From 3b3a7cb1378b26dc5deeb87a7e19ca179148a4c0 Mon Sep 17 00:00:00 2001
From: tiaraquan <tiaraquan@microsoft.com>
Date: Tue, 25 Oct 2022 15:40:24 -0700
Subject: [PATCH 01/93] License update.

---
 .../prepare/windows-autopatch-prerequisites.md            | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md
index cac236afd3..d5f7c38027 100644
--- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md
+++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md
@@ -34,7 +34,15 @@ Windows Autopatch is included with Window 10/11 Enterprise E3 or higher (user-ba
 | License | ID | GUID number |
 | ----- | ----- | ------|
 | [Microsoft 365 E3](/azure/active-directory/enterprise-users/licensing-service-plan-reference) | SPE_E3 | 05e9a617-0261-4cee-bb44-138d3ef5d965 |
+| [Microsoft 365 E3 (500 seats minimum_HUB)](/azure/active-directory/enterprise-users/licensing-service-plan-reference) | Microsoft_365_E3 | 0c21030a-7e60-4ec7-9a0f-0042e0e0211a |
+| [Microsoft 365 E3 - Unattended License](/azure/active-directory/enterprise-users/licensing-service-plan-reference) | SPE_E3_RPA1 | c2ac2ee4-9bb1-47e4-8541-d689c7e83371 |
 | [Microsoft 365 E5](/azure/active-directory/enterprise-users/licensing-service-plan-reference) | SPE_E5 | 06ebc4ee-1bb5-47dd-8120-11324bc54e06 |
+| [Microsoft 365 E5 (500 seats minimum)_HUB](/azure/active-directory/enterprise-users/licensing-service-plan-reference) | Microsoft_365_E5 | db684ac5-c0e7-4f92-8284-ef9ebde75d33 |
+| [Microsoft 365 E5 with calling minutes](/azure/active-directory/enterprise-users/licensing-service-plan-reference) | SPE_E5_CALLINGMINUTES | a91fc4e0-65e5-4266-aa76-4037509c1626 |
+| [Microsoft 365 E5 without audio conferencing](/azure/active-directory/enterprise-users/licensing-service-plan-reference) | SPE_E5_NOPSTNCONF | cd2925a3-5076-4233-8931-638a8c94f773 |
+| [Microsoft 365 E5 without audio conferencing (500 seats minimum)_HUB](/azure/active-directory/enterprise-users/licensing-service-plan-reference) | Microsoft_365_E5_without_Audio_Conferencing | 2113661c-6509-4034-98bb-9c47bd28d63c |
+| [TEST - Microsoft 365 E3](/azure/active-directory/enterprise-users/licensing-service-plan-reference) | SPE_E3_TEST | 23a55cbc-971c-4ba2-8bae-04cd13d2f4ad |
+| [TEST - Microsoft 365 E5 without audio conferencing](/azure/active-directory/enterprise-users/licensing-service-plan-reference) | SPE_E5_NOPSTNCONF_TEST | 1362a0d9-b3c2-4112-bf1a-7a838d181c0f |
 | [Windows 10/11 Enterprise E3](/azure/active-directory/enterprise-users/licensing-service-plan-reference) | WIN10_VDA_E3 | 6a0f6da5-0b87-4190-a6ae-9bb5a2b9546a |
 | [Windows 10/11 Enterprise E5](/azure/active-directory/enterprise-users/licensing-service-plan-reference) | WIN10_VDA_E5 | 488ba24a-39a9-4473-8ee5-19291e71b002 |
 | [Windows 10/11 Enterprise VDA](/windows/deployment/deploy-enterprise-licenses#virtual-desktop-access-vda) | E3_VDA_only | d13ef257-988a-46f3-8fce-f47484dd4550 |

From 25da8c447f81b6a397eff89b336c46435744d480 Mon Sep 17 00:00:00 2001
From: Sriraman M S <45987684+msbemba@users.noreply.github.com>
Date: Tue, 8 Nov 2022 22:29:24 +0530
Subject: [PATCH 02/93] Update wds-boot-support.md

Updated the document to represent  OS deployed vs boot image version as per the table

Per issue#https://github.com/MicrosoftDocs/windows-itpro-docs/issues/10973
---
 windows/deployment/wds-boot-support.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/wds-boot-support.md b/windows/deployment/wds-boot-support.md
index dfab934f9d..8685f727fd 100644
--- a/windows/deployment/wds-boot-support.md
+++ b/windows/deployment/wds-boot-support.md
@@ -26,7 +26,7 @@ When you PXE-boot from a WDS server that uses the **boot.wim** file from install
 
 ## Deployment scenarios affected
 
-The table below provides support details for specific deployment scenarios (Boot Image Version).
+The table below provides support details for specific deployment scenarios (The table represents OS Deployed (vertical) and Boot Image Version(Horizontal) ).
 
 ||Windows 10|Windows Server 2016|Windows Server 2019|Windows Server 2022|Windows 11|
 |--- |--- |--- |--- |--- |--- |

From 89be3fd385c05e2662114425f7450d618bd2c771 Mon Sep 17 00:00:00 2001
From: Sriraman M S <45987684+msbemba@users.noreply.github.com>
Date: Wed, 9 Nov 2022 11:19:44 +0530
Subject: [PATCH 03/93] Update windows/deployment/wds-boot-support.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 windows/deployment/wds-boot-support.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/wds-boot-support.md b/windows/deployment/wds-boot-support.md
index 8685f727fd..55b2a11be1 100644
--- a/windows/deployment/wds-boot-support.md
+++ b/windows/deployment/wds-boot-support.md
@@ -26,7 +26,7 @@ When you PXE-boot from a WDS server that uses the **boot.wim** file from install
 
 ## Deployment scenarios affected
 
-The table below provides support details for specific deployment scenarios (The table represents OS Deployed (vertical) and Boot Image Version(Horizontal) ).
+The table below provides support details for specific deployment scenarios. The table represents OS Deployed (vertical) and Boot Image Version (horizontal).
 
 ||Windows 10|Windows Server 2016|Windows Server 2019|Windows Server 2022|Windows 11|
 |--- |--- |--- |--- |--- |--- |

From e2cebd1778f275daa8fad9e2e70c2253270b248b Mon Sep 17 00:00:00 2001
From: Amy Zhou <amyzhou@microsoft.com>
Date: Fri, 11 Nov 2022 10:01:22 -0800
Subject: [PATCH 04/93] table change

---
 windows/deployment/do/mcc-isp-create-provision-deploy.md | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/windows/deployment/do/mcc-isp-create-provision-deploy.md b/windows/deployment/do/mcc-isp-create-provision-deploy.md
index 8781385544..f6afcf07ca 100644
--- a/windows/deployment/do/mcc-isp-create-provision-deploy.md
+++ b/windows/deployment/do/mcc-isp-create-provision-deploy.md
@@ -98,9 +98,8 @@ There are five IDs that the device provisioning script takes as input in order t
 |---|---|
 | Customer ID | The Azure subscription ID that the cache node is created in. |
 | Cache node ID | The unique alphanumeric ID of the cache node being provisioned. |
-| Customer Key | The unique alphanumeric ID that provides secure authentication of the cache node to Delivery Optimization services. |
-| Cache node name | The name of the cache node. |
-| Tenant ID | The unique ID associated with the Azure account. |
+| Customer key | The unique alphanumeric ID that provides secure authentication of the cache node to Delivery Optimization services. |
+| Registration key | Single use device registration key used by Microsoft Delivery Optimization services. |
 
 :::image type="content" source="images/mcc-isp-deploy-cache-node-numbered.png" alt-text="Screenshot of the server provisioning tab within cache node configuration in Azure portal.":::
 

From 3032b04c2567878417e4890ae7260557a0a4d1a5 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Tue, 22 Nov 2022 14:28:02 -0500
Subject: [PATCH 05/93] updates

---
 windows/security/docfx.json                   |   8 +-
 .../access-control/access-control.md          | 104 +++----
 .../access-control/local-accounts.md          | 253 +++++++-----------
 .../additional-mitigations.md                 |  13 +-
 .../credential-guard-considerations.md        |  16 +-
 .../credential-guard-how-it-works.md          |  16 +-
 .../credential-guard-known-issues.md          |  16 +-
 .../credential-guard-manage.md                |  19 +-
 ...redential-guard-not-protected-scenarios.md |  17 +-
 .../credential-guard-protection-limits.md     |  45 ++--
 .../credential-guard-requirements.md          |  22 +-
 .../credential-guard-scripts.md               |  33 +--
 .../credential-guard/credential-guard.md      |  21 +-
 .../credential-guard/dg-readiness-tool.md     |  20 +-
 14 files changed, 210 insertions(+), 393 deletions(-)

diff --git a/windows/security/docfx.json b/windows/security/docfx.json
index b923e0d70f..bb2804df03 100644
--- a/windows/security/docfx.json
+++ b/windows/security/docfx.json
@@ -65,13 +65,15 @@
     },
     "fileMetadata": {
       "author":{
-        "/identity-protection/hello-for-business/*.md": "paolomatarazzo"
+        "identity-protection/**/*.md": "paolomatarazzo"
       },
       "ms.author":{
-        "/identity-protection/hello-for-business/*.md": "paoloma"
+        "identity-protection/**/*.md": "paoloma"
       },
       "ms.reviewer":{
-        "/identity-protection/hello-for-business/*.md": "erikdau"
+        "identity-protection/hello-for-business/*.md": "erikdau",
+        "identity-protection/credential-guard/*.md": "zwhittington",
+        "identity-protection/access-control/*.md": "sulahiri"
       }
     },
     "template": [],
diff --git a/windows/security/identity-protection/access-control/access-control.md b/windows/security/identity-protection/access-control/access-control.md
index f900a31aa3..deea4c3766 100644
--- a/windows/security/identity-protection/access-control/access-control.md
+++ b/windows/security/identity-protection/access-control/access-control.md
@@ -1,19 +1,12 @@
 ---
-title: Access Control Overview (Windows 10)
-description: Access Control Overview
+title: Access Control Overview
+description: Description of the access controls in Windows, which is the process of authorizing users, groups, and computers to access objects on the network or computer.
 ms.prod: windows-client
-author: paolomatarazzo
-ms.author: paoloma
-ms.reviewer: sulahiri
-manager: aaroncz
-ms.collection: 
-  - M365-identity-device-management
 ms.topic: article
-ms.localizationpriority: medium
-ms.date: 07/18/2017
+ms.date: 11/22/2022
 appliesto: 
-  - ✅ <b>Windows 10</b>
-  - ✅ <b>Windows Server 2016</b>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
+- ✅ <a href=https://learn.microsoft.com/en-us/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
 ms.technology: itpro-security
 ---
 
@@ -21,89 +14,66 @@ ms.technology: itpro-security
 
 This topic for the IT professional describes access control in Windows, which is the process of authorizing users, groups, and computers to access objects on the network or computer. Key concepts that make up access control are permissions, ownership of objects, inheritance of permissions, user rights, and object auditing.
 
-## <a href="" id="bkmk-over"></a>Feature description
-
+## Feature description
 
 Computers that are running a supported version of Windows can control the use of system and network resources through the interrelated mechanisms of authentication and authorization. After a user is authenticated, the Windows operating system uses built-in authorization and access control technologies to implement the second phase of protecting resources: determining if an authenticated user has the correct permissions to access a resource.
 
-Shared resources are available to users and groups other than the resource’s owner, and they need to be protected from unauthorized use. In the access control model, users and groups (also referred to as security principals) are represented by unique security identifiers (SIDs). They are assigned rights and permissions that inform the operating system what each user and group can do. Each resource has an owner who grants permissions to security principals. During the access control check, these permissions are examined to determine which security principals can access the resource and how they can access it.
+Shared resources are available to users and groups other than the resource's owner, and they need to be protected from unauthorized use. In the access control model, users and groups (also referred to as security principals) are represented by unique security identifiers (SIDs). They are assigned rights and permissions that inform the operating system what each user and group can do. Each resource has an owner who grants permissions to security principals. During the access control check, these permissions are examined to determine which security principals can access the resource and how they can access it.
 
 Security principals perform actions (which include Read, Write, Modify, or Full control) on objects. Objects include files, folders, printers, registry keys, and Active Directory Domain Services (AD DS) objects. Shared resources use access control lists (ACLs) to assign permissions. This enables resource managers to enforce access control in the following ways:
 
--   Deny access to unauthorized users and groups
-
--   Set well-defined limits on the access that is provided to authorized users and groups
+- Deny access to unauthorized users and groups
+- Set well-defined limits on the access that is provided to authorized users and groups
 
 Object owners generally grant permissions to security groups rather than to individual users. Users and computers that are added to existing groups assume the permissions of that group. If an object (such as a folder) can hold other objects (such as subfolders and files), it is called a container. In a hierarchy of objects, the relationship between a container and its content is expressed by referring to the container as the parent. An object in the container is referred to as the child, and the child inherits the access control settings of the parent. Object owners often define permissions for container objects, rather than individual child objects, to ease access control management.
 
 This content set contains:
 
--   [Dynamic Access Control Overview](dynamic-access-control.md)
-
--   [Security identifiers](security-identifiers.md)
-
--   [Security Principals](security-principals.md)
-
-    -   [Local Accounts](local-accounts.md)
-
-    -   [Active Directory Accounts](active-directory-accounts.md)
-
-    -   [Microsoft Accounts](microsoft-accounts.md)
-
-    -   [Service Accounts](service-accounts.md)
-
-    -   [Active Directory Security Groups](active-directory-security-groups.md)
-
-## <a href="" id="bkmk-app"></a>Practical applications
+- [Dynamic Access Control Overview](dynamic-access-control.md)
+- [Security identifiers](security-identifiers.md)
+- [Security Principals](security-principals.md)
+  - [Local Accounts](local-accounts.md)
+  - [Active Directory Accounts](active-directory-accounts.md)
+  - [Microsoft Accounts](microsoft-accounts.md)
+  - [Service Accounts](service-accounts.md)
+  - [Active Directory Security Groups](active-directory-security-groups.md)
 
+## Practical applications
 
 Administrators who use the supported version of Windows can refine the application and management of access control to objects and subjects to provide the following security:
 
--   Protect a greater number and variety of network resources from misuse.
-
--   Provision users to access resources in a manner that is consistent with organizational policies and the requirements of their jobs.
-
--   Enable users to access resources from a variety of devices in numerous locations.
-
--   Update users’ ability to access resources on a regular basis as an organization’s policies change or as users’ jobs change.
-
--   Account for a growing number of use scenarios (such as access from remote locations or from a rapidly expanding variety of devices, such as tablet computers and mobile phones).
-
--   Identify and resolve access issues when legitimate users are unable to access resources that they need to perform their jobs.
+- Protect a greater number and variety of network resources from misuse.
+- Provision users to access resources in a manner that is consistent with organizational policies and the requirements of their jobs.
+- Enable users to access resources from a variety of devices in numerous locations.
+- Update users' ability to access resources on a regular basis as an organization's policies change or as users' jobs change.
+- Account for a growing number of use scenarios (such as access from remote locations or from a rapidly expanding variety of devices, such as tablet computers and mobile phones).
+- Identify and resolve access issues when legitimate users are unable to access resources that they need to perform their jobs.
 
 ## Permissions
 
-
 Permissions define the type of access that is granted to a user or group for an object or object property. For example, the Finance group can be granted Read and Write permissions for a file named Payroll.dat.
 
 By using the access control user interface, you can set NTFS permissions for objects such as files, Active Directory objects, registry objects, or system objects such as processes. Permissions can be granted to any user, group, or computer. It is a good practice to assign permissions to groups because it improves system performance when verifying access to an object.
 
 For any object, you can grant permissions to:
 
--   Groups, users, and other objects with security identifiers in the domain.
-
--   Groups and users in that domain and any trusted domains.
-
--   Local groups and users on the computer where the object resides.
+- Groups, users, and other objects with security identifiers in the domain.
+- Groups and users in that domain and any trusted domains.
+- Local groups and users on the computer where the object resides.
 
 The permissions attached to an object depend on the type of object. For example, the permissions that can be attached to a file are different from those that can be attached to a registry key. Some permissions, however, are common to most types of objects. These common permissions are:
 
--   Read
-
--   Modify
-
--   Change owner
-
--   Delete
+- Read
+- Modify
+- Change owner
+- Delete
 
 When you set permissions, you specify the level of access for groups and users. For example, you can let one user read the contents of a file, let another user make changes to the file, and prevent all other users from accessing the file. You can set similar permissions on printers so that certain users can configure the printer and other users can only print.
 
 When you need to change the permissions on a file, you can run Windows Explorer, right-click the file name, and click **Properties**. On the **Security** tab, you can change permissions on the file. For more information, see [Managing Permissions](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc770962(v=ws.11)).
 
-**Note**  
-Another kind of permissions, called share permissions, is set on the Sharing tab of a folder's **Properties** page or by using the Shared Folder Wizard. For more information see [Share and NTFS Permissions on a File Server](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754178(v=ws.11)).
-
- 
+> [!NOTE]
+> Another kind of permissions, called share permissions, is set on the Sharing tab of a folder's **Properties** page or by using the Shared Folder Wizard. For more information see [Share and NTFS Permissions on a File Server](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754178(v=ws.11)).
 
 ### Ownership of objects
 
@@ -115,7 +85,6 @@ Inheritance allows administrators to easily assign and manage permissions. This
 
 ## User rights
 
-
 User rights grant specific privileges and sign-in rights to users and groups in your computing environment. Administrators can assign specific rights to group accounts or to individual user accounts. These rights authorize users to perform specific actions, such as signing in to a system interactively or backing up files and directories.
 
 User rights are different from permissions because user rights apply to user accounts, and permissions are associated with objects. Although user rights can apply to individual user accounts, user rights are best administered on a group account basis. There is no support in the access control user interface to grant user rights. However, user rights assignment can be administered through **Local Security Settings**.
@@ -124,15 +93,10 @@ For more information about user rights, see [User Rights Assignment](/windows/de
 
 ## Object auditing
 
-
 With administrator's rights, you can audit users' successful or failed access to objects. You can select which object access to audit by using the access control user interface, but first you must enable the audit policy by selecting **Audit object access** under **Local Policies** in **Local Security Settings**. You can then view these security-related events in the Security log in Event Viewer.
 
 For more information about auditing, see [Security Auditing Overview](../../threat-protection/auditing/security-auditing-overview.md).
 
 ## See also
 
--   For more information about access control and authorization, see [Access Control and Authorization Overview](/previous-versions/windows/it-pro/windows-8.1-and-8/jj134043(v=ws.11)).
-
-
- 
-
+- For more information about access control and authorization, see [Access Control and Authorization Overview](/previous-versions/windows/it-pro/windows-8.1-and-8/jj134043(v=ws.11)).
diff --git a/windows/security/identity-protection/access-control/local-accounts.md b/windows/security/identity-protection/access-control/local-accounts.md
index 6d48d39a9a..7fa46f2d3f 100644
--- a/windows/security/identity-protection/access-control/local-accounts.md
+++ b/windows/security/identity-protection/access-control/local-accounts.md
@@ -1,71 +1,35 @@
 ---
-title: Local Accounts (Windows 10)
+title: Local Accounts
 description: Learn how to secure and manage access to the resources on a standalone or member server for services or users.
-ms.prod: windows-client
-author: paolomatarazzo
-ms.author: paoloma
-ms.reviewer: sulahiri
-manager: aaroncz
+ms.date: 22/11/2022
 ms.collection: 
-  - M365-identity-device-management
   - highpri
 ms.topic: article
-ms.localizationpriority: medium
-ms.date: 06/17/2022
 appliesto: 
-  - ✅ <b>Windows 10</b>
-  - ✅ <b>Windows 11</b>
-  - ✅ <b>Windows Server 2016</b>
-  - ✅ <b>Windows Server 2019</b>
-  - ✅ <b>Windows Server 2022</b>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
+- ✅ <a href=https://learn.microsoft.com/en-us/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
 ms.technology: itpro-security
 ---
 
 # Local Accounts
 
-This reference article for IT professionals describes the default local user accounts for servers, including how to manage these built-in accounts on a member or standalone server. 
+This article describes the default local user accounts for Windows operating systems, and how to manage the built-in accounts on a member or standalone workstation/server.
 
-## <a href="" id="about-local-user-accounts-"></a>About local user accounts
+## About local user accounts
 
-Local user accounts are stored locally on the server. These accounts can be assigned rights and permissions on a particular server, but on that server only. Local user accounts are security principals that are used to secure and manage access to the resources on a standalone or member server for services or users.
+Local user accounts are stored locally on the device. These accounts can be assigned rights and permissions on a particular device, but on that device only. Local user accounts are security principals that are used to secure and manage access to the resources on a standalone or member server for services or users.
 
-This article describes the following:
+## Default local user accounts
 
--   [Default local user accounts](#sec-default-accounts)
+The *default local user accounts* are built-in accounts that are created automatically when the operating system is installed. The default local user accounts can't be removed or deleted and don't provide access to network resources.
 
-    -   [Administrator account](#sec-administrator)
+Default local user accounts are used to manage access to the local device's resources based on the rights and permissions that are assigned to the account. The default local user accounts, and the local user accounts that you create, are located in the *Users* folder. The Users folder is located in the Local Users and Groups folder in the local *Computer Management* Microsoft Management Console (MMC). *Computer Management* is a collection of administrative tools that you can use to manage a single local or remote device.
 
-    -   [Guest Account](#sec-guest)
+Default local user accounts are described in the following sections. Expand each section for more information.
 
-    -   [HelpAssistant account (installed by using a Remote Assistance session)](#sec-helpassistant)
-
-    -   [DefaultAccount](#defaultaccount)
-
--   [Default local system accounts](#sec-localsystem)
-
--   [How to manage local accounts](#sec-manage-accounts)
-
-    -   [Restrict and protect local accounts with administrative rights](#sec-restrict-protect-accounts)
-
-    -   [Enforce local account restrictions for remote access](#sec-enforce-account-restrictions)
-
-    -   [Deny network logon to all local Administrator accounts](#sec-deny-network-logon)
-
-    -   [Create unique passwords for local accounts with administrative rights](#sec-create-unique-passwords)
-
-For information about security principals, see [Security Principals](security-principals.md).
-
-## <a href="" id="sec-default-accounts"></a>Default local user accounts
-
-The default local user accounts are built-in accounts that are created automatically when you install Windows. 
-
-After Windows is installed, the default local user accounts can't be removed or deleted. In addition, default local user accounts don't provide access to network resources.
-
-Default local user accounts are used to manage access to the local server’s resources based on the rights and permissions that are assigned to the account. The default local user accounts, and the local user accounts that you create, are located in the Users folder. The Users folder is located in the Local Users and Groups folder in the local Computer Management Microsoft Management Console (MMC). Computer Management is a collection of administrative tools that you can use to manage a single local or remote computer. For more information, see [How to manage local accounts](#sec-manage-accounts) later in this article.
-
-Default local user accounts are described in the following sections.
-
-### <a href="" id="sec-administrator"></a>Administrator account
+<br>
+<details>
+<summary><b>Administrator</b></summary>
 
 The default local Administrator account is a user account for the system administrator. Every computer has an Administrator account (SID S-1-5-*domain*-500, display name Administrator). The Administrator account is the first account that is created during the Windows installation.
 
@@ -99,7 +63,10 @@ In this case, Group Policy can be used to enable secure settings that can contro
 >
 > - Even when the Administrator account has been disabled, it can still be used to gain access to a computer by using safe mode. In the Recovery Console or in safe mode, the Administrator account is automatically enabled. When normal operations are resumed, it is disabled. 
 
-### <a href="" id="sec-guest"></a>Guest account
+</details>
+<br>
+<details>
+<summary><b>Guest</b></summary>
 
 The Guest account is disabled by default on installation. The Guest account lets occasional or one-time users, who don't have an account on the computer, temporarily sign in to the local server or client computer with limited user rights. By default, the Guest account has a blank password. Because the Guest account can provide anonymous access, it's a security risk. For this reason, it's a best practice to leave the Guest account disabled, unless its use is entirely necessary.
 
@@ -113,8 +80,11 @@ When enabling the Guest account, only grant limited rights and permissions. For
 
 In addition, the guest user in the Guest account shouldn't be able to view the event logs. After the Guest account is enabled, it's a best practice to monitor the Guest account frequently to ensure that other users can't use services and other resources. This includes resources that were unintentionally left available by a previous user.
 
-## <a href="" id="sec-helpassistant"></a>HelpAssistant account (installed with a Remote Assistance session)
+</details>
 
+<br>
+<details>
+<summary><b>HelpAssistant</b></summary>
 
 The HelpAssistant account is a default local account that is enabled when a Remote Assistance session is run. This account is automatically disabled when no Remote Assistance requests are pending.
 
@@ -124,9 +94,9 @@ HelpAssistant is the primary account that is used to establish a Remote Assistan
 
 The SIDs that pertain to the default HelpAssistant account include:
 
--   SID: S-1-5-&lt;domain&gt;-13, display name Terminal Server User. This group includes all users who sign in to a server with Remote Desktop Services enabled. Note: In Windows Server 2008, Remote Desktop Services is called Terminal Services.
+- SID: `S-1-5-<domain>-13`, display name Terminal Server User. This group includes all users who sign in to a server with Remote Desktop Services enabled. Note: In Windows Server 2008, Remote Desktop Services is called Terminal Services.
 
--   SID: S-1-5-&lt;domain&gt;-14, display name Remote Interactive Logon. This group includes all users who connect to the computer by using a remote desktop connection. This group is a subset of the Interactive group. Access tokens that contain the Remote Interactive Logon SID also contain the Interactive SID.
+- SID: `S-1-5-<domain>-14`, display name Remote Interactive Logon. This group includes all users who connect to the computer by using a remote desktop connection. This group is a subset of the Interactive group. Access tokens that contain the Remote Interactive Logon SID also contain the Interactive SID.
 
 For the Windows Server operating system, Remote Assistance is an optional component that isn't installed by default. You must install Remote Assistance before it can be used.
 
@@ -145,7 +115,11 @@ For details about the HelpAssistant account attributes, see the following table.
 |Safe to move out of default container?|Can be moved out, but we don't recommend it.|
 |Safe to delegate management of this group to non-Service admins?|No|
 
-### DefaultAccount
+</details>
+
+<br>
+<details>
+<summary><b>DefaultAccount</b></summary>
 
 The DefaultAccount, also known as the Default System Managed Account (DSMA), is a built-in account introduced in Windows 10 version 1607 and Windows Server 2016. 
 The DSMA is a well-known user account type. 
@@ -169,10 +143,10 @@ Today, Xbox automatically signs in as Guest account and all apps run in this con
 All the apps are multi-user-aware and respond to events fired by user manager. 
 The apps run as the Guest account.
 
-Similarly, Phone auto logs in as a “DefApps” account, which is akin to the standard user account in Windows but with a few extra privileges. Brokers, some services and apps run as this account. 
+Similarly, Phone auto logs in as a *DefApps* account, which is akin to the standard user account in Windows but with a few extra privileges. Brokers, some services and apps run as this account. 
 
 In the converged user model, the multi-user-aware apps and multi-user-aware brokers will need to run in a context different from that of the users. 
-For this purpose, the system creates DSMA. 
+For this purpose, the system creates DSMA.
 
 #### How the DefaultAccount gets created on domain controllers
 
@@ -182,25 +156,37 @@ If the domain was created with domain controllers running an earlier version of
 #### Recommendations for managing the Default Account (DSMA)
 
 Microsoft doesn't recommend changing the default configuration, where the account is disabled. There's no security risk with having the account in the disabled state. Changing the default configuration could hinder future scenarios that rely on this account.
+</details>
 
-## <a href="" id="sec-localsystem"></a>Default local system accounts
+## Default local system accounts
 
-### SYSTEM
-The SYSTEM account is used by the operating system and by services running under Windows. There are many services and processes in the Windows operating system that need the capability to sign in internally, such as during a Windows installation. The SYSTEM account was designed for that purpose, and Windows manages the SYSTEM account’s user rights. It's an internal account that doesn't show up in User Manager, and it can't be added to any groups. 
+<br>
+<details>
+<summary><b>SYSTEM</b></summary>
+
+
+The *SYSTEM* account is used by the operating system and by services running under Windows. There are many services and processes in the Windows operating system that need the capability to sign in internally, such as during a Windows installation. The SYSTEM account was designed for that purpose, and Windows manages the SYSTEM account's user rights. It's an internal account that doesn't show up in User Manager, and it can't be added to any groups. 
 
 On the other hand, the SYSTEM account does appear on an NTFS file system volume in File Manager in the **Permissions** portion of the **Security** menu. By default, the SYSTEM account is granted Full Control permissions to all files on an NTFS volume. Here the SYSTEM account has the same functional rights and permissions as the Administrator account.
 
 > [!NOTE]
 > To grant the account Administrators group file permissions does not implicitly give permission to the SYSTEM account. The SYSTEM account's permissions can be removed from a file, but we do not recommend removing them.
 
-### NETWORK SERVICE 
+</details>
+<br>
+<details>
+<summary><b>NETWORK SERVICE </b></summary>
+
 The NETWORK SERVICE account is a predefined local account used by the service control manager (SCM). A service that runs in the context of the NETWORK SERVICE account presents the computer's credentials to remote servers. For more information, see [NetworkService Account](/windows/desktop/services/networkservice-account).
+</details>
+<br>
+<details>
+<summary><b>LOCAL SERVICE</b></summary>
 
-### LOCAL SERVICE
 The LOCAL SERVICE account is a predefined local account used by the service control manager. It has minimum privileges on the local computer and presents anonymous credentials on the network. For more information, see [LocalService Account](/windows/desktop/services/localservice-account).
+</details>
 
-## <a href="" id="sec-manage-accounts"></a>How to manage local user accounts
-
+## How to manage local user accounts
 
 The default local user accounts, and the local user accounts you create, are located in the Users folder. The Users folder is located in Local Users and Groups. For more information about creating and managing local user accounts, see [Manage Local Users](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731899(v=ws.11)).
 
@@ -221,11 +207,11 @@ The simplest approach is to sign in to your computer with a standard user accoun
 
 The other approaches that can be used to restrict and protect user accounts with administrative rights include:
 
--   Enforce local account restrictions for remote access.
+- Enforce local account restrictions for remote access.
 
--   Deny network logon to all local Administrator accounts.
+- Deny network logon to all local Administrator accounts.
 
--   Create unique passwords for local accounts with administrative rights.
+- Create unique passwords for local accounts with administrative rights.
 
 Each of these approaches is described in the following sections.
 
@@ -274,57 +260,57 @@ The following table shows the Group Policy and registry settings that are used t
 
 3.  In the console tree, right-click **Group Policy Objects**, and &gt; **New**.
 
-    ![local accounts 1.](images/localaccounts-proc1-sample1.png)
+  ![local accounts 1.](images/localaccounts-proc1-sample1.png)
 
 4.  In the **New GPO** dialog box, type &lt;**gpo\_name**&gt;, and &gt; **OK** where *gpo\_name* is the name of the new GPO. The GPO name indicates that the GPO is used to restrict local administrator rights from being carried over to another computer.
 
-    ![local accounts 2.](images/localaccounts-proc1-sample2.png)
+  ![local accounts 2.](images/localaccounts-proc1-sample2.png)
 
 5.  In the details pane, right-click &lt;**gpo\_name**&gt;, and &gt; **Edit**.
 
-    ![local accounts 3.](images/localaccounts-proc1-sample3.png)
+  ![local accounts 3.](images/localaccounts-proc1-sample3.png)
 
 6.  Ensure that UAC is enabled and that UAC restrictions apply to the default Administrator account by following these steps:
 
-    1.  Navigate to the Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\, and &gt; **Security Options**.
+  1.  Navigate to the Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\, and &gt; **Security Options**.
 
-    2.  Double-click **User Account Control: Run all administrators in Admin Approval Mode** &gt; **Enabled** &gt; **OK**.
+  2.  Double-click **User Account Control: Run all administrators in Admin Approval Mode** &gt; **Enabled** &gt; **OK**.
 
-    3.  Double-click **User Account Control: Admin Approval Mode for the Built-in Administrator account** &gt; **Enabled** &gt; **OK**.
+  3.  Double-click **User Account Control: Admin Approval Mode for the Built-in Administrator account** &gt; **Enabled** &gt; **OK**.
 
 7.  Ensure that the local account restrictions are applied to network interfaces by following these steps:
 
-    1.  Navigate to Computer Configuration\\Preferences and Windows Settings, and &gt; **Registry**.
+  1.  Navigate to Computer Configuration\\Preferences and Windows Settings, and &gt; **Registry**.
 
-    2.  Right-click **Registry**, and &gt; **New** &gt; **Registry Item**.
+  2.  Right-click **Registry**, and &gt; **New** &gt; **Registry Item**.
 
-        ![local accounts 4.](images/localaccounts-proc1-sample4.png)
+    ![local accounts 4.](images/localaccounts-proc1-sample4.png)
 
-    3.  In the **New Registry Properties** dialog box, on the **General** tab, change the setting in the **Action** box to **Replace**.
+  3.  In the **New Registry Properties** dialog box, on the **General** tab, change the setting in the **Action** box to **Replace**.
 
-    4.  Ensure that the **Hive** box is set to **HKEY\_LOCAL\_MACHINE**.
+  4.  Ensure that the **Hive** box is set to **HKEY\_LOCAL\_MACHINE**.
 
-    5.  Select (**…**), browse to the following location for **Key Path** &gt; **Select** for: **SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System**.
+  5.  Select (**…**), browse to the following location for **Key Path** &gt; **Select** for: **SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System**.
 
-    6.  In the **Value name** area, type **LocalAccountTokenFilterPolicy**.
+  6.  In the **Value name** area, type **LocalAccountTokenFilterPolicy**.
 
-    7.  In the **Value type** box, from the drop-down list, select **REG\_DWORD** to change the value.
+  7.  In the **Value type** box, from the drop-down list, select **REG\_DWORD** to change the value.
 
-    8.  In the **Value data** box, ensure that the value is set to **0**.
+  8.  In the **Value data** box, ensure that the value is set to **0**.
 
-    9.  Verify this configuration, and &gt; **OK**.
+  9.  Verify this configuration, and &gt; **OK**.
 
-        ![local accounts 5.](images/localaccounts-proc1-sample5.png)
+    ![local accounts 5.](images/localaccounts-proc1-sample5.png)
 
 8.  Link the GPO to the first **Workstations** organizational unit (OU) by doing the following:
 
-    1.  Navigate to the &lt;*Forest*&gt;\\Domains\\&lt;*Domain*&gt;\\OU path.
+  1.  Navigate to the &lt;*Forest*&gt;\\Domains\\&lt;*Domain*&gt;\\OU path.
 
-    2.  Right-click the **Workstations** OU, and &gt; **Link an existing GPO**.
+  2.  Right-click the **Workstations** OU, and &gt; **Link an existing GPO**.
 
-        ![local accounts 6.](images/localaccounts-proc1-sample6.png)
+    ![local accounts 6.](images/localaccounts-proc1-sample6.png)
 
-    3.  Select the GPO that you created, and &gt; **OK**.
+  3.  Select the GPO that you created, and &gt; **OK**.
 
 9.  Test the functionality of enterprise applications on the workstations in that first OU and resolve any issues caused by the new policy.
 
@@ -354,55 +340,33 @@ The following table shows the Group Policy settings that are used to deny networ
 
 #### To deny network logon to all local administrator accounts
 
-1.  Start the **Group Policy Management** Console (GPMC).
+1. Start the **Group Policy Management** Console (GPMC)
+1. In the console tree, expand &lt;*Forest*&gt;\\Domains\\&lt;*Domain*&gt;, and then **Group Policy Objects**, where *forest* is the name of the forest, and *domain* is the name of the domain where you want to set the Group Policy Object (GPO).
+1. In the console tree, right-click **Group Policy Objects**, and &gt; **New**.
+1. In the **New GPO** dialog box, type &lt;**gpo\_name**&gt;, and then &gt; **OK** where *gpo\_name* is the name of the new GPO indicates that it's being used to restrict the local administrative accounts from interactively signing in to the computer
+  ![local accounts 7.](images/localaccounts-proc2-sample1.png)
+1. In the details pane, right-click &lt;**gpo\_name**&gt;, and &gt; **Edit**
+  ![local accounts 8.](images/localaccounts-proc2-sample2.png)
+1. Configure the user rights to deny network logons for administrative local accounts as follows:
+1. Navigate to the Computer Configuration\\Windows Settings\\Security Settings\\, and &gt; **User Rights Assignment**
+1. Double-click **Deny access to this computer from the network**
+1. Select **Add User or Group**, type **Local account and member of Administrators group**, and &gt; **OK**
+1. Configure the user rights to deny Remote Desktop (Remote Interactive) logons for administrative local accounts as follows:
+1. Navigate to Computer Configuration\\Policies\\Windows Settings and Local Policies, and then select **User Rights Assignment**
+1. Double-click **Deny log on through Remote Desktop Services**
+1. Select **Add User or Group**, type **Local account and member of Administrators group**, and &gt; **OK**
+1. Link the GPO to the first **Workstations** OU as follows:
+  - Navigate to the &lt;*Forest*&gt;\\Domains\\&lt;*Domain*&gt;\\OU path
+  - Right-click the **Workstations** OU, and &gt; **Link an existing GPO**
+  - Select the GPO that you created, and &gt; **OK**
+1. Test the functionality of enterprise applications on the workstations in that first OU and resolve any issues caused by the new policy.
+1. Create links to all other OUs that contain workstations.
+1. Create links to all other OUs that contain servers.
 
-2.  In the console tree, expand &lt;*Forest*&gt;\\Domains\\&lt;*Domain*&gt;, and then **Group Policy Objects**, where *forest* is the name of the forest, and *domain* is the name of the domain where you want to set the Group Policy Object (GPO).
+  > [!NOTE]
+  > You might have to create a separate GPO if the user name of the default Administrator account is different on workstations and servers.
 
