| Autopilot Self-Deploying mode and Autopilot White Glove | Firmware TPM devices, which are only provided by Intel, AMD, or Qualcomm, do not include all needed certificates at boot time and must be able to retrieve them from the manufacturer on first use. Devices with discrete TPM chips(including ones from any other manufacturer) come with these certificates preinstalled. Make sure that these URLs are accessible for each firmware TPM provider so that certificates can be successfully requested:
+
Intel- https://ekop.intel.com/ekcertservice
+
Qualcomm- https://ekcert.spserv.microsoft.com/EKCertificate/GetEKCertificate/v1
+
AMD- http://ftpm.amd.com/pki/aia
## Licensing requirements
From 6d22e1ac170c3fba911e3f22c23451069a27bc8d Mon Sep 17 00:00:00 2001
From: Rafael Rivera
Date: Thu, 12 Sep 2019 15:20:13 -0700
Subject: [PATCH 004/191] Add diagnostic events and fields for 1903
---
windows/deployment/update/windows-analytics-privacy.md | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/windows/deployment/update/windows-analytics-privacy.md b/windows/deployment/update/windows-analytics-privacy.md
index 8e7a8558db..19e9520516 100644
--- a/windows/deployment/update/windows-analytics-privacy.md
+++ b/windows/deployment/update/windows-analytics-privacy.md
@@ -8,8 +8,10 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: deploy
-audience: itpro
author: greg-lindsay
-ms.audience: itpro
author: greg-lindsay
+audience: itpro
+author: greg-lindsay
+ms.audience: itpro
+author: greg-lindsay
ms.localizationpriority: high
ms.collection: M365-analytics
ms.topic: article
@@ -43,6 +45,7 @@ See these topics for additional background information about related privacy iss
- [Windows 10 and the GDPR for IT Decision Makers](https://docs.microsoft.com/windows/privacy/gdpr-it-guidance)
- [Configure Windows diagnostic data in your organization](https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization)
- [Windows 7, Windows 8, and Windows 8.1 Appraiser Telemetry Events, and Fields](https://go.microsoft.com/fwlink/?LinkID=822965)
+- [Windows 10, version 1903 basic level Windows diagnostic events and fields](https://docs.microsoft.com/en-us/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1903)
- [Windows 10, version 1809 basic level Windows diagnostic events and fields](https://docs.microsoft.com/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809)
- [Windows 10, version 1803 basic level Windows diagnostic events and fields](https://docs.microsoft.com/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803)
- [Windows 10, version 1709 basic level Windows diagnostic events and fields](https://docs.microsoft.com/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709)
From 1dbd748812d4ac3bd132508901377ebeea410322 Mon Sep 17 00:00:00 2001
From: MONI RAMESH SUBRAMONI <44937843+mosubram@users.noreply.github.com>
Date: Sun, 15 Sep 2019 15:01:50 +0530
Subject: [PATCH 005/191] Update
manage-protection-updates-windows-defender-antivirus.md
The policy path details mentioned in the article is valid only till Windows 10, version 1607. It has changed starting Windows 10, version 1703 and remains the same till Windows 10, version 1809 and then again changed in Windows 10, version 1903.
---
.../manage-protection-updates-windows-defender-antivirus.md | 2 ++
1 file changed, 2 insertions(+)
diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md
index ee825e3d08..5b19541a03 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md
@@ -107,6 +107,8 @@ The procedures in this article first describe how to set the order, and then how
6. Click **OK**. This will set the order of file shares when that source is referenced in the **Define the order of sources...** group policy setting.
+Note: For Windows 10, version 1703 till 1809, the policy path is Windows Components > Windows Defender Antivirus > Signature Updates
+ For Windows 10, version 1903, the policy path is Windows Components > Windows Defender Antivirus > Security Intelligence Updates
**Use Configuration Manager to manage the update location:**
From 56d6d8ec3f0174bc2e8465152de880c005689297 Mon Sep 17 00:00:00 2001
From: MONI RAMESH SUBRAMONI <44937843+mosubram@users.noreply.github.com>
Date: Mon, 16 Sep 2019 14:46:38 +0530
Subject: [PATCH 006/191] Update
windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md
Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
.../manage-protection-updates-windows-defender-antivirus.md | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md
index 5b19541a03..d9ca019782 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md
@@ -107,7 +107,8 @@ The procedures in this article first describe how to set the order, and then how
6. Click **OK**. This will set the order of file shares when that source is referenced in the **Define the order of sources...** group policy setting.
-Note: For Windows 10, version 1703 till 1809, the policy path is Windows Components > Windows Defender Antivirus > Signature Updates
+> [!NOTE]
+> For Windows 10, versions 1703 up to and including 1809, the policy path is **Windows Components > Windows Defender Antivirus > Signature Updates**
For Windows 10, version 1903, the policy path is Windows Components > Windows Defender Antivirus > Security Intelligence Updates
**Use Configuration Manager to manage the update location:**
From be824df2925a612436a00b5d28843edcbdeac46c Mon Sep 17 00:00:00 2001
From: MONI RAMESH SUBRAMONI <44937843+mosubram@users.noreply.github.com>
Date: Mon, 16 Sep 2019 14:46:46 +0530
Subject: [PATCH 007/191] Update
windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md
Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
.../manage-protection-updates-windows-defender-antivirus.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md
index d9ca019782..10cc42c9f3 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md
@@ -109,7 +109,7 @@ The procedures in this article first describe how to set the order, and then how
> [!NOTE]
> For Windows 10, versions 1703 up to and including 1809, the policy path is **Windows Components > Windows Defender Antivirus > Signature Updates**
- For Windows 10, version 1903, the policy path is Windows Components > Windows Defender Antivirus > Security Intelligence Updates
+> For Windows 10, version 1903, the policy path is **Windows Components > Windows Defender Antivirus > Security Intelligence Updates**
**Use Configuration Manager to manage the update location:**
From 2b63f3586d3b27ee22756b1c85a647432079874f Mon Sep 17 00:00:00 2001
From: Michael Mardahl
Date: Thu, 19 Sep 2019 10:10:26 +0200
Subject: [PATCH 008/191] Update
enroll-a-windows-10-device-automatically-using-group-policy.md
Added the new 1903 ADMX link, and updated the screenshots and texts to reflect new possibilities introduced in the latest ADMX.
---
...s-10-device-automatically-using-group-policy.md | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
index 6360bcb775..a2ace591bb 100644
--- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
+++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
@@ -106,12 +106,16 @@ Requirements:
-4. Double-click **Auto MDM Enrollment with AAD Token**.
+4. Double-click **Enable Automatic MDM enrollment using default Azure AD credentials**.
5. Click **Enable**, then click **OK**.
+>[!IMPORTANT]
+>In Windows 10, version 1903, the MDM.admx file was updated to include the possibility to select which credential is used to enroll the device. The **Device Credential** is a new option that will only have effect on clients that have the Windows 10 1903 feature update installed.
+>The default behaviour for older releases is to fallback to **User Credential**.
+
A task is created and scheduled to run every 5 minutes for the duration of 1 day. The task is called " Schedule created by enrollment client for automatically enrolling in MDM from AAD."
To see the scheduled task, launch the [Task Scheduler app](#task-scheduler-app).
@@ -154,15 +158,15 @@ Requirements:
- Ensure that PCs belong to same computer group.
>[!IMPORTANT]
->If you do not see the policy, it may be because you don’t have the ADMX installed for Windows 10, version 1803 or version 1809. To fix the issue, follow these steps:
+>If you do not see the policy, it may be because you don’t have the ADMX installed for Windows 10, version 1803, version 1809 or version 1903. To fix the issue, follow these steps (Note: the latest MDM.admx is backwards compatible):
> 1. Download:
> 1803 -->[Administrative Templates (.admx) for Windows 10 April 2018 Update (1803)](https://www.microsoft.com/download/details.aspx?id=56880) or
> 1809 --> [Administrative Templates for Windows 10 October 2018 Update (1809)](https://www.microsoft.com/download/details.aspx?id=57576).
+> 1903 --> [Administrative Templates for Windows 10 May 2019 Update (1903)](https://www.microsoft.com/en-us/download/details.aspx?id=58495&WT.mc_id=rss_alldownloads_all) (recommended).
> 2. Install the package on the Primary Domain Controller (PDC).
> 3. Navigate, depending on the version to the folder:
-> 1803 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 April 2018 Update (1803) v2**, or
-> 1809 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 October 2018 Update (1809) v2**
-> 4. Copy policy definitions folder to **C:\Windows\SYSVOL\domain\Policies**.
+> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 \ \ Update (\) \**
+> 4. Copy policy definitions folder to **C:\Windows\SYSVOL\domain\Policies** (N.B. If this folder does not exist, then be aware that you will be switching to a [central policy store](https://support.microsoft.com/da-dk/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) for your entire domain).
> 5. Restart the Primary Domain Controller for the policy to be available.
> This procedure will work for any future version as well.
From f82a56e1a6c2321f3a1c0058589993e1f3978145 Mon Sep 17 00:00:00 2001
From: Baard Hermansen
Date: Fri, 20 Sep 2019 13:14:22 +0200
Subject: [PATCH 009/191] Update account-policies.md
Corrected Noted markup.
---
.../security-policy-settings/account-policies.md | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/security-policy-settings/account-policies.md b/windows/security/threat-protection/security-policy-settings/account-policies.md
index 3c9a703853..f740ced849 100644
--- a/windows/security/threat-protection/security-policy-settings/account-policies.md
+++ b/windows/security/threat-protection/security-policy-settings/account-policies.md
@@ -25,7 +25,8 @@ ms.date: 04/19/2017
An overview of account policies in Windows and provides links to policy descriptions.
All account policies settings applied by using Group Policy are applied at the domain level. Default values are present in the built-in default domain controller policy for Password Policy settings, Account Lockout Policy settings, and Kerberos Policy settings. The domain account policy becomes the default local account policy of any device that is a member of the domain. If these policies are set at any level below the domain level in Active Directory Domain Services (AD DS), they affect only local accounts on member servers.
-> **Note:** Each domain can have only one account policy. The account policy must be defined in the default domain policy or in a new policy that is linked to the root of the domain and given precedence over the default domain policy, which is enforced by the domain controllers in the domain. These domain-wide account policy settings (Password Policy, Account Lockout Policy, and Kerberos Policy) are enforced by the domain controllers in the domain; therefore, domain controllers always retrieve the values of these account policy settings from the default domain policy Group Policy Object (GPO).
+> [!NOTE]
+> Each domain can have only one account policy. The account policy must be defined in the default domain policy or in a new policy that is linked to the root of the domain and given precedence over the default domain policy, which is enforced by the domain controllers in the domain. These domain-wide account policy settings (Password Policy, Account Lockout Policy, and Kerberos Policy) are enforced by the domain controllers in the domain; therefore, domain controllers always retrieve the values of these account policy settings from the default domain policy Group Policy Object (GPO).
The only exception is when another account policy is defined for an organizational unit (OU). The account policy settings for the OU affect the local policy on any computers that are contained in the OU. For example, if an OU policy defines a maximum password age that differs from the domain-level account policy, the OU policy will be applied and enforced only when users log on to the local computer. The default local computer policies apply only to computers that are in a workgroup or in a domain where neither an OU account policy nor a domain policy applies.
From 41be8ac8df848d8541139f6e806a77a127c33a61 Mon Sep 17 00:00:00 2001
From: brbrahm <43386070+brbrahm@users.noreply.github.com>
Date: Fri, 20 Sep 2019 08:58:34 -0700
Subject: [PATCH 010/191] Comment out msxml3, msxml6, jscript9 in signing
scenarios
These three dlls are commented out in the rule definition section, so should also be commented out in the signing scenarios section in case people do not uncomment the first.
---
.../microsoft-recommended-block-rules.md | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
index 8aae066fd4..55b26f6e89 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
@@ -88,7 +88,7 @@ Microsoft recommends that you block the following Microsoft-signed applications
- msxml6.dll
- jscript9.dll
-Pick the correct version of each .dll for the Windows release you plan to support, and remove the other versions.
+Pick the correct version of each .dll for the Windows release you plan to support, and remove the other versions. Ensure that you also uncomment them in the signing scenarios section.
