g42q3
z;1@`)m9sYHKb_Si7O&}zyIe;8h-tcx5vlkSt*cJWRY!}vYH*(~8AN?4^I`(#Xxm)J
z@GACmkZ`DMs1}uGef5{It0RsxSO;sPd}ByK;e9+v*jQ#FsW~-?f8SyX$O<Un4cq4j
zvZx(yD=3SqRBycEr+s@|ug>%mm-A#rMlAZZ?c#ZOiHF|#5{&55UJd8ryzBeIK3pbc
z8C;|-_IdF#$9Hhi-K&=acqJ^-q`$>byv4132Yq5Vi<*r0a`allOk%C|pgK=om7KZ*
zKW3!HuMa~9j&k6N$O}nm*P5&S7%JPjeSb76tGNAqQrBmR4&uJ`TpHm<-E^_cP>g_n
zgBFW=pXL{E5ouw_0cb&lzB@Y%HBS@!uGmSq0l*qOE&lbLe?jDzR3&Bybq`aWODbFV
z*x>BjBU={Rlj$P>54(1mNTgln=n#(t>h#Sn?aA9)F63t;`-H;bS-=SB3%ucXyA?6{
zvS9Og>T|H5o(<LKV{bOhc~LpIlVHJUaZ620@W@<k6G~h$@6GfkQyMG2MWKBE(IOuT
z^D%>$ZT}Vpp`IZBDP|MAC2v92EH|V2zngunFcV%soXH|fCS|7JY`02j>9{i}sCq6}
z{YyqqkFuj&#{kvLNS;MDrdr0x!RoSlY)@Y$@lSQ+UEpqLV>T%wqS!dCP?2t!`gN=g
zD^7yVff<++H#M~AV8Db48BW1jT94i`KWAQWyFRHfc*wC*l6>&GC#)x<C!4S~2G%2K
z*-#r6uW5`g*$bIMS#$oZuBBewrLu=I{!I$*v5BMQ>|>JO(GgUu3d{+Hyu6Beang%i
z@70EtJVPvbICZhk#zBjmOw0U>leE7A&&Nt$B33<W!SAn__ntf4UW!N*5UVF<VOWH7
zX^^I&m`!WImZIQ<x<LyB_daAiMqmL1z&!xDHuf<yy-Y_*7U7aLf8>F-td~D3B!)PM
zl!S-SMb?Ecgn1~HG#3c0mBfbM(?rGAgYX6k<x{>yX%SYe;YBsqOoA}hnN1rG)^l2s
za#>aq#MT^Ub4vJgfa}Z>RQWB+Xa5B7?5jJ*6WED6Kr!NGqBA_AZa_AYAoIO175$nG
zD0Gveloj!b1w9y#&4rh6E9!o6wQ{DqB0X>?_?m8ALi<E`nfQjO4K&sw$}rrpx?G&k
zIy?z;atllw6Rr+BUC$`HK<tqSfU=k08y!LH3z7v(rSU2J6-i;{;V_-UBXTJ=uBzly
zp0LpS(ZU!`2=x1v63HCsg@y;;J(LBbz1-J6Zq5v;MOd4V)yj3&%5C-i89ij5FS7P_
zFZNm`I%ShG2Qc^WiZ6n;{8(e&ed`<pb<b1e>+v%j!l`Qn)(2nSnk^upRWv`-7uAQa
zB$y^Fyea*eq6Z399byO`RR*Ala2w>$YXFX~hTPg(NJD0z!jO8eOTe@yk_&kCdR%fL
zA#w0p>!=QyYW~Yi#Oy_5G_;8J(kBea`NZi(9cnz#b1xs`2F6?&(J=X{KUV>Mwz$VE
zxZndwBEY_YI1Pa7=2=wHbpYtYYCueuM!pwWCMyH{^nQ6~w0NE?aAx~CgR|6;Fo=>a
z541^H&b&u4fm@+DprRghdg}>b4CL4>sX5WN=>>kd_^Z4swEl>-4L;j`fwT`BlFgX`
z%Y|+Q+t_PCI>>!rvD?J(W}hdLdO1@!f_tyW3GuuMsZ0BCf$1^5zm2pn0gN5~k<!gE
zx(^xdR?GR7F=s6^q_O_Cj3cc?M^BiUeL-}Kw?)DWjan5Pv$voDJC2<nEj;GS&L3`p
zp+ZU)Fz%sLKiA7MQQyR{pH34Ci0YQ;w<1)2nRm!-GZsfZW9D<#5*CM$FV^wm_01&;
z%><B^oIStrPoOQV_vtbY)JLCg0%^6{q6`ItPCmC@6n(V~)L;G)aWlRiGz3;KFQoEx
z1}qyN7p3%o1r#*jg!QykdkA}>GsI!D9*W9$;1`v5+iT~U2fWGeqJ-1n?nUmt2HbBj
zq%9k)p&ZXvy`j+`5V7!PzjYx7r@M|83_k;x!-8?0GGj3+XAP?lb;@4Xru0FigNv~V
zlFdYZOMm07SLUVSIf9S)^;I<u3#_>x?>{j)15SL+P-(}ef?mN`PIoaqi2(FnO-_Ej
z!E>P3;>jhKOVrU-558CoXj1tT(J^Ky8{`{5aT^|ldaoW*9?oz6b>e2{1Vgm}4CQZp
z&Xrt7zz~msuJG#No7uJ%91|O#NA1*QF9SafahT+Ssw~J?fR#y2UReoQrQ+E+D2`IX
zbOz`H#v5UX(@m@(Ht)-sUtYo%bLI=zy)Fdnwmi|AtLrJ=PX54#<|6@ZN>7JN&)emL
z77cgw@jZR}YN&cp>GN~J%5{Ci@@%fiJW~FjrILN;NiSY91j+pw@RSfX$P7OwvG4Bt
zRK22p*dOwTW{d2Y<bZ+NIro*)j&nyVJ_yjF99XW*wNY1-;c00y6SKFhON2B&Jjpd*
zFozh*T_h%(pnCGBh0GU{vb`uFNsUQOVD7QAxtJLR(@X>9*_z431-71``>rp4Xy@O-
z0FM@BT^c6d@oqp2*+a0#es8Y=53T3yDn451Ly&>4T4jjm>+%;V#rX~{Ss9OSE<bux
zjM#Glg$8O3bK;p11_-xI0A5a^uqjQT4ucY@+8zwN6a=|=3v*prwTOAR<>ZUQS3E<`
z4ehgjd6Et`iWsR&!G>7db4Salx%w1N%V^<MI0i0JxS}4(HF)YRPShBpn{5rTE|Cq)
z*OU9~#K=porCk^Ab<MCcMZu58UTDk-T>X&3xijz!#?Tv(*CqOqudynZagCfo%trnS
z=9NUPLY1e6A|N|HplfEM)xH;zUl8J}e|FJJCgp8=rFpIFuZv7f%g=ePVSumRMG+x>
zNHKA4^Y*hqUE#+vOL?yg#5E{)3-7AsnsXZK4faKwuh!){lyZ~@1Dl-%-HT!xhHw66
z2YRXf%{zI7x8h$6_b!dy9T`<Mx1riU2n8b@;2P$!Fo-7V!;qKEy)4@Vahn{ZmyQh;
z`>+Wb;jS#ETq{m8-231mQlDGoF8ooZCtJWy?j`)FCcCFj{F}lKE`aY5qeaGxyu!GP
zv}rVgC?85W(4+#;Y7VlGkpfzY!~G5)jdBxe<~h*+0T8-CmhUZP5!UaK<)g-P3j?n#
zpJI`)xSp(wk}P+B_ao<6_z&|bf7oiVQxu}U{`W{8#a0qnDp`ccmF~|5pMj=5b@q$}
z#rc#?L5LdIY|8UqaDTJw<ICWM($e~P;Y8vmb*cy<%!^0db>ytvwP+~oiJXO!Iq}|W
z(`SwGwhOXLcCz(D-g|eLWv}&Pqj*wLucG416{^ArcUP`A@J*E1I2M~7r|<z!rbW~?
zr?8koY?1{_d&(S2rsKyo6BX9d-<!^wmNL&=0>q<IZP=Ul&NGn2x>TfnA1o+NfJ<w1
zY6R*l48gs%<rphbIoU%?g1uI}e%skONq2GYzMPbLU?8PFX%1Y3i|Q%BlwZS6p2?n$
zqV5Zu+bDK#%L*7=lsKy<cxFLEFsQOPraEP*^O8biDewNZyX~?}4}u2Hd!b{(h4u1>
zgA<J%yIiJs1SKj=tn%g*R!@S@hl)q^guppTxflkL>5(x|^3`E)U>g~sx-?NdQ0gvY
zuI&lciiS$0*7&u%`xx()f))_?k|rGdyN||PHP}~|C%g2t+7Qqt){W6b<T^Aw?&?1+
z7KwzpHe%b)agt_y0VU29rO4WY{=koO6ws16=)%AF!ENp58_IO<lz;^3tB*UXBdnGM
z$%cE2yxr$--l8|AeGwiW|25(FjtWq^F;ix7UblvrjAu-gmxVd_KMaqS92XyzA~LS0
zYD8|H9|vGEr}iFup|yE?LR^KY+QMGJ$(&A8V}0iX#<cO*!U`Pa0N~Xj<j^M#nhsG*
zR;7+7!Wl39G>4MOgMDCct-%+OTV)^@M6=<aE>oz%2&wZzhd7a)J)WV4?B+RD){fPL
z00x!H1D;^A65_wPN7WCjfCX=1!ltZcF<uUVZP-3|SZ#lx_*N4QT=R(ZD3Q@jPx*Ux
zK4)%t2=RBu9|2E_MqT9dLN~&2s9;s~t<%GP57$pOu7)^2;v)x}rbg)sB6QSI^y;wY
z$F9LSv8LpLn61zLzpef@Db@?567zcOjS;SrM+y?+p<?IEL@YT4fp;~+%QUh$SGe`P
z(B7a<BF_XX&{H-bN4z=Rz&c^!M--HmHa$!<Dz`&g#)%X?bcGm0`QXHNHUohd9tF2y
z!Cy<E1+}U7S+r-*QD}=z4ay#JUJ}1nA0_2=uxmpMur}OQhWh?(G{N7~J|oQ{7iHc=
zr9h*abr&1U+_&(ohliJNus+s%Sl>a9un-5Co1k@%b2B_lR}qVKHZ4W2w?0n&C@Nd5
zvlx)Sj5SU9X`X2k$1?O@V^s?-D`zwtUZ0{1vMQM4_zKfx_#&fgO3&O|zm<fPyUW->
zJV*0#yhMU%2x6ZW=^T#DWKAtojwU=5X9dw%q`9;)eSbpx;fn~1$OVlc;*$u5EN;XO
znkDO3mpOEYAI~;QsQ7iQsOiw<A3UAb@BloUa&2uwO8s!)&zgFW2De--gTg*6Nu%7i
z6kbpI5a+OuG_p0-B``DrS4Gx4m){6j%R#qBNr8p#>K>CX6BzOv7lXQ18mnA~YRs-R
z3zZsy|0<KJZiBDiSIb${&kKg1xbkLoaw)7B1<idLA<)a(#;C!A-!%wogS&{7#Uz6t
z>K>FR=7Cf1qmM#6zL|~Y#Jq#0<7nqON_1UXEMuU`f)WYldfYrZhP@E-av0zhL$r_#
z>r$2|>8K}~LrFHtcW^m5hQ3EKCvu;er|Np=n>u$!>_<VT-)t6b&R)H+W>evO=D8e0
z7YG=U_qUq15Ff01fF7RDV%S4k{!@JA^(h}cB~yrS@OVQ`M%b7(_fSr<*Xipg-omuT
zDLhx}b+jw$+4$*~n3yP$rwXJ&l|M0qVN&%vxnYRU&YAfbN`6V0%VlM`rt>6qR(`C~
zz~yg=ZP<446!YN?-Q-Yey1KW;`0GE7zgtH?LJxXgDlsYv8mQo9Go-?4H-_SXdaM3r
zZlx->MoW25AVNw?UEeoHY<%QYW`-=>|6=8cNokNJc(vEZr_^)t_&w^pjt!X<@LG8^
zf!S{a;}q|=%2V3?g@*{>1&i@;+l$`=T{E>q`vQ`JNc5uVBq27>Hn@hE(@-YgN-4XV
zy9X|0<ijCx<%^n~J;WUPNNAxI9fJiog%ke#dxL%tga*JkA2cCSJj~Sqz3N!<QBmSv
zs8-?6a`Bv!b#2PrMW`2gbLLj+gZS5y_k@#)4<B%<N4iH-0c8x>maJ3ZB{PM0Ef)+H
zj2285^c?BiF;L*O%#<sJRAzh;qGf1YUqYVjd6A^vF-R}s;*7Uc9E|z-V)6Y%6jk+s
zjU24j!iFVIt9<GdS&1d9iJ(TO{9!we0@QBOKjNA(C)N8|Z$X|z10g7d#XrExx?6m<
zM21V@eA`<oUU=A}I^qu#d@tJKO+-_l--e=V8v0nLgoF^m$nIsOP~~6OMgTKSG_vk@
zuwllFbMmii5i?ZH+e^9<{Y`@{;7h}x(0&Bg5R{g$P<_1^*x~zj%@l8rSCAd881}E>
zcoTn7@021*E%9~vHn27QM;7ukDr@Z<oc#1WLXcL+F?K_zSAzye#}?LuPI60FB$!~e
z*|pd3W)T1eCQf;;E9CG_x_->1jT!n}mS6PAox}b5;TPho(V7;k(fa9BUc-iYT|X^q
z_7+?znB7;Iqxh@RZqy26wEaX~jcoq$`6Mwimql--RPawZU%qpv4<9VrTOp~&m47#U
zyIcv32%2c7gN#oEnHLXOeow+tVpiV(`EOxF?1zwsf84KONz*9%iv1Zss4hI9DWfjo
zFcfaaS^ML=FON8e#v}aEe7*#UjhDJouvv6W{i6N%_954LUd#1-jRsp$Jq-9RM(fUi
z$*Qt8Q3!;~U2VvHmyN6ZM%+(7U&S0VF-G&~i27mdOUm><q;Eacl|1j;0V?OlJ{<Ij
zg9V*FPFc#en=;Y+L+3H|npLRgln42i8H*dU`|P8dl7*Rxr$Zji;~soWOq$woS?mDO
zqmGi8<o_A}Bh*B>-=(_@m&|kOl$^p}?Eo){?~89b%c?#lR*F0MN}JJCi_|nd$%ef;
zn<SJ?zkvx&*q6YrEJ$>h70cL89q|Pi4RL^3g?xiDnITfTQ3@!&!Ah(x>4t(T50}(s
z<tZW1Pzfm!hkI2jpy%qF<9&DFJg+zl+}0OAG#Ep$`i?+i)B7wth}6MN@1D|0J7w-n
zcD!KEW}+|%3UzW@WX!_IDO}b-fN_`^zeTSG=>p;i5sz!`Yi4YHE;M-?<Qosi7iBP&
zTy%ax`-2$Z(}!@{a3%|r0&_M2qvcOTWW|!U&6LH=HQ8%(;pwHVY4v8=&|nx`38FK6
zFGp<m<!>Ndb5YVeWOD9O4ECJpyHz`8AviSFm)gE`^l{WQ?DyGtn^Zp+spow=4@TU#
z?0)o9Y((GwV=swUxm8+nCSlgbr>gNYxN0uVPot`qj7k$j&+(*6a)8D3q`deh(9JnB
z`zC;~@}Y-|ZPA|{Y&^>ALDX|VQJ|5h_#28nio|g%UxQ&DgyTFZ^13snp%@nCL;i`o
z8vkeax%LH?{H>;(g4cX6VD3DCZyHRwtQ2|C!d~!hDGzP$OHxA39UMzl$`|s2Cn8RI
zH8<|F4y<7XG~_<XgorRP4Y3=jFMN9}GH{#KTd}7J5JPeQEXNi0>!A(x*BMKbLnD*D
znRn9S7X>PFqt9VIoXLiF2hv!yOo=yDx5j|n!`^j>@-Tu<w@BW~B`hDCHi@_AEoV=q
zdZHU>Pqec1uBk-c+@}wBSF`{*=y&|)P9cLa@#u~In@*hkMvld{7K;b$9L+r{9MqCE
zJs8w_;qXmi{qXr<1p8KyFe-DijD&JTB+N6^Gi(OD7WuTYmeepn9lU#JN2h`{Bo;Lq
zhGL|fa<}1>s|rR6b^F$|$R7$(h%!pkqRs2=TB2qF!<lmnZ`NMF!cY;kusPp_KCQsT
zt{>{EFH77gkvgjC<LbQ{9fQobcG*&YhT|?dL-JQS8TN@0qrQoh2jeKyE8r96Q06)=
z67FRApT&ghWMS6kWT~MfE2Q#@1;ecOHl!C%;B;87{a6+h$G~STIz`@0*p~YwTaKfU
zx}M=>3?pMhm#!xs8Lw6P(7y(3!?GZ+Ygu|adfU!T<hf;nvFk+=?uVy129dp0-tP9-
zX|F?O#<^5nyEyS{F7C1pCG^%7Z*Hs`_Ms0in<lE@JwhL4D0u=c6d_{~-`?!UYhlh^
z&m#rQR*i#{#JVnQqPV<ZBtcv~5Fn}SbO=KskvK=4B*rn=`73%4qP2<mpN{I0?>voz
zjq!`L49tEO&!3tlRF?)GAj%fK_b9Y~4cAt{qo$eu6w(^7=%sM_s3aP5W$2T-x=qV5
zgH6*G_a7YT;h&oup5A%j+lTn>Df`$YEl=TNywG$RZvmDz(GNuo#PlR*1uj|+F?5<S
z7g*|rUmDWb_b&q!CPEf5iA(99EftuYdRU?4r$G|HrS!=rZ<8uST~RrQ!~skELmE$5
zKm6@{#^61~En+r&)!ZVrjOY{G`p}c=iR>P;T{Bz!#W!@_tXHjdD?B&i22Qj;?hj>E
z<p|1*leLMm#`T-dRu#8~H;24e@_2a^S`>^B%?c4gxtO(U(ZRAwKz-^?nRAl<O5QI#
z&8qLVP!2p8FPSNgKT{_U-?Do9fJC>lzHYOAf&rWG)!aq4h}E}?VV4gahf*~lO1@&+
zkfbm`4X!ljp^Nj*MTYk=yLj@_8=Nl6v<$Ar=m(tp1HXh$GOf!o_<^Ec=x)Ab%I(dJ
z#Q_0qNd4am9w=m?&n%JZc@73gOFl1A(tGC`%uvSS#fEFw^#qF=(_Z^{?*055QA$OC
zZ1L#N38lk=>6Z*<ERbt`!+)@Hl6vx^5t*MmhVGS|FPUIS77*mYT0vVg<qriTp5eUO
z*hq#=-1qYqLLg=mTE{!~@0PzsFXi=5;>HGh&;kplPLj=Ie1!n!%of3R5FGs1&43?&
z@p7Dle52HXH5Bxo4vF@KXBCAc_^y0BmmVrre}d^_2ntp_^_U2N`iO~3ZDnBYY8;od
z68&Yjvc}h{3B2bvbkPCW1c9PjAs(4?b(F9%$q``jfw4Siv65M^9lDu@kiAerIFG%J
z(Z>T5@(zbu#cE!~8e0|7D47f+=p5OZxH(J<7nnl7a&lkfQKwV)plp0AcH{IMQsF|`
zW<kJp-_;L0R=q%yPENU9hc9$=`KnP-ubTTct1RPQql9T01>!79GRH9|Tb9VbH7UPf
zxS-c-(b4Dgm;0mH2o-6C=Iwq1KYpqD&!u4k*5xJ({qFd;`a|?$(g_t&o*A(70UzWo
z#ooL>Q-HkJx4m!8{b@{eH>^}r99&emhr6C1YfS#tA6_L{MLvT|UG&QjU9E5qBpc-2
zWnuc^@mm-?`rxfIUNVOTC+pgml)jgqg;&&bm3(rpKkuYk#2H55lCWSoFHxRQ&xKnm
z+0duL`LLqKqdYc3{@d)Fq>`p$&IoCN54jr#NtV6(y}%Ch((lF$(I8!RDq9tM-`HPW
zIjg5p+664rhBfYlEnt`KOn^sDRZDnDq!p|ND`dfZBMsND{cUOdzI?{?vVQgq09Wr%
zb>)B4R*^nZ+NhO}!5`P=uAZO_7s0|}z@ViOSIC8!)m7BjRNNC3%j@bx#_?ZWhl>gS
zo9%$_F}VEu2|1W+<2c^4OiYSgaaKjcZAnqsxVc+00%`dLn*Q!BYh#AWUgmx%K9eg2
zEyOrOxo0%XbTy?*ShjxSD?DpJx?X!pK@IN9(kdR-T%w=3`i1#=TA7f{1VN4bo%Hi5
z&ZX4B^_B%zoUOTa&9`W9lSK>7OS2&s81#1BoE7F1K@w-K)euALr(y(*5>|#EszJ7W
z|AObRaQ@-}7)pEvviIFFuXSxw!LlXllJ?9-1>QuQ?b}XAj<4)#s-v%%tM<v03|_fo
z-HZYJacES^FPH`w$~JeibRm~l2!__6g_Nx3BEkh)?u7lmX7M|18WNv}AX2{SdB#H}
z4-F29z^kStHOME5x~T+ih+n-w+}@q6Iz)H`;rXy43$tAehu=uLoOGr~<&8fx(|JKu
z;Ct`@jOuS)Wg+1VulBa~Ht#SU&DnV1_|9w|r8MBsKt9EpG$4LllTDCwQa$Gv?G9IC
zaW^U3FrZ#ThJhugOB^Vb8jWA5@5Q;V!!0f%CVTF@>sw9CS%f<`>XKJ!mWW50`gM{C
zl!r?nn33q7J=2{B5-fPHk9Wc2r7RA?eRS0D>X^UvEd89`^Gs&O0cgrkgokhoG*EKP
zXwAYM0_0_hg8p9YzrNNv|NrvorS=!k!4db}jt)L^g~p{RZ3|I8AP%)O)t(|Im?Wq4
z#3+#AW-@l1pCH*@+#tqtMc(2v+9z-=#5J{%P5yY;|C(b<bs(3sB9y+Wt-T-}x0S($
zO<>%P{Kd|&9UhD2IZxh+Oi0TPBJ9RI!*}$0+<Rv8Rd28(wJ2Dj`R+=`Ii!nfTt+r7
zXyTy8Zfor|AvuJ{BC)p2Erh~8yv^yzd2^OP7(A08rFs*(eDKq3MT0SDF{F7S7ldtm
zw#zyx?p}ivf8bYT|EIpIcD}0;CsmXe=AG_AcGdw@fe^<p`xb;}?>(AiJ3s7<`d=`+
zmp3rv7uNm=O_8o}UJ0+`gees*n05Bn&y5xrlT^(;7X$F+<Q7Qpz4n`sV;7mF+SJ2E
zhC*OCE+?2~-cGm1kz<^)JV)9BZtBg>i)CAY5)pMs|8`_ikZR6`u(WGhcCCwB0NBw=
ztD4lFTJ$U~Gj+h#Enwr$tg5>@UhsGD6t#9@<XSL-1l_rh)t~;JDR5;F`srJF7Oxzh
zLbl3wOFtg1BdXrAbA*kWI>Mx&!|u0Rc8{EVwC7T-b(&QD^^bEr%9lK+SOobIhP^q=
zSnA>1#5ClS%iTK_*$kDo%l&(h=DV{$+p?-yd3WxO7pIGn5lT0(v8-y8dv?AE=85cq
zchzqUu{r<-hYjCnSJk*3>DeV@r|uhAX^q8H?YUUD)=C*2223>71k3`=bPQ3>!+}G~
zuSK`b{=WL^IsKD&a9fc&e<w2g1(nia8yq+|kZoaZ0R#fA-#>&{)!Jj_VTgj!9c=Wo
z$xVmuvJPAF&_SUN=yl;CL}U2S!`OuuCY72dlDv@CX@QZYJtyRk#+FJo2Clb<^)xyb
z_lr}{%$9R6Lsj*enAQau<@fUbW4Aq%$Tt8ZiWMkrn_9o;LVWn%93zs{mozXdKG2>5
zl%XnOuFZv-Y?>bJ5t`l|E=PK5Ni@c)C`^~niW}k{&<)Dm?mbigs%N+K9>K;y7tj%T
zb1fm;-##7x_pLA)*Yuik=y5g7CGY?luw%2|A~aXWb;<ppVq;T5wqUZttGZ#4D%f4M
z#By&g_0j0t@#Ai-n<VA?l#iPTcJgM;ss@`%OE0-GYpfuwUx8|xXTT^5P=i>6$aT3v
z-QMP>Bs0b1olkyvkEv?+g#|WO5;d+ClJ#L^?$;BRO?^@Hi%Pe#LW~hB*>{v*BPBD)
zY$`Okhk{sAaf0t<95QZEfBGAXK?G`Y{P7?v!A$bKan^SG?w@f+E0P5o(wMvM?u<PY
zn+0UVT~TbYI<6u-v*7ABQt|G)dfip|S}gZ(`0jQ0WEhVwXPx78DR7)~@ewtbp+7!2
z7-|&lGH`eC_?zbAq98lUjii9c5B~c7tx|8S_Mb2S*nAwIm6>iXbu`bs*}Tw!RxT&K
z1fmsp1OtDH`1_8d-4h1ibO{*5agq3H$+KqAW02gTWA9*~44FCvD>|mlj5lT_jlbw}
zfn@K}1{7I9Q$XXU?V*VfGj>;hYPa_0E%1|*OuHu;5PsSF+-tR;SyfJDsXce;`&yio
zk+sRrFwtcy4qz0V=N2*+?f@7typ=h&^-^hYgs4*H<h;v)oy@u|RX~2d@$6)Kx6xi%
znbJx@)!uip(Tv~4_sLMd5f-@O<GRDuVRO_{=R<F)T}lN)-TC>`x~*%?kE^^5;G<>X
z);-ORKiHW+1avmG-^@I6xa{s<m%zizKu71du7>ruJ_vkv$Y7qn)bZ5YIC`efW-4=S
z<J_OKUsRYat(P~(Bbb;fPX4xwcVDaJ9plzA1chyX9lUO1*H?Xr@lG9lA$+xFp~#)j
zI&qu0OBgDfNqeE#r830k)YbHi6ko1;`20)g(9tY_BZ2t#`nLG*&_}FBj+Zm6vxirr
zxi@Vu<Gm*rrbfXEcdbim(>GNiRoG)*53~xFnp_b1fkX%85e;re^oKB8aBcd@8uqv#
z9yeyy2?i`>UOx(&UQs=!4U9Xj27>CKZ>j@{3bg`EOwZ5!=IoB@&L4@<3o5Fj4L^x`
z#k?I|F3(bc^_`R{v&3!a=s`_1$FM_ZGJ9phEI_n}-WhTcFo3yi(O<U4p!m!waNqL%
zKn4jhE>X%#lq+~nRpWMg1MC-5Sz7j+UG<5zkrhWvBp^{a>$wkPlUMM{^=bE-?=(k|
zVQ13Hr{JE3g1ILPI|!ehL2nDo^39WZS{<`1SOx_vo+mLR*4t43csl*ZK)%J9RN+G<
z`-j!&+0MZUEo|newl|vtlLCrzOLja?W48~d0)Ktg(^*q~W>`Jjo>Js1l`*xP+oY%M
z7Wnda4|(v;c>q>^(r_&$;9;tmiol`T*JtB;BtkC$<iW3mpv0W)U6OU2s`gOnP>5M@
z7}bg!Y?Pa#c421y6bq>S^ep&hrgjGGMJ*$$mpi}PgC7%v<Eu!}HBnmyXWuU~LV0Fg
z(`HZ)M`g@ic<1g$jZue1p)FGG`^dP;BgTkHXgkEQXL}DBe62QW@*3%SGcm&+=zBAZ
z1~&ZFH4188vQ%;+!oO~kmh8mjMWj{NOl5-YNr{7kYvu~nF92-`-L5P5N?k}#q>s|%
zn!JtZeegmzwd(423z^PL^E6LQTU$OzH4~G}yLYkKi~47y4VKIKpSOiL?I;}712$G)
zEYs>hFZRer*6vdLi3S;U?^~y`@xKUkyL9+&%Ub=IuCv`5Ay3LV3)^wRiPq$qAdNGc
zm>a^Z@r8WmcLM8Qp(_ybZ3bF0$9K}tbC8AY2Fha(v9ZiE>Na8@29J&Fd<@P;ha^c+
zUQ{0vPbNIyTX~&l`{C`z(A)lKK(=72eM;A(QXn`LScnm1;Ky^~;OA5NdHDP`sYAfK
zv*Ko|@2#}pDO%n<JHGPiQISPz*Z6bVBB2DJBT?4uy)5=D*!%0^Y3uSU${sX$flo8u
zbtw09W~|fXq|XT5X~7`fd;v6cQT!rXre)&B+8xg5;&0T&Wbf}6@#N<5*KZd^f8}-<
zRk!$IlMzeFqC&#=DqH-1obIlUSJ*3Lc6yZF_#7_^sv-MohCuK=T}wOdW7nmcsRDtz
zZ+E%zX~AqG)Gb&8J#%!H8r<8orx18k^BgAzHU(AJ^-cEueo=a*9HMlddq!bzKrG%%
zk;HhT*j$nrVWnK)`6sGJ=JN>_hoq@qDT6Wu%q_-B0ctIQ&Ip$GgHagK@I%T$!yLoP
zu|@1Hh@mEt)Kp1u;NJVw*1XqB>X2-CT<#4)L!m%^oo?F+_|L5zxt3qB+`~(*T3>Ka
zVU%MeFdyP76?!Al*W}pfU#o4$H8+!w#)$FvLMo4!3iq1T&i=X)o{)8M*M7`SF-r8@
z%8t_ZMxbQN3`WQ<7`x?Ut*@hvE>pGHCC+ccBzAv%+C*fz3py6rA4?-dmi<8qcLFm<
zY0a%Ylufz7J8oj}_4i=q!mppdD@<iqw+VcC9h3S_U><BF^jcHwxO+9cemjcWP6@Hb
z-N`Y=&Xc@#_;KLUX1LeQc~nAr1Hn~GBkUb8ANeLd11xsI4IkF%3rP2UT9h<;{9SSn
zwMa<{;GNK{CN;P|as(QF@2Z2{%F667@}->Et}aFPvn2KMfzmuthhlDG93%sUrXT-$
zaTHWNh^q~2Q8R^J0`91$+Z}vP0D#KJ=liZghtcIBer<uJ7ctGpIbl6bdza}~6-DTo
z{fAPGwW|a4-z{DF$Ao~v%GV11tC(}YRHC3B4{R=SWL(AIpX{!`R?Zg8_6>aEvf-^q
zUFax$pQnP+0{0qOsWjiE)m9?U>5N38kmC_8!N#PSD*>d`cQ2j;zkiW{sml*9-NxC|
zWb+6*<hwxx?DpWBZ~5i%lYwqpGtsSuf(;4yv$c#CC^X6JWf0XHTE87SAIRtT8QnUS
zfqm=%1QPE>p1EM5x=vt^JfeeGb1KI@I!5+J7it91+X~e>mHk`o3fPgC-~K!5X=GjU
z8n5NM3dxom4T$x{OVz@+m2|<UTrz75%aj^|v#cU3vo|;VR-`xZogO!`=&hVQXWGJY
z9@GL5Dh^yAvgO^K$cbs`^zmMWYptp(^B>P4bp|#NifT3&XM)d@Uhm$DqTU!(q8d3(
z9c=x$x!FANRB<WF+`=NmF8Fvbg;y}xeOS$jHk2P;sg}F@bK=G2EAo0Vr#6I+aWoq-
zZ7QZ%o7xk-eJ_$%$9CR|C0e;>F{^69g?xrL%}UJr#obr>C;$Db$(Qw_!uQl{bW*32
zIpUuOs1wXw9npUYAnn=cS2x}dGZbMnpIute=ts47fo&lh7uBF$Sf)<Uh<NE@-V+Pt
zeqK1-eaYCg@>dskp_IGTZLHncOBbDSsaE7~ng71Ri_X~V|Ffthui5@?Ou+NyuCG&W
zn3A#i#jEpGb`~D)$1Q5f@%w9;Vxv0i5uz6S&QG6a2Iw|Uvaf}J>!u@*8%g!jfl7BI
z7WzplCabqD(^dwxk}VXLj@s6H6_vO5?cI}~lfyiYmzuKjc2pakRIgVL%4=_yg)Qf4
z#|8J)&#f_Lk=5IV-FnsBYRdo5>bVI?wvspWCVxax<y3X!lrA{@J$}r%Y-6xVvi9@t
zq?E4XdBVVHR@jqZ+WYWlJtKcguVtQ||B+_*zPx8|j8DNM+RA({_-Y=vgsfN)u8U7*
z(`U1PhdT{Y=3ZX8?WG7pU%^)34*TS(W0yiIiXEr7BqW$0rHuxCVon{EI<3US0O`)}
zz^boe@-#QgRApOo))tY_;c<pMadkOdsj{oR*Km;KJ)3X%0-JDNYit$vbX)%Mu{6%k
zd+5cH+}`5xL_^8!_40E5ohRXYoh7o{)hI=(9PHjy27aWAay&maE7{`nH8GV;>p9^B
zZ+Wt2=6(DGzY4aF8%le<P3K*b_aA%l|7M37`#vPZZKFEA0%RL3N940xRZ;r(n(z+p
zuuzx<TN6kuwM(nFOGq3n^u1AxO08JE?N=GFQg75XaW1wiWKHV!LeOSj!;?*}MlL(m
z5L;}|tu%T=0M$CSi`wzR-qxL;PPhZI5wO@>V^FhHkP9K<N?2jWXFaJ8h=u-u<n3BJ
z9?c8?sN?uQe$y;<z9^f%m@G2RC!p#4{4L;kXQI(0bvR8<prSVoa^$o8Vnd*D>2qq!
zbJsRHFQH|(XQICN3DQFDp4-IJp2KBppKmA^-asYggN}DlL4k_n206Q@HOqb<4{tqY
zW|T!6ok371ybN^RLhC0(Z26~te){adA$TrjxHm!nPDfYt?JEviV-}7qNm5n*3A(FM
z#S1nTGENa0eDUu}+i%@nd%kmVleRaNE*OmOvT1<jL97$l?4;}*4G*3c?{$@Vbipo8
zSUcF!=il6R;XltXmF{81KY$RX(~TWtQWtVh&7_}S3uDCLq-NtGW`J9v?Yx-!HD9wK
zRcr1}-d?{t6LYM5JUw+xR{W}>E;G{ot*d!)r1My=z;o*zXKXVV=SUo*y-Fe5R)x%p
zZVq~cjBIR0?S#14E7v9_j;pNOT%G?fW~<A#m@-^7vwYViZfV2a>zn$!{!@@ZQ9GA4
zp2W%4$(En#12K;9tRSy0`^_wWuJp|pmM)TZji1Y?G#w2S>WUx;EvNHN>P~gL#O`5$
zjVjLGhZ^d_%Q(7E-cmDDbvL=cVoonmzw}R1Sox^eh)*Z48&B0anGY35x0Yb3b+&t-
zSf&n&$rA1>*WCoWtG9OtPX`-5Y?^=Nk6^!LTNgA3rYBO`L8ZC$!5HGaoa&LiB&3-z
zG4u%*K0_ixyBj0lK(al%!{&4#-lQugyy~YY|IX<483vXr&&?ndZ^uC<pQ|n{FSLu4
zv7`)ZOc}wE!xzQPO51x40`GeyRW=5{zFl>Obu6#5!UbP0p4Czr@!qfVGAnb{$nsuK
z(L6mn#0fTL>PY%Tji4N;9v@U&nV3B3$&l-{skGO6Y!z(v3<AAmc-+>Nwp%<}{2WtS
z#%6#xs*y6{xew3KD0o2rXCfkex{&^MCYB1cA_?nSw`!Noh`5YyovHT~2ZE`Sdme#1
zEB41eh%C?DmVG7f<Jj33w(D~{K$<%Q|LjnEbFS*jymD{cowY!(rhv80*{+VM=i@fG
zpaQ&B>+XK!oV6gog4fq6$)=V5lRXrl4~M>=9T?5#xnLVsjsb*dgYzWT1=>zhhN|kl
zU!9L#4rg9p@>#ao@j`ciWCGDo8B^qVV`Gw{cRRmD0(dvJ6vd{ubB?9kE4EpV<W@F_
zdM#UlG3)xCES3>W-<Dl#+U$8C5V(BD=X2=kZ7!NlYgCgGop*DY+X+XY^wr$>uwjLm
zW?orNWg9>753I|*oww3~1dYF31EH-f#2l1dww*H4Z367bAqTaeSDoPUdv<kfmKD3D
zYjrX;$Su^(&2H`vBRSc$pAiNb-Llks?*&02F553Q$t$h_68Aic@6slEC^X+Wm^&`p
zMb&-%{J*$lg_WUe>@T*#TQ4(2&!Ue*a>pFEhy`;jHJ9D2yXsGFFG%A4^kPE7aWcLU
zAlI^|W*ce3Qad_;YkjZv?D#uN_Zq0oW&Q2d>=#E30Xt;>V@Y)8g#T3VJcU@gf~FV|
zhg~;2WO=(+9k}a%ub59}g#-#Ktf@3QA@lDT{?;WJReILcUQ~*l3PTsnl`fZ9uLLzN
zr=rECc1P-ijT!>zq7F&`>PLs8KqEiUR8A>H@s{ol<!pWz<#M}~mJkPWguy&nLz_8*
zHTn$02f7oeBJXW5Mq^j4JwB}rMSp7De)WIz8Ai1=lD83mTWG2Fl}L0(SOJZ9P3!Wt
z{A(*kcYMsGD*f3zWc-&Dg7&c_u5P<I(ULHq*+l|HZXv`9AEGE`l`Z39`o6}`)YcZ}
zLG&DUo3P)`*a#08^O3d*hkFjN6!m!AdF(1pcYDAX-~UhhM|f|+1G6W7CF-c&I(7?#
z*p(vfKxo-=+)l$9n?hZ$-u49^?eW^iy4CGAhw?`sXw>c6C@zbsWBZQ<@Y~j<rQMBZ
z5{5kmx06<M&>E9j4bEf{e>TK-=kb6SbmD_||JBw>*+LE%rTA@3eeSj|v=_d2SZH9s
zU<#UCj^-BQ$JgNlFV{86)3%@w3995_%{OGRTensBS1o+>iQ7g^_n&oLws1jreUKlV
zbfu5j6L)mXZ^`zSwDt)}Y!n&D7kh4O%g(#B{hLC63uO4=2z?oY77Un0V>76?G1%vY
zyN9gI*@K&Z1n!(+G^FDl^Y6^nBy)!J^tequYvZ?be$d@!**O-Pv!GNxv&kxE8$6}i
z>fDnbC-7e#2qV}!r81BDGV`-Hv;e!&PQQs6KrlSGskq~s@2|F3pG@3wJIMC9mDS>E
zJ%HQX4WD07l?ytXU~Dgh3Fj&O3t;D(b+-*-si@bRZAz|sOrUSOyh4Qj3l`^oS)C`*
zJ_ZbDkNJhzfA&`;^4VYKu#-9rpzh(B-(6;mX%z{^9&GZ|+Au@vz;WXATK8CUrJDNN
zdcRf{ua(=-&#Bgu4SAkjLJM05k%t>sAO2Top&CvKJM1iUh>?GHmphi=QY;OXkP)s=
z-E%3O5;szqnpA!RYgO6xVazHH6Pj>O?@q4t>XtZ|vJz+p?1mY0ZN9tH=x#VRQsp_;
zp0YPczuX$R_AL7v>N=x}o7foyl6~3>;^ar(=~_K0+IyJaGwVCCvApiFqqs9)y?n^4
zIgUBpkI%ew%uRo5;-C`+y>mRcCT9~AIDIP5u`Wu&^yATg2i;RqY>>gmlhGt>2?mt6
zq;lL7a$tBjXh)WG)^ao!ZrER@SbhUN@k6vU(>J@K?_hahu}k{mqg!9Gt!+jx?)C<|
zq?Fe9CE4Dm0oofes{f2sj!mJQbR|GTTMA2c7=KD=>Mdc1k(}P+0}ovoUO{E*)aK9i
zooCwE0&HtM2g&|>m0fp!sldUIb8=wRq3e_X3=98J@FZ4)Z@V*XKkwuWAl6Zre7ZiY
zSE4(B`DF}u41r@{-J<2LR}1gM`EqzN(a^g?0%cp{77j6smsC`@iJdvE`o0L}F!C03
zdT=U_2tWL1*(&rYK@+NBA&8&cQ-|h`q_3`yb7Qpmy}Eg+J7Dq_H~lOvZv`GGW(z-t
zT%XL~$DdeLA4!}62koyIJsV#&VpIIlB^fzd&hwvX?0=Y-{CpPwlPX-S@s-wh*1<Xz
zC<Ew`jw7#-p?&TLyLbh*W9O`lGC%Kb)CT2dwiKBsF8VTg#AF8C8liOji^Jjx|A&;*
zgNX4W77EipT8Kvm-jM3O%AgR-JUt!Cm-ja}@9_uj9V5mXNxazAkb`dj6xgIq-MOp0
zU*fq)xxNqg2!*Lr<E<g1|IdtC*WKxn?K!gPkSrShkowz>y5rN@Q7c*c$V%>+p?wJ>
zvvTa&W4{O{EY}R%N1k+DtIj{5QgF5oGOzhXFkcHx(DPx*Dn6XUhG5nY+uh&83b7SN
zSKR(Nm`<K?A72gGD)5)u^>!gYUEPn%C<)wpu{n6Mx1k_9_%))^W4uSFrln||nr%^5
znXt$ja-IYPIo9qBYC-)x#_@578#%B33%zySjE;6Bi@HBeGWI&$ur8k8-AHeJ{U#$D
z1OcV(SK*<TmGwoBXZHv8q{*-0jKKw@dT^9WiOZlW1sjI_y@Aa^=)Ebqh5Cn3G4vUO
zz%J+Bw?c4+CjOs61-kID8exOzl-A;1#*yx&9WN!7TxTc@lU8Tym}3QqLt*W>PJi{X
z{PCto6Z$iFSIvgy+&(CCUt*HJ)uS`+bb{yK8}~n|Z2ZzY(Pja0G;-R^tX0&JPfpb_
zz)FkIu#I{0G&RU~kTZ`P=7$^xdACcTFqXK9>PaM<BG|?Qjk%}Kee^@T?1j<MI}am)
z`+I`h#bMxo0vYU#m_2b^ztxkA<-IowEO#HAp5%Tpi8mk(Z(pE%Ra@9z-fdT`CXGgJ
zTx$7E5Y=n<1cz2rBLB)$mXP2%`!9(7CsLfBZHVGDDm3XQYt8_ek=gwlLGRys&2_6>
zR+OGT8@O{@fwS9oS+p#(Nrvh(*eRsW=U2nH{CPKj{QX0J7k4qdC*=WsNKN9OE#xVi
zQu)GYZ~TX?SjfVdDB}RjWz`2k3LnPMxGS7|kM-%t%BoALNN7_zBb$0Q9+OpHn~ocP
zsq*>4vXhsqPtZ>NYkLAu&ZNH`IpxKl)}-V>Qv0eW75NZ4Hy3^LnUz*lO;$EYx%nE_
zjy}B#KeD|(*;1pSr`1-8Zj4K_!}~dqdE4FC85pxCws+5`Np*Q5habj<x<HdQo%kKH
z)uaAdY&xQ}2xfY3*+DJ=<Kdp{6lpM4zh<SZFxp6poyFAe#9vr@(d0!1^#=ZRW<9x{
zYmlIde%SacM`(NL<$oH`f99<CM<FhQg?n1(pyW1M)RJWK-5#TH1q|bZ3XzV(AN%Q(
z<_bj<29^K|BnZ^9`F*Fdc-?xJ@ySD;g=iPM-zb$}HVpox5_kT@KgY!`5r3|OD%b9P
z1>h|bY{c2tTW4Cl_1idc62F>ngSXqDv17n3UJhO2l_3{NC0({b;~#<AvGE<_PNymV
zmZtyNbcMU8^DYK9>Omd5KBPNX17;Trx@8R<xC3{1w)o^%COY-G(eUKqhviiSieu^U
zJq0fa1mfOv6jBgy)LCs)fE}oMOc~eN&TdW!7XN(uA7T1A_12OlsdQJXOfkoU=bux7
z-5!X1HHYezz~Sz?7NsZc+H~VPpFL*4=0U&kd#NlQfIGiWQdDG(b^c4nuPRv}Moyg8
z`Yr++*k_o7PX@p@OCL3~PU1xi8}vJptP*@LH&ze~!2Xx3NBAm#(BHptU-`l9CBc|1
zWj!)0z5&4ii9d^^peFbC%;|2Sj8pvoX|XE=OkgI_!7%vLYK8wZkI}U<*fDmeT(P@c
zzQnz*=$Xev%~usuxAnYwu7(6w2yVwkPR`l8v;D9CyLiSj7dnIs=efmR%!*>B-v5-u
z=yV%Ctn@GcEWxnu5W!0a(H8OGMTKUXfn#?1@3EPLa0tt8!@gf%GQtdi8RkG0*70ad
ziSGM<ho_G4>tvx{I(SMdr?fE+M-M$eHQ=R}uMeeZ^iX~FSR9JVvFsP655zG}Qu`&Y
zQ`Ld>b@s2K{);@x0n_Mw42+Stv@0sjG{z~Z-B@FUmqUL|K2^KddR7#Tq)(-BXI!}w
zww_UM+tNUAQyziX0MHvnk7|v?7@xcS+dueQSWWYJ8um`+6(LChrrQ1D^h*CX`58y{
zg1PZEQxZ$*%vmJ|GmQvkkj#2%{n3*>0-AfuWWBb(YW&r<UZ}!<=|DdxV;2H%&KK|%
zC55kiEBBh=T4PiOHTvE<+6@J0ON~%O(dB&A-#%=8uk(wO^V>DBi7hG&USjZRO8B6h
z=wI(^T7n-6o%#px*o1NpvtBfRT=>CgE+w1!H~%J`7u(%Z)`27s`}TP&`sDf#z*L##
z|Hsys$3wlh?>|pYIVDsoA)FG5ELpQxib|*)>sXR~8|#o|#!)9KTL>W}NtPMQSjI9l
z*=1j6Y-40+23ckXWB9$D=RD6jo$v2&uh*E*`*XkV`?~M@x~>tdIc#wjoSd?$aZ2SJ
zFH+H9C8P|V^q%XVr+4XWTv?;OCEhIQaZI{^G)nwUE({&OnZ4f1cMH`wa+f~;s#8F@
z#ozhbH(hV5-6;uEm!;|Hojl%=+><x{p0STTMDHQCth)8B@U}+j4r}cW{RP}ta|1k?
zKf~rWpe=O%`zO|=pVb#lS{&t5b70lYkw)q?_3pF(<3@Zt8Fklv3A{DaaRbGcWa3HU
zl*B`m7{Dv&0>CpS2b~PA^i0^D#49Vdmv%0qLap$_weIuopab~Gdk@~EnRD#G-v9>D
zo@`W;qp@>$_*H&>HBqW4bUG2HqeDocpIht*n`6|%hamFGqY*DJAx;y0HMfG?657|r
zhH?-87pD9#oxD4j9nakV-!#U<&eB(}PZQUTk_^lSF87aP4`FTI`85t^OBRfMq$S#&
zPRr&+coO~WB88i1Bl?hzj49sgyKXtR>ey{Yb5H$nZmDN|5Jh{qZ9-J^;2=yGJJndQ
zX2K7)GNs%PoOTgkksP>9l(p|Q9Zs!Cij=YOY)SGAa`3(cJ@2W<KO&CH>Gqwz%gQdu
zS{3t2)!P;jKASj`EBSI+FR{U#+ehIm_e@<pW>T-5f=Gs%l?<X5n@?)JqU0kXojZIs
zRr}xX+Z$S*p@Hg<X8Ezd54DIFzAdt6q(0mYOlN-&skBW9oERn%M{9`bZweU9^@Ekr
zGHxE<oy({uK4mR*n{!I~qfDuxL;uM|BLd(JH;TQWq#iBWS>Ju0^HQq{B<0OFj*1`4
zA1Y~i5Qb9zSRGvNJ}#_20p2`{N1^~{fji+XcyslsaEDQN$h-uqe?8Y-b76SlD?RV|
zFaL=d#dDe*lhtA#)f<^>3-J#AiLRp|Yn`#P$9d@)PAk>{eQKhWOZ4fxOxY_fE0fzX
z^}T6P9R_<P-KYPH>HY_A^~0m?-o12D-|QRs|8e~dO|;EdZz{#~<@_tTA3Q^eXq{aK
ze^47|4(zzlRBMt1AmDO|hnA12uRl*gO;+#Ei1`loOQQ{?e)_Y6|0AO)s+6zu6c7uG
zg0<&ePT9N-t=g<O5zMGghznj_+7eZ>4{`ez;BBQ47!%kN2p1~*|9!O#e*gO6=b~TT
zKx|Dsxa8P-6wEs^=%oP94vWg?Vn9fiaO0JT9%EMq5%^aW6>^cnem_%#>B_W*t$lGx
zUozsj{&(ndERQG{GTYfb;I<jlYt-I}HCVCstP8qdqsfTPP$g^LrLNXstardsA^?zS
zbxwq*!rR`T{>M#KymU5kKnkxAm{5QbN`D-)Jp}vwdX7qJz@VOt>w<a)fOY|U$c_g|
zy!)lxty{MoBe(=RlB6K1EkeQWzaSx%N<~<@h411(9^Is5F6|Vhlf#BNWNewsomyIM
z{H<)1`p@r;L>p2Fp7Z=Qn#SVePuyl_HAej@9>Q5&XML<Q#kJlts^D*irUJaN_QOT9
zI4A#fTl-mc=*NI%y9;IHeoffKpQ+)$m%3W)V0OaF{!Y?|hp4TS`!;*-<MWr4)l+$_
zKb`{<VsOD*V{@v=zjc!!X^K*)@n3Qkf^YQBKF}337HK)_8#P=L;2GRLw9d-soV|6t
zi8g>-c-}uBxbXKRv{#pr8-Qme9;Q*`l<lc+Xu)MmgkH^?=_*4lliSU@*77Z2I*S^`
zT#}_QV(Og})V``3*YM>|tJ{8@JF1lGr}n)P&7Sp-+`ac`)61^1PV{Sc^&L0Sc#L$x
zZS1J#%`>K_OgmyPpx8UNs@qWG&2K8lgWA=1H>VmtmM2WbsC7|^MVVEPn~tFK^V<qh
zF;)%VZ3rH6GH|<!{fK!;lG|%=`p3!BgwOgRivB(I$#iHiuex`I7C>0?x2TMyY7eBa
zx)ydPoyfcP!lLv6F_cZZYy(wmLl8ZO7U{$l=_}~sv|4tkHA7ma5X(IsofgUHsCVLp
zABXjR`T0MkZHZGY4Ku#8jB@P#V$#^MHPOUlMXpKL0957H;MI97$K7~q9{|*DdTVIW
zOqj=PEj5F@121^9#<)%pt*ZUJPZ8==_IB1gM?LYRv+7TZw|1E;Y2=Xg=qdy&i23t)
ziR0Ai_0lX~Fgdwk-9*D_e0m!(Yj8oc3yPh?-~ytrfJ6m`Lf|3&tyhxA)38G*gTd$)
z>rgim)T74ok?@BuYN&s#DQ<U_mwB<o38MY{b5qkRMM`IzOmeCxZoOof_R`idf@v+=
za<4#E89MUVb4g0EvAh?dEQ0O7qvPoRvR9RfCp@(Zg>W7C6ZJQAiJ^%1#w70-o!{-$
zC#lxp0@Q*5Sy$G1!-gSsQ9p#FZy|ZS3Fd&_8;<ySDu41Wxg4W86(w)!0P`|XnK`*$
zF$!hE>zi?K=AjGp;1#SB${IVO`EX+kCLo1^aHg)kg}a`6@#GXS6mR=GW#!7MA${RW
zCk^Ws)w{J{y0d|TWTI!?Q&66nAnFgxhaMHufHzp@GUn~~A9?-?%5#yKU*)6UNjS-W
z`sU<z+Rryw?KxU$@I$9la{U%OHMh4RvmZPWvZhF@m0_>*icRJE3I4%+eCe6;a_A!E
z7#!3y*d=>^sSEaH!3|v!sJYP60qM>!hVMw;KTq;U&D~8ClKp(4suetI*jGNM2*a+c
zs9N)zDM220ny9xYt0%HO{adG_=F$T)z(hV~+8;;*yGQ|K4=zE~0n2K?yecTE`is~3
z-pPnTfzC*qSoLODL7kCs1xUolS0?#)S{BO%juX%Q?TLT$4aQYI`5H?%d_sB>SRWM~
zT)s3ixPKcrb~Iygif(ZriL8Ioo9cWegR9)zj<zu^l3xjgMpcD4EUg>uR=cLF_**;=
z1Y`Y<+PRigRyfYXAcN`h=pNPi+&Nr}i&Z<d-#9_3D&h>Ec_m-UaO{}{WyO+YCD*?a
z=((g{P{)ZM_KJVk=Fm$J136su7nBwkFVSH=m9v!lxK3`oim=WJBAb>)sdgjHE>>e!
zq9EP5uUSvJs<9T_V#_9&*P)|l9>oZ%5iDz;lvFwDV`obPX8z2g7oTD>0P3#WQ2WnK
zJ~#3Usv&!QzclGyx7@26ccQ<o^xL}26t9Jz#A@XR74_GQJAt=;b_g}M<XKDGKLh!>
ze$URdZJZ;bY(DJ^8EmxCfo_Nrl{Hq?EJ3y6{djFo+s-O+aJD59e`N)3TNt>e4+nQ1
z>wsYP7tv31I_;0b*t(V<xMrffMrN0wU{&m5Kg}iIr=}bf82!IVH)qLD-qD!TTen)y
zYCiFsv<DDof3cl}I4O;4F;x<96h0qiAS!GK)Z!)?+nZ{>z9%7)#Kg5VA9;ECe$WDa
z{rWY`yO?wn_Hit9k2TwGsO1qOpxk9yRf-_$*IhQNXjb1#Y@JladbtWS2W}jD;r2r5
z1?BsE$bL$Fa14yj(R4*QwAvC(hmlE<MD3^J<xql@;gD{=d`-nt&<sl^Y3cRq@>$%r
zZQwO)Wqe-I@Q0~vM>0|DtzM{gm6dj=^W&DiF~zID)bS!%&#H3rZCfPL9=HevA&PeC
z3$LQY-0pQ}IG43)lATANL~#8z01r2NiqWx*bc!^*T3CExOG?>Au=Vpv^b<!6Cgc9F
z`wi<1rn)3aPcx(e+>ro0^A63hfUx}9gt%W(3rvu%KT|+>DE(4~Mx(7}{NN8CK772p
zX~zmGeD&2vO1V44HoO1>HNOhii+p-1c_{bvQ{dlLcHJ^Uca9BQ%-Fv9CRijTMpmvg
zQ$fxrc*U3A$+0MjlEm+f?@;ibMfld+D}E1aAQ>)C<ey($2g~iwu%-ky?dM}jHjiV{
ztdA=l^0yi;bBI)7CU|x*t@)k0%q{U(8U%$xyz4(%jrxO}1S!vE6vGH`9ST(~>UVnZ
zh@JponD2M0`{?kP-ZA0}w>T}Ot=IK^)83%%=z8HIErpuP(HDSZguH;i<=@~}p&>w6
z`0-VGwa43-v^e_v@=8cZbUb}}U>#MnEVsV4)<Lummg?bWX2)vEMQ{o@YHsvsqaIeH
z0@uEZcRI8u4ab@&H($1Jtbi|Tn|i0mX*u{t)~AS%{@)Y%3{E7bMPOlgg)c>gmw$ic
zcdaJFQ|~4*Vt;7`sE-cO@W$%?je0gN`~-oMZW~fZKn~7UbEb6^AvQ&2HzF)-$tL$*
z5q2yqn|!bhk-_Z^*Y18ZrHay~CTk8ADOkW<9Ws#~Ja5ac<krOXy2STRrZ!M>qW3qR
zfCaM;Okaq;aBD0dB1}iMr6m|OG{V3@`=F=P)zzy^S;cupA8Ie?daIxtPdhWEAXN=O
z1VRc~pY5Cl2<yOJK+?hrjY3Q_`gHG#Fnr^I=@qNwH%Uo{V$69fEMnEBvpvUh$`dzs
zE~TYvu<A1ZgAo6oC0yQ2S|EKOWIwQiX2ti)iIc2d&-S4V7jz?W6`}Q%uHNMF^5&~K
z{WePt11SwM7}lup;&8oMQX#3h_j0;iH+5s4;#l-=kxttcgnJij1LE6R9Zf%7j`r?9
zjn;>TGK;FSOVDYSfn<IPe1xoN3=<cbvlPkh_cf7Q5{*9a&x4rPqPD`1=p|Tt^AHTi
z-@b88G9K7(4*Qd$WjqN4&3k8vCrzQ=JVetNbNepqMY3wBtW7AZTqS73d41R^Q*i~$
zur|H3lypuzd`Ndl$qniDJ4F1l&;Gz{X94tO`~B>X7o!o@FTgF^hhDiNSGpc;GVFS#
zq}@~U=+wk|kS2p(_<X;DR4woF68NQj4J)~goVe8R3?n<I%R^a6nZ>6!*Y;si(!C6)
z{X*&3f-6di#jpB5GWXz7L7Abu+=*_#u}n$kJDuFK-lk)tUc>R@mxfzgJ1hH!oySAC
zgBJ`q|C+@#o@i8@w3wdZtC>r_a1wLaO}q%3<{BeoSa1&2E@4F2U;aA_i$xja_$Faq
zxk)~AL{w|fRpiM?niR_NN?SU|@X0raP)l0&@q^gCw~tn;Jd%n=?X5TSnT=6*3!b{j
z4FBIVz%;_fQ93#XS#fdjBJBG^%u31@b;xCA|Iq^->hG-s))=jn+bCefUVMY^ereqT
ziq|kIRgT=z8rV_08FRz8zN76L#TCZ%?b(aKE4PHeCoc!zA@OZ57e+_y78r6fFDt&T
zs1ZQ=W-7_~3Mt3bx(f$?GvN5=gF8QMs*i7UT91q`Abl)f>)YRW*QQRY{!%2FdaE$o
zUn*U(5hO^J?AZZi`v=3V&8gVV+>9UzSp)yiWy@qdzRFgcq<d|LnyiSbANl%~Eq7=1
zk68i#2hK@VbyYyQzY+3A=R7JvQBJj7R?c@^78C?Nz~*p}DXK$x)XZ?5y;3zU^&VvV
z=CQrP<sv>ECW)#&7`;Dr8DI>qm=w7UU3h_b)FrNW09oW2=x_gCk<KyoiM`KrUM&nC
zYE|AfUJ7;38*v?H?F=afzeD(bfG1V3QCPQE26}_KGmn<lkH7q9VNg4IHqHxT`(X0)
zepTd4cpQ_$1FB+TE*KCTZ|2NyAGJ2Gem|mb8E_H#d3QE>kS=}&u{E3K+3}J`JXHp}
z5x+GVDRXFduU&?g#ywZUjq^J7N5mJzQnlQ3J^lLbgAD9(jQH(Oh@^1Dn<O!JLqsI_
zMVz;t#rr|n1v$@-)*x#1p}~ugIeIYB*_(8n9=CXVlmzjos@eAv^``PEk1o1evD))t
zvpd~*dGeOC_b<L$R*z9+%<%Y!<(;y}Gy;7u7@FE!(NaghGoqR5v}9}V|5esvE~ZSA
zeQsDUK=q&Ki0fI)1*=4x_}V&s3$;rrgO@EWO+QMZ0XSOj85XxTwOlPo!<Y!|y+4nF
zSgC!k{4D18tE+%gPjsSyQra9&;SXTI9c}gaqcv|j<+pUO$iFGj2z%nE3I5aOMYVDa
zG?+B5qhrD=f}S$V9y}FVlB^?^LqvF}G011sr*BzRF`k!@g}wY^O~B)J;GAGJj?>dB
zuoXyUg3;DifH5<}yIq5jw*{xJet!K9oL2@bKT+>|IVRTW|2zzv&bud$hzDz~%C<}P
z^V0*e-pDsyt|J4Q_c)<^N~|8r-8sWrpMe`h6JmO^3~JZAX>n6PME2F2%bUH%W|9lf
zKDlcw$0#?O5k1$DWy*a4yWe&fIe@+F-=a6&#L{VeQ#l((*VYNjRg0=fXH+Ib6O^nn
zcfJAA|5D~^_4@2ba{+F3#_ZlmM4nnodW=R5(}*T)7A!tfu`?-5SF5C$(}!P5cUH58
zfqsMB+6r%V9$vi-a?#)B>wn~;5!)}VJh5FecXpff&C~*EOD9deH4unJNxE(QyxESo
zb;K2pg0V*0AlO&o%b&QgQZKIDEF8u(QB|N}1!X1{fNq0pLL15dF=Vw8A-UQ+GUVk{
zGc8uWoe6mSV^mV#Osa}dei9L3!bRlgZe)9ml9qB{=jC(v)Hv|Fb-R2;YQDUoR)Z3h
zk~vV2BCNPIix|HB61d{nfhSu&3*ECeGB|jATo1yKId)T6P)&sKI2*QnUqp1yE7)ah
zpS|@T7TJHWsDIB-(OV7icz;l94#nQR(vlnzN%3AcQhw8+F#@|9Y26^Uw~o(=Bt>xW
zp@%}|pLKT(f<;wkYjabfr|H`z>(m(uB-^F8+lck+!onx7#_=x~!CG#L$h*CVSux%k
zM-=&Le@y55M?@xLx<&_EseUoWRhQ%qy6%+n5+bLHFmqXzPBJLQPtkxOC^t%0dy*LE
zLqpKB77f-5vq$_xeTKvJX~H}~PFb!L6ZELO2muJ!oQ9m5AQl1lDuvwgd*v8@hPMKv
z{+!o>Mf86_C%dzEr>zdfKydkz`-1|EiH-rcu(UnUrY)AfnvS9O)?-SX#}Al#Bcsgi
zrOhhZc5f;PRX~wSOoQDqE3;9TI4xui{Kzxsnwq$j{@(mbUOr^0p<7Qm!QiKV1g4H<
z!HI-8SekKO;6VPsPA0Z&oEq#{3AAY;#di{729oD=LyH5+zR+b4;e6|}0k_6k*;=2S
z%VvY>lF6p&W2@gP3yqEku5~ykWUvANNU+lh>grq_KY09qJ2d{shbOD!BHhX-IX7zC
z1M30FZg(}yrLyYl;zaG5|0{Eo;~;M)=f=FdD$`{Afi84q>w~0@F?7GFfQCB7v0l2X
zhpeqztiQ7mb8uJm8tF^Oc)MfDJQ?0Er&br#y?o^8!Ia+OLwD8KerzB7k9enh^=Ij{