-3.  In the console tree, right-click **Group Policy Objects**, and &gt; **New**.
-
-4.  In the **New GPO** dialog box, type &lt;**gpo\_name**&gt;, and then &gt; **OK** where *gpo\_name* is the name of the new GPO indicates that it's being used to restrict the local administrative accounts from interactively signing in to the computer.
-
-    ![local accounts 7.](images/localaccounts-proc2-sample1.png)
-
-5.  In the details pane, right-click &lt;**gpo\_name**&gt;, and &gt; **Edit**.
-
-    ![local accounts 8.](images/localaccounts-proc2-sample2.png)
-
-6.  Configure the user rights to deny network logons for administrative local accounts as follows:
-
-    1.  Navigate to the Computer Configuration\\Windows Settings\\Security Settings\\, and &gt; **User Rights Assignment**.
-
-    2.  Double-click **Deny access to this computer from the network**.
-
-    3.  Select **Add User or Group**, type **Local account and member of Administrators group**, and &gt; **OK**. 
-
-7.  Configure the user rights to deny Remote Desktop (Remote Interactive) logons for administrative local accounts as follows:
-
-    1.  Navigate to Computer Configuration\\Policies\\Windows Settings and Local Policies, and then select **User Rights Assignment**.
-
-    2.  Double-click **Deny log on through Remote Desktop Services**.
-
-    3.  Select **Add User or Group**, type **Local account and member of Administrators group**, and &gt; **OK**. 
-
-8.  Link the GPO to the first **Workstations** OU as follows:
-
-    1.  Navigate to the &lt;*Forest*&gt;\\Domains\\&lt;*Domain*&gt;\\OU path.
-
-    2.  Right-click the **Workstations** OU, and &gt; **Link an existing GPO**.
-
-    3.  Select the GPO that you created, and &gt; **OK**.
-
-9.  Test the functionality of enterprise applications on the workstations in that first OU and resolve any issues caused by the new policy.
-
-10. Create links to all other OUs that contain workstations.
-
-11. Create links to all other OUs that contain servers.
-
-    > [!NOTE]
-    > You might have to create a separate GPO if the user name of the default Administrator account is different on workstations and servers.
-
-
-### <a href="" id="sec-create-unique-passwords"></a>Create unique passwords for local accounts with administrative rights
+### Create unique passwords for local accounts with administrative rights
 
 Passwords should be unique per individual account. While it's true for individual user accounts, many enterprises have identical passwords for common local accounts, such as the default Administrator account. This also occurs when the same passwords are used for local accounts during operating system deployments.
 
@@ -410,19 +374,6 @@ Passwords that are left unchanged or changed synchronously to keep them identica
 
 Passwords can be randomized by:
 
--   Purchasing and implementing an enterprise tool to accomplish this task. These tools are commonly referred to as "privileged password management" tools.
-
--   Configuring [Local Administrator Password Solution (LAPS)](https://www.microsoft.com/download/details.aspx?id=46899) to accomplish this task.
-
--   Creating and implementing a custom script or solution to randomize local account passwords.
-
-## <a href="" id="dhcp-references"></a>See also
-
-
-The following resources provide additional information about technologies that are related to local accounts.
-
--   [Security Principals](security-principals.md)
-
--   [Security Identifiers](security-identifiers.md)
-
--   [Access Control Overview](access-control.md)
+- Purchasing and implementing an enterprise tool to accomplish this task. These tools are commonly referred to as "privileged password management" tools
+- Configuring [Local Administrator Password Solution (LAPS)](https://www.microsoft.com/download/details.aspx?id=46899) to accomplish this task
+- Creating and implementing a custom script or solution to randomize local account passwords
diff --git a/windows/security/identity-protection/credential-guard/additional-mitigations.md b/windows/security/identity-protection/credential-guard/additional-mitigations.md
index 92b3296a71..62fc73012c 100644
--- a/windows/security/identity-protection/credential-guard/additional-mitigations.md
+++ b/windows/security/identity-protection/credential-guard/additional-mitigations.md
@@ -1,16 +1,11 @@
 ---
 title: Additional mitigations
 description: Advice and sample code for making your domain environment more secure and robust with Windows Defender Credential Guard.
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: paolomatarazzo
-ms.author: paoloma
-ms.reviewer: erikdau
-manager: aaroncz
-ms.collection: M365-identity-device-management
-ms.topic: article
 ms.date: 08/17/2017
-ms.technology: itpro-security
+ms.topic: article
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
+- ✅ <a href=https://learn.microsoft.com/en-us/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
 ---
 
 # Additional mitigations
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-considerations.md b/windows/security/identity-protection/credential-guard/credential-guard-considerations.md
index 69d69300a1..729349823b 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-considerations.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-considerations.md
@@ -1,21 +1,11 @@
 ---
 title: Advice while using Windows Defender Credential Guard (Windows)
 description: Considerations and recommendations for certain scenarios when using Windows Defender Credential Guard in Windows.
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: paolomatarazzo
-ms.author: paoloma
-ms.reviewer: erikdau
-manager: aaroncz
-ms.collection: M365-identity-device-management
-ms.topic: article
 ms.date: 08/31/2017
+ms.topic: article
 appliesto: 
-  - ✅ <b>Windows 10</b>
-  - ✅ <b>Windows 11</b>
-  - ✅ <b>Windows Server 2016</b>
-  - ✅ <b>Windows Server 2019</b>
-  - ✅ <b>Windows Server 2022</b>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
+- ✅ <a href=https://learn.microsoft.com/en-us/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
 ms.technology: itpro-security
 ---
 
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md b/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md
index 55fe9628bb..a44d84d5f4 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md
@@ -1,21 +1,11 @@
 ---
 title: How Windows Defender Credential Guard works
 description: Learn how Windows Defender Credential Guard uses virtualization to protect secrets, so that only privileged system software can access them.
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: paolomatarazzo
-ms.author: paoloma
-ms.reviewer: erikdau
-manager: aaroncz
-ms.collection: M365-identity-device-management
-ms.topic: article
 ms.date: 08/17/2017
+ms.topic: conceptual
 appliesto: 
-  - ✅ <b>Windows 10</b>
-  - ✅ <b>Windows 11</b>
-  - ✅ <b>Windows Server 2016</b>
-  - ✅ <b>Windows Server 2019</b>
-  - ✅ <b>Windows Server 2022</b>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
+- ✅ <a href=https://learn.microsoft.com/en-us/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
 ms.technology: itpro-security
 ---
 
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
index 2c5fe11327..0407517885 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
@@ -1,21 +1,11 @@
 ---
 title: Windows Defender Credential Guard - Known issues (Windows)
 description: Windows Defender Credential Guard - Known issues in Windows Enterprise
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: paolomatarazzo
-ms.author: paoloma
-ms.reviewer: erikdau
-manager: aaroncz
-ms.collection: M365-identity-device-management
-ms.topic: article
 ms.date: 01/26/2022
+ms.topic: article
 appliesto: 
-  - ✅ <b>Windows 10</b>
-  - ✅ <b>Windows 11</b>
-  - ✅ <b>Windows Server 2016</b>
-  - ✅ <b>Windows Server 2019</b>
-  - ✅ <b>Windows Server 2022</b>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
+- ✅ <a href=https://learn.microsoft.com/en-us/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
 ms.technology: itpro-security
 ---
 # Windows Defender Credential Guard: Known issues
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
index 33cab5403d..1a956703ff 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
@@ -1,25 +1,12 @@
 ---
 title: Manage Windows Defender Credential Guard (Windows)
 description: Learn how to deploy and manage Windows Defender Credential Guard using Group Policy, the registry, or hardware readiness tools.
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: paolomatarazzo
-ms.author: paoloma
-ms.reviewer: zwhittington
-manager: aaroncz
-ms.collection: 
-  - M365-identity-device-management
+ms.collection:
   - highpri
 ms.topic: article
-ms.custom: 
-  - CI 120967
-  - CSSTroubleshooting
 appliesto: 
-  - ✅ <b>Windows 10</b>
-  - ✅ <b>Windows 11</b>
-  - ✅ <b>Windows Server 2016</b>
-  - ✅ <b>Windows Server 2019</b>
-  - ✅ <b>Windows Server 2022</b>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
+- ✅ <a href=https://learn.microsoft.com/en-us/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
 ms.technology: itpro-security
 ---
 # Manage Windows Defender Credential Guard
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md b/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md
index 5ff4d5dadc..ae48c7a815 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md
@@ -1,22 +1,11 @@
 ---
 title: Windows Defender Credential Guard protection limits & mitigations (Windows)
 description: Scenarios not protected by Windows Defender Credential Guard in Windows, and additional mitigations you can use.
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: paolomatarazzo
-ms.author: paoloma
-ms.reviewer: erikdau
-manager: aaroncz
-ms.collection: M365-identity-device-management
-ms.topic: article
 ms.date: 08/17/2017
+ms.topic: article
 appliesto: 
-  - ✅ <b>Windows 10</b>
-  - ✅ <b>Windows 11</b>
-  - ✅ <b>Windows Server 2016</b>
-  - ✅ <b>Windows Server 2019</b>
-  - ✅ <b>Windows Server 2022</b>
-ms.technology: itpro-security
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
+- ✅ <a href=https://learn.microsoft.com/en-us/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
 ---
 
 # Windows Defender Credential Guard protection limits and mitigations
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md b/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md
index 6444af7ea5..79de8e7f00 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md
@@ -1,41 +1,30 @@
 ---
 title: Windows Defender Credential Guard protection limits (Windows)
 description: Some ways to store credentials are not protected by Windows Defender Credential Guard in Windows. Learn more with this guide.
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: paolomatarazzo
-ms.author: paoloma
-ms.reviewer: erikdau
-manager: aaroncz
-ms.collection: M365-identity-device-management
-ms.topic: article
 ms.date: 08/17/2017
+ms.topic: article
 appliesto: 
-  - ✅ <b>Windows 10</b>
-  - ✅ <b>Windows 11</b>
-  - ✅ <b>Windows Server 2016</b>
-  - ✅ <b>Windows Server 2019</b>
-  - ✅ <b>Windows Server 2022</b>
-ms.technology: itpro-security
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
+- ✅ <a href=https://learn.microsoft.com/en-us/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
 ---
 # Windows Defender Credential Guard protection limits
 
 Some ways to store credentials are not protected by Windows Defender Credential Guard, including:
 
--   Software that manages credentials outside of Windows feature protection
--   Local accounts and Microsoft Accounts
--   Windows Defender Credential Guard doesn't protect the Active Directory database running on Windows Server 2016 domain controllers. It also doesn't protect credential input pipelines, such as Windows Server 2016 servers running Remote Desktop Gateway. If you're using a Windows Server 2016 server as a client PC, it will get the same protection as it would when running Windows 10 Enterprise.
--   Key loggers
--   Physical attacks
--   Doesn't prevent an attacker with malware on the PC from using the privileges associated with any credential. We recommend using dedicated PCs for high value accounts, such as IT Pros and users with access to high value assets in your organization.
--   Third-party security packages
--   Digest and CredSSP credentials
-    -   When Windows Defender Credential Guard is enabled, neither Digest nor CredSSP have access to users' logon credentials. This implies no Single Sign-On use for these protocols.
--   Supplied credentials for NTLM authentication aren't protected. If a user is prompted for and enters credentials for NTLM authentication, these credentials are vulnerable to be read from LSASS memory. These same credentials are vulnerable to key loggers as well.- 
--  Kerberos service tickets aren't protected by Credential Guard, but the Kerberos Ticket Granting Ticket (TGT) is.
--  When Windows Defender Credential Guard is deployed on a VM, Windows Defender Credential Guard protects secrets from attacks inside the VM. However, it doesn't provide additional protection from privileged system attacks originating from the host.
--  Windows logon cached password verifiers (commonly called "cached credentials")
-don't qualify as credentials because they can't be presented to another computer for authentication, and can only be used locally to verify credentials. They're stored in the registry on the local computer and provide validation for credentials when a domain-joined computer can't connect to AD DS during user logon. These “cached logons”, or more specifically, cached domain account information, can be managed using the security policy setting **Interactive logon: Number of previous logons to cache** if a domain controller isn't available.
+- Software that manages credentials outside of Windows feature protection
+- Local accounts and Microsoft Accounts
+- Windows Defender Credential Guard doesn't protect the Active Directory database running on Windows Server domain controllers. It also doesn't protect credential input pipelines, such as Windows Server running Remote Desktop Gateway. If you're using a Windows Server OS as a client PC, it will get the same protection as it would when running a Windows client OS.
+- Key loggers
+- Physical attacks
+- Doesn't prevent an attacker with malware on the PC from using the privileges associated with any credential. We recommend using dedicated PCs for high value accounts, such as IT Pros and users with access to high value assets in your organization.
+- Third-party security packages
+- Digest and CredSSP credentials
+  - When Windows Defender Credential Guard is enabled, neither Digest nor CredSSP have access to users' logon credentials. This implies no Single Sign-On use for these protocols.
+- Supplied credentials for NTLM authentication aren't protected. If a user is prompted for and enters credentials for NTLM authentication, these credentials are vulnerable to be read from LSASS memory. These same credentials are vulnerable to key loggers as well.- 
+- Kerberos service tickets aren't protected by Credential Guard, but the Kerberos Ticket Granting Ticket (TGT) is.
+- When Windows Defender Credential Guard is deployed on a VM, Windows Defender Credential Guard protects secrets from attacks inside the VM. However, it doesn't provide additional protection from privileged system attacks originating from the host.
+- Windows logon cached password verifiers (commonly called "cached credentials")
+don't qualify as credentials because they can't be presented to another computer for authentication, and can only be used locally to verify credentials. They're stored in the registry on the local computer and provide validation for credentials when a domain-joined computer can't connect to AD DS during user logon. These *cached logons*, or more specifically, *cached domain account information*, can be managed using the security policy setting **Interactive logon: Number of previous logons to cache** if a domain controller isn't available.
 
 ## See also
 
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
index 2e2a82219b..6112d90366 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
@@ -1,26 +1,14 @@
 ---
-title: Windows Defender Credential Guard Requirements (Windows)
+title: Windows Defender Credential Guard requirements
 description: Windows Defender Credential Guard baseline hardware, firmware, and software requirements, and additional protections for improved security.
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: paolomatarazzo
-ms.author: paoloma
-ms.reviewer: zwhittington
-manager: aaroncz
-ms.collection: 
-  - M365-identity-device-management
-ms.topic: article
 ms.date: 12/27/2021
+ms.topic: article
 appliesto: 
-  - ✅ <b>Windows 10</b>
-  - ✅ <b>Windows 11</b>
-  - ✅ <b>Windows Server 2016</b>
-  - ✅ <b>Windows Server 2019</b>
-  - ✅ <b>Windows Server 2022</b>
-ms.technology: itpro-security
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
+- ✅ <a href=https://learn.microsoft.com/en-us/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
 ---
 
-# Windows Defender Credential Guard: Requirements
+# Windows Defender Credential Guard requirements
 
 For Windows Defender Credential Guard to provide protection, the computers you are protecting must meet certain baseline hardware, firmware, and software requirements, which we will refer to as [Hardware and software requirements](#hardware-and-software-requirements). Additionally, Windows Defender Credential Guard blocks specific authentication capabilities, so applications that require such capabilities will break. We will refer to these requirements as [Application requirements](#application-requirements). Beyond these requirements, computers can meet additional hardware and firmware qualifications, and receive additional protections. Those computers will be more hardened against certain threats. For detailed information on baseline protections, plus protections for improved security that are associated with hardware and firmware options available in 2015, 2016, and 2017, refer to the tables in [Security Considerations](#security-considerations).
 
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-scripts.md b/windows/security/identity-protection/credential-guard/credential-guard-scripts.md
index 8b39b99573..867ad14148 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-scripts.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-scripts.md
@@ -1,23 +1,20 @@
 ---
 title: Scripts for Certificate Issuance Policies in Windows Defender Credential Guard (Windows)
 description: Obtain issuance policies from the certificate authority for Windows Defender Credential Guard on Windows.
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: paolomatarazzo
-ms.author: paoloma
-ms.reviewer: erikdau
-manager: aaroncz
-ms.collection: M365-identity-device-management
-ms.topic: article
-ms.date: 08/17/2017
-ms.technology: itpro-security
+ms.date: 11/22/2022
+ms.topic: reference
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
+- ✅ <a href=https://learn.microsoft.com/en-us/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
 ---
 
-# Windows Defender Credential Guard: Scripts for Certificate Authority Issuance Policies
+# Windows Defender Credential Guard: scripts for certificate authority issuance policies
 
-Here is a list of scripts mentioned in this topic.
+Expand each section to see the PowerShell scripts:
 
-## <a href="" id="bkmk-getscript"></a>Get the available issuance policies on the certificate authority
+<br>
+<details>
+<summary><b>Get the available issuance policies on the certificate authority</b></summary>
 
 Save this script file as get-IssuancePolicy.ps1.
 
@@ -207,8 +204,12 @@ write-host "There are no issuance policies which are not mapped to groups"
 ```
 > [!NOTE]
 > If you're having trouble running this script, try replacing the single quote after the ConvertFrom-StringData parameter.
- 
-## <a href="" id="bkmk-setscript"></a>Link an issuance policy to a group
+
+</details>
+
+<br>
+<details>
+<summary><b>Link an issuance policy to a group</b></summary>
 
 Save the script file as set-IssuancePolicyToGroupLink.ps1.
 
@@ -489,3 +490,5 @@ write-host $tmp -Foreground Red
 
 > [!NOTE]
 > If you're having trouble running this script, try replacing the single quote after the ConvertFrom-StringData parameter.
+
+</details>
diff --git a/windows/security/identity-protection/credential-guard/credential-guard.md b/windows/security/identity-protection/credential-guard/credential-guard.md
index 950eb3a95c..fe35c4ca75 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard.md
@@ -1,24 +1,13 @@
 ---
 title: Protect derived domain credentials with Windows Defender Credential Guard (Windows)
 description: Windows Defender Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them.
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: paolomatarazzo
-ms.author: paoloma
-ms.reviewer: erikdau
-manager: aaroncz
-ms.collection: 
-  - M365-identity-device-management
-  - highpri
+ms.date: 11/22/2022
 ms.topic: article
-ms.date: 03/10/2022
+ms.collection: 
+  - highpri
 appliesto: 
-  - ✅ <b>Windows 10</b>
-  - ✅ <b>Windows 11</b>
-  - ✅ <b>Windows Server 2016</b>
-  - ✅ <b>Windows Server 2019</b>
-  - ✅ <b>Windows Server 2022</b>
-ms.technology: itpro-security
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
+- ✅ <a href=https://learn.microsoft.com/en-us/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
 ---
 
 # Protect derived domain credentials with Windows Defender Credential Guard
diff --git a/windows/security/identity-protection/credential-guard/dg-readiness-tool.md b/windows/security/identity-protection/credential-guard/dg-readiness-tool.md
index bfb971ef4f..b4e156aa00 100644
--- a/windows/security/identity-protection/credential-guard/dg-readiness-tool.md
+++ b/windows/security/identity-protection/credential-guard/dg-readiness-tool.md
@@ -1,21 +1,11 @@
 ---
 title: Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool
 description: Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool script
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: paolomatarazzo
-ms.author: paoloma
-ms.reviewer: erikdau
-manager: aaroncz
-ms.collection: M365-identity-device-management
-ms.topic: article
-appliesto: 
-  - ✅ <b>Windows 10</b>
-  - ✅ <b>Windows 11</b>
-  - ✅ <b>Windows Server 2016</b>
-  - ✅ <b>Windows Server 2019</b>
-  - ✅ <b>Windows Server 2022</b>
-ms.technology: itpro-security
+ms.date: 11/22/2022
+ms.topic: reference
+appliesto:
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
+- ✅ <a href=https://learn.microsoft.com/en-us/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
 ---
 
 # Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool

From 232b954a954a867348a388d045384059564ff4d6 Mon Sep 17 00:00:00 2001
From: zwhitt-microsoft <101152161+zwhitt-microsoft@users.noreply.github.com>
Date: Tue, 22 Nov 2022 12:28:21 -0800
Subject: [PATCH 06/93] Added 22H2 Known Issues Section

Bulk of 22H2 update, added a unified 22H2 SSO breakage section to the "Known Issues" page, which can be linked to by other comms.
---
 .../credential-guard-known-issues.md          | 115 +++++++++++++-----
 1 file changed, 84 insertions(+), 31 deletions(-)

diff --git a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
index 2c5fe11327..517b038409 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
@@ -5,7 +5,7 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 ms.author: paoloma
-ms.reviewer: erikdau
+ms.reviewer: zwhittington
 manager: aaroncz
 ms.collection: M365-identity-device-management
 ms.topic: article
@@ -22,45 +22,56 @@ ms.technology: itpro-security
 
 Windows Defender Credential Guard has certain application requirements. Windows Defender Credential Guard blocks specific authentication capabilities. So applications that require such capabilities won't function when it's enabled. For more information, see [Application requirements](credential-guard-requirements.md#application-requirements).
 
-The following known issues have been fixed in the [Cumulative Security Update for November 2017](https://support.microsoft.com/topic/november-27-2017-kb4051033-os-build-14393-1914-447b6b88-e75d-0a24-9ab9-5dcda687aaf4):
+## Known Issue: Single Sign-On (SSO) for Network services breaks after upgrading to **Windows 11, version 22H2**  
 
-- Scheduled tasks with domain user-stored credentials fail to run when Credential Guard is enabled. The task fails and reports Event ID 104 with the following message:
+### Affected devices:  
+Any device that enables Windows Defender Credential Guard may encounter this issue. As part of the Windows 11, version 22H2 update, eligible devices which had not previously explicitly disabled Windows Defender Credential Guard had it enabled by default. This affected all devices on Enterprise (E3 and E5) and Education licenses, as well as some Pro licenses*, as long as they met the [minimum hardware requirements](credential-guard-requirements.md#hardware-and-software-requirements). 
+  
+\* All Pro devices which previously ran Windows Defender Credential Guard on an eligible license and later downgraded to Pro, and which still meet the [minimum hardware requirements](credential-guard-requirements.md#hardware-and-software-requirements), will receive default enablement.  
 
-    ```console
-    Task Scheduler failed to log on '\Test'.
-    Failure occurred in 'LogonUserExEx'.
-    User Action: Ensure the credentials for the task are correctly specified.
-    Additional Data: Error Value: 2147943726. 2147943726: ERROR\_LOGON\_FAILURE (The user name or password is incorrect).
-    ```
+> [!TIP]
+> To determine if your Pro device will receive default enablement when upgraded to **Windows 11, version 22H2**, do the following **before** upgrading:  
+> Check if the registry key `IsolatedCredentialsRootSecret` is present in `Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0`. If it is present, the device will have Windows Defender Credential Guard enabled after upgrading. Note that Windows Defender Credential Guard can be disabled after upgrade by following the [disablement instructions](credential-guard-manage#disable-windows-defender-credential-guard).
 
-- When you enable NTLM audit on the domain controller, an Event ID 8004 with an indecipherable username format is logged. You also get a similar user name in a user logon failure event 4625 with error 0xC0000064 on the machine itself. For example:
+### Symptoms of the issue:  
+Devices that use 802.1x wireless or wired network, RDP, or VPN connections that rely on insecure protocols with password-based authentication will be unable to use SSO to login and will be forced to manually re-authenticate in every new Windows session.  
 