```xml
@@ -888,9 +888,11 @@ Pick the correct version of each .dll for the Windows release you plan to suppor
+
From b801d2292d4f7ceb3bba6dc26e9558984318828e Mon Sep 17 00:00:00 2001
From: Adam Gross
Date: Sat, 21 Sep 2019 15:55:02 -0500
Subject: [PATCH 011/191] Fixed typo
---
.../hello-for-business/hello-hybrid-aadj-sso-base.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
index d1c11a2a8c..64ad6ca815 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
@@ -122,7 +122,7 @@ You need to host your new certificate revocation list of a web server so Azure A
5. Select **CDP** under **Default Web Site** in the navigation pane. Double-click **Configuration Editor**.
6. In the **Section** list, navigate to **system.webServer/security/requestFiltering**.
- In the list of named value-pairs in the content pane, configure **allowDoubleEscapting** to **True**. Click **Apply** in the actions pane.
+ In the list of named value-pairs in the content pane, configure **allowDoubleEscaping** to **True**. Click **Apply** in the actions pane.
7. Close **Internet Information Services (IIS) Manager**.
From bf3926c4a45b5e8d5fb0ee23b2eb6e5047b09d65 Mon Sep 17 00:00:00 2001
From: Michael Mardahl
Date: Sun, 22 Sep 2019 06:54:08 +0200
Subject: [PATCH 012/191] Update
windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
...roll-a-windows-10-device-automatically-using-group-policy.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
index a2ace591bb..ac8d2dec41 100644
--- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
+++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
@@ -162,7 +162,7 @@ Requirements:
> 1. Download:
> 1803 -->[Administrative Templates (.admx) for Windows 10 April 2018 Update (1803)](https://www.microsoft.com/download/details.aspx?id=56880) or
> 1809 --> [Administrative Templates for Windows 10 October 2018 Update (1809)](https://www.microsoft.com/download/details.aspx?id=57576).
-> 1903 --> [Administrative Templates for Windows 10 May 2019 Update (1903)](https://www.microsoft.com/en-us/download/details.aspx?id=58495&WT.mc_id=rss_alldownloads_all) (recommended).
+> 1903 --> [Administrative Templates for Windows 10 May 2019 Update (1903)](https://www.microsoft.com/download/details.aspx?id=58495&WT.mc_id=rss_alldownloads_all) (recommended).
> 2. Install the package on the Primary Domain Controller (PDC).
> 3. Navigate, depending on the version to the folder:
> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 \ \ Update (\) \**
From 7e81063a53e4e9bb24b2c8b7e532f7a74dd01a60 Mon Sep 17 00:00:00 2001
From: Michael Mardahl
Date: Sun, 22 Sep 2019 06:56:10 +0200
Subject: [PATCH 013/191] Update
windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
...roll-a-windows-10-device-automatically-using-group-policy.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
index ac8d2dec41..bea7ec8fa8 100644
--- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
+++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
@@ -166,7 +166,7 @@ Requirements:
> 2. Install the package on the Primary Domain Controller (PDC).
> 3. Navigate, depending on the version to the folder:
> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 \ \ Update (\) \**
-> 4. Copy policy definitions folder to **C:\Windows\SYSVOL\domain\Policies** (N.B. If this folder does not exist, then be aware that you will be switching to a [central policy store](https://support.microsoft.com/da-dk/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) for your entire domain).
+> 4. Copy policy definitions folder to **C:\Windows\SYSVOL\domain\Policies** (N.B. If this folder does not exist, then be aware that you will be switching to a [central policy store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) for your entire domain).
> 5. Restart the Primary Domain Controller for the policy to be available.
> This procedure will work for any future version as well.
From 8810e7902d1dae9b4eda6f607019a4c84eada5f7 Mon Sep 17 00:00:00 2001
From: Michael Mardahl
Date: Sun, 22 Sep 2019 07:04:10 +0200
Subject: [PATCH 014/191] Update
enroll-a-windows-10-device-automatically-using-group-policy.md
---
...s-10-device-automatically-using-group-policy.md | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
index bea7ec8fa8..7d2e52c4a0 100644
--- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
+++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
@@ -76,7 +76,7 @@ Also verify that the **MAM user scope** is set to **None**. Otherwise, it will h
-7. Verify that the *Enable automatic MDM enrollment using default Azure AD credentials* group policy (Local Group Policy Editor > Computer Configuration > Policies > Administrative Templates > Windows Components > MDM) is properly deployed to all devices which should be enrolled into Intune.
+7. Verify that the *Enable Automatic MDM enrollment using default Azure AD credentials* group policy (Local Group Policy Editor > Computer Configuration > Policies > Administrative Templates > Windows Components > MDM) is properly deployed to all devices which should be enrolled into Intune.
You may contact your domain administrators to verify if the group policy has been deployed successfully.
8. Verify that the device is not enrolled with the old Intune client used on the Intune Silverlight Portal (this is the Intune portal used before the Azure portal).
@@ -112,17 +112,17 @@ Requirements:
5. Click **Enable**, then click **OK**.
->[!IMPORTANT]
+>[!NOTE]
>In Windows 10, version 1903, the MDM.admx file was updated to include the possibility to select which credential is used to enroll the device. The **Device Credential** is a new option that will only have effect on clients that have the Windows 10 1903 feature update installed.
->The default behaviour for older releases is to fallback to **User Credential**.
+The default behaviour for older releases is to fallback to **User Credential**.
- A task is created and scheduled to run every 5 minutes for the duration of 1 day. The task is called " Schedule created by enrollment client for automatically enrolling in MDM from AAD."
+A task is created and scheduled to run every 5 minutes for the duration of 1 day. The task is called " Schedule created by enrollment client for automatically enrolling in MDM from AAD."
- To see the scheduled task, launch the [Task Scheduler app](#task-scheduler-app).
+To see the scheduled task, launch the [Task Scheduler app](#task-scheduler-app).
- If two-factor authentication is required, you will be prompted to complete the process. Here is an example screenshot.
+If two-factor authentication is required, you will be prompted to complete the process. Here is an example screenshot.
- 
+
6. To verify successful enrollment to MDM , click **Start > Settings > Accounts > Access work or school**, then select your domain account.
From 97e872b4191cfa2f6669febf036ac19431ce6046 Mon Sep 17 00:00:00 2001
From: Michael Mardahl
Date: Sun, 22 Sep 2019 07:14:00 +0200
Subject: [PATCH 015/191] Update
enroll-a-windows-10-device-automatically-using-group-policy.md
Removed some language tags from links, and verified that they still work and apply the users own language when visited.
Added more clarification to certain subjects.
---
...s-10-device-automatically-using-group-policy.md | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
index 7d2e52c4a0..7acb081d9d 100644
--- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
+++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
@@ -22,13 +22,13 @@ Requirements:
- The enterprise has configured a mobile device management (MDM) service
- The enterprise AD must be [registered with Azure Active Directory (Azure AD)](azure-active-directory-integration-with-mdm.md)
- The device should not already be enrolled in Intune using the classic agents (devices managed using agents will fail enrollment with `error 0x80180026`)
-- The minimum Windows Server version requirement is based on the Hybrid AAD join requirement. See [How to plan your hybrid Azure Active Directory join implementation](https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-plan) for more information.
+- The minimum Windows Server version requirement is based on the Hybrid AAD join requirement. See [How to plan your hybrid Azure Active Directory join implementation](https://docs.microsoft.com/azure/active-directory/devices/hybrid-azuread-join-plan) for more information.
> [!TIP]
> For additional information, see the following topics:
> - [How to configure automatic registration of Windows domain-joined devices with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access-automatic-device-registration-setup)
-> - [How to plan your hybrid Azure Active Directory join implementation](https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-plan)
-> - [Azure Active Directory integration with MDM](https://docs.microsoft.com/en-us/windows/client-management/mdm/azure-active-directory-integration-with-mdm)
+> - [How to plan your hybrid Azure Active Directory join implementation](https://docs.microsoft.com/azure/active-directory/devices/hybrid-azuread-join-plan)
+> - [Azure Active Directory integration with MDM](https://docs.microsoft.com/windows/client-management/mdm/azure-active-directory-integration-with-mdm)
The auto-enrollment relies on the presence of an MDM service and the Azure Active Directory registration for the PC. Starting in Windows 10, version 1607, once the enterprise has registered its AD with Azure AD, a Windows PC that is domain joined is automatically AAD registered.
@@ -48,7 +48,7 @@ The following steps demonstrate required settings using the Intune service:
-2. Verify that auto-enrollment is activated for those users who are going to enroll the devices into Intune. For additional details, see [Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal](https://docs.microsoft.com/en-us/windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal).
+2. Verify that auto-enrollment is activated for those users who are going to enroll the devices into Intune. For additional details, see [Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal](https://docs.microsoft.com/windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal).
Also verify that the **MAM user scope** is set to **None**. Otherwise, it will have precedence over the MDM scope that will lead to issues.
@@ -116,7 +116,7 @@ Requirements:
>In Windows 10, version 1903, the MDM.admx file was updated to include the possibility to select which credential is used to enroll the device. The **Device Credential** is a new option that will only have effect on clients that have the Windows 10 1903 feature update installed.
The default behaviour for older releases is to fallback to **User Credential**.
-A task is created and scheduled to run every 5 minutes for the duration of 1 day. The task is called " Schedule created by enrollment client for automatically enrolling in MDM from AAD."
+When a group policy refresh occurs on the client, a task is created and scheduled to run every 5 minutes for the duration of 1 day. The task is called " Schedule created by enrollment client for automatically enrolling in MDM from AAD."
To see the scheduled task, launch the [Task Scheduler app](#task-scheduler-app).
@@ -124,6 +124,10 @@ If two-factor authentication is required, you will be prompted to complete the p
+>[!Tip]
+> You can avoid this behaviour using Conditional Access Policies in Azure AD.
+Learn more by reading [What is Conditional Access?](https://docs.microsoft.com/azure/active-directory/conditional-access/overview).
+
6. To verify successful enrollment to MDM , click **Start > Settings > Accounts > Access work or school**, then select your domain account.
7. Click **Info** to see the MDM enrollment information.
From 7ce206a1f3ee59e46e167ad584b6012701c1d61f Mon Sep 17 00:00:00 2001
From: Michael Mardahl
Date: Sun, 22 Sep 2019 07:21:25 +0200
Subject: [PATCH 016/191] Update
windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
...roll-a-windows-10-device-automatically-using-group-policy.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
index 7acb081d9d..6cb12441fc 100644
--- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
+++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
@@ -113,7 +113,7 @@ Requirements:
5. Click **Enable**, then click **OK**.
>[!NOTE]
->In Windows 10, version 1903, the MDM.admx file was updated to include the possibility to select which credential is used to enroll the device. The **Device Credential** is a new option that will only have effect on clients that have the Windows 10 1903 feature update installed.
+>In Windows 10, version 1903, the MDM.admx file was updated to include an option to select which credential is used to enroll the device. **Device Credential** is a new option that will only have an effect on clients that have the Windows 10, version 1903 feature update installed.
The default behaviour for older releases is to fallback to **User Credential**.
When a group policy refresh occurs on the client, a task is created and scheduled to run every 5 minutes for the duration of 1 day. The task is called " Schedule created by enrollment client for automatically enrolling in MDM from AAD."
From 6a036332f05e083f05d712afd75331437544a938 Mon Sep 17 00:00:00 2001
From: Michael Mardahl
Date: Sun, 22 Sep 2019 07:22:33 +0200
Subject: [PATCH 017/191] Update
windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
...roll-a-windows-10-device-automatically-using-group-policy.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
index 6cb12441fc..87b6f569b5 100644
--- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
+++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
@@ -162,7 +162,7 @@ Requirements:
- Ensure that PCs belong to same computer group.
>[!IMPORTANT]
->If you do not see the policy, it may be because you don’t have the ADMX installed for Windows 10, version 1803, version 1809 or version 1903. To fix the issue, follow these steps (Note: the latest MDM.admx is backwards compatible):
+>If you do not see the policy, it may be because you don’t have the ADMX installed for Windows 10, version 1803, version 1809, or version 1903. To fix the issue, follow these steps (Note: the latest MDM.admx is backwards compatible):
> 1. Download:
> 1803 -->[Administrative Templates (.admx) for Windows 10 April 2018 Update (1803)](https://www.microsoft.com/download/details.aspx?id=56880) or
> 1809 --> [Administrative Templates for Windows 10 October 2018 Update (1809)](https://www.microsoft.com/download/details.aspx?id=57576).
From 2e960878ab92fb3fc823a159bae2b8ab00023202 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Mon, 23 Sep 2019 09:53:11 +0500
Subject: [PATCH 018/191] Updated images with new interface
As requested, I have updated images with new Azure interface.