z7uxDLnix*a11?Om(hFACa-yHpx3?>mzZwr~&A^<R7GblRPX5dh)q7ac`MS9P&Fv&7
zoe(tYxWC}o!}7t9jl|N#2&<lg=Wx}>Epe4p9?Z91F}GjUyC22;5T2wLO)#Gb?Wibf
za$yj;0ceOgbxYh3y;mY?z_Y3=D>a?fP(y}exITUup6s2uBfjJRJ#~6!W@*G_nwkRb
zQ+<6UvNL|mW;nAgJ(ClX-(es+18U-($el}AYCkU@=f6`jNPW)f%&@o=cx3NKl7aHK
z?TR14(TTaqpyV%tj40{>3R#lsFsh3d*bOm>6>ldX$wTk?@ScdrjYXidCUj|9z=vqX
z96_|e;I4WaJ&T`{1Gnwp4({XBs-UX9ZV+9RFz5WDSE8~Cdja+L7(EY6ki{*$nMXGj
zqfIO;G0Q)LH?OGUxa^hfkn3A0su;vL6?JcSNZ)KP;{m_)M{^9OLJs%AyfGtb_?EDZ
zkHej&L#EyyIh5ZG^YPZW{Od%4)ti9p<$JT~p{e=O1$fVZA%t`5y9_<AfUT1u+vmG&
zMhxvfbdw&Jyku82v~V2&LhnXcna@VKCkAn7@=}oCA24C_6p??0`l&sdpi;z_V$Rnq
zu$aYyvZurK>SFPQ?)Pu`e2s0d6te{6KEP~-FR>9)fU0e+(!@L#vD2`YNbmJW5Kv_2
zjM1qDQD$bZRGlWL+AFIAr^p>t-l&Z+H@3{8tN$Gou}$(ne%VNCB3a9|)Z)Erd|DD5
z!WhF#@)Jab8{XKoURB^+K+Y#yotn>DxMAzkb`7vC-Vn)pV0{u%SuJFmvBnx&o7M(c
z<^B5iJGz#pmRE)WR1(yY`Yio+^%iYb3bJH4*Y!0%k<#g=+XV;^cY}7{bV_k(V#v-~
zwHZVoLb*+3OlKiubNtKwxZLU82I~@|XP9v3sTY)|%36L>D~kzb?HM;Ld2W2j#GE27
z3=e}9i(6R9;)jkbz;vI@T7g^cmE5?j@O7d=M&At9vxQ9?jwldD`u3rP;qd3--Ofih
zLaLpkdq26kF$Y(k3@p~bx*mz3*V9)o6dnH`_3>QNPvJ+l$UifS!q-RMs^IUON$&p5
zrvGyzEK)jx52=RdbAJ7OwD_0ffs4@}(d?(ip?@auUJSu@60BC;=^x>rWrMgf$9nZG
z*ykE#Ld&#_)x=}n?QS%iJnui9%X@FH2HwUGVr)Ujkr0v%BjA@r)ui@sd<+J)xxpTM
zr@>{HoD04a(6=l%(!N%;oZ%Zb<X-?|o;;0OzJ#mtxh^`(*;;xxlz(5~z>U2NT6)$!
ztXrUbho~_GpC3h=xDS^)<SuJoU2V8UF<9Q5XVKf~-2CDi*+w!H-|v{-PgAS(hc-W!
zBy2(?r9)uPaqt^dq0jfwNW)Y21gCJpz3!)RcYFaU#4FtJ4#;FY68$(qNZgYTaEz>K
zVi(^M;51l5<nY`5nI_AAQYK2q9*U8tFDn`fu4NSzoAj;cLR}NJq}nx&M|D$a<4&{V
zp7s{R7gB1UAbO9LzXc!NzX5;E3Qm|#Rs)@#4rPoO74?pzR*+l8lgQS!#99WZuRQcA
zrR7s6q=Tw!&2m_g54Im-FXRn{jt1@l8VPP^AznCO#F41AQ`)AEX3A$XJo}fr!K3qT
zhvd<~M`q~+RfJmnuKOpw9?&B8Q+km2Y2t$UQlZ=Lb5R>Hdy1)pSVT&)6V+N){ac{2
zx!}8VcIV5gQMZx&ro+^d>z}@ja40Znmm(}})ETDAE=wO7jn4;d_NtqA{hGAW3MvjY
zmus$X@$Kik_MN<2o$S#l#`jloF8H+Ge4~Od(UBcgoKBj+PGEWo5W)PtBYw%@jpX|X
zame&6qbi6yCd@h5rw0WidPf!)ftks!!=T0b_ef|OY2xdRc(t=@-E>CBru)}eNF|gM
z$Zt&vK~!zzBK3=^Ls5V9`lb{c1Kh4K;Z~1x!HJLz-iE%L96$8Dlyn2jmB;pDPs-vl
z<cFL|3&wwdl|byp%bKgM;L%fUg+IP^I3;ao1#q!sT3V{Juyj<~tGQ`wMaNaK{b%oP
zJUCme51|^G?R==-t+BbR-2M5MMedwo9@O|M+`IYx9r2;ui`&j!sT*V7ggFt92!nqK
zJN$^eHmxml$)&M?h~99!Tj-HOw`!X;KaX@R@_WB<Qjv49qR=X#Ls8fANpKA8b2!Xc
z54$|EzJ2tps&B7y8dbYlBU5I}yFHPCm2C@>*|W#r-Afq0MKS=xCiIHjLlm^<U>xzU
z&4%{n>y|4wCoQzK?fn*Q?d=)L7XI7GSP+B$?QzVLNf(N|69(%7y+dB90Hvd>x8Utt
z7I`4pgRpW--vx9#gGcqv*mD`+xp~`7M>9(|vt8ZFw+K#JDNEKFGZKaAALk4qqvu1n
zVLBNLOI|`ij-wMqn9`xVV@8=&U8474z)wZ=9`Y6xO6LY|L-SQp6AV-~cVmUS(H&z@
zo!MyiAw9e1E2h&V)^2UL(kQ-xHVa5T`D%2yU07UiL0zfuUWLZqfEeSeZRTZjM`6W%
zCT{jtQ3hMCkl$=)%aDu=!nw~wreG~NIxdb`-77|f(KiJT|IqN#3_w#e^UlfMejigw
zEB1M+4p>)PsWWvZMWCgs3L>9$&QPk)m**GC<>Z3LuRhgzb?wswv}w&@idN}REi1ig
zmLW+T&Me!sbu0f!>mGeWxZ8f+D8prKBR6<Bw;3`pq6#G1`7PXNl%yxuz{1p-AHgW@
z6fs2*uqMnKqBf{{RM9I=d+6Zw?aczuJ^MW_<rgpIC6t9iXRxuJL|GnP>xypgJ#3}>
zVy%pl$N1S$9;N*DiFo1AJXLHvkFbFF+-?KHc=b-ZL9W1pxiA=)7#xnup5ytkOPVsb
zgwRk4C=DgqK!2Uwxv0}bLEEAir)#**q-;c|6>@d0Pd)5dodE$4;e!mj-x;o-PM}Ub
z?{yereihU)y&RBC2>r-_BpPd>EO?b+yU~z}RQaTxYJC?{sn>SWMp(aCj=H9|7V}Lb
zmp(2d1s)57Z>7eKFMNC=sQJ^6?|r2aHd;%H-gw6ahL$^Druo(4!LnOzxh*(ciWQi{
zGO`TKuYf9MUJ43rsB>aa9}9XXlexzJ)wNts#zW!$6PpVhgpr6Cfi^A3Ll_M%V>l)$
z1hJ@z^Ecut=wtpKmyy22`;Qs8VD4n~t>gv(?1Xe2TMz)5&jpGKW(xXGVxNofRA3HM
zCXT|%*unitAkyJf=iP99tv*;x8XXX93EqvmDnK@AHX~N}%y)hB)#Cp2SJ@-4R13Ci
zzg4a8xEtl!A#d{;e!lq&hH%hmTtCopO>3#Y#IChNb-1+y(YURyVGjn>UDo_SW$^dR
zx0;C2tX=}Gau=B3j-5lKU_2`;hI6gpE4~F(^5mhCocy-h;QI^l&qhgo1Wosb+Y9A3
z2?cA1##HP#QaRK3)t}zE$EWDA9L|HPS|P#v(0fq)tMq4|l!YFZbp`co7jh{+3_j~F
zL$dub6SQPupz!`-oglid3F=|?iQqi(jnG}pfK%iNoL9nN7N6oMc94d7H6S%Lmpkq*
zEEiRH{TY4UdgHp2vbmKAAYu?>n2l6M-Fc?boR*2lkh?#hl}iQRP8L`u85BItYwtgV
z3;h7+_rJW5?823EFB{f%74(-{AP@ZO$9V8;gtf=$^7EN<LrM_8tktG}&dxaN-HY_>
zHs7H6D+X+?jXFT2=Z$17d89`oJY*x@k>}c$4UbygUu~*{R6t3tT2JwtK?~gwCMTRS
zYPXlhcxzimA|V#lgu}dx)Mf>w&^%O8wLkeje-3~tSC11tkk#3XCVb`$a~RTzjps`9
zZ-6Jr2y2KB$GlwZsa-R9r2@s()S9%lC5#%T+TSc>3*b|+n>dw|C}5cbyB%a`>D*;j
zI%ZkZE6iz%u&(@i*1BXsomDjgF_&C;Zd6er@z#3ygO_VKtB=)iCw<q|ewIsiWSWlF
zbaElYhcjZLkN?>4fUQZu)>2FWy&&wciNfyN?xFP!A$?D&ix%ZB>!+FGRlB!k4b%2!
zKG}_uSr#Y7QpaZA`vxg`j?%s+FT-6rn)j)(!VWFy@%;OEb!c<A-g0ZE&zC@ru1Ln=
z`xW|3Qq+clM>L_Thz~jN*skTM;GgVwKt9}W&jr~hEuz&2UW<y<;9+pD)Y+gCV&m@!
znasCJ?=RZs>?aDqlbC(6&<R+4awzo~W@+0r$5KQ1ANtuUQM7Q4PsgPGejX)8TiMgo
zcgt0_)`dHwN4@n+H3~}?w^l-S(ZjHNIe~4jJt|90EKc1EU6~H+w-}NcjivH`Zg-<@
zbc_W@&6<anCNsfY_J_HWrDbKS>Y#JFnsm?PNM#vGV=I-JX|*xP7&X=#xbXaxO^7Kg
zIh1U2MzpS~9pN<Q6Vz7D9YVKl;#CVdkX(c?gJ$%yUfM7;Ya$$fWxyk!UqlzgrO;l*
zW$=`^eNO)IhA=HHoy>>_kv^Kr7IS_>aqBPC=?@=!0(8Ltl~Up>a+FU_3mFu0Yb3U)
z>*~feW-*l77rZ&`uKd6Xvi-(*D6?^BbvGIR);#Bw<EO}XF>g+98MP&3Y=fT2jiy#}
zCS}-^k8fBW)PN+q961bN{%07j*e-TZt%MySUQ&Po4(Gkn59W0c|FMz;zk#rQBD6y?
zq5+qmKeC&pa`#h*O<D$t!9^+V<vWq%&>{l3^JubYB{y*Ks6i9q<$i&WEIo=INUnK?
zZVz5gSM}6}?hz%qt}>FY>lCEzT=6Hxyq_^<=SQlN1m1qnF{bYg>)HK{#{p(h<-$!c
z5Hw0vmvkHrGI~|#dd-MgV;GN~bL^aFGZY5(O(JG<N=G7&^4atjK6bzL7)hIY_rcr>
zC4`;ORlXyb1p48Eh|YY?r7FJJhLun#;`^Y?EVrA|NM^@;G0d&J%BR5*J=roin>M4@
zS)kh?Z-}(xa1(`3yh#LuIs9u``}!=pUX-wfpSq^3x<2Jy4RTL>+v8`we}u+OOXY6W
z*47UANGtV?z;j#q$2Z4O?3ts?P_S}cJ;V&Csw;%xOSU^JH7#hBk;_kpRJ{fyv_Tua
z8XBsK?@n}LgamDK!fhbR{uY6Qj<MAzx-2#a34pmz_JVeY`Nr1H)4PH*2D4X>P#!4^
z=oe7eqrsRUszX|QR8Ql-i}?Q_>k+3()vAVbIzcT=(8qS40Y!PW_jOo}x;(Y9U|m<N
z$RA|bKwqDH6`Z<HJEb)6l5lidvQI6XD!UeLx*TY<I+kSKgr2QwTYPV6Y-tT2*XyrP
zjo<9xb$m;VdFM2)ykNB7X|E?_65pl?4E4+=!_qn!cuOdqHNhe8^y~A$UN>Q4!SnJy
z*Dr5i$RnR%(Cx8-t5wauS%CzcP7o9#A|L!ZF0Q}HaGmyJMS59+86Uj5)%?k1W<w-f
z9~vBNezrFxHUawN^IH2#XiQu2Sv&FMA}#t_jWEsr?7UHt)-uRJT<R0=GRRf|WR7-S
zeHrrF`m4b~Nz<YNYcy0Fw86%+gvC}F?S@q6G?;)=3J}gC3Ahz_ZE?Qao^mLwKTrct
z-W#)a(9uC<wiJw(fOYnxk4|{r&l}C}OCx`n(Jb+Jr-NBzwu3=+T#6d7Erusx2TaF&
zB1^h|vwb;5x>*i+rFjo@YzA$!O3cR{V^h0OVa@ZvM@b0l>NgVvhW$GML)1m1L;Ajn
z%?4cv@9@ADpu_#QJWk0booV&nn64~INYg4De}t&<fxj1}y<0I&O~9E6nT2+%Wxm}D
zw5u3)EM~4Q#sdjXfd%LG`}1}^A9<+BC-%;g{5`=S^&BX4f>R$U2?5jJ6}f&)@sEMc
zTxn66T%+?~RU-Dn^3@5dHF7OH%BmF6(7cpHG=@~B+G&0^OHLu}Aw*^tf%VV}>4oGa
zbZ{C9322|DMXYYB=6jDyaUED|u<f>0cQmVNMSw?1ONDCHFU7J>!^~vV*(C*F_L}%|
z{g-Wg<^$nt-0GEc={4zut&T4rRf;|2pz5kUgR=6KPVbY$BL0#0u2~j*(*~%$(Cz82
zPCNCd;5?ZsExb$rAJBkjFst_oQ51dNkZ|TUkp5;%KJ4bx9Q$nin?Iilx&e4>bYnw0
zo+9i1qY$j&)!f9Emkam(ffDOoY|74F1$taV!?o3Sw??lQ#B@e?#IT|^3e}<$R0Z8+
zNay|$jW01Kk&_+NTwu?|7G<wxSZ~G-794R;I^hh1?ah9D`pUY0mPzLdyv%tD$U5yl
z#${kTP0ozo0unm*=F?hv{WjblM9I3V<&acbhC)E+B`X8f>9I7PXwdVY9@3Svd%rs$
zev?9V&(^0?bk-#`(sIuJF!>B(e?=J(Vi!oMf+K4mm$kOtPam<Ka?1#s`W?-FQoPV_
z|1KjeU#TokwN6>N4ZZeGbZOuBiK*lkj>`~D*o(8;c|a`CO)Bzgq|q9jQc^~pJp|i7
za;H`+!h7EE8c4j$aGy@W@pGsyI!mXWR++OPmWhTnn>{$YT%!5oajaTe>NQt%T`HEy
zV=!GpikHr>H?zfH=3^@Ho6EUNnR&gl{i5ypBeWp@5%Qj|?kn2QH9PccLg!Lahs6;s
z>5;k?v%8YAezzTynz1q4%pY$SmaVaTF`X}6F1myIZGU?M#`irH$P%W!rx;*D11jJC
zqi!L=esIjAthPeV`}(4YsIL)aAhKjMP2RfJzww>$sHSp`H4+Ko-u>dv9IHW5D#WEY
za#<rEyhbny>$ythnUANgYZ&&U*O8P_@dG?6&70e&e*}a8tLuXdrQuWzyt{lTMd^#u
zwPGUsOa9X=Oo+q4G!4ih%VxU5M9Dh~Pc;QK1XOR9b!{`oo%{qsHt{ukP1XlW-Wx+-
z#l<1NMnI$dB}IO0|Ib8Hq70;>2<gI#a-~8FBb&iyuSZ&gciuLD<ZS56GYAa~e7xTV
zFRcYx-ddb3eO2b2-JT#vjmV3(+Fh?_=GvdU2QLLg%2>!r1M;NU8*Sg^NW0G3m)H(H
zYr)xSoM!JC0$?ki{>W<}ICMUAtx7*bNSLJ(G#L&SvV7nb2iAifkZ4lF#q&S*1Gm9o
zqO5D-k^Sr&K=z8Q$PZR?AeP{5LgoUuL=%YaB>u!Iezrm@eAaeTi9B&<>4TazM~Cy$
zL8(%?5kL6jtxHzh(G|(p3Z47E9RpLosW9uG^*y633IhId1TQJsMWdtnl$~xcdvGi3
zFo;gJz3w{o&B^d8HN{q(;8N>0(<Jwm(%KMy6$mGo<?hgtss3ExD8jmb+$Bxfh4K3?
z50^$@PsCg~zk)|~+9NK5(Yf&}?DrNPo$gd=stuWMM~%8mN*yvFzqY=*G-dK!*gAtw
zg@o$03UqxB<8pN#kYKoG8|NMo5t%z0oR|A!sK2b<Un16pL4QlBVk^9xpUcy?^rV!&
zNx2m;W})O!SDl~#S+SN&HhV2nYL4;M1~z>w!0+n3O;yAY_ZdMjCi0=dyFF7&HVgE@
z4=lQF+w77knRNaar&3g^badzmI_)tJR2V-}WrQLrzjrYq#DC41!QK(0mC`*Acle@t
zR_8gyGvvH(_RT>*j7Yf#YWR;=%<RKo*uc<QLMr$6&}a0tq0HN{Qa}rXfQS%IwwA@p
zX@s`L)*(ye+4Zk5^%u`v-7P?O$;*U_l-6=ZnWk$wSOx8F<VdaO%D6s|b#N}IcQKbb
zbni}?P}`{O(W!JL(yqI`BX_ALGk`B8wYCI~Oz?zq|5!^tNT3Y6G@1dgLD>Sf2)&?d
zUa_4BmgYi%t5yNAPlD;&NJzG15z%AF9w)ooU}LzvdHd_W1Cwkj(s+byg$W`x>(4sr
zA;v-)p2=XDbN<+X`J=<pF|+$4d-RAoIT<Wox}Fo_mlhNMqQvia3QH-N@uu6|P?tdu
z>!YnTNvlAP?Xgdx&|F<x<>kD1cYH!DpS1SS{FS+!+o+wjq{B>}mf=N1c)p*(4OW+p
z^*Bl@Gi9fHw%b5uX?o|9a)rb@f185(yzWoD_kwA04Cv07$}UAX-3>I5_*#c=Z&IW<
zKH*6DUTr_QrNt5UnCX_XNZt0Gg(b+Wp+=5zT|^6CV1j>4)yv1vgW4(<{j%axSbh^0
zo2~5?!%uPltShM)sQ<HN1-wUDo2wmbaA>)0B|c<{jS(sv0MMecnkx_}8y8uiQPnN-
z4JN`~T~aIj9zL-p!oD?|-Bt%PFEe4ViA^$V!;O}rtVK(V^PeJ92aiem$)6W-dJ8KF
zKw>{$|FN(JUjUVVxdO#De#KxRKf_*a=2%$Wm@;OeD(h)=#ZkWW$EUkLr_~B6gSMi6
zr%WH%C9d5S6C`~pN$9k?fR0x8C9ckhlXyaQO4d_7&OpW`+Rs3j9ghm*(t5{Vxp;8*
zUdJAlLwhP(%-vHmcu1klKmD<(sA+<2J21@>2kC%z5@&oZcT`V6keN=Rd^b{M1l#J&
z5CxXVOP?PCv6e{)-NSg9#}nm&=oeuF?tLwRI@?kaBiuHgUDaE8tC=C|4J*%l^&XSI
z_Y@>XWWXZFwIzy5J~k;v@GT6pqV{{Z1m8Vd86@wISM0$_BHoJ45`?yf=b&v+v(Hmi
zt)7)cp6Zh^_cjOhf7NX(zLYnMQRNc+092Z5=H|B+fz-HPuDRRU=RK>3_MuR2tF31$
zDKU3P9jCtJ8qD+kX_P^ViM5hkX|O^WVg*>w{e5x2befp@L{wx>bLtInj7e6oplje6
z#}`y$IWMQk1!$K=aC#4w1@1HKiYkwurPZ}fsZC?c$tsm&p7sQMj^84UTSEh|HGz<Y
zvzQ9dnP<1KF^*xbG3YAv_+>S(<MiU8o=C#2iNo|h)gKoNf}-A}^OWgpu_aOOMv-7O
zNs&@xBV|BKP4T8DP%;<qTCRxYiOdWJJRHcc4!=Ea(%fZezHerVJ<RdYM>kQN)r2?#
zd)xusO2=Z%ft&*jrxLcO_2tf-Xp~eS8wIuO@uyTZAXnNH!{aJRbNoM4(Yw!@%A1S3
zIt1;?x^P6<k%!;5o{<bNi{mZi%*rP$!XjBfA-EYBN93oHHzxKC$(Tz(G3<@%UCU=<
zYcO=r9^5$2J3hFcu97(bRFEv7f}9ELW(92?gm;xmn5w}|4aspXRzExXr@E9a4&-aj
z3IB+j)S6(U6gpSgFP$BMx#yHe0(6AVJaL~zHyG?F0n@0F{g>UkkO#Dwte^aUSvN9G
zOjH)o#Hj<>+xkPgz=rp_#yxo-Z0L=ql07et7&$EuI{@O<*g5l=zrXG|c7hH_l^Kc_
z4jRI5zxb&IRsL8>U0!3L!&gZ8WwQcE^q!kc*rQY@LB9?M#x!=95J6Fb9`S8>Al`E%
zcvX2ey9kFa>CY|-O^X{{$zgRZdasAgZPbqCU&yI~k;bOpKur@3B*{Rob||g#*A#|^
z@@zpPMF`V8^2S#CF=z#+3OVY-2*JcAXG9&2-e>V6)d>0?ljQD}0(ZEEb8v)llwCL&
zVYQ9x*%<qGLp*QQ;l<m0>Jm*MQ`ld9H>lOoaKY3sW<xWVY+?(X>5IR=8mIyGuhxnP
zTc7QHIZw#Ws_=P>J(;x3ir%F&uganQn`@4-N`4nld=^Q4t06LXK(d=}!CWP5D+|bq
z|9%$$i3Isn;i2t_>YS>GNC3t-P`^C+Hvz!If{o1t66dg2{b{K%3f42o106&<1l)3x
zjrFDW$`+rO^b`F<sDnkjLA^`D%b^Cb-t3v=;8q~Lz=9e8tVltn47A;N^TGtaw9N_0
z<Wt$I$(F9dR<d6GlJt>&btr#`UOHZ28vT1(eT$sdb~P4I{&I&y&jH7k>&J+HvL^h&
zuOT^=RbN{B&Ld798fc|%gvX`$<^uE6i*AQC)^4=6%ll(#FYS0TgG5$6l<!zUG6d2d
zb7iIis-EXH3g!KqKm7l|PWJb;vbNG!Z(_xM{g?=7d~jz=2Mc0pTY?E@Y0BQxVKJ$6
z&GDIyjG<;D;?BgW1p-4#p5Y2;S!J}91^UAPOI-4gbrw*<gZxbke71ESnb=3{J98OZ
zc$Oa-B63EzaKLPnwY%^%Jny*T=Sk2Zqw?3B$0*g`Y25g?33G5qO=ZW_z?Sz9C^FcB
zN3_ip4l9Tyd%x$<Xu(71lX;<RkMVK3+f%a-F99ZQ;a^CPUlJu8bPR?mhtxZ#YxKsA
z{FOkzxsQ~6-B~Os>M+#Yy70PNYj4c5)c)nxRIFC2fO3!=yI=Ody#>J!#^ttl@Y&is
zYPpng@@*FZ{?*|!ltK6Qm;A`GisTzo8;i7LR>l*lZ(o6zh9We+x}sKAv*~impnJ_h
zI^8}b5dH6*$W)<6__N>Rfe{TK61ifnL&u`lPdWH$_HSDw1V(%-N?uVG7Z<Pb&A*9k
zBie*|Aec*)vu%lzY?Lf8YyK}K{xA>mlIe<*@k3tzg(_o{>)USu>%ltg3bhY?$f7-%
zAM7_`v7!TU&$^aL)Hl*Bn@jM}<?T*LMWa=o>JCe#ebjH62-4SzBmTk*Q9uYFFg%Nm
z!?1E*{TH*10<!g;`deGg1?GL6|FU-x>>9{3>eON_80M!PEM37dQ+0*mWhqHXj<eI#
zZ+&MwN-BTfeu_bzLj_#vLl-GpIC+*YZtESOac0?Gw+L8#1aOyJpPGY!zUNJQ!m|n@
zU$EBN*h^)u!nvMv2G)UUO_#Te&9UNMQ6_B?si$~D-#jT~`FzpyoBC{=D|tXUMy|9J
zA^cQVBU9eD?Etxxpu#Y34;9|d0Y_$BV3INi%yL#{KCBV(yMyZVA-hfvY0Q_9-L1J!
zMK{6_L>qqXe-!c)Vkn4H0I29D?2TqYbR7|SMj&M+AbMl0qVBoaKthKA_ifDVF1wGA
zaP?zS_@=8=xp)8UVu0gii-67N*hts1`Uta<$T)BCdtm`3J^4d84`ch#qaj*}gkf~q
zU%WHe)rN3R4$C*0UiF6^8OtQLg`twE6*&m+V*e+7bY=MVZx|p6LYD4z=TC*6{LGMC
z^vE-L&!^IG0C`Q`hs){1@*#9PYfC?k9xReIpl{$Q$-lR~b&>PjL$WiKx;m5RU?<5F
zQ*6WWq+MDkZA?3Aqib>1(!GrO1T^gZz0Qd>-zvi;%=MxYJnxlOdX!CW*R0^=d3bm_
zH5g<4wHtkUY%`COrL8(lkQN8qny`%V(S5=#6`2J(<p0K6-Z@mijM_kJ$M$x>rB5Fr
z&m9Zi?fpb(@JFvKkh;5D7qsklA~=XBD`A@h!Sts^`398jX%1%P(v~=L=Gx`nt6;is
zL)b*@(gi*K>Wl?rL{LSzZP(zho*}DEypEBlr4CT4VU*Kn9{#k*KDiAvaglK;%-d$^
zAB^d9I*#JeHIc<JTs2w>7tRGgda(9k-(84wfmX3L_V(m@=hxK6D^j13#qDkV&9SM;
zYlckNwad=^d5Liu$h14{t|2mtbI}@a4DEP{5odi~sJQf92ww11-=5F@cNYA69ebKy
zvK;;<{4eIfLnF(8hi;Tk#Upn`MHo|GNH#ByFfE7XJVWu{yOvdAajWZ5w`@Ge<LqpR
z5lBcurwgD?`02#v+7!V~2*1$mMDN<exyeVEP>B?kl?yw}lCZFq61_U$^J?%%Zsrn?
z$DDrt{COBm3R0nvEMp^NRsrN+>p&}{sKunBzmPe2r4=H$g`v2;U1k_wduy#-hK+YO
zTQ^oI*DzBE(?hn<v${F;YH@R9_Zhe5&+66}_5}v3Q!Qyc;s!@wgy-i=1ncV~cDI~-
z>wiBSX1A{}*`X0_mJ|VXZQaqAP8|;OI4Kw$eBE+%QZ;+33WU(0E$kIRB~w70>~-&v
zzzhBW4bt>bi;V%s>6&-_U1b%k<b6bqQ@;W#E9+PElknzxf8MU%4&ad-D{k^p4i{M1
zb1Xe&Sk#u>-Z7?62v}G3c!~i!q4OFV8uyiOAmr#L<YjlugTxoaio%bBA7ELdrFr5?
zDmS0OD1;Q@(47($f2tX}u&~3j_|bLb%;ZS98=C{tNYlj{{G!#-#4Jxd%YR}hDC%~L
zaY`=Dt~u)PO^1xp3e}7@a}CrkZ1Di+!T)W;+g2tmc(m+iV-EYBIx2O!ywHJO_GOcJ
zOv?WX*x&6`MnYw<uxqQp3{7cNi?OT2V-vE<GK3h;dy!94*1a$+i!Vm0D`2g!<znyX
z!3kdGf;nDja2faN3u7o}LKIl1{^2<qVU&i+P;@hSlpcQEyu#i5QHpejA{YIXspat@
zQ>#zFxr=d)qbw7#eW^IQ=Xr3fkVXfbJ}h1gjn$z4yi?$P1E~M>g9}pUA2Ve_xAdZy
zVpV3(`1XFdML&)IR(6Q&R)jq;dI^+*%&m!M+#`^k>v!(F3>>nJVBykzc2--`z(?m{
zn>@#!OhtzgXWX;xY+!@N^pWr|4C2Gs?dk;?ooYR96nXI^1dvh~kjyI<mb!n~cZ}8S
z(qo+>#A42v#rM1?5bJuq&KK?T^mmF=RQyrOQYCB+;lE~VTxkeze9`f4?+g-6tU)M4
z<`7Qr-UT0>9I>)=yDCLFn#!%Q@fzExAcNoWS;tJpaNM3jcd1I=kNNCQ9VssW-)-OT
zN`2>hgWDUMZG3Z=e@)(YyA1yA-Yx^r=8%WRwvp79F(SWwc@{X6XnH`ZE?w@|7LSoK
z7qh_1Ae!rXyq@&oU@pdZa1r<{;<xz0Q06EZLDqS&Ri)u;^H;jsva-w#P;HkuW*W{L
zpRO#xSEYx9$s<E$D)1S{q)v>i1m3T)P8Ng>lX7BlyM(@~NL>C%Z4(w2Z*!kx^=Th>
z(u%JRkxno8my8RH<qe1y%E*<8vw&E|Am9~)Z<Te82MsM$nu^+tk;{LK03lUB=SS(%
z^`?bp$IU){Jqx=cowd^)y4$b5HJ!l5`^6~}PG8~e6;N`QmBDR3_N^rObCeO52MbK!
z2h$QwtzCq?8;^&vm^2C_n1TXn;Vs*tqp|@c81c6u+`^}{jy={&=)YCGrsH%|`S|$4
zmKrCUB0CcdRKKc!|H8&*7lYfJjGW~$RJW~g=@<L{q;kwhZ{o=f<j{t?=wYGIoz>rD
zS4Jy~0=E}(iOvs@Q}a)2ft}v0fM=~O?t4AQET{6=ql}=%JfMWjE&)TENTyW9A}9Cr
zLD8rEstjKdte(#V#}VsdxAFd$DQw}QoPx6FR}1Rnr;*Ud)i^#mv8Iq2FvgspcARZp
z=sbWd)pJyo*M+}3ea6uqc$)Oe-J<Bi-#8`#>x->XoF}5EBV;N4SKsgRjpg0RqT{Ob
zcFzK1YIQiD%K3;@A;c4-#v~{~6E8tA35~{}E};g|x(+X3r`fRZvkIpxptbp9J&1jw
zWnk|u-V_#-!CjdAv$V7{SD}%r-~1!Z^$vN*?hFk!ht!zdsl^gOKl!VoqN2Yf8gms`
z*3t+Nw%DvSMgzCjQTIykspc=yj}yak)BRJoHu??I_QUx7Q4$d6v6T*AS|2#SGvZdn
z`6e)aX}@T_?=TXasHUJe+(ib|?(!%K!v-FNty#>>flqVarP%Df8fwUw{##6HTRKJW
zU>|i*%R2JQV&vu2=FIo3T~Ea?fO*-T0vNr!g=(A|DO;-DLpaf|N{Q5v^{Qg=IB46B
zVS$1|gz%+{Db;k~)Hv9G6~O!@CvNNPajw*xdB(XWI*#;PV2fz|KH{d%oalDfvj1IE
z^uqJl>eID=@drjqoG&O|=U-A*@OzqG$E8w2Ko()IKE<JH=_YLTR>r*aLb0V3=B!^`
zZM$^MPXzXW1j0f5O|<mL-pbyt%r9Bb!+GxL>2aJjnj8weZ1t#Mu=1zsXVPo5cSnvK
zK?nyxZoIFpRrk90(lb}l%*DlJ;w^l8<M57D8M0cHa>M4c17><tYj-vFi=E2+(7wEh
zW!m6Oo!lM@)vE0RnBv?oxsW*%;4&<as8NB6%2#I6R!D@kaTC_0GX;KtyK1>Qn}H}U
zUifN=&G`OBUYlp`bj-c6NwJTW;;xCvE2aBJ<v3ZKW7$2PYnr)cqs|xOdsrN=5|}tu
z9I&r5IwaE@AT6I8OVbF^kiG6o8CwWjadxD0<887lyR7`F2f2Y~G;r;RuU$;fmJ`8@
zC16ada@QU>ybrH>n38L&`TH(`(}Y4z6VZ)1IyM2jZ=Ri2dt#varDR#rh4KpgY^oaq
zA9z_|Co!Di)jX7;9_Vu|Rs6z*pJH-+4Cb#4NLV^JT3cH`O0oD|&z>UY<KW=%D5a-@
zf4R}N@x}457Q{ptJ5>~)W%5lzS>VY3lszY3QhxjHny%KC-|8=)8lX|Pd!#<*Jk~dX
z)s1l&ve_d!Ev)AlDN8dQ9Lg<h)eerw)Jqf=h<8~OpW7N?-yZHhxpNJ$?YT78=~=oN
z0Yz?qLmn;1iSYyc_=gW9iw6b<zTDa@X%T{GPpAR`U9p0g-^F|_1%Qua{UR)qpO?B0
zN}$crj$s@d0AOnt-?KBP)LXQ>X}1u(6XN3$$%Hyf|6zx)<$*<MDTR#})(w14?~WfE
zgu(>w_+U>Te)S+*=b-)dvPYj^lf|8W3N0Dk%TQhIK*(G;DtY;irH$E1_)DwI&!;vy
z>=JZ_x;b}#o2~iUp^~$35T2~y=#3<_E#_qVJn&W7Vc_>T-&~S#vJPdzf+^(Jn2IjT
z_rzF%t{#Z%@ul!to1UO@=hOV>Zz7S38@gWY%lChEba}zOL@8V565YgT?R?jsD9<Ct
zx6R*n$e2y-LGXXN@NjGR*k4Mbfw%9D@7%iE^^KX?uR#HoX=N*oJ!;3Nb^dD_IkV>T
zVvCK*@GWh3bHI&AlffV#&HvlUU!?;PKEYG?wA^zdnELShi5nky{%}2Q06c6j1+lW`
zChAy~@6gcO7z}i@!sGp*=|z4H2r^@kU*9gUI%~PLdNcW0PgC(tw2(5!p-dqD@Q48~
z$u%)4Gt)-IwNvchC}`&mBz7>zg6Vvb=jB=tQREQU*)zvZ291OI0lD_X(=bww9Z2m)
zR{ZdLZ>KVzC}xfR_U(=g=h-9$k<goc45-g=!8EWR<>pURhkh|@E~kq`!=v0NCwGJr
zgF(=ju9Oq4nOM>CXCkP<?cwO_&kh|VkU{FB$EVJV<%6B|u%sraU|;kfl}8bZO@St5
zcz8I>E`UOiDzyCd!iZ?y^P4m{gT#AA;^vg8TcLZo1UFn`-+ltfo!K19t=C_l(>{RB
zuHgMk&GdqD6}Up;z)7$F4iwkk<A(*8gA4VOb8*%4^!jMFNO2FV4I1}sQhuwvkZxpA
zC}5fNRgrhJM`3Dx2$Knszo>ZNq-iR1?|5GKwSkjnd#a3)L^o74(rN?O4@^RM#{iBl
zOD0S&*Q{`<&sqhLPMw*vnDSrr%#HNB@abO4iJ|2lZEnu8F2eWoSq}o-a&szUkaO?7
z)d%Y#JQjD3sM7|F6s^-NJl$TL(7%y4wYOjxdgQ3@+SXj=C`92XIC)iT=kc+j?3D>I
zT}^u5>Lu<|7cA+GlsnxTw4ljpC!GsY-aK8sZ4>d+-R!Yy-<~jCe(T=PfxoeF{k(DQ
zVU;pSnO}PNT}!CV6^-R>YDnVh`K(eSZN$&zJ-bZup3n>V3&{emoJf;i)r#<cc}w!1
ziVj$MFM#H+(9_5-%M>#5Ro?;nK>!wMUVW6oXh)CiH6w@V1VhaQ3+2y}e^-us-wmRZ
zqdN-Uv2|5#rDF}2s;|y$GkIq;HK{FgEe7Vw$VqhmzWR5EI_fY;mS&bqJj5{<h!Xl`
z7%9Y#!wdm<?v)Mg+uhN#pLPGGe&EWj_{v8b0>2nte7^c;E<t(KGy1sCNxcS@vjF!f
zeLt&^<nM9WqU>TZ37p&>^Xd@nmQ<61!T)RT+XI>2|NnJLP8XL_DUsx^t4q1eB@#*Q
z$=zJiLd?=!8dgVT2q%h^QMydIg<N8+%aCG<vKZ5uSPY9XW^BLLbUG(}`h3s%<M;dP
z_x-1Z?X}nI`FuPtuh;wad_42bF6?@0b@=eeUi2-$4eQru32NiX`3bUdyFW2Ny%?fS
z@)2G1iG?i7E|#`loDlh(zXh$K#(zLgHy6lv1{ROi4StIGBz$91Lsz(=8A{JoKK3Lb
zP$e+HGe0<f-@Gvw@ibmL95K4D5vf?IRQz7@5JL{I2cs;l&)jkHPggeBz@oQ_A4#b$
z0_`%#A2x45o)QgkkW&O#g{vAHJBcZQ*JKSss$NJzqt{6ENqd>SKt9O4s`cdbcl$-a
z<h=sik}Y|9VM`IDO7CNj7kLB~KJ5-}g-wsO>(lEc^?RH*sx?8Q`bHZ1c9bV=il{v5
zlvT&FdM$29&&XikIWPYA`KFjkH*m&;Go>+aOhkkmFN?`aIr@3va5#}mgTE_o@M}sD
zH4qVH*i$xk1P<IAYYl9z3+dHI1<b!OOC6q#ekLsS!Rq;y$9AuSk(6VZUoHtM_L+A_
zd_iY-luO@K-8F?&gVS;<!4zH;|M`^_gc?wtn?`9%wyDt#)&8;*!}y#KBx}JCWT`+(
z_pNVka6yBtd^xYvEI}nF()ZSm_cP=xAIki#yfNEHxq>~36(e5x)X^-QpP96+yMLIE
zkB|3Fz<IH3OBHxX^zAGG+?D=x7g}k1SLTdYF3jk<Gb)p^dCOU3Lv9<P4vW0&iH2;Q
z`IC@+A#nk12@f)<bxWJxNyt8vs!IDHh{8wqA$t%_^Ywg?{w~#Y+gYzIe{@exB>MC1
z_z}VpR$kJsl^A+=jXPuqwBBHZ=C<?sR1c4p%U{MjmQ)Uk%td(2TN_T%b5J4sJ%UV&
z7o?+Oeo0&>eDh;bgyHd1r;h<n*$9->7qtaR^ge!X=cMjzN=LsjyL>~!Rp*S8`N{-e
znC78m&!U^ppXHxww{uZ<MoPLA-QIijW&6DfvdEbZoinHV*Ka?zEM#z)6O<zI$FX|!
z%pdXRgWsW6AY|+QqH;*ijO(6?4R8FdWW@KrGDGK7;TAjXA)GNZlp)F<{P-P@_KR^-
z55~5+T>c#F<8SUe%O^LkZBI3rIJAG+$<;$rUXjnJvsLo?+8TE*iE{{iE@8iOpdkqx
zK@HdvJM+i+aXne>IgIkv_OP+8a@fb}n(N25YslU?n6%-%{6RCE4Ymb6&wvhoetV}i
z)o4~V)Fie$04J>c(7_otPJ%G6TgW1>MuC#_<riLL>xH!d6l~kmnSW_zS59+2phI9Z
zVu(ne0NPm{A1w4L9uUQT;*MB9ql1nED#c29pcnL|rS{tct!)Z}p)pfV<zTaaeqy5R
z^{xW@Vp5JF#BRgT{bFVBtGAAIA;JDcBxRh6VhUGs!Fk2fevg9HPO107aj2o)F7<A&
z0V+5#*z_U1<+{fC(uZ<jbx+S;OFp}6ZC}mp!U^}2hjz8b+@5f3^Aj9<OgOcnzkGb=
zQ}<x_yX=aH?Dq$R=lI#FRKofTw=ZWIz>(&i{SodrA28%+Wd3@p&j{7dj^A~?gupwC
zvK&46n|eZ!=dT3^!xYb$6n6S@$7<mpeZAfuoDw8G)e>T|Yt4#?V_^IHl$b<fuWhLb
z?X=q_7KpsR3NE@muV0U%F6~^4njRapHJ)Gh;h5A&TDu!ADcEz4F(Yp9W&f?In|4wG
z6|`g9b&H&nbn1)}mNc_QmjJGjkjsZWq^@2_V$7voXpK9Zp3@?Ie8dO7(g;@yno3((
zT3Vi;Firo3ES#)Wq-l8|*38raNHJFo<9DsLQ%!6R1@?@~m3Q($o%P60{(k>6=H}+f
z6E-?<z(WyuD8yR1kZM!Y#W;o29jJH}0;>hIEsA#32R$9chS@65+VJxUS+d%N86o=_
z8`Y(zW~AZnsf?GSm%#bupLZ*T5xtS1=`%gHk~l};_i$<im8&SnFM8jdv**{AD299v
z-E`&m&`x#`xwxpJ;aaDqW>B6=MQ3{hf!(3|{tCMz>@B<IX{Vy2bmxm;)O-=WASt}U
zCH=#$-MhtCb8mN2NbIx4ZpurFg5MdsH;K#Eo2AOzk9WGmg)2KQ)@20m1|$?nKTwg8
zzWY)l!{naj9l4mXJ<8Bj1?ht7PGX!o#PoGiw_Vm<&0UlCPpRrxzOuCptnlT5X!%R(
z`T%1bzC+aYn(Z)h-B46OR?0njv&TiREJT;)O|)bkd8@|K9uIYOb@i?l?57F~kvX^!
z)1b{2EuD-41_!h3@BAGgOzEgcfp<1{NXOlwxR&q^G+U*zPe_O?etxY`yjkJAMseH)
zB<P>;{weKKs@L`G8F7>(MiNYTIrHyR>))zF@D~yp@XUD!WHUC-3RE<`7`5JN^LGsX
zS|zJvzFgFJ@Rm2iFkd@hkma}5arC`}#o~J)CLTIo;Q{IHc%P2J{qp4j;B>o%G*4$n
zolU*Z4#a$yU43Q#Nxm|d=O@Omt3X;#?2a>6si<%^$zFWB79ao<fQ1|uZYhHv3mKhw
zhiMSWMX}Vt?GUZMleKTdomXn&DQqpWO3&PoV)NO1_a)uM^$aU%HETNbBi@17^N?G|
z?i6o=&hLky)QIwb18RYXh0*x(cN$T0Rbra6IOrj0-|tCDk_U7(-<N>_$q^ruWSu5?
z*`ny0Th0-v6-2ck$H87~f^uHRve8wRu>q$$p66Y#;EF>|%c0f?-n*E8C;56ywvLz~
zfoy0FiY`W#B)~PBZ~cb^6+sHc5zBM7fW98j+b{Uo61qR_N7)w{xJN(ti95VjYn7El
zO;^%Zo1aYbbM%F`l{?$dsw^%l16h#P@6falrH>S&f=nzYrr3GG4t8nn5Q1tH(g#5+
zWpBeASX>4LTAtD5{_<mA$ytzit&@}EX!RY3Z`^I(u*xc}Z`gRpA9g4wv*oM#EZ$P9
zG$~=WnvJx^$=^%k>sHc0a{K*FaZJ#;nZ;Lfr4h2s)jMqPM|a|sZi}QG@xns0BhS~V
zZ{sL6M+9=88Yv}g2UU$fMT@8e|3{(qV}GOFot9Zq^eI!h-mm2Jz)+sD#bD<BQ?oJL
zyidd6vD$O|AB{O|<^P29QsSQ+=zkIPFd~%+s+{NE0i(yg1KJ5A)`5GXt4rNuEom=q
zQ=~Si#Og#66B2+y{)cJ&Y%C@I)TaY0t=4WgRhoov(+?n}D_O{$g3m&P6>JT5wHtv2
z3;*k}2)aX!CI_20_bQ$NA#-*v?P}17H5&FN9}vS*AW_BIPaf2%5m)?(IziXgh0ZMk
zI=}@=1N|*SfMw>usw6<k)eKVsq>FyDV#b48QBwWQY474zC8ZgMQ93PsEZg7UnsmBe
zQ-x`u@83V_G<DtOBl^Y!RRs2Cba>tr=Uy|ct9GOCy=K6ZFO@x)_eqXrm1bKSab9<E
z(aB1h^j6;AS?pJL)U-J&s&NcV&9Rplc5=ch?fyybvpWtv*FBnui<Eu0)l@BG-O_ct
z#YK!n7TvY@FQdgBmMjUCBwa~^ruE!@q^(x+NYy8aGW!P9+VSmNvcW^c(2syR?|X`n
zpW1@KTeQpb+rkRzgEcGYhtzghducw>jk-dq5&S>uZR{aI>{@L0|EU1!tvNqh@p26M
zM|USQzIySU0pi~MbBnLFBv&uT01}RWoHgFjCHtyYz9Pp7XnTb#`yuA!M8n6`n=(T4
z|E<9SK@pDmoo-0Gn>pgNMs0^p4piZuW$&ny1nkEk@iR-n$<t~Y*~eBMPLnJBNf7v%
zS<8Z8xVTL5=emVR_t!kq<*Zi`Zdic@a|7E2gMTrl#+SF!h}37zatN9lTU`)s{z;5`
z_ZtYx!T&A|5k~xE-b-jd5MKP;0U8*BgGSrBE0a<xUtRrr?O*<R3P`-8UG^DUAIpiO
zV7UnqT?N}5?5>^(2P}D3Cw)tP(_Q*6i~$17szg-XS_5rs37)Jy#DH_25-}SSOIqE(
z69f|9A%XDpLv0sUYEJ!7u$8o!HQ_ga%Kt#~xEQSl@h`;Jk9|(NY6YSUGfXpIamW{h
z83{7vhs&0rYv_M?wHggz+cUWz4W<THSpK_p{9je*>Wvw16bY(&y_O51RsH0$e*wZs
z93aE%dY*TeDbR%@(1i>4xG>J!#ncM5p1A3sU5P$bZHHxSuw6hR2L%{J%bXA1{eNX<
zV7Dgv&kiXi0yt}1;GXNL&9`V5_JJj>R=1v0*X@k0>i&070cm5qWXEr;k<Hfp6aO=&
zAC)IE(z}gitIsL$5~-U(e_`VG@m<Bev6;<cDNfM0sJLpL!dKR-b>F*BADAS0GnLvq
z5=N=8x9mpGX3@_``?800NECy&Wc<_vG}xSmLo8Ru$DD-v>VU1C(8#YeCl9$aE%~k5
zRXTk9?E9y1I9bHX1Kk&K%4;vzAj-P6>@gaeIXagG&nSLmRecHg>I;#eZticdE%@5E
zM_#j2Z`5ts><1M)YtbMDe|Npw`h2&E$BUG_N4jcvZs~Fkt6aRNQd#C~qOjGg0r|KL
z*5-P?j|xY71n{M~@lfZOka`a3;@(&7iEYp-@;)&TIV5a<usQ`muLqSNKf0p|@KMw_
zU7<Ln1Z+v*fLD;t`K%ZnS@7Iz$g#^2*1wJ`F7{ITrzOZd;NBpKmoN-ziu)CO<$~8X
z_uvBWCQnRX92^-h6RuVBLb|{KXErKmSs)0>kd+JWdlZVO3!m2v8+;B6x_YnAZ6L@G
zFn;{x`+Sv(Z-a(6J{DJ?X?AulY4{#X69i4@FZ1Uo27xV$slg91AVr2)ffmS)mUYEa
z1zcP;dT+^lbl-Xu#3)sp*xkAp4<^Wd4O0KG)N!I9Ig`m2v@?Z&H9lfRF33wv4OT49
zP*Sp85*XGu$u|nfF;E3N2xw#eVa?X!`R&C8l_6r6!(=@&9!3Wr0ePx?4%nZ3pRrol
z6cVRkeHmE?(|47u$(LQg6%h4$azW<~4HXjpp1JF6SK2tcyHRi<h-SIi(;+_*4|_OA
zkDDhaP}T`PJ)*jNy%N;LE;~9i{aHhT)Q5swYtB`(OR9Ou_w>P=Ob?ekJBnuJkf`8(
zus8UL*uSY6JdY&@MnkO@TnMon<`TLxQL^~)|EzQq4=(6RKcXtVtvKiu{N61^&YFJ~
zTyE?GZF;okUGrPv0(kEC&<R-(07D0~%$qqKnOt@z%c*{!@=rmna*QTDEKZXSUkA=?
zr=_kcww-nWsST_o@mJbe`Vs(ngrJKW2GGAQ%0jNhRkOh!|AW0C=lT5fb^<@Ny>FJ{
zwf+josM~~9(8p=$e`OFt5J1^T>u&q0a#M&?O1;p1tEh8tI`EpavSIJI4SQ*ovK)mc
z(^3k>O9TxL(URm;Bje_&swj&SFJA(lbI2WF80yg8%3jy>@GeI%`$Lm)izBFl1<j4#
z$nZe8S8^sFr3Vp%A#1l(O}CbOT_vLr)P{x)Bcldm4%n2~1Mnd!;V?0PpS7T%@cRuN
zLpC=tA^tsZI0#A#F#-fu5zfJ8S&;GPat-fU>U=2Jrdh4ZdHHctHnzn?5JaVGtJz_^
zvwh20^|$Grs#dn>vRp<bu}_e%gT|nX2bTjTFVMp+5Y#H9`^bOhimH}5>$9KdecJUk
zD)U6aTLeT9ph4Cm<6zEgE#3@zhk$FvYsh;mtH54$4zrM-R-ogmsZoOZXwZCekzyf6
z+o`=Bb0bA@fdZ+3c`;?cC_0!R{s|@omSvfW_pOYK{=(EVU<Q+e69|F?`o}>Qi2Jc|
zpec<fNIc^8K=c|p^$k*gHy8STv0pp&_50f)COn^Q($yS4^A-7j^(9%fGD$&q;lDn<
z&}45>iWCtY8w0Zq8z&z4wu*&C@=xT}p19GvC5GBEV*GJh2EknR-<AL|S}!SHpusBw
za7$o<(si*}a14=a@*-95WdaX4Zv`R5Xy4pa{R#k*wj%qC9Nux`|2`Oq^=pVzBoh-v
zyX-|JOQ!y&qiK-^V2gfHA>CFKq>3H<@&(_(h68=s0$T+=f){P{&o+r5dUe4A4!y+z
zXd)>sR?Nl+G12>vXxMQBu$&L)OD^DjL9^Os9^?<y!{97K;m=RE{t*SwssnBR*s@gi
z^l>(-6X{L^>tE<g@O_dvmC{x-9j=vGS8khJ9c)2^U>Mk?Uqe*i2%_l}i#eUF#pier
zG4(!<Jt(HEMgQ5Qd6A+Px>7<!08hnkxue-V)2WJ&tDFxmL)5Xp@38Xy_b#;dtQmLE
z)qHXQ_*8JLwh(t0&V2-Y?B8Vve>Qjh>kAh;KP=iCQ^z^uqcJV1uXqj$A(SgKVqXIj
zSBKkY*lIA}+|;^C<kNf(A9aiPU&UbCKztE+8C~#A2ysimS%f~Cm=IvIJlRI~m6vd`
z5QwQPGFSQfw5VZ~x$D{4^m&geC7!^e{CArbZm_f+lv0Wvy8B3b2q8!{lG007k;)IM
zWFKEh;zs)bEOUOY8h%woiAfsPU-qf<F4JF@FH8HCxGdc|9LLSJ+<MMMUHSKyPHXo|
z9D2U<ke#H&fby?5FIc^d(W#}-Cr=e#P*iLgo76MBdqn;hH){QDTBeKJx?eXq#jX{8
z*PhoIM#7gz)ka*>esnVi#^O2|I(2c3JGddX)01Na9oTxZc&fdJoa`%oLJ*DP2CIrc
z=_$!=U5AXd#(eNzM;=O{&3@k0P@$2KOq1Sc1pX6`UPq3Pr_H`>b2diz@W$(K)-7(R
z6Mm`Sjkl^}BON_(5Zl?8nQQ{G&7a$cYATVt4)a1WZqzD|a&9Lv!gkjL^0)V~jr>}C
zZiMZsaYKl1?g>QH4Io!FUVov@DX83DEFSlsHcO^XJll)T^%djeY3<@8=;nKJ+1D%B
zEsZ&J{Gfirl>L6h{FlxRWKKauA&0vz>^N*}YJdmxitgaSpr>D)Z>By9YV}NK&)GFh
z%?azEyEd}k9Et2+viS}8$+NVR)x9z7q)P3V`?eQxz2=YP6B!-Q@cs^RO-ZsweC)(3
z`0SC$;Zl=p{aS51&Aa?X?vLe4<{?Fg=iJBFIk83LedDsw1IbfvZNYvmx3P1-ZKlfP
zgbN8h^#MZ#35k_FQ$>3jP^Q^7VrzuJuMgNDM8T`jeus7Bmb)8+4bd+2h(^h6Lf*?E
zOzOmA->aTdgp7U0M#e<&E;I0^<1YT0w*3BJ`CryLrj)}no%l`#TKTN<1IuJg8hlI0
z26D_)sMTxz+HK!HVFqMr;YyFNHh?ll*b+rSE_CNcEtgkqtJZ{KREw7g37x=IpHNN=
z`k)(om!?mJ-_K_SnJ$yr1|}?Yu1l>rtJynX3}5z&iBU1z@4Jrt`~5L#vJ<a)rsB*V
zHd+TvtneU0H1w*PMOTqO7EOP8bY9bp;oz|p{6)>)W2ub)@;jWujsEl!()0Q!v6#-i
zg)BlMuCOfP!mr>hALVh?%e_0;wdIoiT@_W+GZJ7*LI$6}Vm~!Dq^D%<sx)0D)Z)#g
zTBr872FIM9bL+0JzqAod4nw<<wR)IWfZMGkA&^;vp?i*fXIJldPylyU+7}E17I8we
zu<SLCKVB)ZBtb2sEOWyh9_koQX39%u+s9wkH=ycFuzhlbj0|M>K@9k2Ad;*E0PB=8
z67xo6eP`FGyqmM@Km^fo<h9r4Z677TiiCt(Y!IzS){!3}=2RP|h_PA+u~5lHe@lEg
z-2)!rZL-CjBdQk5TSGSJ$Uz^&msynDJBS<%JFprk9cTtfjWH+be+})AOw{L|#B|=P
zUJj=1kXOB2_thx^1cD&@!db(s&2c#r0B4LjQe@(*y#l43Q?U3BJIC85+OWDC2ilTU
z%!Hn<4)HJ;y6*eVSSxmCZ+SL$<2O+_q?A>y7JwB<{<=x2cEnk|VSWRV5pb<;?>D@B
zkFaB$o3GR<b^0%A(3Y6a3O@vEeB1-wG}kY{2Y{PSK8xE=ZZ9Jh|Ed9|y{2KWmc7S|
zM*B{Vr(_#hzt+%<A^olk+UR(>?DZl@El61IUUklgpTKRW73`Gflewo$CAV$WNDMmE
zp)#E_d!ZK@?lb3h_O(Ohx2XzQWcgktpj@V#3V<y{Tsr9~fUM9~rNp3fcUpPY#-+iO
z`xb>Z-2UGS3-Tul`n#T7$I5L3Z#fsAO_K(%Lg(%Rbz35sJwpQyyi1V_Kx@L@Ox@np
z^_oU*r%}so#J{a<)3L6B4)Rk`dl;qCI@JwZhte_BjGj3+zddu;%y~#_6XmtE%!jB}
zX~-zO0n%!)%}nITKx&}TnK%AxX+2SLU-lR><8lTLVRhyVj3=YwUs$Ksk5)Qvsns7%
zJurEzJFFz4cJpX#D0OL=3yBgPP1{jEa*Bff;=09#zH<>yZvy@Au>=U*qFT&iX5OLl
z8ycokQ2TQC<xjXD!{yI9iwgilBaNwZuSMcGakJb5@1nS&9d}+2jL;rn6O3EL1tQIR
zWxS5Lu7Bj3{MgkyMYhST)7emCfivk*D~M~W6{uT&Y#n!&PK0#OgOi?`^b(E-!f1G%
zzVKI)H@QJH{0sfsJw$9=+fC2D=n+@>u_L)vg<NOZGt}8<ZSI$6;o04KpYi_J_&#_o
zj~h32nWWk(gPkOp9vpB)BVXX!A`fFAwVAW@Mo190s_-oQhT#2i_Uu0*VY<V0+lW|f
z{{z;suBlZ>W}!p`d&l&?CP-^c)BwpAI06hL&YmeeZlia@fLU30Gqx-r1y6}cd>9dh
zf#{HN2BrCBsYFQYs7>~C=L6OTWO#3JT{?Yd#-L4Z&k!`KpJr*h5`p9B*H>|7VhTFu
zYS6pQ80yol^U;u29=wD)_OU~Se+C2bH=KUnoC`riG5VwPd-BVw8X>LINqs92xLP^$
z)?f?Bs@L<G@zstyayXN^aAth(YgkKsb$NOB*~U*c{8#MC13dvbXn+a-_h>jqA2LRn
zydFoY?co<mM1%yjQK(YmBwds%Mj+%Za%7v_h&`k#B4jk?jnO5biVRRDkF6k4vIp8D
zVRqIzRr5D0$f~IkH&_Orqh6o2+Cn3Rs!{Yy9sMa|csL6oKQ>Z4OVEE(-Z<|*-M4|M
z-M4i2Dg>;EwGYb7yj1Pj1Bs#zMxjT&AMag-!0EmAz;}Q#DXsEjt21VI-{^7e=M_!#
zU5>clRtqbgzB?E#mmIPDeUFuCPnX6k+Z!)$vUcrgo1&ZoG}>b<{(?K4^9Fvl%*`XS
zpNC$LWRiRzOf$hX+#oeHZ&>arWz%I;-zlq9iHJmXH2EFL_(Fbp@XR~EBz=MwRjrYe
z8(-aVZKosJF<6%rB8Gs$uylmc#wmjP<+3Ex9<?S%dJ(G6Bfm0d4b8@tPT0)6>cqPy
zfxMI(GhEtA@*KAb<0Y^v2O2`P`KjZiM<n=a1nx=l0~Wj9{b(H-44%OoCxvFC@9f+S
zG-1RZi-gVM$$c99>arXHgc@K(Z!_%)XmjuEGH!qzd{2-kVtct|99?)wKjeiyAGrYQ
zCj^51vH1?uo=xvq1UaU56>D04xG-C%7ACNWTILY{l-?_TlrN4{41_&B@h*xn2U!J5
z2f(UlTf%5qlWY9f-fG5siP*dxv@O1)heV8u7#%gN=eX?xfZ`A~0(-5|gB$YSCt&Tv
zgE5eXeDsNIadQq@tYB_0(2hB4_w^3}B=>jjKoX=$zw#&05b?J)mz?;}+D+4hy0f*l
z0NVhToV|6%^}U07vk~&cXQmJACBS`g!~6gYM38xekfx^+u=)gLBGz*%3)T>YGQRqH
z-uYs+)<(L(Z}pEbMq^}XHmq@RU_8^M1W|i>_jpFGdQ+DJzGLnNPmzfI1BOzmnm&l{
zi0<P=e#LDjUt|8hTWNGBM-o`*qc;Y0AX6juGl8tDD(OWN>eK)d|A|CIcZn-&Zg!Ap
zgN@li#6GL%z-&IXMoDF`R)G(M^dB6zVO7t#aT|eWXpNb=4In>Fkjb-gm(hVB@#TBQ
z`lM(!DC)JQ-ldRMx`!-{<ZTcIe*FCDrqRH}ToNw4zO!Bf$nqA+NQNnMhRWS1M>dGf
z?8gprNpb)T(S%5Imi}Z>BrZlv12~vFbFK)ZLT;Z|OxS(U0A_yo>W9?xO($4W3&<`s
z0d97~!x34K*`W6fqe}|Ql0>F5q%Iyp$eJVS01dBZD<{<jVYrbFOt!TxEC|#2-k^#H
z;mI^it!$VYRxNfn4nf4se|{&~-4wvBdL<ss(?wZKCxGa4#Lh!2o!u@rP(2MVXh6<{
zT7cma8S4`n*YwgFkSv$zzQFq0v3Yn{r630fQo0WZRkGEwAPFy$tE%>@aPtt)INL|5
zgHM!cf&mK`2E6g2HnTh_NuBF}!oK<PhYbSmUO9jc^B(3!l0DNeI<ulmk|Vm)^v$rc
z)4{PvG{#~SscKDKV-gXUat-^{w)>wr1L^100(GovO2F&EQL>#tZ9y_kkkKfL=1wBE
zY>aP?cT8bHOy32xQL^Fgc&);6Px-OO<l9>=v)YKjFSAJ!5#c=@#yd%rvT~67#aC;^
zP%k39s+7Vokl-j8=8@b8N-)l#Qf8_oF+$9U>Dr`|TeXpS^-eSYVoVXMl57Y(!7M%)
z;j|-%HwnJ~bgaP8MvYZnj?NeKV~1Eg`!K2xmYE!JzXXR5Dy@pz1}9OxO7w|X_gaUM
z^H|@j<k1Q|aG(t8W*WBamC^b<QgV`ttX3fkc(hCXyqya+rJ|i%wVN7Hq5_~a8FiB~
zW2!fnyO~DH(KiOZA*sa^g))|;k)G?;=C>vy*yOkxw3GWAkZg>SZs~<Z*P=4YC4pP%
zd+gTg9Nt+i_i&_t+{S)7{6cm4Y2(R<ApGWNBCvy_R$;g%U~7-bSaAd{s>N7^3S>tO
z2PhBYrbXhSR$F^$`j_f4O?&xf_znZ}N)STk$3}>3jWxjAXd!z0hgg;VF)WX>vEVa)
zyeGg=KFC@_3u1kG(0+KwBiO2#7llzR9+FILXxvSpJ;I66>BkA!8lCaRgWN{v>?*qK
zyD$PUZB!jA5@*N^9d?@<MSkuF@f*c1Z6%MT16Nv^pu_BD?K;|Z8dx_!#vKD0ooeaF
z8!{ga&pTistM1H2jRX5L%w<@6aAR(h`ec~eZABD-guXrQ8~w?^m9_01AN1sU1Z`26
z20!_IZU;~}#*(B5lO{O65BN#)W7^Ov=*d_tRAvV}hI4;jWd1-pK(F>XGWb_WND*u&
z1h0Z!k>K@zfAPQa_+L2u|7H!9I;_%b{AB|BKc~R_a3aN(V+&3T-gG@4;xF-mdkKeD
S;jan)YI)Gctk~51xBmkc!_Th(