-    ```console
-    Log Name: Microsoft-Windows-NTLM/Operational
-    Source: Microsoft-Windows-Security-Netlogon
-    Event ID: 8004
-    Task Category: Auditing NTLM
-    Level: Information
-    Description:
-    Domain Controller Blocked Audit: Audit NTLM authentication to this domain controller.
-    Secure Channel name: <Secure Channel Name>
-    User name:
-    @@CyBAAAAUBQYAMHArBwUAMGAoBQZAQGA1BAbAUGAyBgOAQFAhBwcAsGA6AweAgDA2AQQAMEAwAANAgDA1AQLAIEADBQRAADAtAANAYEA1AwQA0CA5AAOAMEAyAQLAYDAxAwQAEDAEBwMAMEAwAgMAMDACBgRA0HA
-    Domain name: NULL
-    ```
+### Why this is happening:  
+Applications and services are affected by this issue when they rely on insecure protocols that use password-based authentication. Windows Defender Credential Guard blocks the use of these insecure protocols by design. Affected procols include:
+  - Kerberos unconstrained delegation (both SSO and supplied credentials are blocked)
+  - Kerberos when PKINIT uses RSA encryption instead of Diffie-Hellman (both SSO and supplied credentials are blocked)
+  - WDigest (only SSO is blocked)
+  - NTLM v1 (only SSO is blocked)
+  - MS-CHAP (only SSO is blocked)
 
-  - This event stems from a scheduled task running under local user context with the [Cumulative Security Update for November 2017](https://support.microsoft.com/topic/november-27-2017-kb4051033-os-build-14393-1914-447b6b88-e75d-0a24-9ab9-5dcda687aaf4) or later and happens when Credential Guard is enabled.
-  - The username appears in an unusual format because local accounts aren't protected by Credential Guard. The task also fails to execute.
-  - As a workaround, run the scheduled task under a domain user or the computer's SYSTEM account.
+### Options to fix the issue:  
 
-The following known issues have been fixed by servicing releases made available in the Cumulative Security Updates for April 2017:
+Microsoft recommends that organizations move away from MSCHAPv2-based connections such as PEAP-MSCHAPv2 and EAP-MSCHAPv2, to certificate-based authentication such as PEAP-TLS or EAP-TLS. Windows Defender Credential Guard will not block certificate-based authentication.  
 
-- [KB4015217 Windows Defender Credential Guard generates double bad password count on Active Directory domain-joined Windows machines](https://support.microsoft.com/topic/april-11-2017-kb4015217-os-build-14393-1066-and-14393-1083-b5f79067-98bd-b4ec-8b81-5d858d7dc722)
+For a more immediate but less secure fix, simply [disable Windows Defender Credential Guard](credential-guard-manage#disable-windows-defender-credential-guard). Note that Windows Defender Credential Guard does not have per-protocol or per-application policies, and must either be completely on or off. Disabling Windows Defender Credential Guard will leave some stored domain credentials vulnerable to theft. Windows Defender Credential Guard can be disabled after it has already been enabled, or it can be explicitly disabled prior to updating to Windows 11, version 22H2, which will prevent default enablement from occurring.  
 
-    This issue can potentially lead to unexpected account lockouts. For more information, see the following support articles:
+> [!TIP]
+> To _prevent_ default enablement, [use Group Policy to explicitly disable Windows Defender Credential Guard](credential-guard-manage#disabling-windows-defender-credential-guard-using-group-policy) before installing the Windows 11, version 22H2 update. If the GPO value is not configured (it typically is not configured by default), the device will receive default enablement after updating, if eligible. If the GPO value is set to "disabled", it will not be enabled after updating.  
 
-  - [KB4015219](https://support.microsoft.com/topic/april-11-2017-kb4015219-os-build-10586-873-68b8e379-aafa-ea6c-6b29-56d19785e657)
-  - [KB4015221](https://support.microsoft.com/topic/april-11-2017-kb4015221-os-build-10240-17354-743f52bc-a484-d23f-71f5-b9957cbae0e6)
+> [!NOTE]
+> MS-CHAP and NTLMv1 are particularly relevant to the observed SSO breakage after the Windows 11, version 22H2 update. To confirm whether Windows Defender Credential Guard is blocking either of these protocols, check the NTLM event logs for the following warning and/or error:  
+  >  
+  > **Event ID 4013** (Warning)  
+  > ```
+  > <string  
+  >   id="NTLMv1BlockedByCredGuard"  
+  >   value="Attempt to use NTLMv1 failed.
+  >   Target server: %1%nSupplied user: %2%nSupplied domain: %3%nPID of client process: %4%nName of client process: %5%nLUID of client process: %6%nUser identity of client process: %7%nDomain name of user identity of client process: %8%nMechanism OID: %9%n%nThis device does not support NTLMv1. For more information, see https://go.microsoft.com/fwlink/?linkid=856826."  
+  > />  
+  >  ```
+  >  
+  > **Event ID 4014** (Error)  
+  > ```
+  > <string  
+  >    id="NTLMGetCredentialKeyBlockedByCredGuard"  
+  >    value="Attempt to get credential key by call package blocked by Credential Guard.%n%nCalling Process Name: %1%nService Host Tag: %2"  
+  > />  
+  > ```
 
 ## Known issues involving third-party applications
 
@@ -112,3 +123,45 @@ Windows Defender Credential Guard isn't supported by the following products, pro
 This list isn't comprehensive. Check whether your product vendor, product version, or computer system supports Windows Defender Credential Guard on systems that run Windows or specific versions of Windows. Specific computer system models may be incompatible with Windows Defender Credential Guard.
 
 Microsoft encourages third-party vendors to contribute to this page by providing relevant product support information and by adding links to their own product support statements.
+  
+## Previous known issues that have been fixed
+  
+The following known issues have been fixed in the [Cumulative Security Update for November 2017](https://support.microsoft.com/topic/november-27-2017-kb4051033-os-build-14393-1914-447b6b88-e75d-0a24-9ab9-5dcda687aaf4):
+
+- Scheduled tasks with domain user-stored credentials fail to run when Credential Guard is enabled. The task fails and reports Event ID 104 with the following message:
+
+    ```console
+    Task Scheduler failed to log on '\Test'.
+    Failure occurred in 'LogonUserExEx'.
+    User Action: Ensure the credentials for the task are correctly specified.
+    Additional Data: Error Value: 2147943726. 2147943726: ERROR\_LOGON\_FAILURE (The user name or password is incorrect).
+    ```
+
+- When you enable NTLM audit on the domain controller, an Event ID 8004 with an indecipherable username format is logged. You also get a similar user name in a user logon failure event 4625 with error 0xC0000064 on the machine itself. For example:
+
+    ```console
+    Log Name: Microsoft-Windows-NTLM/Operational
+    Source: Microsoft-Windows-Security-Netlogon
+    Event ID: 8004
+    Task Category: Auditing NTLM
+    Level: Information
+    Description:
+    Domain Controller Blocked Audit: Audit NTLM authentication to this domain controller.
+    Secure Channel name: <Secure Channel Name>
+    User name:
+    @@CyBAAAAUBQYAMHArBwUAMGAoBQZAQGA1BAbAUGAyBgOAQFAhBwcAsGA6AweAgDA2AQQAMEAwAANAgDA1AQLAIEADBQRAADAtAANAYEA1AwQA0CA5AAOAMEAyAQLAYDAxAwQAEDAEBwMAMEAwAgMAMDACBgRA0HA
+    Domain name: NULL
+    ```
+
+  - This event stems from a scheduled task running under local user context with the [Cumulative Security Update for November 2017](https://support.microsoft.com/topic/november-27-2017-kb4051033-os-build-14393-1914-447b6b88-e75d-0a24-9ab9-5dcda687aaf4) or later and happens when Credential Guard is enabled.
+  - The username appears in an unusual format because local accounts aren't protected by Credential Guard. The task also fails to execute.
+  - As a workaround, run the scheduled task under a domain user or the computer's SYSTEM account.
+
+The following known issues have been fixed by servicing releases made available in the Cumulative Security Updates for April 2017:
+
+- [KB4015217 Windows Defender Credential Guard generates double bad password count on Active Directory domain-joined Windows machines](https://support.microsoft.com/topic/april-11-2017-kb4015217-os-build-14393-1066-and-14393-1083-b5f79067-98bd-b4ec-8b81-5d858d7dc722)
+
+    This issue can potentially lead to unexpected account lockouts. For more information, see the following support articles:
+
+  - [KB4015219](https://support.microsoft.com/topic/april-11-2017-kb4015219-os-build-10586-873-68b8e379-aafa-ea6c-6b29-56d19785e657)
+  - [KB4015221](https://support.microsoft.com/topic/april-11-2017-kb4015221-os-build-10240-17354-743f52bc-a484-d23f-71f5-b9957cbae0e6)

From a0d3f024380c65878885339837e35b5054a3b174 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Wed, 23 Nov 2022 10:37:22 -0500
Subject: [PATCH 07/93] updates

---
 windows/security/TOC.yml                      | 238 +++++++++---------
 .../access-control/local-accounts.md          | 111 ++++----
 2 files changed, 166 insertions(+), 183 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index c364767760..d0acdd1a6d 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -45,45 +45,45 @@
       href: /windows-hardware/design/device-experiences/oem-highly-secure
 - name: Operating system security
   items:
-   - name: Overview
-     href: operating-system.md
-   - name: System security
-     items:
-     - name: Secure the Windows boot process
-       href: information-protection/secure-the-windows-10-boot-process.md
-     - name: Trusted Boot
-       href: trusted-boot.md
-     - name: Cryptography and certificate management
-       href: cryptography-certificate-mgmt.md
-     - name: The Windows Security app
-       href: threat-protection/windows-defender-security-center/windows-defender-security-center.md
-       items:
-       - name: Virus & threat protection
-         href: threat-protection\windows-defender-security-center\wdsc-virus-threat-protection.md
-       - name: Account protection
-         href: threat-protection\windows-defender-security-center\wdsc-account-protection.md
-       - name: Firewall & network protection
-         href: threat-protection\windows-defender-security-center\wdsc-firewall-network-protection.md
-       - name: App & browser control
-         href: threat-protection\windows-defender-security-center\wdsc-app-browser-control.md
-       - name: Device security
-         href: threat-protection\windows-defender-security-center\wdsc-device-security.md
-       - name: Device performance & health
-         href: threat-protection\windows-defender-security-center\wdsc-device-performance-health.md
-       - name: Family options
-         href: threat-protection\windows-defender-security-center\wdsc-family-options.md
-     - name: Security policy settings
-       href: threat-protection/security-policy-settings/security-policy-settings.md
-     - name: Security auditing
-       href: threat-protection/auditing/security-auditing-overview.md
-   - name: Encryption and data protection
-     href: encryption-data-protection.md
-     items:
-     - name: Encrypted Hard Drive
-       href: information-protection/encrypted-hard-drive.md
-     - name: BitLocker
-       href: information-protection/bitlocker/bitlocker-overview.md
-       items:
+    - name: Overview
+      href: operating-system.md
+    - name: System security
+      items:
+      - name: Secure the Windows boot process
+        href: information-protection/secure-the-windows-10-boot-process.md
+      - name: Trusted Boot
+        href: trusted-boot.md
+      - name: Cryptography and certificate management
+        href: cryptography-certificate-mgmt.md
+      - name: The Windows Security app
+        href: threat-protection/windows-defender-security-center/windows-defender-security-center.md
+        items:
+        - name: Virus & threat protection
+          href: threat-protection\windows-defender-security-center\wdsc-virus-threat-protection.md
+        - name: Account protection
+          href: threat-protection\windows-defender-security-center\wdsc-account-protection.md
+        - name: Firewall & network protection
+          href: threat-protection\windows-defender-security-center\wdsc-firewall-network-protection.md
+        - name: App & browser control
+          href: threat-protection\windows-defender-security-center\wdsc-app-browser-control.md
+        - name: Device security
+          href: threat-protection\windows-defender-security-center\wdsc-device-security.md
+        - name: Device performance & health
+          href: threat-protection\windows-defender-security-center\wdsc-device-performance-health.md
+        - name: Family options
+          href: threat-protection\windows-defender-security-center\wdsc-family-options.md
+      - name: Security policy settings
+        href: threat-protection/security-policy-settings/security-policy-settings.md
+      - name: Security auditing
+        href: threat-protection/auditing/security-auditing-overview.md
+    - name: Encryption and data protection
+      href: encryption-data-protection.md
+      items:
+      - name: Encrypted Hard Drive
+        href: information-protection/encrypted-hard-drive.md
+      - name: BitLocker
+        href: information-protection/bitlocker/bitlocker-overview.md
+        items:
         - name: Overview of BitLocker Device Encryption in Windows
           href: information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
         - name: BitLocker frequently asked questions (FAQ)
@@ -155,21 +155,21 @@
                   href: information-protection/bitlocker/ts-bitlocker-tpm-issues.md
                 - name: Decode Measured Boot logs to track PCR changes
                   href: information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md
-     - name: Personal Data Encryption (PDE)
-       items:
-       - name: Personal Data Encryption (PDE) overview
-         href: information-protection/personal-data-encryption/overview-pde.md
-       - name: Personal Data Encryption (PDE) frequently asked questions (FAQ)
-         href: information-protection/personal-data-encryption/faq-pde.yml
-       - name: Configure Personal Data Encryption (PDE) in Intune
-         href: information-protection/personal-data-encryption/configure-pde-in-intune.md    
-     - name: Configure S/MIME for Windows
-       href: identity-protection/configure-s-mime.md
-   - name: Network security
-     items:
-     - name: VPN technical guide
-       href: identity-protection/vpn/vpn-guide.md
-       items:
+      - name: Personal Data Encryption (PDE)
+        items:
+        - name: Personal Data Encryption (PDE) overview
+          href: information-protection/personal-data-encryption/overview-pde.md
+        - name: Personal Data Encryption (PDE) frequently asked questions (FAQ)
+          href: information-protection/personal-data-encryption/faq-pde.yml
+        - name: Configure Personal Data Encryption (PDE) in Intune
+          href: information-protection/personal-data-encryption/configure-pde-in-intune.md    
+      - name: Configure S/MIME for Windows
+        href: identity-protection/configure-s-mime.md
+    - name: Network security
+      items:
+      - name: VPN technical guide
+        href: identity-protection/vpn/vpn-guide.md
+        items:
         - name: VPN connection types
           href: identity-protection/vpn/vpn-connection-type.md
         - name: VPN routing decisions
@@ -192,17 +192,17 @@
           href: identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
         - name: Optimizing Office 365 traffic with the Windows VPN client
           href: identity-protection/vpn/vpn-office-365-optimization.md
-     - name: Windows Defender Firewall
-       href: threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
-   - name: Windows security baselines
-     href: threat-protection/windows-security-configuration-framework/windows-security-baselines.md
-     items:
+      - name: Windows Defender Firewall
+        href: threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
+    - name: Windows security baselines
+      href: threat-protection/windows-security-configuration-framework/windows-security-baselines.md
+      items:
       - name: Security Compliance Toolkit
         href: threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
       - name: Get support
         href: threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md
-   - name: Virus & threat protection
-     items:
+    - name: Virus & threat protection
+      items:
       - name: Overview
         href: threat-protection/index.md
       - name: Microsoft Defender Antivirus
@@ -219,8 +219,8 @@
         href: /microsoft-365/security/defender-endpoint/exploit-protection
       - name: Microsoft Defender for Endpoint
         href: /microsoft-365/security/defender-endpoint
-   - name: More Windows security
-     items:
+    - name: More Windows security
+      items:
       - name: Override Process Mitigation Options to help enforce app-related security policies
         href: threat-protection/override-mitigation-options-for-app-related-security-policies.md
       - name: Use Windows Event Forwarding to help with intrusion detection
@@ -230,9 +230,9 @@
       - name: Windows Information Protection (WIP)
         href: information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
         items:
-         - name: Create a WIP policy using Microsoft Intune
-           href: information-protection/windows-information-protection/overview-create-wip-policy.md
-           items:
+          - name: Create a WIP policy using Microsoft Intune
+            href: information-protection/windows-information-protection/overview-create-wip-policy.md
+            items:
             - name: Create a WIP policy in Microsoft Intune
               href: information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
               items:
@@ -244,26 +244,26 @@
               href: information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
             - name: Determine the enterprise context of an app running in WIP
               href: information-protection/windows-information-protection/wip-app-enterprise-context.md
-         - name: Create a WIP policy using Microsoft Configuration Manager
-           href: information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md
-           items:
+          - name: Create a WIP policy using Microsoft Configuration Manager
+            href: information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md
+            items:
             - name: Create and deploy a WIP policy in Configuration Manager
               href: information-protection/windows-information-protection/create-wip-policy-using-configmgr.md
             - name: Create and verify an EFS Data Recovery Agent (DRA) certificate
               href: information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
             - name: Determine the enterprise context of an app running in WIP
               href: information-protection/windows-information-protection/wip-app-enterprise-context.md
-         - name: Mandatory tasks and settings required to turn on WIP
-           href: information-protection/windows-information-protection/mandatory-settings-for-wip.md
-         - name: Testing scenarios for WIP
-           href: information-protection/windows-information-protection/testing-scenarios-for-wip.md
-         - name: Limitations while using WIP
-           href: information-protection/windows-information-protection/limitations-with-wip.md
-         - name: How to collect WIP audit event logs
-           href: information-protection/windows-information-protection/collect-wip-audit-event-logs.md
-         - name: General guidance and best practices for WIP
-           href: information-protection/windows-information-protection/guidance-and-best-practices-wip.md
-           items:
+          - name: Mandatory tasks and settings required to turn on WIP
+            href: information-protection/windows-information-protection/mandatory-settings-for-wip.md
+          - name: Testing scenarios for WIP
+            href: information-protection/windows-information-protection/testing-scenarios-for-wip.md
+          - name: Limitations while using WIP
+            href: information-protection/windows-information-protection/limitations-with-wip.md
+          - name: How to collect WIP audit event logs
+            href: information-protection/windows-information-protection/collect-wip-audit-event-logs.md
+          - name: General guidance and best practices for WIP
+            href: information-protection/windows-information-protection/guidance-and-best-practices-wip.md
+            items:
             - name: Enlightened apps for use with WIP
               href: information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
             - name: Unenlightened and enlightened app behavior while using WIP
@@ -272,36 +272,36 @@
               href: information-protection/windows-information-protection/recommended-network-definitions-for-wip.md
             - name: Using Outlook Web Access with WIP
               href: information-protection/windows-information-protection/using-owa-with-wip.md
-         - name: Fine-tune WIP Learning
-           href: information-protection/windows-information-protection/wip-learning.md
-         - name: Disable WIP
-           href: information-protection/windows-information-protection/how-to-disable-wip.md
+          - name: Fine-tune WIP Learning
+            href: information-protection/windows-information-protection/wip-learning.md
+          - name: Disable WIP
+            href: information-protection/windows-information-protection/how-to-disable-wip.md
 - name: Application security
   items:
-   - name: Overview
-     href: apps.md
-   - name: Windows Defender Application Control and virtualization-based protection of code integrity
-     href: threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
-   - name: Windows Defender Application Control
-     href: threat-protection\windows-defender-application-control\windows-defender-application-control.md
-   - name: Microsoft Defender Application Guard
-     href: threat-protection\microsoft-defender-application-guard\md-app-guard-overview.md
-   - name: Windows Sandbox
-     href: threat-protection/windows-sandbox/windows-sandbox-overview.md
-     items:
+    - name: Overview
+      href: apps.md
+    - name: Windows Defender Application Control and virtualization-based protection of code integrity
+      href: threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
+    - name: Windows Defender Application Control
+      href: threat-protection\windows-defender-application-control\windows-defender-application-control.md
+    - name: Microsoft Defender Application Guard
+      href: threat-protection\microsoft-defender-application-guard\md-app-guard-overview.md
+    - name: Windows Sandbox
+      href: threat-protection/windows-sandbox/windows-sandbox-overview.md
+      items:
         - name: Windows Sandbox architecture
           href: threat-protection/windows-sandbox/windows-sandbox-architecture.md
         - name: Windows Sandbox configuration
           href: threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
-   - name: Microsoft Defender SmartScreen overview
-     href: threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
-     items:
+    - name: Microsoft Defender SmartScreen overview
+      href: threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
+      items:
         - name: Enhanced Phishing Protection in Microsoft Defender SmartScreen