---
.../azure-portal-LA-wkspcsumm_sterile.png | Bin 59988 -> 70159 bytes
.../images/azure-portal-UR-settings.png | Bin 67670 -> 120944 bytes
.../azure-portal-create-resource-boxes.png | Bin 24261 -> 64522 bytes
.../temp-azure-portal-soltn-setting.png | Bin 87693 -> 82937 bytes
4 files changed, 0 insertions(+), 0 deletions(-)
diff --git a/windows/deployment/update/images/azure-portal-LA-wkspcsumm_sterile.png b/windows/deployment/update/images/azure-portal-LA-wkspcsumm_sterile.png
index 9e37eda7a6bce059baabc5a8891e822144436fca..9308673481c169678a0b11d1c80014a4ed65664c 100644
GIT binary patch
literal 70159
zcmZU5by!tP8}FiP(@IE#iqeRHbclo~p`_#n5tQ!kmQs+A4iRaP?k?%>Zs~6Joqf)C
z?)~GQ$MXnluQhw-otbyuUo3-_6lCym@8LoagfAy6^#+1a&LIfZ1{)Jxd9*d84gSKh
zlGU_@Ac9up|0vO{1XSQ6mYv+|7g)w=_35vao|rdtw^EHB98ADj)64jG$k;L(C9F56MYM
zs5m8VCpl}YoLqK@8GFI!1KTj9Y$W7~&{^(!O2h9}&5U?Ne~gLOFV`6Vv(^6~d)i^|
zMd#!I4nRBlmkpE#D(eip^5%icbz^tXdhl{7@`j(<^v8RVJ4h0j_ZLV*O5jt8KM36m!-UW<@5Nc|y&^&%
z%m`}SVBu+jU@hXg6F;WV2kqm^5xTINm*6wgi6_w0skEBDaEDprDJC{iISA
zgC?a*efejZ+~^WB786fk!!fWCf{ZJ|z@|OY8+~FwE?6TMBUikd$shOID)5`p-7jysUIh*6VT7c3Ov%axT)n6G
z>3)A6kK!(oa!2|Q`HbVdyGF@}u#3B{n;Ht*zZ&VvK8fFN4#vAHGW4(|sL{?qtR=`x
z!2&fe`1V8LW4nu~QWEr%jSD>4a~vPTohiigRzI9atgODdxvb@Gm3LQHSDXE-5Q^qo
zb(FrwQbah|LG>G)uQ~iSig}1c955MjIc%mCbt0GM$}XHPh8crsh0szm*RB3W-r3u!
z$u8+*en0vm<4SO;35!n3%#7{!Ft#DiF^DDz$20^qp%I_Ag=-ukaXdkphxm(0d($yW
zup?q$hH*B(8hW*7)1IBnE_fC5klf%#ouBI_pA~amX+Hey^gw&dJY&|S-p?+c`D~wKU1B-8$1Fd$UzKyy?Dd`8VfmBFrX)klU4MRiA*f<@{?Js<~;$sI7?k
z`rCQ?k2Vatx24!%5C)f8>I3NpcDE0Q=c|X(UT^cp*!*bSnE$hJVQQ*pl2W|&#WR1a
z!YH&rH(^XNt3qofC(EB~=g<>TLBJ#v){NI*hz^-uSh1dNPlmMw5>V!6+$fG*aXSUT
z(Pe@XUqf?<0`v#G`H!X@u>OkC20PLnwS_j^7O*puEPi^yis?KlaijW7H)%7hOYVU_
z1#v}kX<>k=X}g|hM@_^<`t9=93B-Du(`q+M$#z&s$a4_Nu>u{_F>YM$<-!KTE)~KN
zPhpZ1x(M_ZE+<3{3DoG=pt_VLZ?hYxLt}pMw!XGy@OX0zx7F_%)5BKE`L(B16JM?k
z(fE3z#laUFNDIL=|JWB4f`0j5=2|7rJcFfN&jcZK3)cQ}hhlqHcM#e?!LOi!UVeIa
zU@gg|U_l*FBlGNI|5+kmg|Ouc;@0uO`DP^b-@@j!TNY~1&o&rP?V-`#Q-t%Q5k3Fq
z!!;rN@O8zr^Ryp7qqR5-Rksr5Pn{aB@<|YvnZ)V{VzzTfBMQv)I9c)Kft$kWmC3vA2DV(GzJ
zIi617o~Jr$0KC$+ElH7d<4@T~_Mp%kW(MqZ8nu}ePmc$UT<2C>G7}}n`~>cZx`UV6
z+jVD#`zKHIhp0TokIw~?R;x>I0&k`hADShydWZP3OED5Z47c%1h+_9({pB45=Ni%r
z9W4Qg|EJ%x#bn}e!7ckIJ19H-F{lG$pJ3a6v6B)Qqqy!Ejm5OR
zonavPSVtkhcO>3tj{(uIcDUScced%Mb^0u1uxB^c&Vn(K!v3NT1{!F`7ULF9G@HKE
zHz!*x)10g1Z^eVSY<*a7f2pBCALe&_CmpXKXczyW`5aE5E#^jkQwd?I@cpW~MXfC}
zctG-u4%T92zM`$JzpRZ@VR=z10YQY!S_O6CeKfAr`0QR(dzCXuX4aNL-OCikYPvo;`za{(@`(~
z>jE_Iqkb+%blGjt(-!liGop<8oe!(!SME(8?64P%ic=H1$B3ag{|o;
zh)dF^%op^qz#UeO7JIJk)BewFbcOz&ITSas5(dNm_9ia;DRbU`#q&YIYBjuVfx@|b
ztov!DYiX8uZ{V#BR(q`thAm(0VofZT;fEiw65p{TlMY;~aItK1xLtxoq%T6OGhcb5
z35;r|T(09n(uBnwd#fx>hQ<`c9-NkKd#hoxh@%AsbAyP8#Ru!(ZEpW;X)W%)&p6`$
zaK-OH)Au=Y;mqc)l%jT{?{cD*$?Kvf0dDEog4e7~Y9<-QShGZ}JAckLHz5i$d4;CW
zt?0rPjKtHCZy~O8(VJ9#nt(yC#s0v(Rf<}rH*|WPf8XCzd0N^$|NM$)U?g3-j(SGW
z(=X3l-YE%A!B*3cmfaoT&^5B$5wV<=;vxCwO{C_DpVW6a#kF#Nz$=_*)23(YPaiGr
z=861tp;Q`7T{|R=*LtU{J^JY>%9Ep)c%q_nUZcX}r4_mOF*^A&BiI$?3H-^O!4!S3
zZw7>3I9bFqpVkSZzh?iGcb*ry6{u(V;RiWE@<-{uG8ga_Yv`JYMAMImnz62@ofaj}
zQ?46Kb(TrT^?Vxw^CiANW>7f4Ix8dMhJjs(0u3qfrYjdT<&{&xZfr3i^_Qw~l#6Co
zu)I2^n>MEpIaJA0y583fn{x}B)2*~ALGVgZmU|;sj=y*IuW@d|%1-UvXzCA(#B`k}
z=n%4;9fvfYadveMCsUiN@>CYL@i8hC8+1E~xJ58zv&6T-i1c{|OEL7TkLm6SV*D3CO&eHI&)k6(mklaNHh9X_TJ%J~L97*uNi-Jxm2Oax)cw2)whF%_QcD?kf=*BAHR#NZEpG}RVIlfpZkj_?L6^S7tiDYdX`icm~Ds-c?R^Cor-$L#~+
z9cvrWWmIarv5Y;dM#6O?K|T~1svZj}6iUk`eS76ts!k+$T5c-onykA2y3$97^?H9v
zAv^UoSgDWlm0K1!O);+o1wAi4mwn9{Pz=Wx*Y;QsUdF4OKNCzv)`g9J5ri4yLK4SZ
zp!WV$hWW|f^eRi**T;u7N&TTq^!b?u
zC?V`y27}7Z_#Z_j?C4y`>dK<3q2myktf*3Az0;QyuBe|i?HtqJqUpNpb&lx
zdjV%`?ijB0p?9Ik57Eu9FtMsiO)Y%QguTS){d)ta*?_A$<*5cZm&qBtnXyCC25;``
zQ34QvjUz0f@mVwxOOXg&0#%VHCS7s8i4@(sX87#rIkrKg0fldWe?R}bczWz~=6@b#
zp!TKX`S2=5<2gux7*(L{H%hQ%`XEt1>3wwg<42f;RoZ>-lj+$odwthK1g|FVdavXClFrz)s^ifLH6JE-
zbkNxlLcIOOA)$eGA2iKvLMyD-dD5mMyW;PsV*;P%Ij!SK5PUao8BvzS^OYIf)EC(t
zM%zM~n(6$DzRy+f^7*tDUNC-D{<`jYk17mrP+8N^C!h21`ttsvAFm{GxIPB^f1?G>t{wa?)pJKN`N`1Xy~lBl^HrN{(8AK?fyn56iDTPKW0>gG
z2PO{nPNmTwKECRU{`W@aiaRV-ptGl-4<=)zR=rbHyNU_e>#NA8s20I
z)&6eyrDa}wHq72rJ&YF>P;-wxgL8MAdF!V!M)F<`If;&~^!`tU2%fcgFn@v>j%qVu
zy^G9n=DfSPu9L6a+=QR-C@$FTQYQ9^`1bUW21P{d4T?JKO@^#|8=*CiqK6eNQCyFa
z8dd7f8oZgL=XAa9r?J?#dP+@bCZPODt>H35@8;q_GQ+LjRByhwP=&=_)c=oNc~S}~
z{Ws_r=QjGFUQrJ5b@d4qmvJBU_H+fIT*4d#-G5lnh-PgqtEjkVxP{%UeaV68c{0VT
zUE|QJ@2c|ter;{-e(xkp)bu;*)e!vQfTenKa_j4Nb$#`geQJw(h}?jZ%A;aQV;t*C
z)EvY!4K=e9Izhuc9b1FFOKW>W+Y`Bs;9I{g)c!u(JqrQDqm||5Wp4YwDsHugSdmc`
z*3*-F2L}gE7tvzN?O{~dczDm%)W}FkW0(XU+#MVoguI%YC3{l%$-Pe77qZ(z;Ks&S
z&_snL9RZ!7-)lL!{gaayR#sfd*d;m6NxQgI4>}xA)){m9`1+zickkZSXt1F9T~Y!I
z&&)077?}hK5Xk{`|o&XT9^XG>7+@rV6K0uIaTy21+s0EXEn7ybsUAPB(_T
zp9_ylCMI{1UPto;DCwk036j{SHyH48Tn6EMReE%%v#X2yowS)Tmb$w7s~~I{gJzpN
ztp*ec2?<$^dTLU}W)v^mx`=xsxGA2eln3q0~McHLv==T2ZGDJ9Wmk3~gk6@?GbhlYo%Zhd@w
ziY#t0qx!N+N_hTmQE@RaCXzaOAYwV!x2TQPFX;uFUK;MVmErD}efmpdF>rmOYv#t4
zD!+5rVd3w1icPzonYlT}_~dVz2O}uWg%La1Z5poVgDG6j=<}1Le_fX39KyoFFf-ty
zxS1p!9@oSW(cQaY!KBPfBiV1YlWf=f7(l3@qQ9B3l`d6Twp`XrQcZk9rh$qsE`sDN
zoqc_h%F4n8FM@Ia7u}*Do2q~XX
zTs2&UZ+VW&b25ODW=MxMC(qW{hkx8(XnJ@eVdoRwzOeezKJZF}+MJkg0>`-`UYYf+
z{gkdD*3tSTF@Gve^bya<1&4J2d|+zo&x5K>#qWkE?vj%Ekc`ddkmhpH1Vgb#7rHzBRNP
zo(~nBw6G&T#=O9KldY0fU;3Nm^wdD=#fuhdH+Oe^V`gdV1AJe110f+copP9bEcp{9{{^54R&jZBiH_bYfzH;(ev#x86R*Pdsa5d$Qk7x_{3L
zkvh36`WEv~*pDzvXi%v!?IVK=wwRQ(bUfSs%gko_4}_&1jSbg_^7ol7pMzARCW`Qx
z+}VgqjKmF=8cL&T$aOEWxQNxe;Q0|94MD+D>2IZ%mVIN${5AQ-*$j#)yuAZ#W2l_D
zJ=3#_cb)e|UIZ0p47$5{liL)ANHHdD+t)YZ!OgzqH$>>oQCz#^rEUchhX#vC9Ao7@
z#7s#}4rf&_KyKf!ag{#P$#Ipa35W|t-^0mC%}0-`{54CAsX|RO84P9eh)Ee2hxj7-
zvuND!li={@gn#}lt)%otuH(ZeIyc9gs#;-mbabl&tFd0s-5CLBYEWdWAR;27qqOo_
z#?H^Itc>dFcUg#D#5FSu3(MfdL{OWenBkB$(TAZx?(+jU-09Pxq;K2&e4)(Mfpzh7
z6|a!N8_5F)EiJ8ysj23^zHqHpgW`o|&K3@{n?5o_BcV@a-^R?Ma7gCUQOjfEkB5ux^lHb+Fb*JzB
zq7hATzvKkO;XRPv(K6ozf5vTLTMZ9?{VQT-SU@n%FE5WR$s+~aZM$`3F6g8$W-M>}
zmefXJU4KJqS?&!;P@|g-MMXp)VorOrj>V53<7CUj@nOg;B1-^d+Gc!