literal 0
HcmV?d00001

diff --git a/windows/threat-protection/windows-sandbox/images/5-wddm-gpu-virtualization.png b/windows/threat-protection/windows-sandbox/images/5-wddm-gpu-virtualization.png
new file mode 100644
index 0000000000000000000000000000000000000000..ee8aa78bbcbc4db1024ce3e8d5c986a8ab5b00be
GIT binary patch
literal 26778
zcmeFZcT`hb_bwdd2o{Q!E*um^k4O>ekf^ADNU<CN5h9=<LMYNp5<DI$f<!<?2oRB?
z9;8WciAsqG0i*>8BueN3A_)*e+TFqTz3=&*-?`toe|%$ncYOC`3`fXz@3rQd^O?_j
z*4%6F1bbTx$!!YTKp>E$mF1aBAkbzs2(+nUix_Yu{Ayn#@Ffy-$>KDqq)TZQ`0<n1
zDVtLuP&sNl*KITKduxEDQxFIwyHog2<ntjW1O&RRWp(D%m2lUEvF$z4-YzQPR9N6y
z%@2p)j=p@RTL}7aG~8pG_>LX9J(B4U0<7DAJ>8yq`?qbw*Ww<@UARd+zvoD?TEEzi
zq%E~)MA~Iue0aWh&&^uHEzO@=Gwx-$$vr2th<)A29Izm$-VQg-08h_$znXJqVruL#
zi!~G`?G+LS_Qyeg0<8P%=l6j_8;1h!#1c0CknkLm5dQK0#{WSFvL2AKCSImpujNB#
zO1sO0y3-7?fQ_Djt?!-Im}&WXGvuYsGv1W)AWm9-#{rPi*An#z{vn7Qbmj<o>jh#|
zc(e$}@VtUfOrYtU+8ey_&2R;tW4&uu!mtB*yM9#t42w^)8fTmF6$Q{t=^VA<Q*qIh
z(TO+e2^b#Dj!|f%Y1FP``izsD{rXXG#7{AzE#s*<Cp`jZX<OBe2rHnN`h21&NP@{o
z%PPdLqto(ftviZKWie_lT4Kp{a^P1T`w!;axH%MUyi|COKU8&4vy`o)=PUNSr(6<E
z-Tdn)1#?}X0@A(`X$E?)9f1lNv+@f}g^vf_>I=E#Za-*Y9Aw0pUpswBEPxHRRx(x4
zSJ6atvAaVY$f2p%<n=`_%sh`J$Vh<XFd=(yC=n0^-JmL1xLnf+c&S{D9Wuh-a&2CH
zz147c^_f^gTms57!9b_iL&mED@3nh+JWmfAnp$fLCe~gB!oK^suNWw{tYlM?I)r2h
zhJ;}pFlsQ&E+|P|@H|Pb@mPu*(~W_$874O4<(UQ8c5Sg{&zP-%6(Dm*2a&ejqEpL_
z3iqesz0-QrUT@oot5#m6=MYBNvXjETv1Vqj@GeAYhMVsD-@Dw0lrUy8b~8&ve=3du
z9h*IhkUWeasAJ=X>`0}ENewxWHkkIy`|y{g?NQIxY7;ft(|ULn*-r5;m}up7urF<$
ziVP%`V_aCOk#!}cha6eB$1?2IUbE|?IKvKoezwU%nbFvEKWdfjJ0F}4Zt|H6<E+*#
zt<6U!_43Dc;!!q6Hz{@8B?a2s$+e6YUIJ$?gtivOobEqpRtW1_A4*v0n@qVrN`G$N
zLb<1KS8zH~Ldr;{Z>h|mpE7TP1)VdPE;Aw*bYuFNEe-U*2#h+>Q9~1AMM8{^38vgr
z1R+x{M!~nGK%<Sxo3yVln@0$G^|nX><FG(JL*}1bj&Na|x<*vlpQP%DwLwRt*SM4&
z_h$_+*B6T?ma=A9r=uY-PCVlHN>rQ#nu=&Wi7hfng15p#+x>lr-D(r0Hv7BjGpG8h
z33OHEqBWx_|NRpQm@vu*zj(-6dWoV}HRdXJ)T1X8i6OMGs(j?Gt(W)d`zCXgSO)}=
zY6$RB#n4LO1;3ecIid||k#iuK-5pH?i=5NLml?@qaIO3t#!)-wBZ<dwI2Ug+rlhql
z1B@#a1NmCh4uhzl;;b5Ce`5z2#d@&6M>wDcU!{{mJiSu=cXJXdE;iV1JD-3Jp!8@9
z4yTlyf!6xpczy<1M@JM?^1d`aM$UgK!B{P0+5GXK)P|NG9T-u68HGPVac~Z8deien
z`aE@YRq`XLrMuC`a^zVF#(EZS%UnZoYUrF~r*qf+({++tYqi)(2j;Lg{OBDO$=K$|
zm=A@@`uH>te!h|*nUoZEpK4{+bt!qXD)L>DI;C3uW4L=)O*`dc@&Xmyns%GXZ-KSI
zrjR>ScR@RXGFxRp$u8F%MC2^UKCSj|t>-Fw^$8+Q#EfTb?FJwFfl&t_Mzzwj{4=F8
zykD22mYPn)6}r^OGen%!#FCb(`c2N^(xExMdi|YIpDeFK#%e61qfaq?2Z9S>ntmoO
z$`ok&6pymP>_B!ANJ+YJeYXNJ%-!!^;*&f2sG|-+mhysR*G9U0ohq(-sUksu!t1Or
z)uNWd+j!?mEpY$KK=@4geLQPsQe}5IRTX)m0ZY*yESF>CMvlIkvadIaYe%WXw6~@?
zM{atk&R!FM+bL%$dcIxajZ3yrVrg$n8kB!iuI9@V`cau2O&Fd30Ic;K6w@qB-@UvG
z<eD=oeS7XV2S*?ZVavg@G#3@tW0s2x&j~|*Q)i<lb{p2*A(vSItB<YHDeDw}`X#8^
zn{)Vn^*y&w;z<qQxt~>Dp36kJjMhZImO~-Yjdr%)9QFgQ@2n>hE$tKrS87$gKi;GC
z>D;&us+2YC5KUR~JWFJ$jPs{Zzmi^5EPK47@vC?m9+p}D#E@MiN4)!O1a3*UebWDM
zD@#JVNN%oBJ-4sWXGlpabzS3=6+d5r=p*%r`JjQ;+M-F=EDDnAs^6xKjn>}V{I)Rq
z_H*f9n7e~VVlS{CM-rWC;E}JU^j(@iKBoBP!*0u(R|Q8%^t!(oEMPkq!Fb<PIosJk
zAIGK_M$Zg~-n}vpkz_EzhKQ>$MlP~~W#g~Vf><4+o9o5p9SKB^a}=nn3^%W!$I9m+
zp;C27Rm`uIlJ$77j5)U3QsFKh*+(3&4juE4vASU7+r?_4%}=XAvknl#equERjJ&G5
z0RlBU0gg{+U4k_iMSstbPGg8%A!!?_T%ymtSzop#z*Z%z7!@TX+cTfVL*eU9a`^=d
zB(Yfb@CR7)x56p=3L{WgT;<YENt-~G-pL61$m+!{Y>Qti7mi||X`)a*a?Ya&{@O$W
ze&vLE*d&9FTPWA!4H+%-CsitTc`I-nFEHpPh&0nhFRlUnSdKKvGaVP7p#EJ5987<`
zSUViN{jE1Kgb_BgzdXKWe~$x3_5$d=+uI@#wL?5T@U*R_ZLgJAmwtC-r&i(#PC>Ng
z*b0rGYex^hjoi!9gOT*Vc4$#TD5=q);c6UQ^s_#D$2<0tw9a?y^s||wpJvkfZY>Sv
z!>h8hv-}k?xX~w2<pcr6;JfLg@X`9%E_l?MKAVR^8azeJD@6*%z0&+CA%&4QlRR`1
zNbNK;q|yjEf7A1`*e$`5k4O_L5nn=@xCtfnhH_4qYggQtBTH4_?VoeEi-F376Qly$
zA3i1ehg@<&sfD2biL^BHo*OvcPcdc+@OIp)1Dkh8@p}jy=dvm((RVAQMAsa>x>ClL
z#}iO-mK5k{>0{)fpb99#|J8zS1{E-7cLH8La>51kE&AHh+9btUEja}ai3?A1FWiwp
zha40PC+Ya+aE6Qs^FLFtMoL{;iZsCIl&h8r7#9jjL~iU!^AvY0ZeeSq4FWlW7(3iz
zf@3#?9a*|Lx{?gl_7#g+0uWM|g1Mb0J<rH_vp}54gPu>H_A)qU_Y6xO@HrSHjb>%b
zk9ZQ_Ym2>O^VdJqJxGsFAm^#mX)QcEvpdG#zX&YTxHk9J$i2kA8}&Bxx~osC3A-W0
zBe4l=maI2z#bbvu#SSsGP*Q1@d{D*Y+lh+%C2-pijVT5xxw2{NW^Ht|j<>UA{j$71
zouibmpPr@W@@k=TN=@eRP&GSW!J8wh@S#i|)aK=~`T04A?x)hZ?mdHhyg~~*s6V|3
z77HSC7C7<0R{+$EWew|TcZ%1iU{~Q+?=s767$5FNivFx}5)ZdwV0<vSH%w)|C{C*f
zogEj1W&4I)W22SWEV*&V&ya@)cd5f$d5P4c2L(=efx*-0`QOdy&`;AU?BRjS`x31X
z^96<#@`jh$+mpGQJHhZ+LIa}pwKc!!91P<!a46?GQ~Co+eXtsuZAAD@1T^m{v=*HI
zP+46Jo^s-Sk}5R4dN-1BZw!0yI)*&k!@mRgG@pL7*DJmrn7ioy6c&1dGhZ(at5Gzk
zE?03SW2*6{0*(cY)nLt?r`r4$J)^`r*p#9DZ0h@Q<UB*Sm|EQcezzZ^d%?_C%0tB@
zj*NTkPf=P1eB0IyE?wc~8AN;P26z@K=}*(+S9yBLef-IO#~voFTJjIO3V<IPgwapK
zyx)!CDBdq$7Bob@<*Mb(uo)E)kN7G(4B31Bo*TJ)#mLE<^8R}d`CWwA9q@^+$@`OQ
zFw$ecqX^eJ?g1Njd!^<NCp7$W^hO;d!ln0>DDQ_vnWRFb;9@V_7TuUb_^w=*7P52P
ztM9}>`EzN32fx=;Un=7bD9Q7)TM(8WUIU|;l$1LbEKs*HdZ3(75IKnJb-mVwR~-jj
z?1n%mk=`zwZ$wAf?KSV>3c@5)$BB!5p*o;Pus#9HXy=SZEP*YL<A5(4i_zKk#V{lr
zZ?<gIp{pW6H}*00J4(?+DrMduh~6U4Qpfo@caJ#m9anhA#<2`n2=G6mJuW;rB1>N-
z%^sKm8<7p*w*3<-;v><`suuz^LJ4*Z19NvNk42GAP3TW;LIvQ$S0h({QY*Kg+-`}H
zJ!!+<9Zj?dn84jVv1;-j6p++gzwP}R<K88SY(|bZamNu&YtmVUZnnozb+?lQnt3mL
zIYs9+Y&Xh^Obl7j!gj++YD-NMDi&ovk1?2RrS_<~YLcbbmp0ZDOhUbXOr16O`q&Em
zV4!oL#JoxF(PT9DEhYMAvT0%c>Rw0<w>-;Z$aGa`dU<z=$II?=-PLkA{0&5PFkgN?
z&<VjaoC103O_mu=a8NBLYuQq_H7>DB<63unkn{tcByy?kHAna#eXzHK%_64lKCz+F
zQsvU1ui8SdD@0(@Y^R1preLWoNA?Q3=_(rB{2ol2065GXJd=dghMYRQ7?ySAiSm6@
z7fwgqyTGPu5&zM1;4B(*XsVgB%$$w%Wr_sV(;E;{I@gonZLE>i*wfc@AYu*VV9QHT
zWnv;H2U23SyvC-guyTi^=yR{knb@;aa{6&PsO%}8bwb2BemLIV1UKe_?|P1R2YY#w
z4k4sw8J47O#T&;jOQWe)O$%pjH7*4L^n7C1_G=h*&XAX>6Fv=&{eEUdrb$ik`jO?R
z>vafUk+l_Mc;VV*5g<8-F3d8~F9^Gl`#E6upJ#O?vfOVBapUh>E+-MlI(&$rHl~Ev
zy7ep}M|T(R=6qg+^OxPB*?ZB6r`!-tmP8Md5_e%lf1)W=ZP80fRHriegFC_ragL^G
zXJ&<HdNOmL>E@kNOR*tvWQdP2=A$@nV3!vtND_@V4P|g-gW{&B<WVm*zXlriL3wiP
zkR29A{Mkq_lUyrs@%IBI`OUcnr6OC-I*hjm5KC7k=s$%XtR7xb8`0w?%jt{0|JG}~
z?fr>NQLH5f^)dc~12a-5c%J$;mY}McsCpYqH}&qxVZCcumGyc#b-$*h<$Wdnq~_|d
zl2oW9!UIEqh4GYLswb0AP_P+8P|}XDbi;};A~katk5PgTg8Hk}q^T$Z);2rhZ4rX;
z+MzIs)}E$r^d1kTM7HUHYFe+-c^2Gb(~Yw5O%HYNQMb|`cPBmEterD7ZiS<-j8~6a
znfYnu{7l_y6x+O1<+A;pCb`PmOBcU#V2SQ{V%@Y(y}T9=!-pIQ#BlFy1u1Fj>3}XA
zh_%&uZ{5_PYMwWwAK6svI-f_^)~ilbK3XEnb3g;gd+DD9%R?o(ku?J&mVLjxY8`$N
z=;_Hdp)2Mg6LU0IYiRieYGTV@qS~lCn@5Mdt{W)lnMby(VKM!e+gKQ6<LS#mBrqhd
z);5cvM6|*sC<>D4x!o+%AwL6(Klw5qLF)4K+uZ~ovEW9J>pY?!#VU`7j!*ARuUQ!`
zP%#M<jB^s{N0ArCDdnYWPG`o~1D)gernXTUZM=sI<K^*qf1-{ogR04w1cB^Ln>~S|
z0th6g3oL(u&kgN=4*cVf|6Mq|h^#ScKZ|a`)wR3W?LxIT5e4E4<AxDDD{^H!)9!B4
zcpdePdc=wqP#CyVNY#lLw(8&6V9HT@6T6>f+OG3ZZ#vzML9tD}GvjXyT%Ty?{wQ|R
zx(Yz%uMbZ-MSekNj*u`D&&S5qAQ7oF+f?QB@T?a$60r=0hf2<pE_YKKUF&x>zk99q
zsa0pEj~(J|i=rW3jhxgj-szHHa90_z>qgxrGtu|uiCA{GUFu-ljL34LLEU$?z>iju
zzAvE<cL(3tIj+$e{Jl_#mXV>Vz~{DWww7h+!_41VHaZ1rxc7{5`3GF?SI8NfFJ4sl
zHo2NSX@d?|_QpExUP<d>@V`#^94Uu2uKo1v$iQ)sQo{_INvunmk*u9Hh()7pxNX`R
zr%5;Tu%W)=4rzG-Xw=z<Zo05>iRR#>3G-=>KXTJCYS?K*>T&YxJ5pPa-__XoJ7<zt
z4(z%u>!qFVaX{s*a)$|P)*#6}Udf+aDLIVxm%uHky+2-HEEeNI)JHv3rImL~OR%ku
z#1b@4XSJfGMhv5VfyAR`nZHtXk2BpI*H?aD7VK>H9LYcBqei|*@R@NG`@_z#9owDy
zs6v~GpL&jr`VFSzXoEl3IMmtgXIOae4oOkZhCM8~^jxIl$($T0*$IsLj6ACEI<4H{
zZ&;l`iM(LG7OufSEu8T6-06PuiPVVPlS!}ieSM|%)0q3aA7teW^%D2T5>B)R=t;JZ
z6COU6#!w~B`aOf_lZy`}Kz_+cPL!)HtcboGeZ7Ui&{f($c+j!%N;4>+Gn4t6t1&&Z
zGx=A<xChrnAZgL;`B0YrEWaYc<A#g?gY@&fE(0|Y)47S#oyqhHdWGNr^3AIwT{AX#
zi$<%RnR@*ejdeQ{Ej3;POT{Jn+BJ=j<*!?CoUCJJtNgZ9t<)tk>EFW_ZSZFmG^YJQ
zt7hB5IXDl}6f=BY7pv?a(4u%!r)(jpuw{s&XdbO*6M21q(3qxn$-j*Yf0RA=$%FT)
zHXM$zy`A_iiW#WmTNobEr{JX&YxubD-o6CbYJz+Ghm&fVi)#FA%#nRKnVq6_a%~I8
zSNXA)HG6^6kEp~K+`H0m&mShh?;KXShPSByeeLkQMj2*HIYv4K-A1N3G9YSlRT4V2
z1XQycd5aYk)g7>SAbV>{HL6Mts+*Z03u{Pf!s$$S8MQDa$}YS~7WwK}MaZ*dDkguy
zx6!^^V&U^g*Sk+RKWy=tg$HGqv%+3;Ywq=#YAjl>XS(UOc1Vv$|NIPTwwI@=(|Mj`
zvGYve6z8_JFY(qqPcntlHe|P7!&ymscIdWLv%838`iheT<6A)gc*(u1=SMw>Iz~c&
zBFVnSyR)dzZ~+eu&ZKhp@hl_zZl)W?dXU!qv&u2J*}kVPK6t>FzmPvYycb<x?6Lm(
z=xdulJV1t5*+8+iU0YC$2bUHz*%y~TEM-Oz6Rs|0V%g}#I>6reA-fTOetB9%_syXT
zUl_X2^9;uYY21B<Lx*s0ZCsNAzfKbZvgBo;K8m4}_aBS`-R!5}+;r;<$-U(}=>bzx
z#ktXjS%{~HcWn<aUhFMh1d7rwm?%@g^2d<rGwTx4Z=eb@=Q6v?+01B+fqE}?+|U|-
zO-XQ3S~dAYxGEYK^C-B<P$>#&-hwVEUo9ZThnR>lfb_ctq~8-(EFt0wA053E8I6fX
z?7{6D&e~f*x!SqACL0rwp%{gXv#cl`f+DU~x#=dRNatmW`|OF_6J2krH|WA}zmPyP
zfROjEq75c5p8Rss;87D!mBG0&bU_n(GZPb~g!cqbjIl0iMVOr%cU-Ku1y3X|jELEK
z(ETOY@P~LYM%W^?uJH)OGgIp{Y2rT3veD7UB*!EBQ_Uj-w-EpvSa-<_39_|Io>%$N
zyHKrJm@26xtpQz-QXV%15v07gv<6t{hubt-gCU=%9d%yVl#b=0;?vGBI`T07x~sr~
z8gj0Tt(XKb%eiRm1!G6jLxZmU*6H}_hKW|W;ejm{fm1d?jXnb>0APQj$GPcRDWPU-
zXRciV2s+F>%v&msCHac!0hY-rEN2;9k)Se2@f`7pN0nw__`u!%G5IhCwA3d}Iyz4?
ztcfkBmr}hDnFgS5B}MuxI)T?lt)wA99gpV}K*<-us5>SH3~|vEe?$Fgi>1uEBL8?8
zlmBv|8c&9*u&*EGlT6#&$}-NziyG~F9r$yNx6DvUn-N8S8;m0Fz>djX@T~@nI5Xnk
zQkJ16Fb{KS9ySMZPl{!9^f+XS1YUOsVE>ekq@W#?;=)CqVz&1DsuIX8gstxDU<ZU#
zwl~%CxDVX=efowtG!J5#(Lr)!=6IfQ3_Cv(07GAvg`RkkD%~s3>o)0-_v#qOw(>JX
zCa)ML7lnkkWORC~z|=kE^((fpO9}WLudNY>#!I@*yApLWnQ+DeH6hPin0Bj*I=+Y6
zeLRSPDbhuu*&!IMLbwbnnzJ^*7y9rFmM+&ei7{(kdRQUa8(2=0jGvNkZs?jL(2fm0
zfHP2T52=+vLo0i0p6<fg%4%umCHG-37p@)q>4vh9B8HYTEcP)Jlb14$V8rQ`!bYIX
zer&RwRb$6@?sI9X1%SFkJiypKEPLNmOjDf?=&7s+=39Wobnj})RKpbjeDTq^Si<kz
zwb8Ica98t&YJ%)*aH0i5Wdvd3HqXnxnkAWuvy?j?lc&j+@6fSd*wsDFmhWju&NYu~
zW;<<x-6sjLkhM7#;+F#Vx(2#+UQYsqKZLPZh<ucdt0u3IY9h2qUWQqMLvG7|*Z@6Z
zY99sjN+@#%0MD`;4spcl2+-*T<L^xOd0nOCur~~zeq624vNx+8cPG8%+CWA*YYn|h
z5+T_GCN~X7t6u=A)fYdV7;QPkJs_@BI+d|4@SM3bFTX{8lQ+plYfWmO)O3|nO&<W{
zwp84AWhO!O2KY^^$k*o+%-8Tz4-P-pgWRzyFJ)kN)ps#$p0|*SL^Z6h&Kz6!756#>
z>0|V?gpej$hrA4xy#AQv>@)Ty*WgqON3=TnO*<Gp!2><H&EE_?3}KYjB4ZCa-TvZH
z_KU9HEHwqz9j~m2(<Um$N?mc)FfRvG6Rv#1=Vr^uPaSD<vY=!uFzO-JIJVBE9r9AM
zcV*oe2~#4H)Ll)cIc6PhLF?gNa)tDDMY~wS9<6<yKwBnu5jsLk6U#RMMRzc_<9AWL
zdqYfxebk^t8~^~Doawg$=bJ33SiNvvdU<T03UDE1hheZ`7Di`mRUCu|CZJ6Jvei2O
zlTMd-o8IflA4kotJARHv^aGK>xQwkjH+j%Ytr1Oqh24!3hte@ka%Yw4$@A9C3p3SX
z##(J)@hAjjq*?`_&V1fE33NjD!}ECaehU=>D$iR{Vjo}&BqwhH^^1_GGVf2xUB};$
zNS#98Zy<l@ZVk*T>02@QiQ!RN+;x`?{g7M<Zy^BmZk=^3g>sdG-*MRD4=Bh`hMna_
zaUvXHPn%ebcphgXsK%TLW?nUAZeJAA<t5aTsJN>M<fZ99C@p_@ax+=K_72#4o>O(N
zcA*kZYPc)}O(iAXjTx9o)fQw8o5xzQ<x!m2=0HW5|D2jmBY|!~f=&UA!CR<lNQ@Yv
zvR$wqjFI)X;_ugd=WnP)8!V}!4y#*{+R&vi{G8Cl{@eA%jtA~dS_yGIeuDWr+-6^C
zSl`Ns?b_#Q3m5f*2?qP3GXzirq3w3dqfdwY5tv?L1A@BSvrp;pS&@~e(&FwaghPN6
zE%%&u$lFJV<lo#W83}|<aX(HamViGdG?iQ~QNAOe*0wZan#24SaFZBg2+eN*k9Y#;
z+#Mp9=sIG@Z7A|I@?$IR3d~yFi@&UdnXQLmkU7$E2LhF<CF6nFqq|-QFe8E1!aPIb
z2L(E_sXeP=+V)tX+L0Kq;(AYCjKGZy#u)&HBh`<z@C<{M^@5QepQg9E3NAn4R(MM9
zJA5_>U80x(pUiBPODJqK%6fFVlai9a*$MSg0HQy^%8lSCrE{hCw50J=GjaR--sVmP
z817081V=waQ9sF!SQ6d!SNW^n{H0jn_OYK2bUf$}LuIzb=a!{f|FV%M7`>kAWWBiN
zl<-rT<l70P#F35~Qk5S79GBi}GFn&jG^z8G(S(F+2?hwJY(-#0960u*{H1-O?{(yk
zqwaLYy?phlihz2l0!u?i-z3sj0RoDh$?jW_(+7r7I>F*SeQ+Jz595oJH_9=?ipD8{
z&KKpDDBPrKOAPLiaT|X<o|Hr{&xjW2*mr1Mp1|j^V>`Ub;h)6cEe&_qMH?!u?Da3n
z7tqgZ__`zx4{=BZY^SQY{Do}qxxHGwz1`Tl<mE5X-(&@tjyUWRH>*?ymhb^alotSu
zxv<OU8VTI6t7afNS5m{`k6R!^G4tt*I-eHm5fv7e3Cf1Cqd+YI&xXebXW!NX7z&UG
zDVfbLJnxe&_&YbHaLqq4-IJzFyFQH&pU@Q~00sfSyg^!R(CP{WOO*%YW7ysh*=QpE
z%LKqdGF0DI7yJaa+Y<;*Lrc&H?E3seAOYH;YHd1^3T#kqMC>Vq)7t|nTzzIsH3u99
z7uwh@eld;>3q6SS_d3!1t^k<vM)WwX;WqHsYljnqc~kN&<+xxc<0INUq=P%UWOp$j
zVdW&yM=oV~Kb7k2llnZqb-!R`jGOdFqg>uasV~6>l-UIJ=Z6R3cA5Z@pc=zDhm@ry
z1%dGfd&lJxa+%(g8}Y5`<UI+z6XGz!w}4$ZV-*rUqi2codJ>EWq#j9qRWT&|cC5s-
zV@^0#JGsH|z}L!N9VKsN2yl9QeIhAQ_I2PYqCbG5`x~GUptA>b$D@)$w0P(2`il$<
zbERhMHiPcSmS*?W%ibUFizni}RZ`XjYOb$dmExlhpP^)Tmonx}L?h;Tk5nV?1xLja
zlpZz8^#vFvv>9r4V<cAPqmcIXCEvb#KWc(F{#O0%`wkDf^v_n^$3XTChE4}utt}Xo
z$B-+XF};YpO9F2fo91sjY82st5_hOLxR)isJ`#byIj)nlzkmAjDY4v03H+#>C0?Ky
zWe6zL8(SsN_X;e5#@=hQxqwi?3=VNbZN2BeeIMf7@0HhY4u~bZzmz{M1G@3NJgyn&
z+OXiq_j#`&iDqDLf^|xcGbqNbO<4-n1o`^p$M@lEH(d$f1dX$iej=b)`HjwEE-P$&
zzX+CwSQ$?tjj-B1KraWwNmjjqkT#WhK*WHoHZIWdjXmEA-Sg<))ji`C)a|0c*g>Gf
zXYaU+#JFjiTCG27u^#`|QPA@zZo0yH3h2IYrv&iPe*S;Zf%jjcI!j#`XHgNu=kx1L
z=ZLP=MxS35#O4paR!wosD2jcdB-{~XQCe)Y>&?NS+YK%$*N(?kllHzj7;s$zEi%(>
zrGCjLnV+9V5M3HXy*=|sd)+3?eTCF*d9i0=Zw)H^b{D9G_CO<>)Gm1>k4&Aq?epZ!
zvrMN%XGyCE7tQxKANP?wWi<XgY*e%d1wQ#p68PuCes8oZWNQB0M2il+R{VtuJm!iV
z{G|QpB{$DwetK$q&q*dobiCF3X)@k}94LJfvJQHqy&m(Tw%}vuwb474za%N_l7Hsp
zv*q(nd?Qsk2C*!1$!%HWRG{^PjH=p!$5-U^)Q)RZ4DNVxAUOhW2I9?#=6{?K{cZf&
zHeH{<BGotAcPwu@dKRl5woqawM}gMAh+97RBK}kBvAv#y<5$fux%EH(RMvUT+&<ZG
zY99-<oG1NwTb}fmht9urzHKdz&HuRJ!z#dsft@CcA~O~$Kkq%KvSUxpmFNF=JAgIL
zj8duf3n}GXuUuc>PRFh<2<WBGHAdCKz};TDXg+Nr*{%wFc?l8pU&4R*buERPZtxa6
z&6l>(x>Uos1znviiXu;Ai!f2MMGpRr%bCm)#Yc-o#8@_w1YS}{tTuLBW-R0gkWGyt
z=z_^#k--^<a4EtN90T8(;l5VY3%2a<VP^;<HEXmRw0iWl^y9vRk&5v5q01t<FUGsj
z+=giCgQ5mFCk)f!Ft%Pj+e)kdCaA$NlbIy~BzC=+*5SVdLEM@?#ZSY1?_JTSu<lFy
zH#PQi(L^lV<$aaJp~5a9C}ei(1v~aXR=9Ica^D6vQ*zWrZs1OHVmz~gd-thlXQ{wX
z9xkhG$Xu@F2159kr?+8?4OQ44kaFzXVqjB<Kj(d<W0}tu`#Ze>r_(4}!c@6-roYGS
zqWPWI@<8JofQ>}_6vNv#FKWB^G|g5au(#dqi}>%G5~HBI`P&72$?UVEE4CN;E#)nn
zzD%e*+i=DHJ2Pc~EBccZj5m_PgJ&Ap2NAh}+PoqXSeItIECPQiy=D6^i>7blNm8rJ
z$-M?+Jm+rS!)9;tsq=PXf!W-Ig9`>@w!~7a7Pv2#HZVFJ<hs@|O+J_i!>rpuYgc^a
zXZ1%?v8)qApKugz^*GHxy!%%g2Ls%xY*j^UR;%`DP!W7}61-g@n(tro*#%+bt3bja
z?wmN&Ijd|E=BzO9`{niWV<Rt`X9EM?B6DcqAZWhkJ@~zq`U2?_0T|_GnJ_gyoQqAA
z!lpB#IhkW%4k688!W)^QlgXuH*Wv~#KHSJQX~-)6sx)F^cema!o3)38pIkb+J<uuI
z)}D)0TL^=usYt@tC9;E^XQLv>xb;UtEarF|BoZD$;@w`<)wCnM;tV$ODmD_`IIZMW
zte@?O*Y%QE{eF9|-j)6yf)yvJV_?S~FPB6E9snuF+bWM;(@kbutkhwEkq>0Th$3T+
zrc#aD7nfkP``>%Q+%5&4Il$Kw^krYgEpg~0_0g7r_?67fDVjbUeppjlWoa!nlAvD2
zwaSZ#@<ujb$<Z3UJX)m2)CRDO^J4q$weGyuy<;i);bVTiSPV~QL_D8ZP9WAC@s`_H
zY8}>uB|i;rs(n<6vy5yq%a;!5ZLj>dE!pb+Hyd(*8(5IXq)eJ>>)47}p?b>Hf}}Tt
z<agBNl@A8SqMl%VdwU$9#@w#gxeFcr_Ts`|RKhb9ej6|LSuR9wdawL+Rb-YCzHc!<
zjmde@XmN+^IzlNaHJQD+^_OFdmd0QAn`d%MNOG4(T{!c<j063II?tB-k#SF^78W?e
zN{kBh0U@I2k`ykPH@yZrQq}uuJFo`^&EE=&x-u$0A^NL&wlC#sy)6+;TEu%VHaneF
z*&%anboTwiFC&c~;6omm-U$1}&)6TGWHq$YBj2KH(joHm=P{TuB_Z|OdjT0ZcUCgw
zoa7r-$LCiPL1h#m151e5h+dyzOCoL2Wq8Hd_;|kb%*ga8{3MfKaKhi8(mnMUXkf!*
ztdfuCISC!quNTDGx#F(%Ifn#Oq<FeI{G6S$^3v~Km0)i|wlJ-PUF5m~pa6RO?ST_<
z!A9^?j2RG_`6#n&oLFdYdpP`LG|WM2p{np9_-Bo>+P+Z2M=L9FPuG($C`q;z&Rp2X
zXmLLM-=Xj6Qu6~^H&k{EuPB%<sB5B#<+Cf_b4%S;L<}gd^^evNBewchfxT8%GLEAc
zPpGpRt4?0}pvU^6vBouanROn8rBAoon+IC-Qpv0(lMW&MZXjsoWvmcTJ2X1$&-t&b
zgXYWMgMWq*qaS6bx;9UhR*|sPT5t|XJ^P6){G_9OAZ`w&={!aQ%N9%5SBvWJn+S|>
z-We<js()9yqd|dfc_$wK%c6^&T96*w8yT2A1r;Q5KjM(hbAq)M3Ybpw+MwhAg|qs_
z^Ye*Au+oACSK2E${ua#awDW3{r(MlJD6sD^U<CYvMoXz%k6Er|!MR<>*JJE&1Y$;u
z23)X99|y*;yoT<B*k_E#7G|@J_x0Wt&0JphO#|#Y@Mg=)crC<Q9`V&8GyvuAEPEwd
zzuU1jyCmIj`U5I@ye>AfWV{QfTsIA0j9Mh_9S<F;h7|pGA6@vv4m4Ey9x$WoO`0u0
z;|BjWfw}7u|FU3qyF+O>N8GuTR1?556PXxxh(FTJaln<6HOGkJ{2A(C>z>WvtAQ5d
zQ5R}<bIcMCK^UccD!mxXd?}v8K^*w<T`+15g_Enjp8j`CS?O&BarTag8_wS3tc2CO
z)&rBsd@}gwJy%Bed))eqPzk9B+u-!y)`8f~gNK`~)Omnp*}S*rljC1Rk;mBb*fKCM
z^M6#!KeA1zTYK;Se92>~C$wRI)lDf_&CyHNUu%CzGYo-NP<=1^(<J~(v!`~v(fP|l
z;fKDrBl)POT)W$^Fa1%PH+Vij^Y2x9FYRE8LJ)A)Y3Dq(cm02V(mzuEpS8@7#at=#
ztHbr0^@q5i>49S0H)jXwbriAEZ+FBee{$LS2t9me&f0J3X^}X$4T@o{q*(;h!HoHO
zSA>%;lv@DB){l)X0%dGWWC)#PTqs1_?R|Pz9Qu2>7tKR97O?r#TR=m0|6)Owv4=i8
z#h(X-VndorM(Gs9jg?z9jSK6>4VheLGBDx5w782wR>Xue&4MPaNc<oIWwxQwEhGo_
z>YYIL+q?W&XhevBR{O-?QuEX50bTttD!Uxb#ct-WNOKapXu)Gw5o`ngj9qpEg7V>`
z&P^eY(_ZJ+zl@ziDg1GCW7TS=0(y^Fj|s^NzT_ZW*OuyD4a5_1iyV~-&3gFeoNXNX
zDD7Tx%~*&tA)3gflwq6Tq<xo#N}@6uXyndqKG5RE3Vg78^M;n_`LjVfXfB<{t|>*c
zNEFUDXCmy-HWTvZ^+iln$BRRd)Eu=vYc|43qsREp>yp>G?7Y~y&%))nBSd=i$IMZd
zoMt-*$eP28A#ECqiO|)Q6<iq4_!J^adMykiH#&i29rSmRUBiC(SpIiI1lAw{!ud)X
z{@&PQRm9fVh$CE}yLxqwCzsNF>T#2JXk>|8gCFPd_+pd*b@1;zO`CqYp&n;M2jwe-
zqIcK=ScC(CG+;MutB7!RsexMtvYG_=RN>@W42<HTLM8+l(#Fz0q$1*fTEG%oK>A_9
zJYYe=CPASEZ@z9}e}o%eaCC7=SU1QG0YZGyoC(DHsj&D^j_|9S#emA<z&EnXIWaD!
z-_SJ$(sB@CrGhBmP)qgk#=vp<`L%s<4V<b6=naAWmp1-q0fTno3oy}7%>O{lk%uO!
z+l=;xJAXi390k-BextDR*Ac8R-*1S{Wf9@k`S4ZV$YbGpi6pFLG}%&48&~dNE+D^8
zIxLJ$ooLOjCas8k$8RhO|Ju~Q>l}`+XjS35E~SJ9ETHr&5`+;BVz0;XTF9HcWqdxD
zoW4M;`-)^!2I;FON=+(j`*^FGy@U<0)V<D)d>Pwy=+5h$4F|6TefYO|%WwjG#%DD;
zN<F(1(3SS1)2X&R)c(5Z3M93$14m=~J3`4<eH*svEU+fN_#J!SC&Q9%Tz)sOuo(I!
z5=WpZM+w0ltO>OJI=3Q0;SY6TqImG4|Ba$L!`b{CVF1bJe`&EiF;Ua>y@A+{US2*m
z7qPl`ykyg;!)RcWFpq;+2U8b4CTwLPR`)5NgiH78m$7s43dRkubB#B0rkA-1H2+H4
zP*y#=fA@y92OmxeGj4j@@m*)-3Cldh<o#kIp!P0)6*R;ADeFF);h9{|mtO=^$nPJ!
zI6?Cp4vDyE-homuCcVy`+$eYai*L&I0`2bn+j^IyLC(LjH4ErmV*^V6t>{(mcX~s)
z=l)Zb`oE$q_xtkC@%_(@D#uDJk7byX79RHRGSvK0c=TdMzJc9Pf7d@F`Z3RSy*fzx
z_Y3IdO^pl3Gk(_MeO;HsWGZB8-MKyWI(P0aU7d2p94cs9NbmTR@dhY~c^3n<glkYp
z!j)am6J)<?Cn@~qmJ^WrIyb#oAbsQdpf_kesJA`Z$|sm~>-edx;E&Obpg6bw9TFZx
z5*ONyB|*2|oii`kV<3?idqb|-^Tv7Lio<Do3cnQ8y2<JN)C?4eFTb-DJ(=<Li~W&S
z$>!Ipa&2Yu&r?GbK%Z|uiameCPwt%L2W_Cz|Kx2S$o`Pei7V#=o3-z3iPiBHE4-O4
z7IWMwFZa?z#n_AH+DUG@+6QSTKu_8gB%fXy-7proiEzZ}mB@<=gSTHl8IS$Pw12$z
z57z#-(%|Vsj?MnNe+chmu$gIRB!OF4mo0(pvX=ppaE_6dze#rIPNO0&!wS^)EXM;B
z^Ue{-#4xk=v%porGuPhtd>gKxS)bNd7m-7slM&{#SWIkqMcbyWpviybJgDae@bLMq
ziXRN{&#!+x@%9TysY<|B^VXS1`$M*Z0z!K;B|uq^oU<lY)FUn*@P6cnFuTi11D#wc
zF}1q3gEiT#E&}ShdM#Zfrh+-1HUT^!(YUS#3fLoM)G+Ks00pe})&mV>15bz5r%jjz
zIV?u(0vRg6yZl10>VlrA785}4hv$MqD=IQY42}Q(@cD*+oqeFV8#tR3^5g7le}DK6
z%*()}NFMY#b?`Rmg~X3vF?qz$jjLX0cs~*YeeU`3>+2cBkE5pE*}%~h%-H-}Ptee(
z?jP2v7x#fq8Ucmz>;VZ-hT+D5><<ACDIC6>B|J06%4~|L$$p7%^gX!!GaOU3{!)cI
zyxNgJx^X-AjWK8rcw>V7ZnGe>h!(99?93^x+qetQWX<&V{84=4?9EJIn+tF!_fGF>
zz3Z9JTkKz4c>!T-?#%c_=5&mQ`^J?OmJwe(%s*&k?eD{%-V$&@c=}5(nIl?}zK5Sb
zxO{Wnaf?WDf}8G1o8`{^lV?$qn=1kyUQpSt`d$Z^qF*QEIOR9al;_@%u}zuvQ2oj9
z5O7af?~88Y6QL2EACDY|Yy1wvx0K1hI27rb!gz^~{msenY$58wj<3%Fb<lsNTjP@J
z@{qmu_E(>l%Xe&2+6}yUAaf?;?B_&f#ciJ7_GEznG4}s!&jvk-rs1%`A%tmcStL!o
z)Vrzi7?iDxtd1n&!438EpSz0}xgS~8eg~R&p_ZV?sn`K=a0qX%T5F9t2=h$%Pq0nT
zFL&N5e4fMZ5rXEyu`F5sN6uBPXeQo4h1)-UwGQP9Z=Pdm@;c}6f<6o9(y&1z!p8^}
zv~jsprVGCP{5ryK?c<}OIQ}{`Cyadw0P%Zy;AvU_h!Ia_GCG7B5&N4=7Y0t<i@tTY
z3h@y^Q7?g{Pt+^=X)yK?`ZTh<GF-Nwuh&3`L6(4>R+`S&0LUAP{(voNmswE8kwP!<
z2>||%BHO3a1r=eXu6%We64|zJJmV#j^I>pd+=U<rc$fVkD7;?g$(mCm^_>q9l31XX
znespiO^-}X&z@k@1fn;*e<YLg!N{rOfM8B4jd`HkWTKeZ^)hGlUH`j)LRoDsUY;Ec
zhU?ex9m<OB^tN;x0yewPMkvK7%w$+3<kWQnIYKp|KF~d8_zLdcA^SEwZpnbZ=09l1
zW%EbCeZL^aCZPfx#?&84P#;lmVjOTLCWfVuz@kMFknz=Vf%)j5BAGMG#Nyy~bKVdF
zXKd7=F^V@A28A!Ke#8h?yuuKES4gmFts9x7X{(y_U^tS4(B~*uKoJ~uXO(nI3dg?l
zV_lT0uT;imU_j4~n4v`NMa`I3mpdb;_P=Yui*@zOYh}&0uUFy_sStKyn4Ed!%Ov%Q
z<)fPAGfj(T7+3XU=Ll!_BVWS5s6@Lr5uCvRgmq&<H#9nuC&*=Mde*D>L+XlaRhG`=
zl%&brcc~dz{appQMYTmG(voGe%6g>^1@6j{Bng~4nhuP-+Ki-X5sBVpyyu9Y)>!ux
ztDNqY2Ju|dJx`e~!D~?bhr(1IIvJ8=KbEKl0gt2rJKCoML3dtwkw-8&PTkkfj70gq
z*y2?iP<Zy3OhzAnWpG(d!LA-tJH?!ahyFTxF52@~5|LVsMw+UceTl7o8_^UTMc`yX
zG7Kok=7IZ@X_43=LBAq6bdd(LN(^Q$CBmagT1`lrPXvR6U2}lcVv!t~^x*7j{J|#B
zXQ=%=XLvcHvmOD4)6Iz<rcu?hAK~UxdjPJxb-tSl>Oa~2)@x8VJ$*r0@$h+(?Ox3G
zrN<L?*f?w-X;msP^5t07bNV&4dTjc#<}DIT57W=VdKgbES=a1K94X;szgk#2@6B;t
z<@wq&pYMxQsaK{B@77x_!=N6Nbw74GBmA5{-}uZwDjO2G+_}KZ%3&8?8PHWxX!bnp
z_yKrSJ;5Ly;tlKuH`8f@nNe%N^^vU@*Q)h2lxxjOhAr^;x#^ceQm1S+oaI5>Kh|hV
zG${o}ZatsJE}1OJCnZDE&f{#;a64{$Qo8?GV8BuBxu{|9MRT3)Uj0K&7^Uss#O>bk
zKK{C4%4gf$=BfV6db1h+$vNz)N*C7)-O;xt&;TPyqdiihfRu%*=iFqf_g2~j?d;fH
zlLEd8Y58prXKp>K5NuZoBh5Fcz-7DOC@WoWjvD{dDUyoE?L)W)6Bh<~1!s;Bj8s!z
z!M@E$UXX%!+6JkNC{uOYS5L3~p0+G+%#oA)8?S$s*UU<(hH_@klg9g4?FO3u;J{Uv
z&P?wHLd7-1%ZnU;a4jMwrKO>?p@h=75G<fRI7{l@4^v6UCnlG0UqKqyM_KRaI!4Pn
zCP1l+$;>*qu>Bi0x8l$6BjNS?LeX)n$dqbQuP!C)kH{(WKC*}CSwrfB3cA;^vr;aG
ztYfEPiJ=(vk!p_V>PPuRa}0FrokJxU@>BB4^XjqCb?k^A=fw8)q3zQf{+(WYQ06n^
z`zPX90TPq(r^M8rU+3n1%H2L)qE6t3l4L4ewmXo1Ga3At;om@CnmIp0FWKx#fz`OM
z9*6ZG@X*RiF{d||c-$CVcHV+E_xck^M@R5;87rM$nFurefJ0s3-;(mxd%nlA5Roe|
z+%lh8o$x@ji8B=T;e4V8Y5((_C*~w~nUNe{%<^YcrK|qb#|*48tAXuwX~~Qim)3fq
z8if?h;2L~s3`<O_J5k>|aBf}M<06dHylrX7baFt&h$Y}Cr}de7#*yQ|s8$UlU)2jg
zECOC>Bvc>WqeJJqub-5nmEUvPTNZF`k)N2J!`WV{D)VUBLW+U=O%V#2Xg3n*rPoA%
z&0Lw@-O3+NU{M;WmuVd%G8N0RUQAj6M;7X%+49Qir%<yucwRE^L9JFGX9+Jq?&Hnj
zJ~&m6@<y*+LpT%W>lZ31JzNAsR%t12@3{VfS#0&OyB?ZZY+^H3NRtuu55AY61)Iu%
z=i-GjsAknM($kEYF%@j4ubp^Wrt1lwM?qHcd-%(0a_&1Vkvi4vi5hyl!7lpfB!|;v
z4XHrH`BU6OIRc&;EiAS#go?<gO>t03O#$b|TU&}K@RdP03a^UeAy*q5vREHq(!f*0
zVWe5c4tmyfdI9F5CNG+?P<YMo0Khal+h6@>>fIn1p(=Y@_JH}eVo3ek5tIK&D<Pd<
zI<q0frmt#b9k=?AY?~^c$tZ~55P4n2j)u2V|0D^Wzvx=;{2?Hn%L6{E{Yk;qy!3ju
z|A*eIasT$j%Kbm;(En_=#@RFfXvzOy3*Srk9)4OD`6?$=`S}YWP4Q25zBq}BoF!e`
ze)Y4>9e0vu+HcHW=@K8Qm=U1(u(1-jy*vc+_|mfJWF1fr1c5YS4*`XRTfou@bVKJv
zImliUC{TbviMa`zW9|ZFKM=@K!bSu1qywl#g5JB|b{BaetXYCUGUmItZ&V>bpfb5k
zN6_JPpyCLMY3=!^>3<yZ4?_N(GA9H5kf{b$YI^0c^wtniOa-t?0fA1YxWZHWD;KSO
zw}Y~ZD>Z?w?I$lTMx;i+Xgpee3=~i;thj(ct+PL>Dla6wVL*b$j4%JF$k@kL3U|Yw
zObN~2sCFE-xP}2T^@Zi1%PGLy8Qxa^sC(S9@)0KWo}z_$PcJ>ulTN(~KsJNUcKoYI
zf(Kqe1d2KP@0!VvpRMt_nZlyUE#aFD0dg2m+PF3YSfGGF&pcbd40C5hUfdLJa0gje
zWI*no(T7BW4g+r}1c;*7cM7GHLO>~l&TqUNv+M+#eZb--GfzAwbz>*L2Emj6Y3E;>
z$QhZ22-pL!z$<SCCexv069?Cb$+<Q~|Izt-buh#-$o{zS^%5}!!<{O23uzec#9XSi
zrjyzDPSi|xdgH{wBA=2v&kFIWYW5e=lkNYqR2OMl)uGwo8-nAEY3cpm#Q0<Zz6%f4
z^`cIAfj|Y;rHa4^93K+6OZ{N(H|f$vq=17_RAaS!sBne`esyrE8Ws&QVatO~&i2v(
zSAd?m3!5~oV82Y%G&ZnYOj8FhCBzcEX8wD7{3TQ=V*M2|azzyKU9^~;OkYbLDE12}
z3c5c9JT*4_5Mu(`quJyKw0h%+J`;br;ajZY)pRI=J;$RXkv^`>Oyb)`1gim~c)~&g
z-3`2wP~=6xY>4n#2<!3;i0xFbwU)~mhs**S+y-8of+=3B6FvFuKXztyno!tX12sra
z&Hu6q6n_RKf!@9w5(YYaJ#q|a`u!y!erY<sns$HfudS@kbSX$Y=3@a-2qBGDPrjji
z^Aw|{dmm_9x~l<jtZWaOO}#0B?)ZPV!I4;k9fFbOKy(Qk^V~iq^H*!V74;!2Z|ugd
ze|C!hi&xt#CDAJ1W5nMgm<Gt8l~{wuQ|G$S6z<f(UWe=D5zD03zgiD;R?|3n%pt6<
z!{sWHMd!Q78?msgCI|m$s-gi3(ePI{Um%q^6?Po+3rrk1>bmrhkVjd(X#zUza*YId
zL<p|H<FN$hlvG%4^PFC31Yzonf7rWypeLHeus^vmf*As3g%nZNizy?f>kGEkqA|S%
z!q-{E6byB$r~~hx<UjLgKO2DX@q+M`#%VJ<u_+Etz^PGo1`^|!ltF!<F(Ev&0DIU8
zcG2T=b48_O-w!*wk$mRgpLN78;`7v{*vN0&fj#C!3i_h<36<4AivI{>eU~qG?vEmU
zXYJp0(IT&}{Fm|c0o3r~k~a)M;|6-$<@D`3%H(6t|Ji0eUo7MEQ3Id>fEk{i_Yr2>
z26R0s83YVxbb3&b{4MBn2+^emtHJ&#i!EF4^a58@5rz^tJ6HuaqnKz?Q7JYuq*>Cy
zSJMo7U4}G4tXm!NaWEi<Q#})z`yv&A>gj)J8hFQHG(nH}R!cyI@Tmh8IV*1msLHI`
zAU1)*C9K?P-=LU8D0jRV)@C~z7lvhKqn#U_B<i7jM!G+YlQnJXwekwN{tA7pi$!K(
z!&cHD>@;U0dj%?3>2h23_B#O7X8+6BgC)@r&Tw~$7U}~-nBm189`@*l`F9;xWueha
zgZduoi_Jx@D}NA<k>{Bh0e23M<l<|pd6}i`%mJD!tDYb;9mPab8ta+a^u~~EbqKqC
zI=ehOYf68YFt|_u6kLoOv)CU_EABuyPe~)!nv2B2-|sn-lCnu-i=orm7x%gEQ1UXH
zCaucrQzkXThU>eqZp_@86hJ82zxi`?V+lkklDE!qz%rf|m99N39jfQnb;B3e-%XVA
z=Sr_axXqA8AQZC-y=_0Q&DtT?2diu92(YWA@C6?O=PWu4DPTDOpx#$q!d$~c5Io>N
zZG-+UAX#FifXU9p`x8LS!PAVRIL1+0M{2cOP?jXTG-}L;78y5@9M(u3<k!bmE=7FS
zifFg4F5w)2Fb)&}hxZ9Xp^jvz7g<2ozc>>kz9hN^`@JUzXOb)drvER{bZMRvLIxhe
zWtq_<y60Tzk;J;|fvtOgbSQBXDp)7_yU-t>=vG@)=ml`}sHj5=7fq{Q5(hzevv&T~
zhEVQOGpmUX2ZBCh0jVcDp!-J80maah1-&D{EbxOOXBG6J5tC2R$5wp+`k7FbcH#*U
z=9$>c<8}+UgZy;~Z|j?Xb5Y2^um8H}tBABCe8ya5#5b^3w(;v`XAbZ#rI?rb|4Dn@
zfigCqg%b#;1Od==wx^}@{=YyX$&Fe0S1;%RFTQ0KXaN}fzy{{LclAKh7(|T?Ha=Rr
z|C^9Tr+WQ>>HEqr|KXsF0%<hv`va}FuIs(&CCc2d;?iBh#2Fw__^X5*|G`j2yU5<O
zs{nM7jl(a|f5|(~+2$!B(-e7`QstdVIr>ocQ)pde>rvP8VJ2b3kLoX2z%{LBQ`p%A
znX$jI7qjx#3kHiC8C@T&ac!FWwRB{j?Fp+{(t|Sfiik~%A?RcEfPVNdAkG?&4$2yq
z05$!Ib*Q>%|Kx7KkK{iE%W1vL=sFOsBB2@x05eihZ%dk1M+mMpdj8Zr72eETJ*|Xv
zeT48A3cK7~RwvXs|HV;nVhPfbJ@>CV0I&jL;&QkB;NL`UGJ~M9_Fi1yS!r>zR``cO
zJ}~ANhyTQwLe^krbidU?c1MvbA^}WSu4iD_89{6wMZjCRWd-m!4acWBbVm+WRF{NV
zE=Ex}ehZ~OmWs$mdKi)wR#U=B#H}S3S!*=~SG2PE3@yRkmDKdcn>1r#k~$cS1~hvn
z!d}%q0&Wrgm74kUUXTW?saReOj<-;wDVW9ZXE!>Hm=Bip2E<r*X$~`M+7}j;-Y|O0
zOlgrJj{GiOv|Y3I2F=(mYNXFt@Rjm6WH_&=j{~B24L;xi9~hhzOklWaK)VuXmGz!D
zKbUUlVnCe9TcNt~^;`1P*@BqT#ne?TI3QOXN&zY)!m14^X!3I5K=xwrt74kztd-q0
zm#Bp*^s(yfzu`k-8GD^p3Wf4NJ7DjIBs!0}(-_lWRvnP;8_Ms?Sy>p+={UG?d~fN{
z=s3ZB2Y2}u1nxs3jZW#)P^~k&R77_*)40YcB$pZ{g_dsmJ8#*l99e2Jzy_|kP*z-M
zs7IC&ONr1%tVSJ|(cvKYuEKBrF`d+E+30NH*I_ty#V{P5gZ1ZKly~8OmlgzsEVat|
zyQqT|)UpX<{|n{<NVbpGQCd6xa3$k?DUwI)o`ln*DC_Uk#QNyb(<U|5@+N^Q<Jc2p
z0BzAA?$7->QwF$*l_eB18UO$wp6!aoTiGFG-eOp(V8@OBN8XbA_}@YC?+O1e$=y~K
zaqTZz04P82zoz5=)M@{tn{$t8>Wbqy&M+|ujWZFA!|vg-W$HRc2FswLQ_^f?>cV1G
zz=B=y0d0r1B5f~Kw@Kz>^)(5wfzyyJ=_tBNp%i*ma1{ZWnp@CPt590FP->~S59+<$
z?`kj|+y3*9W&N``=j3<p`8_`0bKBn*nKM87px+UCTq9y@>6x#EB^qs>=XSOCVt4Hv
zf<;|L`=o_2ki^%7@r9txK8roPO4W-}go>uI_uh3MUlQOKKstRREUW?itaQ3SZYLwR
z@hj1+Q~LurRIfUtiQZdSA_aarJwm7O@afQGHu-5ulVYkQK)aL9h%>vxLUch=PnCb;
zQ7$@(RdG;D$DWAw&0#eZ_FJqsTQ>B_?TOr;k{e>_kg;^kxWW1`#(KU%sqY_pM@852
zI<xDOu~8Z7lW`mM7N^!5rvoL>FliEzCai6-_dG_YAZ+I1hx@SP(!pf4VXV_oSfFQ-
zw}9{ob#V^+(NByVHZX>;^~VGc?Z1-Ck#U8VGJn&NH&Y+Xb_jw8;#zWHXlsFIxG_by
zg67MTDZZ?LM?T05`7zoWEGD`CkEL`pn!d8gnKYu{Q0zpbUj0P1uVowi6+j}FT*y<5
zipV;`xUOCB_!gLgFBg?`;%LYhg1?<wDJSNE(L}_D%nuZSazy}7K|Lv4sO;!(lVG4l
zn!>kFbh3CP2~&D3r8b$tAv5_d2!e}5Ek*xgWM=imsqR{`eWj06YU60V?lZI4+n>63
zx}toGbOfKP+}n<y2A|L&SI-1qWt3dQzps}M;ZKsdriL7onwu<r6fF)dP`)-YD)>Pb
zHNe_p8ChGrne0>qSiR;?onpXGyhthQ*98~phR+_}z@#3QC1<^Cw@uP#Y=1_<v`@<i
z=5e_>5-k5P31md=B-#LuvVu(^(uGPxK`VOaEE<~NQJwgBF&Z=(1}Ksq=0FZ5{xbOb
z+Xim|>g|^pY#D|xh$Gul`4R%-inNt$=U_~z&O(dB|JE^>XsKErE8d0B(!m2K_f$I6
z##GTRu7<u=Xh{Lj9q39}KmHOkW3FPi%SE=Ljgr>YsFKF<`%$&;Gp6){=IcE1;~9o0
zqBvbovs^Y}ZbZx`Vt@e+iDzC~a;tLI6v|ZW?1OTjwwD0euvL?;aC3-C<~cX8xL86G
zy&~;)-;H8}n25K!<Fk5YcxFwrZue$4CsbK;2VRY=9Qx~8a@dN9U3fI{1fxSi^@K_!
z559>LI+q^o9#OuqCr}?E&}tvj9^nU-y>Zleq=HV=#JRM|b6Jgoe^}0#a<7Qo)CpoG
zGxqwEa1n@P<~rmmb5cLvJet&KQagi9_YXvytQlrl&X`8IRU-dEQD3uwW~Fjd>XbI>
z`n=7aAikUD*#y6o+;=_ffhC&G2g*u^%e3Bvd`M0|JL8j#%%~Os4@^pGt|8;%8cctW
zP<OYcbafCjAWd{X(>~Cx`n#TG1{dPeHz*V4F*A#t4ZT8PoyC05tM#n7KCny-aW5c^
zvFiq>``7Oal6XL;D#arubrXk(axBr=PGoqg{g?dL4jEJJ33c%LyPfX`3{;3+v42z6
z3;BI=IHY>;acV31+5Ak~YKUz-n&-b_H{C^`x^80pU{)*U2Q+CxP3ty(@wd}8GT5J=
z{amHJJ>Ip~hyy(ub*sd-3rghIJkP@EHy#}=q*KJp`SNn4<Hhdd9H27Q()yNNnn>~C
z=@w>7M`~4cSyypV2j)5^XvmR(%q!I93agmxh*MqkJyz}xxJT)b!%<}+6DMo3kum5V
zUG9%MN@pBc*8JSBt-^1<z{mcRtt!B-|CeDo7iZIZg3qNL@|$sFh<!Rc(j7(O^j9CJ
LuU(`5DEGjhurV2Q