           href: threat-protection\microsoft-defender-smartscreen\phishing-protection-microsoft-defender-smartscreen.md
-   - name: Configure S/MIME for Windows
-     href: identity-protection\configure-s-mime.md
-   - name: Windows Credential Theft Mitigation Guide Abstract
-     href: identity-protection\windows-credential-theft-mitigation-guide-abstract.md
+    - name: Configure S/MIME for Windows
+      href: identity-protection\configure-s-mime.md
+    - name: Windows Credential Theft Mitigation Guide Abstract
+      href: identity-protection\windows-credential-theft-mitigation-guide-abstract.md
 - name: User security and secured identity
   items:
     - name: Overview
@@ -342,15 +342,15 @@
       items:
         - name: Local Accounts
           href: identity-protection/access-control/local-accounts.md
-        - name: User Account Control
-          href: identity-protection/user-account-control/user-account-control-overview.md
-          items:
-            - name: How User Account Control works
-              href: identity-protection/user-account-control/how-user-account-control-works.md
-            - name: User Account Control security policy settings
-              href: identity-protection/user-account-control/user-account-control-security-policy-settings.md
-            - name: User Account Control Group Policy and registry key settings
-              href: identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
+    - name: User Account Control
+      href: identity-protection/user-account-control/user-account-control-overview.md
+      items:
+        - name: How User Account Control works
+          href: identity-protection/user-account-control/how-user-account-control-works.md
+        - name: User Account Control security policy settings
+          href: identity-protection/user-account-control/user-account-control-security-policy-settings.md
+        - name: User Account Control Group Policy and registry key settings
+          href: identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
     - name: Smart Cards
       href: identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md
       items:
@@ -396,14 +396,14 @@
               href: identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md
 - name: Cloud services
   items:
-   - name: Overview
-     href: cloud.md
-   - name: Mobile device management
-     href: /windows/client-management/mdm/
-   - name: Windows 365 Cloud PCs
-     href: /windows-365/overview
-   - name: Azure Virtual Desktop
-     href: /azure/virtual-desktop/
+    - name: Overview
+      href: cloud.md
+    - name: Mobile device management
+      href: /windows/client-management/mdm/
+    - name: Windows 365 Cloud PCs
+      href: /windows-365/overview
+    - name: Azure Virtual Desktop
+      href: /azure/virtual-desktop/
 - name: Security foundations
   items:
     - name: Overview
diff --git a/windows/security/identity-protection/access-control/local-accounts.md b/windows/security/identity-protection/access-control/local-accounts.md
index 7fa46f2d3f..85c1d02be5 100644
--- a/windows/security/identity-protection/access-control/local-accounts.md
+++ b/windows/security/identity-protection/access-control/local-accounts.md
@@ -1,7 +1,7 @@
 ---
 title: Local Accounts
 description: Learn how to secure and manage access to the resources on a standalone or member server for services or users.
-ms.date: 22/11/2022
+ms.date: 11/22/2022
 ms.collection: 
   - highpri
 ms.topic: article
@@ -222,7 +222,7 @@ Each of these approaches is described in the following sections.
 
 ### <a href="" id="sec-enforce-account-restrictions"></a>Enforce local account restrictions for remote access
 
-The User Account Control (UAC) is a security feature in Windows that has been in use in Windows Server 2008 and in Windows Vista, and the operating systems to which the **Applies To** list refers. UAC enables you to stay in control of your computer by informing you when a program makes a change that requires administrator-level permission. UAC works by adjusting the permission level of your user account. By default, UAC is set to notify you when applications try to make changes to your computer, but you can change how often UAC notifies you.
+User Account Control (UAC) is a security feature that informs you when a program makes a change that requires administrative permissions. UAC works by adjusting the permission level of your user account. By default, UAC is set to notify you when applications try to make changes to your computer, but you can change when UAC notifies you.
 
 UAC makes it possible for an account with administrative rights to be treated as a standard user non-administrator account until full rights, also called elevation, is requested and approved. For example, UAC lets an administrator enter credentials during a non-administrator's user session to perform occasional administrative tasks without having to switch users, sign out, or use the **Run as** command.
 
@@ -254,70 +254,49 @@ The following table shows the Group Policy and registry settings that are used t
  
 #### To enforce local account restrictions for remote access
 
-1.  Start the **Group Policy Management** Console (GPMC).
+1. Start the **Group Policy Management** Console (GPMC)
+1. In the console tree, expand &lt;*Forest*&gt;\\Domains\\&lt;*Domain*&gt;, and then **Group Policy Objects** where *forest* is the name of the forest, and *domain* is the name of the domain where you want to set the Group Policy Object (GPO)
+1. In the console tree, right-click **Group Policy Objects > New**
+  :::image type="content" source="images/localaccounts-proc1-sample1.png" alt-text="local accounts":::
+1. In the **New GPO** dialog box, type &lt;**gpo\_name**&gt;, and &gt; **OK** where *gpo\_name* is the name of the new GPO. The GPO name indicates that the GPO is used to restrict local administrator rights from being carried over to another computer
+  :::image type="content" source="images/localaccounts-proc1-sample2.png" alt-text="local accounts":::
+1. In the details pane, right-click &lt;**gpo\_name**&gt;, and &gt; **Edit**
+  :::image type="content" source="images/localaccounts-proc1-sample3.png" alt-text="local accounts":::
+1. Ensure that UAC is enabled and that UAC restrictions apply to the default Administrator account by following these steps:
 
-2.  In the console tree, expand &lt;*Forest*&gt;\\Domains\\&lt;*Domain*&gt;, and then **Group Policy Objects** where *forest* is the name of the forest, and *domain* is the name of the domain where you want to set the Group Policy Object (GPO).
+  - Navigate to the Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\, and &gt; **Security Options**
+  - Double-click **User Account Control: Run all administrators in Admin Approval Mode** &gt; **Enabled** &gt; **OK**
+  - Double-click **User Account Control: Admin Approval Mode for the Built-in Administrator account** &gt; **Enabled** &gt; **OK**
 
-3.  In the console tree, right-click **Group Policy Objects**, and &gt; **New**.
+1. Ensure that the local account restrictions are applied to network interfaces by following these steps:
 
-  ![local accounts 1.](images/localaccounts-proc1-sample1.png)
+  - Navigate to *Computer Configuration\Preferences and Windows Settings*, and > **Registry**
+  - Right-click **Registry**, and &gt; **New** &gt; **Registry Item**
 
-4.  In the **New GPO** dialog box, type &lt;**gpo\_name**&gt;, and &gt; **OK** where *gpo\_name* is the name of the new GPO. The GPO name indicates that the GPO is used to restrict local administrator rights from being carried over to another computer.
+  :::image type="content" source="images/localaccounts-proc1-sample4.png" alt-text="local accounts":::
 
-  ![local accounts 2.](images/localaccounts-proc1-sample2.png)
+  - In the **New Registry Properties** dialog box, on the **General** tab, change the setting in the **Action** box to **Replace**
+  - Ensure that the **Hive** box is set to **HKEY_LOCAL_MACHINE**
+  - Select (**…**), browse to the following location for **Key Path** &gt; **Select** for: `SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System`
+  - In the **Value name** area, type `LocalAccountTokenFilterPolicy`
+  - In the **Value type** box, from the drop-down list, select **REG_DWORD** to change the value
+  - In the **Value data** box, ensure that the value is set to **0**
+  - Verify this configuration, and &gt; **OK**
 
-5.  In the details pane, right-click &lt;**gpo\_name**&gt;, and &gt; **Edit**.
+  :::image type="content" source="images/localaccounts-proc1-sample5.png" alt-text="local accounts":::
 
-  ![local accounts 3.](images/localaccounts-proc1-sample3.png)
+1. Link the GPO to the first **Workstations** organizational unit (OU) by doing the following:
 
-6.  Ensure that UAC is enabled and that UAC restrictions apply to the default Administrator account by following these steps:
+  - Navigate to the `*Forest*\<Domains>\*Domain*\*OU*` path
+  - Right-click the **Workstations > Link an existing GPO**
 
-  1.  Navigate to the Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\, and &gt; **Security Options**.
+  :::image type="content" source="images/localaccounts-proc1-sample6.png" alt-text="local accounts":::
 
-  2.  Double-click **User Account Control: Run all administrators in Admin Approval Mode** &gt; **Enabled** &gt; **OK**.
-
-  3.  Double-click **User Account Control: Admin Approval Mode for the Built-in Administrator account** &gt; **Enabled** &gt; **OK**.
-
-7.  Ensure that the local account restrictions are applied to network interfaces by following these steps:
-
-  1.  Navigate to Computer Configuration\\Preferences and Windows Settings, and &gt; **Registry**.
-
-  2.  Right-click **Registry**, and &gt; **New** &gt; **Registry Item**.
-
-    ![local accounts 4.](images/localaccounts-proc1-sample4.png)
-
-  3.  In the **New Registry Properties** dialog box, on the **General** tab, change the setting in the **Action** box to **Replace**.
-
-  4.  Ensure that the **Hive** box is set to **HKEY\_LOCAL\_MACHINE**.
-
-  5.  Select (**…**), browse to the following location for **Key Path** &gt; **Select** for: **SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System**.
-
-  6.  In the **Value name** area, type **LocalAccountTokenFilterPolicy**.
-
-  7.  In the **Value type** box, from the drop-down list, select **REG\_DWORD** to change the value.
-
-  8.  In the **Value data** box, ensure that the value is set to **0**.
-
-  9.  Verify this configuration, and &gt; **OK**.
-
-    ![local accounts 5.](images/localaccounts-proc1-sample5.png)
-
-8.  Link the GPO to the first **Workstations** organizational unit (OU) by doing the following:
-
-  1.  Navigate to the &lt;*Forest*&gt;\\Domains\\&lt;*Domain*&gt;\\OU path.
-
-  2.  Right-click the **Workstations** OU, and &gt; **Link an existing GPO**.
-
-    ![local accounts 6.](images/localaccounts-proc1-sample6.png)
-
-  3.  Select the GPO that you created, and &gt; **OK**.
-
-9.  Test the functionality of enterprise applications on the workstations in that first OU and resolve any issues caused by the new policy.
-
-10. Create links to all other OUs that contain workstations.
-
-11. Create links to all other OUs that contain servers.
+  - Select the GPO that you created, and &gt; **OK**
 
+1. Test the functionality of enterprise applications on the workstations in that first OU and resolve any issues caused by the new policy
+1. Create links to all other OUs that contain workstations
+1. Create links to all other OUs that contain servers
 ### <a href="" id="sec-deny-network-logon"></a>Deny network logon to all local Administrator accounts
 
 Denying local accounts the ability to perform network logons can help prevent a local account password hash from being reused in a malicious attack. This procedure helps to prevent lateral movement by ensuring that stolen credentials for local accounts from a compromised operating system can't be used to compromise other computers that use the same credentials.
@@ -325,8 +304,6 @@ Denying local accounts the ability to perform network logons can help prevent a
 > [!NOTE]
 > To perform this procedure, you must first identify the name of the local, default Administrator account, which might not be the default user name "Administrator", and any other accounts that are members of the local Administrators group.
 
- 
-
 The following table shows the Group Policy settings that are used to deny network logon for all local Administrator accounts.
 
 |No.|Setting|Detailed Description|
@@ -341,12 +318,16 @@ The following table shows the Group Policy settings that are used to deny networ
 #### To deny network logon to all local administrator accounts
 
 1. Start the **Group Policy Management** Console (GPMC)
-1. In the console tree, expand &lt;*Forest*&gt;\\Domains\\&lt;*Domain*&gt;, and then **Group Policy Objects**, where *forest* is the name of the forest, and *domain* is the name of the domain where you want to set the Group Policy Object (GPO).
-1. In the console tree, right-click **Group Policy Objects**, and &gt; **New**.
+1. In the console tree, expand &lt;*Forest*&gt;\\Domains\\&lt;*Domain*&gt;, and then **Group Policy Objects**, where *forest* is the name of the forest, and *domain* is the name of the domain where you want to set the Group Policy Object (GPO)
+1. In the console tree, right-click **Group Policy Objects**, and &gt; **New**
 1. In the **New GPO** dialog box, type &lt;**gpo\_name**&gt;, and then &gt; **OK** where *gpo\_name* is the name of the new GPO indicates that it's being used to restrict the local administrative accounts from interactively signing in to the computer
+
   ![local accounts 7.](images/localaccounts-proc2-sample1.png)
+
 1. In the details pane, right-click &lt;**gpo\_name**&gt;, and &gt; **Edit**
+
   ![local accounts 8.](images/localaccounts-proc2-sample2.png)
+
 1. Configure the user rights to deny network logons for administrative local accounts as follows:
 1. Navigate to the Computer Configuration\\Windows Settings\\Security Settings\\, and &gt; **User Rights Assignment**
 1. Double-click **Deny access to this computer from the network**
@@ -356,15 +337,17 @@ The following table shows the Group Policy settings that are used to deny networ
 1. Double-click **Deny log on through Remote Desktop Services**
 1. Select **Add User or Group**, type **Local account and member of Administrators group**, and &gt; **OK**
 1. Link the GPO to the first **Workstations** OU as follows:
+
   - Navigate to the &lt;*Forest*&gt;\\Domains\\&lt;*Domain*&gt;\\OU path
   - Right-click the **Workstations** OU, and &gt; **Link an existing GPO**
   - Select the GPO that you created, and &gt; **OK**
-1. Test the functionality of enterprise applications on the workstations in that first OU and resolve any issues caused by the new policy.
-1. Create links to all other OUs that contain workstations.
-1. Create links to all other OUs that contain servers.
 
-  > [!NOTE]
-  > You might have to create a separate GPO if the user name of the default Administrator account is different on workstations and servers.
+1. Test the functionality of enterprise applications on the workstations in that first OU and resolve any issues caused by the new policy
+1. Create links to all other OUs that contain workstations
+1. Create links to all other OUs that contain servers
+
+> [!NOTE]
+> You might have to create a separate GPO if the user name of the default Administrator account is different on workstations and servers.
 
 ### Create unique passwords for local accounts with administrative rights
 

From d2d667cda31534c2d4d1645eaa2efe1aa3aa027b Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Mon, 28 Nov 2022 14:38:19 -0500
Subject: [PATCH 08/93] Update
 windows/security/identity-protection/credential-guard/credential-guard-known-issues.md

Co-authored-by: mapalko <20977663+mapalko@users.noreply.github.com>
---
 .../credential-guard/credential-guard-known-issues.md           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
index 517b038409..962ea3db39 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
@@ -51,7 +51,7 @@ Microsoft recommends that organizations move away from MSCHAPv2-based connection
 For a more immediate but less secure fix, simply [disable Windows Defender Credential Guard](credential-guard-manage#disable-windows-defender-credential-guard). Note that Windows Defender Credential Guard does not have per-protocol or per-application policies, and must either be completely on or off. Disabling Windows Defender Credential Guard will leave some stored domain credentials vulnerable to theft. Windows Defender Credential Guard can be disabled after it has already been enabled, or it can be explicitly disabled prior to updating to Windows 11, version 22H2, which will prevent default enablement from occurring.  
 
 > [!TIP]
-> To _prevent_ default enablement, [use Group Policy to explicitly disable Windows Defender Credential Guard](credential-guard-manage#disabling-windows-defender-credential-guard-using-group-policy) before installing the Windows 11, version 22H2 update. If the GPO value is not configured (it typically is not configured by default), the device will receive default enablement after updating, if eligible. If the GPO value is set to "disabled", it will not be enabled after updating.  
+> To _prevent_ default enablement, [use Group Policy to explicitly disable Windows Defender Credential Guard](credential-guard-manage#disabling-windows-defender-credential-guard-using-group-policy) before updating to Windows 11, version 22H2. If the GPO value is not configured (it typically is not configured by default), the device will receive default enablement after updating, if eligible. If the GPO value is set to "disabled", it will not be enabled after updating.  
 
 > [!NOTE]
 > MS-CHAP and NTLMv1 are particularly relevant to the observed SSO breakage after the Windows 11, version 22H2 update. To confirm whether Windows Defender Credential Guard is blocking either of these protocols, check the NTLM event logs for the following warning and/or error:  

From 2e513a20104d0a12af300f252d1b92981d5dc879 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Mon, 28 Nov 2022 14:39:56 -0500
Subject: [PATCH 09/93] Update credential-guard-known-issues.md

---
 .../credential-guard/credential-guard-known-issues.md           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
index 962ea3db39..d863d5b342 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
@@ -9,7 +9,7 @@ ms.reviewer: zwhittington
 manager: aaroncz
 ms.collection: M365-identity-device-management
 ms.topic: article
-ms.date: 01/26/2022
+ms.date: 11/28/2022
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>

From 30e66f5ac86ea71a3b77182cb7b8fc9e14075af4 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Mon, 28 Nov 2022 15:19:09 -0500
Subject: [PATCH 10/93] updates

---
 windows/security/TOC.yml | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 8cfebcc879..250dc19e5d 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -312,12 +312,13 @@
       href: identity-protection/windows-credential-theft-mitigation-guide-abstract.md
     - name: Enterprise Certificate Pinning
       href: identity-protection/enterprise-certificate-pinning.md
-    - name: Protect derived domain credentials with Credential Guard
-      href: identity-protection/credential-guard/credential-guard.md
+    - name: Credential Guard
       items:
+        - name: Protect derived domain credentials with Credential Guard
+          href: identity-protection/credential-guard/credential-guard.md
         - name: How Credential Guard works
           href: identity-protection/credential-guard/credential-guard-how-it-works.md
-        - name: Credential Guard Requirements
+        - name: Requirements
           href: identity-protection/credential-guard/credential-guard-requirements.md
         - name: Manage Credential Guard
           href: identity-protection/credential-guard/credential-guard-manage.md
@@ -327,11 +328,11 @@
           href: identity-protection/credential-guard/credential-guard-protection-limits.md
         - name: Considerations when using Credential Guard
           href: identity-protection/credential-guard/credential-guard-considerations.md
-        - name: "Credential Guard: Additional mitigations"
+        - name: Additional mitigations
           href: identity-protection/credential-guard/additional-mitigations.md
-        - name: "Credential Guard: Known issues"
+        - name: Known issues
           href: identity-protection/credential-guard/credential-guard-known-issues.md
-    - name: Protect Remote Desktop credentials with Remote Credential Guard
+    - name: Remote Credential Guard
       href: identity-protection/remote-credential-guard.md
     - name: Configuring LSA Protection
       href: /windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection?toc=/windows/security/toc.json&bc=/windows/security/breadcrumb/toc.json

From ef277156076d325e285b6b68fc0e6ad9e09dd928 Mon Sep 17 00:00:00 2001
From: jsuther1974 <jsuther@microsoft.com>
Date: Tue, 29 Nov 2022 16:29:39 -0800
Subject: [PATCH 11/93] Update
 use-code-signing-to-simplify-application-control-for-classic-windows-applications.md

---
 ...ontrol-for-classic-windows-applications.md | 56 ++++++++-----------
 1 file changed, 22 insertions(+), 34 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
index 953d9ae95e..c7b971eed4 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
@@ -1,6 +1,6 @@
 ---
-title: Use code signing to simplify application control for classic Windows applications (Windows)
-description: With embedded signing, your WDAC policies typically don't have to be updated when an app is updated. To set up this embedded signing, you can choose from various methods.
+title: Use code signing for added control and protection with WDAC
+description: Code signing can be used to better control win32 app authorization and add protection for your WDAC policies.
 keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
 ms.prod: windows-client
@@ -11,14 +11,14 @@ ms.localizationpriority: medium
 audience: ITPro
 ms.collection: M365-security-compliance
 author: jsuther1974
-ms.reviewer: isbrahm
+ms.reviewer: jogeurte
 ms.author: vinpa
 manager: aaroncz
-ms.date: 05/03/2018
+ms.date: 11/29/2022
 ms.technology: itpro-security
 ---
 
-# Use code signing to simplify application control for classic Windows applications
+# Use code signing for added control and protection with WDAC
 
 **Applies to:**
 
@@ -29,45 +29,33 @@ ms.technology: itpro-security
 > [!NOTE]
 > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
-This topic covers guidelines for using code signing control classic Windows apps.
+## What is code signing and why is it important?
 
-## Reviewing your applications: application signing and catalog files
+Code signing provides some important benefits to application security features like Windows Defender Application Control (WDAC). First, it allows the system to cryptographically verify that a file hasn't been tampered with since it was signed and before any code is allowed to run. Second, it associates the file with a real-world identity, such as a company or an individual developer. This identity can make your WDAC policy trust decisions easier and allows for real-world consequences when code signing is abused or used maliciously. Although Windows doesn't require software developers to digitally sign their code, most major independent software vendors (ISV) do use code signing for much of their code. And metadata that a developer includes in a file's resource header (.RSRC), such as OriginalFileName or ProductName, can be combined with the file's signing certificate to limit the scope of trust decisions. For example, instead of allowing everything signed by Microsoft, you can choose to allow only files signed by Microsoft where ProductName is "Microsoft Teams". Then use other rules to authorize any other files that need to run.
 