z8{^6~=m2-Y>+lQmZ~_~0lLnuZm6Zvm_j;x$-8$X`c0=v!zt8+Sw_*o9-y|#j
zY`FbZpW%U%URaz%EGz+I!*qb%X2=9MKH7yUEBVBJ{p-C;3){Ck
zo9(r@G*xTFY;Z*A=ZJOtZ^3lmxE7##OI?_YAk
zxE^=nM}(iX|LMBDIpM-yD*vb8lb&x|keRW@y1u!_FL!lzZk99ml`o86v$icFWf*u4
zqayASlsM)`7H@BktzmN-of8rxxSSNCX?>HElpuWo9@erj7yU=HS5gv9ZS5=DZc=nO
z&A-)A3&r)Q>3FC@6q*;4OvJryJUqO%^CGS$cMlJbI1p%yX;m$)5IT=@l%uuYEeEY@
zKEy@8=Tdf7a`XOTOK$<9ja-lZ;lrQ9)m2qh;DBi==@*?=eOvR&!h+-F%a>fXYdyMq
z2^$R>y;0lP1`FI=2K!?QA3i+9B%}?+Bj-4FnjSCI>mb*2LxF;Vf;LF4nS%->nVfuz
zD9~JK-4q$3x{8dt$+YWS?m}FqV{AQ%0;I?X)_N1bM_lGpPdnc~VS88FnQHOzP+0+#NfY)dUqjkBBOXsV?y}&_)ceFIlEoh
z6x^1Xj(>@Y^8NewlXk5WF&-IP<7A0(vB@Cg$k^D@PQ|>my*;mVD1|q;YB*hP{-x`E
z;tg9~VB`Ee-E@UzN1kTM!rop)l91!lpbXs$IGiCeDhdVC)zt+wI{x;~POpJjUD?K2Kf=r1NN;C^kHpGA)#N7zMvN-KliDcoI%6-~%3kpYJb%Vbs*|TT*;P?IGV=2%l<|%Sc-PU+sQ>C|WeQ&PL4140ZolYl>54KDCmo87XI(vFn
z{!~|28*EP$Yu|w4r?st(;mH${@87>`l$sD1=rs_Cv;I!;ycHlJA$eAD>y3t0a+@k@
zWZW_$L~#`r72N>KHu2jCkD6v$@3e)sq^?e++;TpAYrN19IU4W@w9_lCsYwZ7zL$hA
zCcGn@W`=ubriwIy&)g?45X($vF78DBR;>q{WT*q-8
zM+P1qQZObH3yT2oP0T%R@7}$$Geh&jqIH6_%FUX_^*qCPO~N58N
z9nW-qRu=QRx&F>#itTA!flf`pXs){L^tn6n4Jiq7U$~R|o}C?GHNz@uDoyl0-611m
z(eCIJB`06D4Bg@YjaOPNq6QGs5qy6Y0A^75e8Cs&gcl%o;9@w~bK)GaTO+yo`52JJ
zo$heS$(_rYN^3L)1qHC8u)q}e;fQpDy={GY{1Jp{si0=}$)`dvA@8418dIg#c{}Zt
zjVozsb%!-hCg6H{dUmebfc<5-)EfMVjjgpUg#2J5BLWqADKD?ArG*Eg3c832QBzaH
zE|Yjo$!u(FAQMXiMn=XW!wv%KXI2o%9NJn?<&hJJ^&(i>3l@SJir9$6k`B8L8b^wm
zM4}t2|2Oort^LuWJ7M#NM50ZI$x#^GmI&qV&Ak(nB$k
zNdf^8+yOl>7)X^!{30kQi2Py3M3WA5%-=wS;lk>wf0Hj3)i)dh0%@>r*ZNZk
z#aa6@Gc%E6Ez)m7ElANU`LNkqCKGngf3E?NT#~ZKXS~D0&b}&qXS_hi7la4wT4HkY
zjHC8$wJ&Z-$Z$u-c7Zam<@Zf>Q*y+PQ(3~~DjMWM+lj
zZ$zDdV(T)14*+dEU`C|o2MtjdT5|z13W8V9sOdDh{WHks{i@O
zX@N=fJ2dGhcb2~Aramj8H2G>jgen1h4>R01w8Y1-;DsO#{97~|eBYoqJBj94(!Mhi
z4}PhJa23B2l9_(~qx~^L>yc@hgxLi>km{rsPy}WqMvf
z^WJSi)&Ch5WsJJqm&tT@r&l=@ceqb&*dj0KW#EL+x#XK*S!+Dn{Npx^ObTc}Oc7)E
z_gj6n_>%%4&iv~I@TV)t*@mDi_ipZHwcwAdx91tES4Ykxg|O%5DsgZ4u-}y7Lkr}H
zH?mUsK^!!p(qRtN(YzaE+7!H!miXQ|I~IF03nY;E2Kx@LJ|2D_K8HkxwBN>?9o~iJ
zUthtEKR!{tdOWO)MxxB>alqL|mtP*IR#1l-F!jp{e2KcML!4?_9j5dIOYwXKHTgFK
z;dj|}n4p^rR4KSCkG6|tbLub|+t`s~=^?{nD;&~A14I1bBL9`au{C6LipVU{7e?o#
zy6Dw|Q&^@$&O?)MP+-jKz%OL@eA=FS9!!tZh`wG_X&ZE|BiM
zoH3pEVg6D7EO$T`P46WOmu_AoQ?y5A-iR(5;^47NP!b8D>UoB2W*uhz8T<1u`MAZa
zzDi?Y>|iN3&;Ptj+Kri^mS2ada53)_C>s_u#PG$mbXf*YiROQI4CUD+8F@qF&<
z6NCHD8IsS)xgygruRzsiNa4Hpc$`XtNXj_w!G3!y4Ycw{ZSm!4_|#W7!q3;cBCghg
zXE25JWQh-JI2Lv(0Ah*JUg3Py^9UZUGTz^^)RcXt?Y;6%CCNSp@B{BZBoocZ5X}az
z0Va0PF^+AYCRhmiHA-{sa+2D~ob{s_7!z>1V+|#xo`rvSufKZ4iG;h*!uEFPy_M!-k7-A)?E@q3E;qXs2E*QXUuc=dt^
z9saTBPkMvB6EoC!b}PeBKJK2BCiy_vM|~HO)wMG{8C+~P`9$HHW_&_CWFj;3KS2LA
zDG395=C(nUp3X>2Nr?lQeEQVfgf><2CaJr-<(F~>Y|P!=ors$uGM5k%5D_I+f=1TO4@F|TK#~PkPks6p`(*!WqrMi2La&zH8MV@qun`;0=FQE`Uj+qgOB)cEdpm4mG8oh}hH6>>
z-7oB|2LkF!qglm=D70z%%}*M@vr9F&Cd^zr+agi#Hx=^_*R8>%#U8VQ91ks7KvU<3
z-JHa9bp1vvbb@YvHP-Y&7EDCG#wqV)h*}%hGh=m|L0ydk0r=*$9LDcbhTstCvY5zu
z|E#joYRl6Nff27@3_()9GEEj^@-y`@cj8^7XFMoe>4ZhP!s#st$vAaGON{%MfM5%G
zUG3Hoa@L@Vvsv}_{!&Tcm=bpKsTA4FsXTis68T<+$PYs0
zKA(|@QT%uenWrN+iKod7d+3tACBt_(R5odEG3|J11
zT>_I9dv}a~INcWK{lQG%!2zB{ULX2AB8MNM;0|gr59*Exx(-kY*q@$|{X_JFqi?&W
z3CD+`QX`~uxDXt}xZV`Pz!HTOLeAMP&spaO7Mqik(*hXIBNmpws#O0R?UMAEDIn{5
z4Z43I0U^ioEZtpP^bVuqKmCOGuU(GN>i)bpZ%6P8
z1c`}>0W9!cHI}}|AE`nFz+oN+llmhXnvpsZ5-6v8UyQnMgswli|^yNKlMTR`ONcHxc*{|icPB=
z2AW9RX=`i4hQV4v{ky*srHK2vPMbqUUOr@!pMAYQ1q(vrz#4}gNjtmJHVZdwRC-YM
zcQX+A7OHBgPj!RrV71mmDSS3#Yh`1D3eD6ylY**ERIO0gyu33uHkOHvEmSKaICxXp
z_2e;dDW#<7WvzY=30YiN@UmWRPphn?04QLb*b$luif1?7ZvT;)iD6SU!)6`Rz1sQb
zkEFIX^~~(-;`(}Eb+sUgQ*-)1XqqUfNsCJCdLIpZQGN+KJv{`Nr`Fq>tAie%{E-2QP!YhHp;Y{R`mRb!L@{idKJ%W4B-^8TP?v)i
zqyQ-$PAh^7A?GAYQ8f7Q&?b~t-G4bcmpDTAR-y0b*2)?^Y4)*aug;DXnl9|!$
zOA(6zn*bHsAJejgPyRMKUyaq{GMnJqwf*z$@&3`#FtKr!cDRV^sXpKoebSS@e-CbK
z6faP8baWgU9sO=^fzz!0k03(V0CKz{(T(pA>cZst*yDq*fbi=Svffa8yXrW*TIVQ{@;q7
zd;VTT&Y`!rH&Lse+4-=G*&1}!Y_|F?GRWXT5X}9x1WQyCI(N_@y`W&cyb9~1M+<%>
zwYAhhAzqd$2P=cexbG>E1;BF(P9Y&77(4Ka1d=S{t9v5vTuIxjm&rM_e;HD_`lhD*
z>TsdaAjE*KLGlX<4*h)&B
z7uGIdpMu!qd}!P{Qw2K>fE_Iz&4-<
zJ&DaRzwDz$@sp|tdpO18GJA5kl7LpYvn`sHg#`)rf@eV+S)zN7!&A1H*7aCF=P8C4=*ei|;GS^g+Ag|8PA4+)k!TfYW*Ae0aaPrR4zR48!A%K|rz~(-In?aAR2N
z>$bVMWZM=YKxlx~Y~|=E^Xe6>K)cGverpWH#BosZ`x6Wyhwa9}3>j;{>a?`9pn0i5
zAoB@$gC*Sof>=rJ?&t3hpR08St*%)}_I$5i+uaQZ12fnf%h#6F0hmfwiLX`#lcx5CH)JW|zCBrX~gNr*BPRFLia3y*Ehx9_RykS_^K$
zDRFH1^dA1mr?R>9rf>wccu!IW+te8VwG*4uD;9ILU2UCcsHg)oGocCmmd#yVT_#I9
zo|y#&1Xu*rjkV54F6JX{U{NBMj37UX_?0c{1_S>M>DyaN``GJiw@}Jq9&6z!nSDM-
zh0U)7TAa5-Oglt=qu?-&4SILgm&|tz5^G{&Vh?Tc896dVfsFR~Gj3D1bqq4kVshVx
zhQhwZ#^Na~Ghxf?|8AUa7an7xiEJdTzz1jG#G%BaotFDT4Au=aar~CLdI{ng4(a3E
zLYQ>i6Jb|%mvuRmzS=vBjARPbpHxbh&T@WQP|6bBkhcJ_)^z^iBtYGW>YdgkdJFX)
zvh#ex`7U=o=Y7VQSJ>j`^!!b~jbCmZ%y@_BRD{!C@&+6&T*c#4@g0}ppi3N+pn1g4
zfLiivVkAo?Cs5#O&bD`qLP~)~mDYdx&;`ev;+nf*sJ>dfqk_s#!NIO+i`p<-8ah{wVt#C>VN=3ii1qt))+u8WDs}|?aHbGsPQ@Hb@Kvb
zUx@*$A%68GxYchJDkWTaW_OMaYP2*JmV*o96l;Fs%adaf%xia=6LqktPPWDvgoNs|YGTjxB*nD?8Snvl^0!3b$>z3a3T%uJu3w_@>7TU)#G
zb}WD1E4se{te}_YmzSw&^|U}GtlDn|QXf4S3AC`a)p63bD;EFN`^RfbtK{I{hldtP
zRLy^ggFtC7VJEF9vhh>z{-j*y8wgNsWXaAh+|23geM!rIW~%M+{*|`)etCk!T4A6+
zNhs@WK~d2cs$yoK6lppONVYT+0j#2&Aq_`3&RgHmh}vPl%tZbA^(#;yJ9zqqdnZ*@
zRDKMvgOjOBG^;(pFQdEX#GicTILmH
zOK>nNl5+y;i$;Y9+CzoJU&~Jj@$t<$r^##;73A7-3+u)*TZMzAnw>FQ4Y*O!0(Elu;++S`4*O+u=U)WfW=&#ixCWf=m&QjiH=UwO3IsZ*#ZE)Idu
zp#c}9;PAy&5bIwg&<=oBmBY{eI20ivZouKuf0eBq^iWZG3Y6W@)34w@j=sLcTu~r}
zI?g(04IZ{a67-mQKYr%~v!YAD^z;6XxA!T8W_HKGH-8&JrJ7s70kH6U3~|!MJn`+D
z9{`Gw$?`gzD`nxx3$Ff4e!eXLFp6mT?