literal 0
HcmV?d00001

diff --git a/windows/threat-protection/windows-sandbox/images/6-wddm-gpu-virtualization-2.png b/windows/threat-protection/windows-sandbox/images/6-wddm-gpu-virtualization-2.png
new file mode 100644
index 0000000000000000000000000000000000000000..94be89b74fd4d8023dcd6e98844c3eaa45d5c5ca
GIT binary patch
literal 31102
zcmc$_byQqiw>_AIU_k>31a}KgaCditySqbh2o~HOg1fuB7LwrZR#@RqVO`vtd%ySI
z=pNnu>(SkRFp5)S*V+4=z4lsj%{5nuysQ|~JM4F_UcEw+5EoW__3AYd<S!Zy2J+2D
z*z5@8<F%urnBc35QQUpV#amMW8G%=?s-qAd^r0cw@OI+rj;~%}&A$A-{xmUs^y-xx
zx`eR6S67{*blBvN{gXf1pMTH&tR>zFPG*Qk{LVoXYVZo(@9ledQR(1N%A)Unep$jp
z9J@ci#D0KB6DFe)uX^$ZSsjhyj~)m_wpMAbT})s9a*~sCk-2dxu`qGJxj$-L8-TqV
z?(gp>!!h=bh88Fg6a@8c*s(jj^7UaA5L_!fV#h@mYaohnVKpHpQUvHiDbW{)jbz5`
z-7d_%2d|UHquYJtx_;Yi{_trnpihFbRqtS>!K?7sox6W{db{kv*qy*YbJK%wczV68
z37t;mR*-!>PC?0;jQG!h8iayX-G<}nZ~jSAy~qf_UK^?HN4hX=t(th07P^?mCHnZ;
z$Bvn^UiM)mrI}lDQdz+TXr+@xT_|`Y4Z6&0?az<oWwAPjonb@lm`UvLTRCI5%9A-a
zY?CJ6<Dv~w^bZ09IzH7&OB6l#%}jD3HmvGrG0tmg<@C(22bJW<MU#AFxH2Knp67S8
zACd%f!gDA>E7=N4QHtm23MRGDh9fiv;8OV)&q)lDsoSGD<b5d6p&&{!>X#UdQA~DE
z573JJNI@hfsej;%<{+W+6EZmPe|hj~o2cN#Q_MAXEAf<f=9z4lIz0GgPQ-%MHgUnk
z>+~uO7-^lP;<4uD6OYe(1CTW^CA(kbaEU&HWwl7Of6&Iv@)W>Wni+%7mRE0h-aBoP
zZi{0{x4VS|l-cqC%A$#;*amx*b>e%YxK*$l@hKmtXmY|Gs96HDqRldnZe+(se%dZI
z%j_jVUW_rr)eegk+~gkLorn37M~jw2fBkvp^D%wnnx+C+MuXaG5-j`FRm?ZsMa4Im
zWzILWz7NXx8KgkLjBI;N6cx{{c);2YRC%1BhrFR-y@TJ>q(+Yi945`-KU+mIy!XAD
z4@=M#ADdl(c}k<v*HAkaym{xpsAYg>*p=q)>KkZ^b$v(Y8@s(mgW*UA9V?IW&Thr}
zIL%kbV)<QUf%y(cjZE4kPm9eWdujiy7tNscIqxK2ZHR07jluI^Zd6jCj#(MT_;^a%
z_7ea!_ymhf+Aq0GM9&5meD{%x>`s<Pvn2v9u5!+a13ZsTwq|ZR5?8;LNMX@I1dHd8
z9J?@{f|IcAko$xR2L5@OLwLO(dne5ojN5*Gn}wd-i|b(8;)+phT&b+UI-ZNh!hwRH
zNsN=@k#Y~$At&*h5x(<B;St2HKP<(VQULrUWC3|m8e$$#gDcw4Y?`-+Esf_7GxK-N
zD6+lY53mv0qYcwRb~TlZ*>w@Dcf}kdgv_Ow;nrN-w%Fvqthn=@EG3FFJW=7oJK-L`
zm<m%zgZc62s1U}mJ;hGa?wS=@=1qFO%EZV?gHq1{mwrUNM_J-ew__1(oX`%J_@w}E
z4v3M%DB0=|6Tv}Q4lYw0aOT_4QjpnnsA`wMX1c172Q@1<2qJM5b{QXJ2ryf_%f$6Y
zvWu=h6&2Qj*feF?_rDh3jP5d-bR&~xq)DkphrRolq+iS0%GD6n^Uo1|xqXJ2*Z8+0
z4S~weHT9KpS$|CNo0zrX-!97052im0?bBhYd8nUncRRPUCC7?^{`mo9m%wO|a}mO9
z$b1@fO}C%jI*(Az$LmUYcPiDku0Fvxb2Z5Qw<!#Gl{2mL5>dPNz0v22oSCg=$-Pwf
z>T2JKgYcEMCoJeK*PExUf!py@qcOFkt!k^cRbjD+XGDV~uEmpzr!@u+o>ig4-15rq
z5h2a`%?d8$m%slUD>V3+^MKN&!F+wL+)8pak+-P?MQW-m)LOKWXFl_XE7>Y5<U>@2
znWcGs-T(pJp{!`pN_}%1^ndLnFd*8jbF=aNCI`vR1F<oFS&7^j;b$G$?Fcg(JRPlv
zypgwFd2-S2>~g(59M>?;qV3J9KC*(5@!ivDb2Qmz&zp^IHT|&VO(t#OpJ@Fr)0$K`
zQPfGDb)MBUTrzWJCn|I|C_21tP-lE0=C2Gnu4Gb_SlK6iVZj9bAmRqRdn<oeMV%@1
zM~H8NI1wF+Y{Y7BfD`I{4X+_zY-8Acy`^@u!d~g$hldm1SUg@Whcozi>6_EqFz{P;
z<==||k#5J9u|tgJol<37v{cO|<Qz~*x62CB4TVB}n$K{>3Exag{W7>``u||CdQ5bf
z6!9Nt_KWnxef?kl76#2?19CTL>Go*(*6xvf=jVJTGbRG7ib-9rB;^u>88O0L;X5}4
z7-@}iJ~eAtnyLR83FtLl26v&7B;x48@{hV~6T*2N6?n3u8a6Qb3gT>CsNyi85%$_g
z!}660iM#%L5Si73NBY@Bj>tg1%!Fs;rcIc^DnL-#_$aw*(<#3QEA{@7^mE#rutf7(
z<D}{GXFR^}++_yk2wTBT(s*r#t5};S<5sKrHW}8Z!y2N&f~+V4)`!n1vzf%U^}2*h
zE)V2<)}cT$PKru+LukB(+aV++mdkDlN{aQ*qu3;-p7bIm;qmu6X*5!*k3YXnzZbE=
z=KJ^fOK2O^pfB8|S*>*_WtcH*SGZZ!Y3Y~;crJr1XJ#U!#ZrWKcSK%K9C=}7qd?yL
zPk*F(yzZknZS=~U`-~3S(WOxD6Wq*mXw;k4F9@kZ?@xbeGjza*K=#X2uh$yXkgoXn
zn4-wuWI$#S8KXEBu54LkoN3EUa6A6X>(9XZZuzAS!$O-I?E7>LzW&lE6&FM*9k2N1
zuckjeTRAasa@tVFmZ7)Oq9MjnL%=%iY9Cjq-=qt~k&a=yA|GB6z;`zcEzlM%8+VAm
z*+^;C^F&93go5kdAJ}IZy8c`Z)*jNL($6{rzwZPtTr)$tsX@J8T)O{qA(1}?ayD4M
zU2~>9%tV=cFv^bxnH>B7g&A-cP;e~rCiL0dXE{@t`9uY|Gop6xAP)$4qhxCa0Ts9$
zVS80!keQAH|Jx6C6XjP0nljymgdiq7=*=)~)%5=7EL*Ps>Ha`~TXh$+uLU(a?a3e>
z+|3lk3Dk-+FIV|N5KCqQCKS-qY=`$Rd@~sHSd~5CAt+Q(k#H@PxX&d3*>B1SPTJVx
zT-6_jBVTx^F8<5I`e*;Rhh9a>bDYTSy{wHOR`w6LETIq^&i@!RQe|#gj|lW~-J$z)
z=Py--x@#48>c>7_HQp`VE{1b+*wp<c5wR@<V-roNr`aj@|GY%VedlisWm@SKHaDce
zu`GbSMnglB@~O6Y)k_<AAZx(=KI9=e=H(5`39HWUbuU}1EiJ<nsr{+1Jx7{bFxaY?
zc)1-h!~ZpB;+8B`e9TKd8}(XzsXVh8JtSx;v)fBG8aNl42{$)|O~6=3<T&h+@C$51
zuh=Z>#-3uE#xJcV6f@W^I5T|N-0VZY;v{ysQkZkzUu9%ClL1F<)V2P|(Mg(PbGPH0
zAJdG%#OGRUd*7>T?C!|_=ZQiC?Xf!rG9NUF^X|0>ub$M*lfgX)l@BF_UHMp%4Ud)f
zd~z%7B{t_8f4<9p!FKgNP`{rsPgst*ycoy&$*A`^uDR}tcIUu8^RKoj*`$^KvQ1-5
z>2|Pf7A)<Y&(TQd?GcYn!X?(pW~|z+>iC1+SrqE)|320PUO@1XqT(ItWqO!YV$buA
z3&efCEm-|U8bI~|$121dTKl|#fo}PaQ~iGr4GIg+(t`}0_%uezs<SBmfGBgcP@S;`
zk0{NQQ`gHjKI*e8(iYJ}FtrO+ZEI}vv05e?0oy|T*x9|+ZoHk>-#=Qx5vNS7h|e%o
z5nqEZHSXGWp0wS>-e>t1c!`fg;{UadYD=S4_S6ikf=_R_McVkA>L%!z&D=T>aOExl
z4(Paf$0<IBz{yY0kU1sD^#XGJi`gh71}hAOzgW%g@N-k=_jb8WdTlGNm^u`c@JtJN
z>0YMM0`W`92%K?A{0p9n=IXp}(yK%}_PDqP%cOTjKoX*dxQYiS+(rsu=Nw~BBpt#d
z@K_841s+rjOnFaki6`lY`QvvW0dA1lQb1gPV;0$%Xl)_bZ@2v?jP5C4eU7!8Yi?y6
zhCa>>0!1p5?(w}u7q3&Oyr#;CX~<}xhg0tj?t?XC&97=?@X<5dGIEnZPwV?Q+gq}R
z+k0EGv8p&O(M0;4OTo5vxW+%mp425*9c-iT^Paa)rVc`Z3oK<Tbz&g=TJFb|MB;77
z_9PrHqFr65{I*M3&HAdMDBdYHu$xFVj!>s<d}$>;EmG>Y1Yad@d9;qL4vOvkAJ#^D
zzhoA#%PKJ2cXX+=0DmJ3$JhYrWUaZiZ=JZ#zu?dL`&$$ny%CBprJ<V3>?GWFfCUFN
z42&t`{)LrEF^-J|=zZ(v)n0E)2M+pj_+fq+lI&V5J5-<3cHmM_?D9#iTFuIkd($$8
zQBR|ATxMRjx2>5}wXJ;<Z=vq17yWfdc7)9+71;9Q*F0hF&SS~0p}>N@C6v+YA#I&Y
z7>@NWe<2^qy}QdK&gOw<WOnhAS!+rNV55p2*LJv#0Sr@UQ%E-Q3*L>f%i((*%-F5a
zx{pFIF3DV2eFVrj$&TlbT}rr=iKPM+@@0iMPS<;#6eI5}TEkPHOT*QxgqD0k!dPXA
z5GYPF);9UIqIDnNe9@*!1GZkrnr?1cUKCmisuaG*{pq*Lxz%Ihxkg;1gG}<WOJXSv
z1bxoIKPUhu9ESIIB_l9X2Za(c;!33wkOQW*hmbejE4m9mHwmcG5qR=`wV}EQ*7Dd|
zIp18$gr+trZ;_Cj^_Hq=0h_q3pK&hAR#>;>T1RgN=_1B`8EaLun7!whWxr!KU)7J-
z3F0ienMXe_2C=z6v62bU)P44ipXY^OV99}K%DhYA-(bbtMa>z(Lk7K!*_ia3FwhGm
zg5YRb4MD~mvvw`dyBS}#;R9BHod_y57bmJxz6R3v^V7+R!-6u|b_Hz7AcZ#hAc8L{
z-DjtI?)w3XbMYB>hvksFgt7rzu*?Xq!+gxaF+YZBhDXc?ny*^4i4cHUJmWk`WjgFH
z$4&hL&?9+xGtppnG2qeLPwN}sp5KeSWO0B@r_^QFT_MHn;jj(&e*b(Xfnil|fp=P3
zYUQlrucct#<UU>^HNrFX*HC}Wi+9565FTYO%!>D@Q%O~B(BL)W`Wnf5-Nzp}6^|Q&
zfM-8#uXtY{HGR$jdXRc^)|MUM`Mg!{FXfWZ_F%)+yb%eTKV<4ZJv>rzA83d7XZxwp
zHj^?wguQ8mLc`*8%&j}(5rWTyAn!LE@iHVI6)g8VpSk!oV9tp|b9N)aDoddW<1K&>
z9QO}Wzz#8s;do=>{FBNu(kb(C)$W8vv_YfqEy8L7T3b~lk+Yws_bMAC<~DRKajG~A
z=rALG>s|39vL(>bC+WDQ%erbcTtDu9o>=G9cD|CqrtVQD88CDw(FtswHk@XnvXgjU
zj8P%fjyk8_{dqE3zUl|>gJ&|X`>ldv^K6=8<;1RUndGp!sWxGH5Y06E$49r#6t?()
zFjz|@!G5sB_EXH$Opo&)r&nkwD6K+{ljlnoz#{*6ca!IE#0Fd!LPoLqN|w_0bsLhp
z2Eu!WI3dNMHwF#O(>3wC@O_mD)pAMuKyBZO>ollukszOO0cWQa33C3#u3L`0Ts!72
zn-F)NNd@s9N`41SRuYsR<pa6}&^3BJNlieV_R;?ANRMIFIW@#Q!Jn{f2nfZH>=)SP
zrz+l$T{)5@gjonMuQDJU{z2<by&xb+;DTLhGy8naN2n%~p3r0mxaM0YEcXYkd8$I+
zF{_!Q;$Kn0LrcM-ZMtJ>c_#eSJ(Zk+?lTvT$Gbt;;QW(+#E}M!^caz@`cVgp__OrA
z&A5yhY{t}~b6L?9k;vbisvOxj)%`@iOH77Aeo*eh_qj0L&9`l#t+j<>_X8!VG4*sb
zmA?0~n=YAiIvgVU+emdjfOxJP7#b~=oMMNICj!xcRCqy}^g|f~{x0TcEkzsZ`=(e_
z3`Ae+!4Ou1a<#HTPvEZcUYU#q)&$$4%d=rU)DUi&vp$EmW3RTw@3U#k>9+Do_PV<w
z{_ye^Ih8j9Jrgeeey6TahX@9VsGL1B_e{8@SCU`Irb6ZBR7Yr9k1_w<MGB}XX^RZe
zGmy_Ad?DrgHXQLc2(XPIO)~oq2?+s&!AfJ?x)Q;TcBX`Ie$#!@yax;#hWt0Y4|R#1
zpzadRjZE)-sP@_RZW%77=^$tU>Al-H*@&2NEpfAIEmv~|w>mI2lXakYb*#%<;ua;S
z9$c>Ty{&xp`}YUr${r0dZ8L2_%qI+r{=KNMjHJtK85tYIf;!tkzDF&$ECW0;4g<9|
z^uBuuK)P$F6QT{VfJJaMFllSLWJ8OF7A%?;Y^YqOt}6kT0|Z}Q#ZvpveBIfYM~KX}
zl@;_r{ulCan8U{i3QLodlQN>v5Yr%R`-N4+Hu4=%ZDC5;jjc|)SSOD+@iYlv@$J#v
z$#RL&lENY0z=5F9KBJ4nSq9zMQbO&Y_90A~-2q)W9)BX_3)I>$aZB4BY%lf&1XCom
z)&E?!yN7Z|(qZaj@h6qz+48K9UA)eyz)<Z_8dJ$xUzAyjkPkypMYP<HDA4Y`8k6^9
zL4fVq!XxuruVmTJ!@xQM*MWrVy~jmtH$}Q9{b`6qwb%!b3MN0+Wxj1h&{2`rt=o2A
zaPCB{_(NoI;Gx%8lYfXix!|phk510QHFYo`(|dhJ$u-5%O?<%Ynyn#|E+mN?*cerf
zdrYURohiv!Jp_2Sfz6$;IrDw&{@2$VdJKSianyV@GZ>aS&#THHm}vh>h*xku?Z%}D
zMG9IKEi6<GrQ3P5w&Cm!`luh;DAO@q4>fWLXZjL-Q!+1ZOvr}{)^}q^K!v~sc@6<1
zPMiKQb%9W8<WF>;#H$4fR}KXzxlq$){mdvdsxnEsAcP~&i-AT@6I*Xwy-4QWB)55E
z9-XA4%8uy}HY>8CGH?)@SjaQMnooe>EEbh-8+4H?_bbPk`567&nkyA^C9;7^<=Ukp
zso_!e-Q1rv`X?z7sXNb7WYR77lAIHArZVaWZ{W%|>`q@Rny7R2nFKRF1vjoI4*(kQ
zdDVXVW>n5e$MfzGwc-zv#UUf;6FBZ&M&;oiUlcxa9QJoIzr%`F(}2F)%~ET4?~r+o
zArSP(CwNFu<`UdH_*|0<ME&^+XN57TQ}q8K>scl~*iRPoCz_g|g+4AeHyM$6r3c^^
z`xRrNS+JQk*Bv*0g^}Iq{jChP+^vxW!(jGZ#SrZobmh&QOJwFx&Pohc7cyK43TC2c
zkrRB=B*qJ(OM-C9&3O_*Sy9MBi6fZs=jSC^aW}1W@O&DO)$;^EZhgRFlE8d&R$sSw
z72$b^HYGG>o7atruzhrmaFvw#C~SO@nw4g<(wRs{qH=Jnj|==!Z1GQ;<FY%twhf5r
z96lgu99+z77)~Y7?$GU2R(Y%v!T0b;Wj?HuXSH3RTPt6Rt+LXIs~1p#U3sY5Q2lRN
zPrBVl(+G0}pIBmLF^NF7!h>zc!_Z}B@BgG_$HIOh+vjPAaBnO;*`+GHAv}P(TR<J&
zr!XI@wdyY$9BzulTNG^4Gk;REzp`Ud{#;XU`j_N!j)zAyR2hd1Wjd2)WbP@)O`3oG
zKS}l>tPs-1TzcK8m}8!JLX2X~&L^s?Uuw-clW^vIMs5W)k;{R0a*&<iK+vLP@Lbd&
z!`EV@A<A>TnoulQ6;{7cqG9bDzx*%hZtsu9h9fTERfBFZw9_sE`u0xC*4JaWr6$w=
zT^?W-HEP#Q+n2(?YoI(<AZ~6@F0Emx#98xF8OHxV<bnfC$d9GlX1={#FeT-#(3hJ(
z9Km4_63b*!cxtmO`RKjE#ka#jY2FEIKu44vA7srQusOXpmu1dO=HA%w`8=sE+p_;j
z;6<_VzMYYN_<b>v(u#UqzB=(YiGj$1?&ZNPBl`P+x5<#t49jnpm9)H!<c4rr4gz#W
zi6`tx@R<!Kz;*4P{>MV<%a^_lPebz!L6Z8Jci^VExt7iCCJw&6>bo_YX@{;L(__DX
z*oYsgNR2Q@7=!&$NK>{0(K!O4U-77tlyT`G#f({|iSx*1-@l%K0|CDqsw}+~Bol9$
zflW)68REq?V2Y!RJr)fqnv65?GCLCdWhsBL8K@*VKkzUmCrWbj0=&C8MfptdxQ!!r
z7Q`xE68)Y>Cp3p`T&to5CcH2etJtMXf=Yr)4CJ?$)3CKhk2}_>u<)-5GMW+o3kSv2
z7rb|bjKD(PH+PAFPy@K6WBfxoErvkemobG_e`}A^`O!fp3*FbF$CUG0fFBw$+dj#q
z2-iPsKs*_Z_X<YeBsblXKmNExt}H_SR@J<L$=iJNgx{rp-mm@`FN8bzQJmy+*Bkrs
zLG`!FW8#4aqnoxy%(ePwnO0f_`*tI^mW{P1Cj#K}IiNa-;p!Y=jE~Ri9BA-3*CEZG
zl<YbCteGI}=B7Lj@JPp`!g@WRV3S<(@6#Nu@qg($T;p$r_?E}VHGVEgp@*LIvOmk%
z!r~^gNzy&)ezc!V$~Rc!?Hpby7DJ>%?^l)=#!UVjgpW-LP$@)d;N4P%xF)m#kxqWW
zK9m;|L;PQ-ME`H`r~hT}@o!S2Bf=w=Z^i|Wx6DuTnF+s~%cnud?%Ws7TTv$nXx5Hx
zHnj(^0Lc0vdAf^>#NfF&RvV8PeG-0dlEfI}2s&DS#=EOaNIDK9b5E65eZ62Gr(>vU
zL>#tv=c7_&3gHKs><*$@r_Jvr6%AE{uaz8+4$-V_$EjM5*zA8pSOCvIyaFCt%~oEt
z?6bt$NH9m|AOxlloi6Z!_+`nk<i*zHO_MgHwsU0-^Ol11Q-TML_QE5WT*2UYZKX<_
ziVL^QlyiwB_-tLvsVK1#0mWVuYuT}=+1f^_vi8z^K#}pe{rC|C-WFGE-DCMg{>@U8
z%L!ruh*F8ZunuBAnv7i7HpG@Vuf@2Zc+x@Od;Du9Z}CbJ9d;L&NW%@p^kxZcuSwPO
zO#2LGOFluLdZI41l!Qs!NsVH~#_YD+Yg6A3Uj~VFHY;QHQYQ@6AQ<nwPRkwW%*2gK
zi;)SO@TpkJxnOrY4KdBve&%S6&P}K{obcjG+-m|F^Co(x$4BsG#3aRBBVyp*986W9
z121b425|_!DQJt8FSu?r{aLe=;J0uAPD<%<QyrU<KD*<<B&lp-GT`!?z^}Xq>>3ni
zhix;d21FvDE{EW!17hjTd5&t&QR5svb7rdv%}6fBPS4xBaRvp}f;kb*WO26Trz~!b
zBVbiKU2cbbXY(iWCVUN-00x=}8zq>U)><uNNYWGY2|lpFsLs9~5pmAzX3G18B^fs5
zDJ)hta#rJMikUDx1b{Jgk6kX~XH~c`GA&ZX`8XO%>Aqx|G8utk$R^P*(&->Xz>oxG
zBBV3`;m}&QA{pPq2KnAQ<kD|v`J==Im9~){-H#>E^<o5tuq$V{XIICfqStI?Rpx<C
zEAv6YmB3njr7NxF#$%FBWz0hB6Rdso0Erd-^|s5~NeHnJz?rm{hsSCe7dsBGp96u!
zpVc(O@|=stf+Itg3g(>J@$aSi5AwYSiCBqLrJje@N=GJ`v^2G&>V~Yn4AZXdy~>~#
z9pnNFw|k_*-X=MQH5B%KcjJ`Myh+aS>Lt#lu_r3arVpZ15zOKpwhwox3u@sz;iA5z
zRbji2C+XbEy3^=Tz8RXdHflo2E-wihSE<0V&dt9hP<^L8p$aziQe26;6<q>cwFFvM
znC>d^?be|j2@ybwhD#EZ<>-G(buIw39-f{zO{bGN4p&$CS4r`%zXqE%jee;v89Sj4
zN5I|R@G2^WYI&4ueN%?#;CNO)kZfNlOZ(~AZR{}XmNW=Yk^cFms7iq|``ei<At6mN
zDXFxgSzVU*iiU&gIpu&j{AZ&ww)e6WZ8pfJMQoJXH4xYB*O?-uN@qQHy3jeOthz>X
z!vhW<2u%LYwt5!*(`h(`v$>-4@io~G@QKT;qa4qLXY*wV=#6?Le4Kr{EN6f>izT1p
zXy=|JSz8!=r^YDv4RJGNo*~BJxP)Y9@kw-V<X5RGNY(-DQyP`eX}YU;=g^CXGQ4gM
zngVe?mc5zWt`(4c)wpt@)^rX1SxuF|n^C&F4RaMtqqS?$ytPWP{T&Jgd2SyU&Hz$6
z2G+ZKEiMu6AsIxi`0G6e9>K`8TJV^r`-I^7D0(;N|02QuB18enm9;BqymMbToRY>b
zqg0eKi-;;r0d+5xw@9vyc)JI|X5x4*a8q2~6Ra)_rbljEbe#M(#6i=*GqR^hztk#8
zA~|IZ1s)ujUawiLYQI!1+X!Gd6W`@I=@Mo?UN6a6wB2^pAtg%QoFY6c_BKe;Y+;6J
zNCN`8pEcrSTTmErJ@?+954Rr0Cs)uZYsm853qH;~5jN>R-`sRc6>E-A4Yi%BSaMvR
z=5D7adKvYg#njR_eYI)7SHR-&NsC2)8vy;i|6JT|3XTD@DX(frz~ZfeCTywy(>Og1
z+$43_8fnr;y5dAM`ywb5PT`?fXzsxF>+><6M@^fS+P1m_R`o62Cc|g0b^dyjgSP8x
zS*tQ;ze^xBUnMEC!?8;7={CYag8@~9c9YUdn*rI$I7o@!J;%Dd6+lzQgrbswKu=xr
zXnqG|KMHGZsEcz|UIEj7-HrAM8#M$L8OqAn_>B_{KOgyI4eWOys(jvlVK9xBd)6-T
zalN-0tJ}sixJHy?J0Fj1&%Y76Z+glKLPQr3qU)TrPSD5q?keb&j^(6+=<jD`pZ%0|
zHPm|oyJ*=G`!Mgg$s4|6|I8u7Gc=lya4+@wyk*1s?IJ_DuVDt0Y|--YWN5)iNtFUq
zHWv2l1uRciS-6g#yv_j8z>o#=@i!bKs2|YnC6f_$1L3_@lbf_aKi>qt6o)}?3kdqc
zt7IjELVOn0F~yHm(@OjKH4V^h@&|kfUm1`{k3!1fGltRK(3raUahRBwgA5Z~$UiGF
zJ_x^3z(WhJ6=MGZ3RJ#?kc$=@dd@4)u6Sf>2U!tOd{-sh>i5=EItQ|3=hwbn&8uhK
zpAVT`eKq9wN=7XShN^wX@ezRVPfKxpt@L$imU=SE6;~#ECytVw^ek4nZ(XmhTqK70
z=c6gE6d=lrVWt>Of01tr*_#@e&g*Xm3<T3x@WS%{R;?VX3Fh^QRx#rvlJo3%+$gLa
zyd~}$s<ba>7)o({=)riW63C<6lk>s^lli5cxU2b;qi}7S6+>8zlw?uCCQ>!nL634U
zHT-)q^JVue*=dwT<cW}}iZ$GN?+mXk^c38kH!1@wD9Tf=@8}Tch$4l41-K$zIpep<
z;}>hljX<(LmIFFQfsizYA)>jsHz9onBseqHR2O>nPG}{V;&29p-sqsQ7D(h^MMLS`
z?AE4n8}T}~uaYMG9mN%)jJdarfItPW_j)5ypyBPLISvNdF@;LVKEC!`*-bV~yM2ld
z$}BNsmKwf&^OdAYlLZ?LCaTxd7Qyp0Yfh%64GjsIO|vT0!6lT}`nilIk?+rA1eJ*h
zckAFfk*d0;4nP2;vV>Q#x)K5}K#6$XieE$=^kXPUsz2a+I3a}rf~cSxexJX4fa7go
zP?0Rh5w2U)a2ONI1M!!A*<UWAztA+W9Rb0Hr^)H_iuJqLLlc0EygARxnO9^)8IfmF
zatsfL7ev{Kl7eb@YC6&-eu1Ip(!ot1`hu1M^cM86s=Q|1FfEtg&LN`Zd+ENd;o8`q
z$~&k%DI$Y)L$&Oo?FsBb<Gc>=loZ^9dgC8Z_0Imj2tkm8wn>j|^)5O?iYBxR3>2xD
zW1XNMo`B6@$Z2iqb_k7;r%^+O=f`dH5h1W!f^g9Vb@!+vL0>~s-orx3X!<<BRq_2I
zzhE@c?o^ayJ+@iqgyTX`W}=cTpXyjP&)Y{LMQ0#4x$wbXMQ3s;K~}gFN>pU@tru}i
znxyLZEv&D_o6;up=y7Xfg1IcZL>P2m-PN4Al>(!S%_VC;DMbzK;8c2_qT_jBzfClR
zk$zPlol$i6qs0Qd7al#Ni}_wn@S$Z3%&-7zd#Y~v^wt#q*QTHS;dpOUqDQY$uZ%BZ
zvY8d1LT!h}r=JLSXCo*Qlk{*120f`;;Kro#qGPfOgzc+IF6)`VnnJs1R7NVW^iM<s
zetI?TK3BVs954$n$`!PE9$=<o5_~C=RIsOb@Om|`x)cdfFm}42Co0Vui_@U<1j(`S
zhNW$SU((08U2M;i*Y*_>+z|xu!Jt%}Vag4C0cB6Hb3~<p6@fReG;IqSTT%kRvaNvb
z!sqFpFJi_`Z&89$Q~zKEPm0ou@Q1Di3^jVkwDrwMf^W3lmt-p*KjZFga(T__0nq*x
z<4{QJx&xzcM%hI}htaJ`?XiU$zaZQ4+4mOYw+hrV?n?d(U^*!~tmGzc2h%qOEU32K
z#w4PB0re7cOLkJBNo`8nDCC%NX+xvi!t*AI=qRD}^d?@XoZY!Ix)Y!&R<Mvf7HG4V
z{zqxO$oeN9yQe}3nQs}GAjb3dTPfeO4dM6JNt(3e3__aV4>gpYziAgSH#JeeZp}hD
z5zHw#<1K=(0X#tWON|F|GF1F(rKJ7X1~e=B3x4J1w!N!^$xVDE%-N4BMpwIQN{SoY
zPF?7XTH;QZ#}tp3Ls$WFb~tQTkE}w|8iz-u+kaWkF*5vuy%biRw0zk|Z(n;$_R&6)
zC<!c{%poC;<+tPrXpZWvAS1uQDwErOa&|l}`s;5@Hb}dm`d;C{J%gxu)gqj1bjtFG
zCgbVuEe{X>G|x?8TmohmmDxp;Ba-~zmq85^1hvS?ZFN(_#HbTh3uy`4m#&lmH!YH<
zK=EKW?FkpKfvt<s=%E-WB9R48L%YGc0^d5{wy(Mf!7IfkLVo=9-2~VWe5c;HPx2V1
zLlP5x^0(p&0z8Ql#ooO}t=)*>v{9XopKDv^6b6yx<I<tpK=(9DALo$S%&DQry|D~!
zyS-pK33{;Oxn9_DPZZ-a!|Y)Nd?6U2v_vaUVl}^Kr^u`3Zuqhot-!nGh#c7uj&Ck^
z=RN{&8y`TXbZk!<F_{%|O1r2lF96wPWXLT|EvD<}KJYrjR&#^JbS|;adhGusKiX)L
z^>(!0Gn&wI1FH|eM?tNm^e?<v&ve=pX@DJ%hu8qT*~uSy;0g{6k>avnkrXQJR*g&W
z-&C6k1-yFuw}`!ZG;06>iSrQ02L9hP*om%;-~>2lsm~Xc3q!ZyBp{l=jmFw7&rN32
z8MTvu_8!6lI{a0CUOgntHXGh@Y=9SRJo=*4c=V~q&=!BF5hB!DGce)9E^Ba@INGaT
z;mAlJrAs^8rcV{U_{Ni=j+U7ga|75NST(Hy>|+5Sxp>hRWx@16ydK_h^32foMlEv3
z$tF5{Kx5L~9(oQ@X1%Yg*4Q}&|8j}x9)p-&^*P_GFS+8%;D$IRCu2pe7y^iD<~_bt
zi(SuRl+phVI-G29`-!)tTYCQusdjq4fKIWLTE*5X`^%eyYPru$_=SMXk%ptCX00{9
zv(^U2?I2#YwE5kYA{ULz*|9I|Q7#b%ZszXeE>TR2nHJd);pJa4LS(7n8+liv;}q4@
zVP9B+65GA=>n~BjyZ8;h=etb0{ch5&3xp2G9z}z0THgBa$&<QYr#THVUeoUj$b(Is
zi!!&G?AnR|Ez{{RUI|arzsadHRZfXX!@SSPnN&W}pI1lp!I90{3^O&q=bc+mwMvU@
zLUul9;od!ksRJ%F|Lnz?nZ|LZ=SVtfWLJeJ6F*GP{s>lKeIx?X+AI#*A9Mnb#ehHG
zBo%ub*eU{4+_tf4=uE8{9t#zVATrVy$>y^I+B@{Hkik5_n-)l=_|jV2`zR&8t;qF7
z^jIWLwXz!r-*LX9guIHeW4-3;5)Qtd4V8OOsoS=V2S)lBml85mh^!{ReFk(-<99{H
z0G*%OQ)P0T-oe~OuR(-=Q$Tt%s7wnp9$!NIvdf<kghNYpZ-=C<x_4a@RhlNwRmFM8
z&D#dlr0r1fm%gP;jFM6p^as`QYcvBaESJh2$J)<Ayg7Ym0K1r;KLl{n8gMdJMbFJh
z<~H0bS&oa=yv~qtj&^al54JcxlK?$-xMAwT#T3NWtq{A02+^KqNCR+uffH@L;_2LF
zY;Vs_8|dN^$QW*~5$3{cJOhS;%KIf(i!DEj(4t#n#)a2=v%{YII^80_YYcJ@RnsaP
zK#-ZX-sqJfXF|`sa#2eT{|G;{MWR7d3yBTNNzwFU#b2%`x3RUMV^K7yx$kmxcIUS)
z_BnYxy+$W7FJYx3mEkMfA-E(jf=s~d%ZSzK1g#1I!Eb!Kbs}&(?(Vt%=aKAFlsC6<
z7_pm+YJ9d{(@Ia*jn7li*GF4lD}>T+@sSJ+^xZE9IYsF^?*kiB0-rz~tAfy&bTc>a
zvw8nE#K#c{%BJ^CT&VBjLdbOPcHnQ`5c@^nnk9tvG2t{Z&{XwfZo(2cG<oMoDGO>h
zX-eB^ktAMsX(YFOoi^B1LLvVgmlh>{$CO!lr~Vl29JXr9B}|*`FPJXv+0n5}qNw5+
zAgpFd(NML3<qPLdX<x&Sy;iG$B4twbgEcR}qp!zEjl|PO1mD`wo}r@)P~LaoPg%Ve
zjmEZ?CaSlTCtjs-+d=>e;#Do4k`IaF=N?IfWHuWu((mSs@klF%f(q*Hd_$e%>+HG*
z=;pJ-a`4=oq$^Qz=VV##l3(1=J0;s|b-~>2Q<5kdT^m1kWJVNnvRMR6dPA)DR)N8{
zHt(dqLtov+;t~7T5q@WFF9dN;*|MBucY>QtJP$+aoqL7~K>^!*wsu|^VF17G-+o4F
zup#~XL|=mUo6zMZ8uSCJ7?!Ynx!DQkf@g@UCke3^Me$JIAe2|9l8*TE!(1ElNF^<6
zceFIbJahL92cwdzd@>5H`fXsm=O=QhZvTD+<|c+ra@Bl6a|oL{$Q7NMLvWlX8(~3#
zZ}<K4Mye;*fHR@-fyI1|Y71AQ1=EYi{7|sknGs+hmy=vn2%V!(94W0iPu;LLi>+-P
z^PPFSmt(tH7&ftstedv`U_H#09Cv%tyGx4<O59>|E{7B_MK$Y9Zt_wdzhuXN8}X{5
zp{`C$)E<B>-TS0%nCkdaOCO1Ika@GA#$X!=FSnljih*FJCXz*EKxwQKQ>!8l%J(r#
z_p#QU$g3*f=py}F!$35lwD{ge34O7#pjMd3gKb-FTT5mcaWRM>kduf@JmrHyfLg@f
zIF1SdX@K(&UP7WxrD#nWlLpzj6j7JHM71i!^g=K%@$~NB(bC6Fk8?T@)SqYKWxB~z
z<|s|$--L)B`W)Il#k5?(byAuaX07kc5MrON))?#@P!vSQ1oyRekB6G2Mg=)+zqSHp
zj+iw-N_068dbSFgkg*J1OAzC8?~MMN+OgqansK?R<wVYWS#indTEGNAYQ_}D+(XS1
z@%&TkDVz2Oq`An3j(c+-B=RYIjFuqOVED7B_e7t{$YxoIU3qL`2B+w~vW$Ls0Ei7)
zbgXjv;MMJqAZhSdZ5DC3Fu0LDNTo0#pvpZG?ijPB*RQwU=rPOWNYrdR6MFTK(d+XG
ziJ;ftG3s754mDO`*FqaJ)mT@(6)OpbNngf<{4?Dc$;?4<tH5cpGE$1(wG$0_wTnS=
z9?gRY)+Y5#riUs>Pv14eK-;081w0*LZ6KnCttR-kSRMYoBC)7&7A8V4ONi^o@7L=E
z@3&3NRTtl#@ry@OJZlGB>seQwVv!CzhX%S6zFqvj<m#9bl%Phadtgw_ES?~?N7F5U
zdw8D1w)e&?n)Hlzv5)V~x;akRog*Ip)s*O9Xp7nyxFv1mAT;=4?mZ1f8I#{3M2enW
zO>!A`;1Mie_%~T-5=3T1<p<rvdkoWguEwtR>TOkuQ}pXI;$SGn(DvuJW*$ajjnZR;
ztM!A8Ykov&ehgYeJPQLFX?OAO+yOTZ!Ac4!RMy`=R8^Vz4;a9u!g5ru17DOO2PKSm
z#efWMd)~ZP68t)KcsXBGgKxgM(snOOFNYRtHV|;RR1Xvr(oP{P)hS$kyp|y1)yxfM
z9oG?0wnX{~_ScAhKp+_w#<Z$sR{m!f(zFw!^A8lE!{9bU%ELc-;LM*dkjn;$2uR-T
z-8ERprMnaUP;0N=f_ob{&+7(9YV6#9{pC5$$gc(NjG~NX)`fh>a5i}+e`zCCE3LsH
z{PEJg$DRu|n?Cr+lCRgf${Q>j+}>=xtATUhcLE!t%~!yu=z&75A{Q=BWja@Vp-A+P
z*+Y~M!87JpI2`ldJDwvW$;l}fUmCVXM4~hw&j3fCsN&eYGp&cu=#VS0j4-qx89Lf#
zQubZ_SdUsVZ<qP34D+O=(dL9wC9`G!zzjOH#iTxP<?N#F2i*nCe;YoS!miSpSBXOs
zN5cG&|5k<kf72WSQBC8R(b1_(=t34)q6cYgS%kE}l!Iv#UdO2vJ|A2;+iUm1w?Nuj
zj0q^RrK=3`&d_*{2N9=2)CCD{z#1)4I#jxmYDC(iEl%+6d)SJ7&avbIC@Z4n@g_VS
ziDO_cc;kbI(R423r3UL7ulsK+tJQ`<$8p$CSuNbKQ-H*BuI-Tx>in~$uzd4IvU35|
zB$TPiA9xrgO*%~5y;)&5ob-v;{z;(QkkQ^3Su&(XL@Fj|r2Z}54DGcd(}Qe+2V!X&
zv*h=QhGUs3)}#5mG#cIeFdD5635?2l(y;TEB79a$jq)LB^J()K&qkXt&#R+>KHx<b
zgGz_?V{K$+yR+vBoghISI?<gW+GdsUg78|6ahTJ=v_y$&C7tm|VuEDCXNfQjTBD=I
z`c&Ip;jxH<GXS~-Gkpu54^8Nvcir-;Uwb)^2YO=JG7Uu0980m5MwHfQCC7CTOw1OM
zIgWWGEgst#5dIy5MvYKa*Q@^FBJ(*Ofxb=NruB%GN--}O*YmX7VOHIAsBz8YTDyGF
z44Vh}=~suk)|$_A`*f+Q+&~mT<vniW`Glhb_AG`q7a9$55<`XG_axr*Lej5!2b2;1
z->sKi$hj%xB#j;pWwyX$#FqkG?_;-Vh|*5gI8n#+gYd|`?yr@@g4@b98;4`br1A{<
zLz#S@JZW(PmDBgo6mDqo<HvH;_jm1Appe=5H5#mn?+HsCAtlelCx+&(GBOYlQg_{M
zDFnPl!=_4DOD6)cK9snr44jxB3;v~mj>Uz?T6Nt*TCnYW%rhO!Fc<qq_I~LZn51ho
zU!}jF7=xF|<Iy0U%ph=6ZZlXW6ojnU>|pGC2EGC%Q4K(eM&eSjSWHJ#WO^zt)|uz-
zmTA;Wu6ka`aO`FIZ=V4OlIS}h6h$Mj^MScnT-S7Vx~R2&I@VuwX|vE+0OG}_1H;O4
zk@37+D&`pp&f9bW9wlrnq(gD2-D^s+93r8Z^clR}=;;PV7c;85LwrwXDCYB3*~b^8
zNbyukqN6-FT6cH5YFXC3Kad<CEo>vz0DNi`zK5!KI&F=o`?crc5&F)uyDaV2Z<5SS
z-XA}IjYfcIv37o^QFwtbV@RU76`!sueTE<lrKd=Dise2ZBymTc8_AK1Y=5=n(s%s(
zrIKqs7Lf$0yOxuFWfDI-$OXnU77YLRy;LWyV)(oIgm_u5J)1}(BVe{%vruImU5-2Z
zUi$oZ8rw*n`IHg(a-Yfh;A_1@mHeyfTp<*muc^%DIrk<D+^1bo4*U5@1#$9Q0}%;M
zRgs7%Z5NUFxjJ@3WJ!axjmtSp>i`0u_y`=fgX=trxXH?17CR&Xj1~Js==Ig)w$*Fu
zm-;+eCPdDy(oNfoeZX?vDh<SIhTZT!=7lfUYF3ok+b_(V_2Or^4M3NbN7&wulS|x+
z<dWU_m6GcgjoNJ?4)X~<fm&6TuH)9AzN{+s9VT7b+gkG}a_36BEkcZnz$Iv#_A3>R
zvp#g=&AyNplwX^vTrL#@MZDlWl9j^t*&Uje?Lqx{uZ0%t!e7tday5jeFw2t~pgI$f
zg_1^=ZCMB7?G8aFtd<<>H%u->|GcUyUP2fx^6zAI-jD7P_j=XS<(jG&5tQKps~#sj
zD{N>jCmr|k0faG`-e8GQt`qLNF`p-r!VLG4?U5uoZC<#D7T){AFFdf82$;uRP$*xM
z!f&HrgAmXxX3J8JaX2Q9A<LRah~8V3&Uns+Db78;Pv&}mT)a9RO)4iCjU3QD#kk4-
z?HB(t%w{sTTg@>#dZ>or4tWB-t`1$x9x)k08G$&g6f7|go6XM_V^pj@LpsdwRlJXv
zN*vD*7sk(zH%Y7Q9w2*?Y=|j=yqUAoMUrqi5L@Z<-WJM;j^65!|9TX-I6Q0XJ~95!
zK~q<mDv(JqTlK!TUV%*n#1&J*(`q%z`wv`!=H|R!nSZ3!_)6FL;Ba>}r+c*ws%Vvs
zG7c2}&G~pamC*Ex)T!^iSYE3k;RHuyJNkqN%S+qChcY5Pxl!C^^o<S>67mp194Z4Q
z?8r74RH<51tX!I?LDN<!q_qP%7E@b&j<0-oAr7QC3|ir|C?kv2m=M3VK%?FwA3#VQ
z`F?&N^kA{Rv`oELlr{|p341Uc>kD(#hmk_a2=}LR;K)pB%f%=cu=S)Pu0ISDWZ!bZ
zrR{J?7Q9MAk=+Ib(VLN;L}I-^`{D3AmE{UrAV6%3JDqboT4?*}{$#Gu3`WOnoBi%>
zr5noLgcw1BV!mWPA07#+cA+dDt;?c$p+vVIG?~xSgJO;_yn2gMaiZ@p*8trt{?{B2
zr@hW=t9)-ziG_cNT#gH&>@${CyzFooYP*=Mpc^ctxWB;T@+%n5^WrxflifPM*N|P;
z_tyvB>fw|c9~03ku#KxN2njOkL_pAOH&e}yrV+FepBM$#MjJe7sy2Fqq#&Wr_;kG+
zo8ZkX{sF0)jAjvRG-ml)wF|L()X#u(<Q}g%9NgIL<!UpP_+Yf|;n*kHgnjXb4%d0N
zkn_0a3d0lrOC1h)AYQ<I1sgl*Pz);JQfRc`8xw2c#@f%AzZ<QE>a-rdG4rLS3SVrE
zRa*mA!}fR_(1y9-ZnSOf#A7Ll{6CUJU~=JS4(u+m2J_+5s{=)%#2Rz&Bijik?jhWr
z3+i#}>U#7cFFXfsv9Qzp%WQviEVaSNTz~celCU{oOz7`I#{cOM871aCe0hXF0ugoL
zp!7KTRo}lgC@&o{j*wOS(-ZU_@7tdj3K5rW)8zDyN>HA3{prLJ`9GO72?Bte1X2^!
zI`Y*+h!iqHfSP|UApa=i!!5Ny#2`d~%pfEzMf9acX6ld~oJ|QzjnT=nzG%v^zH{0L
z%%>5mVxVTpGb5WU4M9~oP%!O_#G*ZQT9tIPSx0`WawIcxBFg-%Lku_iNF#H#S%cr>
znm>@@Go}yCA;>p+TL!JBBG!Z~(binW;4aaGtootPxCR@S(=HY-*hfCHC3*e~O;<MR
zWDxa<FF7GBF#>q>i&SgwoK~ii`p7+`LSnc%*TkD1eW!mmxuE0LVIK@f1;}|r^ZT8T
zNHgDOLvbKWuDJ>!UxKs9RN1Kqa5E~<iw89p0?N7yGNNA|opmqQ;I3;}7?!Aq5wb+3
zl)7%5->^RceZdj~Z-eQ@@FpIT4;LG5-J=7n5rDDj(kZ04VLNH0f_2L$M1{k?o#&})
z0$(ssz-z2IFEe$7<8AS(W#r@DJ1@yDfI-L$vE-drE7>=n)Hot5*V<^wAyTO*9G{tZ
zdxLfS=MRzPVEwQ%WWg4LBYJRUSvk`8{`;izJCP3cE63>HVEPD*@_ACwEZ_-PpRja$
z!J6`T1(Sjv@XXuODI`d*g`?JNtNL6vyEVT6GP?Zb%;X8yz+&5lJ&N<K!3A-7CrF;y
zm*(B?CAen*{bf3>l16(~|LVL;d%Y$J@|FU|@vaSSR~jTzf!`n`TE~)WV~jv_I1s^4
zSe`y0@Z6*odJ&_m?bX9rld0yfm?VwgaaiUz)93t66~_VFHxiWZbBw)FI#q-8T@FGE
z)b(A4^J^;1Qa|S0Sve{-Qz4p=LqWxFsYLp=yN!HXK!qWF4vF`D7Wx!`h@l5$PZD@u
zX`!uw^f@`5(xag1M!x>_N~6g$&a>Vs_m^gifYQ?qW|f2VyC;-S&o^POgN>Oihki&~
z=axUHhHp%D&iV3LEoxvfyG1;qFzNwSo|{Bqy`mWQux?jGE8=B)6D_%Xkq#j`y-D9^
zjkL<Vr(NBCa)Iak{b%2g+OH1u)<LAV4l&5y2TLuqhLh!*oyxp>4Qe{KMitWt=vg`-
zH^r@9^+jGibbZm}dEClbqXNl<fiK(DKc?zVy2J}cf<L~<>55NxzPjy2P$^y~NSsf@
zewm`c``(5f(6D@d$liPp3~_Lw^zkaM&gQ$AI-yp35B6HKj065yGz1nvu-*WtVZQ5?
z!b|Uas+>B*%l!2U8psei-=|0VdJ>bpuQDgSrjMO7J|EmH2Ze0l<~-T!F7C6Spg1co
zCajvT7S0sG{qPQRQs_?i`Eu6KlWN*Og`UmV{I3ed?_iXekFbxisw~fi6z<xw6!%y5
zOKMAG40@X0s6<{^u%?rZ1>JW&LMOud$vRPxhDZeWAllqJ-*QO9z|<=n06&ph_VCwA
ze2-md@Z_h^_a^UB)sG(4Y*A3psOcK+d1C%%@aYoKb3V=Ib?r`JvY?FmgFE8SI`Tma
zECzdL&RzhD+Ndp?YYOsYq)-xwZ#I|Pi^&S?<{>}(&V1G@<fSb#!KIgwAmLl>QR;(5
z_k*pA8s$qLrY+3IbD^BB5frP6jr6UvTfv=`8{_i&uI6ZhhJM;JLksgI!MG|6c3jye
z*OW8Em)EyRfRg~-59D$CP?PHqK|OkUdI`1+%ExYQv2}=@vR&lxMm_5W>uXn&!p&RI
zFpGWK<alu*0>gSHU8|p9ZrUql7lFJCW|BVye3bCWhu9zIe#!k15bH?j{=BaBr1{x6
z#ZLOi4o~N-XDc~WBK$9wlWBMcg-RZKox`~q@VNe<Lo<c6&G4icITu*{!f?j}<t$pv
zBl(pab1FWZsYHQC3u`#0clre0&1<w0yapmkJ!?anoC{Hbrp9X!GCUMDEENl=TA1R&
zbfY8Y8%{mb%IDY1O2=LRhFQYl48x8o2{;9%sQn1HzGQqR<8nllBYhmSMxS#tL(I}p
z$HD-D*A-)JU8%v10pnvoZF{05_7E-*^vkeQ7I?M*dJCzUSFoW3ueO8q^3}1vM;2!i
zv}F37<^sG}ONWQ`sd8*1m!c?cCe8(%mQeq8&7|bnL`rkRkCk$>ILJ7O2#15h-=)7J
zg}U_080wvYy4LlXz9Pki4q%xvlnqt(rR)1KNPJpecG7bekbVg5dWbh(XR0zssCs>G
z%z$N!+)2E>_VnN?(_FD4{-uy89MZcw!yVvg5v2Rprt0;zY1QicgX}1jfR5F(hqvZ9
zFgR7dgFbJ|al!Iu>E@|Suklfqws!iYH7s%bODqOG=#sO=SE6=}n3N~zjj@WNKgGS8
z^q=QM(j@9EK*F!$i1xlG8i{vei1;ns@H}Gdo{OUPslBHQaIl9ChgH*${f4#5917k3
zE5lL>0~~306k?Uf7^%^?;nUVTJKdKoQ=h#sNdO=v<R#@dDp8E1fBJ?R(7r1MuTRWi
z9)0U8gOmK~p-N9%Kb`S)S(FNL>=Q?PzD^pP^qUb_E5|j|QB%G|xm1On8@;=s`1@R@
zA76F8q?!cs4a55Mv*a4*8UPUWHC+T_lLL~Se!F{?^Xiu}oW3u6C#|gqycGd45f41H
z17Li<-1?IA5Y`MK%$rnw5jfLkWJwVZ>+OP3!K{GY;hrN`9-(SNKor#jR=IvUm9F_z
z8zg{VRz-OaMb2nt8y=b8Pagw>YWTfr`2EYRgyF9Y1xzY{G&Ac5(p1}Go5CZpn2e;i
zPenh0rY;<(sygVPnPsBh<LM;n6tj1SZAJ6;Qbe_`)t-9B;SbVfT6J{4rEvJj<7+*o
zwnpr9m<djy(Ay!X0ji<gI!~b*^6f<oB<O3g>7XTqh2nh)uwH?eFhP@)lBfv)QYg{=
z6@#m|fQss>%#ipTZ=0o+Q}b>491=Dmv0t<w1{v}(fKnxFeC7HM#_DU;<S%8zO_34x
z)PzrHz?8pW$_qq+T!{2T00`-}XoDl4AYXkh(cNR06ES23wP->)e<2O(zb+v0oSKnz
z_{+Z+ce$SE|8qnPBv@ksB<}8a^_<`M7;>HvF1xgM6D`c3Ik4BD|Nn%|{x1Q-CtP@u
zuo~<8kOp)h2kwu(WV?R>>UDU4xXZB-$8<Q0cI?oSww+F0q#2J-gDhaxckl59LjDb8
zpW3)Y&u*2h_$JP74O{*9?xGhX@vx{-k0sh8e~Mi`{Rbm^97kRqE+}c#nGtn9VQVU*
z#J);nvrU9#@A5FnxJCDRY;-ZGXS*lnUN1ky=lmC3d&mm@Z?&CeSX6zxw+#?RdJvFq
zkQOAQ5l~_%0b%Gyx{>Y{32Bf}LO^l^q(Qor?v#!p1gRMq*lYBDp69;zvG<qv*zZ>Z
zbY`(;{jckHp1;~9|He$um8j1S26n|`_H(8j^xS%1l<<Yu2))+c%DK@xWk=Q9Y?SL{
z>8v|0(dgBoLI@<{Mcj9`oC(E;U<dTxOaFPQ7iawtLE|ldmz1*(2gGI6qOT%}a`W0L
zE_9>4Tx9Njq=3QrLC>-IMXcnN=Yrs+VRLLV<%kdZ1^w%ZT=@4HdQkG(7qMM9J^R)2
zLn(0hRuNvmSFBs}X@5?*M5`=;%+T}6YZ4BYFdVX!3<2Bz(E^A-9F!pK(aTsd;DDoE
zZS|Z@<Kr7#8Zqc(g%J-hKS-?_lF*A4KZO?S)s{D%OzPP<-)t;5TatF;{Oj4@d`Mvn
zI9#Oy$1>H)Qk}e>TDzIt9{Lnt#8E*aA+*U8mg%!!@A8eeM?RVTMZU{=zsvY@IfbiB
zgvDah^z{=yoKK#IE2E`4kBXtN-0^Y)J*^7EvQD@2<%oeNSkz2Y`mQnau0!H{KBso#
zL)hP7j`Siaf1M>hZ!#Tk<;C@*XEHT*<;|zM^~jx)^#*vk28U%U>Qn>LqgJLXfH-Tt
z=6YoLO<t6N&v`|b>+E<;74E;(;<s*ejZD>*xueg^n0~R}s5&UTNwpxj`)rKbhdlS}
zU&jvMy~fBsTM7t>!4tnaUv0SVBv$RcO&~@WaDA~f)`#g4bK@1_Xx%-h&^jK+;hr-M
zC(|h`@-YF&OW-uAOFBI!G+$LUC;}N6jXl3nV|Ea+z%g3%v*HagsuquM;nnWNA6I}n
zF)_Q^d#MIW%X459v_7t(`l1%c_iVw#hL?!o7DnawhM;PvD*to((>N3`WMh+~^{b|G
z?j%zGAdQJY!lwgHF+7(1Y7^omspo3nZuuWdZtoi1p?t7eD|kjfuiaciuVA3Gb#YLW
z;TF9<=h!-t7XOxzH}CrDtaW>zJl{ffv@(OP6pvDHO9Bcr4Qsl-x<IB~_j6PvDZewl
z&L#shJl;zgZoz5PzTBK>OPrDiK8)4}h&a~D0750;y9aHJdR)5goy)5Y?$C>3A$}&{
zbt8~Cf3GVYMKhA~YSx+p>sIUKQS?1_O?k{)yiSV>tXcUdf#-$#(5F~bPJv3<VmfE^
z^w=D)7pxl0cy62xm`YsoAO<*MhOcb{PBh5X>-yzU+7p3C{&8r8V4RX70RVnY`Qu}B
zq=7h=be*Qy0$;Vwgks1raHS;xS90$(%uIkL^qrvpr6<=|u?B0gc15;Qj)Xyu?}FQy
zvdwc7g&+z68!PICMvtjqurw(#FX2;%`yjunotO1z6AJ3pI}g~NyS_=ny>)ZKM#3lc
zTIZlw95|=;WhbhkkS78T9WN=qu84Jd^rvufC};4G_yyve0>h%BbywgPz^-tZYnCJ7
zH>w!fLM;0&qUSW8K#Mdd{Jy76xX&GD1MlquKKogI@%^~1GwO%_@q41Ct6Lq$cqAo)
zise4uZ@|xiN#BVAd1U}kGiApZjDT)_X#DMPcMPQfHr`_guY9UnsLHr{n|Iq$Th|J+
zETK3VS&VNd=X)y&9<c-=V2<H-1QY9NxqZbW4y|{HPV#pSZZOx@qM;wENh>*IFt)fn
z1>P*gCl7w6fY{I*U3rD(HF$Qk42o-lPnbsd4$t#0&*6J9m4XR;u=6mFD5%Urs{Gp@
z;U;)^?;5n??B@nO6?_d1?|nU=A?v=NrT;xT7OxGR4!^$(<wrHI65@clZu|4(@JmQ$
z)Yh6AS(&Mr0C<OsMwastV1BTcqdM$WUS&li8VQn)AmLX89}RDPUcx+E1?F`Fqc0?F
zjRh-kyrmXxTBUSP^w@0!X4xTH4k}Q=3Xr!+Y3bz^**_2_K!pN`8y=e1H!b*oXqxhZ
zHO*PSg~%>$r=5EmCId@>gxXoIB*EMNlf}zJ{sOSRJgsm<A1sjxhN(^5jAq4fQ|)a*
zn*#m=L`^j{p&nQ8KYU?^@<j{p*GEO_s6$vPQd)?$6eP(=+?J8OoVQuZQdE(g?vP&C
zCK?7a!qsK@tq5Z+Pgq=S0gN;1bnB$et-y$5S6HbzUBSv7X$*hlpBxQgG0`{115%JK
z`M3T*3cmgqb=ZPE`1P9JOwshA(&nW?)Z~=yZokq6%Lr;qI6&)FnTJLD>WJB4&lzUl
zcmzfR5T5!MSO8?Yp8i@HnDOUdIy#jtDm)0C;B)FH$mpJ;Tu_}5AlliH-1Z@VXkpOq
z{V299c5ca|bCzmsFGF(oHsa3~wXu=u9wfw_5Zh$9I>-Ev7$W1LPQb7q%Q`LIhIyEG
z(e<yEs(c^{3yBE&Rj`y_lfH96t-bi=x>OAdut?~7RlEoQv|M^w`OhKW`nz(-7MAA1
zPEYa9_69yg7dW6uk93BtKiS5<oFI$+%i{2v$-D<3Qu6UK+!H^O*z_tF3=G^Rf%l4X
zU2K^b=nwI7<ZBa-0<cQKl<h@ivN8|tsc=M7wpj`s256=r9i+|cb;Q30u<RptWVZ!f
ztV`_(u~(3D`>ArDCLy)Dk7)v8rfX6manE55GqtND_O`TIYTFkakRZriG^WxyNZG6p
zhtrfVNyabxl-=ol8umH@Bqq>IkiYF7c2p;_+cSHwyuwfKt-o^Y7|nNrDY}?1GVsW1
zo(6l1m5V6+7v15P@&RK*coy5YWiOlyVJ@aEW9uhpqJ4m7Y_vkP{@>&W@CKznEIOz=
z0|{UDn&n$X%@w%S_q$jeQmz9=Dv&I%ELUFJ*yI4(q6Ua5%*QW{+`qc+1AYbbZ^6`j
zHiomX>L-%s-OsYlGv%%T71@c15^nF_G_lItk9*I0J1d@sW2t}jGfsFeH_>n)-~22G
zj!=?_eSTepn9C2K<9Y`j7kIU-!u;j@iax0W$ZO`c&T@N%`;*k=N8;w7sy4=6$;V&e
z;_X@7O0Br`tsLG6<7@4GUo82Q<<O=Xf1MsD(r2xyOjl^C(ghlSoaJKHE}*cTT4UBZ
z&y}uUV3ko0IgSpyzr*DC)6I>RbL@S<5nInmX<S{+G05P{j-UddSE!bf&dLfkE&dHs
zHHtEIR`3zS4+{+wL-2tZ=RFot;;_|tSwPp7<VhF%(Fk{n@5N3N7xkTQV{O-ya^h>t
z>^zD!n~TY4cz4D4R`W=8N%g+OQ;GmVAl0m;%8E%G+;@ZyORi}QC3r|1xEndrzt|B>
z0#qXGGg5p9{<A!U?f30jQ${xZEZKO)fiRSPoQ`~j;65Dz=BOu-y;sDY<RP9N0f2^O
zBo8Fy<HFkh(ZmEeHx2;HCk1(}X)6vhe8-)ub<L?5{mPvGgs*+Ei_m~eSgpj^FFJDM
z^*Bz9%#u;U*&J@{iD>n8A~*3`3_+t+y<ACaDVsaLgSga*COp})%|bW7Aundqa?t+V
znWyGP$+-0cd!M0Ukv@%u2%p1cvW{bKM?p9Z<JNoCQNZe^5JR?<y0c7!X6rM(yAiYg
ztn{oO?81tLyuh#VR5)YMta?9yri0_~cCQj!wcEemr689t{uc6LJq=KtM02<5q6HXP
zc1rCyJX~P?y27;tj*4VRdEK*B@%U+yE{CMCp%%6Bh7C(LXIC9zG^uVHGc`eCb5DK)
zpg@v-;TRT|PXT@e!v3ZAi6Gm}OdRe+y?uZFqy+|a5_eGI8vMOSvGKSco<H!DS^aQ(
zDp{@ahvI^+N*@a;JgPnjO2gAMq03bcunO@&E}0vP#x3#-vF%E-$6Oz8PY%_rktUp8
ztCQ*a;QBN*_V(t0{h8QDRGUp3*o#AH-z-*CNB0#uk5Q<Ep{LIC`i*ct7oV9P0JXZ?
zTjl7RJ2{4izyO}XxNgzjMI~q;e}vWVWF9T}*!O<_dS~^7C2JJaUCJbXI$Bbm*hu@S
zoXtMi*O}N6ui^1d8u8kWdO?9_vFQ4inQ9Um(9&WF?M6Lb%?wsQO7U6W#o<my5j=iC
z_@dS=nr#FX7jqNXzuz_4QBDcHe_3}o$1UqY1hw;<CZr)2GrfO3jEbi0>a~j7txPCB
z8p*lbY`qw0EJK#)g;ig=H0iR$zZj5G?4ij~WtDJv@`0fsNnZl*WOZl$toKn6;n8;f
z*RG4RfU82%``k3LGL&f4g2kWF<?5++f7aQHQSXYz;?i#G%Gn0oYhA7i;0j@XPSo1&
zzD*JP&Yg&Hq()IQDJZ{EpDy;%V7(e#9ej6^IPs*<c*30)QI;Kn`ReC~2wT6-9=Zj~
zJvnyrMSsVq^^XaE<`?AhRskH)vj$wf+^N><!&#TMr`p9ThIpjCOV?Kf%pkWn5E9qh
zI2`F7l!q}1WeZr$!N!;Z2M-m?a_HN3WDDa3W&6Z~fJBq`mz^|PtkaQ^P-cb~Iev1n
z_<Nl$q2Fwpre&j!%QnQTm;M4u4))^-Z&P@n^JOm}feJ(UjeuIDW35#V>z6B@MDk(u
zQ`S+7Fv!P7C8#`xj5AN#7FvN~rifO^uwXI(I1|{0`KRr-HRE72l<$b+mj+>skCHo&
zpRqa@w&C0|(f?FFlk|`bprz`QyoxeZcB+C&LNNtIpz=^hLcA0ZH$9A?HwdI;w8ff;
zk8=~U*XjGR$S2Gq9HP0=X5-S<rQKH-*4j4^)1o#SDo<y21k<%LYaH(0&udA36wDlf
z6M2z({pMFb^4Ed2K{WxK$Tq4)rmikkY)>W*E#@&0*?H<@qAIekRAcItx)t*FM!N*l
z0I>|xwPTN<AIPfm#6&-lh5{y_tHAD7E1Z3J`lcb1Mk?gNMWDXnnzvtr!u;NtlVp7g
z*2k<rU<8g*Pw+e3Ex2Q=(e2K7Tw<{8joc#CtQ?=j<q8FeR|lBgWWL+y<SESbFW2-b
zf7^ffL5wu;E#W>^Xb^m)$buG4E#>=N*DFc`(wI-aKM`u=q>&W>+t{|=z+cDDW#IzQ
zH-`5a>9a9Lz9<gytJz|h4kK?ZOWBFJv?7s>(xR%*Iqn`U_o?3j&1mGt?0i}{lUJ^x
z0}M7?N<XEf+xXy*w>Ty+&2NIJDde#s7`7m?<D=Xu2#P=i-svD|oPD|uKqSRDoq10B
z>d4E}o@Rc6T3qRs=fVvF>Y=;E2a$QP8m7@6J!qFt_L=N=p|$N)iFg@&acM)}i$^Gv
zz)(Qal(Tc=NRD=!>7M^Xx+i6<^Fo~3r7ZeDF7wZ=Q3ou&YfZv(*?NV_F`gAte78k8
zuH3=?^>Z7T-S0Y4WSX8{|AGIBs@OVi*28GQ*A2I!nl(oD<xFls0M~|#uyliriUR{D
zNCCqu)9Gk?C!DvBj%9^)C=7%PdU8*nfFtm+THC<uZCQ&IaFYFqmwsh7=_e8ahqqSx
zSS2{NpsBkF?F}o)v!sgh{4s9*kV3yyeWGYk^W{F7;^%n61~uTPl46o7Zi~JLE#yGl
z?ptYpQU?vJuI=PHWADptWE+rWmE5OsHx_oGmVdB8Q?4e21HRm01*HrU?@T(Ya^`r`
zTg)$c!DZb8z6N1Inmr_@;0BbXqw2NE8XRwEqxx$W$EOMQr_I{zSqww7o!`L{oZeYC
z{w8cl0K%p!l+&?B<%TH^Mj}sLU8U~h_&cipX`L9a(|0jG!$RpWf@gX#Qt#yc7!jI-
z-sx24=6Mxz#~&D7o0?KVUtnZM!HtOk$5iB<Pq5ImUBc<{hsB`Ji@sAG8B<L9Ib!pl
zfuL?O1Hhn!MsUb3guPB0|0-~BZe=V|9T$c5e9{*o!<-zvjMO&pOOy}@{z2E3O7Z3S
z0H>m~SXeuz{g`bA7=t+b2uOD1sMutGq3>*W>Ko)zljnlndSWDIvijCPYgq2siYe5e
z*0U*A-_6T;f_PFTYf5sl3(T+)Zt+ZtmILk>aM5ZEssWkT>0IbHX<GX+2f|&sut~vo
zQ;x9-{AZukDm5!`H)&PgR5)YR{_P3no^pC<S%dQASH2XYkUHgx?F?0_;5wYR^gXJ@
zM3~%c%`Gpf2Vw^8dtasNbI)TamcFigBMZ(Zc9yAFXjOAOy=5Mz`<3$0sG9NqXpp)i
z#wWxOc+bf%JK&cFR|oH`3@#|>o}Ief1%}QFasnWy64+259D47r_~coqrumTfyKt4V
zB4tV;7u0U;dCvMm9CGi|SD}ub0g+LM@{5aC-3;_a-`5TvNlfCGUr0NZIn8;#?x`uw
znw_kSgU`IT*0$&H>kz2!Io={%ZpiHExP3g~(M~aeIrU6vzL5vnZR!AHwdKvqhcl`?
z-v2jZG2_e;auNs{BBoGhDOvy3*~bz@Z3ZUHdopgIh=ac>{qw<f_mB1;3|9V?;9U_V
zX~UgIkRW8y+~T~Ys7TQC)GN$ovDoLdd-)Et)+e2X)sO*9mk_3+Xt7xp11-T<oTti^
zJ-c;XIl1oA4`)ACdt0ZTWJz>RmGC_LSR>HFJ-0DCsWso2=5LC8zh5LlM+3)l7C&<O
zAgt|9)<0MODn>Tf9c``!?9agGhN+jXit<?+f(G(P2{8@B?R!khMSF1^sL&T3M3Pfp
zk;t$CW-5oDoe~=e!FF{$x?gRaS_}?MtDZvLBxOGD&y{a7jZNZ4@tpZw93~XmY5x0#
zfJjHK>&<vZZ7{nI9#F>(T{NR)*Y`ZNdRB&N_li1cUrIiokzEH<*P8W>69s(xLYy2e
zIru8qwF*2?`)egk?5}M2Bc>$9DEzCfSJiI@7U}27{`~T9Np#(BN(5k5shRGTCGt05
zV9t$*g{G->gGthVl?^sAeM~*KpR3(#)vZhUD-%iv>KdJ<kP=H@e)=SI4@xJZ6>gtB
z`O}{;Zr|%xs<Z#8a$U2+mWL+Rb3cnhm4E#;AcmjBtD|+-QS#Sx;|M?o$qavTr|fSu
zd1of}$<pP}?G3Z|`EY{JXRncXxo_kryEY`UaeIS@rE6#XR}SLV2MDHbI7f0`eVGH%
zxm&zfo|=69mh%ys*zRagHb8{Ff=b8ZFm;?+)Xtw&0?aWvGKOTp{O9urj*ouTJU$ry
zslKrNl5AKg2*=1Zx+Un_fREr|smfgV*WN0#?Vj7tZ(k04pLL#nn@yYk4TicuQ;?cP
z$T1))+;n!&PqnZAIqkuM+UeO~jce|vi{E!hi4baD$^K0Zs5aU0#B-zyfJ>`!QB|&{
z-o3tAnm8x_`B!zidmfepzr7B8noOutc*4n-xmK>Jo#OpFWXUCje~5B?@si093i5h1
zgZ(u$YKWDr2}Q-s_AauC`O<k4=8f0y^5#CV;{y#c+N>i>fkd*ixPw;0-Voo&#M*qF
zgqnfME+nSpfZsGEP?39CtmXY?jK!jK_v`2ruL6J6(8;-F49R`3jv4GQ*Lv=~?$MCI
zGQ-6d%NS;)3~jZt$((*AKttx`6#V=m?3kdzinLf@=y$ar6SZa!6ZxZUIICcxcZHqX
zwMjHkH5x};Arpr@ESVjfRVC#uTv7n{lK)xQL?>2pWDV=2py@MslJR+WG|yLr!`@;<
z&g3~!ITh)>CH-~LJt~xU=K4b@M?};Bn9`RfxW?U+t`m!6G8rpaEtbHB);G5te5>>8
zilwjb>xphYy3B$8xOjpT5S%zG^IEA49-62!=2%UK85y_kPyq<5QTY3H#4010GfAAc
z5mNG;+i$Ore;v<>wy=fRAznpSz_$qyz6V`GZtH-J(Y=F}7Ol|++;&6&>P`ml`C2N_
z`T0R%_?IkahbO2{G^qR|nv8#CpRZ1sIw?mePxM$y-y>=Li#vnE+RVGUJa>z=-E{~~
z5qI8LJcMe6Fh8i|xAW4%fP^KHU?GlZKL5zPtJ?BDv?t<Sos)0TjKCV~JsEATv<;N=
z`f{q(y%?ul73FKETiUs&O906p?cSh%2H(8zyLH$32*$D0eE3v6`Yo)5aKM&|2s^mz
zYo+FSI6N=}f26=_n<o_W35<>s;|<PTYgqdYlm&uFLf7I+?FDT`p1X{{Z^>zGD@xgc
z-QdYd(8becsFJVzfcBN|eWfMn@tcEz^M;(ygp9O5bI&xF<U)~u^1^34tREioLUSVe
zg4WyQQsdQjc~LGX2V8ihg@jXMBo6EwX6qI7Cg+njT}ddR%?nJIKx3##GQm?F29jJ#
zVaF2gVNB~EE3h}1+|(FdsfTreYgO~u5F^~I8U;zgb(~kdQLN6TvT2fpq_hJr+@yCg
zf@+@ah8M`hK1M!vuY!JD6C^cx*Yd=G)h*opNUdPAy`FMB!wmIur$7~rvL-d``PaOH
zdXo-Bld$P<CGfxzfK~2w*Su9ly~kE4^Gj>uf%tiiD>ei66lQrkQ3(kPUO_D);~?SK
z4`-UhgntR5XG}ncADD?V`??qm2{CMm58>Z+#nHfMbkcLJRb~@)jXP7X*V!E!HxK#Y
z*69uUzFe{J&Z*6DWvZ|!f^;cqPIl4@Pxq{HW?5=Zt!}25hdhy>gk^|V?;9Q@z03-v
zFh@geL1;(3;s=SMG$;PEz<28!abg=72DXvw5a`Eb@9KpQ-#Jy)PnRjYx%Vx?SdBE*
z1C{9LODXm10r<BVrzh9?vJkA#Q_5E=Fwcu5jW#HI&L^^;f7y^3m7o?@=*EVxFLLB;
ztMdp1kA;q`3K*)!@f2i4{t;dYiQXDZ`Mf1YjD4$pA?PtwBcmpm22bl|V&ShJVT#h&
zr1yv^Q|~4OhNg9vk}JQtgL4<0=MdbB;pV(rgo6|63M~(=$pKUq?6jDvccMe2c&EBw
znBp<&Kb@BjZtS#58(&+Eg;h#S;<Rh9>2u0Qc@A}H>*x8IQ8TWH$5TVXh8^USuie_b
zppK=4UlU5IYd!l!-G%kFaNlPUa>`=1nI0P7><%8Ybw@EolGGAtbDz>my?&sRha<tT
z;mi5txQ#-2dmu9Z=YP-<AVXhg2*qlmmAzb{n$PU9fgct0L>M7VnfKMsg71SI@NX_3
zwUwEe@TQph0dv2s{5rF7kk0asl%bNF)(a-jZ_Zct_@rdlZw{B$?tE^q35myMr}g~#
zfx@UQru|lKDObuQ13+6;=^S9;M09N+;wUfAUZb7!s{n=(kCg%<&VKJy0}v%Tvx5}l
z)o-63A<m=;F+!s`?i~JX?W+8tg54P`+7mGMl_J+48QJJPOdnAKxl1G?4K>P?QHs1j
zY$8WRjnss236k=e6>ImBii49P-mCl3679JD;U!x$LY3$USs0zkv88jw7WB2Uy$aHG
zAD^CQJYDqiwz$@Wc}2Vx5iV2CSK^C|=^84EI4O1RDhlCKlIKjeb!?Jbko0M*P(Ik!
zO-Td0uS}ZgR1WevQ<k#LPUilCat*bzw!c_Axv9m&B>&ABK5$_lz9p*Cq!oCAX`;rH
zve@y$C}AqYO&uQY2}YT(KZ{J@!)SEG+Z<KR-X+S(<=kh?|75EY;SYYexrE%3wre{w
zp^Yx=t*K=PEq`8gHe$BFT_N?OW%(nD<ShQL&k7+?PWlp6EN8mAuC$&FAzdb3`JK+#
zf{Ae_riU?B<Pc$@7OLP00T=EQ#|e8;{2;YS7PgC0JmvnpfLMZeH432cv;jnCXnW^|
zr1!98d5_oR9r>F=_ygEv-#7`6oIB`9PKgF<ei23X4i-4rO5XIGwc>fGP6mYB{Z^DR
z<wQqV5n8H%QRAaxH5$&*L_gZ3s8y@5h^E|{BxoP2deb!R@w}72myvmcsEkoV$FJS;
zx<WjUDrn^x+41T)6FRfB)Z>yH({xL%<p@Wl9z>z1SLXZiOZZXx4(MV-!e+*aJE5g@
zpq_m1x<l~e$vY8F$>)^v8f@c$;~HIXF|!`K#{tgj6jNTM&Pgjs@^Cl(51e784ZB+1
zmtAOU;zkd>(T@5gozjC(5&Ryk-eNpBB2K@rjQ?dg|9{cz@!!!6;A_rM2ZidQDZ871
zg=*a4r;GK1V=-=KlP>a3)w`e#u<H|j+H}lRRH6i=U@y=@#Q(lry~!tve-*5tEa3PE
z-yeKlg{ur`<Mn81M08(Ib4%2A{zdt32i6=lsbYz-@a=zEumTpoXrK#OyyNg%-B#Nx
zTBCPv7Ejq2(rt$Ene$z5Gdj;Sv22CG_`Ekn{`;0EVShfI#ctCb<b4A!<d_Hu#CUjW
zvnwt{Uv(aVvlFM7?3-?Ms{+og-{{A`^<bmUTP|$s7WqJm%`?5>2dlUx@eq;BKV|oP
z7^O?q%KgoPI^|`&y4)4~(u;PrQm;BuM~&u_J^$8@|90EWg$!U~j~k)Jt?Ku;dD+pD
zyGNvDQ(~p`{r|AsmrtI-Yx@};m6LM;w_aa{S^oGVvvokdt{B2YYW_OpvCAL%`EPgH
zw}q7gW&KLiiDwGH{*ON_{xwE=wk6*4#lLIYC~YJGp&y#KLC43YX1}F=Qnu{Zp#7GF
z%n4xT@#WKQeaCnHH`9K+Rh{zHj$C?;xy-B~Zql#6>DvJZKAS^&UoZL6Kxn<B)gmCx
zdnBIwH%mS`zWZ!Qmo;(Yx@eB{k;}j3b^i?gqP_d_c^$C_c`VQ5A7pF-ZofZidtk|B
zE_vTZa6a-P?M()vSt%`*i1_p0<#KW7^g{mo1bp@;yN$dd1OxM+-|o=gDu3vYm{by5
zp`5Y-Pcg(IZt<*Vc+<Rh_Bg^S_Bf|fci=y!xZmG})YEciR9f{-eEW-MiX+vv1qizk
zw+&Mu1XKH`t|K-xsQGrMh%^bM^3;&P@f=JS=Ga5wuA8PJ_IHWhv|3fgmMESc_tbdr
z`Rl80kyZ24DVR_pJ;#6ETeOc2vXek>JjOFu;2XlW4F|zGOV+zmhX%kC|G8FxW+6lM
zR9xQLQh0AN1zE#h{o%IJkmC}OkJ15{m~de+l?eGh3mffsYk!d`@a3vOroV+xVT#Cw
z>Dk{ePA~RqAW-|+3c;dN-Hs{FX$aE^vk(^{F#3ShspNbzBgT#s5}Q(n(CH!gr$+vA
ziTCR50%Z<QyoV^)=(XeqII-J^JLOD-b#S0$^ue3ANc+~&fI#ej{$Q_THlrCTz-lkN
zA-XMMQ{d+Md|SjNtUDaMzW!oc!n@!~qxZ{glw_sIDd9&$!0TT}1MEFd1N^8+rk+{?
z{MV9H?e6Mz^y1rFY2GoR=lUP6J70|Y%zFUn*j@8+2IzO-CMX_WEc6Ierb256mF4Ds
zZlYf~C|C}_+h%e9Cq+j8%dHexWIt#&nC(v9z9_bHt>zvzG<#&ks(U)5_{^`k;-cc-
z?AD*#c`@CGEm_miQ>rRyZ_I6Kp&*aiMOo7mpaDg&H$%yN_Ejm~z}Q)yMFNTV%XXV>
z$?c0bs5(9$hH*JsWcP`QBdLAW9}s<?4Wy$piuS&DQuFVzlEli$kMO-(1iGsbS$BBi
z(fgGpC-GRh3SQ$Q5pqFWSMThs#5eg<B!hbrJ9^ej0p$r9z?F6V2wd{A=5!g@XfpPI
zQ<wBY1^=8i53=LqldD|A2j`g#A_BOSB`BHD9&&W?kBp^VuO<t7qYo9YX?@|P2Cx@F
z^4XnkxRqcH-~df0acoCNjeCF@&ynw~rY6{cadldeT+F_?Y04(>Udt&dBKLr^OlT(q
zmHy@3F-4>F9aSS9K#|RvY}3qkyYMP)*ha}RKs7Frg(C^wPXKg8jq6BrtiSzqvNrx`
zC>33HgWk*tqjqr$W?c{1iDZYO_Fn2oqgse3^CuD!v*ZZaQBnvlck`!EbgK}#z_oVP
zc+wsbC+tI&V4tg_FT=}B4YignAw8t(l|&|4m3i(|B^<givN|s5w(-oX##s)%)Lcs}
zC$=DzeVal{!pTx5ROaW+Ic{<CbPkA0Ky5I&xflT9EtD=FFa2oOcP@^mY7g2R<!*^c
ziRetNbp>a=OI8Eqt-qxRoFE<Hc`pAxNNNdZ1hs#)7;5xl6nLgW6s_JbK9nYA)B6zK
zU@gc-hsh$`&a2P5^Yz3e=dr>u@^<0ndjuigBsL;b?>s|qZ9n2uAD|*EK6&aJsql=t
z?s1uq(!{Uh3}8NWcE3hRW9~r6x=h!0wng4992xO#`T<&j%$n)jfVP&y3nd0?TE<?D
z?lY#^%u0^;AhhC=3nbLb<tSmpfKLBu`GZ#>^Cway?gnhc;;E-k&xrbm19l1)BD<5N
zvyx<{KT=mu3{JcXcWsQj)VeSciJi=Pqqg|x|9I93ZpT~Ez688sYhOd~lT#NF`p*Uz
zDE!xj!rY=&`1^VL&_Y0m7PyI5(WtBXj|2ww<vue0gW}DlMCmX{zc40uqOHRNMy^(>
zit@Yr`cdx=@bXWC!1yW31urQ=UA5rmoGyE1?BgDQC#(0QR`UHJW$!9_>r#$?8<4py
z0gi$4mMiY&JMPl)N-jI12kisvqZ}294M5Uk`MFRqB?5Vo1#Av~Vd5Mxqg6BBSCE71
z7hq$C*2(<5NgszGX|zdD9;HSj9exk82-Gx1S3rPacwbh~d-{<S0~YxaxI^NjkOEJ@
z*}Z=3%AMpAH<9qg&r%WCb!o<JRRHr;^-48fuVw{ScW3%CKy)V@zmhs?F>MOSuMO&p
zh9_JGF;m&1+^LR}8{&op&Nb0mw2d5~!s^KK*S?Lj__bvTKQ&nb+_BL}Voy*3<m?gE
z3%tHS9~<!cuB6_F<OA;T^|i~F#hC3F_EQ0|_{V@_ec}g4{%9#mUU;QwHR&OG9kqz6
z&Pi!2Fm<Wf7EtD{KhkAR88Na?t(Dwo!=m*L&Ga#$&w4}H9dKP6Ko_o}NZJKiV7s2X
zmh#G<9Z)1i+qvhRmx%fNVe)%Z5(#Fiy@gZz{8mA0lB;6O1>I#>JNbS<nS=Krh&AUU
zG3{u3FeM>9{p@_@Qyw&RnG}dFqnbB7bruG;kfyx3#s+HI$s%|K!0AzaqwSLmQU~)E
z{WtAk(T(#&nRiFF^E=-y7eX9JF^{-P{p^kvjF>+LT(0K09CWC1e8}><DmeN<Jk*~y
z>@nNz4m*DKeTlUH45vX<>tgJ^j?e@-@{%qd-iH`Ux(gJ*fgrN05cF`Qro!Fm8hQfB
ziIZdtpes_%M+MerXg958A#a<KYUW<NL-*+bopv6o3RdGyMjfG_m^Mk8q!*}TCACl_
zHMrb$TkPmc0D<fyXQvT-$s?#2%!HD>c1y^eJPo7c<#nm~iAwaMi^ld*+e*D!Sy8x2
zj;B)9DdX`}rVCkwh-2d>ulu%>MUf8>c(Cy@(b3l|s!LE?n9}QwLJY<`v?+fgE3Gn9
zef+eHVP{#tG;fN+BPlOVTmeJ`$6N{V-O~F8o_*lRzsC?k<Db-!YS!T{5-t)ev7ax+
zzL11nOknES`u&Ggf@AMt(0GQ&{Q|FehJ0xwn0n<dzUa!9F<#760}KqqcEsrvJhTNl
zz%?i~S7zhxn1%)N;7sC#o;p=_((%m3+IAuI0WuJRBd&z)t_kSZV+lH^ET+NC&-a!4
z^bRy^3H+q%pfAVqo;+#jo3|zI|LX&SMo)S<6}b%Dm8XAvc}SoB0Fa^&D@2r_BO~tW
zE3sLg{p2<zxFBw-#2C3<!XX5iL9xTF)}1;c#tl1AiW*N1i>`Z4=>Zk5^@+9^R7#(g
z4DV?5vHeICg*<y!XnRcqt`P$|?tpd>&M9VwCPl^gXztZN+Zp}w5%3hkAA8v4=`uly
zl%Pj+pI2{vFd=y&g|PzqT`l0A6AQwa5IZKeeYj-3`JfFi1DSZI4E6(PgOHsdI^>xb
z*RPyAD7%mCP^cS%P?gj^(FFD=Ui^f@Ya^Un2`!_Nk>@~{%88hMuX@`$BYwm?NGtvQ
z*$@f-{d>JsN9_z8K%$^taH|67<I{99_|6>NTB`%H_)APXWGc-u{^`eCG2RdTZPaw(
zLEj7+VTBeiGb@PEUo|Oy(Q5WZju<Zp4oDEGyp9h?nV?`L{T0SKeqKmXYJ+1PwUXyf
zXI2|#JBg|3ia+lN_7@5Lb>^(JRZ>jwrzL5XyZiLSZ#}Uw`tr@dt4L#dXYo^d=K1Wz
zTh=-c$%2DJ>F%)nEHq&KWN{O;ydiLx6f?+?Q&eA6{$%1zq!;udARc?NpDieqPI#wn
zWz|_yi-ea4evL^+rd9i<PB(SgXn;H@5UroljqmiTJaw9?<b!?j1V^r8IFIJg1bvGn
zAtLAid*^OYDy~%L7&j6L?KAC@!PqgHr^QuH4H=Vwb0GSITO1Zj$jET36N}0%QY8V{
zge3#TG{b!|Qt7_YAQJ<r2TC@j1hLB$ynQO5lp8SSNX)a{uOS40=#h)TF<@K+v<KK&
z$DrVS>T+_@uSH&Z$)VWY*|g<ycKMSW-`9Ep=VM8pL91|EhVTnkcJs3z#O?wrztB;W
zZG#erM4*5p=k3@nL>DrYxmtQoo|X=uW<=&*{4jl6GJW{5SB}okpg7U|!&`#|!OU1h
zt1KpXrd{Y5O&Qj}YgVhKmK$E+!e#No0Mvz~qBJ4H<kI&7j^5U*6Gt|e1$&zr!lvui
z>kG*mUnkfD*E5-klZgm|*8AKQO;d*WkAE81L;^+=GiV}AqEz#!5O?3|yEpA8lCY=U
zf_p(!iS<(~e}9=chAOUc90NWQhby%6xWK?3Tf|KAMK7GJordTru_Im2U$g+(1&X9~
z?VKpDUj`)ONA%%Am@=iCfFL&9=o(URTJl{WrL*3Gw)_Kzln#qVS-eM2vuaVzFdbA6
zdV~7T;FzrdZaH;+mwS0jOEs9F=dPiaW?2akkiB2}u4Oy!b9!er`R50^E3fcmiG>*I
zzKwBlN|r+&Qsy>q9hD^edLiP^iGWrR<+ENOI56x<DEpmvutPT_Z9rU?qxX^e$&AN1
zSFXRQGE^Aq0=2HI-jzI&Hrr#|TkRt+=iuI`5nAN(SkzYNi@?GdYDN@q%!tD-f@{L@
zd2mr(;vu2ERTpFds#V~B-Cwff)vBrHl+Hi2p(<CEG))<_3Zs%)1<iPNcootso1A(>
z*FfObA5Bh?>m9PxRFU-FE%tK~tyd#{5EwQc$&od!Y`4JUaM5Rq>081n-Hvn7adu-y
zr4LV?8(*=}s!M#SLEY4t+;*S&NZs_#+<pW4jc*xMoE8@B&l!^()l3wdT{$@%Ek44y
zv=gN|!aG&d@@&bp_E!Q?|6gIhPn`6jMwiE`586ZNx!cV99@N5L5|BHmO-EE@4u!UX
zMb3viPKqgrRadF3E%K&fCP{K$UW~Y!0rFA~@*Yoez7X79vAIE;r9rc$ofsb5x%{LF
z0-rHpB}l$*s&zlXFd`*tobt46Vf^V5-{8=^gea-)%Uy{|`%S%;WEA6v(myLS;3Pml
z;%X=A&3RR~$I3p`*$Jl0mbt`E<<jMTZqS%`?bCB=F3CP3HplXPCsWo-XYbmOI-r_5
z*~+i)?)slQmJkV3lFc%*j;>Dr3$0N%^Tl6MkTak$!B$T+_hQ6_dxmHJ_TP7XSbya#
zg&NGbeG30*mHwYw6#r%cmzLhU!=(-05pqsGR%E0nOO-_nR&juD&2GFS0JcF-lQKR(
z3)n_t@wqrhk@@G}Q8DDoIo8=>TAOxF^QQj*95W%mXpA76%L4_d`1MhfqG-r1kXhbp
z<@#v#1sd4R?ig=G&zW4#?|M~?F(BT<!CtKcrevv0Z<&DuY%)-=u>C)@BABB-+8?2i
zWuF~T72Mnbz#q(MPrLcI@<gEYK=hw|!OZT?h(};*$qNx_THtvDUvBV^;U7PO@xtVH
nYhXmjTfo_Z0NRQLuOx-V1|6hs(8>Xw$u|_9s>qg08wdXvKulIb