-Typically, Windows Defender Application Control (WDAC) policies are configured to use the application's signing certificate as part or all of what identifies the application as trusted. This purpose means that applications must either use embedded signing—where the signature is part of the binary—or catalog signing, where you generate a "catalog file" from the applications, sign it, and through the signed catalog file, configure the WDAC policy to recognize the applications as signed.
+Wherever possible, you should require all app binaries and scripts are code signed as part of your app acceptance criteria. And, you should ensure that internal line-of-business (LOB) app developers have access to code signing certificates controlled by your organization.
 
-Catalog files can be useful for unsigned LOB applications that can't easily be given an embedded signature. However, catalogs need to be updated each time an application is updated. In contrast, with embedded signing, your Windows Defender Application Control policies typically don't have to be updated when an application is updated. For this reason, if code-signing is or can be included in your in-house application development process, it can simplify the management of WDAC (compared to using catalog signing).
+## Catalog signing
 
-To obtain signed applications or embed signatures in your in-house applications, you can choose from various methods:
+App binaries and scripts are typically either embed-signed or catalog-signed. Embedded signatures become part of the file itself and are carried with the file wherever it's copied or moved. Catalog signatures, on the other hand, are detached from the individual file(s). Instead, a separate "catalog file" is created that contains hash values for one or more files to be signed. This catalog file is then digitally signed and applied to any computer where you want the signature to exist. Any file whose hash value is included in the signed catalog inherits the signature from the catalog file. A file may have multiple signatures, including a mix of embedded and catalog signatures.
 
-- Using the Microsoft Store publishing process. All apps that come out of the Microsoft Store are automatically signed with special signatures that can roll up to our certificate authority (CA) or to your own.
+You can use catalog files to easily add a signature to an existing application without needing access to the original source files and without any expensive repackaging. You can even use catalog files to add your own signature to an ISV app when you don't want to trust everything the ISV signs directly, themselves. Then you just deploy the signed catalog along with the app to all your managed endpoints.
 
-- Using your own digital certificate or public key infrastructure (PKI). ISV's and enterprises can sign their own Classic Windows applications themselves, adding themselves to the trusted list of signers.
+> [!NOTE] Since catalogs identify the files they sign by hash, any change to the file may invalidate its signature. You will need to deploy updated catalog signatures any time the application is updated. Integrating code signing with your app development or app deployment processes is generally the best approach. Be aware of self-updating apps, as their app binaries may change without your knowledge.
 
-- Using a non-Microsoft signing authority. ISV's and enterprises can use a trusted non-Microsoft signing authority to sign all of their own Classic Windows applications.
+To learn how to create and manage catalog files for existing apps, see [Deploy catalog files to support Windows Defender Application Control](deploy-catalog-files-to-support-windows-defender-application-control.md).
 
-To use catalog signing, you can choose from the following options:
+## Signed WDAC policies
 
-- Use the Windows Defender signing portal available in the Microsoft Store for Business and Education. The portal is a Microsoft web service that you can use to sign your Classic Windows applications. 
+While a WDAC policy begins as an XML document, it's then converted into a binary-encoded file before deployment. This binary version of your WDAC policy can be code signed like any other application binary, offering many of the same benefits as described above for signed code. Additionally, signed policies are treated specially by WDAC and help protect against tampering or removal of a WDAC policy even by an admin user.
 
-- Create your own catalog files, which are described in the next section. 
+For more information on using signed WDAC policies, see [Use signed policies to protect WDAC against tampering](/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering)
 
-### Catalog files
+## Obtain code signing certificates for your own use
 
-Catalog files (which you can create in Windows 10 and Windows 11 with a tool called Package Inspector) contain information about all deployed and executed binary files associated with your trusted but unsigned applications. When you create catalog files, you can also include signed applications for which you don't want to trust the signer but rather the specific application. After creating a catalog, you must sign the catalog file itself by using enterprise public key infrastructure (PKI), or a purchased code signing certificate. Then you can distribute the catalog, so that your trusted applications can be handled by Windows Defender Application Control in the same way as any other signed application.
+Some ways to obtain code signing certificates for your own use, include:
 
-Catalog files are Secure Hash Algorithm 2 (SHA2) hash lists of discovered binaries. These binaries' hash values are updated each time an application is updated, which requires the catalog file to be updated also.
-
-After you've created and signed your catalog files, you can configure your WDAC policies to trust the signer or signing certificate of those files.
-
-> [!NOTE]
-> Package Inspector only works on operating systems that support Windows Defender, such as Windows 10 and Windows 11 Enterprise, Windows 10 and Windows 11 Education, Windows 2016 Server, or Windows Enterprise IoT.
-
-For procedures for working with catalog files, see [Deploy catalog files to support Windows Defender Application Control](deploy-catalog-files-to-support-windows-defender-application-control.md).
-
-## Windows Defender Application Control policy formats and signing
-
-When you generate a Windows Defender Application Control policy, you're generating a binary-encoded XML document that includes configuration settings for both the User and Kernel-modes of Windows 10 and Windows 11 Enterprise, along with restrictions on Windows 10 and Windows 11 script hosts. You can view your original XML document in a text editor, for example if you want to check the rule options that are present in the **&lt;Rules&gt;** section of the file.
-
-We recommend that you keep the original XML file for use when you need to merge the WDAC policy with another policy or update its rule options. For deployment purposes, the file is converted to a binary format, which can be done using a simple Windows PowerShell command.
-
-When the Windows Defender Application Control policy is deployed, it restricts the software that can run on a device. The XML document can be signed, helping to add more protection against administrative users changing or removing the policy. 
+- Purchase a code signing certificate from one of the [Microsoft Trusted Root Program participants](/security/trusted-root/participants-list.md)
+- Use your own digital certificate or public key infrastructure (PKI) to issue code signing certificates
+- Use Microsoft's [Azure Code Signing (ACS)](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/azure-code-signing-democratizing-trust-for-developers-and/ba-p/3604669) service
+- Use the ["Device Guard signing service v2"](/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business)

From 45dc209393f9eeec70119cdff6a10a4a5f75172b Mon Sep 17 00:00:00 2001
From: tiaraquan <tiaraquan@microsoft.com>
Date: Wed, 30 Nov 2022 13:47:05 -0800
Subject: [PATCH 12/93] Windows quality update reports.

---
 windows/deployment/windows-autopatch/TOC.yml  |  13 +++
 ...utopatch-all-devices-historical-report.png | Bin 0 -> 51960 bytes
 .../windows-autopatch-all-devices-report.png  | Bin 0 -> 116993 bytes
 ...tch-eligible-devices-historical-report.png | Bin 0 -> 43829 bytes
 ...h-ineligible-devices-historical-report.png | Bin 0 -> 39892 bytes
 .../windows-autopatch-summary-dashboard.png   | Bin 0 -> 52748 bytes
 ...patch-wqu-all-devices-historical-report.md |  40 +++++++
 ...indows-autopatch-wqu-all-devices-report.md |  56 +++++++++
 ...-wqu-eligible-devices-historical-report.md |  40 +++++++
 ...qu-ineligible-devices-historical-report.md |  43 +++++++
 .../windows-autopatch-wqu-reports-overview.md | 110 ++++++++++++++++++
 ...windows-autopatch-wqu-summary-dashboard.md |  44 +++++++
 12 files changed, 346 insertions(+)
 create mode 100644 windows/deployment/windows-autopatch/media/windows-autopatch-all-devices-historical-report.png
 create mode 100644 windows/deployment/windows-autopatch/media/windows-autopatch-all-devices-report.png
 create mode 100644 windows/deployment/windows-autopatch/media/windows-autopatch-eligible-devices-historical-report.png
 create mode 100644 windows/deployment/windows-autopatch/media/windows-autopatch-ineligible-devices-historical-report.png
 create mode 100644 windows/deployment/windows-autopatch/media/windows-autopatch-summary-dashboard.png
 create mode 100644 windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-all-devices-historical-report.md
 create mode 100644 windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-all-devices-report.md
 create mode 100644 windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-eligible-devices-historical-report.md
 create mode 100644 windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-ineligible-devices-historical-report.md
 create mode 100644 windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-reports-overview.md
 create mode 100644 windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-summary-dashboard.md

diff --git a/windows/deployment/windows-autopatch/TOC.yml b/windows/deployment/windows-autopatch/TOC.yml
index f2950818eb..5d31d988ca 100644
--- a/windows/deployment/windows-autopatch/TOC.yml
+++ b/windows/deployment/windows-autopatch/TOC.yml
@@ -50,6 +50,19 @@
                       href: operate/windows-autopatch-wqu-end-user-exp.md
                     - name: Windows quality update signals
                       href: operate/windows-autopatch-wqu-signals.md
+                    - name: Windows quality update reports
+                      href: operate/windows-autopatch-wqu-reports-overview.md
+                      items:
+                        - name: Summary dashboard
+                          href: operate/windows-autopatch-wqu-summary-dashboard.md
+                        - name: All devices report
+                          href: operate/windows-autopatch-wqu-all-devices-report.md
+                        - name: All devices report—historical
+                          href: operate/windows-autopatch-wqu-all-devices-historical-report.md
+                        - name: Eligible devices report—historical
+                          href: operate/windows-autopatch-wqu-eligible-devices-historical-report.md
+                        - name: Ineligible devices report—historical
+                          href: operate/windows-autopatch-wqu-ineligible-devices-historical-report.md
                 - name: Windows feature updates
                   href: operate/windows-autopatch-fu-overview.md
                   items:
diff --git a/windows/deployment/windows-autopatch/media/windows-autopatch-all-devices-historical-report.png b/windows/deployment/windows-autopatch/media/windows-autopatch-all-devices-historical-report.png
new file mode 100644
index 0000000000000000000000000000000000000000..4a7cf971979b2e7106d30ed6049ec842d205409f
GIT binary patch
literal 51960
zcmYhiWmH>T7cERn8{CR}ad+3E!QI`0OK~fdQrz7&xVu|%cXuri+}$pH-usR3{>aEU
zNlv!Sz1LiG%@d+1FM$M)2M+}Wg(M{@rVIu3(H;uwg9j|&{S)GA?A!OZ4^GMwB2X3M
z1PAXIpUj2jgrT6SqY$2rKEGeX*-L6UK|vw+{Cj;E_+A8pf*OvH5))Q+*FS!NNhg%>
zTt}FxF+HlKc;X%GXvm|}TF|O7^@+79chyKk=Zb4x?QI(!Nr(GA$YXAZO1YozG|n@T
zk`m`M{vhjls^dKl#nx#L6$`~J+V)0F<m~3+qUMs7DL7GFVQ;{U^XVv61RPCXO$7T1
z6*;Jj8L@{Mu{Ne@!miN|GpT3m*T`;cB4?Uh?94&$>Z<OxBg?-Z^msk4HrlA3y1+r3
zbEbh6sk2pSjjA;b>$NG^+!_&ASG&J-JIQED+xVzrVJB4yY3F=WFCdxk>rnVD$;IAy
z4>m>j_^F9yoK+XjgcE3l6Zqg?<x9q}&>0aPp54(w)YH=w>w*3>&t~5>`0;q1hx_+c
z)&2fpC%uv2mT|8LPR)b3<rQFWf4{n_DteLBudXWC(g_wR^sB7zgBYaV`BS$TLm_rP
zCh;zDuJ;IF=p<C=ER+<Z;8GFKY?;&3r0QYM&{2$<P&#ZnIyT#{4eZfWbo_Uuq99FD
zn$&?-wSi((yW2wP5qzW6tReQLG{;NZ{FAE>qCTz4SJ#s~llZ2Diiohw8koJ!f|`)F
z#2IA3zF}?+Bk`ATMqL2|IBh+_Z(SetxExOYjc!jr5Q)HYsWT!nGN-s0&cwu|5wwXI
zNlhEHHb{Jz<2;PiOyRGj@=2PNt*7PdGUkVCd=cgr6UZEZ#fS_&!JctT5f*uv4J%A)
zrMlUpZfJE7*BNX(AEsmiE9zX<EoM30GK|~zsazo@W_reRrwoM#qfvvfGoIsj=js=F
z;5Xon@Fx)`i0Zu}mz4ytl29OiJ(^Z%AZSW%M2og@oCw&{gpb7L9G)_4jVLM;s9=jA
zD*jYRQz`5X`@vBM7`j4oXEHBMX*W!lK!chQw2mG(eLNkgC}T>z@TA1ECsI9%K$ilf
z!sU!JNA~ulCDTiDQ28~y+vlHoS*3zIXu~PjG$m$<GQ$&z2VI2cY9xu?{YzeV1eH>X
zw&mxD|8L=gTI~+If4FjD>IN{97{U8n&RDR=+U;VN%o7QJ#%&6<WSV{|r^a{9v6}Vc
zXC+B$wH-XHnfl2m4MVu7Z6@+q1p^jSTiD(vz2?n`ul&l}_-mL1hOu!)N#fwxx^7!6
z45=QPQ&r9*ddW!iq6h&g&MqE_+dg1)rSB&dtptH2v7_itM$pWc&ODOf^How_2|{Xu
zI<n@u-;YXEfT3Q!V~3pVr0Kj9W!?g>&Pcj7*Z8PrC5|l-{YFgj470qu#TfZrg&c3%
zGXm9uuYq$UO}`O}j-0X!1_IGCh?|{P6I|(#xmFaJ_k<oKpOaS|Q1B$uEpm^HFPRJ#
zkEqyizQ*l|qU~yZ+Z3r+6~vZ)qG^{xVRT-su3YjLS!N`*H`d69!{)P<B!SizJc(Ms
z`?6ijjE7h?W&Uq7GT+hKY^qBp(@a?!HKX^8A*Qc!QKfKycPA3nX7a=kye|0-nT^?E
z0T|W<8CHL0&b!U^oDP!GLA(lC@Xc{6T>`~=w!rW0VKYln78)E#EQG^wTz+k#X)i$I
z!^8OCJn@*fTq`W6SYn#y2xKuvG?qP+Nb5!+!{sjRiek}&LSqea%s^2Cc?GHoUR!)*
z))BE#1sGO+27_zr2R}m6FLGjLr96g5Ny3$R_zKtRCPWM9ejz6iYcCLZ`SM)PxQ>0o
zm15N}_F*H`VBG==6wB|4mo5i=h`@dUeT8u$nT^G@1wZ%lDb^=kQnGOg?Ve<t91RVI
zUbpmmDDjRtvbuu2=*(89IdH(2vkD$8Hn3nFLLq$1hlJ81U-SjJ>n~>S+c5bDCa3)o
z#0(%`CzVE4OTHW(;$mPy<hj8w@^@N{kI^#A-bO}-S-FX)$-e$YlO9j+22ashPt)!j
zb~uBi?IL>vYzi(DC^A_U+O&|JJ_iY}5Az{})7{feR$2$N<LVEt3CMSK$e9sQbPmpL
zBdc@r9VX=^>9uGUdureMY$4z@-Jq3+AHLuqet<(loT41(Llh(C3mxMTj^C49Ct-v#
z9%n>uBJmKWk%!F7WP~T)%0C6yBe{D@c2%fQx0_aIpW%d@2_Z$iWqynoF1DG%37ENH
z93I&W>B7|(`q~2ZO{$KDU6IHvmM*r)C)X(@*P60|@E<@{N2+{vB)Hh@-2(i#S}_xU
zfPXFrj}vr{mIo{j`~%P^m5Cg*IRy^^r++)+y}&}hSnEO^2_nIN=o)odHQe;~xZ)<X
z=d;C0nG>nt_zH38wu?GLKj{_Yuf{N1Ab!*Og3tZ$AUEP9Ek#Ucw$LvmB&mePY=?h_
zh!N|L;P@(+O3a?cZ^Q0T%0^`TwO`!2b<bNuNSDW6wQD4=-q>|ja(_-9qvf>!FTU7_
zspE2E<Fc0ag^teCtoqn|^6?f5`@_Q=h8-I;`7Pgf;lzI`JIEKri34810jtv*F{c``
z=wvS(f#(hk>-h{>@C@10C~_NFqsH=dxa?&#R$Lhv#^XX<q}pZLL1yi*n-OD+)D<hH
zLElid8$(v6w+YfY+4K}NNI^TbbxlxzByc=7=A6R(pP8p#wo!mzNQeW(?^lsq21ZK(
zs2#rf;_d>B?(MHp(>Brn4V&V9*h#W|;mg00*aj~CAX}U#IN3dqIq<!n4zgFU52M1n
zgVR&QT*T3aLx(37r^6%nIP2V;bDJBGcTIPx87hGa3QXGCsgv{TG6ro}L!Zh=&1)g^
zh^wT5eAW&$9Oytd3>hU9$IF_j`8nT`XD?L_=l9*dD=l3!o(uLq7d5vEM(>%mNAUy<
zps!>x5|zRsM}4cV=X5e6Uc-K%rni&yheEDJwjCRrOid4o<`#s}GY>*o*vr+#k2C%v
zSH1>Y=~SM$2VFEck^NMO%dY_azWTMesAS@><seH-Jrnx`HNd!(K@oBqChi)g*FiY$
zHwBJu9c<Zq(^NQ7N46XirUJ@-MfLQs*k|LvnWI7;mK2T%2r&+VpFN732PddSl+0*v
zi3EegiaivqBkXy&_Dg4VSnNr%2+i+0e9r{Vo!C)EKVIn*@OYy3?NUez{v^<-p+nW)
zQY-@?1qMn~-T5U&Yb-G$q2wsZic)Hj;Dt@yG=7yv2H7!wOw)?eS|X3f%Wy6euM{zO
zgW~r^edy;Im5mezb4WcIUoVA6Ac}xl^iM+YkYEhi55H!qeMK#(W8e*sP$2oD)4A=1
zVV3)$rdVn)A+@w#9T-9I^5S<cU2iI5zswLlVh)}ej`1=kM$T;cl(5xf{mJA5*JZ4{
z@kGZ=a(aqy&&fNyyZ<h7>vk}E$%nD;1We^g7#&(3ul~S^v*I(Y|E0y76%%4P8qz%~
zVaS4;tvZ;`Dlb1(Pw`uy4*&zmW?MnK_F(4WMWoR43*h;tEKk_koX3BT@cn&PnX!E>
z2%NR5SH5ERO_mg5|JI86zCD800;>ih(|@wP9yY-Tczd?#mGp7NvQH)-Ph(dr7xy0@
zBeF|l0+*jA7d4{-6V<OLA1yXuflm_5i*q44-5+NgUAsVN2mO44Hk@mrzG*}UT?ZyG
z4x5`KAk0`TgohZf-H)`^rO|Qm{>R%br5qBe2PEmdKR@j=>UQE+wg=Y)3d$n8Y(A%`
zaQmFn!-q*nr+R&cR&j1Ggo*LGAeENxb+PetbVV$TJeE+l!omPqwWM0vzh1+obI18t
zjO&AxGpQ!hh3|fa+XXifrV-f<z!0}ZmHl?Sc6B4&z4S=ub-|-hyTO52^=+NB#yB6a
zMiTQyo`Pu(bYsUeJGcB`Vze|Pq*zr8qs|6G5Q=e#4*C-{GCNHs+9F>=n!p$Urp>#q
z-P`B~+3*Lfi(K*>{&n{ofpoziUy|6a2EF96YqD|V<i?sDw=l+ahYFmMJ1;USH^Bx1
z5s4K_b@PckqX#P7UJz8;)E2{J+|G&&zG!{Tz?w_azxxS2Wh!Jl+i(QmoIZG)%rKYy
z1uaJ!PIQ?-j)_HtmnlG?#I@PZ5aIYfx>KP}CI$~}#(zX`Mrd@HJT)~WG$b+-c@R{i
zLsaxL!M8R}>}<w01sCS94o59TkrUKeO-blXNylF|VTRtWKzK2ZC=Vk`2|bDxrV3RY
zM4KX1y+PyRirR1Ml*$E8!)xlJrge-x-_y~tzwXqxS?WMx4ZuoCp(!dW72(9KFC%5O
zkIhOIT~2}KPSE{@%i2YSY$K|#^f}V@2fmIQQD=x~Yqj+oT3)noYjV18NsU)tzIiVD
z8GK|Wf5eDXlKqw=WjH9<Tw=L;cPy#ut&_y&$&fCVQNMdg^oIlF9v4x5uyR~`az^zx
zw!RO3Tn#QL{hPnWx)+SOJVDQR`%_G&7cO7pv7bn(gpwWa?Fm(`>tEEGA?o7zTyF2b
zIE=b2{*CKCC<$^Iu%BKe1)5RJl@W~Y`d4ZgMuU`8^na-o#(h=6+c82ThG)v6AWQUr
zZQv!K5KT-l2oIwg|H@SvTrne0AeaUyoe8+SW&`bAvIx#cz5H+kmzSbkf+>#|>xt(u
zAKZ7#8(9Qp%<36Yp6&>Q9n=B0#{wS{=Aohn#J}OR*k8;lwLMQGaA(8^((@Lkr-!ED
zaaS(Tt(E3r*EdOsf)$NX{tKqwynK8ysj0Mc{cE(Ph^saJF}2aMSad11_j#wJvf9!H
zUT`tZXzlXiOsYnE{!3c={XYuqPFeoinQhXi(j0HRVnt>tNJx0|xZ12l#*gZz^ZOw0
za_mY9I((#AN(jMg`ka@(7-oX)1XeAsHXpH;9AoV2VyN8l6Btlb(vCcRMWY7wxbNqi
zU%Y0bGvgo?4gCow18v5RXY^>X(sUSp8orQkdl+_#HKJpx6gt~vW)H>9OXmsCkQnbg
zh-kgb+*7s@u*U#rV>c%u$E5s#*-cQhusahnRU*2z;rkQ-4C_wEAmI7=kqU)a3@Fdz
zT*8tr=t_WHsoOQ~C&5g!AbGG$LD(CEprwJdy1mU`XZ0B<LA80=U-&8Pv+kgv&u>`^
z+|?GXbUw#V8p^B=kDX}j&fy{g0^w`KUccI=c~y4}x(?`?aUf^?nHj{{?dGU#FG!2c
z`>0lQ2vsH<g7<!c;dK}?fC^?d%oSH6|D|0&VUnKWo}lRTl!)4aTjMvQ;j2-aM`-H)
zvBMd$g!+5gB#NIO{$-}4Yi349AFS%(RaD|851es`iIbjZ%Bu=|(JPe&<oVL;oO!m7
zMgXV!(_@IM$C}u&v5dk-lvg#VqCZqPQW8{k$HztA3{grD5R_&X{VckPAq7G9mxIFT
zf822gESA>4g&b@l6OipVXO5<b90~QFb>^$UI2<~XRAGo)yL=cvOarUQZ;yfn-cdxF
zQgNDyM<7@QbI{y3d58$HD(TsJ`4Js!;44I~zh1m0uRA;lB**fT5(r=$K-rpYCP!2l
zVOd-cZuGfgP3ckLc6$9%z=2gX$WNKU8`%Ei4%}9a0RKQf&C14H${~3WQKw;YSK$r8
zRnpJUef1Qh3M{x3iPv!JG*!(d=fdW2k)s}=6QaVcYq|6~UTwxcY0sUMz1bS{^((SH
z6_s#8k|+8WE-DcTHZlAXm?EqTHXvL7MO^c01~SL$vY912y0jz^@F0>a*P|Yn8epM)
z%OAm3QdSQPjWwQ~Z*Zal{0mJgUlG%bV8g_^ryDfiG%FRgN?q8XsR9R3PyQtGLG|X4
zSh9Li1%#lGZC;U7SrtW7ERF&!ZUBpfu3|Z)YoCj&JAkDU%mlgAVdqU5_EPNv;`nS#
zA4x8{7`yD|MJrTE2+{_oy%2%zSf057mtP2p!Y|lK7Y?&>Vo>v)%DouVK3lQ+tP4S{
zxlr71whQ1WTNpO*eqq_(O-rDoA*5ZI{>V?nl~aBHFd;z}Ur1zkh9{a!j@oYi`zP`9
z>sPEj<8zPVXWy?GK?YV#=92Lq`r&Xj+$goe3Z{sLKN;cM)sZ+-l&07;oNG|IF1xpL
zW^qLkQAknQ{HQUcn=JS+u0<98XpXAmf9!&K=F<Hatpguy9Q}OJIcynQ3GHGv8D;7$
zTLn+e^%|!`jA~h@76QZTNLN!Q%>PLPW@HYcRDjyKkM&Ei0Ygv;Ly||7MHV{dEOFqF
z#`pgqvr9U%(&0YP)aE6SF9t|o^J0!9JZ)DRY7Ai8LejT!p6Xd`$h{Mhbm{Rz7GfP-
zF#jD<HoO&h+<Yl?Tq(s$?Endh)+(PSXzW5j3@=-#Nv^<PY(%Hng|0dqWq%+G3x^zF
zl&0Mn-As<Xr50y)5?59k1~vgmmXdWZ$Z82!OSv85u$32yf=pNEDR50W5=db6x7KF!
zU+)8#+H^VWk&QNwk*_V{x!LC<MlM;>6OlGI-BILYV`Soxdj8h+WXI+<v|(WGs^Jje
z^g~%%Ne9MEp<Q!gW*5~VM(9BgGLB1VC}7W8eSWmyVHNZ%9#XnSK{2s${AeNy4LP$A
zQF4I}R5P<|A!orpl7_yq3`6=~UV<O<kB<T>6v}&>Lw@RJ67~CT$=eXyh-XR%^4=gK
z%F|)6v0mTZnp9O{yCj%SGb2AxJb-!+E%?y;`gkPAnEF!URoNG?V!)+9aR*H8v?E0o
zoq)P)XWd~2aWysE!_rVC<(XeUo6$Z*#r@wlM;YwLI+yzBR9Wq%d5~SXOnemBT-`Xg
zUv9Mt4sFF>?@>n?Vb~pUL!D}sw3H%R4jqpLJTVR)ng_=jg!JWEJp&&VS0)1yk{EN_
zxQP?y>ZwPE#MNA4*wH(;;`U>d)<RDsff)Osua#}cCRPYucK<gYVs7j%kw-+19S4d1
zF~(ZE#J#3A%QIa#X7A^qT@>Tv2*XuD-$~BQ43Mwv89hdfr=|D{PZ1CQIh+#x+7r6K
zlywl~sJ);}fQvzksd}j;J3*TbeleD<#9hJw)k<69z_QT34%gUxs`fScA1rHzJK^Ba
z_ep0+t#-B@rDf2tqD+EDb`yC?xg}3~9~~tE-M_1{p!+3*h5eZ(hQHpn?yzwMFX0`B
z*oW3C!N8e8|1Yrw{sll&kt5D&Ytx;YYyE$)2`;nT)O7g&8w>QUm8s;)_jRqDiE#L~
zV*LN!47hGj@kPIK54B~v`aK&N(V$UKow#jT*8V*=^#4VIkz2Q+x{2&kz=0O7nVA`j
zfB=J3?v!L;e<rhAcb%54dNKo+CWAvRdX`=n92J8&44{#3-9wmwY#Lj|T<>IZ^Bpb0
zF4Et{aXDiJOMG?6Q(ms@gRr+h{Fjh2yZtH!$j`Pl6A+E!^(%2ChgWoPUc26bOG^<l
zGBT2rlYa#uMg++&UH|=5U^a_GKqw~a!~rOnV~z=#DVk%(k(;!vt78`-NfIrb>9Lv=
z7G(R}oSIlmIto=T4<jIzuN(&#zA#zNu7EF0TnMPp!S1dTNL_3JPM!s<>~w91HcKp|
z20Gg@21=5LQiS3}09hKVGI4c<28sK<!jZ`SV<s|X?|MhQ6(coLoCOh6=lLR3Kd_&L
zpFbQ7CK(+a?cBQTw44I7Ga(f>V^Wt^h^e1qvPX^^C*C%yFJ!lu<L;WOQBxNSJ1DW(
zHs%zTV#*=qzefroi68ifR@O?I>Y**E(slJWBIb2c91e72Gr&m+7W*qulh~L}5@Rrl
z2~JmYA11&SF4sE)LQD`iXB4z>6wqb(m8{fvVn3iSj|%<hE3~bs!gr>}gBFQylJH1m
z6Ob3YJZ)H?ys5*|R+V<P+QFvdjDtD_fET#c0E7PUPn~#|1*=K`;|KPl6~v-*o2J)@
z&W73FQQJY(o}Qk05Axn1elyCzXs-kMajN{U9DMlA;#!b&Rbw-&FBFzTk_zqqq66|f
zn@i5B3k%?O@JFqHha&n35i5C`Wt}v8iUaz{bZ+0(GUs><4MTO)XscWG)WV4DDC14i
zD;XSSar^3xh&C3c>vbM_Jr{cfi}LcW$xT?`<I3dfx|~@9uIL&P<nTmPLWT<n@oZ#w
z$u26w8(Uk01wdPXt<|*jBeo*#*tzC&Ybrk8+?*6uS^+go&>x>xrc_suT9?uWgZ}9U
z$v=G6-jC8&1gjlH+#1L5a3n)#5CIt(h!+@0l0>&zqXUi~Vdm!yytr_vb9M%|{=u&0
zMZe}n;!VSUmkdHn4z=rUk>XfXgamnjKoh8$8579ifrN%R_Odqq)a-1y@2g;4LxV^$
zhotS^|Hk(S?=p<lx8({m9VB2MsNONJD~6Kc<fcLVC}s=N;ew~7o1Bq1@`kqfZr5|J
z2$Ql4CmTt_BEG<lk<l}HP0p*+lARh2ZZ8HbJv2KbQL*swhJle;9WvxBzT^L1L6iLZ
z50lKJ?Vax@S8Q*cx^XiwjeTfxk?`ET{oGR^L<>h31Lz>d*r;Q*Poa+%ipNpdBLx@~
zzYr@7ydOpEM(x{)9zx5&h2R81P=z1#vo;FL-xo#9G_9XdG=o3bRSxzv7&2{-R5*s1
zJN2nmVBM)PzZ9Vs9`oaeZ}gN5qnt1zzRVvxp!CqO_pq_h&VLwkYN5de9i%Shy9WI9
zf!#9v)Rheb@PqgC3m6`-{V$~L>2Cv}spfk7enj>My=n@C4-St5H10x9c5f1L>MBss
z10j#hVC#qP1m5J(63FAkdhu54y5twqE&?Ax!~X?EBSB<q9ParV!9zOLe?ihHxwQ)k
zATMinRu{&yRblDz^w^Z;vNqbuz{n{5q)Cqz)@NL8*XTcS&uqtT-(3{rz@k%D72Vs?
zV;3+Zd~}x_(wgF{qp2xGjS-819HjMsZwT{myk~wRX|mc(v|f4KHT#RWqR8k3wptFE
zrlDdDw1FfybnaA1)zSpZBN9dJTdmY5$V@pHHS4Y1XpdXhz6+stmX>f~pl$LP8M8Gz
z21!aSi<6hKmHgeKQR8aOvIw#*Ho@>xz&Ool%2;SB3;OgxJH%-;R|&i8VjL=y!G6c9
z6!L5HcTbMQcMTZNry#?69&{DcrTokUPG0@oIq7;=<wC&Fxe`H;UTU9FKF>1ZHm5y)
zSiPOyJQemkHfkR<O*j27N^rTr&XllfI1r8r6PW<w4epcPbt{-Md6a8fTs*51MHRiU
zic`C5=WD~NMwnXof62zw(o*2-I-|4eor!%FjQ7hLMkO|Mu1YNKa?w?0MSdDCH;awr
zW0eM88<**%A86ioD*potE2PD0?czufJFE-DDt&cv2!Z){bSqgpH_4$UQ=3gsUla2l
z{FY>O+3atdtcE%XZQMvr>4VwY1^LqtIt>V`xBVPL_Z>w!*di-#<ymdpCFKO8&?O>s
zvWq?i^odhfmWsL#e^%9)%Pwt3vczWk%0u?Kn8&op`p~!Mz@Oc06+W&mrasd*Y>bJ-
zXEdz*hBJQXId-@ZnmXyTk|4TBJ-_VHhj{r1iUhc+2E_vmh9Pnd#kSol$7OweY=?Z4
z-beO)i55JjYC;7rG#?~}{nn}anz9j7Ch*NkgzMjk2WGB6ut`10e)@mReu%OF*By0y
z?IGGtc_`Lt)O~W0$Mb}dgsp`jh9H@vg-9L79pKC*kFH+fW$29|Gc_(xHRv6yoG2Pd
z=|#Bc0*aWPbjyY1kc6;>V)bYGIsdmGg+zab*t(9-yNfbKr1UvUXssrd4I;w!;}rEa
zem^c-vAekB7Pr8v?e-OwmJ6F5nu7K)bBgi^@^>SurkK20EY76=Hv<U$STQWe!t=q{
z)dBfUSVN0btOQ}5_^@9IGX6AtC+T2HU5sR;C&dbhMa$cr<6hWippynFL9~;D|9FiK
zHyI05XK<U<TBt2a86&pqvVJe_(HGmp+RUC1o<*)S4tZr5?ZGEk`O<#-KtCB&B{@)O
z_MuwSxo@?OIIGWPnaoDrnU~@Dr;l;iKMITZPGLvB)Z5zyA^j}G1lD3MwNoA!agsJJ
zAm;WVC#`*qkp3J2taGUqs$A#+HFO$t_Q=*~$}&UhCl8&c{Z9aXEP@WL>rJ#-W7#)|
zy20Thw?)_iJ00#&DR2*EAAxK18Kob^%h#BfGybyXXeNhsVn<H9DD_yd8ZvJCd0Bi?
zfmW%~8DlP*gPa}vW>)0(fO42-g6&D|wIXncAwB1lU+G=3-xW|G;K$dr6reL>panft
z*wojt;H_-yGgnUt8%x)zvyv}o$CPGzmfxIBEafS7uspjR>qCx`_eDH$3Mewb7d`Hw
zlHFcC?DGz~i8Iro()zkzre!|HspBEbEZe8uJb-$fc<KkS(kangoSty6k9aK_n9@l6
zc2u|$tbx}LMQUt{rE1JNHs=rClT$Zto(Dnjde#qhh~DjMRV{;g65YuOblLMX;Duo@
zhxXQ$M;^`JGENvoZGqMG&cL?A9JI2gs0?ynW@}2`2@7^w+oKy^OCajM6zIy{&o|C$
z8xrQMMMULY-Rxg1Gn-DqOCLOrur1TYAeTa6HNRbNjXY&ZQazCp+*o#WwG3&&gr?HJ
zg7dP2k-l<LG*AomtyUsms1vfS?*5(>w>6n<Wbs8U0x22qK+Nq8r{#!uYGc~3`r@bR
z9D6qPAEFFz!lLpLf7t?H=T2v@5YuuR{?x)oNOiRqd*VV)O9iqwG+}gH2oBL%SEnHp
zU~rRTb~d}P9J*ZZC0RYKs;cP%DV-UMHeWgQyPK;Sz|YUmIV;*X_xyKAJ<@7-H^C#H
zc63^1=+F?_U-pJv7v;$00Y9xJ>Sdi)MSaDP#7AxC2DhAI7Yy47Q;V|_Q5kb$ke?oe
z7?)CoKisTEog>1f$ks+oMuLu4r$lLH`gchr<2!qtaizo4!QZ;%Hk!wuTolTB7hslo
zj}$j}e>Eij90Yn!%Isn}J*JjB_|>7I5k>$5gIE~iq+~E(V9|kEoq))HlkMQ=tCPr4
zjgf)B3fj(-N2a^oKxirUCG%5a#(mpnvnW(DFo@V&re$wz%qcQ~qAW!CnMNSMa3fi1
z1GKYb0krB&&aFfh#A;u2vS-(k;?q3zSy-Nm>NsI4SL*f$%Z5BeV|$O)Ta=Y{ElLs(
zJITa&@Ze{>c;gTr07XR!4^#0cm!|xems#_u3`EdVq7wJ8oSh>SQ}**6ZJn{O_b9IB
zr`CbraE`m@q_)K4IyjKhH}*wz=rVrTGH4HaVb<T}d{_5NUI_traI$JKP!A7^ySh^L
z6-#JIq2raxOnqC7d@R7aZm2ghHij=}u!Rs1N?@ln>$9$|`K=XE%ZfXiVOjkEun4lk
zJ#<p@0$R45XHf8Kk=pgpagNKxHvWE1k>}7JNt;wR2y9r_k59lf7OCj%2HcEwmxZK`
zaPq$4wya-WEu5nKmzt$Ty?1c!XU2T66BESDc9S)zeUR|V_@@Khlm*U~<fpA{;tyFc
z>q4kXtV&K-Xxt2Dqtt4U)3X?TE{PoBMFyaIIx_2kx@GL!S8rdyP<j*1AA5G7L6sA%