zcIq~JQ2%JxH;&ulyT^$3qw%(%kGvFN!W03?x9{ctt)TjR`R}R?gt?PQ
zc?QBM6c$dzf|LI%N<11Y1)%Y8(~nORzvPa7;vy97+{s80GoVjHNfod`XH>ol-MM8u
zJUKaWH}@gX@dmt{C$js8xE3SqQhpq83&{ds-mQ1`Ol#JtowhJ;_IBu
z!3}KTl*>yOg@wo5!9@<|U1{xpS{$*@?~_Q}CustkhM88;ju1)c-T@~L;+#V9x1lHc
zq;l=cOdrX#tF`C;k|@A&O(%89eLs)pmUnjQ(>dxBaIsjUr)uLwL`7;mO%Lner-^F%
z4F7Ip>&h-fzkHy=a(CpDy`q*pkqCj_udvnVM|W_4sjzSmC>~Qk^#QIhIEAlg=@9w4
zkW*yR?IT^W&CangG6x3-qL8*CFc9tdr%McZ__r#GY7=*H{k+XdRwQsRC7>c?6c8OsY-BBSbF|^%;Z{~wUita#V8TEIbA9W=C#^_ZxP18Y
zE70;PkH%e}ugD>FJurU_2ifAriodt8g@lAArl(t)noz*=i3!Q*$wkuV7x$sihg10P
zkK2+OW``IR|LbUMQnSg&w?)Op-r!rvLzump^C)k>DU40GdK%Dh?Pocke(2Gm`-fc*
z;66vPSccMgmtr2*7tPm3sR&t;8&Z#63e+vuUBYB72Jf)v9DL(#b
zUcbCCr1eyZ^&J}=4+yJZebz~M7%_cXT@!1$or4tdG=_PRg}wE%G_u^Do11etCy+Rn
z?;&xj*hhF9Etv6?d=BOm~vYA
zD)VfS1IQYM4Y!{`-HL==kdlguUtAmoiKEX3T91p0d5b?n^0q_usqUYl$>fu1%OsB2
zBToD22|##l&y|cXxLW>p?Vl6fjNJ$X^GGh|e%Y5yd;k7@bO_XeFz8oKj-;F%&TiE@
ztt>bvy@4rri|u+ZcvIBTJm0Zr
zyE&ApQEm6wn9!9vLhRNl%hNR-p&!#&@r^8P_gGO$)^gLVu%O_tU3Ot1e^m;I03iFs
z-P~#g)=qE%`P2p|qN^!bx)?o?Z@==y*}Jo0YAFrTPEBJR8{5WeS5&*0$0!ybDt1;@
z&>^Izc_#3_lL!bIL_qLEgYJ-%XMkFnfq?-8tvQ6VJ}5%;5*rv-0j2}m|
zk>LF5+#Tqa9hH0aSCtKSp_P@D1)zWNbvdMa>N`ZzEb~&t|J6z&-)00(D{Nd`NyE3K
zj1Q$4MMP!|+==~+xI>%H9;PI*$|O~U^zo&@4{5CjfdtD4dJ3Y|@z<1Qq9=^Q^yFE|IEW6gv
zBmO620C?X&JUpx<_R!U(1yqQ^7&p;am?o;_*@8__Kwug#;=YO)kUm|Wba5C+-oHmh
zg`7aYfPi>IS{Y!Y6E1V&-rn9Gm>KbNoO7lERe^K`pp*?dzcdw8rg
z@1K&LpN2KX6GcmG#s^f%XxS=%cCizoNM
zg{g}Gnu)(l6dZ3~E-*c*A6j7{Jk!xtAiqg#xG%yN0B0(=ls{jekT53H6h89y
z?OPNG4u>O==Z`m!wRLnbY|-DmeOqw#>F*W(C4AgMTLcQr=Djt1_lq8SF+!NRk(Co%ujPESqt2JuR=mv
zF6|M4IK+#c!qz_1w0G|K`K@+yGcZzn@onq(@ELe968T2lIh(sPd_@Pm6KAkdOYXk$`9pbmT*mERxE1|Fm>Gy
zUeJtJR#fnVtqaRm`3%UjdtqTEJ7|qye-&9RO7_`{07FQDwwzq>!t3^*uM_NON74sP
z(A%a}TwQ#@dIvJF&FMW-M{!r%C$6VvV877=NghP_8%&^)OMXGM!!iA2CPK-`BeSF~
zD-u~JBVz?P?=Qeb2CN}|V!VmvEzAIqkuoc^X1~q)l9c~iS{O_Qph=adgHS$;!*0Ll%w0@l
zRSLzG2@?xWY>NUpdGYVx&j6xq1U(0PqTGBs02Ecb59xs)!}V-;ReS!)cbJglE_fZ%
zEYST`vM?pk_FH{0@L)^xZfDO@X%6T_-6*{H$dW*HJu#v2l%F4&J4u4ky&PKOV`H(z
z6WBBWdLnJ<13m~@*&qq(TAuUMjrB)~!pgFsII#DWoqe#Ux0sFb#**xkD=IY5G7%+IKT(YF-br}
z@z1BTXac~y3Do9Amh+_HKbqAyM5@R*FQcpDd72fT&Ip
zNJumE7JJ83W=Q~fJ?JS!3ix(IWMOhd{5CHF<=EZK2vlMi(eRwBC#l^)F
zHI9XSvO0`kfjLLd*kxv8Fyr84TyNPEapoyt%{!V@2NZp<7M1|bB=hML3!m8pa{EC8
z)hW!c73W=1itU?9=%3wpYP5T1O92#iN$aK^mMJ3
z`dFM{i{T$w&n?uYu+4-1`A;P6W}@Q1pbB8?T&CuK)R!m>+5z0BTQQ!1i?C%(jE-(=
z>$|w0_2ZtIp)CY5!^@WzIH#7z%w*JItkJkgbMrbe(eDV$gkl>h&kin3v4Oa!A4&R>
zMRH5R>@~M|0Nv>On+At_&6D4`fVb~tJ`PBhbZ~egsL|3qY+8;#r0%A7Pu8dt4m!Xu9
z7svwktxp9Wly!GGxW%3W=cMpKD=AO`;gP9p$$d>A)4?q{+tc<4DYua-m$EYP&$c#e
z2LFco8v=#oPAR!A_MT56=9D$u430PEUSNah&DF&MsU}HTNy!Uj2#azE6ms$lFHYZ$
zf0NxFkdr&Y!N-50to+rR{?LE&&eHPo!R40e!pb>;h2H{xP~v|NOdNGJOJ{
zJqGjxaI6utMa30S15#$<+wnub2X(=KE_1s|LC|x<1(2BYjxOeIz55kF!X3ZNTOla`
z@*+g)I=nYrCp0k{ZZC8D*f0$Ao22|A_$RGRw*KN2>p|~c7Nn_;wVIzD{uOq}c=Nc|
zWddK~*!Ul25P#(F*r{R|rYK#C_}Y7TAwX9WrlzdGOBtV#fb
zVxHuNWt3dUd_xB?G4l-$0AfLH1{0H$5^QAu;?9%qKp#K{=I7@t<&FX`Joq!?YY7U4
zg@px(JYcZ^ULEdA_8%xE&#C(gf1|n+kqp4}*>V>6Ck)zk6GPDb3%t(B%Zmabu@3NQ*=Z!xyWo1v1$mH(gw6dM
zelVj>ZwC|;4Kb2U%SgQofBo99YIu_^Wn}bVJlu1^3R&rWpq8*BO}i$3Nmd5?50)bK
zw}rbDv|eZhrf^%bRQVbR&Uj`h5PW}og(tSVPnSb_#2hpi;5Yk3=?~+-^JLcnsE*@7
zN1gcJslJ)DnmFHI=9lENy4#f_?QHF#l+Wz{etR)h(Rv7!Ge%$^wW+G@H?Nu{YkqP(
zfju`WM@465^3xU5X8VqM2A6MgQ6T0DSC66
zr%{oSMAX!w7lZ64_(ny|Uos<0Au(
z%`aVcA|yy40KAur8xz(~;EvX|wk@mOu~nKF0LOqdA^Y;>Z<7Y_8pVcycf`kb!{K9#c*`7smfVB-Y(YUv2usm4p
z>~9sXo?n4uA$J%NLs)U|8@!vcgd6Ar)9n=@m0^JPZdlix-TLtB9j}t97ZDwK5AAZG
zoOg2EosHm0!)vYx0iR-3%SD)lL31S5Ym4FOX)42x@D~aS1QqO{6a_!~S5#C;IIETN
z-oppy!B?QlMlmZgf*Jh>0D~e9%_Ie*aZVT=6EogC>ea)RsWQ`Ii&;UFr}vPcVxrQT
z2}Hx{a77N7H`9Td2S6+Gq&Jao2n8nz(2;ZAegFn$jj~U7!Flu$6g=kB58`6Yx#pZ>jQ98cVodEu;XimgdJ1bJn0e@hKA}UGEwi++v9M4mXkH-p8wWQx
zl<)UkL6j^Muu{^}ccF3e^{aAYOA8wh4*^gK8z6nbB_^J~&WHjLG=dv|S;NJ}{Z2a5
z)^-aq9U(jh)OwoErJ9myb<`zq|@*PdhmeD&4Y@lWb8F7Q)4)j`P^x=*!O$ZEf`m#L`%(7tkbeUVbw{q@aX=GABT_L}VLg
zUC9wQUvU`Dw#B?qW_Mk$!-gUh6larI7&z}cgXO&Y`C8DLJo1B_r9mozZ5R#HE6giKBGYxaYg9i^LU@4fB
zIHuX?
zf>0lmD*naSPl;Y<1?RkE&@QIC&tDTXPB&_|x=JkQS)Wq=lUR}r{ikgpNpFR7{=6J_
z41T0eLw)`FRu{Sf+#H~d0X0MupkzXnnY3Y42ZmOj(RqI8TLH|#D<8)&`0?Q;6eUOp
z3W8n2VR2bn&dJFMdB8oZxBy);P$Pf3>70w_YpLtMz+)MNHS$0Uqo3+vHB|DQlMg3?