literal 0
HcmV?d00001

diff --git a/windows/threat-protection/windows-sandbox/windows-sandbox-overview.md b/windows/threat-protection/windows-sandbox/windows-sandbox-overview.md
new file mode 100644
index 0000000000..665a5d5850
--- /dev/null
+++ b/windows/threat-protection/windows-sandbox/windows-sandbox-overview.md
@@ -0,0 +1,370 @@
+---
+title: Windows Sandbox overview
+description: 
+ms.prod: w10
+audience: ITPro
+author: dansimp
+ms.author: dansimp
+manager: dansimp
+ms.collection: 
+ms.topic: article
+ms.localizationpriority: 
+ms.date: 
+ms.reviewer: 
+---
+
+# Windows Sandbox
+
+### Overview
+
+Windows Sandbox provides a lightweight desktop environment for safely running applications in isolation. Software installed inside of the Sandbox environment remains in the sandboxed environment and cannot affect the host machine. Windows Sandbox is temporary; when it is closed, all the software, files, and state are permanently deleted. The user receives a brand-new instance of the Sandbox every time they open the application. 
+
+Software and applications installed on the host are not directly available in Windows Sandbox. If specific applications need to be available inside the Windows Sandbox environment, they should be explicitly installed within the Sandbox environment. 
+
+Windows Sandbox has the following properties:
+- **Part of Windows**: Everything required for this feature ships with Windows 10 Pro and Enterprise. No need to download a VHD!
+- **Pristine**: Every time Windows Sandbox runs, it’s as clean as a brand-new installation of Windows.
+- **Disposable**: – nothing persists on the device; everything is discarded after the user closes the application.
+- **Secure**: – uses hardware-based virtualization for kernel isolation, which relies on the Microsoft’s hypervisor to run a separate kernel which isolates Windows Sandbox from the host.
+- **Efficient:** – uses integrated kernel scheduler, smart memory management, and virtual GPU.
+
+Windows Sandbox was announced in December of 2018 via a Windows Kernel Blog post. The following video provides an overview of Windows Sandbox.
+
+[embed Ignite 2019 Sandbox talk video here, link is here: https://myignite.techcommunity.microsoft.com/sessions/79739?source=sessions ]
+
+## Architecture
+
+### Dynamically generated image
+
+At its core, Windows Sandbox is a lightweight virtual machine, so it requires an operating system image to boot from.  However, rather than giving the sandbox a separate copy of Windows to boot from, our Dynamic Base Image technology allows us to leverage the copy of Windows already installed on the host.
+
+Most OS files are immutable, and we can freely share these files with Windows Sandbox.  A small percentage of files are mutable which we can’t share but Windows Sandbox contains pristine copies of these files.  A full Windows image can be constructed as the composition of the sharable immutable files on the host and the pristine copies of mutable files.  Using this scheme Windows Sandbox has a full Windows Installation to boot from without needing to download or store an additional copy of Windows.
+ 
+When Windows Sandbox is not installed, the dynamic base image is stored in a compressed 25MB package. Once installed, the dynamic base package occupies about 500MB of disk space.
+
+![ALT TEXT](images/1-dynamic-host.png)
+GRAPHIC 1
+
+### Memory management
+
+With traditional virtual machines (VMs) a portion of host memory is dedicated for exclusive use by the VM.  If the host later comes under resource pressure, it can’t use the memory given to the VM.  Nor can it make more memory available to the VM if available.  With Windows Sandbox we attempt to treat memory more similarly to how memory is allocated to applications.  All apps on the machine can request the amount of memory they need.  What they get will be a function of what other apps are running and how much memory they need.  The amount of memory available for use by an application can change over time.
+ 
+### Dynamic working set
+
+When using a VM, the user is effectively partitioning their machine. If the host is under memory pressure, it cannot use the memory already allocated to the VM. However, applications in the Sandbox are treated as equal to apps running on the host, so when applications in Sandbox are under memory pressure you can give more memory to the Sandbox (same with host). Guest physical pages provided are virtualized, that’s how that works.
+
+![ALT TEXT](images/2-dynamic-working.png)
+
+### Memory sharing
+
+Since Windows Sandbox runs the same operating system image as the host, it has been enhanced to use the same physical memory pages as the host for operating system binaries via a technology referred to as “direct map”. For example, when ntdll.dll is loaded into memory in the Sandbox, it uses the same executable pages as those of the binary loaded on the host. Memory sharing between the host and Sandbox results in a smaller memory footprint when compared to traditional VMs without compromising valuable host secrets.
+
+![ALT TEXT](images/3-memory-sharing.png)
+
+### Integrated kernel scheduler
+
+With ordinary virtual machines (VMs), Microsoft’s hypervisor controls the scheduling of the virtual processors running in the VMs. However, Windows Sandbox uses a new technology called “integrated scheduling” which allows the host scheduler to decide when the Sandbox receives CPU cycles.
+
+GRAPHIC 4
+![ALT TEXT](images/4-integrated-kernal.png)
+
+Windows Sandbox employs a unique scheduling policy that allows the virtual processors of the Sandbox to be scheduled in the same way as threads would be scheduled for a process. High-priority tasks on the host can preempt less important work in the Sandbox. The benefit of using the integrated scheduler is that the host manages Windows Sandbox as a process rather than a virtual machine which results in a much more responsive host, similar to Linux KVM.
+ 
+The goal is to treat the Sandbox like an app but with the security guarantees of a virtual machine. 
+ 
+### Snapshot and clone
+
+As stated above, Windows Sandbox uses Microsoft’s hypervisor. It essentially runs another copy of Windows which needs to be booted, and this can take some time. Rather than paying the full cost of booting the Sandbox operating system every time Windows Sandbox starts, two other technologies are utilized: “snapshot” and “clone.”
+ 
+Snapshot allows us to boot the Sandbox environment once and preserve the memory, CPU, and device state to disk. Then we can restore the Sandbox environment from disk and put it in the memory rather than booting it when we need a new instance of Windows Sandbox. By cloning the in-memory snapshot of Windows Sandbox, start time is significantly improved. 
+ 
+### WDDM GPU virtualization
+
+Hardware accelerated rendering is key to a smooth and responsive user experience, especially for graphics-intense or media-heavy use cases. However, virtual machines are isolated from their hosts and unable to access advanced devices like GPUs. The role of graphics virtualization technologies, therefore, is to bridge this gap and provide hardware acceleration in virtualized environments.
+ 
+More recently, Microsoft has worked with its graphics ecosystem partners to integrate modern graphics virtualization capabilities directly into DirectX and WDDM, the driver model used by display drivers on Windows.
+
+GRAPHIC 5
+![ALT TEXT](images/5-wddm-gpu-virtualization.png)
+
+At a high level, this form of graphics virtualization works as follows:
+
+- Apps running in a Hyper-V VM use graphics APIs as normal.
+- Graphics components in the VM, which have been enlightened to support virtualization, coordinate across the VM boundary with the host to execute graphics workloads.
+- The host allocates and schedules graphics resources among apps in the VM alongside the apps running natively. Conceptually, they behave as one pool of graphics clients.
+
+This process is illustrated below:
+
+![ALT TEXT](images/6-wddm-gpu-virtualization-2.png)
+
+This enables the Windows Sandbox VM to benefit from hardware accelerated rendering, with Windows dynamically allocating graphics resources where they are needed across the host and guest. The result is improved performance and responsiveness for apps running in Windows Sandbox, as well as improved battery life for graphics-heavy use cases.
+
+To take advantage of these benefits, a system with a compatible GPU and graphics drivers (WDDM 2.5 or newer) is required. Incompatible systems will render apps in Windows Sandbox with Microsoft’s CPU-based rendering technology (WARP).
+ 
+### Battery pass-through
+
+Windows Sandbox is also aware of the host’s battery state, which allows it to optimize power consumption. This is critical for a technology that will be used on laptops, where battery life is often critical to the user.
+
+## Install Windows Sandbox
+
+### Prerequisites
+ 
+- Windows 10 Pro or Enterprise build 18305 or later (Note: Windows Sandbox is currently not supported on Home SKUs)
+- AMD64 architecture
+- Virtualization capabilities enabled in BIOS
+- At least 4GB of RAM (8GB recommended)
+- At least 1GB of free disk space (SSD recommended)
+- At least 2 CPU cores (4 cores with hyperthreading recommended)
+
+### Installation
+
+1.	Make sure your machine is using a Windows 10 Pro or Enterprise build version 18305 or newer
+2.	Enable virtualization on the machine
+   - If you are using a physical machine, ensure virtualization capabilities are enabled in the BIOS
+   - If you are using a virtual machine, enable nested virtualization with this PowerShell command: Set -VMProcessor -VMName <VMName> -ExposeVirtualizationExtensions $true
+3.	Use the search bar on the task bar and type “Turn Windows Features on and off”. Select Windows Sandbox and click “OK”, restarting the computer if prompted.<br/>
+   a. If the Windows Sandbox option is grayed out, your computer does not currently meet the requirements to run Windows Sandbox. If you believe this to be a mistake, please review the prerequisite list as well as steps 1 and 2.
+4.	Locate Windows Sandbox in the Start Menu, and click to run it for the first time.
+
+### Usage 
+1. Copy an executable file (and any other files needed to run the application) from the host into the Sandbox window
+2. 	Run the executable file or installer inside of the Sandbox
+3.  When you are finished experimenting, close Windows Sandbox. A dialog box will appear; by clicking OK, you understand that all Sandbox content will be discarded and permanently deleted.
+4. Confirm that your host machine does not exhibit any of the modifications that you made in Windows Sandbox.
+
+## Use a .wsb file to configure Windows Sandbox
+
+Windows Sandbox supports simple configuration files (with a .wsb file extension) which provide a minimal set of customization parameters for a Sandbox. This feature can be used with any Windows build numbered 18342 or higher. 
+
+Sandbox configuration files are formatted as XML and are associated with Windows Sandbox via the .wsb file extension. To use a configuration file, double click it to open it in Windows Sandbox. It can also be invoked via the command line as shown:<BR/>
+   **C:\Temp> MyConfigFile.wsb** 
+
+ A configuration file allows the user to control the following aspects of Windows Sandbox:
+- **vGPU (virtualized GPU)** 
+<br/>Enable or Disable the virtualized GPU. If vGPU is disabled, Sandbox will use WARP (software rasterizer).
+- **Networking** 
+<br/>Enable or Disable network access within the Sandbox.
+- **Mapped folders**
+<br/>Share folders from the host with read or write permissions. Note that exposing host directories may allow malicious software to affect the system or steal data.
+- **Logon Command**
+<br/>A command that will be executed when the Sandbox starts.  <LogonCommand>
+- **Audio Input**
+<br/>Shares the host’s microphone input into the Sandbox.
+- **Video Input**
+  - Shares the host’s webcam input into the Sandbox. 
+- **Protected Client**
+  - Places increased security settings on the RDP session to the Sandbox. 
+- **Printer Redirection**
+  - Shares printers from the host into the Sandbox.
+- **Clipboard Redirection**
+  - Shares the host clipboard with the Sandbox so that text and files may be pasted back and forth. 
+- **Memory in MB**
+<br/>The amount of memory, in megabytes, to assign to the Sandbox.
+
+### Keywords, values, and limits
+
+**vGPU**
+
+Enables or disables GPU sharing.
+
+`<VGpu>value</VGpu>`
+
+Supported values:
+- **Enable**: enables vGPU support in the Sandbox.
+- **Disable**: disables vGPU support in the Sandbox. If this value is set Windows Sandbox will use software rendering, which can be slower than virtualized GPU.
+- **Default** – this is the default value for vGPU support; currently this means vGPU is disabled.
+
+> [!NOTE]> Enabling virtualized GPU can potentially increase the attack surface of the Sandbox.
+
+**Networking**
+
+Enables or disables networking in the Sandbox. Disabling network access can be used to decrease the attack surface exposed by the Sandbox.
+
+`<Networking>value</Networking>`
+
+Supported values:
+- *Disable*: Disables networking in the Sandbox.
+- *Default*: This is the default value for networking support. This enables networking by creating a virtual switch on the host, and connects the Sandbox to it via a virtual NIC.
+
+> [!NOTE]
+> Enabling networking can expose untrusted applications to the internal network.
+
+**MappedFolders**
+
+Wraps a list of MappedFolder objects.
+
+`<MappedFolders>`
+    list of MappedFolder objects
+`</MappedFolders>`
+
+> [!NOTE]> Files and folders mapped in from the host can be compromised by apps in the Sandbox or potentially affect the host.
+
+**MappedFolder**
+
+Specifies a single folder on the host machine which will be shared on the container desktop. Apps in the Sandbox are run under the user account “WDAGUtilityAccount”. If no Sandbox path is specified, a folder is mapped to the following path:<br/>`C:\Users\WDAGUtilityAccount\Desktop`
+
+E.g. "C:\Test” will be mapped as “C:\users\WDAGUtilityAccount\Desktop\Test by default.
+
+```
+<MappedFolder>
+     <HostFolder>path to the host folder</HostFolder>
+     <SandboxFolder>path to the sandbox folder</SandboxFolder>
+     <ReadOnly>value</ReadOnly>
+</MappedFolder>
+```
+
+*HostFolder*: Specifies the folder on the host machine to share to the Sandbox. Note that the folder must already exist on the host or the container will fail to start if the folder is not found.
+
+*SandboxFolder*: Specifies the destination in the Sandbox to map the folder to. If the folder does not exist, it will be created.
+
+*ReadOnly*: If true, enforces read-only access to the shared folder from within the container. Supported values: true/false. Defaults to false.
+
+> [!NOTE] Files and folders mapped in from the host can be compromised by apps in the Sandbox or potentially affect the host.
+
+**LogonCommand**
+Specifies a single command which will be invoked automatically after the Sandbox logs on.
+
+```
+<LogonCommand>
+    <Command>command to be invoked</Command>
+</LogonCommand>
+```
+
+*Command*: A path to an executable or script inside of the container that will be executed after login.
+
+> [!NOTE]
+> Although very simple commands will work (launching an executable or script), more complicated scenarios involving multiple steps should be placed into a script file. This script file may be mapped into the container via a shared folder, and then executed via the LogonCommand directive.
+
+**Example 1:**
+
+The following config file can be used to easily test downloaded files inside of the Sandbox. To achieve this, the script disables networking and vGPU, and restricts the shared downloads folder to read-only access in the container. For convenience, the logon command opens the downloads folder inside of the container when it is started.
+
+*Downloads.wsb*
+
+```
+<Configuration>
+ <VGpu>Disable</VGpu>
+ <Networking>Disable</Networking>
+ <MappedFolders>
+    <MappedFolder>
+      <HostFolder>C:\Users\Public\Downloads</HostFolder>
+      <ReadOnly>true</ReadOnly>
+    </MappedFolder>
+ </MappedFolders>
+ <LogonCommand>
+    <Command>explorer.exe C:\users\WDAGUtilityAccount\Desktop\Downloads</Command>
+ </LogonCommand>
+</Configuration>
+```
+
+**Example 2**
+
+The following config file installs Visual Studio Code in the Sandbox, which requires a slightly more complicated LogonCommand setup.
+
+Two folders are mapped into the Sandbox; the first (SandboxScripts) contains VSCodeInstall.cmd, which will install and run VSCode. The second folder (CodingProjects) is assumed to contain project files that the developer wants to modify using VSCode.
+
+With the VSCode installer script already mapped into the Sandbox, the LogonCommand can reference it.
+
+*VSCodeInstall.cmd*
+
+```
+REM Download VSCode
+curl -L "https://update.code.visualstudio.com/latest/win32-x64-user/stable" --output C:\users\WDAGUtilityAccount\Desktop\vscode.exe
+
+REM Install and run VSCode
+C:\users\WDAGUtilityAccount\Desktop\vscode.exe /verysilent /suppressmsgboxes
+```
+
+VSCode.wsb
+
+```
+<Configuration>
+ <MappedFolders>
+    <MappedFolder>
+      <HostFolder>C:\SandboxScripts</HostFolder>
+      <ReadOnly>true</ReadOnly>
+    </MappedFolder>
+    <MappedFolder>
+      <HostFolder>C:\CodingProjects</HostFolder>
+      <ReadOnly>false</ReadOnly>
+    </MappedFolder>
+ </MappedFolders>
+ <LogonCommand>
+    <Command>C:\users\wdagutilityaccount\desktop\SandboxScripts\VSCodeInstall.cmd</Command>
+ </LogonCommand>
+</Configuration>
+```
+
+**Audio Input**
+
+Enables or disables audio input to the Sandbox.
+
+`<AudioInput>value</AudioInput>`
+
+Supported values:
+- **Enable**: Enables audio input in the Sandbox. If this value is set, Windows Sandbox will be able to receive audio input from the user. Applications using a microphone may require this setting.
+- **Disable**: Disables audio input in the Sandbox. If this value is set, Windows Sandbox will not be able to receive audio input from the user. Applications using a microphone may not function properly with this setting.
+- **Default**: This is the default value for audio input support; currently this means audio input is enabled.
+ 
+**Video Input**
+
+Enables or disables video input to the Sandbox.
+
+`<VideoInput>value</VideoInput>`
+
+Supported values:
+- **Enable**: Enables video input in the Sandbox. 
+- **Disable**: Disables video input into the Sandbox. Applications using video input may not function properly in the Sandbox.
+- **Default**: This is the default value for video input support; currently this means video input is disabled. Applications using video input may not function properly in the Sandbox.
+
+**ProtectedClient**
+
+Places increased security settings on the Sandbox RDP session. These enhanced security mitigations decrease the attack surface of the Sandbox.
+
+`<ProtectedClient>value</ProtectedClient>`
+
+Supported values:
+- **Enable**: Runs Windows Sandbox in Protected Client mode. If this value is set, Windows Sandbox will be run with extra security mitigations enabled.
+- **Disable**: Runs Windows Sandbox in standard mode without extra security mitigations.
+- **Default**: This is the default value for Protected Client mode; currently this means Windows Sandbox will not run in Protected Client mode.
+
+> [!NOTE]
+> This setting may restrict the user’s ability to copy/paste files in and out of the Sandbox.
+
+**Printer Redirection**
+
+Enables or disables printer sharing from the host into the Sandbox.
+
+`<PrinterRedirection>value</PrinterRedirection>`
+
+Supported values:
+- **Enable**: Enables sharing of host printers into the Sandbox.
+- **Disable**: Disables printer redirection in the Sandbox. If this value is set, Windows Sandbox will not be able to view printers from the host.
+- **Default**: This is the default value for printer redirection support; currently this means that printer redirection is disabled.
+
+**Clipboard Redirection**
+
+Enables or disables clipboard sharing with the Sandbox.
+
+`<ClipboardRedirection>value</ClipboardRedirection>`
+
+Supported values:
+- **Disable**: Disables clipboard redirection in the Sandbox. If this value is set, copy/paste in and out of the Sandbox will be restricted. 
+- **Default**: This is the default value for clipboard redirection; currently this means that copy/paste between the host and Sandbox are permitted. 
+
+**Memory in MB**
+
+Specifies the amount of memory that may be utilized by the Sandbox in megabytes (MB).
+
+`<MemoryInMB>value</MemoryInMB>`
+
+Supported values: An integer greater than 2048 (2GB).
+
+[Insert as comment: FAQ (future)
+
+[Insert as comment: Release Notes (future?)
+
+EnableVendorExtensions – Paul added new option for Windows Sandbox to enable/disable vGPU vendor extensions. This is as new as 12/2 
+RailMode – allows a user to run programs in Rail mode rather than full desktop. Internal only at this time.
+
+[Insert as comment: Known Issues (future) ]

From dd88d65279dc41c295c90a0e875dab37fedae93f Mon Sep 17 00:00:00 2001
From: jborsecnik <v-jeffbo@microsoft.com>
Date: Thu, 5 Mar 2020 13:03:40 -0800
Subject: [PATCH 02/30] edits

---
 .../windows-sandbox-overview.md               | 205 +++++++++---------
 1 file changed, 100 insertions(+), 105 deletions(-)

diff --git a/windows/threat-protection/windows-sandbox/windows-sandbox-overview.md b/windows/threat-protection/windows-sandbox/windows-sandbox-overview.md
index 665a5d5850..5d5641f480 100644
--- a/windows/threat-protection/windows-sandbox/windows-sandbox-overview.md
+++ b/windows/threat-protection/windows-sandbox/windows-sandbox-overview.md
@@ -17,18 +17,18 @@ ms.reviewer:
 
 ### Overview
 
-Windows Sandbox provides a lightweight desktop environment for safely running applications in isolation. Software installed inside of the Sandbox environment remains in the sandboxed environment and cannot affect the host machine. Windows Sandbox is temporary; when it is closed, all the software, files, and state are permanently deleted. The user receives a brand-new instance of the Sandbox every time they open the application. 
+Windows Sandbox provides a lightweight desktop environment for safely running applications in isolation. Software that's installed inside the Sandbox environment remains in the "sandboxed" environment and can't affect the host machine. Windows Sandbox is temporary. When it's closed, all the software, files, and state are permanently deleted. You get a brand-new instance of the Sandbox every time you open the application.
 
-Software and applications installed on the host are not directly available in Windows Sandbox. If specific applications need to be available inside the Windows Sandbox environment, they should be explicitly installed within the Sandbox environment. 
+Software and applications installed on the host are not directly available in Windows Sandbox. If you need specific applications available inside the Windows Sandbox environment, they must be explicitly installed within the Sandbox environment.
 
 Windows Sandbox has the following properties:
-- **Part of Windows**: Everything required for this feature ships with Windows 10 Pro and Enterprise. No need to download a VHD!
-- **Pristine**: Every time Windows Sandbox runs, it’s as clean as a brand-new installation of Windows.
-- **Disposable**: – nothing persists on the device; everything is discarded after the user closes the application.
-- **Secure**: – uses hardware-based virtualization for kernel isolation, which relies on the Microsoft’s hypervisor to run a separate kernel which isolates Windows Sandbox from the host.
-- **Efficient:** – uses integrated kernel scheduler, smart memory management, and virtual GPU.
+- **Part of Windows**: Everything required for this feature is included in Windows 10 Pro and Enterprise. There's no need to download a VHD.
+- **Pristine**: Every time Windows Sandbox runs, it's as clean as a brand-new installation of Windows.
+- **Disposable**: Nothing persists on the device. Everything is discarded when the user closes the application.
+- **Secure**: Uses hardware-based virtualization for kernel isolation, which relies on t    he Microsoft hypervisor to run a separate kernel that isolates Windows Sandbox from the host.
+- **Efficient:** Uses integrated kernel scheduler, smart memory management, and virtual GPU.
 
-Windows Sandbox was announced in December of 2018 via a Windows Kernel Blog post. The following video provides an overview of Windows Sandbox.
+The following video provides an overview of Windows Sandbox.
 
 [embed Ignite 2019 Sandbox talk video here, link is here: https://myignite.techcommunity.microsoft.com/sessions/79739?source=sessions ]
 
@@ -36,56 +36,55 @@ Windows Sandbox was announced in December of 2018 via a Windows Kernel Blog post
 
 ### Dynamically generated image
 
-At its core, Windows Sandbox is a lightweight virtual machine, so it requires an operating system image to boot from.  However, rather than giving the sandbox a separate copy of Windows to boot from, our Dynamic Base Image technology allows us to leverage the copy of Windows already installed on the host.
+At its core, Windows Sandbox is a lightweight virtual machine, so it requires an operating system image to boot from.  But instead of giving the sandbox a separate copy of Windows to boot from, our Dynamic Base Image technology lets us use the copy of Windows that's already installed on the host.
 
-Most OS files are immutable, and we can freely share these files with Windows Sandbox.  A small percentage of files are mutable which we can’t share but Windows Sandbox contains pristine copies of these files.  A full Windows image can be constructed as the composition of the sharable immutable files on the host and the pristine copies of mutable files.  Using this scheme Windows Sandbox has a full Windows Installation to boot from without needing to download or store an additional copy of Windows.
+Most OS files are immutable, and we can freely share these files with Windows Sandbox. A small portion of the Windows files are mutable and we can't be shared. Windows Sandbox contains pristine copies of these files. A full Windows image can be constructed from the sharable immutable files on the host and the pristine copies of mutable files. By using this scheme, Windows Sandbox has a full Windows Installation to boot from without needing to download or store an additional copy of Windows.
  
-When Windows Sandbox is not installed, the dynamic base image is stored in a compressed 25MB package. Once installed, the dynamic base package occupies about 500MB of disk space.
+When Windows Sandbox isn't installed, the dynamic base image is stored in a compressed 25-MB package. Once installed, the dynamic base package occupies about 500 MB of disk space.
 
-![ALT TEXT](images/1-dynamic-host.png)
-GRAPHIC 1
+![Chart compares dynamic image of files and links with host file system](images/1-dynamic-host.png)
 
 ### Memory management
 
-With traditional virtual machines (VMs) a portion of host memory is dedicated for exclusive use by the VM.  If the host later comes under resource pressure, it can’t use the memory given to the VM.  Nor can it make more memory available to the VM if available.  With Windows Sandbox we attempt to treat memory more similarly to how memory is allocated to applications.  All apps on the machine can request the amount of memory they need.  What they get will be a function of what other apps are running and how much memory they need.  The amount of memory available for use by an application can change over time.
+With traditional virtual machines (VMs) a portion of host memory is dedicated for exclusive use by the VM.  If the host later comes under resource pressure, it can't use the memory dedicated to the VM.  Nor can it provide more memory, if available, to the VM. Windows Sandbox treat memory more similarly to how memory is allocated to applications. All apps on the machine can request the amount of memory that they need. The amount that they get will be a function of what other apps are running and how much memory they need.  The amount of memory available for use by an application can change over time.
  
 ### Dynamic working set
 
-When using a VM, the user is effectively partitioning their machine. If the host is under memory pressure, it cannot use the memory already allocated to the VM. However, applications in the Sandbox are treated as equal to apps running on the host, so when applications in Sandbox are under memory pressure you can give more memory to the Sandbox (same with host). Guest physical pages provided are virtualized, that’s how that works.
+When using a VM, the user is effectively partitioning their machine. If the host is under memory pressure, it can't use the memory already allocated to the VM. Buy applications in the Sandbox are treated as equal to apps running on the host, so when apps in Sandbox are under memory pressure, you can give more memory to the Sandbox (and the same applies to the host). Guest physical pages provided are virtualized.
 
-![ALT TEXT](images/2-dynamic-working.png)
+![Chart compares memory sharing in Windows Sandbox vs. a traditional VM](images/2-dynamic-working.png)
 
 ### Memory sharing
 
-Since Windows Sandbox runs the same operating system image as the host, it has been enhanced to use the same physical memory pages as the host for operating system binaries via a technology referred to as “direct map”. For example, when ntdll.dll is loaded into memory in the Sandbox, it uses the same executable pages as those of the binary loaded on the host. Memory sharing between the host and Sandbox results in a smaller memory footprint when compared to traditional VMs without compromising valuable host secrets.
+Becuase Windows Sandbox runs the same operating system image as the host, it has been enhanced to use the same physical memory pages as the host for operating system binaries via a technology referred to as "direct map." For example, when ntdll.dll is loaded into memory in the Sandbox, it uses the same executable pages as those of the binary loaded on the host. Memory sharing between the host and Sandbox results in a smaller memory footprint when compared to traditional VMs without compromising valuable host secrets.
 
-![ALT TEXT](images/3-memory-sharing.png)
+![Chart compares the memory footprint in Windows Sandbox vs. a traditional VM](images/3-memory-sharing.png)
 
 ### Integrated kernel scheduler
 
-With ordinary virtual machines (VMs), Microsoft’s hypervisor controls the scheduling of the virtual processors running in the VMs. However, Windows Sandbox uses a new technology called “integrated scheduling” which allows the host scheduler to decide when the Sandbox receives CPU cycles.
+With ordinary virtual machines, the Microsoft hypervisor controls the scheduling of the virtual processors running in the VMs. Windows Sandbox uses a new technology called "integrated scheduling," which allows the host scheduler to decide when the Sandbox receives CPU cycles.
 
 GRAPHIC 4
-![ALT TEXT](images/4-integrated-kernal.png)
+![Chart compares the scheduling in Windows Sandbox vs. a traditional VM](images/4-integrated-kernal.png)
 
-Windows Sandbox employs a unique scheduling policy that allows the virtual processors of the Sandbox to be scheduled in the same way as threads would be scheduled for a process. High-priority tasks on the host can preempt less important work in the Sandbox. The benefit of using the integrated scheduler is that the host manages Windows Sandbox as a process rather than a virtual machine which results in a much more responsive host, similar to Linux KVM.
+Windows Sandbox employs a unique scheduling policy that allows the virtual processors of the Sandbox to be scheduled in the same way as threads would be scheduled for a process. High-priority tasks on the host can preempt less important work in the Sandbox. The benefit of the integrated scheduler is that the host manages Windows Sandbox as a process rather than a virtual machine, which results in a much more responsive host, similar to Linux KVM.
  
-The goal is to treat the Sandbox like an app but with the security guarantees of a virtual machine. 
+The goal is to treat the Sandbox like an app but with the security guarantees of a virtual machine.
  
 ### Snapshot and clone
 
-As stated above, Windows Sandbox uses Microsoft’s hypervisor. It essentially runs another copy of Windows which needs to be booted, and this can take some time. Rather than paying the full cost of booting the Sandbox operating system every time Windows Sandbox starts, two other technologies are utilized: “snapshot” and “clone.”
+As noted earlier, Windows Sandbox uses the Microsoft hypervisor. It essentially runs another copy of Windows that needs to be booted, and this can take some time. Rather than paying the full cost of booting the Sandbox operating system every time Windows Sandbox starts, two other technologies are utilized: *snapshot* and *clone.*
  
-Snapshot allows us to boot the Sandbox environment once and preserve the memory, CPU, and device state to disk. Then we can restore the Sandbox environment from disk and put it in the memory rather than booting it when we need a new instance of Windows Sandbox. By cloning the in-memory snapshot of Windows Sandbox, start time is significantly improved. 
+Snapshot allows us to boot the Sandbox environment once and preserve the memory, CPU, and device state to disk. Then we can restore the Sandbox environment from disk and put it in  memory rather than booting it when we need a new instance of  Sandbox. By cloning the in-memory snapshot of Windows Sandbox, start time is significantly improved.
  
 ### WDDM GPU virtualization
 
-Hardware accelerated rendering is key to a smooth and responsive user experience, especially for graphics-intense or media-heavy use cases. However, virtual machines are isolated from their hosts and unable to access advanced devices like GPUs. The role of graphics virtualization technologies, therefore, is to bridge this gap and provide hardware acceleration in virtualized environments.
+Hardware-accelerated rendering is key to a smooth and responsive user experience, especially for graphics-intense or media-heavy uses. But virtual machines are isolated from their hosts and unable to access advanced devices like GPUs. The role of graphics virtualization technologies is to bridge this gap and provide hardware acceleration in virtualized environments.
  
-More recently, Microsoft has worked with its graphics ecosystem partners to integrate modern graphics virtualization capabilities directly into DirectX and WDDM, the driver model used by display drivers on Windows.
+Microsoft has been working with its graphics ecosystem partners to integrate modern graphics virtualization capabilities directly into DirectX and WDDM, the driver model that's used for Windows display drivers.
 
 GRAPHIC 5
-![ALT TEXT](images/5-wddm-gpu-virtualization.png)
+![Chart illustrates graphics kernal use in Sandbox managed alongside apps on the host](images/5-wddm-gpu-virtualization.png)
 
 At a high level, this form of graphics virtualization works as follows:
 
@@ -93,117 +92,113 @@ At a high level, this form of graphics virtualization works as follows:
 - Graphics components in the VM, which have been enlightened to support virtualization, coordinate across the VM boundary with the host to execute graphics workloads.
 - The host allocates and schedules graphics resources among apps in the VM alongside the apps running natively. Conceptually, they behave as one pool of graphics clients.
 
-This process is illustrated below:
+This process is illustrated here:
 
-![ALT TEXT](images/6-wddm-gpu-virtualization-2.png)
+![Chart illustrates graphics resource use on the host and guest](images/6-wddm-gpu-virtualization-2.png)
 
-This enables the Windows Sandbox VM to benefit from hardware accelerated rendering, with Windows dynamically allocating graphics resources where they are needed across the host and guest. The result is improved performance and responsiveness for apps running in Windows Sandbox, as well as improved battery life for graphics-heavy use cases.
+This enables the Windows Sandbox VM to benefit from hardware-accelerated rendering, with Windows dynamically allocating graphics resources where they are needed across the host and guest. The result is improved performance and responsiveness for apps running in Windows Sandbox, as well as improved battery life for graphics-heavy use cases.
 
-To take advantage of these benefits, a system with a compatible GPU and graphics drivers (WDDM 2.5 or newer) is required. Incompatible systems will render apps in Windows Sandbox with Microsoft’s CPU-based rendering technology (WARP).
+To take advantage of these benefits, a system with a compatible GPU and graphics drivers (WDDM 2.5 or newer) is required. Incompatible systems will render apps in Windows Sandbox with Microsoft's CPU-based rendering technology (WARP).
  
 ### Battery pass-through
 
-Windows Sandbox is also aware of the host’s battery state, which allows it to optimize power consumption. This is critical for a technology that will be used on laptops, where battery life is often critical to the user.
+Windows Sandbox is also aware of the host's battery state, which allows it to optimize power consumption. This is critical for a technology that's used on laptops, where battery life is often critical.
 
 ## Install Windows Sandbox
 
 ### Prerequisites
  
-- Windows 10 Pro or Enterprise build 18305 or later (Note: Windows Sandbox is currently not supported on Home SKUs)
+- Windows 10 Pro or Enterprise build 18305 or later (*Windows Sandbox is currently not supported on Home SKUs*)
 - AMD64 architecture
 - Virtualization capabilities enabled in BIOS
-- At least 4GB of RAM (8GB recommended)
-- At least 1GB of free disk space (SSD recommended)
+- At least 4 GB of RAM (8 GB recommended)
+- At least 1 GB of free disk space (SSD recommended)
 - At least 2 CPU cores (4 cores with hyperthreading recommended)
 
 ### Installation
 
-1.	Make sure your machine is using a Windows 10 Pro or Enterprise build version 18305 or newer
-2.	Enable virtualization on the machine
-   - If you are using a physical machine, ensure virtualization capabilities are enabled in the BIOS
-   - If you are using a virtual machine, enable nested virtualization with this PowerShell command: Set -VMProcessor -VMName <VMName> -ExposeVirtualizationExtensions $true
-3.	Use the search bar on the task bar and type “Turn Windows Features on and off”. Select Windows Sandbox and click “OK”, restarting the computer if prompted.<br/>
-   a. If the Windows Sandbox option is grayed out, your computer does not currently meet the requirements to run Windows Sandbox. If you believe this to be a mistake, please review the prerequisite list as well as steps 1 and 2.
-4.	Locate Windows Sandbox in the Start Menu, and click to run it for the first time.
+1. Make sure your machine is using a Windows 10 Pro or Enterprise build version 18305 or later.
+2. Enable virtualization on the machine.
+
+   - If you're using a physical machine, make sure virtualization capabilities are enabled in the BIOS.
+   - If you're using a virtual machine, run the following PowerShell command to enable nested virtualization:<br/> **Set -VMProcessor -VMName <VMName> -ExposeVirtualizationExtensions $true**
+1. Use the search bar on the task bar and type **Turn Windows Features on and off**. Select **Windows Sandbox** and then **OK**. Restart the computer if you're prompted.
+
+   - If the **Windows Sandbox** option is unavailable, your computer doesn't meet the requirements to run Windows Sandbox. If you think this is incorrect, review the prerequisite list as well as steps 1 and 2.
+1.    Locate and select **Windows Sandbox** on the Start menu to run it for the first time.
 
 ### Usage 
-1. Copy an executable file (and any other files needed to run the application) from the host into the Sandbox window
-2. 	Run the executable file or installer inside of the Sandbox
-3.  When you are finished experimenting, close Windows Sandbox. A dialog box will appear; by clicking OK, you understand that all Sandbox content will be discarded and permanently deleted.
-4. Confirm that your host machine does not exhibit any of the modifications that you made in Windows Sandbox.
+1. Copy an executable file (and any other files needed to run the application) from the host into the Windows Sandbox window.
+2.    Run the executable file or installer inside  Sandbox.
+3.  When you are finished experimenting, close  Sandbox. A dialog box will state that all Sandbox content will be discarded and permanently deleted. Click **ok**.
+4. Confirm that your host machine doesn't exhibit any of the modifications that you made in Windows Sandbox.
 
 ## Use a .wsb file to configure Windows Sandbox
 
-Windows Sandbox supports simple configuration files (with a .wsb file extension) which provide a minimal set of customization parameters for a Sandbox. This feature can be used with any Windows build numbered 18342 or higher. 
+Windows Sandbox supports simple configuration files (that have a .wsb file extension), which provide a minimal set of customization parameters for Sandbox. This feature can be used with any Windows 10 build numbered 18342 or higher.
 
-Sandbox configuration files are formatted as XML and are associated with Windows Sandbox via the .wsb file extension. To use a configuration file, double click it to open it in Windows Sandbox. It can also be invoked via the command line as shown:<BR/>
-   **C:\Temp> MyConfigFile.wsb** 
+Windows Sandbox configuration files are formatted as XML and are associated with  Sandbox via the .wsb file extension. To use a configuration file, double click it to open it in Sandbox. You can also  invoke it via the command line as shown here:<BR/>
+    **C:\Temp> MyConfigFile.wsb** 
 
  A configuration file allows the user to control the following aspects of Windows Sandbox:
 - **vGPU (virtualized GPU)** 
-<br/>Enable or Disable the virtualized GPU. If vGPU is disabled, Sandbox will use WARP (software rasterizer).
+<br/>Enable or disable the virtualized GPU. If vGPU is disabled, Sandbox will use WARP (software rasterizer).
 - **Networking** 
-<br/>Enable or Disable network access within the Sandbox.
+<br/>Enable or disable network access within the Sandbox.
 - **Mapped folders**
-<br/>Share folders from the host with read or write permissions. Note that exposing host directories may allow malicious software to affect the system or steal data.
-- **Logon Command**
-<br/>A command that will be executed when the Sandbox starts.  <LogonCommand>
-- **Audio Input**
-<br/>Shares the host’s microphone input into the Sandbox.
-- **Video Input**
-  - Shares the host’s webcam input into the Sandbox. 
-- **Protected Client**
-  - Places increased security settings on the RDP session to the Sandbox. 
-- **Printer Redirection**
-  - Shares printers from the host into the Sandbox.
-- **Clipboard Redirection**
-  - Shares the host clipboard with the Sandbox so that text and files may be pasted back and forth. 
+<br/>Share folders from the host with *read* or *write* permissions. Note that exposing host directories may allow malicious software to affect the system or steal data.
+- **Logon command**
+<br/>A command that's executed when Sandbox starts. <LogonCommand>
+- **Audio input**
+<br/>Shares the host's microphone input into Sandbox.
+- **Video input**
+  - Shares the host's webcam input into Sandbox.
+- **Protected client**
+  - Places increased security settings on the RDP session to Sandbox.
+- **Printer redirection**
+  - Shares printers from the host into Sandbox.
+- **Clipboard redirection**
+  - Shares the host clipboard with Sandbox so that text and files can be pasted back and forth.
 - **Memory in MB**
-<br/>The amount of memory, in megabytes, to assign to the Sandbox.
+<br/>The amount of memory, in megabytes, to assign to Sandbox.
 