zX9h@f730*`ufuB%nMx%7=iphu7^%M7%GOmA^|z#W_2}D&zJ>)Rj#up6WyqI6Drrgv
z46qZHQ60l_*KX8PbSASs-AZSO5!3H2<~<XZ`*u5S?+?7{UV>rvaZ_LX6rNUzEYn5m
zy|AFya+&eVgZoLR>D0pd;0pC44zxb6f|*68s6zxBC2<5RWlD<S{d0puZ$rSaZGu_X
zEuKc1!#H_OAEGdPA_aX~<-_(`tPn@cj9eCr2`)5Z@l$wM?G~cwdjE&H>ODGD7Q@N~
zahd7M={^qoQq+huCt&-c`ge&rStyQ6R2uqXc@hkfIU7ag4BAk~6l@PNPSt7G^2JK{
zTy-fKQ;eHB1OJc{PZtahj6%o2ZK)@+qL^)oFBc*gJD6xv^>qeCk&);R(kmE+vBRn?
z?L4X+_<vk;Mn!V&-t%d`8VT><7>6%Auy_%G;<3bgda;wKwmR}DW&ggx$+4KJFR{0A
z9|ga)WkQ{V5u-<O!4!_crp<^K*xkfaj0`XoHkTzw$G;xh2lf3LDz<Fm?<h6OsqO7o
zdtTOMpwgRw#a(b`nibj}|5s+_gnlmsT3nfdce7U`$7x_%3JD>xJd;wfmc8@{7w*QK
zfxBBmiRN0G^Nx#-scBkAxZJ+O96@x@MCoTPGA2oS$5BVhB6N+Fh@K9ngFz!9?jsKB
zRy<z24s<=027d&PAKlZ`q`aNm0jr8UI}3WrNJg7t=Fmo*c4|3p`9*rudf1HJ*Su>b
zRZ(OykwX^YZp&IGZ-Gfb20ay}k#Xop)^~k~@m(L9+LN1Yz#VlxE_K~*rpMN2vft{{
z#nvBmAo;W4n{9z0wkL~&e<3Y{x4<xEDclBVTQ>5Qop8i&87q6|S9`bBP0n(q2IqPv
z9?OLh<d(ek9Ni1k!%HZffqVHB|D$(m(EBd%(B?h9cy#)M_1op7boxV$+xh%-@Q-D%
zp2z1+ggAu9qGy}jbwIL$!hUd`!9{3_<zRt%e$1M=S)mbo8ke^m0e+K05Csd&;pNfj
zM6`d%KY=27rK<#w`_Bp>V<?m>RQ7($l#EE8YYPlQCu%e9PC#bc>-nj9BaLCE*R>n|
zQI(Su+`<o|HfK6GLMv|hljiV{PDynIDq@@(39fn?)t2*}jN`UB4dP!(&sdm-yMI%W
z#=n%D@h`7GbCs6OP!l`};v=Yp`*Kp(ThEmiQKi}2^t(~YOhtF(h!_u;ldo2`0Svi9
zvwdjl|3@jB3CmdRKNxL>tMez74kS%jo%@Ywd$CFRRc0-0dX<KB=(R^jAbsU{AdOX-
zwrAu(7yqn9%`_r0{Xl?W7KV#6>_F2B%i65%S>BTVYBu}s=U^uO)2J4>@zeavpR3o|
zjG1|w=UfJr`ybyGHai-rE>`MZ`QTo1?<n)VryoOiYhFJjoDjFA1;<IAorN(^54+Pv
zVLvkP0*B2_c}{=*d@6@~KJeA5E7|dTShi8eLGoO*#frUYkV>Y)e#u5X;m&74rm^uT
z6Rm!GWG>8@M;};6UMe$#xM&ws*`!n4ugY7Vo44|@;9TnowdHgW`E)Y5Kr~U5=nnI)
zsul^St#>RYiN7%w;tT&l0q}CA1&y0n3Lg@dDU}-LHs!e0uUq_{ApSLE@oQ|$f59{f
zaEnZ7HmRwd9yDk3EAuBmBRWFRR_-;yHBT}<CyfmW7I;4%*H;n84!%+QBv~PRW!qtS
z>jEZUe;F$c;cBXiU9#aDLEJ6dyDM$JX}ojFFM%jWVb|*XfeqekKNj9Vps+Vd(p(2A
z`D!U!X-uR-S#-2hQBggxJC+p@=_Z#s7k12cEjc4a#9V`TR$Cw?YvPt}R%Oj@^=^;+
z^oL7&BB<gtUO$TI&EgL6_2^aWxrdA954MEE#)wJN8Rm3p$nNE>b)7-*{M*nEm3u1C
ze4e+6>bj47{{b-q8})VtzkGU7oj~L_p6t%Ev($pNv-4)9^*7@ccB{V^&D`R0$;^sd
z(f6##t5_k;(tV2bIqGtVj0~Rop(&U-G0}BI6d_Ard)rE!uKUiedaWb-p0l?mmo0x{
zFl2=d8nDv^vjtVOu(myShYixuB$=@&QJHZ~O>HDXmaI7N4$ejqQC?74@tiHnibXaS
z5qnjwjO}edzYvCMagBN+T?5!gLD9X4)I^Oio)M|xQOr@C794muko%!xIQBZ{$tb#f
z_LTMv#6%^Y(DZFbNIA$8;%R}AqvD5v%=(R%BOz$}{x``desx_zr;p}L1xD({{j-w9
zB_+cSJdHTza!8WR@%}_9SVW~*dW7ZFbfe;C>R7ZRBlfq)9<z<kxee^ZTFnnQCuhA6
z2vU$VMJWwq2f@Jce%eqsEckXLqSns>a&v=Y^dfr+GTa`Na4NK9vopDagVLgU8rYXL
z%JzS+#Vu^@q>bRjlN55Z3qE`6op8I}697DU9WFPK5or#BsNO{g^Jq2OO|kFnMt><e
zusqLGSaNC%#c-39nXIUe?I*DVS56Z9my}E9m?yELW{d(HfpRj~{Q4-*f@cL>-$mY?
zGdXt$-{XX1!v|YIv8Vq24>{LwBXF4O6}3BK%IF=g`Vo}|)0@^qcwTIBL6zji7fI%7
z_xdIB@NccPR?i#<Y1ka@;L*Us(D0^jYGHo_%6tDT3HlXEm%CSw22aGXylsnfbj0Q4
zv$Nj|=HE1$$KM~ZX%pDEZPC>!u-aQE9Jz)}zcqqn@i82r&GVn6aJZG6(9fR)o4@QF
z(d@E@hlh(u6bxEmv;*rWixNP}v(ra%?fP_b4+Y9YEF2twrBV7eK~{ZVj_K!MZNa1_
z9yy$*09ab5ip?p5SNOv5to|-&nDfW9v#sHWT5hjv*l}{buBF@{hrbY-Jn{?)Pctli
z?^msKS-QZ9BcO{uYs2xf1mzyaZO0w2D=~KfdJyu~eTW~o!a@7PV;c9*$8b>2xN>?1
z-+GVEO5@In?Mn5J0eKsbE8BE#4|s`NyS}3p6d`Lz!;(U{A8yBA$z0%u_T`Q5)_VpS
z%P3XEDW{D(#~HqF1?;bjd8(uF^0u;Y@<g&7Xi?MC2~QuOQ<qzbyJ@g3|M)RAr5qGy
zF2Bv6uytLW+Z3zfKb?*U+Q&3@&PLcDj~z-?9$<QR5LOgur{`QcyIq5e%b<wcp1w5L
ztws5*G;TfY8;D8&#5Dt%4APAXt6Q?j6Rm_9@V|Tkn6tz3+$=sU*SZH)1mPS%wwvqs
zuJ=$~3?oEk`*3E${DW158bCgo>mp15(m=LdPj*Z)#VR6GIm38jfNOBgt#?{fwY1V&
zp8qdK%Pr}k-|HuS_<?ug-rW8BnuY1mR39Yg;qY_R4_#0Hufk_VfgRD;Y#50W`o;M}
zv7IJjj~78*f?F^Ux3?OA@Y<89)i$>YJoU$yNG0T6qgl@Oh*{bZ+6spGoJ;f<sY!|T
zv}Xejn#$^Oo_676nvl~z2W#wz*~r};)v6p#J_*Uso6y3-O8CbQK2Oi($+?+`ttq8&
z#5-_B@drXZ!sPg|RVC;~W^AB@3DUd4Lc(<qv#r(zUvRO7aNy2n;8w4-`fZRUo!b+2
zKt8<_S6Szc98cO&aefjmYb5kp#{7I(=lf2?U4!9WqMJPg^o23K)xZ0hZn1VBy6y4y
zsmXqeKzf8uQCs!b-JsWrfD_S>7VhF7TbPE9R!oUVf_|`ftNrGvsU`u@HD|o>o3A&w
z>*c5Sq(ayXh{bwUnz!6+F&PwID{<bBuM?e^>NkZ8{j3iojh{BPycUs8hh62f;h@UN
zF3OnIosVE{Pr-m+ZyLZY1z_c1Lx;IN78Ca-3uR;6+Kgd~E`~^Caed90c-Z;jK*B&=
zg8P~GaM=ESQ$L;0DW+nA#b&7io#Dmg8hYyY_$j9|G7`zrB~RN;mwpjF(I_JOR5L+W
zrs$7B_5!k(MX8pbRQ9LOO0w2S(>L!7@S&`FxKodf5ssnKpwUN*?ng@Ka%;kqAi^>#
zKps-=@O+>|k;%}wDO89)&`RK5+8aC&DtB*GL4;zab1obQ&7_8N@yYfL5{jjuq3uw&
z9=d-i>t3-M>Skqo|BA`+^X`Sli=yurS1E)0W(_h*9^Qp=0&bM4^|@FBQKia#2ary%
zsD67QlFohu-)+6~rIk+`8e6DyKTugPVkm^BIMCMF8TG|aG&woX_JJHY*d`}8AtXrG
zGuVq`W>KtcJ=ppAG~HJxIqoM^h}4}+2`+2&PBhY84mlMP4@JVHQj?7hMy^R5Gu|M5
zK#qMXM>O4BaKA{=SZjEazBj_nnrO6wf}u7^e?D868HY%@qM@-D0c`|uSfNtQ#NHjp
zF#?%3|D%eD2~JvSAh5KH8+WD40k^x_!ygi)<E9aHZROg`Hh`#yT{;udtcj7Df-5U0
zC(Oz6!2l$j>Mi!YL3(FPP9f6B9rQ^$<AZ)9^ozg=ggEWDRAo+^1Pfi3xP}B<KjaY^
z<vPyewENr;r5_Uz>}u_;HwHN&{slDg@7eQzcl~MS`-`A`uOZRDTkgBb`O&lGD8j;q
zkgp9hRk<MR0SPz5L6m+BH_ukHdUtAp=V-Q&`d8H7sq;I<nChH@Rz{>Ewb~FX1hAyM
zm`|mzh1#tH#xc3RyR{(^<SRVBWX#;7{4hWNp;K^P**J1u*)T*ddi&!{VLQt%VGG6L
z?XBJg{w?_yLFIaY&-8wuSaxe;`Vz%eZpUD<MRMPbX542{;-HNyWP=3y@ys=Bhw@@V
zOk0QY0>=5+C-3D?9J8i%;(_bIuF|s%Z&Jd0XbXa#qC9zQ01<2C*y;o$#zQ1g&qfV{
zR!)8|93|@CJxP+v))8JwZV}zn{G@h%TJD4^w}Wm3gekFBQQr4(rNvqkT^1YF-68(+
znk}FZ=^w)nCvW)2w4=KJY1b(f9iu>1&g-#dqiX#$Un8yV*<gcPx*mT)o7F}Xgg+GC
zu_oWZcG}Pj`~4d}X|j>b_TOW0o8!KinK##VThobqgyk<%4U;qk9B7|rSG6gWh1tib
z=lJ>6F_7Pe<-;08(ve$jR4@&k%#WDdbAkBr;~k)>WD_mInLNW={Fho7zBrBZ<~Nw=
z8%^@pT{jJu@#G_a6d{$hF+ji`C`*_hh@O3#dzU_`=34&qfl%$H`qr*&7BJy9uSe?5
zc|NaMViL*MZ#kC2h&r-5)O{1IZqFD^6SbnF^1PNh*@SSTcz<ZISle}!Ioax^Lz!9<
z#u2Dy+zutd5Zi}AQ}}z3b8^qZI7H2pQO7Xf#}Z!<-*JDL?<`gx986Yl(V`P~v@zN#
zx0JKEu-!S&o5t?8zczV$lxTgTW35wW@TYzL@$&Y@$W2<u%9eX>_xBL?pZ<4Szgex6
zr!93saZ9_lyi<9d#xa}TpR>3T!^xQ!P|O~&>Aw|F7*>O(s^`00oMN{eAU?_L^JbFU
zWI|56nE4CE`lJ24Wv4Quw=Jq&j}Rv%TB?>obMSA|(BE){A!b1~hKMbSxn-V{_u?b-
z;mxF#3$qUWv|x%2d@XH;DjmsQBRjs_b$~6Hb<qfH%fcU`*~mBeS8H_ALKTOYu&Z|#
zF`uq~|BH&pnnlB@|GR-H5lvL7JRSZ}-s+%bSNmyx8S7}_du4q`o45C3hO#kErCM;8
z7g@}pxxDeE_rKytGvT|OPCoTir)Spl#$D3?ZH0D#_-tmA31uW^HP3&-Qv53<spS%T
zcQ?Bu9|=kB#=_37zZXJ%DP5|lsqX){2dHy#HfgHF9>XXsFGd$2BrK{dmXK5XT;s$#
zHOuuOOg`jvobmbwB{y#S<_0;ZvJg5$PcK;=kC}!2_wBM(ovRD!Hzov)X~#(}X8({2
zC5T*s!mai#mP_eBZQ{L)dv-M?Na+)ne)FInnE<orQ%<DUEuEhGi!OLe>W@pk+`qwJ
zDF*@-lM^D^V&VT{CFbz*!SrEbN)9s!TV3+xVJDFC@nHuP<4&vU6z?l5%C0o0>{2t0
z1A(rzsX=B&s<Mi_T9Pf%;c*hkWIPPem@Y0BR#re;6+Tv`yqt4KS}UEj=)^SN(Katt
z)dX-|MF3*DmZw~6&9U1*;@M>n3rNHDOq0^C`L9&8oIV|vzlNB#ga~2K#E_}{01Nr>
zR`@jwE7<#9R^VNGaF3t`x}Rk>Y^7mG+@Jjja^P%-!VE}J9!s7$3({usYYBCXSL4cQ
zb%U+x5Uy)%AgwIJGYvS993B=m)uZE0#aEh{4dxA9m|KoqKXnL4zRS(c#TAWn#Hpuc
zpH<DttHOEs{28?TZd6_lpPxsbot-EBmW$dxmVuK-AZo1v!wd7MsH6`(@~c`V1eFQC
z;5Bt8T6w)LZ1n9DJpcsn{@zK}jlUO|=&`J?LOLe?h>iRu_CmSJdP3v>cF&0=?}I!@
zmA_${AH(>H#GDDwBEF^lo=%J8)c#J^s4_4TT`Ph!$u)r-odhc9`->iW83qh}1=ey&
z0VJ-!V4Aq4Sm<!Dg*N!2LBg>XPt+mTyqY!+x%K=7={P#l;VcyMeb>U%4U$2(Ve3Hv
z8e36PZ(8&d^pmYRE1s6+6|nlzpz2x%kNS7BP5E7_osPGM35N}z2g21m?7HW$w|}KN
zP5ODW*|$)p#+Oo`$mXY4j^nq>JLb1#?@pF!#_7{m>X;2I<pE??`zyGG>Qwyq>|HyD
zl5w+|41(E1%uP;45gxwCw452D56%(wn_Y?T7XPkPIY8D|za(C%TsWJn+8b7h5Tae{
z-V{tVjV7QjUa1l@?}##g-;i7)b8Y4#{SeB`!cq?zqe9$S!%I3f1DqOLQvTdOd&RhW
z$?^&Fx$pB)ctroNtf-l$c;|hfa31w`s!;Xz?fJ*(i{IO)fw!lD<c&uZ-&#-}a$Mx9
zc*wJV%+Zq1(Z5Ovr4$YiOI{FY-J)5&&6HuGznnvGbzr(Avmhr>K3-IIt)BIH{P4X|
z5eMGau8mi;)2ES*f$vk7jjy*TT4nV&%^cnTkXmo#yn+3S`Ubi32^R3Vlt}(_rm%It
z;}i67_bO<g8a^vL4gNP*^2&D|QD&QBQL2`sjsDxf(|-5=s-qcH(041_qHiNU0Z*@i
zi9S~_cfqfyK2eB6%TI!GA*{BO6T-Tc6Xj?fXcXQJ_}9EYF>Di$#*C{u1K&Gx&Ud}K
zcs1Z72{_&8xsZ6{+S_<3A2Zn`&jt3suc0)cUsh%cDEDs7T993RS6E^yq-KO*X!#D6
zmes?iZ(Ev{{VjB~^;NVabW3~0+s5*T$JJHc+_KAT`#fZx)H6-Ie%v_bpLRC8)kX7K
zv<uV5sV0`1>WG#Kmhu%<0OOJBbL$GFmJ=%`=GrtY)RMVfZ*J?YTX~-wN-`?+Q1p5#
z=EW9W9>^<>9PbaEq<WWNb6C|}xpH#i#)BHfc}BiBxsGV>xMPL6OceX8%BPl>_9;sV
z7`t$2rqX^^rTF!%GU<%AnMu)D-T$k&R}H#RcZ9Q~A=_#-G>`@+wSdqf%>nE>9MVri
z#||i+?J_duYnTgdj6shD?BwUOtMtrO;mb_}=if&@aum3l4W#}e@4t#qPrry7Noy%5
zOVJU7I-_bSg>UnFa*>}o7x0`0GQP<sNUo*e<YaQ%ZuwrN<NJPgx;o5thVUqgkLmRI
z;|A1z0F{ysW?h<evP6;E;#i6zhttxZ^Dw-ND}l=80iw>TlFpjJ*3CU1htSS`eJw!I
zJ`J~TEa+^}Yf15KRZWce<Ng<)+PX5SA%nA#-KcrQvhVr%WA|1z`)5sNjDB76j}Q0M
zl%{Ow_t58Yt3;LTB5&HYXg0culY-AgHC7#x{d4|(5CU0G7!fdRj?uTkpg<P3Qc-5q
zL`uIXph@tjzTRsz{{vpJTqR3K4+lA{URA_K^byy`{A=6Cy+jkiFWr!H<^oJ!|8BGc
zn9=QLf*j{|6V-y|MS}1g81}VBx76l6dH2`LqvQ#igj0%g5qS?CBe$o`yT09;A6wPS
zo37I@qIa^+cKWGM8%H;!sE8((mT2%xIR6Z?jw;C;2uy_7kz&<N?)VXPG60YdGQ=xr
zRN<3r5<XUtLMkB{RzznJmuTVC)D6NkiXe>Y4Bn!g*<#V?x*>hcV4=dV)8>|bGeqPl
zBVR$cn_lvk7MOf%##hRA!9TO5`usib@r;w~y?~osrH_;N$ih}Kil+Lo7tMdznSh2+
zftaGmZ`G661()Uu_}t7xU0P1X#wwNCe?5v32zX-VEA9OYLGACS%2plCuFr=H5D&m1
z#Ovz4$0*BDw+j${FS@1pt|YnQy=`9kgwLjm(8rSCo@EJ%>IsxcvoiB=hP``CRFigd
zE6UMTcGz(2j{47q@U660?0Lx04=jg@D$D$*3}y40F0{0@g*={mxKm!9V1ewg+{c5h
zs-eid-^+!4kJG*WlJA4_t1|@O%<Aematn$85xdTMw6u!a(NV*Pc(a@hoqN~h%IyO5
zR$1NKy;&cp96k|xVkE|YB`bubu;jtPNf$Htj;@V=sHmp+Yq$m;l(3Nf!{%d{@p=`X
zWL_QK{Kk_HDqj}jpM|J`9MX8Tq@1df&q#9#)RjdN8Z+ExFaYLhouJEQT4xkw6R$Sn
z&zSW^mDT~;w!ND|RLl6OiYnT{InNm6Nvhx)euKxAc3aIS-?%?0s^7x<l8L=@{RW5W
zMXlA~LTQJiV`8E%NBOTC=W~iGJ{-_c6pf9DNDDJEVycUp*HC_WbiQ!+9%P^wR<Y*8
z8Z1kLIN24I33=xxqfugiPPmcmNRPbr-Rebq_tB(<y-N+(w>CIjxfb(LfPDfhRsHx#
z?PxX&@zZRiS~ITeONYF7Cw*BsdpwpYNm2*7%GH&k{82(a4|S1MHj~ApGU-mNmU2W{
z8E94=1KgaCiKX-Ga_E?eulG(ff@;Ti?m8Z`qLnm0J*GreXA;FH#*=Uz!FzfFzb4U5
zs%r#Z2CB;{&_QG>3ETBRHZ8m{N<s@|%;+w2^;KG&{YmTPUlDcH_R+c1-XuVqb;0g>
zMMK|vEhN}xfrKrO63o*A;V~T_>Nw|ei>P7Dktt#hiX^P9=@?{`R5WDnB%$>TE{3me
ztBZU-gsHr#y$k4tpG{_VAQor9z68X0jk(;G4gw@l<gn9~qMmZ(?^Lt!p#*1nx5ZAi
z*{<8lSF#+b;^4sj>}+Co0f8|Pb7?WZi-jHWFE3r+>UDkg1@*6uMNl^<0+aZvMaAF6
zTud3_L7R`QI#cu0kp;tEv+CGiOG`p-F*|pfBNnDOKc&C837w#8rXv_Sss~y<9=BM*
zM=O}sguZr!si;I}c>y#+M`F?p0{UY=g5ohqOLIOHtURau)b;nJ%bRG*&qWWrLO4G_
z!m;=+?Cnk1!e<q2pzb$<&C0^fk-`1@y%OtG-GY?f6A2fA8=>O*_crakHt%O!0#`_Z
zB~@x+Srzx%B(?dZs)k?5v`D&u6QVg2)sD0$JUlC7ZVh=5q8^2`bf}`1O5~%j6#IPq
zWRfdU&Cp-VG32H})N*zye62>~&DVp4SGH-$h-ww{H<YXi=-Q=Vdvel%v6<>AO<B(|
z%rNnMjo>Sc?~!%Rd<NcY6x)DPsi97fXDc+3{dS@K#+K@sMSb05zqzu3$xZ5XyFboI
zSXfwjN8}X;w%#`q^oKs8fYU!8z(z`nv`b$SjAAgDHa@1<uz=g#+Zl#Q^br_W115x6
z?f<-Gq4Flt+amN(kL$&Y$6E@=$29C0>Bc~<edFY71K$g9eZ!7B#kc&^<Wn^2<fL@a
zw3yCK?6CGd_k$j%Jx7$%o>8$Y>+8e#4DYVk?s*G@hlTS~Tn`-~sh&nl=9M#%+cM$?
ztp<`VA1?O=F4ee+k>IO`jE^5n3k;W}2X3H|;QN=WHM;Wnq=GQ1L4WVN8yxwQW~G7s
zzq2I}53PfSK!N(^zvOefd;fBqVMw!csOD5xBg5z8&Ahv6Q&atcrM~lqza3riRN~^I
zhd|6aJ3X<wS^K~_2K=UyCSM&h-)#hFx7x};@yG43Xs`~#g(+c3**aAR!9E0mp8%N(
zBc_A<jFJnl$y##XNiXG$^8LXP+Qhtu?^%g@9qXOtVmLWRXXsNv`_~yO9FGiNortR5
zg=B@*T<av~kkg51(4inw1#VO1zqTw{)=#gomJQ%{{v?uMZaIN6lkS3_1o0wtUs^GI
zW*S>P{wdx!?+<MzA|*<H?{5-8Nm+)<9U_&h#@zUxg!jg)C-1&WR2);EIGVa-EI*pP
z8IyPsiFmPum6w8V@t}3oYv1l0CN7eUbKIX_OI2-trVqka>pr}cd8!yFNE2S(bz1Z}
zXC6LUMh&OmuZBH2#$n9liS&bs0#}zSSWPlAAI(X2*aKSK&bqq1e^ecv!yyi;PIt8S
z1>th1Nkxp(?N|G}31et*kfL@x0qq!|vF%foGP8VNo^DAQ3gZQ%P_l6D<*O5Y!~DH)
z4$j0)wFJsCvoWyps}fVc5G=OBV8^n7XMNx+=QZ$}0^AvDnkp06;);rje)R(vzB_zi
zGkKBZ^^O%hdl{ss4w`Z}X#xJWo7KQD{FX8Be>i)qsJOOm3p9Zs!QI`R!X1LUTks&k
z-JRg>!Gb#kso?JJ8X&j?cXxP;z0bYpzW4b)tF=|NW=-vLjNbbwoYmbMb$hKlxQ151
z`C6mz|5R>Ls%w_00wSFUTO0%mB75opl!|F2Mf+=?R-Bt0ZZ_OMP)V>8;rZC0Y4uQa
z$s3t@quY~}#?%bRme-j_(l?GHK=8BG+I0CjfBbEL(lfSl%~n2@pvC916|YU*M-8%=
z0KfN<Suirx?;4cl{@3j80=pxuB9y7qW2I*~H?uc=LLiD*=*o%zyqElLr=dN%CM{{2
z+4I?1D9h`r_-<%|xSw3;mA3sllbEETTAsJEtO~>6Y3ViEZuwP||8*36KIjC_sj?GU
zbZhuL(%B>@)B1Xmc-I9f)CVSh#B9GFv)foG<nKMXKtY<vZ#3_WLFZfTMD{%seR@bM
zK0mheMm#+dfKL&!l{>)#mdZWGqIQ5ZUu4aI>ju8T9l!70mRatv55G_l$+`AH?XS<L
z8}o`n!KXgE`0fwCE0lhmI5H2FL7zA@=b$zoVVO{6b}Dwf%6lKb5a%2BE3}V?X8dJy
zKlp=v_M{rSK4S2|*IIQ+la|cG&>J8nP=_yc_i}rVkvZVD&+mIVZi^Fi-V#~v9ZVPY
zp{>!~8JXyQ8+>+1P1M)W@$&WQC>)!G#^8^?Ich}sdxEtZD1)amp&nJR&$~b?7skJz
z^f+HOU!TdnZ*#HNqk+^TX@u(OE41IW&<l2!_rbjT)0AYD%PuO;%I(~w2q2F35uEM(
z$Rll}5mI-v0{>6~Jzk)Z+fYMnJ47O8Z@F7`x5WJXPQch`wDv>f<sf$*y5DW|X}%e+
zAVH76TXx^GkWW;5c}1h+y1e(HB(m}1p7>zlK)Rwp5DbwIW>yna?VQPGilShkewtu>
z>iS80nU=-6H!0n~G+IO@LEoCsy^cBIOaki1Nso>IJMYH<9F3KgA1Q~3x^6C1?Keqa
zvceMOMJ7d_C}!^$`jV5Z)-p|-Kb^se)8<wH$>*#4_BQr;4e{$cA<sSW&jGSZNDZ6*
zc0N#i3KX(m4@<{8=U+}Dxl=Tq+(Of|ro!J}3P)Yn8ICN0XOI)J*IR@hP<e}wQEc$V
z5xwN-=F!GaeWCoGo4|%r7R8t5{casMUkO^{$SLPlym1X4p0MNe=X^B{=quUnH#y8H
zjwB7-klCSIYCDRVQiiWR2wFcg*vK+SC?~t1p0;1Jwm%j!uLpCvcK&U<*%~p^_;MH-
zyV3FbCwnX2tiDqc+Lj5eJ8NFQ|L~MRw$}&<7x8(Q_&X&AxZ-;wu{zdbBrbz7Pix9!
zm!NIaX3>|<3&BF)vd*obZ3Wjm`6iwqVms>byUbf7e%7&L3O!9B1By_8E+Q`!yHlPt
z_qv*(%}AK@Yde8&$`yo+g(>HO#6n?Fo1S|JRHHs{#|0XAjbCP??(K0}^nD<Z1zwr7
z=D45h?(fFAI%2MdPs9dSHh%iU$4V_>-?T*#ziiSDvY#{C^Z*m`X$RZ>PKF09<)!jh
zGc*z`bRg`*v6MhN{+izzmwgbnl7Vx);4X1~@@OH6^^b0Jp+{2v6%Vv5`zOo?J;Ofw
z*}^6ik=$Ria(V6R1VrxZE#{fEQd7M?B>kl|I`Z6Z>puK9qv;?|k&;pVV7upaYIFP_
z@taL*`R;!QZjDE}BG1H6^t~GKd0BJ^oc$QvFYCbTgWJ_&QcoGJM96uDTsLi3R{W2f
zUd{^P<5H+X3a38AI;&pD69V@%nWrsRO}!|QcV`cmitA<*t&o34k8FtX03P~IPh%A#
z!H~GhXF?jb<|!jr>8*zFMQ+2*WHa?JtLv(44j(i~t|_fxnD$GK*7`#Vf_5vgYAYvV
z)^lIO`FK_&Y+o4&w5$}6EqG^4AmD%y`+6iyz@5ny43AgMy#50A!;a3UyHdwqhgo}p
zCi33fb$>b^aJcfuV;HxxIT8`hR@;%XKE8kxrSW9(MFYmiel+0MKy(VR-#cbIKL4hm
z><r7Y?%R_N;(_Y2LYt|OVbi)!;-@pslsw5j>biUY1DL2Su0CFn-)+}`g}=rckf)nM
z#6JJkxm#D_6`7)B0Jx#zw^cLG8wSmJ*n8AAp&hQ&AtX#Ee#AoVdtbSINHGj}gHB)m
zqB_fmr%{A`!($eFK<B?4CR%87UfFAw9mAc&b=N@n%$KtF^}b502E7O3XHD!(ECQ>&
z>ba{2XB&c9%t=>%hc~Q{=UGaLHE~KeGodFw^3$et)Zmr`v!&YlzQNOn2^&6$(2_KO
z8ql+!d;<=~vG=e&N#r>~KJNY0C<kYKKSqA{A{uM_*-$2^k|HW|LNLHg-y2&ZyTo5d
z%vhN<%j@1IN{-gv{Lt#|x9TYg4j^F90QA$>{OwoKkLL^d9o=jl9+;T&0&zbEP&bL3
z`1*Et^lREONvKwgv(KE2adxt{0BMfpDgh_G0)6HkbC2M%(2hjeYDi8G-Ej&pOI&GH
zc;U>)20lT^z@_Z~deW(;u5HIk88@~AW8B7IoW(N7^Ui030d!{Du5v;B$C{{tylz!w
zAHvg<7CC4dTP+EE*>g5l`_NdzZgOOSZ;)oy1@^+mu4pH(2Mx-<g%FGTz7;*-eaFE5
zvb)5*4t_oG+j5tYZsoKfjcSg705C6fFeZn+EF0;Eb>!eeQgktL+cM!u+$M;4d!>gA
zBWL~GFG_eZWH@25cYbUdxQ#sUB3JhvXA8*Z!#Ap*E2$IeG!y+FnH2ucP0f*oG~?Ot
z+!>l+s(rF^nz@c5L&@<*mzc3(`{HN{{qpIZ5p*nUTGP9V0W2((kI)6UFt*!=$3Oh>
z6YJgD&gh>G{&3~EekibMF-40_^j~tNNCb=-7>1>F1wGJGRHs?k^Ai!`VlN_8n#6WR
zJC;KBs~nmq1kMta5hv@SLPS-VdvK&vKd=ytj(wi#WV~}Qd`)ijzl2t{_a$zZgszk<
ziabS5@b@~R298q!`-k0iGV<?fp18XS36p$OiS1X<?}aiYTd~bk=eAW7LE8LhUMpu0
zeb>=sI1y3;Kl+X!M=}lPzA{2KaEJaZHwL1>JtRG)<X&gpmlK<s9Z#4sdV@hd=%1!@
zZ_n15{i2n{z3n$}(hALd?^XFbj%hOdQ)l&A$+yXvbQ_~iHY}R4_xPVSe+(3m3gih3
zeP_i*pn`#Txr_Rk2UC^mAkv#Oz9s6Hqr26Ekm2fyV<+$m+x{Gwo!9C@g6c^KFKq3%
zW61w_@%RfG3$&sMpq?Am0t~Jm$=fX$uwY;)a4bUCWKPEzIsbxDS5F$0k?-z7UXBI(
zofhw<MQ}O&!rgXmm*#f4Vf73xF1SRPZetY0?h>I0n;LTXtf%k3Z#Sgq*N~TD{pku+
z+<^`rkR4dw?k@m%ZE%1sf^yGJU1B)7Q@vYv)LNy|rXPFBR1POO)tLVQfbjiwses&H
zfQqn6BvA>~-W7DJT<xr7t_p4L?*omr+_92a>-8OSbEdIgQK2WI)ju8>o&(WN2IKeT
z?%P$w8~Y7Nx;B5;l(S-pU-v>y>}AfMCj7p+A!kINlE^R-cX73!LpsNRiK-#tiCXV2
z?bbI^RzoR&g$2hU?kZ%8X<6_n5by`p9(hw3NOw0y4$+kTl(2K-s!mXiPfU+I_=%=A
zKbKQg2`#-lPRcBVTv|G`hnprt@v>3QZlBB3%slw6{dSr8EHb5DkHbFjI=JywXH86@
z2b8?yLo?PCR9lNtP*kw791K4=B0bO-nWChv;os%&YhqSJM#%^7@*9(e`R6AmC&=+E
zq0oQ?nZL!wdF4f@Qyd{qjai3Q>k7VS1in|1#kuT#R$ikuKJI7f2EFH3mSVdppoPyt
zGogz4)wQrNNQA=5`dH%`f`Lx~WX{gFdCly^*ov8=^5T>-bUz0XYRUMn$@G@2|L&NO
z6c^wjosR8tJ=;Ux3bwzlN7@JPDy6yL8Qky0PVtjaF%>=b()A>E+`ZRd^THCQI}~#x
zO#4P(!Z6(LA4sjFn-HtIJ5El?2$^~HXHG47OGSm1j_y!NJu6m&mFfOZTBA1)Zqpy!
z!O^i$4{@90P)9aME>y6Vj<jf(xc70Hfw-X_mrNzWK!e{Eo3o;2fsg+22O?6{%dRSu
z54%{Thh>0u1h%q%Mj+uMa$X4uyxByiu)g8@MP5E-1HIr8?8=+~-=JAFth~y0EZovk
zDcK1L3kSjKy_erQcB@s!h5kB3aAK(qn%QKkuYck92*Nuy^%8^pAIH*L3|$_7-Chrz
z8@xREt>32rJ^-ifA*bG3BX>&^ez<n6EtoYszv~*RPb|H!BVX~0Ype>7&;7A7I=tgg
zJenI~2t`dbh$<;Ed-~}2%}-AxC0$U*sSL!#Z5SgWWF}YV!k<PlbQNSJT@{d~S>e7^
z4S3N4B)D=Dz{=+rpS^j12u#bByJu&ZWhNmhtDSEL{#Fn9p3Q#W=-&?qKM$1WmqRL7
znLOY9&Mj@nkVix;DJhejUxzJh;-RiG03yT7xuZ^ZE8r)|0xE=MXFo`yr}6pohx+_8
z@ts10$=qK!2$-;*gaGXy73tpoev<EQn#(UpI1Nh>ZtZf8&HZd@H<v}*-Y9Z!@{HSb
zl!;re#(k?adkcG_4W^750X#$ZJ0rZy-z-%7EFbJgWOpR^-p?781&mr8n=K~kg<P4z
z8$56DfSBdIqjj|E^6s?bl}O*`Se_!D$Ky6y^ZX^oZ6BVEm~YJszr*(dieR~gP*Lz1
zBO%h#miN|exl<s9&BO1V-{;uEU?`KUMgIxE`<A_o>8?}P^}Bk_vlZfJh?==~KG=)O
zsSZTqg<nf5%lpfi1wzfTd?A)@PX;!~AJ2zJz=i{rnF~H&xK=%%F-?m8ZceV+xId*~
z+h0w7Y`s0WTyQ<ZS$2-$GFHCj$D)3PM~QJWG9T^u#_Y3CKgeJu%#9_!(f52etl1to
zhgzs+^;<njbp9_KwCB?KDj#@#KK2F8uDykD0GY5;$F3v%w&Aopm(gysLUXM<d?f8n
zVPux=39*Dkkau`Tpzr0yg~1#8ecn@S*vjxR<@G%&>laN@NH^a#tmW4pvoE=)yQQnz
z-j5>&z3nsmuoGkXb$e*-*Vkaux>j|%!!NS9<NAXVeqQJ|?XT~BFPBx_PYN6C-PZ(L
zZ!TmPs=Sb6j)dg4ePO7_3B(=rsj|GUq^(z)5l`FB(X#xG38Uz24Tm|GNbExpbg%Qv
z5OlxpD0{z#-samZhJ0p6V0-=yFS&~X52KXe31RTGi5+hsIT3t9=e<R5&^;x4Z*sP)
zl<0(H@H#xNJUL07IUwZ)r9f?#18%_uuqn*M(*t0@vE#+<b5j5u<Q+cLF~s}<4Qrm*
z1B!%Vj?-HF7iU`w(zoaB$g5rO;5Pr&p+n!%a(|FL6y;ZQ+rzl}9wIi^)*CDD+pYmn
z5xX?lv8U^f+oekCon;@xXnn8MO5eMBfoEC%+eKF#YbN&O?JuWUgbVe@kgcz)_;)8<
zL!CYw^wZBQrIXSV;Yt*69rM8%1%b{JJ|CgR&b{m#i-}UErzckzqY_(Id$tq><^3YT
zTb=C!?)SmiRelo+N8Hueb~DeeXIGRMU-i4-V+8_`_jp^ccb42Anz&eUL9!MAIicJn
z$=@m71D#jMxC{H?*j;vGpeK>&$z(FZunp5mn7OE5Qd#|T*h4cO26hTL9~cLlS+CQd
zTr%EuAB5YC^%pw@hye)WHO|xOH&hN9v+V;)zT2d&##8VsB2&_U*YbAuO62Pu^(ztb
z%Y}pYFBf=y?-$(Gy07>}(MYWDY3`5DnUm8gLE-`tyF@P^eI*R!nA`67iJpc;2g}Wi
zF_KB}t-HyEp5Oc4FU+{#%*SpOcerDy6Xy9$k^OX<*x26njpkbO2JSTHZs#+SS)#Y8
zy2D<AN8)oyH6{x{1g8b%SpJ&ZZv#S`7iLOVFC?FO!pPJ5!=HUxsfk9pke@jBJX(#;
zw20T3+uWX4C~)|^m2-JMINhB|^@2h9X&vwlLaRJIB?LVqu|h$_uSc5h`@v>si7<X4
zvK}1M?R`z4AHy|O(e34lH8PXS(*d)xW=g+j!{c*_2n2lLT<U(8l$MD-B*_krFi8me
za*i7)NH`hOPbVs@ds{+#1A$TYSVM=XQOOd6#Ty=kh5H?+yRKNj08M>AM4|h0<f>OW
zUI>#)D7NS0g~wH_QmV3$lckJVS!baX<Ajs*?<3f8db)w*2WSP9)Z{feDBGBYK%hS8
z;(;o{3u_=&|J$7VC6Ip4gZupQ(jjrS&?E+1wcayi1KyA|c*RtkLwUAovOgcxSbl9g
z-6-T*?VRwvFm7#ohLsC<_>hF|!|iD=gha$2(cF*qJx;jg`;XxB^N+f`UJ${Ub$gVF
zKu#gN{K#Z>PHlY}iuFVAHqEG9R~LFQOKCe4`Imjjm}m5yBjM&!w7N)>bs3eLjWUB*
zG+qo_?h0*!#dFS8_d`NfJ?4$jwH9KqjljD=`mp;P^kUbx;8WjI7<V2AqSI48$QEY(
z$bz&3YU6f%$rvI@bsILgYSs9Jq)_RmfGpzOJ>C?f#xg>S(*42QOB%XC@-0u?Ld@%u
z0w+QHqYok5^j?PG=%p=jS3!Z|A3B9LE9QLdHyy78ue-8qT^bL<m&39^SOD8M@Mk?y
zNm1z8ixqQTD<vSJCH>amcWwN15uTFUV#pl_yXtwPdAB;DF9sqI?Jeqy&ph4Sp4U%&
zSv`HdX*ge9Rkgp{vXQTgFnm~cH9Fl;EwM8fu`uLhDmF0=c)?=M=8lkgP*z=0iOtAB
zC@?X}uWU{boT$07W=ymUx+Uh0!F_l?2I$KL-b9Z+mwd;d1dDs|GKg1pKeX4^pIT3k
z(-u#{=NL@UhoIBTPLs)ao)Td_A94u^$;rj(n8gFj@9JuK#Wf$<WGFpbT9non#et||
z&V((Z?uZihDxcrGK(=$}<;0Z=ZUuvCKG%~@*N3|H?UjaKyPc>d@)88g7i3vpKKP?2
zci3r;j<D3o#{=VfUP?35p$qDM)nVuDoCM1?h+a3u5;|+{dC&6@5-s@lVciYZ9>mlW
zddbjaZNt-OM_2+9k^=>t>JWh%P=S5^C9^wY(M{%R2k-Z5(*YBqb<{vm<opUABRd|V
zZaDLwYpo!;%*gR6Jy^*~;QMm1>sQLWw|XtgQw!lqgw#GveEkw3r3?-=TcG`%sdUt6
zu|ofB@pKXvr(p9I%53H76ma@*LBN!GfJQ|?pRbj1E~7`pFB1XSQN1z?M;vu2dEW2}
zod&X+UvMXwgtSH*D5liZp!~4;y&!L<!EKojrMiO6oPvHR@k%(t9qE;^G%(LNRX90Q
z2RVgSR_xlgr8AvRvj`BxN0Q}{qf@N1%FbNsTPiXyzZIB-V-bV@XzpG5AY)HE8rBXJ
z|3n)V?@=21nwpU;d)uQ+@#$+)&lYmmsZ$U2BF6N67-zI+1sYYP`U6YR_cC)GS&5mT
zy$WXpSe$Q_gq_ZuD~{ohS#mAbC5W0TOrpCHQZqj4e+!M~V{8`Mjj^XMWxi;$#DOOa
zMf9~3Oui?u!5g{^ERn$VdX$(IgE-KIVm}Yc?y|re&?K8*V&ynRO5FxY7l(A2<e4R6
zTGnAnWH#DGh4tF5CMzy08l$T!m280>SD>4b$FqC01X`+$A30kU=kMBX8}iy3usQll
z-PgOa^KB?tXl{%UT<*25L~GGj@jc&7<ky$K!}Y+NHtUcQ${4P$loDESJz9`2>VR{d
zsGC2ytOEH!Up0-<6f7P?oi~lqt><1|c?ev2K%u|}ql5?LC=VId^XwC`30J6yf{Qz3
zGf}G)tu&B;d@*~O<@z!bzMP3R6Jpt!YZ=06gW}c-CvN>zwV{S0vMC=y_<Ju#tjJk-
zz`!MC#-)xe5EdQs)z);Y9uNXG>QH^@2AJC9btNB_eR0@E`wdCI1&j>*dY;tcKH0Hn
z1X7pTaq2*H+~`c7FAY0AwdH%VYgK_k*ZFfETcBzJh-(B5EYs)Ml=5@(df%3Fg$c3&
z<>HH_B?RYu-49qGcjJ@1lRr85Rmmb+1z!N*!;N(#X5#ctGZsxb@@iOkFwJ^NH;i<i
zW54+o_JA4^Ijq)$lE*SWGlAEvnr*;JK>i2Fi`$Z0;c>Iz2d)vNn8P01FXQa$qx`RB
zB^M4i%h%*7OUb&SXtaD7Q&x~Lc3R`MW{HVq22%>V(55L7*<X!+)NDWlq6g{T0w)kA
zvk!=z-o^|5V1z$abt~V{ueIeY7|)uI?3?r^X-q+rLhq7RKcozh%llE7TG%&d{7T$F
zEs{jwrY~Ad;N`bg$shQag9iK}A~e(9uly8*<pw^NJI{1zgE6%Y=Gd`3kKv%;IDG9o
z0>-+!l2RKnJ2#;a=+McPrRbX*Te&E?o*ea0xf$YairCG(OCVm>fXWwP97Zfw(R3?w
z)c<Ry8M^`<*cak6<I2y!(|ehy@N{bg`Epf4@M!50_COF9eUtyQ6q9i*lcwo==tVc#
zEIU_TeJNC53Os05KQg3Vy8sI#uc98sqmOcs-sao5NwVd>#!kaj-~avtfTY+ah*@Wc
zhu*$g(rKVZf6j#{^E5E6<xQ>X?=<Ggy~2c}UQ_auMpRgsMMiaGYH2mFzn>QaOEa&s
z5d-RvW}LcqRLu}A4fC+%R~O8L#7j{AtTfm_6R#ke>Hq!{7WAIluBee7I)Y=>bty0b
zcF1=erSva#VeUw@Sqc?FBDvob%8Kpjue1@r!*R$-K&sJEQWX^|YZ=6*X+cFn2eLCp
z1#kZ0{L_2$Uq2epU^<GTZZyCp%m`$VkSaKGSli>`LWAm+=M)f_Ja4KWX2(}J4o@a0
z*)I=A-PfbBTZ8-G`49~qLt(0CpYTy98MZ}mb&SF@yArcK?Y|GarH5`0j^OG4+h3u0
z+{I&Xu`6&LBUI6^t}Y~NUQ+*UkHz{XA>I+7w@#h={DpmK-C?m%o2O;veZvxB3Qp~O
zyKiyO_KgF5Lm_2w_>GgwonxxIdP|1Bk>2;M5O$3qo)U(#7}+BO{nr9ODUE&eNaF{C
zmHe$Rn1_46`CfFRcNLRC%#ia33f!768&2ehFRVH!(bZFL4gi1?3BXxPFQ{LPKZG^v
zSdOHIpS{Zw33RA~62wm9t@)^3f#u0c?iz|-DK-EFs0dlr$)f5DLE0UrmA!I^;qE5x
zVyEg=$IX_|6)L(ZBZS#aT}(S)Fdep_kF_82dc?f-a2O1;3R-CpX$=<LTK=J5%^OMx
zABYq1IO4VSpr_)T^lm`5#3g7VX_EX16YsaRKz;c0o?x*JIbW5RRa=>Xfyv0hmk7T5
z-tZ#}Z7gNuF%<$5Lia|vQaekp5esc}aIm<=M;UqoB)}px#lphyeGlPpZucXaTB<UP
z{(oFa%+dim1x|KOPXuWq;o6V0_4FQvBg@}gUG$DeWizCEPQt~hVh+NjfUgRuOs&hD
zRYZ_JP^Hixh#<)nhUgb}9gQNGpl_L<?tSaB4*p~EO{A0p(!BTc+Pmg-PZG^il0<n!
z4bo6=ZHa+V5vCMT7V@6iqjC&CYiHPs%$3x%tPqL(fPk2^%rr4cNj~TS3EB>=!6K9I
z#i(%i45lS=-B%U-;Mg)?gFW}>wDx$$v|g%$(Ggq-Xp>ajT>g{D{p%H^z4*9s34?Ox
z!7@7^II<hNJ~rR*#a=2TIfVE7{H$S41N@4QF+f|*HM1x9oFS@X!JFmrpoO8?kYE23
zgHUe;2me6SRe|UMMv{edIk0sZ;kyQhs2Ru*VB1pPoc8i9xr#{6r@d{SsS|=gOfm4U
z%i^T9>&6rd-)fpmj@o`FxF*RREP_}(1C^~Bx-+c(w|F<Nu@wO->G$Bo#3ywd#^yyl
zWu|VKNF}9IMG0o?(*4qes?;<*2}6A<I{Y8XS$bi4SNs@QNo3?4giSo+C5)Dz^lT6>
z;A)iBHG--`B-A)&^M5s>V5_nzC#ZhQYPbE4sYxP4k3Y0eTS5{z^I0q4pc#5LStFN%
z4`$oNMG4ntx@<IQ_r}4Q4RW{oKshZXVui1Mec#M4+RZKF6C-ZTUwE_lw2bin2TnRo
zCfAeYKy<)*Z^g|mx4rp2jGJAbqVIzftC#dbgBc7G(Q<6}4<>-fxmPmUZv}3TnjQ6S
zy<OEA93Ac+Z!qYbZ@+wpM9dQq_*ifJSYNTwWF~|}xDY8Ssjxnob?kl{s5gnn5T5Wx
zNJqHTGEMTo{9}{KqIJF*gea70zr~V<Z&1m#S!l%JSu79hnQ`XMfMa<mwsTLBA?O8H
ztU9f%p%s(-0Ee+nu{FET#+{xV{_ub|JExvkU8L)IyttwrO&)r)E@$~(hIJ@s`!8un
z4urb+ZyE(=k<~PUznB=gt@RMsUwH;;7==v@X{#eg;tW(2BuWt=1@yT6_Sl*9M?Z<{
zVdC~8U{DxH$Xn4nf(vq+b8u`{DsYn13pu^$Cyuw?d}2tk`pw-4k>cOCB*aH9m$M%&
zJ|M+pHwB%XypKYP$!#emfI%YYZE`C9WxPbBE9iiA+IGpA<$Ez-VzVbXoa=UeRi=|u
z`%uWPuG+THVFjO%P-9QGPgX=F>EJoB<bJX3rmUwNaakOjQ_%Wd&W_dfcriwFV0^20
z!)Kw{jJQ^!@*i6=U}pk6xLO6Td9C;6f1JCwK&)A1^flm{o=KHKh-$-&s8B;sd2}ND
zE=TKWdj^Q)BB$#prlw{&8Cjp)bjT0zXsq2aWZ=@{<&EskmGEZWj7nfQIO_I@a73(B
z1w5M{Ks?e8Qi(lVIQvB1gA3e6W+rif(!|+_Ku=F#?`U6`YnyU3&f5~AE{Vgu*f>-o
z1O(y_i}zPxZ>Tf;e3UYjGh33w`Pp{FY8F_xQk{|YAu<5fx)WbNXr^35-xZHHlq%l5
zN`m1_K{1q;)_zHaUEv`p=*Lew)<zeAX42ocwd8Ol!;}n&|BuaWN<=XG2m$v38nj>y
z&VYyu85#__L8<{3`eG}I5!_$`z2l0(;n7b%I@kdlQe>F_pd7&wfGcfO|Dmlf0yP@d
zhfd((yQiGFyh`I<QZqki#-7;vjpxSY{ra^#S|+USnY)il>cDY~n-YqltzxSaL@*S@
zd)oHU7?+u8#?3})BJ9GH1u7oe%Fnm%%NT2nh18p2nvE~ti1lfi`f_W<d3t@h`p})~
zB4Ut@NH(`GA1DBZ;A6p_DNKAqGDP7}8tgv|`;aD{GW}e*kC*6<e^6ccP{@OIjT&RD
zc8+iMZk$;^&m9x+niQUt`|F4>powrhRy5H4gXBgl-i$$_MqIS%$J=uF^!_!4L%4JR
zQYhhgjMUOsGMGz7SRqRs>;tC%wI8>_Yy1j0*P-o<83v|}jym2Ary&cD{MS;hpVOWq
zaV&-^AH59=`v?pEfGP<`>0sS8LJO7P90^t>^gRn@GP;6UYi7nQYWGHzVx72Q9(iCG
zIj;ch4E1I|A8})04C?fG!FC#!7&TPN68Tu~uY<<k8%JF6RBpj`U&btRora8LnpkIo
zBx9b@lbmOa9ckyB&kCnK{{;j9g5(8-%@@^q!uYZscIhYK>#=gkgcRk1Qa7CVa+T%s
zORG@zd;&o_<tB^epmfHBcr*d23TR3yKqt@gIVUwESRy|$DlRgHLr1RG4vlRl(Ikie
zm)6*?&%yCd-A0^UCG#RI^noH3{_#=y=6=*sDSg%owSAH4pGvXmw<#|$45{*kwHJ@i
zY3muB%NMYAjdL&l?Bmo7eZW6<OZcchXqKZygFc|k_j>3;4{fU~7yd?l&wkIy7+(7P
zW}5>{G?gW;7D7=h>eV0BTVNgM1)-df86%0w?KsQ%(Pk~Rl;k|_4g$uCOmjOMVJlgB
ziGHe_**M|D3Q1){-r++&<s=>d%1S0@7w23}x$NId!3RGa|C$&GzfOW4n)#*{r+|>o
zduLZyDahYgI|aGHF&6vgqI#kNfUn8a+@gQ|xIU|w3D&jDtj2t<pFJ8<3#O{^bFJUI
z8S<G)tFL?bd*Z6191k=dG06(-^IXPXN{B0L2yylfyOivxr>Cb2O3OzzTGUh<FYw9%
zkv(AB62PvxUt#I%n>CGgna%V?;Rg%{6KcDLH$bItPDh)d0&Yt%Wd^y6eQMfBQS{F4
zoMrfa@r$9vwWUgQTwRC15)B=@wpfjF+7QKY`)G#1BFYLp2g4UbDC#*sb79nZQsT2y
zVp^-U3kU>4%STNJ1YNMwwC)F)M@2Q1N#QP3l=XjvZXVzP>eYN2Hgp$8o53*!VZ$4b
z?`oLjv|Pk}Y4;^G44)J{7~y2-zkv1(r-$OQGQz1?ZJ0taeF&4JCTKnhBo*e@;p{^-
z(G*;j(Zj|6(1>W2wMd|4u(KBRIQgok;;tZ#i-%`vSRZFd8CZXSS3U`F!0+ms=fDdb
zlydlm<WcFVqxy1c#JSr~PXXV@C1u_;4=3L$!TvK#awP}0BJzrnwQ6{^;Q|f))6-;R
z@t_^-Cev6$TP^@1=+x@eELDM>-x;hJ1V{L55fG_uy-XX<j?}`2*V`bmQH6v~YR|{`
zpP;h;p3P}4LSr;Jh=?3k(#i-um=?j%oXxLnMM4D3kQL-beN@?oWrnUe*bU8dutisn
zOUf%nJj5}79R5^R*NiMmHm$8w1MVnTn8$iJCwr29__!^bXcT6DKUGY19ao7`r3Y(R
z6;v;Prq^Nu^2la2lgT=0U~upM0Qp7{Rbv4a=C7ooqk2xNgmgdgCY97fa;Jo^5Rmd(
zis7LXx6yGMV?PKCI%{Lr9#}*nD1LFZM9W84H32SJlR~hee1b_>0PjnJw5<rm?<(^(
z=5@E_72WS@OsJ={+k}KYHjbGFv5^Qi2#qDY(Bp%sGOJCvP4}s54!8!fS_^Xr-LOh3
z$am0Dp18+b1xQ*-8bRFcC{zA~`5We*F^M-eh?ktNlbd3>E0)eR)jw)f-)UOcWzGJ{
z3?y^Be#OfeRcph(XQ9VjXIG;=s*<|bM|aGYwsk*MFAUBHkr$eU#Kdr<SAf!J+lMIn
zux+-kETM3_S!dbnd(5l4w;lV<tm1}^0)wa7lwPQ6P_>7h%o~YCMcV+4*q-fv|5Ys-
zQgP;JA{G^^H79EcnNWNv$ovoy!dnNCAbC&QA}0<p2kaIVwM)`pR6I4m65M>i%jz@}
z?hXJQ{6JMG+Q!q4msk6>>}RHvN5xmzmT5&2)0=J!M`6VY-9KNjp}o9vIrvbW@%LdY
zVEU;{a0t@_R`!D<v)b6u6DP~|Lg@vzpkciBLp`Y<y!cpnrzO{z>%|lR^`)9dhlu>(
zRyFy$L#K3z!mQ(c!F;iaIoe}zX}qUr1Z5iSRPHD1$o*<vCNxHIW_9W`#;F>$E8ezd
zA%~1OkdXr$)pXcEyl0*ang!p`yB{RkNj+aMR6Y9;cP?1<liepY;=!pZBbIeiZSuig
zHE|n>7nona4?9(8mQQ*T;=D=V#FpypxxGgmTQYy){5GL0&Q%#C)r@N@I4t`<!Xmnh
zgHYi^04$jm3vn{k{j~aoneNW#2EVAsm#16%HNO|hg?LZ2$QKe5a&iDth$^bG$k0bj
za{T<%X(euE%!r4Fr=-6UrWK5*kp6L{q9RTnIlsE~gP9_sq^$!aoou!J&6Tn<@&tvW