z%0&2AfBnMK*VjkvL?}e<1)4p2saz)DbvQX%RDx?#m=IZBf2V*TplG>h8_TEis#zk5
zceJ!Z5#WbVFu)MLkzSk|#zj5DYsYx(fcZWxEuwfZX-jpRX+Wuck-ut-@IafTy4gkV
zm~h``w^J(ni_qwFO&S>?GdJF2xhGE_$y(vvuKyOQ@<@_f<)Nug#?L-}jdkatA9;~U
zB3iAEL+<8(>+;{048NFH^jImQ?7d!Gtf@q1ec?q3zE|(Hi0~c|J|o!~K^sMKvis$-
z-*u}_QJ0ykoYzg>yS^#ewIwsJ+FvNMfX$A4wyo(v%-pD
zhv!)(EiuofV^d{!nTtynCQ{ri<6qAo-9;zjL_IB0JI
z1I23Y{#sa=7`j3T+C48yrAYe8Mjdvt$*hvGdY_YiA3G;7dm3Ji2c1uI44-Z}MNZ{r
z*l5J{hYx9?SvWC2j{|1M!NDgb*lW*|t!RQLlPQ>S)$1FZKw+3gJ?(N{$-eU(N<@EW
zKq!Y}WVFW2s7AD^^{ZBZl4f?`!>nL#4>k(?^L;r!q`{qP{4-X3k{+w{lmZWNP5ZDD
z?v!1$D2oB~X7V8?SSQ)nG6o+z03)1=uaG7!Kc5VoNR!QL+Hp2%QBlOGT2M5Gwc)dK
zbk4N76Lga|V45=?kMAwlflg1_THV7#65%VfB+mJjv;|)u2_bi{Vic&_Ce!oU`RmpT
zw!|OZ-B%W5zz7n&ENOJ-+*z#(TWrTlWAk3iWP(|E>5agIJj327*R?g{b?uG?mMbrr
zt*>dtHeHNuifNCtI;}dgNl9HWCzrPF+L&&Er{bp6=2y1$y}iBteNl-%^TDL7U*uS}
zCwRy2@B?f@zT#(d}Bm@ko*p5IGVQAiSTMhj#A*{yq32lBKe%FeWxynC8c}q+QkTc&?Mk3~2Zg7hjxM9(340
zs^LxcP>fS8}(?>8u4f;3aw8T7}jBIFu7_tTJH4N(vn`H0R*e}u&c0{NUarD
z-K9@QrSQkE9U1(!cz%Sn`uQ@tC+aDQC_1ul#LwbU@3~^e<1N2r_52KpUOd#mRegWW
z3(5YUstC|;`GdTmrclJ^CnN?wm!-{b6YB3X
zdX5Fj&Xl`VhP81gO1fM?3A%LBXCIFx=Ack5HA}e%R47Wt@E0U9`ziTZU%p_Vc(rnU
zc^&~1fJEOJ)cKzW$khy@HnGXbKlU*c3YHaUp$EWHU}QA)&Wa^;veQ>;AII!1@01KT
z*0=qSk^1!&*?mqvX4c)=qhCAPU2cy{wYk}%oO-##(7%LBO@trC7!yj(a>0|FSNz1Z){+opao#K@jeLiirrVF8I#e=-y73T
z{vzvMD#$GVUXDObI33}w!7xn0Tkx%TwY+cW=2yE}LV<1_|I~>a>}Q#e_I4`4Eno}Y
z9Xy7$>WvDA+KiI~!#PaM$$9eweo*M=e;NPzv+-H=9j@!pw1!po`L}N>K+9~-;TieD
zS)R#>Za$2anw~i?tGhU#Uu$lXSqGHgMqOVPEW0;6b$HcMWX_jK88UN_H9BFA2dFdk
zbStgYIkc>lu!$&!4NzZ(;@)J={foc*N;FOH``#C8_B!I1vY(cY4Nv^xnehg&w~0xENG{IbBWz>*qC
zFCE+gel>WLcjccbk%RE7`^u-*f_L-Tix(sxK7F#Em5w7uj!H-F+faQ_Y-W-<*>^V8V===KS{%vv`8&QeJ!
zGzaQhlzg3PPF8#^<3+4!WkxHgz)25}kXE&)IDC%R+H}CRy{L8F5A2K-s9SBaaZi>vA7CEWK-`L
zbWb(uII>-S@~OQYJ8*B(V|~qCc0$@u__cM%YjbT%(6y61yAFSlj!BzGn4^&qs|&w?
z05PZy0>E#3d}!2O9cmYsv(LK5;wq<)e^ed^hC9U(4{KB06$ea_63y|t+WVg^0k
zRM3u>mBqGLg%Q*HrWTOfZCqV=_=trBmxPSW@;+KZf;Qv=(_G-Di$M1LSc-&G*ir`P
zsF@I4wK(#%G+@fPxIU{#JxsmB%*tB-$!fz7Q!t?deAUZ`8X3J}P+G|=D5UllzptpE
zo0^yy3uex~FIDwQ_s(}$l{bPIuY7GQYD0>G7W^i8?
zFYam8oZf)20*miYA5AXt_+}S5$%EM(}Zq89%ksM4G~>m*#SSs!gTg^yn^5nN*!(?O%g*R`OHPckixm
zkP<#qqG$Bx`8H?$xX5dq7Z>YXV95C5&(1M;4wY}ceFjfkDJ(!%_JpBJbk#U#g*Y#l
zv(3R4Y&X@2$4{u9Fh~-3L@nXBm**%9D<9+Ao-^sJ7;QSsmvhhoY>q0BS~b4d1vS5B
z$$UYfi)u<|P%D$q6yE+mt|i$n%69T_S40|mH}GV46dg2JIcMW+NbT{HE*R2a^KpijZq{_FsxdkKb
zMRYYS%5u5Ttb0ql@-Yh`HsHho5#ccXjQrKaX)2R6EN
zvMo-8#nZZR)4IP_ot-DE9rM{bu>wb!o1oD8YhGC(2qrQ$l
zpHd^i3|gy0&j#tgV#76Zy~?h=-S@)N^TD1kV>DE8G^e!34u10(f$sgxP~x6f*nKl{
z>TP-3Bkf0u*Dt(!{PBRZ3=jt-Ek(WA0&d=1c*nEo|CGFDFrc8`#rj=_hQQI(
z{;QUSk8CyJCh!Q7$ZQe0;0WP(z<3|cgsBCtKQ%vMIZ1%0JSQc+MH$b39chJ6n(ZT0
zOkg@v#Uqt0(}t+)AT698!9V|cdys)27%_7CAhQrXO<+JLZN%%6XD}1IUxg{c?
ztw<6m`HnQ?K^tf1M8Y{aYAf1{-4Y4ppVz`vQ%MuMFv+
z7=w9NKGpVX3u|Zs(Zhg0R}3w3XdIBxVljS#?`zSHk(NFdK%i@kLb<3@2dp@m+m=tW
zGDZ+7gw_b0YIx8ljmBNEE?m;b0b<5=F5VpJ?}2#X9BOxUl;BnC^{Lw={dhBV|JkGMN6jN`?5afu?7n)1H`#{Z5QU4OZt~;QzzCQ?b@f04U79zE9wYH4t`mU
zl6_!{Qq#S-E!ut-fR1@my0w)iud~V{B?YPkhW%-#v&Sx-CRZmB-(J{7p4xm~Q5)~i
zRRW4pj1ge(flv!$h@^lOE?Aj8{|i_~f`LYS%w4SM?@1CL&?z}4<^J70Y5(YGw1d01$xN5vVzmklHbT0pXCu)^>U1&(hY&}XS9-J5qMkbL2t*oR+uJcwlEhUI!hrg1F0{MrM3^YxGSI>f&ba==($dwSF1GdcpHS+R%ErbsISp>ycm!t>F2>D
zbIq{T&qgm6M(&K_Kz
z%g?fJs>$dI1Qr-vqs2i-XF$VWo|kg?wQBs;rZ2YPO-As8b10-;19B}v!k(P3=j29|
zx78=Sg4W~r=us0t@~pfxO8Pe9E6TfGc>SsPOL#QRtZMzH0$_2CetnG`s_hHI?X!4d
zcRatZh@vo?29L8v;ZwZ(@ZsmQs2DU)8mDd$BqhUdA)l23KL{s_mUf@r9^p2h<^GFDB;89tBXDI=f4t;>R4@Vt?oOb}D!^%(*c=@h7I0&KMef-$e
z{HXtzBm5vRWqhI~9~vnbNowZz`+oj}4*L)DM;2K1kFUM|@Bs^|2?aAMIURvg{`G2k
zT*hx$9;rlekyZ_}cjc*@M_ZFt8TsV*7A!1GsG4s~wBcg#GYn%F4`bB@#8-uZ3qu+*
zoMtw$5;kGc0>=yVfZj9puwu8tGTD;a5E7k`Fl}|;@{XxZBeGE8Fec7h-9ID(G(HGu
zypwDV`L|C>9-&18;
zsPKb;SMvw%wr>QY{}Aa38#i~`tQ#~A@%za|`S=Mc4fHs&7t|f}4qRN)rxONL9&>id
z?>#21K90xdoUKuSZwp_UPmbqxO+NbNgOTgHskxob$GR5yc99#(4QM}R^FrYcG|Qd)
zx~5d#{6j@_L6XjJ*C<*deS-OHs)GI$?FcydI*Z3OMBSwv_pcV9Xt+5IZs^+>^|Mg*?gLR)oUspkO_65k~5ly7>kzO_t{Rs}!)OYWE+YR(VVmju1WCb&+JUdxx
zZtnNFvKEHbuRBlV6cnhdC&8yCuiC$x(kQDH6UId(-ZFm!YV7r;))>jF&^p7aWe*xkLo7NB(*iVN@`0LuKK
znG+10gZ(Z1doSnTfBAw3sw1R?jFLIVMU^JRzk9bKs9zqqzW#`BD>70M9%=wNu>$%R
ziXK|^aGrg-#BOp90YNu!3f*;?!qQAmh>P;|MIqj07~vb+IVqEKM?ER*V%y(6^lYF@
z`Ym3X4gd=&6IJ-jANS&N(g5SVZwmhx_}=@W0>xW`1qJ*&#IZVi0pd|$jb`@RdD__0
z^geZx9rX?fu%smHRf$n9n1;{mspQk$%4D&&i1qAJag0_D1eNrvl)h}wk00Q>vWm>w
zNp@enY&lf;Y>5YyYd~vHeR(kSoDRq;pe|UrxV|m!46VKvW9?{C^#wO)uK6CcU8fKEV$GTjjGAZ>4
zNIGz&rtj1oFY=^MjZ+;L9Ro%8;rMFPN9UxZq=Cbd8vB*Gjuc`$TS2&#ND58HS9?`J
zcd$tHjcdueT_@_?5L9Gt0WWE5ZzpA7=-6>u
z{CQb2FP4*iqEm9U7SRKbE>IId^ILD$!5F0)7PQk~IW-L=F3h5C`*3X0>O67%F%egS?VPyEKo
zMVDGu5*e9upaPTScvWY)stD-qxU?fp&-%Z!n0>U0kSc-M&RiErt#JM|JhN$341l;;#XR?f`-k+Z*W%BZ!xhfp`oEMG3qkboH$qj<$n7Oh6jUm
zsojrX#HDlvjUB)Y(g3)9Zf?zkVNcP2tm|Y5anN6|af)XrRkSr;mBlsM%%c^XmBWj;SfV=A
z)uOQW9qyj4P%1%9e+PS;UW#+`>U^tOpF?(7Ma*Hjgi4|y1{l;n*Sw99yyGarK-H#ErDlpiJUSic0^l?13~Jk27+tSSq5
zLqdU$m=`oX1RXEP96afvvtfn?2|@Q(L2neJxIf@N{)9^CT=DUlTh0xB|Bjn-H?4Ht
z5ojuzfpRd}_!IbnA765mz&8rWou?KS8#90Z<$9FlQYPpQOA|^=#TruJ(nLJT9JXE!Vys8
zQ%giuJ@2u;6{t|s4co$8w-L0N}M~5lANQSd-v*l(5
zG#sz+6w^o*)1p0?XlcVh!du>b%b&UOhLTdtyCa}nX!6%^4~50+gQ2T3kTtGP4BeoK
z>|Z^3KI7?QA|J=+W*9pN&@$g6a8&aLlCD=dBktL`UhV==7ck<
z#Q5j111YUhk1@IwX51(wg&Ki+KHhePd&>)AsA8}5{$?g_
z6%O*gtVbbW2eV12|AWaEtb}muf3rsXaJxOR#=2kxh`vZ&^5*l+U8=G(;@ytCIK+_+`iF8C}Gd5r9hMIxyRFfdyC5@
zthcHqrhrc%fJWR|Rsj)vgoHS>Y|VGgH&%gJb!++6t5>Q0OGxmEX?v_(PEBkGf-i%L
z4@faA=)9#Ze87=YHS`gro8`y3Wd-(1#Sd4si!EuOD@_R5_Zk{znrOge9Ir0ff%<|R
za4vknD_5?F+{Qf?IaXG(ao`B8yDH|lw=%0%RpNkk<@toix|^ItRD`5aJpnb#ApUbg
zN7rQ1ochqvG+zVznxhNE#7as^IH&t9=%FN`c$J0ar3heK_$U;+%YtNwp)(KwSG*|12dVWl!IJ);$wt_P>0lOMUe{6P;U6Moa
zJe&1NZM9A%KAXG`dcr$Mo&`iZyk0x&x8Pf(yy#3wfn+(&dGLS&^)4%m2<`-;m*^h{O&t1TPs6)N!j7?=Ozg0s~to`3?=-ESfNi}rZ!Lw{*dYc$teU$oerX2jq66T
z=WH&nw(lq<_2nhgaYt)%QE*+p9CX#9;l+0Uu$WRLqk>{HZAs+x1#6RG8)U$~atGsi
ze8Nh*#Mu>gU7na**51dqPLS6}^)eZvR5bNDUZsL?AEqECpX0m;Su;~pJ1cMnSMN^|
z0I2?r3!PWWFL7|NLNF`jc8cs4mXrYG2wOS>JCP#TNOFpI8v#_Mr8QiFh*|Ix=iE>;
z>r8wiqY^=D%*WZp($U3u{TA3%mCFxjk`v?QYqXng7)K7X_6A}jbrx!@Ou
z!GC}t@?71yQycW*_U+qc?tQ{X5Y~v?hhzy9q}wGCWEJp+gINOl(&wP#Afg8e@nD?j
zM0{zO@EG5^H5E$&@Xk>pN%aiaKg~xB5an^;?J)uZna7VG=h8_2Ztal39yHK#|NhGn
z3Hr>*P&x~xW9mOYrilw6(LkVZ5->9Lqz6s?P3+Y|bpuh)a}{OAlO~vN?rPfp8W71H
zFLS1HmAobk~pKVpjpOjn=
zMJ|ZRwkCzIScz{rUn|`VNt|?11)#nmL{R*Y7h1!pyBbb0DxzT5>kJd!;nm
z_zLUxp20CW&WJfEZ$QXVn!5$U)Q#O?8#b8!!7wTd&%H}FCltIP7Z~K_>x&W&K$r+I
zI)j1TSxbi?f<%~97}?apa^~jgJ;M9RgNr%Uhuk3JK{m`XekI&qCGg1OJwO~wD5cl7
z@@kWJA2n?J>CnLh4&x9WQ+cDQS~R);!n6MyYx>OaXU(2`yx=$M*{_VMoz0Fe{o%E9
z(iC0nwV*D!q7QCvn5Y0_YEtsWyoYa}77ZCDthY`=Mnu2uc-7uSnR!Z(Mg}4cdht@K
zL_G@4uNMp;gH48?(#QMEYed+q{Puff!Uidwq^0@A@%>V*4>@{70F7o|Q+#0Wx^e$L
zIRsR{fc_7Y*FGuAR#XT$Z^LRwyvfOuhjV~gz-R>CXeQBe
z4th1!nra00Ee?QvRX#AiB~X;pJvjI*%jbxv-+Ju$fCL9e;Wuq|t|BZ9g@V}tM0dDE
zL`6%`W;&;Iu>%wy;qF2AUUM;E<1y0?BCzrIzBH(PekkVK{%M$`0jUZT6UNK?