 ### Keywords, values, and limits
 
-**vGPU**
-
-Enables or disables GPU sharing.
+**vGPU**: Enables or disables GPU sharing.
 
 `<VGpu>value</VGpu>`
 
 Supported values:
-- **Enable**: enables vGPU support in the Sandbox.
-- **Disable**: disables vGPU support in the Sandbox. If this value is set Windows Sandbox will use software rendering, which can be slower than virtualized GPU.
-- **Default** – this is the default value for vGPU support; currently this means vGPU is disabled.
+- *Enable*: Enables vGPU support in Sandbox.
+- *Disable*: Disables vGPU support in Sandbox. If this value is set, Sandbox will use software rendering, which can be slower than virtualized GPU.
+- *Default* This is the default value for vGPU support. Currently this means vGPU is disabled.
 
-> [!NOTE]> Enabling virtualized GPU can potentially increase the attack surface of the Sandbox.
+> [!NOTE]
+> Enabling virtualized GPU can potentially increase the attack surface of Sandbox.
 
-**Networking**
-
-Enables or disables networking in the Sandbox. Disabling network access can be used to decrease the attack surface exposed by the Sandbox.
+**Networking**: Enables or disables networking in Sandbox. You can disable network access to decrease the attack surface exposed by Sandbox.
 
 `<Networking>value</Networking>`
 
 Supported values:
-- *Disable*: Disables networking in the Sandbox.
-- *Default*: This is the default value for networking support. This enables networking by creating a virtual switch on the host, and connects the Sandbox to it via a virtual NIC.
+- *Disable*: Disables networking in Sandbox.
+- *Default*: This is the default value for networking support. This value enables networking by creating a virtual switch on the host and connects Sandbox to it via a virtual NIC.
 
 > [!NOTE]
 > Enabling networking can expose untrusted applications to the internal network.
 
-**MappedFolders**
-
-Wraps a list of MappedFolder objects.
+**MappedFolders**: Wraps a list of MappedFolder objects.
 
 `<MappedFolders>`
     list of MappedFolder objects
 `</MappedFolders>`
 
-> [!NOTE]> Files and folders mapped in from the host can be compromised by apps in the Sandbox or potentially affect the host.
+> [!NOTE]
+> Files and folders mapped in from the host can be compromised by apps in Sandbox or potentially affect the host.
 
-**MappedFolder**
+**MappedFolder**: Specifies a single folder on the host machine that will be shared on the container desktop. Apps in Sandbox are run under the user account *WDAGUtilityAccount*. If no Sandbox path is specified, a folder is mapped to the following path:<br/>`C:\Users\WDAGUtilityAccount\Desktop`
 
-Specifies a single folder on the host machine which will be shared on the container desktop. Apps in the Sandbox are run under the user account “WDAGUtilityAccount”. If no Sandbox path is specified, a folder is mapped to the following path:<br/>`C:\Users\WDAGUtilityAccount\Desktop`
-
-E.g. "C:\Test” will be mapped as “C:\users\WDAGUtilityAccount\Desktop\Test by default.
+Example: "C:\Test" will be mapped as "C:\users\WDAGUtilityAccount\Desktop\Test by default.
 
 ```
 <MappedFolder>
@@ -219,10 +214,10 @@ E.g. "C:\Test” will be mapped as “C:\users\WDAGUtilityAccount\Desktop\Test b
 
 *ReadOnly*: If true, enforces read-only access to the shared folder from within the container. Supported values: true/false. Defaults to false.
 
-> [!NOTE] Files and folders mapped in from the host can be compromised by apps in the Sandbox or potentially affect the host.
+> [!NOTE] 
+> Files and folders mapped in from the host can be compromised by apps in the Sandbox or potentially affect the host.
 
-**LogonCommand**
-Specifies a single command which will be invoked automatically after the Sandbox logs on.
+**LogonCommand**: Specifies a single command that will be invoked automatically after the Sandbox logs on.
 
 ```
 <LogonCommand>
@@ -235,9 +230,9 @@ Specifies a single command which will be invoked automatically after the Sandbox
 > [!NOTE]
 > Although very simple commands will work (launching an executable or script), more complicated scenarios involving multiple steps should be placed into a script file. This script file may be mapped into the container via a shared folder, and then executed via the LogonCommand directive.
 
-**Example 1:**
+**Example 1**
 
-The following config file can be used to easily test downloaded files inside of the Sandbox. To achieve this, the script disables networking and vGPU, and restricts the shared downloads folder to read-only access in the container. For convenience, the logon command opens the downloads folder inside of the container when it is started.
+The following config file can be used to easily test downloaded files inside Sandbox. To achieve this, the script disables networking and vGPU and restricts the shared downloads folder to *read-only* access in the container. For convenience, the logon command opens the downloads folder inside the container when it is started.
 
 *Downloads.wsb*
 
@@ -302,9 +297,9 @@ Enables or disables audio input to the Sandbox.
 `<AudioInput>value</AudioInput>`
 
 Supported values:
-- **Enable**: Enables audio input in the Sandbox. If this value is set, Windows Sandbox will be able to receive audio input from the user. Applications using a microphone may require this setting.
-- **Disable**: Disables audio input in the Sandbox. If this value is set, Windows Sandbox will not be able to receive audio input from the user. Applications using a microphone may not function properly with this setting.
-- **Default**: This is the default value for audio input support; currently this means audio input is enabled.
+- *Enable*: Enables audio input in the Sandbox. If this value is set, Windows Sandbox will be able to receive audio input from the user. Applications using a microphone may require this setting.
+- *Disable*: Disables audio input in the Sandbox. If this value is set, Windows Sandbox will not be able to receive audio input from the user. Applications using a microphone may not function properly with this setting.
+- *Default*: This is the default value for audio input support; currently this means audio input is enabled.
  
 **Video Input**
 
@@ -313,9 +308,9 @@ Enables or disables video input to the Sandbox.
 `<VideoInput>value</VideoInput>`
 
 Supported values:
-- **Enable**: Enables video input in the Sandbox. 
-- **Disable**: Disables video input into the Sandbox. Applications using video input may not function properly in the Sandbox.
-- **Default**: This is the default value for video input support; currently this means video input is disabled. Applications using video input may not function properly in the Sandbox.
+- *Enable*: Enables video input in the Sandbox. 
+- *Disable*: Disables video input into the Sandbox. Applications using video input may not function properly in the Sandbox.
+- *Default*: This is the default value for video input support; currently this means video input is disabled. Applications using video input may not function properly in the Sandbox.
 
 **ProtectedClient**
 
@@ -324,12 +319,12 @@ Places increased security settings on the Sandbox RDP session. These enhanced se
 `<ProtectedClient>value</ProtectedClient>`
 
 Supported values:
-- **Enable**: Runs Windows Sandbox in Protected Client mode. If this value is set, Windows Sandbox will be run with extra security mitigations enabled.
-- **Disable**: Runs Windows Sandbox in standard mode without extra security mitigations.
-- **Default**: This is the default value for Protected Client mode; currently this means Windows Sandbox will not run in Protected Client mode.
+- *Enable*: Runs Windows Sandbox in Protected Client mode. If this value is set, Windows Sandbox will be run with extra security mitigations enabled.
+- *Disable*: Runs Windows Sandbox in standard mode without extra security mitigations.
+- *Default*: This is the default value for Protected Client mode; currently this means Windows Sandbox will not run in Protected Client mode.
 
 > [!NOTE]
-> This setting may restrict the user’s ability to copy/paste files in and out of the Sandbox.
+> This setting may restrict the user's ability to copy/paste files in and out of the Sandbox.
 
 **Printer Redirection**
 
@@ -338,9 +333,9 @@ Enables or disables printer sharing from the host into the Sandbox.
 `<PrinterRedirection>value</PrinterRedirection>`
 
 Supported values:
-- **Enable**: Enables sharing of host printers into the Sandbox.
-- **Disable**: Disables printer redirection in the Sandbox. If this value is set, Windows Sandbox will not be able to view printers from the host.
-- **Default**: This is the default value for printer redirection support; currently this means that printer redirection is disabled.
+- *Enable*: Enables sharing of host printers into the Sandbox.
+- *Disable*: Disables printer redirection in the Sandbox. If this value is set, Windows Sandbox will not be able to view printers from the host.
+- *Default*: This is the default value for printer redirection support; currently this means that printer redirection is disabled.
 
 **Clipboard Redirection**
 
@@ -349,8 +344,8 @@ Enables or disables clipboard sharing with the Sandbox.
 `<ClipboardRedirection>value</ClipboardRedirection>`
 
 Supported values:
-- **Disable**: Disables clipboard redirection in the Sandbox. If this value is set, copy/paste in and out of the Sandbox will be restricted. 
-- **Default**: This is the default value for clipboard redirection; currently this means that copy/paste between the host and Sandbox are permitted. 
+- *Disable*: Disables clipboard redirection in the Sandbox. If this value is set, copy/paste in and out of the Sandbox will be restricted. 
+- *Default*: This is the default value for clipboard redirection; currently this means that copy/paste between the host and Sandbox are permitted. 
 
 **Memory in MB**
 

From ca4d7c1ee9059fd442ba1506ce42954b3464f8dc Mon Sep 17 00:00:00 2001
From: jborsecnik <v-jeffbo@microsoft.com>
Date: Fri, 6 Mar 2020 13:23:31 -0800
Subject: [PATCH 03/30] Update windows-sandbox-overview.md

---
 .../windows-sandbox-overview.md               | 68 ++++++++++---------
 1 file changed, 36 insertions(+), 32 deletions(-)

diff --git a/windows/threat-protection/windows-sandbox/windows-sandbox-overview.md b/windows/threat-protection/windows-sandbox/windows-sandbox-overview.md
index 5d5641f480..7ca96f460a 100644
--- a/windows/threat-protection/windows-sandbox/windows-sandbox-overview.md
+++ b/windows/threat-protection/windows-sandbox/windows-sandbox-overview.md
@@ -232,7 +232,7 @@ Example: "C:\Test" will be mapped as "C:\users\WDAGUtilityAccount\Desktop\Test b
 
 **Example 1**
 
-The following config file can be used to easily test downloaded files inside Sandbox. To achieve this, the script disables networking and vGPU and restricts the shared downloads folder to *read-only* access in the container. For convenience, the logon command opens the downloads folder inside the container when it is started.
+The following config file can be used to easily test downloaded files inside Sandbox. To do this, the script disables networking and vGPU and restricts the shared downloads folder to *read-only* access in the container. For convenience, the logon command opens the downloads folder inside the container when it's started.
 
 *Downloads.wsb*
 
@@ -256,17 +256,17 @@ The following config file can be used to easily test downloaded files inside San
 
 The following config file installs Visual Studio Code in the Sandbox, which requires a slightly more complicated LogonCommand setup.
 
-Two folders are mapped into the Sandbox; the first (SandboxScripts) contains VSCodeInstall.cmd, which will install and run VSCode. The second folder (CodingProjects) is assumed to contain project files that the developer wants to modify using VSCode.
+Two folders are mapped into the Sandbox. The first folder (SandboxScripts) contains VSCodeInstall.cmd, which will install and run Visual Studio Code. The second folder (CodingProjects) is assumed to contain project files that the developer wants to modify by using Visual Studio Code.
 
-With the VSCode installer script already mapped into the Sandbox, the LogonCommand can reference it.
+With the Visual Studio Code installer script already mapped into Sandbox, the LogonCommand can reference it.
 
 *VSCodeInstall.cmd*
 
 ```
-REM Download VSCode
+REM Download Visual Studio Code
 curl -L "https://update.code.visualstudio.com/latest/win32-x64-user/stable" --output C:\users\WDAGUtilityAccount\Desktop\vscode.exe
 
-REM Install and run VSCode
+REM Install and run Visual Studio Code
 C:\users\WDAGUtilityAccount\Desktop\vscode.exe /verysilent /suppressmsgboxes
 ```
 
@@ -290,76 +290,80 @@ VSCode.wsb
 </Configuration>
 ```
 
-**Audio Input**
+**AudioInput**
 
-Enables or disables audio input to the Sandbox.
+Enables or disables audio input to Sandbox.
 
 `<AudioInput>value</AudioInput>`
 
 Supported values:
-- *Enable*: Enables audio input in the Sandbox. If this value is set, Windows Sandbox will be able to receive audio input from the user. Applications using a microphone may require this setting.
-- *Disable*: Disables audio input in the Sandbox. If this value is set, Windows Sandbox will not be able to receive audio input from the user. Applications using a microphone may not function properly with this setting.
-- *Default*: This is the default value for audio input support; currently this means audio input is enabled.
+- *Enable*: Enables audio input in Sandbox. If this value is set, Sandbox will be able to receive audio input from the user. Applications that use a microphone may need this setting.
+- *Disable*: Disables audio input in Sandbox. If this value is set, Sandbox can't receive audio input from the user. Applications that use a microphone may not function properly with this setting.
+- *Default*: This is the default value for audio input support. Currently this means audio input is enabled.
  
-**Video Input**
+**VideoInput**
 
-Enables or disables video input to the Sandbox.
+Enables or disables video input to Sandbox.
 
 `<VideoInput>value</VideoInput>`
 
 Supported values:
-- *Enable*: Enables video input in the Sandbox. 
-- *Disable*: Disables video input into the Sandbox. Applications using video input may not function properly in the Sandbox.
-- *Default*: This is the default value for video input support; currently this means video input is disabled. Applications using video input may not function properly in the Sandbox.
+- *Enable*: Enables video input in Sandbox. 
+- *Disable*: Disables video input in Sandbox. Applications that use video input may not function properly in Sandbox.
+- *Default*: This is the default value for video input support. Currently this means video input is disabled. Applications that use video input may not function properly in Sandbox.
 
 **ProtectedClient**
 
-Places increased security settings on the Sandbox RDP session. These enhanced security mitigations decrease the attack surface of the Sandbox.
+Implements increased-security settings on the Sandbox RDP session. These settings decrease the attack surface of the Sandbox.
 
 `<ProtectedClient>value</ProtectedClient>`
 
 Supported values:
-- *Enable*: Runs Windows Sandbox in Protected Client mode. If this value is set, Windows Sandbox will be run with extra security mitigations enabled.
-- *Disable*: Runs Windows Sandbox in standard mode without extra security mitigations.
-- *Default*: This is the default value for Protected Client mode; currently this means Windows Sandbox will not run in Protected Client mode.
+- *Enable*: Runs Windows Sandbox in Protected Client mode. If this value is set, Sandbox runs with extra security mitigations enabled.
+- *Disable*: Runs Sandbox in standard mode without extra security mitigations.
+- *Default*: This is the default value for Protected Client mode. Currently, Sandbox doesn't run in Protected Client mode under *Default*.
 
 > [!NOTE]
-> This setting may restrict the user's ability to copy/paste files in and out of the Sandbox.
+> This setting may restrict the user's ability to copy/paste files in and out of Sandbox.
 
-**Printer Redirection**
+**PrinterRedirection**
 
 Enables or disables printer sharing from the host into the Sandbox.
 
 `<PrinterRedirection>value</PrinterRedirection>`
 
 Supported values:
-- *Enable*: Enables sharing of host printers into the Sandbox.
-- *Disable*: Disables printer redirection in the Sandbox. If this value is set, Windows Sandbox will not be able to view printers from the host.
-- *Default*: This is the default value for printer redirection support; currently this means that printer redirection is disabled.
+- *Enable*: Enables sharing of host printers into  Sandbox.
+- *Disable*: Disables printer redirection in  Sandbox. If this value is set, Sandbox can't view printers from the host.
+- *Default*: This is the default value for printer redirection support. Currently printer redirection is disabled under *Default*.
 
-**Clipboard Redirection**
+**ClipboardRedirection**
 
 Enables or disables clipboard sharing with the Sandbox.
 
 `<ClipboardRedirection>value</ClipboardRedirection>`
 
 Supported values:
-- *Disable*: Disables clipboard redirection in the Sandbox. If this value is set, copy/paste in and out of the Sandbox will be restricted. 
-- *Default*: This is the default value for clipboard redirection; currently this means that copy/paste between the host and Sandbox are permitted. 
+- *Disable*: Disables clipboard redirection in Sandbox. If this value is set, copy/paste in and out of Sandbox will be restricted. 
+- *Default*: This is the default value for clipboard redirection. Currently copy/paste between the host and Sandbox are permitted under *Default*.
 
-**Memory in MB**
+**MemoryInMB**
 
-Specifies the amount of memory that may be utilized by the Sandbox in megabytes (MB).
+Specifies the amount of memory that Sandbox can use in megabytes (MB).
 
 `<MemoryInMB>value</MemoryInMB>`
 
 Supported values: An integer greater than 2048 (2GB).
 
-[Insert as comment: FAQ (future)
+<!--
 
-[Insert as comment: Release Notes (future?)
+FAQ (future)
+
+Release Notes (future)
 
 EnableVendorExtensions – Paul added new option for Windows Sandbox to enable/disable vGPU vendor extensions. This is as new as 12/2 
 RailMode – allows a user to run programs in Rail mode rather than full desktop. Internal only at this time.
 
-[Insert as comment: Known Issues (future) ]
+Known issues (future)
+
+-->
\ No newline at end of file

From d1ea1a88bf646ff59180df93e2c6ac809c061828 Mon Sep 17 00:00:00 2001
From: jborsecnik <v-jeffbo@microsoft.com>
Date: Mon, 9 Mar 2020 10:54:35 -0700
Subject: [PATCH 04/30] Update windows-sandbox-overview.md

---
 .../windows-sandbox-overview.md               | 146 +++++++++---------
 1 file changed, 74 insertions(+), 72 deletions(-)

diff --git a/windows/threat-protection/windows-sandbox/windows-sandbox-overview.md b/windows/threat-protection/windows-sandbox/windows-sandbox-overview.md
index 7ca96f460a..92294760e8 100644
--- a/windows/threat-protection/windows-sandbox/windows-sandbox-overview.md
+++ b/windows/threat-protection/windows-sandbox/windows-sandbox-overview.md
@@ -17,88 +17,90 @@ ms.reviewer:
 
 ### Overview
 
-Windows Sandbox provides a lightweight desktop environment for safely running applications in isolation. Software that's installed inside the Sandbox environment remains in the "sandboxed" environment and can't affect the host machine. Windows Sandbox is temporary. When it's closed, all the software, files, and state are permanently deleted. You get a brand-new instance of the Sandbox every time you open the application.
+Windows Sandbox provides a lightweight desktop environment for to safely run applications in isolation. Software that's installed inside the Windows Sandbox environment remains in the "sandboxed" environment and can't affect the host machine. A sandbox is temporary. When it's closed, all the software, files, and state are permanently deleted. You get a brand-new instance of the sandbox every time you open the application.
 
-Software and applications installed on the host are not directly available in Windows Sandbox. If you need specific applications available inside the Windows Sandbox environment, they must be explicitly installed within the Sandbox environment.
+Software and applications installed on the host are not directly available in Windows Sandbox. If you need specific applications available inside the Windows Sandbox environment, they must be explicitly installed within the environment.
 
 Windows Sandbox has the following properties:
 - **Part of Windows**: Everything required for this feature is included in Windows 10 Pro and Enterprise. There's no need to download a VHD.
 - **Pristine**: Every time Windows Sandbox runs, it's as clean as a brand-new installation of Windows.
 - **Disposable**: Nothing persists on the device. Everything is discarded when the user closes the application.
-- **Secure**: Uses hardware-based virtualization for kernel isolation, which relies on t    he Microsoft hypervisor to run a separate kernel that isolates Windows Sandbox from the host.
+- **Secure**: Uses hardware-based virtualization for kernel isolation. It relies on the Microsoft hypervisor to run a separate kernel that isolates Windows Sandbox from the host.
 - **Efficient:** Uses integrated kernel scheduler, smart memory management, and virtual GPU.
 
 The following video provides an overview of Windows Sandbox.
 
 [embed Ignite 2019 Sandbox talk video here, link is here: https://myignite.techcommunity.microsoft.com/sessions/79739?source=sessions ]
 
+<!--
+RedTiger ID for embedding video requested 3/10
+-->
+
 ## Architecture
 
 ### Dynamically generated image
 
-At its core, Windows Sandbox is a lightweight virtual machine, so it requires an operating system image to boot from.  But instead of giving the sandbox a separate copy of Windows to boot from, our Dynamic Base Image technology lets us use the copy of Windows that's already installed on the host.
+At its core, Windows Sandbox is a lightweight virtual machine, so it needs an operating system image to boot from. Instead of giving the sandbox a separate copy of Windows to boot from, our Dynamic Base Image technology lets us use the copy of Windows that's already installed on the host.
 
-Most OS files are immutable, and we can freely share these files with Windows Sandbox. A small portion of the Windows files are mutable and we can't be shared. Windows Sandbox contains pristine copies of these files. A full Windows image can be constructed from the sharable immutable files on the host and the pristine copies of mutable files. By using this scheme, Windows Sandbox has a full Windows Installation to boot from without needing to download or store an additional copy of Windows.
+Most OS files are immutable, and we can freely share these files with Windows Sandbox. A small portion of the Windows files are mutable and we can't be shared. Windows Sandbox contains pristine copies of these files. A full Windows image can be constructed from a combination of the sharable immutable files on the host and the pristine copies of mutable files. By using this scheme, Windows Sandbox has a full Windows installation to boot from without needing to download or store an additional copy of Windows.
  
 When Windows Sandbox isn't installed, the dynamic base image is stored in a compressed 25-MB package. Once installed, the dynamic base package occupies about 500 MB of disk space.
 
-![Chart compares dynamic image of files and links with host file system](images/1-dynamic-host.png)
+![Chart compares scale of dynamic image of files and links with the host file system](images/1-dynamic-host.png)
 
 ### Memory management
 
-With traditional virtual machines (VMs) a portion of host memory is dedicated for exclusive use by the VM.  If the host later comes under resource pressure, it can't use the memory dedicated to the VM.  Nor can it provide more memory, if available, to the VM. Windows Sandbox treat memory more similarly to how memory is allocated to applications. All apps on the machine can request the amount of memory that they need. The amount that they get will be a function of what other apps are running and how much memory they need.  The amount of memory available for use by an application can change over time.
+With traditional virtual machines (VMs) a portion of host memory is dedicated for exclusive use by the VM.  If the host later comes under resource pressure, it can't use the memory that was dedicated to the VM.  Nor can it provide more memory, if available, to the VM. Windows Sandbox treats memory more like how memory is allocated to applications. All apps on the machine can request the amount of memory that they need. The amount that they get will be a function of what other apps are running and how much memory they need. And the amount of memory available for use by an application can change over time.
  
 ### Dynamic working set
 
-When using a VM, the user is effectively partitioning their machine. If the host is under memory pressure, it can't use the memory already allocated to the VM. Buy applications in the Sandbox are treated as equal to apps running on the host, so when apps in Sandbox are under memory pressure, you can give more memory to the Sandbox (and the same applies to the host). Guest physical pages provided are virtualized.
+When using a VM, the user is effectively partitioning their machine. If the host is under memory pressure, it can't use the memory already allocated to the VM. But applications in the sandbox are treated as equal to apps running on the host, so when apps in sandbox are under memory pressure, you can give more memory to the sandbox (and the same applies to the host). Guest physical pages provided are virtualized.
 
-![Chart compares memory sharing in Windows Sandbox vs. a traditional VM](images/2-dynamic-working.png)
+![Chart compares memory sharing in Windows Sandbox versus a traditional VM](images/2-dynamic-working.png)
 
 ### Memory sharing
 
-Becuase Windows Sandbox runs the same operating system image as the host, it has been enhanced to use the same physical memory pages as the host for operating system binaries via a technology referred to as "direct map." For example, when ntdll.dll is loaded into memory in the Sandbox, it uses the same executable pages as those of the binary loaded on the host. Memory sharing between the host and Sandbox results in a smaller memory footprint when compared to traditional VMs without compromising valuable host secrets.
+Because Windows Sandbox runs the same operating system image as the host, it has been enhanced to use the same physical memory pages as the host for operating system binaries via a technology referred to as "direct map." For example, when ntdll.dll is loaded into memory in the sandbox, it uses the same executable pages as those of the binary when loaded on the host. Memory sharing between the host and sandbox results in a smaller memory footprint when compared to traditional VMs without compromising valuable host secrets.
 
-![Chart compares the memory footprint in Windows Sandbox vs. a traditional VM](images/3-memory-sharing.png)
+![Chart compares the memory footprint in Windows Sandbox versus a traditional VM](images/3-memory-sharing.png)
 
 ### Integrated kernel scheduler
 
-With ordinary virtual machines, the Microsoft hypervisor controls the scheduling of the virtual processors running in the VMs. Windows Sandbox uses a new technology called "integrated scheduling," which allows the host scheduler to decide when the Sandbox receives CPU cycles.
+With ordinary virtual machines, the Microsoft hypervisor controls the scheduling of the virtual processors running in the VMs. Windows Sandbox uses a new technology called "integrated scheduling," which allows the host scheduler to decide when the sandbox receives CPU cycles.
 
-GRAPHIC 4
-![Chart compares the scheduling in Windows Sandbox vs. a traditional VM](images/4-integrated-kernal.png)
+![Chart compares the scheduling in Windows Sandbox vervus a traditional VM](images/4-integrated-kernal.png)
 
-Windows Sandbox employs a unique scheduling policy that allows the virtual processors of the Sandbox to be scheduled in the same way as threads would be scheduled for a process. High-priority tasks on the host can preempt less important work in the Sandbox. The benefit of the integrated scheduler is that the host manages Windows Sandbox as a process rather than a virtual machine, which results in a much more responsive host, similar to Linux KVM.
+Windows Sandbox employs a unique scheduling policy that allows the virtual processors of the sandbox to be scheduled in the same way as threads would be scheduled for a process. High-priority tasks on the host can preempt less important work in the sandbox. The benefit of the integrated scheduler is that the host manages Windows Sandbox as a process rather than a virtual machine, which results in a much more responsive host, similar to Linux KVM.
  
-The goal is to treat the Sandbox like an app but with the security guarantees of a virtual machine.
+The goal is to treat Windows Sandbox like an app but with the security guarantees of a virtual machine.
  
 ### Snapshot and clone
 
-As noted earlier, Windows Sandbox uses the Microsoft hypervisor. It essentially runs another copy of Windows that needs to be booted, and this can take some time. Rather than paying the full cost of booting the Sandbox operating system every time Windows Sandbox starts, two other technologies are utilized: *snapshot* and *clone.*
+As noted earlier, Windows Sandbox uses the Microsoft hypervisor. It essentially runs another copy of Windows that needs to be booted, and this can take some time. Rather than paying the full cost of booting the Windows Sandbox operating system every time Sandbox starts, two other technologies are utilized: *snapshot* and *clone.*
  
-Snapshot allows us to boot the Sandbox environment once and preserve the memory, CPU, and device state to disk. Then we can restore the Sandbox environment from disk and put it in  memory rather than booting it when we need a new instance of  Sandbox. By cloning the in-memory snapshot of Windows Sandbox, start time is significantly improved.
+*Snapshot*  allows us to boot the sandbox environment once and preserve the memory, CPU, and device state to disk. Then we can restore the sandbox environment from disk and put it in memory rather than booting it when we need a new instance of  Windows Sandbox. By cloning the in-memory snapshot of Windows Sandbox, start time is significantly improved.
  
 ### WDDM GPU virtualization
 
-Hardware-accelerated rendering is key to a smooth and responsive user experience, especially for graphics-intense or media-heavy uses. But virtual machines are isolated from their hosts and unable to access advanced devices like GPUs. The role of graphics virtualization technologies is to bridge this gap and provide hardware acceleration in virtualized environments.
+Hardware-accelerated rendering is key to a smooth and responsive user experience, especially for graphics-intense or media-heavy uses. But virtual machines are isolated from their hosts and can't access advanced devices like GPUs. The role of graphics virtualization technologies is to bridge this gap and provide hardware acceleration in virtualized environments.
  
 Microsoft has been working with its graphics ecosystem partners to integrate modern graphics virtualization capabilities directly into DirectX and WDDM, the driver model that's used for Windows display drivers.
 
-GRAPHIC 5
 ![Chart illustrates graphics kernal use in Sandbox managed alongside apps on the host](images/5-wddm-gpu-virtualization.png)
 
 At a high level, this form of graphics virtualization works as follows:
 
 - Apps running in a Hyper-V VM use graphics APIs as normal.
 - Graphics components in the VM, which have been enlightened to support virtualization, coordinate across the VM boundary with the host to execute graphics workloads.
-- The host allocates and schedules graphics resources among apps in the VM alongside the apps running natively. Conceptually, they behave as one pool of graphics clients.
+- The host allocates and schedules graphics resources among apps in the VM alongside the apps that are running natively. Conceptually, they behave as one pool of graphics clients.
 
 This process is illustrated here:
 
 ![Chart illustrates graphics resource use on the host and guest](images/6-wddm-gpu-virtualization-2.png)
 
-This enables the Windows Sandbox VM to benefit from hardware-accelerated rendering, with Windows dynamically allocating graphics resources where they are needed across the host and guest. The result is improved performance and responsiveness for apps running in Windows Sandbox, as well as improved battery life for graphics-heavy use cases.
+This enables the Windows Sandbox VM to benefit from hardware-accelerated rendering, with Windows dynamically allocating graphics resources where they are needed across the host and guest. The result is improved performance and responsiveness for apps running in Windows Sandbox, as well as improved battery life for graphics-heavy uses.
 
-To take advantage of these benefits, a system with a compatible GPU and graphics drivers (WDDM 2.5 or newer) is required. Incompatible systems will render apps in Windows Sandbox with Microsoft's CPU-based rendering technology (WARP).
+To take advantage of these benefits, a system with a compatible GPU and graphics drivers (WDDM 2.5 or newer) is required. Incompatible systems will render apps in Windows Sandbox with the Microsoft CPU-based rendering technology, Windows Advanced Rasterization Platform (WARP).
  
 ### Battery pass-through
 
@@ -118,49 +120,49 @@ Windows Sandbox is also aware of the host's battery state, which allows it to op
 ### Installation
 
 1. Make sure your machine is using a Windows 10 Pro or Enterprise build version 18305 or later.
-2. Enable virtualization on the machine.
+1. Enable virtualization on the machine.
 
    - If you're using a physical machine, make sure virtualization capabilities are enabled in the BIOS.
    - If you're using a virtual machine, run the following PowerShell command to enable nested virtualization:<br/> **Set -VMProcessor -VMName <VMName> -ExposeVirtualizationExtensions $true**
 1. Use the search bar on the task bar and type **Turn Windows Features on and off**. Select **Windows Sandbox** and then **OK**. Restart the computer if you're prompted.
 
    - If the **Windows Sandbox** option is unavailable, your computer doesn't meet the requirements to run Windows Sandbox. If you think this is incorrect, review the prerequisite list as well as steps 1 and 2.
-1.    Locate and select **Windows Sandbox** on the Start menu to run it for the first time.
+1.   Locate and select **Windows Sandbox** on the Start menu to run it for the first time.
 
 ### Usage 
 1. Copy an executable file (and any other files needed to run the application) from the host into the Windows Sandbox window.
-2.    Run the executable file or installer inside  Sandbox.
-3.  When you are finished experimenting, close  Sandbox. A dialog box will state that all Sandbox content will be discarded and permanently deleted. Click **ok**.
+2. Run the executable file or installer inside the sandbox.
+3.  When you're finished experimenting, close the sandbox. A dialog box will state that all sthe sandbox content will be discarded and permanently deleted. Select **ok**.
 4. Confirm that your host machine doesn't exhibit any of the modifications that you made in Windows Sandbox.
 
 ## Use a .wsb file to configure Windows Sandbox
 
-Windows Sandbox supports simple configuration files (that have a .wsb file extension), which provide a minimal set of customization parameters for Sandbox. This feature can be used with any Windows 10 build numbered 18342 or higher.
+Windows Sandbox supports simple configuration files (that have a .wsb file extension), which provide a minimal set of customization parameters for Sandbox. This feature can be used with any Windows 10 build 18342 or later.
 
-Windows Sandbox configuration files are formatted as XML and are associated with  Sandbox via the .wsb file extension. To use a configuration file, double click it to open it in Sandbox. You can also  invoke it via the command line as shown here:<BR/>
+Windows Sandbox configuration files are formatted as XML and are associated with Sandbox via the .wsb file extension. To use a configuration file, double-click it to open it in the sandbox. You can also invoke it via the command line as shown here:<BR/>
     **C:\Temp> MyConfigFile.wsb** 
 
- A configuration file allows the user to control the following aspects of Windows Sandbox:
+ A configuration file enables the user to control the following aspects of Windows Sandbox:
 - **vGPU (virtualized GPU)** 
-<br/>Enable or disable the virtualized GPU. If vGPU is disabled, Sandbox will use WARP (software rasterizer).
+<br/>Enable or disable the virtualized GPU. If vGPU is disabled, the sandbox will use WARP (software rasterizer).
 - **Networking** 
-<br/>Enable or disable network access within the Sandbox.
+<br/>Enable or disable network access within the sandbox.
 - **Mapped folders**
 <br/>Share folders from the host with *read* or *write* permissions. Note that exposing host directories may allow malicious software to affect the system or steal data.
 - **Logon command**
-<br/>A command that's executed when Sandbox starts. <LogonCommand>
+<br/>A command that's executed when Windows Sandbox starts. <LogonCommand>
 - **Audio input**
-<br/>Shares the host's microphone input into Sandbox.
+<br/>Shares the host's microphone input into the andbox.
 - **Video input**
-  - Shares the host's webcam input into Sandbox.
+  - Shares the host's webcam input into the sandbox.
 - **Protected client**
-  - Places increased security settings on the RDP session to Sandbox.
+  - Places increased security settings on the RDP session to the sandbox.
 - **Printer redirection**
-  - Shares printers from the host into Sandbox.
+  - Shares printers from the host into the sandbox.
 - **Clipboard redirection**
-  - Shares the host clipboard with Sandbox so that text and files can be pasted back and forth.
+  - Shares the host clipboard with the sandbox so that text and files can be pasted back and forth.
 - **Memory in MB**
-<br/>The amount of memory, in megabytes, to assign to Sandbox.
+<br/>The amount of memory, in megabytes, to assign to the sandbox.
 
 ### Keywords, values, and limits
 
@@ -169,20 +171,20 @@ Windows Sandbox configuration files are formatted as XML and are associated with
 `<VGpu>value</VGpu>`
 
 Supported values:
-- *Enable*: Enables vGPU support in Sandbox.
-- *Disable*: Disables vGPU support in Sandbox. If this value is set, Sandbox will use software rendering, which can be slower than virtualized GPU.
+- *Enable*: Enables vGPU support in the sandbox.
+- *Disable*: Disables vGPU support in the sandbox. If this value is set, the sandbox will use software rendering, which can be slower than virtualized GPU.
 - *Default* This is the default value for vGPU support. Currently this means vGPU is disabled.
 
 > [!NOTE]
-> Enabling virtualized GPU can potentially increase the attack surface of Sandbox.
+> Enabling virtualized GPU can potentially increase the attack surface of the sandbox.
 
-**Networking**: Enables or disables networking in Sandbox. You can disable network access to decrease the attack surface exposed by Sandbox.
+**Networking**: Enables or disables networking in the sandbox. You can disable network access to decrease the attack surface exposed by the sandbox.
 
 `<Networking>value</Networking>`
 
 Supported values:
-- *Disable*: Disables networking in Sandbox.
-- *Default*: This is the default value for networking support. This value enables networking by creating a virtual switch on the host and connects Sandbox to it via a virtual NIC.
+- *Disable*: Disables networking in the sandbox.
+- *Default*: This is the default value for networking support. This value enables networking by creating a virtual switch on the host and connects the sandbox to it via a virtual NIC.
 
 > [!NOTE]
 > Enabling networking can expose untrusted applications to the internal network.
@@ -194,9 +196,9 @@ Supported values:
 `</MappedFolders>`
 
 > [!NOTE]
-> Files and folders mapped in from the host can be compromised by apps in Sandbox or potentially affect the host.
+> Files and folders mapped in from the host can be compromised by apps in the sandbox or potentially affect the host.
 
-**MappedFolder**: Specifies a single folder on the host machine that will be shared on the container desktop. Apps in Sandbox are run under the user account *WDAGUtilityAccount*. If no Sandbox path is specified, a folder is mapped to the following path:<br/>`C:\Users\WDAGUtilityAccount\Desktop`
+**MappedFolder**: Specifies a single folder on the host machine that will be shared on the container desktop. Apps in the sandbox are run under the user account *WDAGUtilityAccount*. If no sandbox path is specified, a folder is mapped to the following path:<br/>`C:\Users\WDAGUtilityAccount\Desktop`
 
 Example: "C:\Test" will be mapped as "C:\users\WDAGUtilityAccount\Desktop\Test by default.
 
@@ -208,16 +210,16 @@ Example: "C:\Test" will be mapped as "C:\users\WDAGUtilityAccount\Desktop\Test b
 </MappedFolder>
 ```
 
-*HostFolder*: Specifies the folder on the host machine to share to the Sandbox. Note that the folder must already exist on the host or the container will fail to start if the folder is not found.
+*HostFolder*: Specifies the folder on the host machine to share to the sandbox. Note that the folder must already exist on the host, or the container will fail to start if the folder isn't found.
 
-*SandboxFolder*: Specifies the destination in the Sandbox to map the folder to. If the folder does not exist, it will be created.
+*SandboxFolder*: Specifies the destination in the Sandbox to map the folder to. If the folder doesn't exist, it will be created.
 
-*ReadOnly*: If true, enforces read-only access to the shared folder from within the container. Supported values: true/false. Defaults to false.
+*ReadOnly*: If *true*, enforces *read-only* access to the shared folder from within the container. Supported values: true/false. Defaults to false.
 
 > [!NOTE] 
-> Files and folders mapped in from the host can be compromised by apps in the Sandbox or potentially affect the host.
+> Files and folders mapped in from the host can be compromised by apps in the sandbox or potentially affect the host.
 
-**LogonCommand**: Specifies a single command that will be invoked automatically after the Sandbox logs on.
+**LogonCommand**: Specifies a single command that will be invoked automatically after the sandbox logs on.
 
 ```
 <LogonCommand>
@@ -228,11 +230,11 @@ Example: "C:\Test" will be mapped as "C:\users\WDAGUtilityAccount\Desktop\Test b
 *Command*: A path to an executable or script inside of the container that will be executed after login.
 
 > [!NOTE]
-> Although very simple commands will work (launching an executable or script), more complicated scenarios involving multiple steps should be placed into a script file. This script file may be mapped into the container via a shared folder, and then executed via the LogonCommand directive.
+> Although very simple commands work (such as launching an executable or script), more-complicated scenarios that have multiple steps should be placed in a script file. This script file can be mapped to the container via a shared folder and then executed via the *LogonCommand* directive.
 
 **Example 1**
 
-The following config file can be used to easily test downloaded files inside Sandbox. To do this, the script disables networking and vGPU and restricts the shared downloads folder to *read-only* access in the container. For convenience, the logon command opens the downloads folder inside the container when it's started.
+The following config file can be used to easily test downloaded files inside the sandbox. To do this, the script disables networking and vGPU and restricts the shared downloads folder to *read-only* access in the container. For convenience, the logon command opens the downloads folder inside the container when it's started.
 
 *Downloads.wsb*
 
@@ -254,11 +256,11 @@ The following config file can be used to easily test downloaded files inside San
 
 **Example 2**
 
-The following config file installs Visual Studio Code in the Sandbox, which requires a slightly more complicated LogonCommand setup.
+The following config file installs Visual Studio Code in the sandbox, which requires a slightly more complicated LogonCommand setup.
 
-Two folders are mapped into the Sandbox. The first folder (SandboxScripts) contains VSCodeInstall.cmd, which will install and run Visual Studio Code. The second folder (CodingProjects) is assumed to contain project files that the developer wants to modify by using Visual Studio Code.
+Two folders are mapped into the sandbox. The first folder (SandboxScripts) contains VSCodeInstall.cmd, which installs and runs Visual Studio Code. The second folder (CodingProjects) is assumed to contain project files that the developer wants to modify by using Visual Studio Code.
 
-With the Visual Studio Code installer script already mapped into Sandbox, the LogonCommand can reference it.
+With the Visual Studio Code installer script already mapped into the sandbox, the LogonCommand can reference it.
 
 *VSCodeInstall.cmd*
 
@@ -303,43 +305,43 @@ Supported values:
  
 **VideoInput**
 
-Enables or disables video input to Sandbox.
+Enables or disables video input to the sandbox.
 
 `<VideoInput>value</VideoInput>`
 
 Supported values:
-- *Enable*: Enables video input in Sandbox. 
-- *Disable*: Disables video input in Sandbox. Applications that use video input may not function properly in Sandbox.
-- *Default*: This is the default value for video input support. Currently this means video input is disabled. Applications that use video input may not function properly in Sandbox.
+- *Enable*: Enables video input in the sandbox. 
+- *Disable*: Disables video input in the sandbox. Applications that use video input may not function properly in Windows Sandbox.
+- *Default*: This is the default value for video input support. Currently this means video input is disabled. Applications that use video input may not function properly in Windows Sandbox.
 
 **ProtectedClient**
 
-Implements increased-security settings on the Sandbox RDP session. These settings decrease the attack surface of the Sandbox.
+Implements increased-security settings on the sandbox RDP session. These settings decrease the attack surface of the sandbox.
 
 `<ProtectedClient>value</ProtectedClient>`
 
 Supported values:
-- *Enable*: Runs Windows Sandbox in Protected Client mode. If this value is set, Sandbox runs with extra security mitigations enabled.
-- *Disable*: Runs Sandbox in standard mode without extra security mitigations.
-- *Default*: This is the default value for Protected Client mode. Currently, Sandbox doesn't run in Protected Client mode under *Default*.
+- *Enable*: Runs Windows Sandbox in Protected Client mode. If this value is set, the sandbox runs with extra security mitigations enabled.
+- *Disable*: Runs the sandbox in standard mode without extra security mitigations.
+- *Default*: This is the default value for Protected Client mode. Currently, this means the sandbox doesn't run in Protected Client mode.
 
 > [!NOTE]
-> This setting may restrict the user's ability to copy/paste files in and out of Sandbox.
+> This setting may restrict the user's ability to copy/paste files in and out of the sandbox.
 
 **PrinterRedirection**
 
-Enables or disables printer sharing from the host into the Sandbox.
+Enables or disables printer sharing from the host into the sandbox.
 
 `<PrinterRedirection>value</PrinterRedirection>`
 
 Supported values:
-- *Enable*: Enables sharing of host printers into  Sandbox.
-- *Disable*: Disables printer redirection in  Sandbox. If this value is set, Sandbox can't view printers from the host.
-- *Default*: This is the default value for printer redirection support. Currently printer redirection is disabled under *Default*.
+- *Enable*: Enables sharing of host printers into the sandbox.
+- *Disable*: Disables printer redirection in the sandbox. If this value is set, the sandbox can't view printers from the host.
+- *Default*: This is the default value for printer redirection support. Currently this means printer redirection is disabled.
 
 **ClipboardRedirection**
 
-Enables or disables clipboard sharing with the Sandbox.
+Enables or disables clipboard sharing with the sandbox.
 
 `<ClipboardRedirection>value</ClipboardRedirection>`
 
@@ -349,7 +351,7 @@ Supported values:
 
 **MemoryInMB**
 
-Specifies the amount of memory that Sandbox can use in megabytes (MB).
+Specifies the amount of memory that the sandbox can use in megabytes (MB).
 
 `<MemoryInMB>value</MemoryInMB>`
 

From 083e62c0970125a2a55d8cc70f0a327bf0711b46 Mon Sep 17 00:00:00 2001
From: jborsecnik <v-jeffbo@microsoft.com>
Date: Mon, 9 Mar 2020 11:15:14 -0700
Subject: [PATCH 05/30] Update windows-sandbox-overview.md

---
 .../windows-sandbox/windows-sandbox-overview.md        | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/threat-protection/windows-sandbox/windows-sandbox-overview.md b/windows/threat-protection/windows-sandbox/windows-sandbox-overview.md
index 92294760e8..c87b5553f9 100644
--- a/windows/threat-protection/windows-sandbox/windows-sandbox-overview.md
+++ b/windows/threat-protection/windows-sandbox/windows-sandbox-overview.md
@@ -19,7 +19,7 @@ ms.reviewer:
 
 Windows Sandbox provides a lightweight desktop environment for to safely run applications in isolation. Software that's installed inside the Windows Sandbox environment remains in the "sandboxed" environment and can't affect the host machine. A sandbox is temporary. When it's closed, all the software, files, and state are permanently deleted. You get a brand-new instance of the sandbox every time you open the application.
 
-Software and applications installed on the host are not directly available in Windows Sandbox. If you need specific applications available inside the Windows Sandbox environment, they must be explicitly installed within the environment.
+Software and applications installed on the host aren't directly available in Windows Sandbox. If you need specific applications available inside the Windows Sandbox environment, they must be explicitly installed within the environment.
 
 Windows Sandbox has the following properties:
 - **Part of Windows**: Everything required for this feature is included in Windows 10 Pro and Enterprise. There's no need to download a VHD.
@@ -42,7 +42,7 @@ RedTiger ID for embedding video requested 3/10
 
 At its core, Windows Sandbox is a lightweight virtual machine, so it needs an operating system image to boot from. Instead of giving the sandbox a separate copy of Windows to boot from, our Dynamic Base Image technology lets us use the copy of Windows that's already installed on the host.
 
-Most OS files are immutable, and we can freely share these files with Windows Sandbox. A small portion of the Windows files are mutable and we can't be shared. Windows Sandbox contains pristine copies of these files. A full Windows image can be constructed from a combination of the sharable immutable files on the host and the pristine copies of mutable files. By using this scheme, Windows Sandbox has a full Windows installation to boot from without needing to download or store an additional copy of Windows.
+Most OS files are immutable, and we can freely share these files with Windows Sandbox. A small portion of the Windows files is mutable and we can't be shared. Windows Sandbox contains pristine copies of these files. A complete Windows image can be constructed from a combination of the sharable immutable files on the host and the pristine copies of mutable files. By using this scheme, Windows Sandbox has a full Windows installation to boot from without needing to download or store an additional copy of Windows.
  
 When Windows Sandbox isn't installed, the dynamic base image is stored in a compressed 25-MB package. Once installed, the dynamic base package occupies about 500 MB of disk space.
 
@@ -68,7 +68,7 @@ Because Windows Sandbox runs the same operating system image as the host, it has
 
 With ordinary virtual machines, the Microsoft hypervisor controls the scheduling of the virtual processors running in the VMs. Windows Sandbox uses a new technology called "integrated scheduling," which allows the host scheduler to decide when the sandbox receives CPU cycles.
 
-![Chart compares the scheduling in Windows Sandbox vervus a traditional VM](images/4-integrated-kernal.png)
+![Chart compares the scheduling in Windows Sandbox versus a traditional VM](images/4-integrated-kernal.png)
 
 Windows Sandbox employs a unique scheduling policy that allows the virtual processors of the sandbox to be scheduled in the same way as threads would be scheduled for a process. High-priority tasks on the host can preempt less important work in the sandbox. The benefit of the integrated scheduler is that the host manages Windows Sandbox as a process rather than a virtual machine, which results in a much more responsive host, similar to Linux KVM.
  
@@ -78,11 +78,11 @@ The goal is to treat Windows Sandbox like an app but with the security guarantee
 
 As noted earlier, Windows Sandbox uses the Microsoft hypervisor. It essentially runs another copy of Windows that needs to be booted, and this can take some time. Rather than paying the full cost of booting the Windows Sandbox operating system every time Sandbox starts, two other technologies are utilized: *snapshot* and *clone.*
  
-*Snapshot*  allows us to boot the sandbox environment once and preserve the memory, CPU, and device state to disk. Then we can restore the sandbox environment from disk and put it in memory rather than booting it when we need a new instance of  Windows Sandbox. By cloning the in-memory snapshot of Windows Sandbox, start time is significantly improved.
+*Snapshot*  allows us to boot the sandbox environment once and preserve the memory, CPU, and device state to disk. Then we can restore the sandbox environment from disk and put it in memory, rather than booting it when we need a new instance of  Windows Sandbox. By cloning the in-memory snapshot of Windows Sandbox, start time is significantly improved.
  
 ### WDDM GPU virtualization
 
-Hardware-accelerated rendering is key to a smooth and responsive user experience, especially for graphics-intense or media-heavy uses. But virtual machines are isolated from their hosts and can't access advanced devices like GPUs. The role of graphics virtualization technologies is to bridge this gap and provide hardware acceleration in virtualized environments.
+Hardware-accelerated rendering is key to a smooth and responsive user experience, especially for graphics-intense, or media-heavy uses. But virtual machines are isolated from their hosts and can't access advanced devices like GPUs. The role of graphics virtualization technologies is to bridge this gap and provide hardware acceleration in virtualized environments.
  
 Microsoft has been working with its graphics ecosystem partners to integrate modern graphics virtualization capabilities directly into DirectX and WDDM, the driver model that's used for Windows display drivers.
 

From ef565979b08b074094d9e59ec61323d970cab20d Mon Sep 17 00:00:00 2001
From: jborsecnik <v-jeffbo@microsoft.com>
Date: Mon, 9 Mar 2020 11:44:07 -0700
Subject: [PATCH 06/30] Update windows-sandbox-overview.md

---
 .../windows-sandbox/windows-sandbox-overview.md   | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/windows/threat-protection/windows-sandbox/windows-sandbox-overview.md b/windows/threat-protection/windows-sandbox/windows-sandbox-overview.md
index c87b5553f9..890bbcbb8e 100644
--- a/windows/threat-protection/windows-sandbox/windows-sandbox-overview.md
+++ b/windows/threat-protection/windows-sandbox/windows-sandbox-overview.md
@@ -17,7 +17,7 @@ ms.reviewer:
 
 ### Overview
 
-Windows Sandbox provides a lightweight desktop environment for to safely run applications in isolation. Software that's installed inside the Windows Sandbox environment remains in the "sandboxed" environment and can't affect the host machine. A sandbox is temporary. When it's closed, all the software, files, and state are permanently deleted. You get a brand-new instance of the sandbox every time you open the application.
+Windows Sandbox provides a lightweight desktop environment to safely run applications in isolation. Software that's installed inside the Windows Sandbox environment remains in the "sandboxed" and can't affect the host machine. A sandbox is temporary. When it's closed, all the software and files and the state are permanently deleted. You get a brand-new instance of the sandbox every time you open the application.
 
 Software and applications installed on the host aren't directly available in Windows Sandbox. If you need specific applications available inside the Windows Sandbox environment, they must be explicitly installed within the environment.
 
@@ -26,14 +26,15 @@ Windows Sandbox has the following properties:
 - **Pristine**: Every time Windows Sandbox runs, it's as clean as a brand-new installation of Windows.
 - **Disposable**: Nothing persists on the device. Everything is discarded when the user closes the application.
 - **Secure**: Uses hardware-based virtualization for kernel isolation. It relies on the Microsoft hypervisor to run a separate kernel that isolates Windows Sandbox from the host.
-- **Efficient:** Uses integrated kernel scheduler, smart memory management, and virtual GPU.
+- **Efficient:** Uses the integrated kernel scheduler, smart memory management, and virtual GPU.
 
 The following video provides an overview of Windows Sandbox.
 
 [embed Ignite 2019 Sandbox talk video here, link is here: https://myignite.techcommunity.microsoft.com/sessions/79739?source=sessions ]
 
+[!VIDEO https://www.microsoft.com/videoplayer/embed/***XXXXXX***]  
 <!--
-RedTiger ID for embedding video requested 3/10
+RedTiger ID for embedding video requested 3/10 - Open WorkItem 25505527
 -->
 
 ## Architecture
@@ -42,11 +43,11 @@ RedTiger ID for embedding video requested 3/10
 
 At its core, Windows Sandbox is a lightweight virtual machine, so it needs an operating system image to boot from. Instead of giving the sandbox a separate copy of Windows to boot from, our Dynamic Base Image technology lets us use the copy of Windows that's already installed on the host.
 
-Most OS files are immutable, and we can freely share these files with Windows Sandbox. A small portion of the Windows files is mutable and we can't be shared. Windows Sandbox contains pristine copies of these files. A complete Windows image can be constructed from a combination of the sharable immutable files on the host and the pristine copies of mutable files. By using this scheme, Windows Sandbox has a full Windows installation to boot from without needing to download or store an additional copy of Windows.
+Most OS files are immutable and can be freely shared with Windows Sandbox. A small portion of the OS file are mutable and we can't be shared. Windows Sandbox contains pristine copies of these files. A complete Windows image can be constructed from a combination of the sharable immutable files on the host and the pristine copies of mutable files. By using this scheme, Windows Sandbox has a full Windows installation to boot from without needing to download or store an additional copy of Windows.
  
-When Windows Sandbox isn't installed, the dynamic base image is stored in a compressed 25-MB package. Once installed, the dynamic base package occupies about 500 MB of disk space.
+Before Windows Sandbox is installed, the dynamic base image is stored in a compressed 25-MB package. Once it's installed, the dynamic base package occupies about 500 MB of disk space.
 
-![Chart compares scale of dynamic image of files and links with the host file system](images/1-dynamic-host.png)
+![A chart compares scale of dynamic image of files and links with the host file system.](images/1-dynamic-host.png)
 
 ### Memory management
 
@@ -56,7 +57,7 @@ With traditional virtual machines (VMs) a portion of host memory is dedicated fo
 
 When using a VM, the user is effectively partitioning their machine. If the host is under memory pressure, it can't use the memory already allocated to the VM. But applications in the sandbox are treated as equal to apps running on the host, so when apps in sandbox are under memory pressure, you can give more memory to the sandbox (and the same applies to the host). Guest physical pages provided are virtualized.
 
-![Chart compares memory sharing in Windows Sandbox versus a traditional VM](images/2-dynamic-working.png)
+![A chart compares memory sharing in Windows Sandbox versus a traditional VM.](images/2-dynamic-working.png)
 
 ### Memory sharing
 

From 522edc7951b705854b51dcf194c1e08f6653efea Mon Sep 17 00:00:00 2001
From: jborsecnik <v-jeffbo@microsoft.com>
Date: Mon, 9 Mar 2020 14:41:01 -0700
Subject: [PATCH 07/30] Update windows-sandbox-overview.md

---
 .../windows-sandbox-overview.md               | 28 +++++++++----------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/windows/threat-protection/windows-sandbox/windows-sandbox-overview.md b/windows/threat-protection/windows-sandbox/windows-sandbox-overview.md
index 890bbcbb8e..b9913ac4f5 100644
--- a/windows/threat-protection/windows-sandbox/windows-sandbox-overview.md
+++ b/windows/threat-protection/windows-sandbox/windows-sandbox-overview.md
@@ -61,15 +61,15 @@ When using a VM, the user is effectively partitioning their machine. If the host
 
 ### Memory sharing
 
-Because Windows Sandbox runs the same operating system image as the host, it has been enhanced to use the same physical memory pages as the host for operating system binaries via a technology referred to as "direct map." For example, when ntdll.dll is loaded into memory in the sandbox, it uses the same executable pages as those of the binary when loaded on the host. Memory sharing between the host and sandbox results in a smaller memory footprint when compared to traditional VMs without compromising valuable host secrets.
+Because Windows Sandbox runs the same operating system image as the host, it has been enhanced to use the same physical memory pages as the host for operating system binaries via a technology referred to as "direct map." For example, when *ntdll.dll* is loaded into memory in the sandbox, it uses the same executable pages as those of the binary when loaded on the host. Memory sharing between the host and sandbox results in a smaller memory footprint when compared to traditional VMs without compromising valuable host secrets.
 
-![Chart compares the memory footprint in Windows Sandbox versus a traditional VM](images/3-memory-sharing.png)
+![A chart compares the memory footprint in Windows Sandbox versus a traditional VM.](images/3-memory-sharing.png)
 
 ### Integrated kernel scheduler
 
-With ordinary virtual machines, the Microsoft hypervisor controls the scheduling of the virtual processors running in the VMs. Windows Sandbox uses a new technology called "integrated scheduling," which allows the host scheduler to decide when the sandbox receives CPU cycles.
+With ordinary virtual machines, the Microsoft hypervisor controls the scheduling of the virtual processors running in the VMs. Windows Sandbox uses a new technology called "integrated scheduling," which allows the host scheduler to decide when the sandbox gets CPU cycles.
 
-![Chart compares the scheduling in Windows Sandbox versus a traditional VM](images/4-integrated-kernal.png)
+![A chart compares the scheduling in Windows Sandbox versus a traditional VM.](images/4-integrated-kernal.png)
 
 Windows Sandbox employs a unique scheduling policy that allows the virtual processors of the sandbox to be scheduled in the same way as threads would be scheduled for a process. High-priority tasks on the host can preempt less important work in the sandbox. The benefit of the integrated scheduler is that the host manages Windows Sandbox as a process rather than a virtual machine, which results in a much more responsive host, similar to Linux KVM.
  
@@ -77,17 +77,17 @@ The goal is to treat Windows Sandbox like an app but with the security guarantee
  
 ### Snapshot and clone
 
-As noted earlier, Windows Sandbox uses the Microsoft hypervisor. It essentially runs another copy of Windows that needs to be booted, and this can take some time. Rather than paying the full cost of booting the Windows Sandbox operating system every time Sandbox starts, two other technologies are utilized: *snapshot* and *clone.*
+As we noted earlier, Windows Sandbox uses the Microsoft hypervisor. It essentially runs another copy of Windows that needs to be booted, and this can take some time. Rather than paying the full cost of booting the Windows Sandbox operating system every time Sandbox starts, two other technologies are utilized: *snapshot* and *clone.*
  
-*Snapshot*  allows us to boot the sandbox environment once and preserve the memory, CPU, and device state to disk. Then we can restore the sandbox environment from disk and put it in memory, rather than booting it when we need a new instance of  Windows Sandbox. By cloning the in-memory snapshot of Windows Sandbox, start time is significantly improved.
+*Snapshot*  allows us to boot the Windows Sandbox environment once and preserve the memory, CPU, and device state to disk. Then we can restore the Sandbox environment from disk and put it in memory, rather than booting it when we need a new instance of Sandbox. By cloning the in-memory snapshot of Windows Sandbox, start time is significantly improved.
  
 ### WDDM GPU virtualization
 
-Hardware-accelerated rendering is key to a smooth and responsive user experience, especially for graphics-intense, or media-heavy uses. But virtual machines are isolated from their hosts and can't access advanced devices like GPUs. The role of graphics virtualization technologies is to bridge this gap and provide hardware acceleration in virtualized environments.
+Hardware-accelerated rendering is key to a smooth and responsive user experience, especially for graphics-intense or media-heavy uses. But virtual machines are isolated from their hosts and can't access advanced devices like GPUs. The role of graphics virtualization technologies is to bridge this gap and provide hardware acceleration in virtualized environments.
  
-Microsoft has been working with its graphics ecosystem partners to integrate modern graphics virtualization capabilities directly into DirectX and WDDM, the driver model that's used for Windows display drivers.
+Microsoft is working with its graphics ecosystem partners to integrate modern graphics virtualization capabilities directly into DirectX and Windows Display Driver Model (WDDM), the driver model that's used for Windows.
 
-![Chart illustrates graphics kernal use in Sandbox managed alongside apps on the host](images/5-wddm-gpu-virtualization.png)
+![A chart illustrates graphics kernal use in Sandbox managed alongside apps on the host.](images/5-wddm-gpu-virtualization.png)
 
 At a high level, this form of graphics virtualization works as follows:
 
@@ -97,9 +97,9 @@ At a high level, this form of graphics virtualization works as follows:
 
 This process is illustrated here:
 
-![Chart illustrates graphics resource use on the host and guest](images/6-wddm-gpu-virtualization-2.png)
+![A chart illustrates graphics resource use on the host and guest.](images/6-wddm-gpu-virtualization-2.png)
 
-This enables the Windows Sandbox VM to benefit from hardware-accelerated rendering, with Windows dynamically allocating graphics resources where they are needed across the host and guest. The result is improved performance and responsiveness for apps running in Windows Sandbox, as well as improved battery life for graphics-heavy uses.
+This enables the Windows Sandbox VM to benefit from hardware-accelerated rendering, with Windows dynamically allocating graphics resources where they're needed across the host and guest. The result is improved performance and responsiveness for apps running in Windows Sandbox, as well as improved battery life for graphics-heavy uses.
 
 To take advantage of these benefits, a system with a compatible GPU and graphics drivers (WDDM 2.5 or newer) is required. Incompatible systems will render apps in Windows Sandbox with the Microsoft CPU-based rendering technology, Windows Advanced Rasterization Platform (WARP).
  
@@ -120,11 +120,11 @@ Windows Sandbox is also aware of the host's battery state, which allows it to op
 
 ### Installation
 
-1. Make sure your machine is using a Windows 10 Pro or Enterprise build version 18305 or later.
-1. Enable virtualization on the machine.
+1. Make sure your machine is using Windows 10 Pro or Enterprise build version 18305 or later.
+2. Enable virtualization on the machine.
 
    - If you're using a physical machine, make sure virtualization capabilities are enabled in the BIOS.
-   - If you're using a virtual machine, run the following PowerShell command to enable nested virtualization:<br/> **Set -VMProcessor -VMName <VMName> -ExposeVirtualizationExtensions $true**
+   - If you're using a virtual machine, run the following PowerShell command to enable nested virtualization:<br/> **Set -VMProcessor -VMName \<VMName> -ExposeVirtualizationExtensions $true**
 1. Use the search bar on the task bar and type **Turn Windows Features on and off**. Select **Windows Sandbox** and then **OK**. Restart the computer if you're prompted.
 
    - If the **Windows Sandbox** option is unavailable, your computer doesn't meet the requirements to run Windows Sandbox. If you think this is incorrect, review the prerequisite list as well as steps 1 and 2.

From 4635681d6652833dd68f7751ec810d007d304705 Mon Sep 17 00:00:00 2001
From: jborsecnik <v-jeffbo@microsoft.com>
Date: Mon, 9 Mar 2020 17:43:19 -0700
Subject: [PATCH 08/30] Update windows-sandbox-overview.md

---
 .../windows-sandbox-overview.md               | 24 +++++++++----------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/windows/threat-protection/windows-sandbox/windows-sandbox-overview.md b/windows/threat-protection/windows-sandbox/windows-sandbox-overview.md
index b9913ac4f5..e189d94b3f 100644
--- a/windows/threat-protection/windows-sandbox/windows-sandbox-overview.md
+++ b/windows/threat-protection/windows-sandbox/windows-sandbox-overview.md
@@ -43,7 +43,7 @@ RedTiger ID for embedding video requested 3/10 - Open WorkItem 25505527
 
 At its core, Windows Sandbox is a lightweight virtual machine, so it needs an operating system image to boot from. Instead of giving the sandbox a separate copy of Windows to boot from, our Dynamic Base Image technology lets us use the copy of Windows that's already installed on the host.
 
-Most OS files are immutable and can be freely shared with Windows Sandbox. A small portion of the OS file are mutable and we can't be shared. Windows Sandbox contains pristine copies of these files. A complete Windows image can be constructed from a combination of the sharable immutable files on the host and the pristine copies of mutable files. By using this scheme, Windows Sandbox has a full Windows installation to boot from without needing to download or store an additional copy of Windows.
+Most OS files are immutable and can be freely shared with Windows Sandbox. A small portion of the OS files are mutable and we can't be shared. Windows Sandbox contains pristine copies of these files. A complete Windows image can be constructed from a combination of the sharable immutable files on the host and the pristine copies of mutable files. By using this scheme, Windows Sandbox has a full Windows installation to boot from without needing to download or store an additional copy of Windows.
  
 Before Windows Sandbox is installed, the dynamic base image is stored in a compressed 25-MB package. Once it's installed, the dynamic base package occupies about 500 MB of disk space.
 
@@ -51,7 +51,7 @@ Before Windows Sandbox is installed, the dynamic base image is stored in a compr
 
 ### Memory management
 
-With traditional virtual machines (VMs) a portion of host memory is dedicated for exclusive use by the VM.  If the host later comes under resource pressure, it can't use the memory that was dedicated to the VM.  Nor can it provide more memory, if available, to the VM. Windows Sandbox treats memory more like how memory is allocated to applications. All apps on the machine can request the amount of memory that they need. The amount that they get will be a function of what other apps are running and how much memory they need. And the amount of memory available for use by an application can change over time.
+For traditional virtual machines (VMs), a portion of host memory is dedicated for exclusive use by the VM.  If the host later comes under resource pressure, it can't use the memory that was dedicated to the VM.  Nor can it provide more memory, if available, to the VM. Windows Sandbox treats memory more like how memory is allocated to applications. All apps on the machine can request the amount of memory that they need. The amount that they get will be a function of what other apps are running and how much memory they need. And the amount of memory available for use by an application can change over time.
  
 ### Dynamic working set
 
@@ -116,7 +116,7 @@ Windows Sandbox is also aware of the host's battery state, which allows it to op
 - Virtualization capabilities enabled in BIOS
 - At least 4 GB of RAM (8 GB recommended)
 - At least 1 GB of free disk space (SSD recommended)
-- At least 2 CPU cores (4 cores with hyperthreading recommended)
+- At least two CPU cores (four cores with hyperthreading recommended)
 
 ### Installation
 
@@ -133,12 +133,12 @@ Windows Sandbox is also aware of the host's battery state, which allows it to op
 ### Usage 
 1. Copy an executable file (and any other files needed to run the application) from the host into the Windows Sandbox window.
 2. Run the executable file or installer inside the sandbox.
-3.  When you're finished experimenting, close the sandbox. A dialog box will state that all sthe sandbox content will be discarded and permanently deleted. Select **ok**.
+3.  When you're finished experimenting, close the sandbox. A dialog box will state that all sandbox content will be discarded and permanently deleted. Select **ok**.
 4. Confirm that your host machine doesn't exhibit any of the modifications that you made in Windows Sandbox.
 
 ## Use a .wsb file to configure Windows Sandbox
 
-Windows Sandbox supports simple configuration files (that have a .wsb file extension), which provide a minimal set of customization parameters for Sandbox. This feature can be used with any Windows 10 build 18342 or later.
+Windows Sandbox supports simple configuration files (that have a .wsb file extension), which provide a minimal set of customization parameters for Sandbox. This feature can be used with Windows 10 build 18342 or later.
 
 Windows Sandbox configuration files are formatted as XML and are associated with Sandbox via the .wsb file extension. To use a configuration file, double-click it to open it in the sandbox. You can also invoke it via the command line as shown here:<BR/>
     **C:\Temp> MyConfigFile.wsb** 
@@ -215,7 +215,7 @@ Example: "C:\Test" will be mapped as "C:\users\WDAGUtilityAccount\Desktop\Test b
 
 *SandboxFolder*: Specifies the destination in the Sandbox to map the folder to. If the folder doesn't exist, it will be created.
 
-*ReadOnly*: If *true*, enforces *read-only* access to the shared folder from within the container. Supported values: true/false. Defaults to false.
+*ReadOnly*: If *true*, enforces *read-only* access to the shared folder from within the container. Supported values: *true*/*false*. Defaults to *false*.
 
 > [!NOTE] 
 > Files and folders mapped in from the host can be compromised by apps in the sandbox or potentially affect the host.
@@ -228,7 +228,7 @@ Example: "C:\Test" will be mapped as "C:\users\WDAGUtilityAccount\Desktop\Test b
 </LogonCommand>
 ```
 
-*Command*: A path to an executable or script inside of the container that will be executed after login.
+*Command*: A path to an executable or script inside the container that will be executed after login.
 