z5zbD2b&-E0^0L?1ukiVwMvo8fZlc}gjL7QMb1#RKn*(0O)4b0QiQN@k{VkY)!#_N9
zU<1Q>973>2Em6)_emQ>jt&OfSLqMzJ(m<Id4-f;JUpV>CZW8Z?S~~h;*SrzL89DL{
z@vkg-o>4Npj!a;*AH8y_JbwZ8G19e=lT`e}hj87WOyC0b<)UIfm2!3Fs2WE_WlNX^
z$Z$lSpDTMxJfiWiAY3YI&2-wZSCl)nq&FvNmW&Xh*s9OhupT`$zP+2vMWCt)XW5r|
z`8`k%s&~_gD^fu#Z@`j!{SyeI(~%e|K4cHUp@Qo$!2}K)3u{Y9g~)2R4>T%itcug9
zDBIBRKi<5@{)o%GZwLLTz}PgzFC1waxur6LDprKc{Vr%*!Z*9w9eq>U$q?~lu(V=)
zR%ZfO+w*z<_5lSp$nJqoEeevlzda+iL-;Gs4rlj&zcCaa6x_8Yvv>M_oE+9m)V#7n
z)X54PgD!J+2x$ML6DyjZX~fjKQD_U3cV)`{S>e*D5d0_jJ<GNWofYJ7p^N1a1|Fsa
zhZbhrb?6gF-2oK)yGf;`Z*%nu-!*6RYALYUW}cPk1|}C4BTsfTFidxInrqQ~+A2!+
zkNn3c)a?<RS_~l@Vir1q&eR&fzv|hnHFk)e&y}rYXNY=9FAI2N4>&<#_he(>6<A#2
zn_SQjT^)zEh+A!cQLde5&#7sHF@AmqsI(HddmoMrfhPU;2WwDS78r1n6s1L7z0rDq
zk?4#QcP4u21D@OpL6sy$eF?<~va60Nv^Mm=XdXDE^8H7<Y}tAUVY|P^3eoqarVDlu
zD|q_y3J`HKVsS4EGMtr=A~-F*HTNXQAAO5joJ@IiDv*t0td(Rj=9jPu&dwZ4k<DWt
z`JJ86D_Zja40<kcCX}O*QNqJ%+dWP_6`>e6p7asGkZ0=z#$e?mB=*JPln{SR+K{xI
zoP2&u4ZLVz&y`h@B!wBy&JInqcB`W|e%A6Oo~y24gzq0IqlpUgQ5_F6fmQxGc)cyi
za3$c}Mz>y{o5}<Ms)G0G9P)dXhyAJ65y=%Ll_lMKK@6yY!0T)R;!(yii%IK#zKi@U
zqUA-nD%b+!(#Du-&{)T^h=ql%{O5OA!^DyB>8w4Ov&|DJ<ZKb1xm=wRe%Z!(8M>DS
z`bQX4gkUrsV7w85k<Wj#q11~?9l6rLjF#ANNM+$?hX~e1DwKgtS%OLup_Ml!R_F~E
zHx4I&Ev=CDc9HKDoFe%uo)LTxwXa?=sbU0&?_bN*r$=Z|&O9aR6Mw@T#*)70ZCsVA
zmVC$|#1-4Lu#C7tCP&aP=TY-{1noAw5n1Ty1r6<7!#2`*XD*yL+I#Q;56usMlStoc
zZD8)_lV*xf#f7e)ysdcN=;mozUK`PA)(TAiZw5W|bFS5e`4}MZE$Qh(id$~Qaj%&T
zS*z=d6vk=i5sm4-^;ZEwE?VVo`ZsI%b{*}nO*xtwd$Py1b+z%1zN&J+=&rQH&rzd2
zhlnI%_so;$o633W<6lgyF>Jx1-FvvgU-b&i#-^tO*pV{ak6RjRpBT_KHd!zXfaQ7q
z1(+>wTkD;6q6oP7Q>Wrc9J@p9#BO48E|Bd2_nkjJE8#n*D${?dTQaQIDuk&Yvg{hX
z`oJ6FMLPfUOO*~_JT~|NuySkK)2t>!YCsp3p+|uwK|$!0yvJoUr9}kK!>5F9CRo(A
z5Tt61u&}ZTdn^>dfU`G4XkKvy1`A=@-5Vp!DnULYR1O}r+LV!@Tzxt*EuRcn&xal~
zv)Ll+%9Xeo(td1vNv6V|=L<7X?!BOe$S=#1dH-<_d$i(dcSbl)IT01Hh7Tm~-Z3tl
z(N@r*@dfL*n5B$GgLvs@B6c$ejsG}>)fSw&3u<2GY>8#5tQx&Wm<40Fx)29bU!eFI
zSm~u-vn$Sv75(VbDR#}b`K8nBEBt_uZ4u6TBag7r=Je>mddo^ho0XD9`kr^3IScaR
zez}A$(?~y`*$tp^`ovo-#a&I8eVFYcTCKX^yCHZa)r_n&u@ZVxx{`Vu1QOtgZue)B
zQy4~xVf^A~^lnTZanEkQcXX7&bXzs9>~Ea>=oe>agyDT*z;waL#N?f7^+&m3QxK=f
zh75<hElkM0`&%U`w@u803KFVl-`!<>@7rj}c(sIZdQ6W-r3C-TuUhWz10#3o27bs(
zOhgivUx}Df%*fm7VI`|4w$i~*5T^$GK^Y;eCUcnNE$tX7=C7hU**%F~YdHpcP*N4c
zk}~Q<2{LTwBgY+Gn)*+)3X`Hjk(<Ty7}M2ayzM20aNC5}B`3BLK7RPxA<a|Vlm3bK
znsKs^UR0q|=}Oo>xCQE%IkjzARrf7k6{%x=sVX5Wnlbr#HAFo%iK$9spDHztC5pu$
zR}7x3m2s@8Xb|vdz12wb9~(bdIG-X-D10hPGS)8pHe4WzoR-|Ysxip!XkGzLD`&;>
zMTRZ%=ZQqAO{y+9;R5B}HRgKD*_ZX1@T-xzDS`3#`Y=9O2klTGeK+IHVS`Gw_~Tk0
zF+c7F>!C=ZM9y+hnl3T<LQRQCUgeP``p>&ME#_^;7#qB!@4PTH(Rk))hP=GgsG3g#
z_o7|BzZ+dd;(uK=r0Axl!#1G?u0+i%9Cg0t?)IE~M<2AR`~)q4?}#^2U^dWT@JQ)<
zcaw;tsX!gm$Rj#aT$MSxG#+_th>zQJQY!HIVqh=~F~6!1BJ=oq8o6U5mkHqp`AcIv
zvFLN4xox?KkCVX9;UCJW2H#>rtZQ9r*EjFkXqXtqrNyCG*{YS+CSljSyZ->oH2!Uw
z3Ib}49GE9c&-M0fXV|(cD9TY)cma|n2~SE$SMI}BlgdSlmUggSM52i4$+;eQx*eXz
zqAVWavx604wPoaadcMve%896!4&l#cyh3KWb8$zq+k{!z=AcdWnUr{LsuZG|P4&^f
zX$D;yg#nM;Jod%$-j~{$yY%Ar*wBU!ir~m+X%mLNl+BbZzi;gXS)WLrraCfGy+T|2
z9iMiyec#(<uFBuKbB<59QJxg)4Go-YDz3(6PsJiS7-SB2h-_F)KR=D7_=PifoRJ_E
zWOx1P#>k*+42ay;y8C^DeV!8Qhp)p-@ZEPkBk%Eyps*q7#rEYX#h|YSW;J<QP&JN>
z@wPatYu@(~rTukhYg)joo(9t_Qnirts}Py-<-DRdjMw0uE)D8^;#7WzKk#$kUL`Er
zJiS|-!P#^<{ClYaw8dvBip#OterNniw3x;4TOP#49i?_{5A;vRY(l+N8IdYPD%w}K
zPkZB<XJ+5$;*ThXtXJqZf9HcDi6>(@QzkND_0r$7b}AnGp@*_f<VIzo1~VpI-Rd#o
zHc{WSN(hb1ptIN^Ry2JqWE3hi8<?QY%>HD{0Amzs4^(lx*E{p5NX?Gyv~7^7^Cne<
z-N-@4tAoI6L&_HoEGerDPL``3*!8!zgwxJ^uf51cpB=oKBPlk!!v@TOw}Ty+1Gf(0
z{dwVazemR=q!Ckukn)}*aP&z~kh(UjrF*dCCYjyKmXOLu-s2B#*2dqL^`;lQk#>us
zf)15tRiX(sW28CsBv@G-Gx5-WTI>%<If^qySag&e<NZjB>+U=3jF}RwMZ7gq5s0L%
zBiO=VQk(ii@|<IVd(yvt)o7v*T_jmZ%$qXeI61jSN+^`CF7kC&n!^&Znx&LV(Rfal
z!(@gx_<L-Lz&J%B`N^p=;B#YIyeF6~yz4G>flptcZK|BeMRpVKNfjEWZjey2k1sB?
z%?A>o`YjbntdN%sc+mlFC6ty=2aih*P5hy9`#b~`fs~dv<xF0i!`|F<bPetTyxeTb
zuv*#3Wl*tWeFd&&#KHH$G|$g`U`t!y=&H@Ru5wM0(%DJ2@A7#6Lc#no({(}l3_-4#
zUHzcNa@iozXf!OO>Y~PNd~~nbN4w6@qAn(aVgA@Q+F}ZFI&x8ZUL4(6&<~jD2^kLa
zbfkx<{CH4WXYB1(ykY9~zkqOsx4ScQuqCMfB}NRkr<{rxyJu*bUd5}XuE?f&{#Q$8
z$%$pR)j)%+Ji5M66Qm}cqkSp6tmP7&{*dq1wt*DnF>hN|uW~l@W{oy2fRi8qoP>(s
zs3X~GBwsn2$SVvQ)lNOaI#T3=Y!Xg{HT<xdRB3MP#;}V<$BU=5s?Yp;7?WLdBU-hk
z@TMXgZ_zX7YT(l!MSnDHIyh3gS)(fa$C!R2(jZL)e|E(Xfuq=laJ`IdNrvucdE6b>
ze?fMOOYfa>T^plH;Mu*nuM!&<S=4aWY~rs*f^Za5-17(L3fG@x{5KYYejzcCOQ(>o
zarFtFf}c9E-$Z%ZWg%lHLBEZHy)8em)sQQtM}hENCimn)>Cre=2fb0+h&5fX+a+)^
zO%Se{B=OupI{E`p2QmzCSyGgpVJ*c~8xK0zuu`&>2}6Ki;JqJN(4RAeYzWsxhowZ2
z!!sZ1SqKX|f0XM3|5EyalD<krbpk&EQbTTg8>&F&F;LP(<W>n8&#8K9X+C!KgcPIr
zJKzV7gAON3<^bfbKmG@H!aFH*AGrc015@`?%A)5WU%s*H@0r@^kwL?)xNLKqy8Hx2
zPggX`f(9_c*Pj}tGQ8rqkBeIB>OeligtleQi>Dl=`<|+<D9X7SJ(mpaeCsSykw%3+
zA6Oq^sg^XKXJ_=`Ihted@UXwPmx1@N1*lB`T@h^c1?c4eLD6T6lXE=Z!mAwQ#>eyW
zD+u*6S3pY{;W+8o#q+^4P_*WF>oEwUmRQ)>1zlf-#(NJ(i={f>nOjO<7vOc4B^Py|
zfn9d7c0fYJ;-K}wfvuzv7PRAaiAP?*Fyx~hN!YJ7nBpa%(q33l_jDAqA&b`sps#V>
zYHljvaD(+C4-O=*T(6Bx9N`l4drH6+qMB=yMPUEPQE}x3-Qd3wid9n_HKeG<?Z>i0
zkV#tEu!e$VV%>%x2FqCxoXp;)`x`{;c?JoT3r0W)B9Bs`TWi2GaPmC~5+8j}anEel
zcp4*P!L4spKy0g6NO!zA_`7A*_jN@_Tlcfr<tG><GyQKvrv2T^lCLd>D<0t;8;8_2
zW;mu>Z_^O401ZD&LKj|(5V;y*$BQJ9Lzdm|l9n}e&a2g>e=&_u?e!JJ>skLxb3>8+
zZM-0biqU|c>2Nh6)m@;8AKMIGWy6^Vb?ebcROSiM;I&+55+AkVr(}8a`>J8yQTkbx
zyD@;Ii6e@qA@-NWZ;XP8k!kWW*7vCb7Pytp{RaT|nqQP#<-LCSl~%~3(Z?=g)n~Zk
zg|@bB#H7OF2Tt9wsNgP-&QB6!y)=AmctxxidU9IueH9{i<b;|EhQ-iEjH2Qr+n@nd
zx>b$bl0p)YsRp0Fjo65H+60Yke+rBGlgG|Kj25L0b%1w}%duDhiccJ~mC)40H{He)
z+of5Zh9FaZ{cX`v$qbY_n}2K6i5Pz41g{Y+Doa&kDoM8ChpcbN1C9wGZXYWr4_5rp
zvtYH<(?`8&p}_rizo@}3HrS9h^HWP<RVU`z8W}kSIUv`8h<IHH;ue@RFE*Ty{*;?4
ztg{AscnsaR4c$Pzo8nkT{&PnI4I{a6^C7qXGf4V8YFO*a&CRI10bL&P>)zg>h~xx{
zvk4k*h!*~TR<0xhzxJdGWi-)5M<#Apxk9)AEp_3??X)p*8d}7ij@yYZFBN|8XVxAC
zf{-(XY0x^$9r0YE8TYJhBt&(v@ydobp~tra71$zkPdu-Xk#cLB@qYJlfOM8&#q;-w
zi9eZ1!Vj0F8-f;dIQECiU5s5FA;g<-8y#N|ENLn>r@aXT#f$tz;%Pntz0~thpy1Kn
zd0O<r{e<$Na9m&tC&#7$d!U-R`>2*uBy~)rybgU;(%{=|750YD9Z&Di1C|C*tQ0#$
z`kPySXqpA?6&|A;6?tnej))*K)c|#l(*ESqjQ{zN#fN;SR0G|hvF#v@if`7I&>Mpg
zPl8<i{Sp9MD))B@fapKwD<jv*__IW8U0swTB3v52A$03?L82LLDA(eQ?~6Swatflf
ztcMXplc8v&qeVc0G}(<obwl51i;Fq)VyeZ;a93NRSeQsIivcXV!{mi8I6KMzo-RK8
z&Kl@3I~3<R6;Zua%M`P>4V3@5f-SwrZ*=K}KH1uUhl<nC`<9msY+z2{P56f@=4%Xz
zzlq^**6#ni_cT0NZq!6^4-Ah>WH8Ff2LTm}jp1-(OsR!?*g!x&ep%z~zRYL1ZnW_Z
zs8^Js07IaF&8P<pEt1_tl-`yode!HHx&iBE(wIVP1x}1=?KzYQ`iJcU`L@5r;56na
z{uuQ2Ho@rGLI<)9qGpoVavG0j!@Wb-bOaMkK^D>csNKtv6q<j@^6OzY%qdX2-(HLK
zpVwmT?ykG?=Bm=MP$e1~Im2GNT<;O$+{*zKjz|32fUWV!P7!D{p3~(ex90bdB7da)
zI$j`2<@ESJ3%7S-n!kux*#8R(5DyV#<(5c<^6fz8j7*vv3lp0YG_9e<itO6HUU#&>
zs<w(OJj9Odr*1G?!Pf?0_hL!U$zODwETRFj=ZdhZp1FvTMefa^BV5zVfA;RTovDs0
zSYOeo+ngo54P@oy#G);MlJDI6pncAjPqq=}oK;xC!JU{b67rimxB@ff`p>McHPT8x
z<buaOjp?i-!|2#dY)a=32Q7TbhD#fODdmRs&&J#;(w2gPzDPXG57V*~4{LZr`LiV*
zxXyhH4dwf1VEz-r%8sIqCIFD8tnAL}mZL{KJJ$MBH(vfNpf><z!~VM}se5*+WjR36
zkc8nVJNm-x@F;cQik_AK%!GfB`bU$nAK1!}stev;rY66dt>Y~Io<Tvvig&{Xi%y?m
zXf%kzHB33$`o@fk%2`Gc=DXytK-hJrNNwQ7f5zw<Ty%1R7U}B6yL6~(BH-4Gi;}*U
zBMSnOj7^#Une{wFNgj7EI<fhUb<h<(0_J;Gl9x)@GUkt;9&iihF{GB{Av4V>e&5z@
zysgy>MPXY}9+jUL4u$+MDfEtK3zeGZepwG$>=Osu)eIDv#pG$-Yk=f8+w0-c{rZlx
zKx2C&0JhjTW=FS|OaFx@Yw?zfDe0@Mae^Ldp3el4Hw^NrJFZ!ziiH6d6IJc=v@-wI
zi_`Scdt8p-!JqUJ?{O#pM)0?~*$OG_Q0Eu5;Qn5bH{Y|Pc3D@N<H?|v6CY9HY6h~{
zY&=n2X%1@21P-n4!R0l0xtxau+v}q^j(Ee9f{T$Kw-Ne?MRq?E5Az*V9Zwq)jB?Xg
zq<pNKmtIVFg(KGG4{9yCxD$j!A1SDoYxQs}W_S7H*q91M9$k5uZssaG|1+;_!_xbl
zr`2zRq|gONyyCaYXA7^2TK;4&RN(#;ebkJmcFP|BLs@b6^Q2lhA$IKauCm1Tk>u^&
zJLuwpNj4U-`4TDCy%{{HqB=O>4!uv12wd9x_w|(U>caT|YoPx#B;B8%w$azRZbl^I
z_4R1d%G6lD@>x7ODf$pk#K+5!s!}2(o3l|O{MPilROLTgRaN<nl@<=%=2&rErc;gh
z5@T~K!I(DW0w$@=lPrtWxRH9a)N#_L(yi6#RKFZ@^jO2eK*7zBlJd+b86C!mLF=$9
z{o*q-q*n4I%HnplVe0hc#~Fn!O+NkZ@YWF(cWsX2;;Y-DtZv{2i84X#smSW8Nmort
z4qz|8<HFFho`&o=Qv#HJafS(uqIK*g{mxg<t8|r@l;N7aWfl8&3P^C)Ld@$+8F&Mi
z_ZGg^rwEibJrW;vsA=#-i#w81;4S_qh*Z9eu5&`j{r#Hfb_%z=!wl`~_hH?kr*<D#
z<d>5sn1T)7-g;1N8b{yvT^^Z3(pLLB0h8a@vODVDSetl4XD8tEbuUHP5Drm-L@C+c
z=S5ke#6`v;<@OXBTR7Y^LKDl^i*vh~x@A&AKZOkH%v-@`jcmW2(7PKeWZ7N%$~5j!
zRVdAZ){fhq{C{X=Cn*0yd&L;{3R)^w>^jywuDsu0Q<6OwiGJXQ>ViX7j=yhy)G~h^
zJTlo-FE#L_Y<4_ZK*mS9>FMsH*NE?D9dVlSg!FCnCfesXg|La#tTdw4A6qQpH=<p1
z2+lL4MQj-em%e7G#e(GbB_=#90yzjGMbQ?4N`Lqd87ArfIjEqrIGJc4GE{Ts{362`
zx}4Krt{|<F>t`7>`n7IWR<jp<zJIe;7R{q%@XCFExv$JXx|S&_u4Du4p6L{QeqisH
z(nF03Pj5XnD$_94W@Po9=zF@Fl$gsYU*^KX_-S-Q`dCzlK9)@<`x(LFc}8hFHtFmn
z?*60Nu1`y3l>y_WE+zQK<ZUWrOXd2Mgv^31i>n&!NUj%$<^aiw@54Wb+CR2{snM{&
z2WM)8<!KQFSD=t%L*jIU>I0L7Ye-)qGFTkYssnRe>*K!<WlR`;l9lBGPHq++dPy@c
z7@#njp_4lr%Rf&U&V>SriDq=@aiFGYWhG%-rT|V>YWKn*iDjAP<Zr$(E5^2e9~2~b
z+m!)twJkYQVuU+GcA%(vVtM_Y$<6oJA!}ii=(~RsCK!=@1Bxa%rcVEJJlM0mcP2Sg
zrrJl6Mqh~hc-%wEf>V*YAQ%A4I3F_s<n7)5U)#PZv;u-OP)E$0;kkh>14!=*+OQzh
z@cakwasR_4NmYdV|MtfJvKQXE=Ks%!x9)t>#js7m@A`(Upxq1<pinaS_iZ}C|8^16
zp34{WFE|&pxDwP<Q>$|^CnrRot;fX>{(bD9TQ87TfPW<1Ge7Q^dIeDxn}Im_!<v8a
zULnO$8NGo5Kw^XZHZDLNQYzo%9Tv(84xTG*I4JKo|4ZB}P#VM8qxb*Q-d9D%)irG<
zfdEO+;2tcvyA#~qr3tQ$y9Rf62riAgyA#~4ad&s0&ij48teLr-yZO00tkZj)Q>SWI
z)l;>fVn`dAzzv71K*{`D-mXo|)Z<Cv?Xe{IH*k+a_r3a!B5pCL8)amC+`!5U(Y^|c
zmm~MWQPQI9pRds1z`e!>2?72iGvOP9o}i9u0{r!e7|(e6$)g|tQ4TPqX!G}(JQN{I
z|5FWuTv!VKzqrWdHd^m}*Zw0j>C&e2;PM;VXFY}RuK0!Vf22@D@Sn*i;|K)A<z}QC
z4FE4rhOD-~=g?mL-$i=0fM8l!CMIWr8%X}0k!dFCaLC-@7EzxO<(~m{SjN2n77gQt
zJq^Z_IAlP#d`UdRK7>-V^!&-QQj=z?_jYn0JWvTCNL-oNBz_AwOdkF4?+?-4Cw%MG
z@s>#TJseSt7%r#>E@1PsnD_>Ae%&qOU!?|-Wf=YU&_orGUH&`#RkbeGLXW-Q05XuQ
zh4yd%#Xs+4`X9YO690-*|B-MF%KwuKh<2rg1?tslY}j%_+G4Y&5A|xm$Z2VEy+8kD
z^MwCIPFRgLodN9`bm7-`+194etmp}a#f4p^l1af`|B^o6-zUW{@(F|fmKLjLtO%2@
z`NdDxugm9$wDc(H|DmWgQNqNrIg|Uel<QZW`gJ`gPF+^c-*CcyNSmHHG$Ct{@ck_+
z(}tMfK)AsEiFzSc>>u_iE1;M3rh%BzwarDI4!1*|!okt=|E{2_vhUg&8~;FdgEY<m
z(sl01|KLH5`*+DRS?<I9F614SDgULTnZNgcW48Z-nM{Vgy3!jNg*C$#^zUv%BM4n!
z>_E=3$<89xl}Gaa^Gkdtz^2#d=K^s+O1j@fGS2$tSofA%tg<2w+k7FKl`VYtNm@V;
z^CytWXJau!(VZlQT-vM~FNyDB^wPHg_@S{Zlg)3}bE;S;It*a(TLS4~rb)(X{Lh{r
zY2q_Ox=YLTOl2allDT}aW!h_jIkhskd|c(Io^fK3Y*bV;YHyM}!6<bTaY$BbLv<dm
zbc|@BsMK5uAI1=r#iHClopY&<2Q`tBHpyI%)HA(TM6+_iB(ZbYe?G!_EsN(nw@jKa
z{qqDu$4Rha;GTEc-@~1Et=x}u9ZuNk&!j^Ig2TMHsYNrw$+?=>TB;}@8?zTo`HoK#
znb2LdtWP<gl<jGVyOThkpIuWs#dso*T|CLz95&<_Jv93*J!wdtI-mi;`&aoS@07{k
z(WuK_|CTPEUNBQhhd_ZTY(IJt7BLA^fw<_vKBA$rH%cAvxYTzGms?^=2_{U}n>9g+
zVL8*6Ji}U;0@)nzL#zN^|Ly9x5LqU5&$uA6t#8sQI(IdSE{=Oj`<XnD;dy#a;6dR$
zHBUsNGJdhQUIlnXt_v2q+{T0V+cTc&n}oSc=?U<o=OeB&H_tE!3EqD7*?0NXh|>52
z$SF06J`I%5_JzkT+F*ice2{~zLMnNlLujfOMLt=$Hh)0KWnu$wIE!RS+?bA~l&GB3
zhX~IK;=0WW$_h-1vgum6ZCh0)YYkRiL9-(v#Z_YIZL+zrG(rKV6E)Il$|1_~Fa}42
zHhLw3H!Uh_o@W-(eJ&?>Yq3D()d2>{C86%xkgM#g@v<ijoh@r6*C<`?z(f@XtIe82
zycLNJ%uUyk46&mLj68W)+$Y_*sjma!gY?r6ctT!1FAkpGqPz47d~0ZmI0ed!%B!#n
zGtUNtrhk)_hQHPe0sqKN!rN!Q;B>$SWGfbrPHHXXY2r1t|CU~sEt(UXVG2nlQXt8z
zsm*eJ&N9@NuD4Q8@2PAV*tj0bVw?M^m=d#)k=U)>j$OoNs+dBFe|9-4`IMOCCRL(*
zwR2Olfnd7vWq<w4VV;4A%!(Z_lV3b1f2ktc{F>)|9ojhNjO0L5D>DP<qh4-nUwz>N
z>XR^DiGBQ#uvy5pnbz^u)J4wk&1K=TtU_At#6M~?kDNT!!rC#a&m1ugJ<RCz)1N~O
zgxzwU6_Y8fC&bN$^_<`pn-48Eh;kj;+2$eH;CnEDkDouiBA`47vbrmPyZ>8yE*$0#
zvKdWKm<5qJvdAJ75$Yh#Y-xz2ZFr;cMxoy}X%ljUYc?ahc%W)t-+x!o=zNh8^RT?s
zlsa|o-#uUZnlk$OTtDw!6tXdA2MZO?*0zv;C4z`{<i!7<{)@XoWL8GhP?jPYbbIS6
zaTx6xNV_Ja29LFS`xh&L6!h6KzjRqvcbYW_TC@BBu}iv+jC<dj|K@p*F3in1DUjK8
zhoz()!zBR6{Ewvo{yH8AIFPgP?mM|*G9FIf`aYI9HMN3{22>L`I{0GoM{U>Fh*J?Q
z>fKeLT6a9P0twz|$g!W~r7!=uV0Z|<b6004g>ivlvMNQEQVGMvQdE@$wv{D9eG}ti
zOFj;SaE=}V5J&~f5<)3~@**++d7pn`63FmjrSV?<s;IoIafG(jZ}~@dP5G`0FJAoG
zR+_pbkO4i*%f#tYXw!%K;nKQY+Ln>syYu10kCx_oUZ0%iX_`gvdJeG$rZ&F@jISU^
z)m4#Zm_Y&n2=wscebT08gQwQM`%p>Wg2aql#f)^tgj$8mUA5$VYB@fV-ne2;Qh}l6
zz!VQ^rKl5DASR2cCe@11MM>XpyUX|n$A!%DZi82zBI|ScXM&x!w_9(fFQjlj64ccT
z&t53HhCBSs<D9OS%IOudTu?frokfjIx{^@zbsecQUvh=AzxgsDz(8qAw@m=d_M4qc
ze7oSZPYKZGX@u%rxdpo#dv84RPZ2))>2YYMQxyJ&mD0+ny{qh9gkjQYxU_^K+MW-9
z855Yd`|NoB<)lL90AU)wV{C=~CcLsbkj(UCDB;0-`6Vx0Wwut;earvVG<jn_n@P++
zx&;=81L_55zH^1T(G%muQQ`1M_4aChyHVP0rSVNDiy$0P10v*>$<7rHotJ$5bqup{
zUy?gITKs`pHLoJ))vtnZO^y?t*ugNT{R;GKYG)6mcWj4sKM!9jJn}J!{FgON*Wrbs
zoDF(W^^!H6v&)UNxCBpCW=IS}&G&NVRnjAoAuFK&dj&XucLhCwk5jv72prkX7ri3|
zpbzFCs^Fh8U&!mR*supK&4+iVF50-@OrhA(E6uke?B05U|IiTmM{7YL{Pr<jw+iP|
zi@<6mMA-~D5;i^I36Z>_f+l%6fP>tU_E$(9fj&~gLN-mm&)rt`4^IPh+D6(d2qzc#
z`@eK3iJOCDXDMfdiBltE-BSQ+=%KaFo8T!Fh#c6zK-Tv{fWk!LoSgV6sNx6}N=<c>
zv}i);moLKA;QdR=U;pBpG%dG+$x3Quv^&0TB~)MC)%tbn^nd+4U8zuk<M#`Mc3jB7
zo*Ar3LqSO;Dzm~bx`z?cEI-@$S=C(?A|J=EgA7!V#>1L3-;oQ^Ks|}RX+k)nZE%(k
z^TaH?HgU`ZK-Amwv&EU9V@rChSH<m=bLKqB14p37-KioAPSEspXb$+J>DkEqZje?~
za|0TtwW5_~fZLIkfA<ezk}AFVmIgEtQc7=^-tm5}&oNxLZ1PM<ro4g5Pn4v`0l|)H
z#FWEd%Z-KgB|Ovgrkh0vZ6~I&jWsk6*&~qcoCTmvvP!Ty(ADTcYV<y;(-sMCww@e#
zqQWfa8fJ}-%wj*FeHBHELIr371k`VN(J%*<JtINLv1?vh&L78;yraCtN{+Q0k{t@&
zWl(G>RU)($v}@oADuiA;_t(;NCBexB)U>#CPP|7*z1BvWJrLT_dK4&JWM*_5hfdu#
z{Fq$SXz;DrH|x*x7tFDJ_9!h3u-P@tF$>T9DBSlv&jjQjCbt<5bo>M_d6n0+PFjlF
zYYrQX?=M%tH3<IEx~LG1{%eCt{3YI{gNBM}fT$TZs3n9~kG;H0%pyC}SWl_<hi~^r
zb}2FEbwnr##3)kKhhp6ZKZfQJ({kZ44>2S)Z5PSgyb9g54)G7_Piw#}wonT6u|i8T
zZQpOws|ZAM*3ZN-UVbS{A+FcIL%~Eog!N#{`yC<fl<-Z3jj*T`Gnz(=W{tU`z3o;9
zzr8%@W%awhxC1(o?XeCiRpPLRcGR%XMEj9n{oa?8PfhNBzkG!~!m^H_<Spk6EXSyT
z7~fCMckyFT^>6S05Fjbjyf2PV{IK)I=Y=E&e5bZB+#v#-ZgwE{-@n(lLere@o~|ZD
zR?3k@&#CyjPdg97-@9R(ZIs$AAp;Z)v`GB|-w2GFztq%6&>U5~Prdz+F!g%unq+Oj
zO#-xIocK+4rIK{HPct)Jv<7`GE?v|hs5@6F1iqBi0DWtVkd&IT<SmZ~HJcuuioGc|
z@>GFI=oe@et7itrF%3IswJ7Tr=u?#?=02KDb)V%Sdd0HT`24hP4uqHAEkD;<bgD01
zOGm^(M*8q7n<aJI;8ioz_aRHXevSPr2aoKn*r8|w|6oh+r>3-Qh#b<HZ4SG!9#A5Y
zuGXjXo}D8fr<jF;b%+R%26a!UpVi5Y))X(*mglqI*0u8dSO=rLX6>@>Vb{Ca-Ar=1
z6lNKB#-k%GA{<gpM5Yd?7W1GIWa(@lg|6{jKaa&#K+W~c&vC}M`}((F@3yjU@ZLjL
zUUYnLB|H+%Q633M-StMWd@aKYH!%c+YZoQ+pwp*79ebfIxOTj1EQx{*c9^~$aY{(l
zbF!=KPA^exIo;a-e6jvzV10O$BtbysrI+~p{(+=&kN#^MKR#7?fq6Pqt`F_o2egrR
zS4K<CSA9geHYCe?ZzC>+T@`|ZON?iop(lO^p}Z-1+k_yht&9QE%%|<EWe2|4M5a_R
zKw|Byh8+1sLV1dXFm|=RM8!|8-j5(ZA^8r>p{!FkxIeB!;~h@46HXs&k_}r_8RLga
zt&*CfFH3gt_sXA_1mFfuAzQS=0K9f@87`<4vzKNN$u8m<POT!g2n)0<F|`;T<2`dp
z4;U?JWKt{MTA)vlK7^Zv6Iu~X2`yF?=c0d4z8bR-SW8+S&yLMOieK>PT)`zmHv6f_
zXjH6sLT5q@z4fw(@aE7+$@uIu^z%s}P1<{tItTfLp?70*+!89XMu@Yf0Pi~Kd}alb
zcT}sXx#QgCMjGjSirJzFrLg(a)l%(VJv_`AOSY1SiF4x&J1Y3COj}jIGLjNAOOs;x
zQT67}y(!{T<UvrdqH}q)wfOEBygT;MiUmLL?Hg1GbrhA#WW=>23=tw*Qu9vG2ARyl
z4zD_y<ZAe;^QY`)hM%*5@fua>v9-l?Wfl2kCvp+pj*@PETaqiWUO~?&wrtw%(h=8n
zQkpNZi9`0^%I9i!Bnk2l76b?sMQ7`03$xtCU0XuQyhJMoaEZ2OI@C<~<2>WfLId$&
zRh)0Mwp*x;FP<^=R{;t9T1*v}s@|)CIgx3Pbg9k<YcILg?Mx0mWm0g1>i_-_GbF~6
z@QWc0KK;D<#)$7R7+DT$m9nu~wkigZ>XX?VB}F5Wizdrc6E2b7I2rBqQ%hm5mAK8#
z!NnkZ<IvvQgNyHrqMl<<;$E$~GYx9#Sxn}KwPw%#Tv&3AsC!4=v1UoDt|bs>x2@m9
z{~km}Z-gAyo>cUFrFNC(^~Er(NqJW(;uigd;)(ss!Y%jD@!ZF~OOa*?m0VwQQlW_G
z!po9r1675Z86T$nVkkvW*-R@2CKQ<BsW`m+@VZvr4Y#gihhM7w>RPD>bNcJ7q-L=a
z^V!UiR?$ms1_-B0en-CGM+BF7tkKZ5D(&=ir8qdE<wnV_xRlebbfz#kRc$~pzvNcP
zvD&;tg}j(c%kfY?LD#VWw4<I<52}+PWK<Y9T+n*t!kmsZtD0FvVSFrxHwWbBPbrfW
ziVa8wz2;}sYwG6bay`bK9Sn$I?{w`b?(*-Ud)5{L(qZD8<-HLvK~P%T$=hDvjHPdt
zBIJt{)awY{#r_cb?>SCa3>D0&aZx>$$u?xBQ#q15(tOXIY(_6Ar&&I|IBrQXbf%A$
zWgLX+-A0OdG)TNEsC6}4O65#Ei*y=N4L6f-cQ3MF(NB#*C2`Y!UEXP>>)>WLrTIkU
z3=MHSE0aovpB}PhgJY)Y*a=vuVn2hnpmOQVQxuiGmUjr<m?$!5*$$f&&8du{h95t%
zO6KgsQl4TU9O7BU%6fkc)k>6zq<UfTVLMPC`#^U<F+<V&YsOT3+?6phA!%S%T(Y9~
zDbxr*j*lrv^Z=*V@OQ?$V|RgYKddesM#rJNLM7n`{jazD6p%i{HWDS{VpaISW@GEj
z-l#CjVgS+CxDrv)S(YcW^{nJxNk%?as_%+syCD*bo|(yw*lswpv8ru(8sA|UrKY&<
z%Hu`CBP66#6x%G5Xut2?b1*VqF4FAg{}?h%1WNYuq+_7YQe2JdN0;g+YW6D6(V;<+
z_17tmB&m!fXh2$W)rR~t(V!dw*c^+xM*Y%h*W)JSgKSfSb3<Ikbn!8k$O*xVJajPS
z`aUC|c{R~8#qcu;#=Vc35|2Z0#SVt9ZSgv@xr*uWQc_YtlIiF1zGJB-<rh<L_-#2M
zsrro5hp3xNN`qyZ?{z9KuF?FMBKnU*M*K63ibqsM<Hg!!ib0Ww4noKkxFupSW<<VD
zoMS$4iU7h`Pg&C5yj~e&|N3J=(mk}zGPd3&OYw!4=zZkbROE_sROV?vL$#=0?wI3a
z!R>2T|N7G(rPZo)4J50}fi6<qn<{m1z~vBAy`uJVrXQY&r0!2KrsksE;Np}VLu*|w
zUWub#Y=370f!5X1ow9tgo!|r&qE>#b%fco!HP_@+<W*aN`r$bB5(1?it6Jh%&kr%4
zV#rAzwT+f>m5#)A1p-4Ym{pgDQadV3%JU?(o`l2$SIE><(*+xz8gS)cxcRt>PVNJH
zQa6~kMA<ea)pTFL9WJMn-SP~auC^Dwf8KD^pT(~lZ(IN^3_DYH+2vW175`;FNEE&=
zi`{7WEqLOT1a3r^EWL~JU`Ce2jz#T=#@C{uhu<B$y9JTNjz%tO`0_l1<ovA?Eqm0R
zjP9reICFh&3yo3!!{*_;u+hu@pnY)0m>5gNyDo$l6!lufm^c#@UbWyt2L`oxnyBAA
zew~{tn&f$XV}R&Jin9-b7WLhiJ;E&8BSJZCP?W6ZS*PZxgejLuOb&kHk{*qGB-qjS
zMoBw=Brm=xMq-fSj=k4A_&tN~j>1^VG`lH-X-L&C5GECrS5OTYBEA4H`huIGVu8mA
z;%t})B$0kwh+krN?ZrPf->7HFg^SXE-L(_Gs}Mc*z=#D#h-)6jSTaiBIDXajQ@>?P
zNotfC@qtk5i<Pe95xX~pnVH5SE=LNNIBe^G&=(QWSDhnLRSeG)3isC?sl#~*4#_^K
z{5DHopcdhas8}pEby6AXjmgZ%L10I`NcV(!1t35YU;b{!$xR<t63I79`LwW7>`Bl{
zvxDJhXdTN#T4pGW_`BBK@m-v4NRdLi5C2EA!Rq)Wzj(1j&4^u7SS^Xj%<+gkO^o0n
zuO$}d9gf<Mv)26ntNbtMUDg=i8uk5ZN72v6wP4mT*Sc-r#2YicabM3cO+SxlQ32hE
zv`I4juBt#N_qL3_S4ll@Tg1>_nxF6P?+nuv&OM*&Fs{6xP@mUEgU;fxZJu9kT~=SP
zUYn$llUtN68r~<&>GqoyP&AsN`+iA0avjn5a93m9{V<_^&zG6MQ<P7pG|sIw@z&DO
z`P5ZAe06`w%|VElo8&ylLtBvGzH8Yy5Setz2ld8&&}fO8e8s$6(T+4gDAxTniJ3GN
z3v4ZJ^}eU(K`r=JYv<<?<Q!tgL%jA9cd4Tbf99SkscDbG>!@0+h7a|lZprK6DmPLI
zM`gU7zC-BEn()`zG<L8dzEJBJ&63SXT(r0FzZ~fAVG{g7XPXFusP#iyh$Z^0Hv_?@
zes?csQ=B|uoyVDd(8m};4d~f2Ewy8#t{n~nN*yr|>2T#qK(--=1GmQh_7CItcPNTx
zg*WroaVPa%FGIo{gkG9QBZ9c3^={MX`SqVhbYTXdayML$NEj`(ND(HvC^O?HZ)QqN
zALrLP`HoP96M^w#wgGdT?&MxD^T`*QCK&4Nh(4KWB$bx5&)%8TJ8mjmYX@*NI@A}e
za5N}`Y^Nq`fqSD!b>rab{OXlh$El0ac#qW>J8_(0c1aH?U+M;N5G!msXbl~e0r!21
z+C^vRXzF_>-Y34+IOBar%B1fP$0_I7%k(8Yq~kt~$=Yj}{N}Fr1yUgDrIJ=(>Uv26
z`}{ah$y-k<UyHo*L~D$}SNcWhfn54fN*CO&OcmGq!wVy=b+0YdgUZZ!S&yoC-6`E~
zt|5B2;;xTg>^Q4PCgx_am_vMY+O+tO#EluQV$wY<lu_|&k?93HimMHLK2HI6y~n`^
z6Sq2>)sd>JRn|lGU+Qi?NRhS+-U?kh@Us56Or>+RY;N@Wd7-&@CUM@%q%lOiqhMA9
zG}Jm1V_wI(E62((veRym!Ua<Ttq6U=Y=ps+8U^De^>tQ3$KzCux~UWc=Ap-s6Y`O9
z6ci6GYw0la_GiIOF>dh&xQR?I^W{P-YU8;UL&CyQzo$eqHjNn@PV}wHXoGh#NdPM3
z-_>>#lp$ng=c_$%C(BWdIJ`BE+S(Wur3t{$S_OJf+_dst)e||%?s!?P2w#cEs!*H<
zL`xC%b}@5kS}Qa3>FM&aTv2e&$3Ac~=Cp$AOzO2l7fxKp+&a(pco<;SK|0~bR9H#v
z7$!n!m@+|e>!ldQq$zf+YT7f=P!iK1;V-_2>5U6wbhI8CV_I}X3zDFrRx?qX)vv$~
zSowC11foXEbYqwVN<{0mp!2TW$1^{s@-Wpu);@Uj537BlLp!j6BtZXXlD}!V?sTWf
z2Z9CemdV-0kD%!Q7r_YgJPFd6<AWr^2f7EwJCYrQV8g>N-xg^v>SamO34j2t@=e(W
z2j~;96S&!oYz0s@E#*{L>w%fz@I<;wh7XciVk5hfNOF$m@ykmbp4o^;RO2GlB3C@P
z@4WoggoD1Q+XZlkmT+%yP#g`OXE)!SW`Cd-M#TG3nkR@`rvwU_p(I`-pYD^l`cYb`
zeALRiv(s~TgQPEyc|_uI;3AEN2DSfWiID?2Xwf21oUVtGBZ96Ol)sq`bVs39bw!g*
zH3GYt3zJb4Fn-5xOPq6+D9I9MZl%iHKe#$@iRqQ<{cVY<R1^g$L}XW`#jicCIehMU
zsy5O&NH%(_i|kP0(mgmQ8L%Tux7P%fJN^MzJM~IZ*C`AO$6>+Om4^;rs;6VeFe@VI
zBhDPO3hU$=qbZZ0W)gi@4!2MqVv;W}JT75VWVOg}*fudtnMtCm=oQks?PNc}1@?+o
zpe{N);?Ny69zQj}l`WGxDwg-Dq@pn5n;TM|_YecoSe<@M#kwgEd~3AJRn<i~cqUQA
zVBN&!wH0ON&A9N6bJNZp6^qQA8^Ymq`}%sYM#5lHl@Uo*5$kbV5>s}-FPR=n8S9i`
z*BE{7rm$KGf3gCKkt`64wPGJ?U5*&%ien<rCrC)SdGm~XX4EQ4zf|!Ko}tin87DFe
z12$hM{jnAw+DmFai>;r{@)Y}x6dCZ;_sI@2D17*I$nBfIw*OxUEW<}C8&vmEWCxui
z(Gi++ao{KLNSt0tcn7vo`BigosQ83fBT+F5e?Q60Pg=?lTrd#J7E_8!?|0p~2`@Kf
zQuBv2*3m#kz!Y^G6EJ0o#u}n&i0k-SW-1Cl{+dhVP<bTcE$c}MF}{}0kDJ&CTUwhd
z_E)nN{Y!=Sw=c6@g)WxjVsyhwU2uweMSj_RA^mkm;su!SG*RT&jnb?zo7Dg+3Rhtm
z{0<)(GEZQdk0WdW6_QH1&%=^573mYNw5!T-H5Ya=;_=hO<Luw9h9AeTetHU<uFU5#
z!Jq&eUnP_3r4kQ`@m^D>zyNIL2rqPCzzSXFHQNrK-Rwv*q5~U)=aEj@<h1>iBi(Tq
zA+i5P?>!-kI$P%v4A^0pjLdG1l#loxm{=C1``TGJOs(j7nbwWMDR?UR*TvAn$nrKl
zH<R%v^PT_;feg8eQ~o)=g37ZqQkiK00%v0LG~ddHad9W_D8q4W9ZxA_3)fG2({IAd
zd@{S3lFzV{mMNK37i&bTd<tF@m|++P)2D=F=>sTcUZT5u!_E95yJkzmX_+#67qqc2
z)FKwq4wiybb+{5|5~O}R;-Xs7(k>!I3c`<{U^g$ao_9;wX$u>~Df%WCz285~dW#9p
zO;-dd;@2KxDU;LTcg*RPJiIS*MOSm=<|rrquD{S2S_BO2PmoZsWyQy19}?<QUJMK?
zQ3&_BEC3z4(L);*OK0}dO`l)H_bL|s@<_CMAwI<{Y9)2j0GO`@QO_rAnrFf$ISYuI
z6>%vH2llJDDtmmR-8qh*+4FIL(f8XD-ASme^_&CAoIEM0cE~^b8^}K?D4tEJ0I8!h
z2u*cuFK7tNoX3XsB_yZ`?ktu_ziv2as}W<1kb>XBT$r%qfIOF;x9}n4q`M+C#h1bP
z25tbVh>c76BM~FQ%}*U3?awX9VeWO81&aDMu-<3Z0ePYcGn9I)#i`1>T==+7p7}mI
zl9x+y*AI0lMvma6w;tk?>yl;wTYfkv(RR5H#0u1yZ6;08tQwvIXXd8^>gSv|(h(h;
z9lMN=eo1Wttl!a@u$x=#W#xEKH8+P%t|$ebo_^Usq75iIbw|^6K`8^ePfV*7(I1tF
zX+3>HL-!6Y*j@R`E>S95aI?Qp^}}_RMtPn#UY)hs-J;HDrH!?a^(B023TaZ0Kiulc
z%Yn5*P;J`Mfz>OZJTPj~=n+|Gmwp165_DQGQ&~qSC^5@3!+s*_?Ctl5##}gQTS>VM
z*(8i#XhJC}xZx9#9El*{i?8PZ%CWXzbcynA8rf>rKzbjXQ)$u;xglR$du$6q*J&Bt
z?Qz`0qm->R352eQw9K(u_9P$JstS#7a^v!b4dmNq9G)RQQX!h4biFnlYz;-QoF;WW
zMg_(^bh(Nz$58KRQtwd5KKRrcQeAb8At<gIFwvVyxn7@)z&RCNp2m!Sr$ykUrL@+K
zw5$Q#w%N&RpSZX8k|9wxB+d!A^47sQSPBaa6_oLFlx4gqt^%v&X8ksqPR6IF?a)D6
z2bax5wXJ?_VmGd|<%#U#T-+ip+ci{Y0<YC)o{QD=xOG7K9im~flb-|T&~=aa$^c3!
z2(zDR61cS(RVG$-{Jn(K&{6SJ(jc3H?w8UjzNj5J-?|qxx4aXFJ62OAEfXTiVodR+
zSf`Up@#Va}7B_PRBh9GL$Jxs!QGFS3H2{SE{RpsV%m?Nk%bw5PES6!*S;>g%9$Kud
z-4WMx)6Sor)bY6ls}z>%R#Ys3z!j^37Pt*LrN$_hEBOaNQlu13aHN!`{p4~6`BkyD
z8^P@<Q~VrF;^nC{DE~70Wcx`4s2Nn;%xcs0SbKJ5v-WlrGrZHxvwP8ri`a!5(TRGl
z+dd**oxXGwK#ui`94*$B{&9Re_iD#^^5qn*v85RW--8mCh&1;v@Hq?rI~3_oaNk0K
zA+Mts&^E$H%3nZq@^RW+1KI0A!O6vKa_=;7fWBbt41F-FUOGL4@4BgZ{kEv_On>>r
zUJ_&+G`&<YdSr{l!-x5(lWrrf303u;lZRJRlK{9{AvKf*JWFU@p*?TJ5kWX_Hln%$
z)>APC(w;x!VeVYq^lX?X$aV+*%p%OrLe2gqM5?44wCeNZPIlUic6TSP9Uh=rzFXHA
zYk3Ata7lZ8(AS>30AJUB@O*q0Se{RiExD?85uUTZNnLjgw#8Gw)7Ok`ZxG=_8tkbU
zqBeVIxp@e?fC!sDs-y@DwXF3=!d#Y-xlWyoz^$i^c0O-ytD=eC;wo+b!Yui&g#Jd@
z4aH@Bn6hio=~KcGwJV^iRk5Quvd)vRR+_qECILL(WeZ%(UxiIzrx{>cKk`wUtr#vI
zJsO_6M2NqeYA<nou9oSj5g8Ezt$MY(;o6ndQv?ofm?yb{dh_vzXSPm+I&wv3N<G^f
zN6zBeRw4n6N>+07(Y4LJmMI&T3)4s3>v2U|?Mn4yZVpaq8&^k1h=ps5-ygI{qcX19
z++OLNgRqzr5~(UO5;fPh63#$9pMxwx`PqH>t$dUfH5yA|-kl|$nL%E66=JfWV^Gh<
zu#tZEhs&jlu=_emAhovu)FFFm1>yTNok$Q;l~0TICn9X5zeT9gG^|tA*hA@LE=>ER
zES+*k%mg)^AvPOMt%6)|SLcq6^OxcgXC>D-MfIClS3x-J&;OLhASE#5*pR<TK7h^U
zLLE(E@l2V?=NFgC(U)%oa>QQ|N$^6xL73Wzr=wGmhFQ=AHxUs=`?hRP+=LywoOsIV
zl;!p@Ei7^|6^$L6xpd~lNyD?^Rp{NtTWq(T;>3IFo>g28CgFU2vgZ0>tn@zx`GM`q
z%0=9oZZ64BJ8g2BIdl_5W=&{{WuK&8L<|)7F599nMe_(|FXoR_tqBz#@Dj(1U#<Bm
z2h|ef>Oy>+vaCFQsYVsc<|>{QXXF+GR8mBo53lu@h;DF0%m;L>J8UT{ntcR2J`q#h
zl(ZWZj}Vp7N~MV>aeA>M(4z`kQL@;;G&>_`e=VcMm`N?O;d-1jHxo!N`qcJ9=TKXp
zRaAxOh+xdZra1|o^EI}hPEEsE$KI_%Y4AIZRGpch@7}n`1`P)~X<<HcaZfBR1+{yz
zTPnWp8dD!09qO5x3+L8h*Uzb{(_-9rH*`#&o}CIiYOwMUAT_seO)Sj7OWA*U#6x5h
z^HNVsov^g}wYcmr>IkZiZy22;y0Q8pz;(GK_4)KwHhy-dC)=vA3c_`vk<XhvIrGzZ
z?My_=0{3vXbp|LTL_(uz)zXF_qv}|e=T^4_{EjXrXF@$xj9Z)L|LD#&vAP=QB?ot+
zIF3<M>u3B$T5;D&3ztT*Vidz{jqWD2c`2#}gkM)TyB~9=W-Z38xdhy=z00bpLGog>
zWTPyZH4j{z3J(NpLfEq;T=Qkr%l5AdGM_}@n)d#do!Ttci3>|91}>JbOsgEtF%|9{
z9U*7`mAI^#sfNe08(U#icIu{L=CfqE5)KdTI6NAbwD)USl!@+UY-hAi^qE?IGHS?c
z%Kv)aWK!2Uu4GZpZ7%=3)3;MdNiU?Kf`D@<qqwWt2-WbkQ1CN}3o_!0BUMYYk0K2F
zYn&>1!GL+4sWUnIOp3ggroSYmu7*ZHe2r#!4EAio>^UM&;f+&_WKPShe-HV1=d$6C
zFsuy-)t&Yq`p%|hCDWRvzMpJ4m9-yKW?2i1D1=mOvy-1-;^$d9cP7^+U9}|0CZ^Q=
zUKX1wgCBr}lp^i5L2h9PW%^7dQkM#3!1`KYuutvU;USd*8P}sWIG4?e-N}MhHgiZ+
zLI(A5dtBVWzUG;zx(mDze%fxucnzT}l#&N%1P$d7E6>bj1BP_fl>F%S@C$VX#YO+-
zYwq)%WD`afs6Fz2ULYlI+FjeGb-U)D7S@4%Q-u*&b&`7vr1*7<Q_yjX@Nf87qlz5v
zT=L}jHd-bf@jM~FmS_vg2#oZ9akV^6tm;pS(rVI_nKGtLOf2~Ke~;-4J@53hvc{!s
z#9PsKDxM@eDFKy0A;^r{m`0`T2Td>1-<T&<vt^GO3;8uE3{mZ<kpw9Ybm<YKJ{`sS
zstsxBC?TbdLK;008BHSew^RFsXL1`VkeswiW{N&KG1@1JvNC~0xkedSi@6zRnfI*t
zPhSau%9SlGusZm(g(%ZzW=8^YCfqnOj+KrMSrXDUIIbm0Zmemz>+uFQ<mb(geWfWA
zbCVG+EYRNK+h2O9PZ}%Md}Q6zZt*Rw(UnY?B-|OK(qe9@fjzj5%-*SRM9u^d$o%3v
z%*!L_n!K0!<yQP=edc=LeQd}`o2cpjO2DCBLx|z-oGsIZR82|w+K?g4d{r|BT`qRP
zOYxEHCn7@*NWd-(CHA-eFa0<9nKxK}T#?0Viw<i}>~|1O_h@D^HxyWLO;jNLE$%A!
zJ{u=R;=uXr<#R5ERVKRX6Ux2cA%1C6uBfZkNmdH!oGoHyI?N_fkAWR1BrO%0*9%7?
z2rtONl4B-4#81Il5wRVL10#$$af8IbA6d}qZ})^wln=KK;Md!Euk}UW&>~ZkZ^^vh
z+%B8LLMgb;fG<<7WlLU%dHX78LJ>0V^wQ4ZnyU^}Rub05YsF5S&F!qFK_wq7{K8K%
zdr>tatY=}>+Z1cJ(CoI6a9JWI;gU{p@A-Ot!|7>S&1N2D)JQNS9ad%f^yX7=3kCMj
zDnU=bb%GEdv7}HbXluW-aL2?`q^C>5rQ?Kw_$Dt{9)hG-bD|_MckMnE1<)^NKFG`?
zwN4Yi@fGr?=@8i>=S;P>sZx9u8DORJZFUC;fws(eMjb+lpt+;YSvOz+e<9U@^NL+F
zdFTC#MEY5BV&_0i#f%ROrrmesn3y&b%B;;D%aC<&sLgJwQ)%H-;Em~MZ-w6*NADqW
z+_`8}&`69rOyw$6BfpX0KCN_?SPt3;cC1Dr3;wD22ytBH1D)v<d|_`VK5t(L-*}{U
z6-`T7HhL%H7HT}nWOuf63i|zpS{l|nH%KVT%>^W62`<O+da9PU7Ag(M6HC>7k6+yN
z%uOdyTcPrvAH-*#$r)`3gD*m|Xx^ab&cFdOxXyY{r@WA%v;B)CARCu6zT@RqsHZ5r
z-qjx1^^3<TN^M*bM|(z-t+x;MO8}tPTUYu*iwX1L;ZltI^}G6tv?zSo8r#k5PrrF$
z{FGpC_3pCU)a&-%RU@ACR-q15dau2QI1`H{+*q{f>YcmJ$F*P|3!#d9=%7d=y_fpj
zg$@(k>RYSc*c10kt34vT#VTm-TkEds2=_{}E<4EB2Uu3en}*TOhk{Yz@s6i)@pSsY
zrWR~>HoDGL{9#*$J!r&J&7imdBZ?wAF)uxWIp8YklPwy;s49zcyunTP>>qCGlhRfH
zR@A4MG_o7#>u+q<U>~Efxy{O2ZubV}bX16KwBY|sQHN=V2RaBZ#_uf`k-)7hVE@f-
zeaN6k1QXdz5iv2Oq0g5##Oz2nb8NMtj103Xxy3nH?$wd&rng>r{C3a?#$oj@=>oVu
zB~Oqh97=r;{e4qwNUIBp9U^{@&kL+gb{;&Y-S|dw{9WfM6o=z?OtKyHc~7dw-de0L
z^$^TjY+aICQeHDPO4S0BCIZ2<nA&GhJ8J4u|92eEtu??87=%cC<bfiK&+p&L?D~f<
zHUcJ2V`(*7`NP76*v~6(sAsnObbQDF6=5p?wp}D%=fU(qjFz(h=u(5hz#|!ln&K~1
z*S%=>dx}V-y<ne~KprcU_Jg(DJN_38+eJBNo)2L~SoseFwvWfI+8oX}=m@H2Vkd=#
z6g}lHu(llJxWE<O;6OnNe&_dOWC392UTN0+!m>hvjR$Q*d_KBeYyL<A?#M_2XD)I`