z_h9KZ5OGP{uk|~9vv9TVyW1abg_P`S>bMucoLYm@*brvmhF)c8*iCK&5KE^i0hJ~=
z-oeAVu(~S$1h#9zY(X$&za}cH_#$e#Zw5ff`p(6HS?+Z!M5yVwpWD&V^+|Nh_d2Vc
z8?=cfD)W&#wISIX&C$;k4f-_9{>m|Evt7Ua@$nP!>DUf+tMz7M(l#WGb#)7ii_Y%4
z3*PK(jtWEO*fO6*+#f`xTFDI51oW$cW-YHbSC14
zwfoZ#w6~A;yuzN5b0FmVQh!b8-%oG*JT0Py;JEqvU*VJj!KnoW=f3QLZb_mIwxI&&ni%ID+|9bSw$^
z2+0Bo=p|3%+nqYhgrFLHuE+*|_D-pkQ66X1q7QG91ePo;EKoZ#@$vD!fk&A{OQD8C
ziNv~PSQ6w{SEP`jE71o1fGF}i{{vEt^MCpcY%u?U5&GkN>-i9$LP+&5jtFsN`ER5%
z1ZWl4W@1xs8(u_Mjl;CkGpb|-hNaYhd9gF)%=65PRT$7nxW?&Pv;2$uinRBt2iI>V
z3c*fAgDvfdz)k00YK*FA_e_%j#uoM;H1+2g|LVcix2|~ndAMGK>kL6KYxpua%wJcG
z`yO}7_ZSXR?$v!s1wBh0=T5BtW%@eQ7ngDTg2CrroREzF>G{r$Z&~D{)>Htb0w8VB
z79hmZXOS8U^M6Z54ETM@xRdCQ0oOyT{VuBA(4s;g^_wW
zO7`|wp>7&^8lK+Ff@>r6S=bdsx{Zy^hHWb@%n*ctf_)^yKCM+ZJsYBRbh^6`#SAi|
z#?J|Ctw7cw=?Di02Rho2nEd+I$A&{_Qh>_cAjd20IxG0m
zl72eiUxsaJFl*ijQGw@OWET9}5L~UOVo86x_Fc|%Z?q&pHm8=eUb)oh+bFLm$jLL%rQki%MsY_uibRl<3fYmvYnjPtAsS
z1UTOZ1qFfEgYNGqaHnvwDc(bDSt02j0RzM1!&S*^UV9Auj*h5Y*FEH<;P({F`Q%2x
z1QPJ+cCwr8tm_l;Q-@7`F>q$8aJ*`eK+?`#&Q7tdI>u8s66!`n34-L2&M;WOVbZ=8
z1oCJ$ad8@eTtEsnQIQ3J3M*ffwkfsrlY
z3i#H`cGs%*7y-zdmtY|nDntJSAFeVIfe1?2?jJwuBaCl+yf-*tWK{vFc8D%bWERUV
zP4JyfLdvltHs>m5%_(gN@nCR;S=Y_xpHF(g_8AWU5$G&O2^v>
zhq>rdBM~;ae{3rrkf8j#=*
z6xrC=v_Mw-dX&#GCiF3&yg_stAU*km@6G`=o_Z$~H1hNkj<~RAOQ0$fRL(wUN8?r?
zKTROy(U>&TjxA7yPB1q&{>sVg)Q<
z_g@N~e9q~TzqP{<(d~Uoy)qvHp>`6PLiRJt&v&;P9;1Es44#9XjeOixEs{M({L�}&c0AmBe3)gBQ4+S#vTOh1L
zA*Ng~?h7$j?5&MQUAi5M%Dv9|^5skD>x$83&f`ugrj4KLA}%XQlvxps&d$gn05jl)
zVM2-^c?dkX2Mrs-@|@~s@&C|xwrs;P^Z&$&Aw5qCF+_&tm4Q~ZLMr*)0Fq{a_H`^vo#~|4*`Jq$I&`n;@}M#tRbnd~McyP(|
z&!L?LdvGIbh&fPwg-I2xW++r(8gCt{=OfQTwdeT`svI|NjFMBVSH@+E9w^wgSM5TD!-yi(oQrY>jf7V?**{00&ymD$(X$P(-+@bYW&J@V)
zh#M|ga9q|!6QO6OoX8wa3DexJutmHKVv>p#`k>Iws^8x~dpBLaU$0-X;X*YU2d
z9DOfn-5{3{01Chq;6&8=C$eZx`*;t-sjS$ZS@dV$0B}V09*IYFQegBiy}QstTe*dm
zTK3Y8B!cmL&0RKIpM5PI=a+VEdd}6bhipc7UtjR!FRyvRp<&tdA6Q$!GK$btOwH-%K7(Z(*VmXaEKlA)(L^%ewkjX7po`1#Be%fh2>5k{RED
zYhne;36>GyHxTvR+qZ9#SjG<@;`bLCqENmS@p$;O#9LrCBrXY5O-oC=tFKQC0~ySX
zkcTzA-CFYm4=>&q_>>#a(*L=U+|}99t_0C$$&lkzvBVk2Iq@5_oI%AMz{C?>Go!Q{DSz99|e$YVSlUF_KmG{0Bx-rTC_Jo~OSg5c|tVJ5~d9`9^
zMcy4i;4nD0o@|ZXdie0IYRavTFD+^y%mQ?iV!CnaDk{)E0~v#Ymew29arsmdH#avO
zePGdSpJD>tPxv%rC>Mo+GUzI?dVIxkI-H4czrCgq<(s0u=wme6&87sj50Yz|flxVF$;POi_F|O)-Z#LSTAIy{#$WQ7^@LwX7JgN-~kJOOw)FYN_eW26}L$
zuM(nt1XUi*cZc;7kkZ`~I*Vj}owzDHtBtvrhxqS$A12E~-$`WU5110WC<+W5WHmtOanDjmRGon>
z?d-x@(M=fMFyXjl_C5u?SSr;5{i>-(vrQbh>Ut-^s%5zrTflPi1Qf?
zrzCCMX#qvJSNa;|zghs{E97|`W~}w+uoBb9zFXH5CynA#9?FVbL6u-1${+N!x|%!;
zZ9jQfRSZ*kg1~laaEhG`5s^jFJoab~NKS!EF8gi=!vkD63%S<+&t#m?3>Vannwlj&
zOFyhcAaVxX0A!(uuKmIh1o204$~y7J)_O9q&i40lucBTgBm{sL
zaw6GdRZdHbYjJ6@)Pd$#>?I6nq=6VX>;6$TCoFjJ?U5-rIS-Y2{q42x|KjjO
z^cOJYKwdg&2{Vhhrf3hW4#BXFtS%NDLg#3@g{U**e*#B7Qv5I1u*>`UGQ@G+l|Nn?