 > [!NOTE]
 > Although very simple commands work (such as launching an executable or script), more-complicated scenarios that have multiple steps should be placed in a script file. This script file can be mapped to the container via a shared folder and then executed via the *LogonCommand* directive.
@@ -295,13 +295,13 @@ VSCode.wsb
 
 **AudioInput**
 
-Enables or disables audio input to Sandbox.
+Enables or disables audio input to the sandbox.
 
 `<AudioInput>value</AudioInput>`
 
 Supported values:
-- *Enable*: Enables audio input in Sandbox. If this value is set, Sandbox will be able to receive audio input from the user. Applications that use a microphone may need this setting.
-- *Disable*: Disables audio input in Sandbox. If this value is set, Sandbox can't receive audio input from the user. Applications that use a microphone may not function properly with this setting.
+- *Enable*: Enables audio input in the sandbox. If this value is set, the sandbox will be able to receive audio input from the user. Applications that use a microphone may need this setting.
+- *Disable*: Disables audio input in the sandbox. If this value is set, the sandbox can't receive audio input from the user. Applications that use a microphone may not function properly with this setting.
 - *Default*: This is the default value for audio input support. Currently this means audio input is enabled.
  
 **VideoInput**
@@ -312,8 +312,8 @@ Enables or disables video input to the sandbox.
 
 Supported values:
 - *Enable*: Enables video input in the sandbox. 
-- *Disable*: Disables video input in the sandbox. Applications that use video input may not function properly in Windows Sandbox.
-- *Default*: This is the default value for video input support. Currently this means video input is disabled. Applications that use video input may not function properly in Windows Sandbox.
+- *Disable*: Disables video input in the sandbox. Applications that use video input may not function properly in the sandbox.
+- *Default*: This is the default value for video input support. Currently this means video input is disabled. Applications that use video input may not function properly in the sandbox.
 
 **ProtectedClient**
 

From f4bc0490ae36c69d8f0097fd76ffc992cb48e998 Mon Sep 17 00:00:00 2001
From: jborsecnik <v-jeffbo@microsoft.com>
Date: Tue, 10 Mar 2020 11:54:41 -0700
Subject: [PATCH 09/30] Break into three articles and move; tweak format

---
 .../windows-sandbox/images/1-dynamic-host.png | Bin
 .../images/2-dynamic-working.png              | Bin
 .../images/3-memory-sharing.png               | Bin
 .../images/4-integrated-kernal.png            | Bin
 .../images/5-wddm-gpu-virtualization.png      | Bin
 .../images/6-wddm-gpu-virtualization-2.png    | Bin
 .../windows-sandbox-architecture.md           | 117 ++++++
 ...indows-sandbox-configure-using-wsb-file.md | 228 +++++++++++
 .../windows-sandbox-overview.md               |  39 ++
 .../windows-sandbox-overview.md               | 372 ------------------
 10 files changed, 384 insertions(+), 372 deletions(-)
 rename windows/{ => security}/threat-protection/windows-sandbox/images/1-dynamic-host.png (100%)
 rename windows/{ => security}/threat-protection/windows-sandbox/images/2-dynamic-working.png (100%)
 rename windows/{ => security}/threat-protection/windows-sandbox/images/3-memory-sharing.png (100%)
 rename windows/{ => security}/threat-protection/windows-sandbox/images/4-integrated-kernal.png (100%)
 rename windows/{ => security}/threat-protection/windows-sandbox/images/5-wddm-gpu-virtualization.png (100%)
 rename windows/{ => security}/threat-protection/windows-sandbox/images/6-wddm-gpu-virtualization-2.png (100%)
 create mode 100644 windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md
 create mode 100644 windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
 create mode 100644 windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
 delete mode 100644 windows/threat-protection/windows-sandbox/windows-sandbox-overview.md

diff --git a/windows/threat-protection/windows-sandbox/images/1-dynamic-host.png b/windows/security/threat-protection/windows-sandbox/images/1-dynamic-host.png
similarity index 100%
rename from windows/threat-protection/windows-sandbox/images/1-dynamic-host.png
rename to windows/security/threat-protection/windows-sandbox/images/1-dynamic-host.png
diff --git a/windows/threat-protection/windows-sandbox/images/2-dynamic-working.png b/windows/security/threat-protection/windows-sandbox/images/2-dynamic-working.png
similarity index 100%
rename from windows/threat-protection/windows-sandbox/images/2-dynamic-working.png
rename to windows/security/threat-protection/windows-sandbox/images/2-dynamic-working.png
diff --git a/windows/threat-protection/windows-sandbox/images/3-memory-sharing.png b/windows/security/threat-protection/windows-sandbox/images/3-memory-sharing.png
similarity index 100%
rename from windows/threat-protection/windows-sandbox/images/3-memory-sharing.png
rename to windows/security/threat-protection/windows-sandbox/images/3-memory-sharing.png
diff --git a/windows/threat-protection/windows-sandbox/images/4-integrated-kernal.png b/windows/security/threat-protection/windows-sandbox/images/4-integrated-kernal.png
similarity index 100%
rename from windows/threat-protection/windows-sandbox/images/4-integrated-kernal.png
rename to windows/security/threat-protection/windows-sandbox/images/4-integrated-kernal.png
diff --git a/windows/threat-protection/windows-sandbox/images/5-wddm-gpu-virtualization.png b/windows/security/threat-protection/windows-sandbox/images/5-wddm-gpu-virtualization.png
similarity index 100%
rename from windows/threat-protection/windows-sandbox/images/5-wddm-gpu-virtualization.png
rename to windows/security/threat-protection/windows-sandbox/images/5-wddm-gpu-virtualization.png
diff --git a/windows/threat-protection/windows-sandbox/images/6-wddm-gpu-virtualization-2.png b/windows/security/threat-protection/windows-sandbox/images/6-wddm-gpu-virtualization-2.png
similarity index 100%
rename from windows/threat-protection/windows-sandbox/images/6-wddm-gpu-virtualization-2.png
rename to windows/security/threat-protection/windows-sandbox/images/6-wddm-gpu-virtualization-2.png
diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md
new file mode 100644
index 0000000000..36b8e115dd
--- /dev/null
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md
@@ -0,0 +1,117 @@
+---
+title: Windows Sandbox architecture
+description: 
+ms.prod: w10
+audience: ITPro
+author: dansimp
+ms.author: dansimp
+manager: dansimp
+ms.collection: 
+ms.topic: article
+ms.localizationpriority: 
+ms.date: 
+ms.reviewer: 
+---
+
+# Windows Sandbox architecture
+
+This article describes the Windows Sandbox basics.
+
+## Fundamentals
+
+### Dynamically generated image
+
+At its core, Windows Sandbox is a lightweight virtual machine, so it needs an operating system image to boot from. Instead of giving the sandbox a separate copy of Windows to boot from, our Dynamic Base Image technology lets us use the copy of Windows that's already installed on the host.
+
+Most OS files are immutable and can be freely shared with Windows Sandbox. A small portion of the OS files are mutable and we can't be shared. Windows Sandbox contains pristine copies of these files. A complete Windows image can be constructed from a combination of the sharable immutable files on the host and the pristine copies of mutable files. By using this scheme, Windows Sandbox has a full Windows installation to boot from without needing to download or store an additional copy of Windows.
+ 
+Before Windows Sandbox is installed, the dynamic base image is stored in a compressed 25-MB package. Once it's installed, the dynamic base package occupies about 500 MB of disk space.
+
+![A chart compares scale of dynamic image of files and links with the host file system.](images/1-dynamic-host.png)
+
+### Memory management
+
+For traditional virtual machines (VMs), a portion of host memory is dedicated for exclusive use by the VM.  If the host later comes under resource pressure, it can't use the memory that was dedicated to the VM.  Nor can it provide more memory, if available, to the VM. Windows Sandbox treats memory more like how memory is allocated to applications. All apps on the machine can request the amount of memory that they need. The amount that they get will be a function of what other apps are running and how much memory they need. And the amount of memory available for use by an application can change over time.
+ 
+### Dynamic working set
+
+When using a VM, the user is effectively partitioning their machine. If the host is under memory pressure, it can't use the memory already allocated to the VM. But applications in the sandbox are treated as equal to apps running on the host, so when apps in sandbox are under memory pressure, you can give more memory to the sandbox (and the same applies to the host). Guest physical pages provided are virtualized.
+
+![A chart compares memory sharing in Windows Sandbox versus a traditional VM.](images/2-dynamic-working.png)
+
+### Memory sharing
+
+Because Windows Sandbox runs the same operating system image as the host, it has been enhanced to use the same physical memory pages as the host for operating system binaries via a technology referred to as "direct map." For example, when *ntdll.dll* is loaded into memory in the sandbox, it uses the same executable pages as those of the binary when loaded on the host. Memory sharing between the host and sandbox results in a smaller memory footprint when compared to traditional VMs without compromising valuable host secrets.
+
+![A chart compares the memory footprint in Windows Sandbox versus a traditional VM.](images/3-memory-sharing.png)
+
+### Integrated kernel scheduler
+
+With ordinary virtual machines, the Microsoft hypervisor controls the scheduling of the virtual processors running in the VMs. Windows Sandbox uses a new technology called "integrated scheduling," which allows the host scheduler to decide when the sandbox gets CPU cycles.
+
+![A chart compares the scheduling in Windows Sandbox versus a traditional VM.](images/4-integrated-kernal.png)
+
+Windows Sandbox employs a unique scheduling policy that allows the virtual processors of the sandbox to be scheduled in the same way as threads would be scheduled for a process. High-priority tasks on the host can preempt less important work in the sandbox. The benefit of the integrated scheduler is that the host manages Windows Sandbox as a process rather than a virtual machine, which results in a much more responsive host, similar to Linux KVM.
+ 
+The goal is to treat Windows Sandbox like an app but with the security guarantees of a virtual machine.
+ 
+### Snapshot and clone
+
+As we noted earlier, Windows Sandbox uses the Microsoft hypervisor. It essentially runs another copy of Windows that needs to be booted, and this can take some time. Rather than paying the full cost of booting the Windows Sandbox operating system every time Sandbox starts, two other technologies are utilized: *snapshot* and *clone.*
+ 
+*Snapshot*  allows us to boot the Windows Sandbox environment once and preserve the memory, CPU, and device state to disk. Then we can restore the Sandbox environment from disk and put it in memory, rather than booting it when we need a new instance of Sandbox. By cloning the in-memory snapshot of Windows Sandbox, start time is significantly improved.
+ 
+### WDDM GPU virtualization
+
+Hardware-accelerated rendering is key to a smooth and responsive user experience, especially for graphics-intense or media-heavy uses. But virtual machines are isolated from their hosts and can't access advanced devices like GPUs. The role of graphics virtualization technologies is to bridge this gap and provide hardware acceleration in virtualized environments.
+ 
+Microsoft is working with its graphics ecosystem partners to integrate modern graphics virtualization capabilities directly into DirectX and Windows Display Driver Model (WDDM), the driver model that's used for Windows.
+
+![A chart illustrates graphics kernel use in Sandbox managed alongside apps on the host.](images/5-wddm-gpu-virtualization.png)
+
+At a high level, this form of graphics virtualization works as follows:
+
+- Apps running in a Hyper-V VM use graphics APIs as normal.
+- Graphics components in the VM, which have been enlightened to support virtualization, coordinate across the VM boundary with the host to execute graphics workloads.
+- The host allocates and schedules graphics resources among apps in the VM alongside the apps that are running natively. Conceptually, they behave as one pool of graphics clients.
+
+This process is illustrated here:
+
+![A chart illustrates graphics resource use on the host and guest.](images/6-wddm-gpu-virtualization-2.png)
+
+This enables the Windows Sandbox VM to benefit from hardware-accelerated rendering, with Windows dynamically allocating graphics resources where they're needed across the host and guest. The result is improved performance and responsiveness for apps running in Windows Sandbox, as well as improved battery life for graphics-heavy uses.
+
+To take advantage of these benefits, a system with a compatible GPU and graphics drivers (WDDM 2.5 or newer) is required. Incompatible systems will render apps in Windows Sandbox with the Microsoft CPU-based rendering technology, Windows Advanced Rasterization Platform (WARP).
+ 
+### Battery pass-through
+
+Windows Sandbox is also aware of the host's battery state, which allows it to optimize power consumption. This is critical for a technology that's used on laptops, where battery life is often critical.
+
+## Prerequites, installation, and basic use
+
+### Prerequisites
+ 
+- Windows 10 Pro or Enterprise build 18305 or later (*Windows Sandbox is currently not supported on Home SKUs*)
+- AMD64 architecture
+- Virtualization capabilities enabled in BIOS
+- At least 4 GB of RAM (8 GB recommended)
+- At least 1 GB of free disk space (SSD recommended)
+- At least two CPU cores (four cores with hyperthreading recommended)
+
+### Installation
+
+1. Make sure your machine is using Windows 10 Pro or Enterprise build version 18305 or later.
+2. Enable virtualization on the machine.
+
+   - If you're using a physical machine, make sure virtualization capabilities are enabled in the BIOS.
+   - If you're using a virtual machine, run the following PowerShell command to enable nested virtualization:<br/> **Set -VMProcessor -VMName \<VMName> -ExposeVirtualizationExtensions $true**
+1. Use the search bar on the task bar and type **Turn Windows Features on and off**. Select **Windows Sandbox** and then **OK**. Restart the computer if you're prompted.
+
+   - If the **Windows Sandbox** option is unavailable, your computer doesn't meet the requirements to run Windows Sandbox. If you think this is incorrect, review the prerequisite list as well as steps 1 and 2.
+1.   Locate and select **Windows Sandbox** on the Start menu to run it for the first time.
+
+### Usage 
+1. Copy an executable file (and any other files needed to run the application) from the host into the Windows Sandbox window.
+2. Run the executable file or installer inside the sandbox.
+3.  When you're finished experimenting, close the sandbox. A dialog box will state that all sandbox content will be discarded and permanently deleted. Select **ok**.
+4. Confirm that your host machine doesn't exhibit any of the modifications that you made in Windows Sandbox.
diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
new file mode 100644
index 0000000000..20b66df936
--- /dev/null
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
@@ -0,0 +1,228 @@
+---
+title: Use a .wsb file to configure Windows Sandbox
+description: 
+ms.prod: w10
+audience: ITPro
+author: dansimp
+ms.author: dansimp
+manager: dansimp
+ms.collection: 
+ms.topic: article
+ms.localizationpriority: 
+ms.date: 
+ms.reviewer: 
+---
+
+# Use a .wsb file to configure Windows Sandbox
+
+Windows Sandbox supports simple configuration files (that have a .wsb file extension), which provide a minimal set of customization parameters for Sandbox. This feature can be used with Windows 10 build 18342 or later.
+
+Windows Sandbox configuration files are formatted as XML and are associated with Sandbox via the .wsb file extension. To use a configuration file, double-click it to open it in the sandbox. You can also invoke it via the command line as shown here:
+
+**C:\Temp> MyConfigFile.wsb** 
+
+ A configuration file enables the user to control the following aspects of Windows Sandbox:
+- **vGPU (virtualized GPU)**: Enable or disable the virtualized GPU. If vGPU is disabled, the sandbox will use WARP (software rasterizer).
+- **Networking**: Enable or disable network access within the sandbox.
+- **Mapped folders**: Share folders from the host with *read* or *write* permissions. Note that exposing host directories may allow malicious software to affect the system or steal data.
+- **Logon command**: A command that's executed when Windows Sandbox starts. <LogonCommand>
+- **Audio input**: Shares the host's microphone input into the sandbox.
+- **Video input**: Shares the host's webcam input into the sandbox.
+- **Protected client**: Places increased security settings on the RDP session to the sandbox.
+- **Printer redirection**: Shares printers from the host into the sandbox.
+- **Clipboard redirection**: Shares the host clipboard with the sandbox so that text and files can be pasted back and forth.
+- **Memory in MB**: The amount of memory, in megabytes, to assign to the sandbox.
+
+**Keywords, values, and limits**
+
+**vGPU**: Enables or disables GPU sharing.
+
+`<VGpu>value</VGpu>`
+
+Supported values:
+- *Enable*: Enables vGPU support in the sandbox.
+- *Disable*: Disables vGPU support in the sandbox. If this value is set, the sandbox will use software rendering, which can be slower than virtualized GPU.
+- *Default* This is the default value for vGPU support. Currently this means vGPU is disabled.
+
+> [!NOTE]
+> Enabling virtualized GPU can potentially increase the attack surface of the sandbox.
+
+**Networking**: Enables or disables networking in the sandbox. You can disable network access to decrease the attack surface exposed by the sandbox.
+
+`<Networking>value</Networking>`
+
+Supported values:
+- *Disable*: Disables networking in the sandbox.
+- *Default*: This is the default value for networking support. This value enables networking by creating a virtual switch on the host and connects the sandbox to it via a virtual NIC.
+
+> [!NOTE]
+> Enabling networking can expose untrusted applications to the internal network.
+
+**MappedFolders**: Wraps a list of MappedFolder objects.
+
+`<MappedFolders>`
+    list of MappedFolder objects
+`</MappedFolders>`
+
+> [!NOTE]
+> Files and folders mapped in from the host can be compromised by apps in the sandbox or potentially affect the host.
+
+**MappedFolder**: Specifies a single folder on the host machine that will be shared on the container desktop. Apps in the sandbox are run under the user account *WDAGUtilityAccount*. If no sandbox path is specified, a folder is mapped to the following path:<br/>`C:\Users\WDAGUtilityAccount\Desktop`
+
+Example: "C:\Test" will be mapped as "C:\users\WDAGUtilityAccount\Desktop\Test by default.
+
+```
+<MappedFolder>
+     <HostFolder>path to the host folder</HostFolder>
+     <SandboxFolder>path to the sandbox folder</SandboxFolder>
+     <ReadOnly>value</ReadOnly>
+</MappedFolder>
+```
+
+*HostFolder*: Specifies the folder on the host machine to share to the sandbox. The folder must already exist on the host, or the container will fail to start if the folder isn't found.
+
+*SandboxFolder*: Specifies the destination in the Sandbox to map the folder to. If the folder doesn't exist, it will be created.
+
+*ReadOnly*: If *true*, enforces *read-only* access to the shared folder from within the container. Supported values: *true*/*false*. Defaults to *false*.
+
+> [!NOTE] 
+> Files and folders mapped in from the host can be compromised by apps in the sandbox or potentially affect the host.
+
+**LogonCommand**: Specifies a single command that will be invoked automatically after the sandbox logs on.
+
+```
+<LogonCommand>
+    <Command>command to be invoked</Command>
+</LogonCommand>
+```
+
+*Command*: A path to an executable or script inside the container that will be executed after login.
+
+> [!NOTE]
+> Although very simple commands work (such as launching an executable or script), more-complicated scenarios that have multiple steps should be placed in a script file. This script file can be mapped to the container via a shared folder and then executed via the *LogonCommand* directive.
+
+***Example 1***
+
+The following config file can be used to easily test downloaded files inside the sandbox. To do this, the script disables networking and vGPU and restricts the shared downloads folder to *read-only* access in the container. For convenience, the logon command opens the downloads folder inside the container when it's started.
+
+*Downloads.wsb*
+
+```
+<Configuration>
+ <VGpu>Disable</VGpu>
+ <Networking>Disable</Networking>
+ <MappedFolders>
+    <MappedFolder>
+      <HostFolder>C:\Users\Public\Downloads</HostFolder>
+      <ReadOnly>true</ReadOnly>
+    </MappedFolder>
+ </MappedFolders>
+ <LogonCommand>
+    <Command>explorer.exe C:\users\WDAGUtilityAccount\Desktop\Downloads</Command>
+ </LogonCommand>
+</Configuration>
+```
+
+***Example 2***
+
+The following config file installs Visual Studio Code in the sandbox, which requires a slightly more complicated LogonCommand setup.
+
+Two folders are mapped into the sandbox. The first folder (SandboxScripts) contains VSCodeInstall.cmd, which installs and runs Visual Studio Code. The second folder (CodingProjects) is assumed to contain project files that the developer wants to modify by using Visual Studio Code.
+
+With the Visual Studio Code installer script already mapped into the sandbox, the LogonCommand can reference it.
+
+*VSCodeInstall.cmd*
+
+```
+REM Download Visual Studio Code
+curl -L "https://update.code.visualstudio.com/latest/win32-x64-user/stable" --output C:\users\WDAGUtilityAccount\Desktop\vscode.exe
+
+REM Install and run Visual Studio Code
+C:\users\WDAGUtilityAccount\Desktop\vscode.exe /verysilent /suppressmsgboxes
+```
+
+VSCode.wsb
+
+```
+<Configuration>
+ <MappedFolders>
+    <MappedFolder>
+      <HostFolder>C:\SandboxScripts</HostFolder>
+      <ReadOnly>true</ReadOnly>
+    </MappedFolder>
+    <MappedFolder>
+      <HostFolder>C:\CodingProjects</HostFolder>
+      <ReadOnly>false</ReadOnly>
+    </MappedFolder>
+ </MappedFolders>
+ <LogonCommand>
+    <Command>C:\users\wdagutilityaccount\desktop\SandboxScripts\VSCodeInstall.cmd</Command>
+ </LogonCommand>
+</Configuration>
+```
+
+**AudioInput**: Enables or disables audio input to the sandbox.
+
+`<AudioInput>value</AudioInput>`
+
+Supported values:
+- *Enable*: Enables audio input in the sandbox. If this value is set, the sandbox will be able to receive audio input from the user. Applications that use a microphone may need this setting.
+- *Disable*: Disables audio input in the sandbox. If this value is set, the sandbox can't receive audio input from the user. Applications that use a microphone may not function properly with this setting.
+- *Default*: This is the default value for audio input support. Currently this means audio input is enabled.
+ 
+**VideoInput**: Enables or disables video input to the sandbox.
+
+`<VideoInput>value</VideoInput>`
+
+Supported values:
+- *Enable*: Enables video input in the sandbox. 
+- *Disable*: Disables video input in the sandbox. Applications that use video input may not function properly in the sandbox.
+- *Default*: This is the default value for video input support. Currently this means video input is disabled. Applications that use video input may not function properly in the sandbox.
+
+**ProtectedClient**: Implements increased-security settings on the sandbox RDP session. These settings decrease the attack surface of the sandbox.
+
+`<ProtectedClient>value</ProtectedClient>`
+
+Supported values:
+- *Enable*: Runs Windows Sandbox in Protected Client mode. If this value is set, the sandbox runs with extra security mitigations enabled.
+- *Disable*: Runs the sandbox in standard mode without extra security mitigations.
+- *Default*: This is the default value for Protected Client mode. Currently, this means the sandbox doesn't run in Protected Client mode.
+
+> [!NOTE]
+> This setting may restrict the user's ability to copy/paste files in and out of the sandbox.
+
+**PrinterRedirection**: Enables or disables printer sharing from the host into the sandbox.
+
+`<PrinterRedirection>value</PrinterRedirection>`
+
+Supported values:
+- *Enable*: Enables sharing of host printers into the sandbox.
+- *Disable*: Disables printer redirection in the sandbox. If this value is set, the sandbox can't view printers from the host.
+- *Default*: This is the default value for printer redirection support. Currently this means printer redirection is disabled.
+
+**ClipboardRedirection**: Enables or disables clipboard sharing with the sandbox.
+
+`<ClipboardRedirection>value</ClipboardRedirection>`
+
+Supported values:
+- *Disable*: Disables clipboard redirection in Sandbox. If this value is set, copy/paste in and out of Sandbox will be restricted. 
+- *Default*: This is the default value for clipboard redirection. Currently copy/paste between the host and Sandbox are permitted under *Default*.
+
+**MemoryInMB**: Specifies the amount of memory that the sandbox can use in megabytes (MB).
+
+`<MemoryInMB>value</MemoryInMB>`
+
+Supported values: An integer greater than 2048 (2 GB).
+
+<!--
+
+FAQ (future)
+
+Release Notes (future)
+
+EnableVendorExtensions – Paul added new option for Windows Sandbox to enable/disable vGPU vendor extensions. This is as new as 12/2 
+RailMode – allows a user to run programs in Rail mode rather than full desktop. Internal only at this time.
+
+Known issues (future)
+
+-->
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
new file mode 100644
index 0000000000..78e6c8e2f4
--- /dev/null
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
@@ -0,0 +1,39 @@
+---
+title: Windows Sandbox overview
+description: 
+ms.prod: w10
+audience: ITPro
+author: dansimp
+ms.author: dansimp
+manager: dansimp
+ms.collection: 
+ms.topic: article
+ms.localizationpriority: 
+ms.date: 
+ms.reviewer: 
+---
+
+# Windows Sandbox overview
+
+Windows Sandbox provides a lightweight desktop environment to safely run applications in isolation. Software that's installed inside the Windows Sandbox environment remains in the "sandboxed" and can't affect the host machine.
+
+A sandbox is temporary. When it's closed, all the software and files and the state are permanently deleted. You get a brand-new instance of the sandbox every time you open the application.
+
+Software and applications installed on the host aren't directly available in the sandbox. If you need specific applications available inside the Windows Sandbox environment, they must be explicitly installed within the environment.
+
+Windows Sandbox has the following properties:
+- **Part of Windows**: Everything required for this feature is included in Windows 10 Pro and Enterprise. There's no need to download a VHD.
+- **Pristine**: Every time Windows Sandbox runs, it's as clean as a brand-new installation of Windows.
+- **Disposable**: Nothing persists on the device. Everything is discarded when the user closes the application.
+- **Secure**: Uses hardware-based virtualization for kernel isolation. It relies on the Microsoft hypervisor to run a separate kernel that isolates Windows Sandbox from the host.
+- **Efficient:** Uses the integrated kernel scheduler, smart memory management, and virtual GPU.
+
+The following video provides an overview of Windows Sandbox.
+
+[embed Ignite 2019 Sandbox talk video here, link is here: https://myignite.techcommunity.microsoft.com/sessions/79739?source=sessions ]
+
+[!VIDEO https://www.microsoft.com/videoplayer/embed/***XXXXXX***]  
+<!--
+RedTiger ID for embedding video requested 3/10 - Open WorkItem [25505527](https://office.visualstudio.com/MAX/_workitems/edit/3993527)
+-->
+
diff --git a/windows/threat-protection/windows-sandbox/windows-sandbox-overview.md b/windows/threat-protection/windows-sandbox/windows-sandbox-overview.md
deleted file mode 100644
index e189d94b3f..0000000000
--- a/windows/threat-protection/windows-sandbox/windows-sandbox-overview.md
+++ /dev/null
@@ -1,372 +0,0 @@
----
-title: Windows Sandbox overview
-description: 
-ms.prod: w10
-audience: ITPro
-author: dansimp
-ms.author: dansimp
-manager: dansimp
-ms.collection: 
-ms.topic: article
-ms.localizationpriority: 
-ms.date: 
-ms.reviewer: 
----
-
-# Windows Sandbox
-
-### Overview
-
-Windows Sandbox provides a lightweight desktop environment to safely run applications in isolation. Software that's installed inside the Windows Sandbox environment remains in the "sandboxed" and can't affect the host machine. A sandbox is temporary. When it's closed, all the software and files and the state are permanently deleted. You get a brand-new instance of the sandbox every time you open the application.
-
-Software and applications installed on the host aren't directly available in Windows Sandbox. If you need specific applications available inside the Windows Sandbox environment, they must be explicitly installed within the environment.
-
-Windows Sandbox has the following properties:
-- **Part of Windows**: Everything required for this feature is included in Windows 10 Pro and Enterprise. There's no need to download a VHD.
-- **Pristine**: Every time Windows Sandbox runs, it's as clean as a brand-new installation of Windows.
-- **Disposable**: Nothing persists on the device. Everything is discarded when the user closes the application.
-- **Secure**: Uses hardware-based virtualization for kernel isolation. It relies on the Microsoft hypervisor to run a separate kernel that isolates Windows Sandbox from the host.
-- **Efficient:** Uses the integrated kernel scheduler, smart memory management, and virtual GPU.
-
-The following video provides an overview of Windows Sandbox.
-
-[embed Ignite 2019 Sandbox talk video here, link is here: https://myignite.techcommunity.microsoft.com/sessions/79739?source=sessions ]
-
-[!VIDEO https://www.microsoft.com/videoplayer/embed/***XXXXXX***]  
-<!--
-RedTiger ID for embedding video requested 3/10 - Open WorkItem 25505527
--->
-
-## Architecture
-
-### Dynamically generated image
-
-At its core, Windows Sandbox is a lightweight virtual machine, so it needs an operating system image to boot from. Instead of giving the sandbox a separate copy of Windows to boot from, our Dynamic Base Image technology lets us use the copy of Windows that's already installed on the host.
-
-Most OS files are immutable and can be freely shared with Windows Sandbox. A small portion of the OS files are mutable and we can't be shared. Windows Sandbox contains pristine copies of these files. A complete Windows image can be constructed from a combination of the sharable immutable files on the host and the pristine copies of mutable files. By using this scheme, Windows Sandbox has a full Windows installation to boot from without needing to download or store an additional copy of Windows.
- 
-Before Windows Sandbox is installed, the dynamic base image is stored in a compressed 25-MB package. Once it's installed, the dynamic base package occupies about 500 MB of disk space.
-
-![A chart compares scale of dynamic image of files and links with the host file system.](images/1-dynamic-host.png)
-
-### Memory management
-
-For traditional virtual machines (VMs), a portion of host memory is dedicated for exclusive use by the VM.  If the host later comes under resource pressure, it can't use the memory that was dedicated to the VM.  Nor can it provide more memory, if available, to the VM. Windows Sandbox treats memory more like how memory is allocated to applications. All apps on the machine can request the amount of memory that they need. The amount that they get will be a function of what other apps are running and how much memory they need. And the amount of memory available for use by an application can change over time.
- 
-### Dynamic working set
-
-When using a VM, the user is effectively partitioning their machine. If the host is under memory pressure, it can't use the memory already allocated to the VM. But applications in the sandbox are treated as equal to apps running on the host, so when apps in sandbox are under memory pressure, you can give more memory to the sandbox (and the same applies to the host). Guest physical pages provided are virtualized.
-
-![A chart compares memory sharing in Windows Sandbox versus a traditional VM.](images/2-dynamic-working.png)
-
-### Memory sharing
-
-Because Windows Sandbox runs the same operating system image as the host, it has been enhanced to use the same physical memory pages as the host for operating system binaries via a technology referred to as "direct map." For example, when *ntdll.dll* is loaded into memory in the sandbox, it uses the same executable pages as those of the binary when loaded on the host. Memory sharing between the host and sandbox results in a smaller memory footprint when compared to traditional VMs without compromising valuable host secrets.
-
-![A chart compares the memory footprint in Windows Sandbox versus a traditional VM.](images/3-memory-sharing.png)
-
-### Integrated kernel scheduler
-
-With ordinary virtual machines, the Microsoft hypervisor controls the scheduling of the virtual processors running in the VMs. Windows Sandbox uses a new technology called "integrated scheduling," which allows the host scheduler to decide when the sandbox gets CPU cycles.
-
-![A chart compares the scheduling in Windows Sandbox versus a traditional VM.](images/4-integrated-kernal.png)
-
-Windows Sandbox employs a unique scheduling policy that allows the virtual processors of the sandbox to be scheduled in the same way as threads would be scheduled for a process. High-priority tasks on the host can preempt less important work in the sandbox. The benefit of the integrated scheduler is that the host manages Windows Sandbox as a process rather than a virtual machine, which results in a much more responsive host, similar to Linux KVM.
- 
-The goal is to treat Windows Sandbox like an app but with the security guarantees of a virtual machine.
- 
-### Snapshot and clone
-
-As we noted earlier, Windows Sandbox uses the Microsoft hypervisor. It essentially runs another copy of Windows that needs to be booted, and this can take some time. Rather than paying the full cost of booting the Windows Sandbox operating system every time Sandbox starts, two other technologies are utilized: *snapshot* and *clone.*
- 
-*Snapshot*  allows us to boot the Windows Sandbox environment once and preserve the memory, CPU, and device state to disk. Then we can restore the Sandbox environment from disk and put it in memory, rather than booting it when we need a new instance of Sandbox. By cloning the in-memory snapshot of Windows Sandbox, start time is significantly improved.
- 
-### WDDM GPU virtualization
-
-Hardware-accelerated rendering is key to a smooth and responsive user experience, especially for graphics-intense or media-heavy uses. But virtual machines are isolated from their hosts and can't access advanced devices like GPUs. The role of graphics virtualization technologies is to bridge this gap and provide hardware acceleration in virtualized environments.
- 
-Microsoft is working with its graphics ecosystem partners to integrate modern graphics virtualization capabilities directly into DirectX and Windows Display Driver Model (WDDM), the driver model that's used for Windows.
-
-![A chart illustrates graphics kernal use in Sandbox managed alongside apps on the host.](images/5-wddm-gpu-virtualization.png)
-
-At a high level, this form of graphics virtualization works as follows:
-
-- Apps running in a Hyper-V VM use graphics APIs as normal.
-- Graphics components in the VM, which have been enlightened to support virtualization, coordinate across the VM boundary with the host to execute graphics workloads.
-- The host allocates and schedules graphics resources among apps in the VM alongside the apps that are running natively. Conceptually, they behave as one pool of graphics clients.
-
-This process is illustrated here:
-
-![A chart illustrates graphics resource use on the host and guest.](images/6-wddm-gpu-virtualization-2.png)
-
-This enables the Windows Sandbox VM to benefit from hardware-accelerated rendering, with Windows dynamically allocating graphics resources where they're needed across the host and guest. The result is improved performance and responsiveness for apps running in Windows Sandbox, as well as improved battery life for graphics-heavy uses.
-
-To take advantage of these benefits, a system with a compatible GPU and graphics drivers (WDDM 2.5 or newer) is required. Incompatible systems will render apps in Windows Sandbox with the Microsoft CPU-based rendering technology, Windows Advanced Rasterization Platform (WARP).
- 
-### Battery pass-through
-
-Windows Sandbox is also aware of the host's battery state, which allows it to optimize power consumption. This is critical for a technology that's used on laptops, where battery life is often critical.
-
-## Install Windows Sandbox
-
-### Prerequisites
- 
-- Windows 10 Pro or Enterprise build 18305 or later (*Windows Sandbox is currently not supported on Home SKUs*)
-- AMD64 architecture
-- Virtualization capabilities enabled in BIOS
-- At least 4 GB of RAM (8 GB recommended)
-- At least 1 GB of free disk space (SSD recommended)
-- At least two CPU cores (four cores with hyperthreading recommended)
-
-### Installation
-
-1. Make sure your machine is using Windows 10 Pro or Enterprise build version 18305 or later.
-2. Enable virtualization on the machine.
-
-   - If you're using a physical machine, make sure virtualization capabilities are enabled in the BIOS.
-   - If you're using a virtual machine, run the following PowerShell command to enable nested virtualization:<br/> **Set -VMProcessor -VMName \<VMName> -ExposeVirtualizationExtensions $true**
-1. Use the search bar on the task bar and type **Turn Windows Features on and off**. Select **Windows Sandbox** and then **OK**. Restart the computer if you're prompted.
-
-   - If the **Windows Sandbox** option is unavailable, your computer doesn't meet the requirements to run Windows Sandbox. If you think this is incorrect, review the prerequisite list as well as steps 1 and 2.
-1.   Locate and select **Windows Sandbox** on the Start menu to run it for the first time.
-
-### Usage 
-1. Copy an executable file (and any other files needed to run the application) from the host into the Windows Sandbox window.
-2. Run the executable file or installer inside the sandbox.
-3.  When you're finished experimenting, close the sandbox. A dialog box will state that all sandbox content will be discarded and permanently deleted. Select **ok**.
-4. Confirm that your host machine doesn't exhibit any of the modifications that you made in Windows Sandbox.
-
-## Use a .wsb file to configure Windows Sandbox
-
-Windows Sandbox supports simple configuration files (that have a .wsb file extension), which provide a minimal set of customization parameters for Sandbox. This feature can be used with Windows 10 build 18342 or later.
-
-Windows Sandbox configuration files are formatted as XML and are associated with Sandbox via the .wsb file extension. To use a configuration file, double-click it to open it in the sandbox. You can also invoke it via the command line as shown here:<BR/>
-    **C:\Temp> MyConfigFile.wsb** 
-
- A configuration file enables the user to control the following aspects of Windows Sandbox:
-- **vGPU (virtualized GPU)** 
-<br/>Enable or disable the virtualized GPU. If vGPU is disabled, the sandbox will use WARP (software rasterizer).
-- **Networking** 
-<br/>Enable or disable network access within the sandbox.
-- **Mapped folders**
-<br/>Share folders from the host with *read* or *write* permissions. Note that exposing host directories may allow malicious software to affect the system or steal data.
-- **Logon command**
-<br/>A command that's executed when Windows Sandbox starts. <LogonCommand>
-- **Audio input**
-<br/>Shares the host's microphone input into the andbox.
-- **Video input**
-  - Shares the host's webcam input into the sandbox.
-- **Protected client**
-  - Places increased security settings on the RDP session to the sandbox.
-- **Printer redirection**
-  - Shares printers from the host into the sandbox.
-- **Clipboard redirection**
-  - Shares the host clipboard with the sandbox so that text and files can be pasted back and forth.
-- **Memory in MB**
-<br/>The amount of memory, in megabytes, to assign to the sandbox.
-
-### Keywords, values, and limits
-
-**vGPU**: Enables or disables GPU sharing.
-
-`<VGpu>value</VGpu>`
-
-Supported values:
-- *Enable*: Enables vGPU support in the sandbox.
-- *Disable*: Disables vGPU support in the sandbox. If this value is set, the sandbox will use software rendering, which can be slower than virtualized GPU.
-- *Default* This is the default value for vGPU support. Currently this means vGPU is disabled.
-
-> [!NOTE]
-> Enabling virtualized GPU can potentially increase the attack surface of the sandbox.
-
-**Networking**: Enables or disables networking in the sandbox. You can disable network access to decrease the attack surface exposed by the sandbox.
-
-`<Networking>value</Networking>`
-
-Supported values:
-- *Disable*: Disables networking in the sandbox.
-- *Default*: This is the default value for networking support. This value enables networking by creating a virtual switch on the host and connects the sandbox to it via a virtual NIC.
-
-> [!NOTE]
-> Enabling networking can expose untrusted applications to the internal network.
-
-**MappedFolders**: Wraps a list of MappedFolder objects.
-
-`<MappedFolders>`
-    list of MappedFolder objects
-`</MappedFolders>`
-
-> [!NOTE]
-> Files and folders mapped in from the host can be compromised by apps in the sandbox or potentially affect the host.
-
-**MappedFolder**: Specifies a single folder on the host machine that will be shared on the container desktop. Apps in the sandbox are run under the user account *WDAGUtilityAccount*. If no sandbox path is specified, a folder is mapped to the following path:<br/>`C:\Users\WDAGUtilityAccount\Desktop`
-
-Example: "C:\Test" will be mapped as "C:\users\WDAGUtilityAccount\Desktop\Test by default.
-
-```
-<MappedFolder>
-     <HostFolder>path to the host folder</HostFolder>
-     <SandboxFolder>path to the sandbox folder</SandboxFolder>
-     <ReadOnly>value</ReadOnly>
-</MappedFolder>
-```
-
-*HostFolder*: Specifies the folder on the host machine to share to the sandbox. Note that the folder must already exist on the host, or the container will fail to start if the folder isn't found.
-
-*SandboxFolder*: Specifies the destination in the Sandbox to map the folder to. If the folder doesn't exist, it will be created.
-
-*ReadOnly*: If *true*, enforces *read-only* access to the shared folder from within the container. Supported values: *true*/*false*. Defaults to *false*.
-
-> [!NOTE] 
-> Files and folders mapped in from the host can be compromised by apps in the sandbox or potentially affect the host.
-
-**LogonCommand**: Specifies a single command that will be invoked automatically after the sandbox logs on.
-
-```
-<LogonCommand>
-    <Command>command to be invoked</Command>
-</LogonCommand>
-```
-
-*Command*: A path to an executable or script inside the container that will be executed after login.
-
-> [!NOTE]
-> Although very simple commands work (such as launching an executable or script), more-complicated scenarios that have multiple steps should be placed in a script file. This script file can be mapped to the container via a shared folder and then executed via the *LogonCommand* directive.
-
-**Example 1**
-
-The following config file can be used to easily test downloaded files inside the sandbox. To do this, the script disables networking and vGPU and restricts the shared downloads folder to *read-only* access in the container. For convenience, the logon command opens the downloads folder inside the container when it's started.
-
-*Downloads.wsb*
-
-```
-<Configuration>
- <VGpu>Disable</VGpu>
- <Networking>Disable</Networking>
- <MappedFolders>
-    <MappedFolder>
-      <HostFolder>C:\Users\Public\Downloads</HostFolder>
-      <ReadOnly>true</ReadOnly>
-    </MappedFolder>
- </MappedFolders>
- <LogonCommand>
-    <Command>explorer.exe C:\users\WDAGUtilityAccount\Desktop\Downloads</Command>
- </LogonCommand>
-</Configuration>
-```
-
-**Example 2**
-
-The following config file installs Visual Studio Code in the sandbox, which requires a slightly more complicated LogonCommand setup.
-
-Two folders are mapped into the sandbox. The first folder (SandboxScripts) contains VSCodeInstall.cmd, which installs and runs Visual Studio Code. The second folder (CodingProjects) is assumed to contain project files that the developer wants to modify by using Visual Studio Code.
-
-With the Visual Studio Code installer script already mapped into the sandbox, the LogonCommand can reference it.
-
-*VSCodeInstall.cmd*
-
-```
-REM Download Visual Studio Code
-curl -L "https://update.code.visualstudio.com/latest/win32-x64-user/stable" --output C:\users\WDAGUtilityAccount\Desktop\vscode.exe
-
-REM Install and run Visual Studio Code
-C:\users\WDAGUtilityAccount\Desktop\vscode.exe /verysilent /suppressmsgboxes
-```
-
-VSCode.wsb
-
-```
-<Configuration>
- <MappedFolders>
-    <MappedFolder>
-      <HostFolder>C:\SandboxScripts</HostFolder>
-      <ReadOnly>true</ReadOnly>
-    </MappedFolder>
-    <MappedFolder>
-      <HostFolder>C:\CodingProjects</HostFolder>
-      <ReadOnly>false</ReadOnly>
-    </MappedFolder>
- </MappedFolders>
- <LogonCommand>
-    <Command>C:\users\wdagutilityaccount\desktop\SandboxScripts\VSCodeInstall.cmd</Command>
- </LogonCommand>
-</Configuration>
-```
-
-**AudioInput**
-
-Enables or disables audio input to the sandbox.
-
-`<AudioInput>value</AudioInput>`
-
-Supported values:
-- *Enable*: Enables audio input in the sandbox. If this value is set, the sandbox will be able to receive audio input from the user. Applications that use a microphone may need this setting.
-- *Disable*: Disables audio input in the sandbox. If this value is set, the sandbox can't receive audio input from the user. Applications that use a microphone may not function properly with this setting.
-- *Default*: This is the default value for audio input support. Currently this means audio input is enabled.
- 
-**VideoInput**
-
-Enables or disables video input to the sandbox.
-
-`<VideoInput>value</VideoInput>`
-
-Supported values:
-- *Enable*: Enables video input in the sandbox. 
-- *Disable*: Disables video input in the sandbox. Applications that use video input may not function properly in the sandbox.
-- *Default*: This is the default value for video input support. Currently this means video input is disabled. Applications that use video input may not function properly in the sandbox.
-
-**ProtectedClient**
-
-Implements increased-security settings on the sandbox RDP session. These settings decrease the attack surface of the sandbox.
-
-`<ProtectedClient>value</ProtectedClient>`
-
-Supported values:
-- *Enable*: Runs Windows Sandbox in Protected Client mode. If this value is set, the sandbox runs with extra security mitigations enabled.
-- *Disable*: Runs the sandbox in standard mode without extra security mitigations.
-- *Default*: This is the default value for Protected Client mode. Currently, this means the sandbox doesn't run in Protected Client mode.
-
-> [!NOTE]
-> This setting may restrict the user's ability to copy/paste files in and out of the sandbox.
-
-**PrinterRedirection**
-
-Enables or disables printer sharing from the host into the sandbox.
-
-`<PrinterRedirection>value</PrinterRedirection>`
-
-Supported values:
-- *Enable*: Enables sharing of host printers into the sandbox.
-- *Disable*: Disables printer redirection in the sandbox. If this value is set, the sandbox can't view printers from the host.
-- *Default*: This is the default value for printer redirection support. Currently this means printer redirection is disabled.
-
-**ClipboardRedirection**
-
-Enables or disables clipboard sharing with the sandbox.
-
-`<ClipboardRedirection>value</ClipboardRedirection>`
-
-Supported values:
-- *Disable*: Disables clipboard redirection in Sandbox. If this value is set, copy/paste in and out of Sandbox will be restricted. 
-- *Default*: This is the default value for clipboard redirection. Currently copy/paste between the host and Sandbox are permitted under *Default*.
-
-**MemoryInMB**
-
-Specifies the amount of memory that the sandbox can use in megabytes (MB).
-
-`<MemoryInMB>value</MemoryInMB>`
-
-Supported values: An integer greater than 2048 (2GB).
-
-<!--
-
-FAQ (future)
-
-Release Notes (future)
-
-EnableVendorExtensions – Paul added new option for Windows Sandbox to enable/disable vGPU vendor extensions. This is as new as 12/2 
-RailMode – allows a user to run programs in Rail mode rather than full desktop. Internal only at this time.
-
-Known issues (future)
-
--->
\ No newline at end of file

From 6e44b1ceeaa361418598092e71d8f3c853dd28e7 Mon Sep 17 00:00:00 2001
From: jborsecnik <v-jeffbo@microsoft.com>
Date: Tue, 10 Mar 2020 12:07:41 -0700
Subject: [PATCH 10/30] move video info to comment for now

---
 .../windows-sandbox/windows-sandbox-overview.md                 | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
index 78e6c8e2f4..64064931a0 100644
--- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
@@ -28,6 +28,8 @@ Windows Sandbox has the following properties:
 - **Secure**: Uses hardware-based virtualization for kernel isolation. It relies on the Microsoft hypervisor to run a separate kernel that isolates Windows Sandbox from the host.
 - **Efficient:** Uses the integrated kernel scheduler, smart memory management, and virtual GPU.
 
+<!--
+
 The following video provides an overview of Windows Sandbox.
 
 [embed Ignite 2019 Sandbox talk video here, link is here: https://myignite.techcommunity.microsoft.com/sessions/79739?source=sessions ]

From 0660698ff5d61858dfebe86b5ce0505b19037d8c Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Wed, 11 Mar 2020 14:55:06 -0700
Subject: [PATCH 11/30] Update TOC.md

added windows sandbox to the TOC
---
 windows/security/threat-protection/TOC.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 0bc73d07bc..ab883f207f 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -607,6 +607,9 @@
 #### [SmartScreen Group Policy and mobile device management (MDM) settings](windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md)
 #### [Set up and use SmartScreen on individual devices](windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md)
 
+### [Windows sandbox](windows-sandbox/windows-sandbox-overview.md)
+#### [Windows sandbox architecture](windows-sandbox/windows-sandbox-architecture.md)
+#### [Windows sandbox configuration](windows-sandbox/windows-sandbox-configure-using-wsb-file.md)
 
 ### [Windows Defender Device Guard: virtualization-based security and WDAC](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
 

From 89e53b5f6852c7830f330fa3d2f39f11f262b206 Mon Sep 17 00:00:00 2001
From: jborsecnik <v-jeffbo@microsoft.com>
Date: Wed, 11 Mar 2020 21:29:36 -0700
Subject: [PATCH 12/30] add vido link, move setup content

---
 .../windows-sandbox-architecture.md           | 47 ++++---------------
 .../windows-sandbox-overview.md               | 34 +++++++++++---
 2 files changed, 35 insertions(+), 46 deletions(-)

diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md
index 36b8e115dd..202de62262 100644
--- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md
@@ -17,9 +17,7 @@ ms.reviewer:
 
 This article describes the Windows Sandbox basics.
 
-## Fundamentals
-
-### Dynamically generated image
+## Dynamically generated image
 
 At its core, Windows Sandbox is a lightweight virtual machine, so it needs an operating system image to boot from. Instead of giving the sandbox a separate copy of Windows to boot from, our Dynamic Base Image technology lets us use the copy of Windows that's already installed on the host.
 
@@ -29,23 +27,23 @@ Before Windows Sandbox is installed, the dynamic base image is stored in a compr
 
 ![A chart compares scale of dynamic image of files and links with the host file system.](images/1-dynamic-host.png)
 
-### Memory management
+## Memory management
 
 For traditional virtual machines (VMs), a portion of host memory is dedicated for exclusive use by the VM.  If the host later comes under resource pressure, it can't use the memory that was dedicated to the VM.  Nor can it provide more memory, if available, to the VM. Windows Sandbox treats memory more like how memory is allocated to applications. All apps on the machine can request the amount of memory that they need. The amount that they get will be a function of what other apps are running and how much memory they need. And the amount of memory available for use by an application can change over time.
  
-### Dynamic working set
+## Dynamic working set
 
 When using a VM, the user is effectively partitioning their machine. If the host is under memory pressure, it can't use the memory already allocated to the VM. But applications in the sandbox are treated as equal to apps running on the host, so when apps in sandbox are under memory pressure, you can give more memory to the sandbox (and the same applies to the host). Guest physical pages provided are virtualized.
 
 ![A chart compares memory sharing in Windows Sandbox versus a traditional VM.](images/2-dynamic-working.png)
 
-### Memory sharing
+## Memory sharing
 
 Because Windows Sandbox runs the same operating system image as the host, it has been enhanced to use the same physical memory pages as the host for operating system binaries via a technology referred to as "direct map." For example, when *ntdll.dll* is loaded into memory in the sandbox, it uses the same executable pages as those of the binary when loaded on the host. Memory sharing between the host and sandbox results in a smaller memory footprint when compared to traditional VMs without compromising valuable host secrets.
 
 ![A chart compares the memory footprint in Windows Sandbox versus a traditional VM.](images/3-memory-sharing.png)
 
-### Integrated kernel scheduler
+## Integrated kernel scheduler
 
 With ordinary virtual machines, the Microsoft hypervisor controls the scheduling of the virtual processors running in the VMs. Windows Sandbox uses a new technology called "integrated scheduling," which allows the host scheduler to decide when the sandbox gets CPU cycles.
 
@@ -55,13 +53,13 @@ Windows Sandbox employs a unique scheduling policy that allows the virtual proce
  
 The goal is to treat Windows Sandbox like an app but with the security guarantees of a virtual machine.
  
-### Snapshot and clone
+## Snapshot and clone
 
 As we noted earlier, Windows Sandbox uses the Microsoft hypervisor. It essentially runs another copy of Windows that needs to be booted, and this can take some time. Rather than paying the full cost of booting the Windows Sandbox operating system every time Sandbox starts, two other technologies are utilized: *snapshot* and *clone.*
  
 *Snapshot*  allows us to boot the Windows Sandbox environment once and preserve the memory, CPU, and device state to disk. Then we can restore the Sandbox environment from disk and put it in memory, rather than booting it when we need a new instance of Sandbox. By cloning the in-memory snapshot of Windows Sandbox, start time is significantly improved.
  
-### WDDM GPU virtualization
+## WDDM GPU virtualization
 
 Hardware-accelerated rendering is key to a smooth and responsive user experience, especially for graphics-intense or media-heavy uses. But virtual machines are isolated from their hosts and can't access advanced devices like GPUs. The role of graphics virtualization technologies is to bridge this gap and provide hardware acceleration in virtualized environments.
  
@@ -83,35 +81,6 @@ This enables the Windows Sandbox VM to benefit from hardware-accelerated renderi
 
 To take advantage of these benefits, a system with a compatible GPU and graphics drivers (WDDM 2.5 or newer) is required. Incompatible systems will render apps in Windows Sandbox with the Microsoft CPU-based rendering technology, Windows Advanced Rasterization Platform (WARP).
  
-### Battery pass-through
+## Battery pass-through
 
 Windows Sandbox is also aware of the host's battery state, which allows it to optimize power consumption. This is critical for a technology that's used on laptops, where battery life is often critical.
-
-## Prerequites, installation, and basic use
-
-### Prerequisites
- 
-- Windows 10 Pro or Enterprise build 18305 or later (*Windows Sandbox is currently not supported on Home SKUs*)
-- AMD64 architecture
-- Virtualization capabilities enabled in BIOS
-- At least 4 GB of RAM (8 GB recommended)
-- At least 1 GB of free disk space (SSD recommended)
-- At least two CPU cores (four cores with hyperthreading recommended)
-
-### Installation
-
-1. Make sure your machine is using Windows 10 Pro or Enterprise build version 18305 or later.
-2. Enable virtualization on the machine.
-
-   - If you're using a physical machine, make sure virtualization capabilities are enabled in the BIOS.
-   - If you're using a virtual machine, run the following PowerShell command to enable nested virtualization:<br/> **Set -VMProcessor -VMName \<VMName> -ExposeVirtualizationExtensions $true**
-1. Use the search bar on the task bar and type **Turn Windows Features on and off**. Select **Windows Sandbox** and then **OK**. Restart the computer if you're prompted.
-
-   - If the **Windows Sandbox** option is unavailable, your computer doesn't meet the requirements to run Windows Sandbox. If you think this is incorrect, review the prerequisite list as well as steps 1 and 2.
-1.   Locate and select **Windows Sandbox** on the Start menu to run it for the first time.
-
-### Usage 
-1. Copy an executable file (and any other files needed to run the application) from the host into the Windows Sandbox window.
-2. Run the executable file or installer inside the sandbox.
-3.  When you're finished experimenting, close the sandbox. A dialog box will state that all sandbox content will be discarded and permanently deleted. Select **ok**.
-4. Confirm that your host machine doesn't exhibit any of the modifications that you made in Windows Sandbox.
diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
index 64064931a0..e78dc5e9c7 100644
--- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
@@ -28,14 +28,34 @@ Windows Sandbox has the following properties:
 - **Secure**: Uses hardware-based virtualization for kernel isolation. It relies on the Microsoft hypervisor to run a separate kernel that isolates Windows Sandbox from the host.
 - **Efficient:** Uses the integrated kernel scheduler, smart memory management, and virtual GPU.
 
-<!--
-
 The following video provides an overview of Windows Sandbox.
 
-[embed Ignite 2019 Sandbox talk video here, link is here: https://myignite.techcommunity.microsoft.com/sessions/79739?source=sessions ]
+[!VIDEO https://www.microsoft.com/videoplayer/embed/RE4rFAo]  
 
-[!VIDEO https://www.microsoft.com/videoplayer/embed/***XXXXXX***]  
-<!--
-RedTiger ID for embedding video requested 3/10 - Open WorkItem [25505527](https://office.visualstudio.com/MAX/_workitems/edit/3993527)
--->
 
+## Prerequisites
+ 
+- Windows 10 Pro or Enterprise build 18305 or later (*Windows Sandbox is currently not supported on Home SKUs*)
+- AMD64 architecture
+- Virtualization capabilities enabled in BIOS
+- At least 4 GB of RAM (8 GB recommended)
+- At least 1 GB of free disk space (SSD recommended)
+- At least two CPU cores (four cores with hyperthreading recommended)
+
+## Installation
+
+1. Make sure your machine is using Windows 10 Pro or Enterprise build version 18305 or later.
+2. Enable virtualization on the machine.
+
+   - If you're using a physical machine, make sure virtualization capabilities are enabled in the BIOS.
+   - If you're using a virtual machine, run the following PowerShell command to enable nested virtualization:<br/> **Set -VMProcessor -VMName \<VMName> -ExposeVirtualizationExtensions $true**
+1. Use the search bar on the task bar and type **Turn Windows Features on and off**. Select **Windows Sandbox** and then **OK**. Restart the computer if you're prompted.
+
+   - If the **Windows Sandbox** option is unavailable, your computer doesn't meet the requirements to run Windows Sandbox. If you think this is incorrect, review the prerequisite list as well as steps 1 and 2.
+1.   Locate and select **Windows Sandbox** on the Start menu to run it for the first time.
+
+## Usage 
+1. Copy an executable file (and any other files needed to run the application) from the host into the Windows Sandbox window.
+2. Run the executable file or installer inside the sandbox.
+3. When you're finished experimenting, close the sandbox. A dialog box will state that all sandbox content will be discarded and permanently deleted. Select **ok**.
+4. Confirm that your host machine doesn't exhibit any of the modifications that you made in Windows Sandbox.

From 5319a2c896426a8cdd91d6fff7369417527a7249 Mon Sep 17 00:00:00 2001
From: jborsecnik <v-jeffbo@microsoft.com>
Date: Wed, 11 Mar 2020 22:06:44 -0700
Subject: [PATCH 13/30] tweak video link

---
 .../windows-sandbox/windows-sandbox-overview.md                | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
index e78dc5e9c7..89e0690f30 100644
--- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
@@ -30,7 +30,8 @@ Windows Sandbox has the following properties:
 
 The following video provides an overview of Windows Sandbox.
 