zsa#rG6m;7(vF;e9C0nx^Jcp`&a*PeC+~zbMO$mwv&~sqzA33DD!x2DAiSxb2;=Z=F
zUu>)p#Mf6hg!=P1P=q(>ysj_jZAec|B}LcF&%^#M{-gJ>eCfD#5c7-ODy2;V&^>~N
zcP!RDs;w|lD%*Q?I<2n9p7)qPg$3?crxBDnndAIScharM$Oymv)BgPbkX-T-
zM$gs0mmA^ve$#r+7ryGrB#gOYLcd4Hd5`KWa{_C30R)f{5wllYv!=eLm@6o-c`8Q8
z1BOTOGA`phDglK$f@Iwe4*1dYIc;O1LqiXx%AUrI&dI{KhLqlk!u)e+WUO;*h2hE&6Z)*dxnfgo%ak{T_FK^6)?(+>Ru994qy4>%sOh$*
zI)ckrwzY(Ma!Q^%!X;1lIUxk?@CpX!g9{fyIfHF5QNsZ-9UEW2x)zQ|c8-1`!z)`dQiG8wXe%KdCXi9lfffmS16?N4{(-^d?%Szpb|3p!#`b#@J!Md)j?F
zoc5Qc`spTMD}avzwr++ok)}w{7{R8o(@u6w`0%)%sqSMSdw7zprt52OkFTBzS*O&H
zv3c^f^3GTAPq+PbhR%t5aU8=>UU*jFRI5m)5DsFE!ySS8uJII};R5rh24QQP=;%D`
zsBE2QP;Q!xvP(YC<0V*`jn*6fP45P^v$*?HuM&z}x49Z`i{`-r*zS^WizJY$bWDCb
z;1)s+I$3{80tZ&B-8`>a2r7(FPH7lHmFtR2u3zsC;9ddUMrE1N)a2Z`W|c+p--aOeDgmEGv+NR
zre$Ula>umsc`fa@vvYF7U%&C45Mu$11XKxt%qBse5aXYV=ojsDRK!tQunn?DMe#ykL$*F=UCaUuH*asIzi
z`BbMq!;uEc_V!r5>Bjp|@j*=avuDo~BqDEpls7b-e6cJ3bGwo<(8Jb^NQOh?LiM>i
zUz{IHJEgX%m_Yf_*)n0-u|Y**f)4acnj5oQ?4)p5Yay_yQ@G;eTVp_vdRJIT0lDYb
zCl&<1MYtAsh@!OD-E1m9?B&Ab&
zCe^s!bYF7ND?MjoY}~8eQf4McGGE)qiUw=dJ
zaWw>$XQe)|5Fa0&Nx7}2);w0_VI@EFhXkJNl-xocOm8k}OSe>c?3G`uR!d)U@`lT9
zh?bt$1;Ht(!#uaUm7vdw_`t&b0kFdw7*D5N31}GrCj%TX1mGfJ1h7)(c2p(}
z4sPiHI?mae?cxC=O8C$9qlJUAQhPr7UN-EgM+)1}QMmqS_`A;&lEw(!_WX6@k(8S@
zJ(qEdNS}d~N^$DV;2VLV%XIpRFpk*_ZZlQp62P&ZlS}#cWxAhadBeD9s7$Y8O
zWeuI!)p3-VtoTyAVzNH
z-L0C1@bGX%s0*^dhn7)c=TH@={}8|c6H&FW(|~2CdXmINi@wasX2jDBAN!C#B}y-+
z1vX*G1BsyZw+|oK!IqW2~^CN0aAE8VLD+||J8my|(3+J|xHT`3$Cyo=oc
zWM9gIR|H{zmn3{nJ*guUfh8XQB*o8v0qI*=TRR^-B%FIo+G*!TsTQP!u
z(0r7Km!M$Ka%*Jm>)@KLL6wLRc)~TL1
zK=T6G(a#XN7_nh-T>)0(twqL)2&a;%$b8;9clSMJr>0fEi3}GxPJ9
zNCsH4>lEH^xiTk3B(g(=MqiPMEL_4QHJoT=llwWDnae{`7$)YDW8amyC|F?w49Qgs
zPZ{XtjHqJ!B!XlzWQ+0Ew!1V03fitu$f0WCNJmzjsOJollty`_T^rE)1vN5#-^yUf
z9j-PzT{<-}p&R^j9Kk~e3U3JlA%nk?Sdapdn}3^9A<$8
z50Fn?$SK1jE{_}wGNf)iCh2o&l4B)Oof|8m>6%C*7f3BQQbJ8!&w>A=?zB8tuC7~P
zV;RTHYISO)mM3C@ofEqivYZjL{eunV@Auk!okPNBLXF2U{X3scPv3kDBv-6l53J!ySOK)b{<_V$p(j6t&a|<^JmGs-C{C
zuI>eWFJxtIj}vHtdWaRcIbc4-ybdX5HUlwKpEGBRN)^4*{qZ`4l-5;sn_K;aA&2qc
zyiBGSsYkUZ5%Pun{q&9|RzcLI*2s+%46|be{wPDD9ZCucTm6CGZL>Ch_6s@$b&EUh
ziD;kXqfHxYYemG^bo;Y*TDNVgJ*+t(anB|OCO0c?FIX`xZ=*4aQF`%5;vsDc=xF5u
zRCWwivyG6t7l(b>p%uAyO{|LaSBDzNI3b;6aykk<*M{geKu;iDdUJIxy
zgQ0c`3B+pe@XsqChcI4R5agoTJDQ-3u5W3`X1gfjx$m(Z@G>Bd-@dRPFtE(A75s%Q<;8UvQ
zD;e{YXchjLTgWz`BX09auCVoB*^3PbLkS$Vt|0Qg
zaed5viH{c|6F?#GM$&~JJpFf|r%_AR452Ccc%rZe^>EfJ0j*pVv_VJi6Li*ZN&m7q
zPR`V==rf~VqIZ%=8m-J)T7ayT0GK9V@{UeST+SV@230{L=%s7%ju(3~tfcm#Gim^7
z6)*y1L8)_J63h=PohzVP=HrXpx(~qpW&3r){ze)
zD|Mxf))CPhzt^kI@3
zo~gi8!27V0+UE3E6jfF~$H{EmK|3=yV+#`+7!Y7P
z?%J&y?Qq>2Hy~SPva!0jICkkaFQqZCh$E%Iqe7>qFz+r{FDL77Aj!we%k3TQA=gp|mA8lq=*x55!b^6JQSETn7gr^)`&7+=4(
zRW_d(yVX({O9g$HG97GaVIcC{sz?;F+e=3}j09jgZA*Wqf(%%e8S+7GQ@qFmAidtz
zjMJT<4uj03Lnip;rKJMh@w7o+0w
z{>+pcn3lC&93NEMf}@`OFbLW&_5-oR=n*2V`U4i0I`Cr-;1v|u*S?&u6@XPvR#Q_H
z*kgV?DJESD#G~1=J2xi_I$)S_^1M&NMcOH05a;u*N(kX)n$x>Rez;7`_N1*LnZXgY
z{f!WZS8{Df+lF8NhhAlwCFWSk)qKS!XE}A)r
z77l4tl=t0ngs!2^*WtxF%v_Ic1zt*r_cjZ8dTWFhTxc2oSjl2m@Z~akXXw&tw$E;2
zAw43CqLg8SyU=I^=_?3d)FTWJ_%|7?S^R;9h!kr>YYtI}
zW-Bjf?|Dw3K)?+(z&R9<9C2LOT3CrGCqyWi_`mk9@l~AU_#A|*jvtd$2&-5THCPlq
zM8eEQ4#0!kouR8ye7cg8C=EK?hbu)Uu*EFpdw61IbVmo$z%l{i3;wvhZ(juj1dudW
zaH>Lz=8R+OJ5I2#iu7+lSv8U$)7287G*aLxv*z&iNG4@AF~IL=;k+Dm^r1-j*s0{(
zw@Y8{@2y?*DKb|mPrBhF{!5HUm*iS@q4u^vGj*Rq$9vIz@X>ExeQGgU2D|uvccLtl
zp{1+ntgRWj-jZo}Txw_8N*UFA5j&3krjGuUe8$%`_(k6_yi*Y0Gq#BZtG0xU_%8fS
z863&mj$NgyMiLmErEk2h`D%ZkNVmD?ydhWU?_<4u^OFY`o3;JwxOfuHsvwpeHOqB>
zDlE)s_M686VuZn~MwxaUH#1aPt0Zj!0yUmG!mZOi3<|G?<;ULAoy
zv#;{Hzk%ROc00@Zi7NbiBv`4OtnhQculdiPu|M2^GYm#v!Tge)l$~P`558kNl@s+h
z;L7K{AN9tB6W8DH&)a?F9Gs;{PRlJP^*ukPMomYzr9IY#(qXF`6;=6ARu(_Xc^kD(
zZ51}&xDkw}MuHVUqPq?6me2djwDzX+u+Nj3%<`=E{K(GF!{xl>Sd)v)WR>tK*l%iu
z-gJi32>pE;`MeI(Wv5k7wHIn2i5u27C2#Lj+YnY6TWQaw>*adJUs5fsqb1V`Z_vMEzJ!}ISwx_J)U~4|!
zcEenL)~Jm@eXr~SxW*vFsn^>@)=L`Xix8klbj?wY1iRIjtdgVbk@jG&{b5UH;^`F)
z4c1lyfBu*38$0`C0Y9OcPUUYSd@{HeP}jYt^l1qPo`oGgVQ6^x{l4_{be<*H1Pt_W3NP7_
zSFAd#T6mot?kK;!E-!x$_7*Qqxp98R)a1Xt$V#3YxzOCuqv
z@V-rQ%TCEy-L`lMu{$9oUSGO=`5CO-z+oJK1NH0p>8|Lh9OWy7yVyU
zy#-j7S@%8sAT6n=ASqIc2m;b2Qi31|2-02B-60?$rF4Tbgi_MoN|zwr-6h@s{pig1
zd%wA6ypVyX?)#jx_gZVOrMvotN#<#c!EKf3s`Uq0%JCj_PBJ!JZ0Pp39F`vTTtZ6v
z+j?Rc$S;ku>o6k>)i=+DX`O|SqG%;MANSJoDJZaaGBL3heXEDNWC>|j7_0JH+fXO)
z%a;+a)$FV+_w>E7@$oltd5ZkZn%&%ntW3Qs_*hd`{p&oNIjkG%w!%&wRGGs5h0H#w_bk7DE2yM5
ztl?k1stXIKJ+?|U*ASdDRW(iku$H5*PS4DYfEnwU7-G2R+n3(1K
z3@OGGG2(Weq)8ndyp)$GWm8J4>zl~)WTs%D18zUu0&5mV5tNrNA4KkcjCLT2k{U>F
zNzc?7
zRM@2Van#za$mc2@0eBEKvJJV4^GS}A4c*=NkXi$&X%q%plHo4vPY?I@^uctYo#`ah
zh4I1t`;u$P7crVHCeL~T@8Fhr;9*IHFJ{(s6v$Y-s$66-r$LENxxm54*BO}0KHfaC
zzJhv&jk}F07aj&vwj)NDjkV{e@C~E>=8&wlwU=KMe<>;xkxa|#i=rXI_)m=U_v1*&
z<`x#Z=CYNp5uIO|YY9;ZmxIp)7EoYtK<|4RMmBF44v|+?m4e^NrqU9#w#F8$twoeq
z$ox~9htH6CfUSh`R`}Q8ApFeWTmi~!RaJQn4H0cGA?t#*$OZWHVqH%+%tp&!npXH_
z;L21mGv~clQDt0`9;yfo(rC#DAwwSNtUp-@Z{7ySD&3uMI=5m2oVO?!>tl5(ufp;%
zdQV9}m=tB}uzBVjeSUEbKqmk%!7WuHaHM4@2Apk)2uc32PmW>I{Ixc-4hlRPh3~bYI=s^}pZXw@R!iNuD@Z%6}
zcLv+29R03+jutyn?Jnm;RQgJCj6odeyO|BHHb#kWm9$M_X5pLD*l-9g5&QV!CWg{JZ;sJID2R9;X)14%gPg?B9QMFT+XrJ8beeK7}1KVz+6~n
zR4Omy{rkvop<((@&#iSpOt7_s1xrg?TOjOTnqhdUd3m8M4qJVUW6jO+m{e{b+)ocp
zDf0c`69z$!*;J{FO6fvVmz3^{7cT}+$HyzQsiUHzqy%_IRHRb`DL~Ux6UxfY?$bGC
zbZ^0)-^jV5LbYWT!ugU}4iVbAy54DNB4ySZfwYpJi(efEAAEZBwZas~QL#vMEq*Lm
z$yiB*i+uxKxZGwXY1&jOxb?JE(Uklm+dJ%D{%Ksspo<6b9w(yU)M$4gOf6EF}Cl{!$nC+slP=2N|1|-Yi^PAWxk&8L2_8=k~I4Wu*yNmOLgzwGnJUA
zC^17rj01f9@69!>MLieqzz|cc;!Z{QZKz#_s_f1$mljP+v@lK0%*GAk?qDg03EKZO
z4R>41w~WcLxR+Kbe5m(mEuI;HD!Yk*=2lhmSC{$St}dC#=+Yr`hygZ8Ir0?+U-T&E
z)eG9gZjgHo7h9*v8^U7RZCW&;Ge+8M!Ym;6Rs7ExmGS@lQ-?};gIrWkj|l96T__Tm
zD=I2ptElWdRV4-nVp~`cm9%rPvZ9=LSO98L9D3Y5s%>
zalz2g5F97oh2^ur(!N0)b8m@_*&%80Lw%Ho0MNM`rwiCaw3luTPr|N0|T#aGlacYZ2-s+GAnBOP9P-o
zrA66FKHS*vgPy;38q#oKNPsHC&Hdci?9G+Ys!VtH^Ls2T4D9S_Lwaj3^z>-9&i6I)
zQaELd!oepiqp&c%m&djk-W4ata(_izN7urMNq=RHdqJ6=osCW3YWgz&KOf5*&pPcMy`I!iwNK+^E+PW7<`Y;j}-XT<$UY*Z{Zyo|hjtBARCBxVC>r
zKLj47&^GkRCTJ8Xr4GfU=>t&B4KeYEgmX
z^MLUU`tDY&th$+cSPg2E&e#D3gy`;bXHMH#ZTBi8$oU*{hRoGeRY8&a&!t=0m^q8p#!hDo3XG?1@0)bONQ55?XE*ZHiHp4JtH6PSh>c4kP;+r
zJGc2}eu|%K |