-[!VIDEO https://www.microsoft.com/videoplayer/embed/RE4rFAo]  
+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE2CyhW]
+
 
 
 ## Prerequisites

From f471df4550d866511053c9f4aa99e97b2d7d2d99 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 12 Mar 2020 06:26:42 -0700
Subject: [PATCH 14/30] Update TOC.md

fixed casing for Windows Sandbox
---
 windows/security/threat-protection/TOC.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index ab883f207f..08013e1a74 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -607,9 +607,9 @@
 #### [SmartScreen Group Policy and mobile device management (MDM) settings](windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md)
 #### [Set up and use SmartScreen on individual devices](windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md)
 
-### [Windows sandbox](windows-sandbox/windows-sandbox-overview.md)
-#### [Windows sandbox architecture](windows-sandbox/windows-sandbox-architecture.md)
-#### [Windows sandbox configuration](windows-sandbox/windows-sandbox-configure-using-wsb-file.md)
+### [Windows Sandbox](windows-sandbox/windows-sandbox-overview.md)
+#### [Windows Sandbox architecture](windows-sandbox/windows-sandbox-architecture.md)
+#### [Windows Sandbox configuration](windows-sandbox/windows-sandbox-configure-using-wsb-file.md)
 
 ### [Windows Defender Device Guard: virtualization-based security and WDAC](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
 

From 3d91ce3d27149c4990b068c94e59d3914d03bac2 Mon Sep 17 00:00:00 2001
From: jborsecnik <v-jeffbo@microsoft.com>
Date: Thu, 12 Mar 2020 12:29:41 -0700
Subject: [PATCH 15/30] fix vid

---
 .../windows-sandbox/windows-sandbox-overview.md                | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
index 89e0690f30..2f5eefeaf0 100644
--- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
@@ -30,8 +30,7 @@ Windows Sandbox has the following properties:
 
 The following video provides an overview of Windows Sandbox.
 
-> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE2CyhW]
-
+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4rFAo]
 
 
 ## Prerequisites

From 3c04fbfa3d69e7b503b080e084a381834311dfc8 Mon Sep 17 00:00:00 2001
From: jborsecnik <v-jeffbo@microsoft.com>
Date: Thu, 12 Mar 2020 16:55:16 -0700
Subject: [PATCH 16/30] updates per M doc

---
 .../windows-sandbox-architecture.md           |  48 ++---
 ...indows-sandbox-configure-using-wsb-file.md | 172 +++++++++---------
 .../windows-sandbox-overview.md               |   2 +-
 3 files changed, 99 insertions(+), 123 deletions(-)

diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md
index 202de62262..693bd37571 100644
--- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md
@@ -15,71 +15,47 @@ ms.reviewer:
 
 # Windows Sandbox architecture
 
-This article describes the Windows Sandbox basics.
+Windows Sandbox benefits from new container technology in Windows in order to achieve a combination of security, density, and performance that is not available in traditional VMs.
 
 ## Dynamically generated image
 
-At its core, Windows Sandbox is a lightweight virtual machine, so it needs an operating system image to boot from. Instead of giving the sandbox a separate copy of Windows to boot from, our Dynamic Base Image technology lets us use the copy of Windows that's already installed on the host.
+Containers requires an operating system image to boot from. Rather than providing a separate copy of Windows to boot from, Dynamic Base Image technology leverages the copy of Windows that's already installed on the host.
 
-Most OS files are immutable and can be freely shared with Windows Sandbox. A small portion of the OS files are mutable and we can't be shared. Windows Sandbox contains pristine copies of these files. A complete Windows image can be constructed from a combination of the sharable immutable files on the host and the pristine copies of mutable files. By using this scheme, Windows Sandbox has a full Windows installation to boot from without needing to download or store an additional copy of Windows.
+Most OS files are immutable and can be freely shared with Windows Sandbox. A small portion of the OS files are mutable and we can't be shared. But the container base image contains pristine copies of these files. A complete Windows image can be constructed from a combination of the sharable immutable files on the host and the pristine copies of mutable files. By using this scheme, Windows Sandbox has a full Windows installation to boot from without needing to download or store an additional copy of Windows.
  
-Before Windows Sandbox is installed, the dynamic base image is stored in a compressed 25-MB package. Once it's installed, the dynamic base package occupies about 500 MB of disk space.
+Before Windows Sandbox is installed, the dynamic base image package is stored as a compressed 30-MB package. Once it's installed, the dynamic base image occupies about 500 MB of disk space.
 
 ![A chart compares scale of dynamic image of files and links with the host file system.](images/1-dynamic-host.png)
 
 ## Memory management
 
-For traditional virtual machines (VMs), a portion of host memory is dedicated for exclusive use by the VM.  If the host later comes under resource pressure, it can't use the memory that was dedicated to the VM.  Nor can it provide more memory, if available, to the VM. Windows Sandbox treats memory more like how memory is allocated to applications. All apps on the machine can request the amount of memory that they need. The amount that they get will be a function of what other apps are running and how much memory they need. And the amount of memory available for use by an application can change over time.
- 
-## Dynamic working set
-
-When using a VM, the user is effectively partitioning their machine. If the host is under memory pressure, it can't use the memory already allocated to the VM. But applications in the sandbox are treated as equal to apps running on the host, so when apps in sandbox are under memory pressure, you can give more memory to the sandbox (and the same applies to the host). Guest physical pages provided are virtualized.
+Traditional VM's apportion statically sized allocations of host memory. When resource needs change, classic VM's have limited mechanisms for adjusting their resource needs. On the other hand, containers collaborate with the host in order to dynamically determine how host resources are allocated. This is similar to how processes normally compete for memory on the host. If the host is under memory pressure, it is able to reclaim memory from the container much like it would with a process.
 
 ![A chart compares memory sharing in Windows Sandbox versus a traditional VM.](images/2-dynamic-working.png)
 
 ## Memory sharing
 
-Because Windows Sandbox runs the same operating system image as the host, it has been enhanced to use the same physical memory pages as the host for operating system binaries via a technology referred to as "direct map." For example, when *ntdll.dll* is loaded into memory in the sandbox, it uses the same executable pages as those of the binary when loaded on the host. Memory sharing between the host and sandbox results in a smaller memory footprint when compared to traditional VMs without compromising valuable host secrets.
+Because Windows Sandbox runs the same operating system image as the host, it has been enhanced to use the same physical memory pages as the host for operating system binaries via a technology referred to as "direct map." For example, when *ntdll.dll* is loaded into memory in the sandbox, it uses the same physical pages as those of the binary when loaded on the host. Memory sharing between the host and sandbox results in a smaller memory footprint when compared to traditional VMs without compromising valuable host secrets.
 
 ![A chart compares the memory footprint in Windows Sandbox versus a traditional VM.](images/3-memory-sharing.png)
 
 ## Integrated kernel scheduler
 
-With ordinary virtual machines, the Microsoft hypervisor controls the scheduling of the virtual processors running in the VMs. Windows Sandbox uses a new technology called "integrated scheduling," which allows the host scheduler to decide when the sandbox gets CPU cycles.
+With ordinary virtual machines, the Microsoft hypervisor controls the scheduling of the virtual processors running in the VMs. Windows Sandbox uses new technology called "integrated scheduling," which allows the host scheduler to decide when the sandbox gets CPU cycles.
 
 ![A chart compares the scheduling in Windows Sandbox versus a traditional VM.](images/4-integrated-kernal.png)
 
-Windows Sandbox employs a unique scheduling policy that allows the virtual processors of the sandbox to be scheduled in the same way as threads would be scheduled for a process. High-priority tasks on the host can preempt less important work in the sandbox. The benefit of the integrated scheduler is that the host manages Windows Sandbox as a process rather than a virtual machine, which results in a much more responsive host, similar to Linux KVM.
- 
-The goal is to treat Windows Sandbox like an app but with the security guarantees of a virtual machine.
- 
-## Snapshot and clone
-
-As we noted earlier, Windows Sandbox uses the Microsoft hypervisor. It essentially runs another copy of Windows that needs to be booted, and this can take some time. Rather than paying the full cost of booting the Windows Sandbox operating system every time Sandbox starts, two other technologies are utilized: *snapshot* and *clone.*
- 
-*Snapshot*  allows us to boot the Windows Sandbox environment once and preserve the memory, CPU, and device state to disk. Then we can restore the Sandbox environment from disk and put it in memory, rather than booting it when we need a new instance of Sandbox. By cloning the in-memory snapshot of Windows Sandbox, start time is significantly improved.
+Windows Sandbox employs a unique policy that allows the virtual processors of the Sandbox to be scheduled like host threads. Under this scheme, high-priority tasks on the host can preempt less important work in the Sandbox. This means that the most important work will be prioritized, whether it is on the host or in the container.
  
 ## WDDM GPU virtualization
 
-Hardware-accelerated rendering is key to a smooth and responsive user experience, especially for graphics-intense or media-heavy uses. But virtual machines are isolated from their hosts and can't access advanced devices like GPUs. The role of graphics virtualization technologies is to bridge this gap and provide hardware acceleration in virtualized environments.
- 
-Microsoft is working with its graphics ecosystem partners to integrate modern graphics virtualization capabilities directly into DirectX and Windows Display Driver Model (WDDM), the driver model that's used for Windows.
+Hardware accelerated rendering is key to a smooth and responsive user experience, especially for graphics-intensive use cases. Microsoft has worked with its graphics ecosystem partners to integrate modern graphics virtualization capabilities directly into DirectX and WDDM, the driver model used by display drivers on Windows. 
+
+This allows programs running inside of the Sandbox to compete for GPU resources with applications running on the host.
 
 ![A chart illustrates graphics kernel use in Sandbox managed alongside apps on the host.](images/5-wddm-gpu-virtualization.png)
 
-At a high level, this form of graphics virtualization works as follows:
-
-- Apps running in a Hyper-V VM use graphics APIs as normal.
-- Graphics components in the VM, which have been enlightened to support virtualization, coordinate across the VM boundary with the host to execute graphics workloads.
-- The host allocates and schedules graphics resources among apps in the VM alongside the apps that are running natively. Conceptually, they behave as one pool of graphics clients.
-
-This process is illustrated here:
-
-![A chart illustrates graphics resource use on the host and guest.](images/6-wddm-gpu-virtualization-2.png)
-
-This enables the Windows Sandbox VM to benefit from hardware-accelerated rendering, with Windows dynamically allocating graphics resources where they're needed across the host and guest. The result is improved performance and responsiveness for apps running in Windows Sandbox, as well as improved battery life for graphics-heavy uses.
-
-To take advantage of these benefits, a system with a compatible GPU and graphics drivers (WDDM 2.5 or newer) is required. Incompatible systems will render apps in Windows Sandbox with the Microsoft CPU-based rendering technology, Windows Advanced Rasterization Platform (WARP).
+To take advantage of these benefits, a system with a compatible GPU and graphics drivers (WDDM 2.5 or newer) is required. Incompatible systems will render apps in Windows Sandbox with Microsoft's CPU-based rendering technology (WARP).
  
 ## Battery pass-through
 
diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
index 20b66df936..ba2f4e2d3d 100644
--- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
@@ -15,7 +15,7 @@ ms.reviewer:
 
 # Use a .wsb file to configure Windows Sandbox
 
-Windows Sandbox supports simple configuration files (that have a .wsb file extension), which provide a minimal set of customization parameters for Sandbox. This feature can be used with Windows 10 build 18342 or later.
+Windows Sandbox supports simple configuration files, which provide a minimal set of customization parameters for Sandbox. This feature can be used with Windows 10 build 18342 or later.
 
 Windows Sandbox configuration files are formatted as XML and are associated with Sandbox via the .wsb file extension. To use a configuration file, double-click it to open it in the sandbox. You can also invoke it via the command line as shown here:
 
@@ -25,7 +25,7 @@ Windows Sandbox configuration files are formatted as XML and are associated with
 - **vGPU (virtualized GPU)**: Enable or disable the virtualized GPU. If vGPU is disabled, the sandbox will use WARP (software rasterizer).
 - **Networking**: Enable or disable network access within the sandbox.
 - **Mapped folders**: Share folders from the host with *read* or *write* permissions. Note that exposing host directories may allow malicious software to affect the system or steal data.
-- **Logon command**: A command that's executed when Windows Sandbox starts. <LogonCommand>
+- **Logon command**: A command that's executed when Windows Sandbox starts.
 - **Audio input**: Shares the host's microphone input into the sandbox.
 - **Video input**: Shares the host's webcam input into the sandbox.
 - **Protected client**: Places increased security settings on the RDP session to the sandbox.
@@ -58,37 +58,33 @@ Supported values:
 > [!NOTE]
 > Enabling networking can expose untrusted applications to the internal network.
 
-**MappedFolders**: Wraps a list of MappedFolder objects.
+**Mapped Folders**: An array of folders, each representing a location on the host machine which will be shared into the sandbox at the specified path. If no path is specified, the folder will be mapped to the container user's desktop.
 
 `<MappedFolders>`
-    list of MappedFolder objects
+      list of MappedFolder objects  <MappedFolder> 
+       <HostFolder>path to the host folder</HostFolder> 
+       <SandboxFolder>path to the sandbox folder</SandboxFolder> 
+       <ReadOnly>value</ReadOnly> 
+  </MappedFolder>
+  <MappedFolder>  
+    ...
+  </MappedFolder>
+
 `</MappedFolders>`
 
-> [!NOTE]
-> Files and folders mapped in from the host can be compromised by apps in the sandbox or potentially affect the host.
-
-**MappedFolder**: Specifies a single folder on the host machine that will be shared on the container desktop. Apps in the sandbox are run under the user account *WDAGUtilityAccount*. If no sandbox path is specified, a folder is mapped to the following path:<br/>`C:\Users\WDAGUtilityAccount\Desktop`
-
-Example: "C:\Test" will be mapped as "C:\users\WDAGUtilityAccount\Desktop\Test by default.
-
-```
-<MappedFolder>
-     <HostFolder>path to the host folder</HostFolder>
-     <SandboxFolder>path to the sandbox folder</SandboxFolder>
-     <ReadOnly>value</ReadOnly>
-</MappedFolder>
 ```
 
-*HostFolder*: Specifies the folder on the host machine to share to the sandbox. The folder must already exist on the host, or the container will fail to start if the folder isn't found.
+*HostFolder*: Specifies the folder on the host machine to share into the sandbox. Note that the folder must already exist on the host or the container will fail to start.
 
-*SandboxFolder*: Specifies the destination in the Sandbox to map the folder to. If the folder doesn't exist, it will be created.
+*SandboxFolder*: Specifies the destination in the sandbox to map the folder to. If the folder does not exist, it will be created. If no sandbox folder is specified, the folder will be mapped to the container desktop.
+
+*ReadOnly*: If *true*, enforces read-only access to the shared folder from within the container. Supported values: true/false. Defaults to false.
 
-*ReadOnly*: If *true*, enforces *read-only* access to the shared folder from within the container. Supported values: *true*/*false*. Defaults to *false*.
 
 > [!NOTE] 
 > Files and folders mapped in from the host can be compromised by apps in the sandbox or potentially affect the host.
 
-**LogonCommand**: Specifies a single command that will be invoked automatically after the sandbox logs on.
+**Logon Command**: Specifies a single command which will be invoked automatically after the sandbox logs on. Apps in the sandbox are run under the container user account.
 
 ```
 <LogonCommand>
@@ -99,11 +95,69 @@ Example: "C:\Test" will be mapped as "C:\users\WDAGUtilityAccount\Desktop\Test b
 *Command*: A path to an executable or script inside the container that will be executed after login.
 
 > [!NOTE]
-> Although very simple commands work (such as launching an executable or script), more-complicated scenarios that have multiple steps should be placed in a script file. This script file can be mapped to the container via a shared folder and then executed via the *LogonCommand* directive.
+> Although very simple commands will work (launching an executable or script), more complicated scenarios involving multiple steps should be placed into a script file. This script file may be mapped into the container via a shared folder, and then executed via the *LogonCommand* directive.
 
-***Example 1***
+**AudioInput**: Enables or disables audio input to the sandbox.
 
-The following config file can be used to easily test downloaded files inside the sandbox. To do this, the script disables networking and vGPU and restricts the shared downloads folder to *read-only* access in the container. For convenience, the logon command opens the downloads folder inside the container when it's started.
+`<AudioInput>value</AudioInput>`
+
+Supported values:
+- *Enable*: Enables audio input in the sandbox. If this value is set, the sandbox will be able to receive audio input from the user. Applications that use a microphone may need this setting.
+- *Disable*: Disables audio input in the sandbox. If this value is set, the sandbox can't receive audio input from the user. Applications that use a microphone may not function properly with this setting.
+- *Default*: This is the default value for audio input support. Currently this means audio input is enabled.
+
+> [!NOTE]
+> There may be security implications of exposing host audio input to the container.
+ 
+**VideoInput**: Enables or disables video input to the sandbox.
+
+`<VideoInput>value</VideoInput>`
+
+Supported values:
+- *Enable*: Enables video input in the sandbox. 
+- *Disable*: Disables video input in the sandbox. Applications that use video input may not function properly in the sandbox.
+- *Default*: This is the default value for video input support. Currently this means video input is disabled. Applications that use video input may not function properly in the sandbox.
+
+> [!NOTE]
+> There may be security implications of exposing host video input to the container.
+
+**Protected Client**: Implements increased-security settings on the sandbox RDP session. These settings decrease the attack surface of the sandbox.
+
+`<ProtectedClient>value</ProtectedClient>`
+
+Supported values:
+- *Enable*: Runs Windows sandbox in Protected Client mode. If this value is set, the sandbox runs with extra security mitigations enabled.
+- *Disable*: Runs the sandbox in standard mode without extra security mitigations.
+- *Default*: This is the default value for Protected Client mode. Currently, this means the sandbox doesn't run in Protected Client mode.
+
+> [!NOTE]
+> This setting may restrict the user's ability to copy/paste files in and out of the sandbox.
+
+**Printer Redirection**: Enables or disables printer sharing from the host into the sandbox.
+
+`<PrinterRedirection>value</PrinterRedirection>`
+
+Supported values:
+- *Enable*: Enables sharing of host printers into the sandbox.
+- *Disable*: Disables printer redirection in the sandbox. If this value is set, the sandbox can't view printers from the host.
+- *Default*: This is the default value for printer redirection support. Currently this means printer redirection is disabled.
+
+**ClipboardRedirection**: Enables or disables sharing of the host clipboard with the sandbox.
+
+`<ClipboardRedirection>value</ClipboardRedirection>`
+
+Supported values:
+- *Disable*: Disables clipboard redirection in the sandbox. If this value is set, copy/paste in and out of the sandbox will be restricted. 
+- *Default*: This is the default value for clipboard redirection. Currently copy/paste between the host and sandbox are permitted under *Default*.
+
+**MemoryInMB**: Specifies the amount of memory that the sandbox can use in megabytes (MB).
+
+`<MemoryInMB>value</MemoryInMB>`
+
+If the memory value specified is insufficient to boot a sandbox, it will be automatically increased to the required minimum amount.
+
+***Example 1***   
+The following config file can be used to easily test downloaded files inside of the sandbox. To achieve this, the script disables networking and vGPU, and restricts the shared downloads folder to read-only access in the container. For convenience, the logon command opens the downloads folder inside of the container when it is started.
 
 *Downloads.wsb*
 
@@ -114,34 +168,33 @@ The following config file can be used to easily test downloaded files inside the
  <MappedFolders>
     <MappedFolder>
       <HostFolder>C:\Users\Public\Downloads</HostFolder>
+      <SandboxFolder>C:\Users\WDAGUtilityAccount\Downloads</SandboxFolder>
       <ReadOnly>true</ReadOnly>
     </MappedFolder>
  </MappedFolders>
  <LogonCommand>
-    <Command>explorer.exe C:\users\WDAGUtilityAccount\Desktop\Downloads</Command>
+    <Command>explorer.exe C:\users\WDAGUtilityAccount\Downloads</Command>
  </LogonCommand>
-</Configuration>
+</```Configuration>
 ```
-
 ***Example 2***
-
 The following config file installs Visual Studio Code in the sandbox, which requires a slightly more complicated LogonCommand setup.
 
-Two folders are mapped into the sandbox. The first folder (SandboxScripts) contains VSCodeInstall.cmd, which installs and runs Visual Studio Code. The second folder (CodingProjects) is assumed to contain project files that the developer wants to modify by using Visual Studio Code.
+Two folders are mapped into the sandbox; the first (SandboxScripts) contains VSCodeInstall.cmd, which will install and run VSCode. The second folder (CodingProjects) is assumed to contain project files that the developer wants to modify using VSCode.
 
-With the Visual Studio Code installer script already mapped into the sandbox, the LogonCommand can reference it.
+With the VSCode installer script already mapped into the sandbox, the LogonCommand can reference it.
 
 *VSCodeInstall.cmd*
 
 ```
-REM Download Visual Studio Code
+REM Download VSCode
 curl -L "https://update.code.visualstudio.com/latest/win32-x64-user/stable" --output C:\users\WDAGUtilityAccount\Desktop\vscode.exe
 
-REM Install and run Visual Studio Code
+REM Install and run VSCode
 C:\users\WDAGUtilityAccount\Desktop\vscode.exe /verysilent /suppressmsgboxes
 ```
 
-VSCode.wsb
+8VSCode.wsb*
 
 ```
 <Configuration>
@@ -161,59 +214,6 @@ VSCode.wsb
 </Configuration>
 ```
 
-**AudioInput**: Enables or disables audio input to the sandbox.
-
-`<AudioInput>value</AudioInput>`
-
-Supported values:
-- *Enable*: Enables audio input in the sandbox. If this value is set, the sandbox will be able to receive audio input from the user. Applications that use a microphone may need this setting.
-- *Disable*: Disables audio input in the sandbox. If this value is set, the sandbox can't receive audio input from the user. Applications that use a microphone may not function properly with this setting.
-- *Default*: This is the default value for audio input support. Currently this means audio input is enabled.
- 
-**VideoInput**: Enables or disables video input to the sandbox.
-
-`<VideoInput>value</VideoInput>`
-
-Supported values:
-- *Enable*: Enables video input in the sandbox. 
-- *Disable*: Disables video input in the sandbox. Applications that use video input may not function properly in the sandbox.
-- *Default*: This is the default value for video input support. Currently this means video input is disabled. Applications that use video input may not function properly in the sandbox.
-
-**ProtectedClient**: Implements increased-security settings on the sandbox RDP session. These settings decrease the attack surface of the sandbox.
-
-`<ProtectedClient>value</ProtectedClient>`
-
-Supported values:
-- *Enable*: Runs Windows Sandbox in Protected Client mode. If this value is set, the sandbox runs with extra security mitigations enabled.
-- *Disable*: Runs the sandbox in standard mode without extra security mitigations.
-- *Default*: This is the default value for Protected Client mode. Currently, this means the sandbox doesn't run in Protected Client mode.
-
-> [!NOTE]
-> This setting may restrict the user's ability to copy/paste files in and out of the sandbox.
-
-**PrinterRedirection**: Enables or disables printer sharing from the host into the sandbox.
-
-`<PrinterRedirection>value</PrinterRedirection>`
-
-Supported values:
-- *Enable*: Enables sharing of host printers into the sandbox.
-- *Disable*: Disables printer redirection in the sandbox. If this value is set, the sandbox can't view printers from the host.
-- *Default*: This is the default value for printer redirection support. Currently this means printer redirection is disabled.
-
-**ClipboardRedirection**: Enables or disables clipboard sharing with the sandbox.
-
-`<ClipboardRedirection>value</ClipboardRedirection>`
-
-Supported values:
-- *Disable*: Disables clipboard redirection in Sandbox. If this value is set, copy/paste in and out of Sandbox will be restricted. 
-- *Default*: This is the default value for clipboard redirection. Currently copy/paste between the host and Sandbox are permitted under *Default*.
-
-**MemoryInMB**: Specifies the amount of memory that the sandbox can use in megabytes (MB).
-
-`<MemoryInMB>value</MemoryInMB>`
-
-Supported values: An integer greater than 2048 (2 GB).
-
 <!--
 
 FAQ (future)
diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
index 2f5eefeaf0..a01cada336 100644
--- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
@@ -44,7 +44,7 @@ The following video provides an overview of Windows Sandbox.
 
 ## Installation
 
-1. Make sure your machine is using Windows 10 Pro or Enterprise build version 18305 or later.
+1. Ensure that your machine is using Windows 10 Pro or Enterprise build version 18305 or later.
 2. Enable virtualization on the machine.
 
    - If you're using a physical machine, make sure virtualization capabilities are enabled in the BIOS.

From 5d43bfac6ed55b091f43ad084cd343e270cebeb3 Mon Sep 17 00:00:00 2001
From: jborsecnik <v-jeffbo@microsoft.com>
Date: Thu, 12 Mar 2020 17:56:09 -0700
Subject: [PATCH 17/30] corrections to updates

---
 .../windows-sandbox-architecture.md           | 18 ++++----
 ...indows-sandbox-configure-using-wsb-file.md | 46 +++++++++----------
 .../windows-sandbox-overview.md               |  4 +-
 3 files changed, 34 insertions(+), 34 deletions(-)

diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md
index 693bd37571..fbc753ac22 100644
--- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md
@@ -15,13 +15,13 @@ ms.reviewer:
 
 # Windows Sandbox architecture
 
-Windows Sandbox benefits from new container technology in Windows in order to achieve a combination of security, density, and performance that is not available in traditional VMs.
+Windows Sandbox benefits from new container technology in Windows to achieve a combination of security, density, and performance that's not available in traditional VMs.
 
 ## Dynamically generated image
 
-Containers requires an operating system image to boot from. Rather than providing a separate copy of Windows to boot from, Dynamic Base Image technology leverages the copy of Windows that's already installed on the host.
+Containers require an operating system image to boot from. Rather than providing a separate copy of Windows to boot from, Dynamic Base Image technology leverages the copy of Windows that's already installed on the host.
 
-Most OS files are immutable and can be freely shared with Windows Sandbox. A small portion of the OS files are mutable and we can't be shared. But the container base image contains pristine copies of these files. A complete Windows image can be constructed from a combination of the sharable immutable files on the host and the pristine copies of mutable files. By using this scheme, Windows Sandbox has a full Windows installation to boot from without needing to download or store an additional copy of Windows.
+Most OS files are immutable and can be freely shared with Windows Sandbox. A small portion of the OS files are mutable and we can't be shared. But the container base image contains pristine copies of these files. A complete Windows image can be constructed from a combination of the sharable immutable files on the host and the pristine copies of the mutable files. By using this scheme, Windows Sandbox has a full Windows installation to boot from without needing to download or store an additional copy of Windows.
  
 Before Windows Sandbox is installed, the dynamic base image package is stored as a compressed 30-MB package. Once it's installed, the dynamic base image occupies about 500 MB of disk space.
 
@@ -29,13 +29,13 @@ Before Windows Sandbox is installed, the dynamic base image package is stored as
 
 ## Memory management
 
-Traditional VM's apportion statically sized allocations of host memory. When resource needs change, classic VM's have limited mechanisms for adjusting their resource needs. On the other hand, containers collaborate with the host in order to dynamically determine how host resources are allocated. This is similar to how processes normally compete for memory on the host. If the host is under memory pressure, it is able to reclaim memory from the container much like it would with a process.
+Traditional VMs apportion statically sized allocations of host memory. When resource needs change, classic VMs have limited mechanisms for adjusting their resource needs. On the other hand, containers collaborate with the host to dynamically determine how host resources are allocated. This is similar to how processes normally compete for memory on the host. If the host is under memory pressure, it can reclaim memory from the container much like it would with a process.
 
 ![A chart compares memory sharing in Windows Sandbox versus a traditional VM.](images/2-dynamic-working.png)
 
 ## Memory sharing
 
-Because Windows Sandbox runs the same operating system image as the host, it has been enhanced to use the same physical memory pages as the host for operating system binaries via a technology referred to as "direct map." For example, when *ntdll.dll* is loaded into memory in the sandbox, it uses the same physical pages as those of the binary when loaded on the host. Memory sharing between the host and sandbox results in a smaller memory footprint when compared to traditional VMs without compromising valuable host secrets.
+Because Windows Sandbox runs the same operating system image as the host, it has been enhanced to use the same physical memory pages as the host for operating system binaries via a technology referred to as "direct map." For example, when *ntdll.dll* is loaded into memory in the sandbox, it uses the same physical pages as those of the binary when loaded on the host. Memory sharing between the host and the sandbox results in a smaller memory footprint when compared to traditional VMs, without compromising valuable host secrets.
 
 ![A chart compares the memory footprint in Windows Sandbox versus a traditional VM.](images/3-memory-sharing.png)
 
@@ -45,17 +45,17 @@ With ordinary virtual machines, the Microsoft hypervisor controls the scheduling
 
 ![A chart compares the scheduling in Windows Sandbox versus a traditional VM.](images/4-integrated-kernal.png)
 
-Windows Sandbox employs a unique policy that allows the virtual processors of the Sandbox to be scheduled like host threads. Under this scheme, high-priority tasks on the host can preempt less important work in the Sandbox. This means that the most important work will be prioritized, whether it is on the host or in the container.
+Windows Sandbox employs a unique policy that allows the virtual processors of the Sandbox to be scheduled like host threads. Under this scheme, high-priority tasks on the host can preempt less important work in the Sandbox. This means that the most important work will be prioritized, whether it's on the host or in the container.
  
 ## WDDM GPU virtualization
 
-Hardware accelerated rendering is key to a smooth and responsive user experience, especially for graphics-intensive use cases. Microsoft has worked with its graphics ecosystem partners to integrate modern graphics virtualization capabilities directly into DirectX and WDDM, the driver model used by display drivers on Windows. 
+Hardware accelerated rendering is key to a smooth and responsive user experience, especially for graphics-intensive use cases. Microsoft works with its graphics ecosystem partners to integrate modern graphics virtualization capabilities directly into DirectX and Windows Display Driver Model (WDDM), the driver model used by Windows.
 
-This allows programs running inside of the Sandbox to compete for GPU resources with applications running on the host.
+This allows programs running inside the sandbox to compete for GPU resources with applications that are running on the host.
 
 ![A chart illustrates graphics kernel use in Sandbox managed alongside apps on the host.](images/5-wddm-gpu-virtualization.png)
 
-To take advantage of these benefits, a system with a compatible GPU and graphics drivers (WDDM 2.5 or newer) is required. Incompatible systems will render apps in Windows Sandbox with Microsoft's CPU-based rendering technology (WARP).
+To take advantage of these benefits, a system with a compatible GPU and graphics drivers (WDDM 2.5 or newer) is required. Incompatible systems will render apps in Windows Sandbox with Microsoft's CPU-based rendering technology, Windows Advanced Rasterization Platform (WARP).
  
 ## Battery pass-through
 
diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
index ba2f4e2d3d..1c995e8174 100644
--- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
@@ -22,7 +22,7 @@ Windows Sandbox configuration files are formatted as XML and are associated with
 **C:\Temp> MyConfigFile.wsb** 
 
  A configuration file enables the user to control the following aspects of Windows Sandbox:
-- **vGPU (virtualized GPU)**: Enable or disable the virtualized GPU. If vGPU is disabled, the sandbox will use WARP (software rasterizer).
+- **vGPU (virtualized GPU)**: Enable or disable the virtualized GPU. If vGPU is disabled, the sandbox will use Windows Advanced Rasterization Platform (WARP).
 - **Networking**: Enable or disable network access within the sandbox.
 - **Mapped folders**: Share folders from the host with *read* or *write* permissions. Note that exposing host directories may allow malicious software to affect the system or steal data.
 - **Logon command**: A command that's executed when Windows Sandbox starts.
@@ -41,7 +41,7 @@ Windows Sandbox configuration files are formatted as XML and are associated with
 
 Supported values:
 - *Enable*: Enables vGPU support in the sandbox.
-- *Disable*: Disables vGPU support in the sandbox. If this value is set, the sandbox will use software rendering, which can be slower than virtualized GPU.
+- *Disable*: Disables vGPU support in the sandbox. If this value is set, the sandbox will use software rendering, which may be slower than virtualized GPU.
 - *Default* This is the default value for vGPU support. Currently this means vGPU is disabled.
 
 > [!NOTE]
@@ -58,8 +58,9 @@ Supported values:
 > [!NOTE]
 > Enabling networking can expose untrusted applications to the internal network.
 
-**Mapped Folders**: An array of folders, each representing a location on the host machine which will be shared into the sandbox at the specified path. If no path is specified, the folder will be mapped to the container user's desktop.
+**Mapped folders**: An array of folders, each representing a location on the host machine that will be shared into the sandbox at the specified path. If no path is specified, the folder will be mapped to the container user's desktop.
 
+```
 `<MappedFolders>`
       list of MappedFolder objects  <MappedFolder> 
        <HostFolder>path to the host folder</HostFolder> 
@@ -69,22 +70,20 @@ Supported values:
   <MappedFolder>  
     ...
   </MappedFolder>
-
 `</MappedFolders>`
-
 ```
 
-*HostFolder*: Specifies the folder on the host machine to share into the sandbox. Note that the folder must already exist on the host or the container will fail to start.
+*HostFolder*: Specifies the folder on the host machine to share into the sandbox. Note that the folder must already exist on the host, or the container will fail to start.
 
-*SandboxFolder*: Specifies the destination in the sandbox to map the folder to. If the folder does not exist, it will be created. If no sandbox folder is specified, the folder will be mapped to the container desktop.
+*SandboxFolder*: Specifies the destination in the sandbox to map the folder to. If the folder doesn't exist, it will be created. If no sandbox folder is specified, the folder will be mapped to the container desktop.
 
-*ReadOnly*: If *true*, enforces read-only access to the shared folder from within the container. Supported values: true/false. Defaults to false.
+*ReadOnly*: If *true*, enforces read-only access to the shared folder from within the container. Supported values: *true*/*false*. Defaults to *false*.
 
 
 > [!NOTE] 
 > Files and folders mapped in from the host can be compromised by apps in the sandbox or potentially affect the host.
 
-**Logon Command**: Specifies a single command which will be invoked automatically after the sandbox logs on. Apps in the sandbox are run under the container user account.
+**Logon command**: Specifies a single command that will be invoked automatically after the sandbox logs on. Apps in the sandbox are run under the container user account.
 
 ```
 <LogonCommand>
@@ -95,9 +94,9 @@ Supported values:
 *Command*: A path to an executable or script inside the container that will be executed after login.
 
 > [!NOTE]
-> Although very simple commands will work (launching an executable or script), more complicated scenarios involving multiple steps should be placed into a script file. This script file may be mapped into the container via a shared folder, and then executed via the *LogonCommand* directive.
+> Although very simple commands will work (such as launching an executable or script), more complicated scenarios involving multiple steps should be placed into a script file. This script file may be mapped into the container via a shared folder, and then executed via the *LogonCommand* directive.
 
-**AudioInput**: Enables or disables audio input to the sandbox.
+**Audio input**: Enables or disables audio input to the sandbox.
 
 `<AudioInput>value</AudioInput>`
 
@@ -109,7 +108,7 @@ Supported values:
 > [!NOTE]
 > There may be security implications of exposing host audio input to the container.
  
-**VideoInput**: Enables or disables video input to the sandbox.
+**Video input**: Enables or disables video input to the sandbox.
 
 `<VideoInput>value</VideoInput>`
 
@@ -121,7 +120,7 @@ Supported values:
 > [!NOTE]
 > There may be security implications of exposing host video input to the container.
 
-**Protected Client**: Implements increased-security settings on the sandbox RDP session. These settings decrease the attack surface of the sandbox.
+**Protected client**: Implements increased-security settings on the sandbox RDP session. These settings decrease the attack surface of the sandbox.
 
 `<ProtectedClient>value</ProtectedClient>`
 
@@ -133,7 +132,7 @@ Supported values:
 > [!NOTE]
 > This setting may restrict the user's ability to copy/paste files in and out of the sandbox.
 
-**Printer Redirection**: Enables or disables printer sharing from the host into the sandbox.
+**Printer redirection**: Enables or disables printer sharing from the host into the sandbox.
 
 `<PrinterRedirection>value</PrinterRedirection>`
 
@@ -142,7 +141,7 @@ Supported values:
 - *Disable*: Disables printer redirection in the sandbox. If this value is set, the sandbox can't view printers from the host.
 - *Default*: This is the default value for printer redirection support. Currently this means printer redirection is disabled.
 
-**ClipboardRedirection**: Enables or disables sharing of the host clipboard with the sandbox.
+**Clipboard redirection**: Enables or disables sharing of the host clipboard with the sandbox.
 
 `<ClipboardRedirection>value</ClipboardRedirection>`
 
@@ -150,14 +149,14 @@ Supported values:
 - *Disable*: Disables clipboard redirection in the sandbox. If this value is set, copy/paste in and out of the sandbox will be restricted. 
 - *Default*: This is the default value for clipboard redirection. Currently copy/paste between the host and sandbox are permitted under *Default*.
 
-**MemoryInMB**: Specifies the amount of memory that the sandbox can use in megabytes (MB).
+**Memory in MB**: Specifies the amount of memory that the sandbox can use in megabytes (MB).
 
 `<MemoryInMB>value</MemoryInMB>`
 
 If the memory value specified is insufficient to boot a sandbox, it will be automatically increased to the required minimum amount.
 
 ***Example 1***   
-The following config file can be used to easily test downloaded files inside of the sandbox. To achieve this, the script disables networking and vGPU, and restricts the shared downloads folder to read-only access in the container. For convenience, the logon command opens the downloads folder inside of the container when it is started.
+The following config file can be used to easily test downloaded files inside the sandbox. To achieve this, the script disables networking and vGPU and restricts the shared downloads folder to read-only access in the container. For convenience, the logon command opens the downloads folder inside the container when it's started.
 
 *Downloads.wsb*
 
@@ -175,26 +174,27 @@ The following config file can be used to easily test downloaded files inside of
  <LogonCommand>
     <Command>explorer.exe C:\users\WDAGUtilityAccount\Downloads</Command>
  </LogonCommand>
-</```Configuration>
+</Configuration>
 ```
 ***Example 2***
+
 The following config file installs Visual Studio Code in the sandbox, which requires a slightly more complicated LogonCommand setup.
 
-Two folders are mapped into the sandbox; the first (SandboxScripts) contains VSCodeInstall.cmd, which will install and run VSCode. The second folder (CodingProjects) is assumed to contain project files that the developer wants to modify using VSCode.
+Two folders are mapped into the sandbox; the first (SandboxScripts) contains VSCodeInstall.cmd, which will install and run Visual Studio Code. The second folder (CodingProjects) is assumed to contain project files that the developer wants to modify using Visual Studio Code.
 
-With the VSCode installer script already mapped into the sandbox, the LogonCommand can reference it.
+With the Visual Studio Code installer script already mapped into the sandbox, the LogonCommand can reference it.
 
 *VSCodeInstall.cmd*
 
 ```
-REM Download VSCode
+REM Download Visual Studio Code
 curl -L "https://update.code.visualstudio.com/latest/win32-x64-user/stable" --output C:\users\WDAGUtilityAccount\Desktop\vscode.exe
 
-REM Install and run VSCode
+REM Install and run Visual Studio Code
 C:\users\WDAGUtilityAccount\Desktop\vscode.exe /verysilent /suppressmsgboxes
 ```
 
-8VSCode.wsb*
+*8VSCode.wsb*
 
 ```
 <Configuration>
diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
index a01cada336..200557bec3 100644
--- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
@@ -15,7 +15,7 @@ ms.reviewer:
 
 # Windows Sandbox overview
 
-Windows Sandbox provides a lightweight desktop environment to safely run applications in isolation. Software that's installed inside the Windows Sandbox environment remains in the "sandboxed" and can't affect the host machine.
+Windows Sandbox provides a lightweight desktop environment to safely run applications in isolation. Software that's installed inside the Windows Sandbox environment remains "sandboxed" and can't affect the host machine.
 
 A sandbox is temporary. When it's closed, all the software and files and the state are permanently deleted. You get a brand-new instance of the sandbox every time you open the application.
 
@@ -44,7 +44,7 @@ The following video provides an overview of Windows Sandbox.
 
 ## Installation
 
-1. Ensure that your machine is using Windows 10 Pro or Enterprise build version 18305 or later.
+1. Ensure that your machine is using Windows 10 Pro or Enterprise, build version 18305 or later.
 2. Enable virtualization on the machine.
 
    - If you're using a physical machine, make sure virtualization capabilities are enabled in the BIOS.

From d3bf35a7fbad0cb07833ceaccd89acc73cde419b Mon Sep 17 00:00:00 2001
From: jborsecnik <v-jeffbo@microsoft.com>
Date: Fri, 13 Mar 2020 09:52:53 -0700
Subject: [PATCH 18/30] Update windows-sandbox-configure-using-wsb-file.md

typo fix
---
 .../windows-sandbox/windows-sandbox-configure-using-wsb-file.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
index 1c995e8174..f40a456501 100644
--- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
@@ -194,7 +194,7 @@ REM Install and run Visual Studio Code
 C:\users\WDAGUtilityAccount\Desktop\vscode.exe /verysilent /suppressmsgboxes
 ```
 
-*8VSCode.wsb*
+*VSCode.wsb*
 
 ```
 <Configuration>

From e47f76f5d8d4c725fcdf256d2c022d9d1f20c869 Mon Sep 17 00:00:00 2001
From: Jeff Borsecnik <v-jeffbo@microsoft.com>
Date: Fri, 13 Mar 2020 09:57:46 -0700
Subject: [PATCH 19/30] TOC tweak

---
 windows/security/threat-protection/TOC.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 08013e1a74..a52e2cf6d2 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -607,7 +607,7 @@
 #### [SmartScreen Group Policy and mobile device management (MDM) settings](windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md)
 #### [Set up and use SmartScreen on individual devices](windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md)
 
-### [Windows Sandbox](windows-sandbox/windows-sandbox-overview.md)
+### [Windows Sandbox overview](windows-sandbox/windows-sandbox-overview.md)
 #### [Windows Sandbox architecture](windows-sandbox/windows-sandbox-architecture.md)
 #### [Windows Sandbox configuration](windows-sandbox/windows-sandbox-configure-using-wsb-file.md)
 

From 8a9d9ee4c0f874532096d2a870171f30300b02e0 Mon Sep 17 00:00:00 2001
From: jborsecnik <v-jeffbo@microsoft.com>
Date: Fri, 13 Mar 2020 10:01:51 -0700
Subject: [PATCH 20/30] Update windows-sandbox-configure-using-wsb-file.md

title modify
---
 .../windows-sandbox-configure-using-wsb-file.md               | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
index f40a456501..47983ad806 100644
--- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
@@ -1,5 +1,5 @@
 ---
-title: Use a .wsb file to configure Windows Sandbox
+title: Windows Sandbox configuration
 description: 
 ms.prod: w10
 audience: ITPro
@@ -13,7 +13,7 @@ ms.date:
 ms.reviewer: 
 ---
 
-# Use a .wsb file to configure Windows Sandbox
+# Windows Sandbox configuration
 
 Windows Sandbox supports simple configuration files, which provide a minimal set of customization parameters for Sandbox. This feature can be used with Windows 10 build 18342 or later.
 

From 69ea874d9a96225cef7cffb0359e458d3e72e0e7 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Fri, 13 Mar 2020 12:21:57 -0700
Subject: [PATCH 21/30] Update TOC.md

---
 windows/security/threat-protection/TOC.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index a52e2cf6d2..08013e1a74 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -607,7 +607,7 @@
 #### [SmartScreen Group Policy and mobile device management (MDM) settings](windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md)
 #### [Set up and use SmartScreen on individual devices](windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md)
 
-### [Windows Sandbox overview](windows-sandbox/windows-sandbox-overview.md)
+### [Windows Sandbox](windows-sandbox/windows-sandbox-overview.md)
 #### [Windows Sandbox architecture](windows-sandbox/windows-sandbox-architecture.md)
 #### [Windows Sandbox configuration](windows-sandbox/windows-sandbox-configure-using-wsb-file.md)
 

From 7bc12847576e95b4ff767b03192c8ba25aadf078 Mon Sep 17 00:00:00 2001
From: Daniel Simpson <dansimp@microsoft.com>
Date: Thu, 19 Mar 2020 12:13:10 -0700
Subject: [PATCH 22/30] Update windows-sandbox-overview.md

---
 .../windows-sandbox/windows-sandbox-overview.md               | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
index 200557bec3..46ec7d6c5b 100644
--- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
@@ -1,5 +1,5 @@
 ---
-title: Windows Sandbox overview
+title: Windows Sandbox 
 description: 
 ms.prod: w10
 audience: ITPro
@@ -13,7 +13,7 @@ ms.date:
 ms.reviewer: 
 ---
 
-# Windows Sandbox overview
+# Windows Sandbox 
 
 Windows Sandbox provides a lightweight desktop environment to safely run applications in isolation. Software that's installed inside the Windows Sandbox environment remains "sandboxed" and can't affect the host machine.
 

From 43585a81163f8d59d0af90932965b90e63351810 Mon Sep 17 00:00:00 2001
From: Paul Bozzay <pbozza@microsoft.com>
Date: Thu, 19 Mar 2020 16:07:56 -0700
Subject: [PATCH 23/30] A few small changes for clarity

---
 .../{windows-sandbox-overview.md => windows-sandbox-pbozza}   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename windows/security/threat-protection/windows-sandbox/{windows-sandbox-overview.md => windows-sandbox-pbozza} (91%)

diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-pbozza
similarity index 91%
rename from windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
rename to windows/security/threat-protection/windows-sandbox/windows-sandbox-pbozza
index 46ec7d6c5b..4ce7a64eb1 100644
--- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-pbozza
@@ -15,7 +15,7 @@ ms.reviewer:
 
 # Windows Sandbox 
 
-Windows Sandbox provides a lightweight desktop environment to safely run applications in isolation. Software that's installed inside the Windows Sandbox environment remains "sandboxed" and can't affect the host machine.
+Windows Sandbox provides a lightweight desktop environment to safely run applications in isolation. Software installed inside the Windows Sandbox environment remains "sandboxed" and can't affect the host machine.
 
 A sandbox is temporary. When it's closed, all the software and files and the state are permanently deleted. You get a brand-new instance of the sandbox every time you open the application.
 
@@ -49,7 +49,7 @@ The following video provides an overview of Windows Sandbox.
 
    - If you're using a physical machine, make sure virtualization capabilities are enabled in the BIOS.
    - If you're using a virtual machine, run the following PowerShell command to enable nested virtualization:<br/> **Set -VMProcessor -VMName \<VMName> -ExposeVirtualizationExtensions $true**
-1. Use the search bar on the task bar and type **Turn Windows Features on and off**. Select **Windows Sandbox** and then **OK**. Restart the computer if you're prompted.
+1. Use the search bar on the task bar and type **Turn Windows Features on and off** to access the Windows Optional Features tool. Select **Windows Sandbox** and then **OK**. Restart the computer if you're prompted.
 
    - If the **Windows Sandbox** option is unavailable, your computer doesn't meet the requirements to run Windows Sandbox. If you think this is incorrect, review the prerequisite list as well as steps 1 and 2.
 1.   Locate and select **Windows Sandbox** on the Start menu to run it for the first time.

From 7635eb6de912d31685af2bc2bee28a4973d80677 Mon Sep 17 00:00:00 2001
From: Paul Bozzay <pbozza@microsoft.com>
Date: Thu, 19 Mar 2020 16:14:31 -0700
Subject: [PATCH 24/30] Small clarifications/language adjustments

---
 .../windows-sandbox/windows-sandbox-architecture.md    | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md
index fbc753ac22..83a96c0261 100644
--- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md
@@ -15,15 +15,15 @@ ms.reviewer:
 
 # Windows Sandbox architecture
 
-Windows Sandbox benefits from new container technology in Windows to achieve a combination of security, density, and performance that's not available in traditional VMs.
+Windows Sandbox benefits from new container technology in Windows to achieve a combination of security, density, and performance that isn't available in traditional VMs.
 
 ## Dynamically generated image
 
-Containers require an operating system image to boot from. Rather than providing a separate copy of Windows to boot from, Dynamic Base Image technology leverages the copy of Windows that's already installed on the host.
+Rather than requiring a separate copy of Windows to boot the sandbox, Dynamic Base Image technology leverages the copy of Windows already installed on the host.
 
-Most OS files are immutable and can be freely shared with Windows Sandbox. A small portion of the OS files are mutable and we can't be shared. But the container base image contains pristine copies of these files. A complete Windows image can be constructed from a combination of the sharable immutable files on the host and the pristine copies of the mutable files. By using this scheme, Windows Sandbox has a full Windows installation to boot from without needing to download or store an additional copy of Windows.
+Most OS files are immutable and can be freely shared with Windows Sandbox. A small subset of operating system files are mutable and cannot be shared, so the sandbox base image contains pristine copies of them. A complete Windows image can be constructed from a combination of the sharable immutable files on the host and the pristine copies of the mutable files. By using this scheme, Windows Sandbox has a full Windows installation to boot from without needing to download or store an additional copy of Windows.
  
-Before Windows Sandbox is installed, the dynamic base image package is stored as a compressed 30-MB package. Once it's installed, the dynamic base image occupies about 500 MB of disk space.
+Before Windows Sandbox is installed, the dynamic base image package is stored as a compressed 30MB package. Once it's installed, the dynamic base image occupies about 500 MB of disk space.
 
 ![A chart compares scale of dynamic image of files and links with the host file system.](images/1-dynamic-host.png)
 
@@ -59,4 +59,4 @@ To take advantage of these benefits, a system with a compatible GPU and graphics
  
 ## Battery pass-through
 
-Windows Sandbox is also aware of the host's battery state, which allows it to optimize power consumption. This is critical for a technology that's used on laptops, where battery life is often critical.
+Windows Sandbox is also aware of the host's battery state, which allows it to optimize its power consumption. This functionality is critical for technology that is used on laptops, where battery life is often critical.

From 3970b76b3cbfcabd80e86857a6f3a020a840c1f0 Mon Sep 17 00:00:00 2001
From: Paul Bozzay <pbozza@microsoft.com>
Date: Thu, 19 Mar 2020 16:48:56 -0700
Subject: [PATCH 25/30] Small edits and removals

Biggest change is to remove the comment from the bottom. I was able to see this when I viewed the source for the page, so I didn't want to risk including it.
---
 ...indows-sandbox-configure-using-wsb-file.md | 59 ++++++++-----------
 1 file changed, 23 insertions(+), 36 deletions(-)

diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
index 47983ad806..583fc49a5d 100644
--- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
@@ -37,7 +37,7 @@ Windows Sandbox configuration files are formatted as XML and are associated with
 
 **vGPU**: Enables or disables GPU sharing.
 
-`<VGpu>value</VGpu>`
+`<vGPU>value</vGPU>`
 
 Supported values:
 - *Enable*: Enables vGPU support in the sandbox.
@@ -58,19 +58,19 @@ Supported values:
 > [!NOTE]
 > Enabling networking can expose untrusted applications to the internal network.
 
-**Mapped folders**: An array of folders, each representing a location on the host machine that will be shared into the sandbox at the specified path. If no path is specified, the folder will be mapped to the container user's desktop.
+**Mapped folders**: An array of folders, each representing a location on the host machine that will be shared into the sandbox at the specified path. At this time, relative paths are not supported. If no path is specified, the folder will be mapped to the container user's desktop.
 
 ```
-`<MappedFolders>`
-      list of MappedFolder objects  <MappedFolder> 
-       <HostFolder>path to the host folder</HostFolder> 
-       <SandboxFolder>path to the sandbox folder</SandboxFolder> 
-       <ReadOnly>value</ReadOnly> 
+<MappedFolders>
+  <MappedFolder> 
+    <HostFolder>absolute path to the host folder</HostFolder> 
+    <SandboxFolder>absolute path to the sandbox folder</SandboxFolder> 
+    <ReadOnly>value</ReadOnly> 
   </MappedFolder>
   <MappedFolder>  
     ...
   </MappedFolder>
-`</MappedFolders>`
+</MappedFolders>
 ```
 
 *HostFolder*: Specifies the folder on the host machine to share into the sandbox. Note that the folder must already exist on the host, or the container will fail to start.
@@ -87,7 +87,7 @@ Supported values:
 
 ```
 <LogonCommand>
-    <Command>command to be invoked</Command>
+  <Command>command to be invoked</Command>
 </LogonCommand>
 ```
 
@@ -101,7 +101,7 @@ Supported values:
 `<AudioInput>value</AudioInput>`
 
 Supported values:
-- *Enable*: Enables audio input in the sandbox. If this value is set, the sandbox will be able to receive audio input from the user. Applications that use a microphone may need this setting.
+- *Enable*: Enables audio input in the sandbox. If this value is set, the sandbox will be able to receive audio input from the user. Applications that use a microphone may require this capability.
 - *Disable*: Disables audio input in the sandbox. If this value is set, the sandbox can't receive audio input from the user. Applications that use a microphone may not function properly with this setting.
 - *Default*: This is the default value for audio input support. Currently this means audio input is enabled.
 
@@ -120,7 +120,7 @@ Supported values:
 > [!NOTE]
 > There may be security implications of exposing host video input to the container.
 
-**Protected client**: Implements increased-security settings on the sandbox RDP session. These settings decrease the attack surface of the sandbox.
+**Protected client**: Applies additional security settings to the sandbox Remote Desktop client, decreasing its attack surface.
 
 `<ProtectedClient>value</ProtectedClient>`
 
@@ -156,24 +156,24 @@ Supported values:
 If the memory value specified is insufficient to boot a sandbox, it will be automatically increased to the required minimum amount.
 
 ***Example 1***   
-The following config file can be used to easily test downloaded files inside the sandbox. To achieve this, the script disables networking and vGPU and restricts the shared downloads folder to read-only access in the container. For convenience, the logon command opens the downloads folder inside the container when it's started.
+The following config file can be used to easily test downloaded files inside the sandbox. To achieve this, networking and vGPU are disabled, and the sandbox is allowed read-only access to the shared downloads folder. For convenience, the logon command opens the downloads folder inside the sandbox when it's started.
 
 *Downloads.wsb*
 
 ```
 <Configuration>
- <VGpu>Disable</VGpu>
- <Networking>Disable</Networking>
- <MappedFolders>
+  <VGpu>Disable</VGpu>
+  <Networking>Disable</Networking>
+  <MappedFolders>
     <MappedFolder>
       <HostFolder>C:\Users\Public\Downloads</HostFolder>
       <SandboxFolder>C:\Users\WDAGUtilityAccount\Downloads</SandboxFolder>
       <ReadOnly>true</ReadOnly>
     </MappedFolder>
- </MappedFolders>
- <LogonCommand>
+  </MappedFolders>
+  <LogonCommand>
     <Command>explorer.exe C:\users\WDAGUtilityAccount\Downloads</Command>
- </LogonCommand>
+  </LogonCommand>
 </Configuration>
 ```
 ***Example 2***
@@ -198,7 +198,7 @@ C:\users\WDAGUtilityAccount\Desktop\vscode.exe /verysilent /suppressmsgboxes
 
 ```
 <Configuration>
- <MappedFolders>
+  <MappedFolders>
     <MappedFolder>
       <HostFolder>C:\SandboxScripts</HostFolder>
       <ReadOnly>true</ReadOnly>
@@ -207,22 +207,9 @@ C:\users\WDAGUtilityAccount\Desktop\vscode.exe /verysilent /suppressmsgboxes
       <HostFolder>C:\CodingProjects</HostFolder>
       <ReadOnly>false</ReadOnly>
     </MappedFolder>
- </MappedFolders>
- <LogonCommand>
-    <Command>C:\users\wdagutilityaccount\desktop\SandboxScripts\VSCodeInstall.cmd</Command>
- </LogonCommand>
+  </MappedFolders>
+  <LogonCommand>
+    <Command>C:\Users\WDAGUtilityAccount\Desktop\SandboxScripts\VSCodeInstall.cmd</Command>
+  </LogonCommand>
 </Configuration>
 ```
-
-<!--
-
-FAQ (future)
-
-Release Notes (future)
-
-EnableVendorExtensions – Paul added new option for Windows Sandbox to enable/disable vGPU vendor extensions. This is as new as 12/2 
-RailMode – allows a user to run programs in Rail mode rather than full desktop. Internal only at this time.
-
-Known issues (future)
-
--->
\ No newline at end of file

From d6125fc24ff2a273ca9c2452d7307c50e06d161b Mon Sep 17 00:00:00 2001
From: Jeff Borsecnik <v-jeffbo@microsoft.com>
Date: Tue, 24 Mar 2020 17:19:08 -0700
Subject: [PATCH 26/30] add missing hyphen

---
 .../windows-sandbox/windows-sandbox-architecture.md             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md
index 83a96c0261..db22ee475a 100644
--- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md
@@ -23,7 +23,7 @@ Rather than requiring a separate copy of Windows to boot the sandbox, Dynamic Ba
 
 Most OS files are immutable and can be freely shared with Windows Sandbox. A small subset of operating system files are mutable and cannot be shared, so the sandbox base image contains pristine copies of them. A complete Windows image can be constructed from a combination of the sharable immutable files on the host and the pristine copies of the mutable files. By using this scheme, Windows Sandbox has a full Windows installation to boot from without needing to download or store an additional copy of Windows.
  
-Before Windows Sandbox is installed, the dynamic base image package is stored as a compressed 30MB package. Once it's installed, the dynamic base image occupies about 500 MB of disk space.
+Before Windows Sandbox is installed, the dynamic base image package is stored as a compressed 30-MB package. Once it's installed, the dynamic base image occupies about 500 MB of disk space.
 
 ![A chart compares scale of dynamic image of files and links with the host file system.](images/1-dynamic-host.png)
 

From 65508ab743cf5f01d6fa73d6fc1f8be463ec44e6 Mon Sep 17 00:00:00 2001
From: Jeff Borsecnik <v-jeffbo@microsoft.com>
Date: Wed, 25 Mar 2020 11:34:25 -0700
Subject: [PATCH 27/30] small CELA changes via Margarit

---
 .../threat-protection/windows-sandbox/windows-sandbox-pbozza  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-pbozza b/windows/security/threat-protection/windows-sandbox/windows-sandbox-pbozza
index 4ce7a64eb1..fa85062872 100644
--- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-pbozza
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-pbozza
@@ -15,9 +15,9 @@ ms.reviewer:
 
 # Windows Sandbox 
 
-Windows Sandbox provides a lightweight desktop environment to safely run applications in isolation. Software installed inside the Windows Sandbox environment remains "sandboxed" and can't affect the host machine.
+Windows Sandbox provides a lightweight desktop environment to safely run applications in isolation. Software installed inside the Windows Sandbox environment remains "sandboxed" and runs separately from the host machine.
 
-A sandbox is temporary. When it's closed, all the software and files and the state are permanently deleted. You get a brand-new instance of the sandbox every time you open the application.
+A sandbox is temporary. When it's closed, all the software and files and the state are deleted. You get a brand-new instance of the sandbox every time you open the application.
 
 Software and applications installed on the host aren't directly available in the sandbox. If you need specific applications available inside the Windows Sandbox environment, they must be explicitly installed within the environment.
 

From 7a0590e747ac12c36768a4c4c16f64de08a53d6c Mon Sep 17 00:00:00 2001
From: Jeff Borsecnik <v-jeffbo@microsoft.com>
Date: Wed, 25 Mar 2020 15:17:42 -0700
Subject: [PATCH 28/30] update file name to match TOC

---
 .../{windows-sandbox-pbozza => windows-sandbox-overview}          | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename windows/security/threat-protection/windows-sandbox/{windows-sandbox-pbozza => windows-sandbox-overview} (100%)

diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-pbozza b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview
similarity index 100%
rename from windows/security/threat-protection/windows-sandbox/windows-sandbox-pbozza
rename to windows/security/threat-protection/windows-sandbox/windows-sandbox-overview

From aaad6c1bb4d3bdf1d19a6127a6dee52ecd53a9f3 Mon Sep 17 00:00:00 2001
From: Jeff Borsecnik <v-jeffbo@microsoft.com>
Date: Wed, 25 Mar 2020 15:34:15 -0700
Subject: [PATCH 29/30] add file name extension to overview article

---
 .../{windows-sandbox-overview => windows-sandbox-overview.md}     | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename windows/security/threat-protection/windows-sandbox/{windows-sandbox-overview => windows-sandbox-overview.md} (100%)

diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
similarity index 100%
rename from windows/security/threat-protection/windows-sandbox/windows-sandbox-overview
rename to windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md

From 00bb5bf330170c0baa40fa86d61b64ff1eb66394 Mon Sep 17 00:00:00 2001
From: Gary Moore <v-gmoor@microsoft.com>
Date: Fri, 27 Mar 2020 13:55:32 -0700
Subject: [PATCH 30/30] Added content types to code blocks

---
 .../windows-sandbox-configure-using-wsb-file.md       | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
index 583fc49a5d..2ac125c33b 100644
--- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
@@ -60,7 +60,7 @@ Supported values:
 
 **Mapped folders**: An array of folders, each representing a location on the host machine that will be shared into the sandbox at the specified path. At this time, relative paths are not supported. If no path is specified, the folder will be mapped to the container user's desktop.
 
-```
+```xml
 <MappedFolders>
   <MappedFolder> 
     <HostFolder>absolute path to the host folder</HostFolder> 
@@ -85,7 +85,7 @@ Supported values:
 
 **Logon command**: Specifies a single command that will be invoked automatically after the sandbox logs on. Apps in the sandbox are run under the container user account.
 
-```
+```xml
 <LogonCommand>
   <Command>command to be invoked</Command>
 </LogonCommand>
@@ -160,7 +160,7 @@ The following config file can be used to easily test downloaded files inside the
 
 *Downloads.wsb*
 
-```
+```xml
 <Configuration>
   <VGpu>Disable</VGpu>
   <Networking>Disable</Networking>
@@ -176,6 +176,7 @@ The following config file can be used to easily test downloaded files inside the
   </LogonCommand>
 </Configuration>
 ```
+
 ***Example 2***
 
 The following config file installs Visual Studio Code in the sandbox, which requires a slightly more complicated LogonCommand setup.
@@ -186,7 +187,7 @@ With the Visual Studio Code installer script already mapped into the sandbox, th
 
 *VSCodeInstall.cmd*
 
-```
+```console
 REM Download Visual Studio Code
 curl -L "https://update.code.visualstudio.com/latest/win32-x64-user/stable" --output C:\users\WDAGUtilityAccount\Desktop\vscode.exe
 
@@ -196,7 +197,7 @@ C:\users\WDAGUtilityAccount\Desktop\vscode.exe /verysilent /suppressmsgboxes
 
 *VSCode.wsb*
 
-```
+```xml
 <Configuration>
   <MappedFolders>
     <MappedFolder>