z&yX|s-v|T%b$3SaW+JWgn9fER;lF<OG%-J4(#D|~6Fjhf^-$NsN%8~I!bYe#7=LSc
z<3a=P{q5Huptp1{866JC5@|}vkB(=VA##`>yc)V~UEfHbzA9J);9!uIKkK|15KBsj
z^>)7CCNJHZT`?A6I=1PU|JiXm1k*VlE?O1`mJMXLk+9G_JiT~9KfiyGd8cO3*$I54
zT?fvKPQz3y43N;6^^%<txKq>Um-bA;J;w&Qg?51VOt){-ovuA;VNUs9y@N9-C(3=M
z*NC%LeUT?mMZ^0ytGTBFTLIU%+_kVr#axrC`&n%Y-*RSi=eK<2z_D&Mzlw7kYei;Z
zau56RA^YGf(ce&F6sxhTPz|9kFgfnM@B23qAzLzEFM2_kemayWa}c8eyX(!{4$SH0
z^VbVF;wmkJcXZesFKCB9;~DWZ3E6KR3yEN4v%^7Z($P%5so3$ZjvH?_O?ieLZTig>
z{!GaYp%8W{1|r6%7z>Zz!ke20x(>t}-}Kq%X&}2lgbNPxEi|C^_N(-knvIelFAP06
zue9*^bpw688rQ7)3RJ?*2M3fG4CbOZl$3A2Ky4h?=p8lhfNwLUU*MN+cREixST+;F
zA8il+07jlK?L8PSpez@f2wx{6_!sQeA)R5HBUMnzuRF?=J$nmD=|O*FaQZgje}gKZ
zmgZ^uKuUbw;b+FVg}YNLt?Ye$N`?CC&uqdy0GbSb+_>*DvCVJLN+6lOTC>c}CBogD
z{Jp7?czq(mvEAdIwT@T3IC8oEXEKYQW@i%gA1xC#X|&Es3Z!3=*G6@MtDATA5Y}%P
zW;z`kSoB{mMeeWT29qBj)E1n#S$wPXM4^ocEhNYEM!~FwrlymE@12ouEddd7{I77j
z9=xbxvO6TbCZQ;TfB515N(meCF3nZ<X>yEq*Kx@;KN;J9U$XNsy5Y$tBqN8pG2R_T
zF+3LSF?et2OQ+v+_46<TrW%(aL&8<`yIMKbTMe=KGN0*QJ>GiMt4<iM857~0AiHFh
zLH|$i{F>h6v+F|p-a8&2+>WptCMa0XOgX{@e~@TY_e@25*N7bX=0!(j_t+LD9nK`K
zUZIZ^OuG8x3riVadnPX?DgZmkwxShENh`Ddxd2OleJ1X-0g_`An!E)Egkk8v{ysb3
zCw%=V*Lu!o`I00G_J|}nM!R~6!^;eS9HkEqBJ6$2eEDT%jn=-ZD((Kp%Jb4~aqs$I
z*LnxG$GQWPDr+@QX{})iA!rL-aMC1mV@f5`_K|zLBOviSs~wN<d26h+099!oPc6bd
zp7owDHU?sJ<imt}qhzGo`+`w&&$oPyk{KO|U%3t`k9pjP+R*=VckS?bqQ^w|T~UHU
z&*Mh;eN_FOH*vsgzaY;ueMjH#2#xb=7QK-zq@P1b7IjA(npF1Zpr==K{!+d|Ah!Sq
z)~}ueLFqZ$`uUCg7^KZvr1n4@+?qs!fiL6XeVa1wy|p5}g`{-@uFE6#OLXiul+fw;
z_vaC|E{>Z?rU$p3)7Cv&<596p9wF^%E)oyFd@Q7Op-iZ_0?7$l39s1k{Q0p2M;CkU
zhyA=eyJ<D_Rjur_Es~WAi!*$?vYbw`i_SUvBk#W?TJgIrUhQpGQD`H=LQY<9>IWx|
zJi~Q(A5+G&a8Ihb;(0&5oK=}l{{YUEt*@Iu-@Uz(A9E>`T6_4xv)cT~#H4Ewvmmju
zAj)vrM@oJ^vAZWZn9eIgYsM+A5)9wRBy5X9kqZ};t-^kNb!vUu6z6#x!wi<R-)BMp
zIg)#4Fm;{(=mgnPPTl@Ou}UO1QwJ64{7`3dukacJa(a8sA}%kZcQysx#KRxdFSq8C
zuMgBXQqsa?hIiLboXNAZnl+Z37zSO?08zMou0a?5!}RMWjGRL(mdS4j8QvQ*5>KQ~
zmKssO7Q~z-Tl;wf9jo<T(!|U@W;q^G(ZfG|M^ma^PbmH2?$~uFF9&~a>?b?x&gOTK
ztTlt52)#dxAg}@XcFcO*w+1$?bzezg4!>IyWA%6HkfL;jo`E(N)z<t*Im3z2{m{;z
zCM?VQ*Z4h=Q2EmWWUb-#KnQEnPso|$&+nT+at0U9nFgEj2Mh>YeQqT1kW7{aCvbQ%
z$~RZ*;xdf>=g|gpQVKXZS)qgf*OWoa`AnRF?Y&1G+fbvy&4<>jQ{ghtW56Br_tqCg
z#0)waYY|8fsZ|gp24;6h&^9~e3&+1;=;wJrBk<fGzh6>5$ZC6Jwfwla#Bf*zdvVP?
zzD|$C8$77{1}(?ITg@au9DK#e&9D)1;d0*v%Xk1Gz&TLevgR9kdL&tP&g|t&2|Uo1
z=_wQ=>|Wzb516}l)GiX%Zn0262?IR91b1mO*$|pv8G))99yfw2FU~oEfGW>H6D;Oi
z4YYYji!1Xy$(26J0Fh&yGdn!<_4<*_5R@%|m`u&9aiHNuWYn4$K}84q7oTW=lcQQ;
zHSOWpq<{0xr6wbT4Y2Mb*4=#2#dJZb!?s=N%}z2S@N0(4F$&K^_YsGd*Fg+1>>Pc!
z0n$p8Nk6Y2?CBeGyKeJGAD@<wii2U!e~Q_y_HXPRy&%Wlf8Z^)W1s@OB`zBYb;khj
zLDu&zUQ$t~oePY)w&#{jY-{qdVVM0qf#m%>Asv!SE;ldZ6U+94>m`rUp(xUl8nbX~
zCvJ225TpO6BiZU0?eGrlp=&|Q_xl{DU@X}$R1@{HEJ0@)J#Ux_xBY~9dFQrs|JD&<
zVpe@QL6b%c!>g-CJ@3&aH-nM_OBz)r@Ce3(|LRLC*DHGInx`O72&O%sH-3lvPiVwF
zbO{Z28<%O1=Oa%fy@4uX+KB2_8a$rZh?>36b<Y(6*)ZkW@XHj8Nk>Q-v%Bb8m~wr|
zpiHrVSs&rvfYO(z=ydxJWchuj_1sey*jG|e>`>mWyDG}MEH-Q&*SGdAS3PGaaH2o0
zi~Ba(mZIIup+)*cY;?yRz0{a&205H)-(aF5yxy~(^dv1!8i?Iy^Qu?dL?-X6oj;U5
z?AwS;sAmMt>w3MnPXa=~k6%z)Nn1^O83XM~WST2WTG9*kMqfUMh04n-Q|+|X<4Qr~
zAIk`t4z7Px;Fx@Kqa5zNgJ3y6gu5F#LrP}|oGlOH(X{k!X~1XZbA>(g=0dGQK=_li
z#j#O`$!Ia@=HFZRkq1I+Zh|TM`;W*EJw`CM`}D!z{&KCq!3QKDH5<NxeZVjQ_6s5L
z2SS+))w<3OdOc0zx;*rxEY#^SiblG?4^Ukz1%^bUW_GZC-dcNt-$V)&S>fe88@^*W
zd|;oPTZ%GTlkMN%TNSWx;M<&=kB<s^z5bSHHCeG!JjNe_um7xCvHIEGBI&lYvg9I6
zsW4&h{5lwx!TH7u{`a5XZx8NRcbCw$oIK)vtsGAG$a8eMkt?u~T^r4pTWm1)2RIxn
zo%oB@aNb^qEMux#bq_XjB&!})qy=Ldem10$85qonr|MBE)bm?2i(mcA_iVqbG1#EU
zk*|8&qVe57lKWTKiHS0y2#rP7xop1%Ri0_H-dg<*i!sO$l@M}6n=<G*lH>QKT%!ph
zj~CVr5;^q3pDWdgnEr?kCsI+?+LJCgD?#-2(%>*{e7&iG&-VorG?d`8<V!vfDPooX
zQAP#Ccp39lX?ON;eaV3_`a5`X3lLO9@=JXp<aa5rdX@gCTa!%TimN%^&jFAW?&NQ&
z1(I{iCj1`gaNU0EBA05P-NmKD>qCv=@wdhR{-Q<>EUUt+;CsOIV6bN#BUtlejN%W@
zoICYnNA}eSpR$+Z2_E#;{Y3!!qLPrXkKzX@*M!vHI-Tg%K(H9dU~aVjw#WBet)G7L
zx1x{`c*B=C8}=MH8O(>CT}&9{#>DC7?-1U!*iyOEC(;7^Z(3?5%sU?OV~Ygdf316K
zz-qiRqzh@RKvH_U&DrKeVa33;ya{m8yN2^1>Zi)mNlWz2EkS5$DD8U|35&6RCe@xS
z!R_08e7HBedi!j@1VPR<ZE*|;J>N}xYf?X*bcdu<U)<+L>3ak6oy_I1DePxImTL15
zQnOo$0b<-1Us-eDm+RM{a9<_hwY9k5lE2iPpF<((&z_<l1UF~U1P6kt)HN;P?s+TO
zG&U|^Q9f~0ncu3ptosbuRM&nosbO266eH+*Yy;KaRV8L}2BRP?2c0FJ2s30%0sdGQ
zj|{|SCh2dbs!$YGo0Hh9_1yK*T)zf+3$oDbrZqIwLF!wA6f`HGqOTR<UTD@HEKs}|
z@3=J6<aL&!z1n|%{TRfiH}fZkLlq3yl8-kY;qi`eT=TOoML41q`l_cH3&7*apq6`v
z@&L^ZXlx0td_RmqD<FIN(Z!G5wTuX|?JfO9o6D`C%iq0u^?LW!UPI1P@c54o8*dFV
z8l1o8Nw{q7?42JETa$D&V_&GhJAzCf1NDdZ<stERQ`3j{+&6sBu3wBiyb8LQiQB4t
za$$r-z+ElYZN8L*klAn<-Z*l+PfUnA7(aA+2=4B-_Rjd?WZlsK-Y+WQIIN%TldJ>C
zJxA3$m!hg;zoMc4?pi%Yt-RBIDS!e(m%nC4SL?bVYWF=@hI_wCwB8?DxZL!aFmCu2
z6<SC@=siCk)HLMe)k1?JO*Up0?axKat=1)H;g;*Yzu32UVVX0c^q0?GF&JM{w6bmh
zd7dEgaox|+KF^SWT>Vlic@H8&4Nft67vAyUY0-6pcWf^WKS*pS@wC}tNksWVm{rOS
zuqNhJqa-SLgAVM~y3LCQOwKx}2Tp~gJ?;>~pO3^xG^()M)jy!9!R|_DhF8h)MMQm<
z>%WqV>hhP+&B~UkNQ#edXm9>1BGUJVvl3~ipx%PnX4-oKkdMx-RXBPEs6j&oxa&l|
zp|!G{O7QS|eHcqhiwTFRvUwzJz1}5VXnTwXZp4(i*d1fxja9@vhObW~=DV0*i$9<E
zNw{1kV4h#wR}eo*r_4E_)$e}iwA$fFafCCu9Hv`Yl!QbO<-h)A(U!dF>Q&y%V`}L6
zB!?f~kg3AP^j=a`7TVqUHM!hszg(bK*}Tht0985NP#uFa18(VFxJtd;nX3^^y7bTd
z1||bgH6Z)QgWd6h=R27){G_&oZ(nV;jt6N<0c|)<AIae0-L!;w2!vQt1&C3^z9C0P
zJ{|UduA<AsOMCB~F_K3sMiqi#&suM(9R_Sc>RvsX+WIV^v_h5=OpdHn0sbsjexQF(
zVDfQjba>-Z$L*}7xMcG=PQAvM)z0o}0|@|5Qf3N?&MUhmLsP8qZ^qze`Bl2qh|2){
zm~)^Mp!f&8Y0nYwi00WY_2BO*`<vGm4RgpGIp&2D^{U0|<}>78Y!UQ2I3%}VEAcsA
zZz|jpwensc5^}@L)&nwMw-*)C;+0P1_~t0xtx^0cUw!{M;Ex=k4vfnARo_xi?kfF0
zyJJop=#z9$w<n2ydD{*6$aJnSfyZl0XDKK|LO$pc9rl>RQS8IVCWIqZgR9#WhK2?D
zy7wpF!wPTR$}49;R7b3MY!I9Q8~R^38Kp8T=W?BKh>Ld1mNiGMk!Twz4|9I5=~8lt
zVwp>suVaLo(p5X|Q|otSUP{#4;cKgt_B@3h0!61AM6g8@ojg8aZVO<xs!64e$&zzc
zCx<Gk#5m_{e8N+);7$_w7m{1~dkm_4zVq*yCjVu`{|#Jav4I5UaD#vQ@cujI`al2v
zADR4*LO^`uKNX1okFDX9N)d(*C*oT|IfDpOiZB%`$KP!P*=~zMH~YCS!6D|_jm1VS
z#%euB{QKs9bwih>l_*VuFvJOniNPKo9ZgP52q>V5D4;p&Fr`SRM(rOSe$_>p57!`$
zY1IBI6|z^!t~D{EFGh+X77B9;DMsQc`bacBaaTH?NLnu1!Vkf^^AbQ1b@XYF+<^0%
zr`W$2d%Rt;W+kk$-;;G|0|0*kA)r$+s@EXaWz_M&l*-YB;o1CLu1`zowZ-}-9Bf;o
z&38<4`>>ek&@VxPkO5osRGw$6ZGWFjL}5Ok*ZtO%FQ>8+dBaAX*|>wnW^?_k!VFsa
zK-IGS{vCAfjp=$hvC%qlOfc6@DFU$gXagpYbN0c!%x;JIpCx8)Bp-r(j@Dps8-_{S
kNxnu5nOqQn-9A0Pf!+eQd`jjR-$DK)L}Z1_1%LYfFFCe+YybcN

literal 0
HcmV?d00001

diff --git a/windows/deployment/windows-autopatch/media/windows-autopatch-all-devices-report.png b/windows/deployment/windows-autopatch/media/windows-autopatch-all-devices-report.png
new file mode 100644
index 0000000000000000000000000000000000000000..31350b563f8a99cf78173a5c97c9d8ee357253b7
GIT binary patch
literal 116993
zcmYhi1yEaU*ENj0yL)lh;O-Pki+c!G+_hM6hf<uN#frPTOL2E8?zFi5wD<G=^R1ao
z=48&yxny7a?6uZT#0OP*bQBU4C@3g&MFp9UP*5<AP*BhwNC<DgynAsEefxrT`6w?1
zRWVL>_;vwjDfwO!3aUB|^$7_7c8%<)pz8t!h0*)>13l<aYz77OTA(N+so`mK@{E{C
zChtdq_9<Ij`Gs}mYQmdMka4l{S!w>b>{C^bVv3t!Lfe<Y)}6Hkk*ic5=y)p0UzvgM
zRf7AO9{lGgXD27BtHXl(Wc;EVo!%A!@KuZO3Q%xE-UOK5Er0Q&<@gZg)w}EX8q6b~
zJ%N}q3STtCbmAjIarf-U%ElH5t262#2>1sv9Y^RC23+f?s3;;z%E6u<Fx5KBnE;OC
zD2vSyd!=baLrKA0+wo7Jn;X83jW!+j<7tFN^}z&<;?^3P)&gWAUWtuX#mq_R)0gQb
z{D+_04PdJ;_d?JOH7%iI?+v012PpNyBN>vst(U$7A6ddJwW?%*)19Lx`}9og#F4nl
zw2>p4I{B^&>SU-ohW=LwCWm!mYyTTt<R(n)kly;DySF#V+S(d8fThWfesgt;)gp!~
zyj(F_e><Em1zVwlN|J^lRVS3C1<t_~o@x1Z#*eYxS$CB#QBfvey{zmP-p}bP6#6=#
z#&`&)r812S5T2=w5kg3H*)Q{<J0`^Pk0qx?WG~JbO}Z}p43J$O4Mj+RU_xqJ!9<Bv
zs*)M4nGXZLpG(5&QYHl+d!R4t>vr3wO1JX%sQdyDhD8!sZ6mwX9#1->MU9gTdLWYN
zL;eKbu3`-rCx}B@OQdax=90#fbHG7ufTOFZqgqV$G;>OB{yO<MqvOg@eV|CAav5IW
z0#*e@fyT3f8LER7tdUXo0A#uEwn$D4k_(+$Fko@*nUorJ=xC5kF#aMoj=3pdG!dD<
zbPgp=1)*LKy>W%D$$@^8wS(8X@To~AuheWH%E$}Ju7*=cfj23_w~2R8Hi$Ps(hceH
zakW@4+`!&$#G<xp#TF?{s>jdbGjV$j)JPG`fj-jauO`f*!6%~lhpAk&eBZ2|WW*_X
zAm+5&_>>!F^xY)uWxgs!Xpl_826@<Y78S4_jD5Aje7Sv+6ZM41Sss;R!5$u|$nn4w
z4J}Jl|4Hnd8Y1H=mYx~4>&&&!q4x>JktO4c>llS`U|?U)w_yErnY~E^sNP?L2g-TI
zgtG7M1qHDscnm=j#9hQK`>3^&;fLNIaX|DqpqXSMvvD{A1rvT{--Co;P6elfPoa#@
zUk<)EX^bN{diTWCIB_g9WyvFmFc$KbQQ!JWKRF)*`4g#gk0dy;hFTr};me;c_*Eh9
z>H!@q-xX`LOrCEcJ?R0oUnMIe`;wW1ne5O`kC40xdgC)_CiQv_65yR8WX4kkBWycH
zzaj%jkq16-GM-o}kj2DL+R$`!OTbiUDCNb-%uRwZr5}j&3ZIE+)OkVCz;HOoP;ys1
zb*LZ+ZjCN<EZ5wV%xP#CQg5qB5LBG-l`*5}g3$mrqSzWI-kArP1*OPWED~9$Qceo2
zLK?D4A}xR$#Y4e6b~jauk)JrugOI$5Va915Ev<B`r#9%V&=+H+`2Fjob^3L_DSd!e
z%dMm))LJ^y04uU<0@R6dG);XCN|I<O5XWbx0T9tgHK0Hh`{BWrHJD4)$)r5koDPm7
ze$%YSK?Pgto(|dgJ)S5ln;Tbdh`Is;jw41Z1QqaKsPQ%htOV;L19DLl+|p{!e)fHx
zq-oq#LN$!+zQZw9G^Js24f?VAIW>PYB?Rdh#mulc<kEnpE~Y3sL8ZKlKtXzU)O0GL
zuPPdj09kw<QtVX3n29F!Oa7n*%`(@$ASb5^l*Z?2SO(9|?rJ>nQJFK;*~xJrB_Zc`
zdBVHMbDZrz`sY6-OqF|xhow}32VmXY-ErA{PT<k^D$T6AN%K(?RPF>NaAe<Xo<InE
zWX5tLcq}V;UOtaGJw!lme@Y9a1`H2gfLVi;&a7anrUQPrDN#^x9}fXya-bScmbH2&
zRP=7=T^EHMFCRXTIFPhJ*&PzC5a?|NSL`d$bq;p_#pP6AA<TGf;EH?%<sa5reEPnt
zok@Fy&o}|<G`K;Oblh}sX;`#|KIGeUVxNe`{9=OsV&{1?6lPpL8txeh{tKlp_2AF&
z|ANqQHL6Lqi>rF?cDFBM;aIL~UozFtM@0Makum<ig?~HcKG+M$fX<CD6;`N%?$Fcv
zk9gN5*chJJn22!Lg9vwzLu!F95&>|O&-C2Yy$7_=2cXX1iO^@-&d~pjx!Z|jn;Cjg
zZ(Yid!(!G#M3+16wfR$o+DYP$Mk5S=7;bj}C3~YjmZjvplstI+bUY%{gfkV_<yY7<
zMj5X6aix>ElM8g?HK4YB4u5O)vHRkLyFYO$?~!rK!X<>5)Z)IWrf2ZX>F<<QNt;+V
zbxL)E`%>1oyIk<;*4^2*Ym21sN~P_ePS?G@VX)C)qxPCj0-bH)c6vdn<cX%<rZ_ky
zXuoT5qN8I?JzdF;WZAy`{>VBs>$tCfI**$F81fc&or5UNAJO^g#R;w?=#2x!zxI6O
zM#&$BIy|AXuq4D%HoMw4h?7~2TF+8#f|+U?U6T&Ia`Cn$<8k3;B;3oLOm{g;8+#v>
zQC^iCAt@pRSFMuh(G1?TMMz^sUVVCb>~Ti9x)&UpMF0xmyGro#2FS*s1ocXD3blhD
zy}yI)U0rW`$fI`+`Q=1@_0QfBMQeGihy1s>LH(LA>_ivcdyZQ=+3@}zJs}fWPFp*J
zYo2#ta^H_E({w5XNvOr8%#yN-@IO>F@=I$8f0maQi^$ujjHs*YMJ2abXNq``>}vkx
z%y5y@Uidd<w_N6Zxhl(BF`^*dA$k4F8A|cDc@eW;^QvZv1wl_Sx(eaql&s#5xeh(Z
zWfs_y2;HL@ZQO9<C1-Xi4D2XaCWmY+e&1!!P^Bh``sAtIi1H2>*{ssA(wbcBz$o<|
zhrgDO)OG7m2W*qh98BvROzj$afh*ZueLbhpmwO)PCilb2nE0RH6GjXmT7IP{447?E
zsMn(44<LGp#gE2l+kx)0{B_;rO305TGGu9PPH}^I3Wd}6?LV>IK3_gf_y-ubcc^hz
z<1{K&`z+{N9a{~ov~Gkb{1|^612QFoz5HM}+8W52eZ~ol!P8l6aRXHis#*imVyp`L
zn~wXo6XraMN{=$@h=x()ttUQ7(<y5^AH^{Lt61!z8c1+$ewkh)NeBGFDb064(00q^
z#!f+boT9qi1j(}k#7uf8Y|8FT6Y#Z)FqdSI()(q{##DencZ{HGLn{XdX%~Ir7Lr!3
zY2oOp4s|rwy6s;jiN&9f=p+xYY3g2tZc!U?994s05Z%wE&VPx}w=iFBE>Oy>OyY$K
zlQ?$Nq2TT$rb0fM0#&06mr3xl#iMF|$lcK(FS?;N$vh6mk@bwOG)P;zNb?EAej1F+
zscXYfQra)61`f^1F<K5zE(y!PjAC##qhn&`7v>R_uRS9Tx@;rbjHXhY4K(MWHaS)!
z89syJC*GTySixOd5rOEE_mbp1S%oyTzvVO(;Oe!=%{BjKEVT>u213{35J#%E#e`8j
z5U6H~L^Whl2XE^Z?-z3Niba_v_suzzh#Hc|6Q3Y8vs&c?hzRD2D=Q@3G~vgyTA@Ow
zVs(aMk{_5eh1`)UJ0F;j9tyW^m!>|b2amMyr@q%CTe@fMxV(tt1eAc)OQj6mh<_aE
z0c!=hM5p7XznVs?u$g#8U8|>sr<0x!jxQMX9Xp&2WG)AnX$SQp-sY7Skw0Qm_AIs#
zNX%?!#@{eto-=ee;>x8^>fN)BC@D{_^9ATKZ-_oiD}3kq#%}8B?go_MMab`mjgkwk
zWr)kk1wo1VLw${)HehA$*<9q!<i{0CKmMSni(1}auL@%yy}N79tiL3pOL!_@ikk5^
z-{xc7tXq~!FeRZ7p&>BhqXhSEJx%>|x+VgcvL480%tlaZr&G-XKJZ%i?zmZ`Dunk-
zi8UFVJ*jAluc{)}k?^^C<DO_73Y}sAY@^*%{|KeB@n2<RY*zg*Fh+-|^sFPDHix+C
z8X7l$4bRY(DLLL9AV({k6H!xp?0rGE9*w$KW?7k>T8}jpZpd%<fwIInmz4cP_|Teu
zF_5vs#W@+ZgLs>p2&e60$Am#4q5{q%>Q9Pc6!s-@=%~kyu`?`YX6o+tJ>Tw6F_wFs
z6-mB&?|sw%xvkcPK~LC6-OmEk{Y*5Z@P`ZF%M&Y%5d%BfT43ln7od)tZ0Qlh?{e`|
zlg50w1&-0KCSNhLP*i%Tm}`A9@NwLOlUw0Z&>M|5k<NBJTS|E&wW@*XAZugko?eK4
z*U@IL8Z;q^=FzYdQe-T1djUYMLtXUPggZL=;dF7pq=M#ddOLnvd;|&onb&{cD}0%s
zEfP9#gE4C?!rJ$VCat&H*I~*F@$zbvW2+}b*>k^s|8l$=_rnnx7)wugM1r3$^2dmh
zDZCydo9&qa^+caYlj9Q=2Dw<YZ|k~@lP{(z1*|HCaQN9e#z=NAQHl+G=TZ|P!)-^*
z*A{m)cmC~r@>Wi6?%-#K&cJp=Mo43)>K0jd2`&RCKNnjaKVeGB&UT4QaoLZ-dmaYI
zjwT$G80h?Vw#8~+M2r(J#7eu3h{);Ro_lGQP8~nsJ0|zmYEE)vWN0+TMgDx@e27=w
zFtDLTe8XTEVwu<*ACh-+;$q!f{ZN?EtqBvG@ZPLSNHm^w4Q!=f*ObedV1+wS!?kCb
zjsu%Zr75K@qrir6D3H<ifyxF3EperOYeQ{SsSCO^HT$SPf8&(^Bda8MxOi|2!m&AJ
zEQZ*=7Q=+&STv!Tn=JFQI-d|b`n$UKHWfRBt%rr99VtmTuu3}Sbj4UwQ<f_t%p>9Z
zhwI<cp2y{eL=@yb6#|W0ea*@MmnW<SyA?T_&m<O!*r#sh0KXO_l3L~P;T{t<BX3_q
zm@T^RL41oocVv1t%8mz%x}IzNnSxEQ@9@#-jz&IgEQSU-oOQkUT7J;i45^7^*2of%
znXh0PQ~9&4F$E8FL&iqVTyr?@>Y&{>aefFnE-R2)RHG@ev!y^-f-~~6q?BtBzT9hA
z>&d&bxMwu-I(v7rB!8<2#!{xv6mB34n@Gy3u8xqgC0$!_|2D@5tg0r`ET=h8K<c=g
z%?G%3prO+}wLFAUW#H!5+`+JaTcAzX>p2?XcI9SjX>E-##7fZlbLaAYeEA-^?cvD<
z;2k;bb&G+M#BlJWm?`Q82U#m$^tphN`_1O4Scy?7@|$drm0E@@%JcJ}aB)%Hm!s<J
zoVpg`pYPF$NFWkwzQ{&i_k0@s4HD&FbGJ`)Gex|K98SFnYnKhu8&k6SCMf&~(0{TO
zmz4#2YJo2kBr^fdcx!pOI12*yL7=rM+cF?c0-jcii5Z(S*<VnSSG9B<x=PU`NQk@(
zmCE&WFf4{gcs2sAss+H2@=*8at)~JvVxDRUf@9F0xi4MHSDpvT;mJ0+SvN1`JEBA_
zt*so;<u|;LJ3Sxx;BZD$tt$ubqpq#WnELN)lP>P^q-^w*mBo*g#!X+hKmd;$I-|8}
za+lv9HH-m)L1A&5L%GriM5*A3!tRQcY#Qp>puih?k;l>^E=$**&-0tJfe_EjdI7G=
zYUImsPc*5~<*7tjKwF&5!W8NUg?_2yh3Zd5)u0uYVmqtBX4=-vo3m%Y#SMF=pl0Ml
zI*EqXLT*D7lHFP&=Z`+Rt}MBQR5GI|5)P3Y+Dujl`4&!32RCFxKEmoCxV<Uq$BUi{
z=~QBh9vhA}6_^t;jI)iXfis{=9Qr22W4$}X#WFa#J1VIj;C}?TNvQJKDHl**Sc<x@
zX1Cp_#wBl;E^hPu8oZ`zz+4$PZq+@uNacR+i7$)^k@QSdq_Vw|vT@_ONgQ(Zd~*D}
z@3?(It?`W@(NiqwB~X>jU;(D_YfS!LkJHJz2a#-%+Gd(vD^=3Zo#_Z)PnUh+Vrr++
zfyv<_go~haUrM&T&%vicN{u@Q2gGtbySw_r8*=-bM8Cc=kuA5PI&`+`AJjCYqgmM$
z_x)BAk2$(Ycn?qZH#Hz4J~}q8oc4U+u{i9qZ=@!}*p0J~MTcMYUe{^zz4PLMu@{5{
zyQ`zu_R^lLj3KZdsr1kVRxO~n_M*p)BA5PT8f$XZd5;9QLl^m+nwB15CW!&*W<>MG
z^dcvs<>F;YqD|B7Uj9g80YPAQ2!BG%ow7<8VedWW1UZ|Mc_$|Iv`t&@G!S#X%aYT)
zR6h~)R5_3rIMztbOpqv_qQZ*oGUowWc#~My6JUg)+BcG_rjXi)ksBGO!l|NMHS4BA
z{NTo%Pgbj8^QZft@SPRpU{mqcBxwu-rffsBL_)QVmqIHf2|S2#mhh*&n2OC^us(g^
z)f4>^h-Ki8x@Td@#i89p8cmfLDNUc$WqV6Sf?*1@NBGT+pI1%v#~QxS(qiiZp{iw=
zsHuLA^~8eqWW47)>O*?9E|8nZq*||gY%TStMKCDh$qA_!u8@I&8j>QJFR(kkzCTds
z3FE9pn7mTriHDMg*5UZ|3IH7y5t1M!axyr(i1Zx=efnFreJl2-#2ro@vTy`nSO1yR
zM5bW}=TR=l|Bj<w6+zSWPWHmQR>^p4^W`Kd3V@%WLV|u1WhLgxFZFGE&WwU(W&?uc
z6}tL$!%lppXYFLCE~ObujwM*z@1Ha15<MRwL5}kGMC^arFGg%@;4vH-uC*lPvDmdC
zfj#tq8!k3nP&=LNeD)w?blm9U%E8_Bcbj;B{s#M<9ZJ@7?Ki>|apI1cyfIidU^avq
zA_eac5E!@R`M#sB!^&^wl|ub5js^|8&7m2P_;5@}iqJK!nb;XEriwLl)^g-RyeUNM
z+`L4=O|`n^Rf1&Tc+?On@DLD}P=_c)5kut(Zs_!C1g*~8x2@Ym;tt}1inJY5zE@=g
zSYv53{=YaK3?n^;%ftj4LzzZF3-1p&>Ieqy{Lm%)r~-<!McG%J6oeIPVv}=i6v)r7
zC5(y^I;iv3DR)neMqpLBHZd_n`&fXm7S#UXhsH&d;Uw#iT!9)VMIoy{2s(>I??j)I
zl_$mdk(-C#v1WBnnT2D1HR$@s1K*fn)Eg6gqTAFtUangTm>JRic8Cw4%IMSoimgGa
zdBDlub9UR6qb@BX$i&LVJGm0`kj(FT?VgwKj}-*LFRoyg)ddNwCK*T>d*D7G$R1do
zc3li14Ge@%POe6$H`xDit<P`F$F46IO`U7S0!8gs;;P-kGzaW#{zDU?lWbRlCu)LD
z8uvk!wn(%n53Q$-GgM{l_2%LeUHU9H07i_6P;soj&LpRj5>kHcY4hrbr<t7FR!C8w
zw9my&Ed|oYjLl|~^3Z3qCefSHS(5;lQxI}w^{-10IyQ8m2EndbeJ+;qm8YchX4wA!
zC+@h4S3v?hsJF?>&!T7MQf!<m+Y5$sL**&X$nLI^gIDXqOj(PZ%7s=@3D4DF;sS6-
ze;#J-o8d`?WP!VF!QSd&2|(<D;W(x8zF&QebRUrmKeLcP`ZDzpYgJ>IgggvbL;Cw|
zC)RvQ`5gZrieD4J68}@goJSRvM?FZaQvyi9j7-u116#{6K+jR7h+?~Ce<M8T=$9w;
z;R2Ul;3lJ)upt2nLW=f_UINJv+;fC^t9MLFOZeXzA|tz{slauNE)%{Mst_KZx5I0C
z@yJ?u02WHkQxbYYvRQx|%D-S@|54ze9izTbm{=Zp_Rar9TfmvDBXlG3|GOKI0MN}Q
z_@#=<VBRIaLUqqQAGB~~bjI9{{r}#T6aXq^1gyCe*)pfH(F3s^6Nl;I%agNz%jd<s
z*Pz<#Bez@ns6#ioC<EWXQC1@{7+hYp3`2UHj0?{FFmBhLjXC;J&z8Ex$^!pQvd)D4
zcgEgIIr1(c=zUsAd~kP##KsrFzS^Bsf(a9AYo#2e0-WSFlu#*7(il$NlMgm?saXXe
z1XK~%j?pbTaigY8_PZxB069j}s{P#>yN&|Za;E*FEk8AxKm@J3AtJJLgFi=P)9o~j
z07y-0f8y6|1=SnnCQw77IoGOg`BF}0(0jy881XMLkx^<I&~Ae1Hop-W6!)$^@$MC%
zre<W|HZ>K84pK@0HU}i+X-QgT4v0_W-3+-x3F<hB(6HiSfvPm!;Z|rty@>~hXWe6e
z(7vJ8rjnfxF4n<)N=!^mP0iV%S&mIm_|~&`F<pP&&OWb??O6JKY|->=hHi6qJ-W&t
z-e!{Vd#Z6fEm;grqUydrh3}9BPk8VXlI*qugXyFd-v{e!@Z{+C9Zp8xDpH6-(bw>S
z?ICs!TH?GfIlrZCNn@!fVyM$ps7Yd|(iMzc?Ed9Nj95%kcGRZT#YU_;e!-T#Nb2Nh
zX>Ojd!^6*k)=4DTIFzCN@CG72aD%GGGN0e0|2P`q%$t-hh|e!5BhuVWalBjnd?IQT
zJ+Nni=GK_k&`e>+X8x-azPA^)$@K*dgIqZBM<h;Nox8MyGmVPrFF&IQ>e@DhG~t-Y
zdn7##t|rsbW4#qEPNB&tL7cuQC1kpf#BxQ2R2if}D!F~Df5^VkU0C$jTG`slPh6x@
z%|?^3$>}|CaRH*Mmp-FK(dW!3bY&!%*nf<MPeLL2Ni#4o$jK!JJNyfe*Frd1LBaVy
zneL0HQ&Irx9e8pj=^(qZug>hMCIC08{{x3L7RE!4I){m)ClW1fzSZH0)W!#KGX&Bx
z1lR{XlBxCi=$c6D+1qfcPb|4PjtB^0RB7b0+LcIoKx{q5$+`IjX<k4;MTNapj8=Ef
z`SY7}#<34(iD~bJHuxI66~nO~#~B}ReBAwO7L8v1VRDH<O4^d4FJF|1guM5|IVasr
z5D`iGz-(}Ia2naL2Fmm>ad>(w*Wy%k-iT6Ny}RibYrJ0HUZO+to-RNH;E+{GSy^4}
zMMiWDYl1Ohyy92o=s#7n`x4kUmq@e-;E#hP2&3R{eNR+5U{$ZT<=VV?-2@*>gDn%z
z?hFF0E;ieeWy~Dn4D?jvlco~=zWZ{~#AI;Q+k(2r&cI4w<M)&ic60b8FU-&9{5O}Q
zjg1XwNKJ8q>{NLS?N=jlIXiTWC}g?(H^%}pJsUgjhtt8`%&9e5Y#bahEx3u97>?0>
z>PFjI1Cu?9Qm+DCI!qTWStktX(UDA93&~l)Y*$4s?T3L60o4dH+VWra1s0h9U&;|1
zYf|dss#(g*m4NFuu_rErSsGIZA}}MTua-@(mVJ_I_y{W;_ukRu(N?#7v{nPwPblT5
z>d&75{Mg+Ikg^m0cqc!_EsTR5+A7IY1intMa+Pc{)~K!6aF_HJd*ww0(tk&otTFZ&
z&LFm#IFHh8J@WrvH=9lRO@RSBW^KgKgDt9p|HC<)L-5<pljpK;szcwoWGWH5Cw9>@
zmfd;1B7#S{K5~<}#WZc&um7Q~T!juN<$AE*H1@fJb#rmkvmp=Mb0U{A9rPkgDWk^`
zS||3WSX76z8T<QA4^gwDj*j}4-cGBnfk77~7QJ+tN2hV~TLv9)O$*nju3_6hrB+i@
z{fqJ4QMt#Zo5%qD-jR_Jd}zXp#DL%4le8Y&(^5n<mL!ISbgF8D7pC%91&I`Ji_SVm
zDJH+)7fjJ$AyMNX@6*%8PXb}aw_M{7kda_2Ik9Q_Vo?*RDhL&Cx$lYo83b=N5+;dC
zoB1|SB{oh1RAambGYCh<^E&k&rb3Z4j2d30Ii<RtC6*%-1L%-Kxh_GZT1&8I_tVPe
zxDRZA+z*CPYDVL4CD)6gsQs!tWd5;Rr(Ee>kW@)PW-JFI;TDL-0V2_|@HRcv0xc?T
z`pMjgTzx{qu`tIDe|PI`sg{~Q<|f7ztdzD|rB#1O_D^#SIq}W#wJvlvcqje_xl<(&
zU2c~(mSQ#R$DTc1idLmv;O{(}?uh(PK;FYzMqP#NqB-iPIckn|TU!4>tY{&4i$0$C
z@$tO8Z5nn62MyOkY-|O)D<(#6MGcX!?{g{{g}n6pch;moJ}k|KY()s>;-48AHu=%o
z({CngFHANN^|Gu{WM&|5iCnI#=xpAnA+e9iSt&ox{PIh)72h9-g)oSxOr)9b@A_5V
zzP;hh_VN92IUcc}2*>p&q=;^X76$n|vMu|l+m?4^GlbYv^?-6&<yuiDV0s)3RDLAX
zX!(3F)Npf{%V>nGODC%Rn6bu1=lJtgwHs@bp&P4zxf{?>%srp;OxB20{DB;!mf$KN
zzTuG9xB5S=K2b+MzlHN4XxJ?H=a!VkXG20}8)DS>rmtxtR^PlQD=u=a=cB@+Aa}hU
zWS)iV$ZDK0EXYlT%hs;$uKD%VB#*bJ($Y4B>FF7he7wO8EjYXav$?IcxcjPP{Y%OP
zZxRdx^}>6YNj31n3o&J5T7a^JwmLm}zK&E9(EFM>^wTI3c5g}2sQnb09r02}l_7R)
z*zdt5zwUGIy{BJs_~Wf@o$gB;Njt8p>zJsI>w6E6Ej8wB4h7RlN_#X4=GvRTo3@-<
ze=~Jb*npqg=dPnV*K^(-wl{EA{}!9I`{e4c($#NT-S)2v7;F#i(P@HtE6ud2aGfNx
z5vv0bwZcddA0c<DCFt^qnT}1*NS<Wz9AnZY8r{HJQzxecyj*yKd}R74e1a(KbXok_
zbXg!oHAV{)qJ>yK0Cg^EU3Dw>Chlmm$xP;i?-^=sISXO`S>AHjofKvZ5g?=Y(0Z;!
zk)p*$ry+=$v?s7{$EHt0cA7WE`_r4Ffy!d=Jzt%bquRVlD<MMOWTphjYlR)dkPr@M
zGGDsoy7+smf{GZK7NSCpA48ouPW67j57$Y^ozlcEWSR~<w`=fV@e%oZNK<95A~EiK
z()$^0xqw~7U0LW{M<j$=?1UUt>91Z2=vv*PNhng4(>><juSkK1356WVoM3z0F)i}8
zZmPDIoXO?BU|r?}8BU2^$SUX(Q1fjfR{`(PmS9Q&i6R9y%K9C63QpDy{*6MiWA1W6
zaAOCUvTJ&pFU`Jg<4DmY5o|kg(5T)HTJUmJU5)8&qU@%-<qz!qR}Zg_nous|M8H|p
z>SDRR*;w=aOyK~3`{V0h!O{AQdlu<6_Js4~BU&F#l1eTz68bRo-Eyn4_0y<dGa43*
zj*a$zA~oshs&>5tssC}U1AS>C{B14B?jC94>JyKqw}}ei%$?5F=7m~XeRG7%V%#D)
z`FP>4w_y+vWs6G>`@Wfx>`2obT)X$tN){L3pkdwszt|E*%F+%zhD|QbML1m&jj5t)
zEDMe)T2gD5aB^|O9R5Kg&j^~|?i+c~D)GTPL6wrGgo?7Rk6-^-f=AJ)jMa)B83Vt%
ze1t+^Q8cxzgBoNMar6QV$I~nOdNET{Ky*Y1tn$U00p-W5Oi1wxg-vy1sHkF^s)$5+
zT>|!YxvdWKO`~PpHzY705D+=}`7lb%VDg5U!Y$~Ch_Qj+uJVd1Nh!44A?zbX$YVdz
zOuw{Y27z$KR5>KL1VTO^iqH=*Y+k|#1J<J)g~)VLv%^+S38pg&g#RntZ!zoi*xb+8
zWA^s;V&Dw|;WHd;Z4FZEKUOJXcs2HX)C<{wzqN_m*KurJo_OwJgC|3dZux?mIrBr-
z1%xh?PQuA46g`rQtaJF1Z_h{fsh9DbLe9{K)QpD)EhduMnl!knlJXS7*Q7HOu%5+)
zhVHg$Iwh#^OV4bZdMw<VO9n=YJwr|#L^v|8^|dRt@97B;Du*y7JR4ShN$u*<xH%o-
za&UYq{ThITYbw}(|DuD*moY3M*JGN~X`K4KD%pYF{)3zVo@0a#Qc!!jRdIPgRYYZa
zu2Xbk)B8_)9AjUhaAWcwqy(9nBd6x(g2u;@(OmgWZSyeKo@rCF>41$@0fB*%IMyyi
zSy=-^C#-VxVN(W%!Kk}QR>Wy^PV^zpAHh>;$icK?O{eTQ`yW-%1%R2;{?>Xy>xF(Q
zajuD2c=`3^*w*>Px7I%@zv@^R+xfP)>*PGD6;;*|{O74Uod=aibhzxR&d$x*y%ivh
z1db{uv%@Yh?D&|p*l{$(SG~J+J$u*GNyDamxItd(5oz%72r{sf$7tc9?VLY$9n;Y{
zN#{6Iqc3XUU&-lHT}gsLie>EPn+3ipy)fA;7^3ExlBGp=o(hwIoCRwW?xU^mI}}%z
z^K3o)ZoPK3@rxG*3&wsNppY}Z#Bf6bhqBZ7`mUs1_{{99?)^)Y!Ra*KCrR<?VE~yH
z?jKdmwgdpvw|6)JdaOSPfjp_fyqd#iL}wWRTJJxT-1M4qOV(O}C#*xInvvu=;fw)j
z;<O>3YY##y{Ixlw6&NF%#F4^QB0RYRZG})fQ=YuaE@Z*sGSiM$e~1pOLp+T_Wk&>z
z8J*SQQb6WlzHZCfr8Z@Z|0RG&6X|*P)8&xR&`?s;rudC0g~=#R{RC>Yd6+?M(<bnr
zE0U1{>=W`E;Cj+P8v|;ZB{Hf^ng=mT-fU8LCJSn_KeDMZoUb(|-8k>B4)g99JA9b}
ze_eq5z|G+;SU5`XYVanFGR;HL(ej&@v&Q88iGd(wa42?o*tlC<*m%219H4gCH*Ghr
zcqn_BMcoKX3;j*0cZju?01(I75s!>1mrOa<wT1HtvE0(x0)W23Y0?qNhX&Ve$_*}_
z2Mi)Kas;S!pSQRqC(k!ybA)-No#>2nkYct}Q88Q+b{sw2GFPtdObgwju@Xda%Kan6
zJL~<0FtKhfHBR<=rI^gMnAWHX4JVEL3Hl|}`{zo8M`39h$N&VUh#22qzZ1&KoeNK>
zut5~GZKUcde>0Krd|YZ%ojW!%OMRLZf>o5qlwM%x@4<?zMnC_xODQ73Mk#|caS9@I
z6G~)2a)*tL1algeg_0hdMQ+BNMJ=+vupMffdv?N-5D3)id^0|O|C3U`v-9Py-oEF&
z$Bm=4+P9_9<Wo$Ax})XGnR!K2ev(x#uiIBZhdS~8U-hI(psFMQ1X?3w=ZO6Se<3A}
zwW1H}S<V!$oepCKxu(UY@dta3rojSP*sJCUf)!D1cj1>&?CT6E&z?uh;m9(EQ->;O
zhE#lQWxLG=5Y93ec-kZTrsp6DW#+62*^2jmX=5(=pvE3L<k22)Hv#GS5jT#n@9DSx
zJ-o5HBp@n2pf)kUr*SlD@W&U=j_$A`Yu`Kb7)&=)4jdq*R4!DV(mOnB@=SZoXaq<V
zO3<8b=#*7pFEDJ$7Cd@d$a#LQ)$%rwL2?)ycUtbiF^lgg4U1<k|M9st%GD2D)t7ct
zIfVR0gq8J87pJBS6y>g4Vdkn|I%h+skqK)ekYLzZmXAi&^;Qt3`tT51NV#}tqizcA
zUF)w+T+N`!VWl}&PQbbe*Wd%c9W9tx;!OONk3{?oTozkxnz1N{$zXx;lXYx`gFaJr
zB^OE<Xp66V{9muQEcYyIY6yPCtZuOA5}UI584Ud^#@e)PnKw=8Hp}QXDJtu?5{uaG
z9%Na>{MW$~koxVhD%_!g9CZc9k^{Q&tj>U1bIrfflglT*aY%`zuQ_dtP`YDoA#oJK
zsPE@TJJC1qdMtQ|@_c3sbA4)4{A_BS_-t-lysfmm(_cBpztIKzmHNCPcf;lmv6bL5
ztW`j)0sqx8Wp8|)Fky{wr(~EaSu0RQ2s&eqhKSi+ki0R*J_T2dBV+hz`QpyI#So*L
zU`=jtorT<;Uu+z#LhsN5vctc$LSj!LEt#F;kviwEIaFD9{1ek1%)nzy7E2%UY|9*>
zz#HmG6JblQcz7hqnxG%af*m#K+l-}V9#8FWd(Y#(Ay!ElVTMwzfb}8~ZX_ni)!I_S
znn@YE7mdcl%3%)2!*J<{H05dU+&}VBt7-4*>TA6FmJUpa*F0B?g-|P<>u32Lyzymj
znk}T7(KegZHzT+==>41i&_~bWd6BQgBjzp>rv~BMu2dtrNEt*22>t3(T19NvLLL^;
zkC2S0Y4O&Wn+G~O<KYupPp<KxHGiR4^Oc??VKV{koE7ySSMI)T^m{VTO+k2yyQJub
ztCflUh>4Gjeg3V6G2)Abc{XgDfrI;(T^yeum6yea8~PZoR*HtiSH3=qd&m0myv8MT
z7Fmt<;EdCXN!o|FT)l9-T71!pHTKDRTXnw67Q-*;J%x8Q*JhtaZKV3g`t-T6<<pt{
z`MtJ$FP#BS!3Q94`SY-rr3niot2qx$?IB)7e4PY6PO8^elP-?%z(4g{?T9tU47gm9
zsq|MYW~`PtSZ?2TP8&V){8hjo=;SDcfj9!xo?papXo=yzP{1iXRcX>@s*+k1G5~9u
z;ih_`MT8;tD8fPU8}i!>ksrDk$}}_IUGCi8W528J70VH^=g$y<OVol*Q=u=D!Nv$l
z$a8$p43DrJhJ8^xC%))Lrcn5i&hJ2k`Bfc9Qqdi~lDxivaB6WX&V(@>{*vgeF?DK+
zPlD1lk&&G}XkO|CmOXq>esWqT?&i!W{GsK8x_U&j7ja9*@sub4+?=NPEh)L{WSm&k
zNL7w=b_#qHs?`Kz3(*p%ON1rDL(eJbfSG%L>e%wk`I%sHekvku$;)*%DZi$IJP;{j
zV3%<@eT0iux9`^n0c+Cb91vyNyIsx})Y9+&dX-)mUC|5zm@x_4FT(KH>&65p1<xf~
zX9M}SGuPQt34vgGvIwN0Y)!n>bu;k7X|U7}96h|n5j5Zr&nHT-?vJ;&q=thBalf~&
zzbLwGBh7Wcj=ZkQ_PjoSar2&9I_C~e>+aXZ%0c7AoR^t=gs1DzxG%@l<S)PCDg0eV
z0>p(22VYGd!>;edi=sXArXo191h#knJjS`(T&Nj++UX?c+Vr1k_IK(Detp07B#8V+
zT=>TzCHdqIsBWU?u@Y~+F~i_awVwF(2t9I8d7<yv{qmiXfKn^@vr#vzG7SL%9GSj7
zD|Q?;MO26QM<Q0TusNt^DU6^cDX*jN&PrxHpHAKH6w8_q((U7-;G)S9f+X(%5!3e(
zHoZQWW(#q$y;Un^U`8{A!6!!12b7N2-t%oUb@*|JNC+(=W==&lTG4o>yo(!bB!`iV
zq9Rke-th+`&FGY@XTcxB@>pszlgk<rAjG)5>IRZWkMo}D--PO44#~!i%VgZV@NYV<
z=_8e+J}j+9w?v|3ihV)z*;tQi^k@%CEQ;N}%WY>Yt?bT%IP9zms7?JQ4K`ry+3Fpf
zTGR>qG4dPWy~p~1$gp|wA<K&J;-NCDtJI+*aGg5A#MP^~l5&6In}o=8gy`c9$kQ5w
z=TjmPF@>bRHp_UXNOWG*;N{tiZ?VIfjPE`CY=b+<!Wl*$lN>yLh&yfij=0}MpIkMw
zH8`Rf-nDN2%@dv2>Z*RT+<$6c98?;~fo|bkow<&V4qkp_R6oA;HuQ012aW%dm;{7r
zXT31FleLAXqlQ&Kmp2}CxNpxbGy>Oga4P;P5SPHNLKsyY=BS3HaLiICN-fi7Hd-49
zX!LWr0A)`fI;{(?UoEJk^m%pS>8&^QxARjXx%E@=T97CWCB?DpP91Nsg)R}pKo3BS
zxc~kV%i2u+8%OX5{=LD{pBQcYI1;0#NaR;Y%$7Y?+JhGw1?aCYY@+MLD4UyRP<)Yq
zn<!WS`%SJHeK1ci@PzbY=Z^|jtIsNcn{+@Qmi=j+zon7zZ1Q;x_~u+)nU?ii*^`hw
zOq#3}*W44MMImtUiAEq_;uTt2!s**PH^b$rV-L{xr>14d^CsZ>lZN=PtSWT9JG{3p
z1%PSgF}I!$YdvoW<F=AgvbxV;S1wjvDnT2htyRCvJudho5}xI6K~}C%{g#+{=8h!l
z*~GGhvD+bo**y)~#(ip(`7RsFA-xQ-J7bqFo-fswmwjq}!M<Vcd3DvubA)PJDRD1k
zt+$z7CAAC}BT;d0tt#1FvA(SrC$$qhlP@^IFw}qMwKwngjr-R{&o@u*dp&Ot)W6NS
z_w451AwmE($9y8M)1!<PWueO_p}l7^${<97K3qEb+s&bB+ym0AU{gu(@4?u-wi=Z8
z=<gQ&Q+t@$2RhmxCuvFK?GAOxM17&@g?GJ#qQXamaUa)ZKT8XkU3qCF8TTDmb_CB5
zMmh$sW_x)F%iuc084`pu$Wi0OZ1t@RTx>T$93P~yFkLsV35~iM$bFnHdp>6ZeDEg3
zZ*j)eTdWPLeU_`Z-+YU~a+6Qc9<oiI@YPyWD;q=M=jJ|+;DG!M(!1vD`#@9x%I$)&
z_SQ~H*&^3LZ|jU?W;&*cLpI_Bug_&Z0_M#P!iP8a-Q3xyeK^7)Ww8nZw|Xx~X>{rg
zqC{?>1wlXc64UzKz8Cdd|J4(xm+6`EB(iZX%@yMDg*QNS&97~KtJ@wYvXilPGYa2b
z!~oRaxsnhy7<%c`+13lA$|)=bJmf<u<|QFQ^Bz+y<l^E7!xx|_6~N5!@O=0&`=OM8
zlQu0-C70kP|5A7XCgnZDCTEEWKPeRiGH@|OR5<YPLC+b@eC}t@2zKI5Z)zGoNWD~&
z89z+6GE~V@mLFg4z8Ti@Xqa$H8Ej>0jWg{f$csQbhQMP{RLI3I1hbom!`_G+Dk~@x
zB<-q3GNkFO5|5Pr*03+x8HVu4#n&95Vu7q$ivauV`%4WvYEEKd+SJb|Py!HP%MX9}
zhjCz#fr|wqPgfhMKnDYvhYDMQy96MYZebrpYu#mP)$z}QoK<6G`(fnd8LFtT^Yh!$
zO@~DgyqAOPEeDG%fORd{zn3Sc4B`@)kX6RSAT!A2a*CIqOk?}%&5RH#2RX_{Sr=Dm
zm5K&Ai*)*?k5JG^_y~qD^<!fqoZhW1oRq;Sg`jkMCjV{ojm1Q_e-p2R+HK{mdB5qS
zCe{D2`*q$sUJkcfQiAm|#X=`z6py+FY0SpsN6z%WY9V?3or?YXI~>Em3*i;_b!~;@
z3F8ve{qtq^?cv3v58vHdBjIJMFyEcAJo;T?ke>6*b{yu>#VeM-OBhP$%MX;!$8j3J
z<M(`iuZC<d+ima@Zp|0_zf#`E-&M;0xr;luzF1k&ywk?R$Y8ykFrGjyN8h;>yQe82
zEm&*l$P8eK4g~dt)n{>C{(d1Ml))v{-y0%bGfzZWq=V-lFPFeXCb#HY9vpzc!}NFx
z&OfKOvA5|nw8nX|Iwu9JARWpe(bp0{H?XD#92dyj6CC5vfus*8DdfH1?OU4f9+}T*
zEodEXbyT}HUsji{Elpdn+PWLw)R>qgV$27XSL>x3>Q^x|D)m_3ldL$~{A#FcW4$xf
z9iFb;rFTkopw7Rmv9!HUS412Oj)oHI_}clhta;lo08jFEs^k$eJaTb@G!m-MK9-I$
zlnr$yPof}H5b#st+rQgXRjE-#qmx>Mg9cW;l5g|K@DJxm@ZY_DUamn#Ia#*d25-ul
z;WDGV1cPMuZdfw_U9mGAoL&J994wclDmh#N-Tvzk!?<STeeBAZiBr=T3Zv6Y8tE1)
z3Ut(<=iXeZhzia;TY~LJvtY)$;Dm6!4ekNY<^m3H^X!CY_Dml;&qgJ8N+3?KEq;Us
zvp`hhe=WvZPSS5#nF{PjIp)qW9s{^I#X-&b@jFkI3_Q|D55Rl6$3_VY(L&+hE1wJ@
zK|ye_r}K0MZ94C4f9YH0Z=|I2hkp1OTU(WC%x@D*K2d%VUrRpN0z%!dsao<Hb6`Iy
z4Vi~*Yr)trC->mKXBYW++@(f(#_Inud%wODb*$C!#wX@+7u462-2aF;cXK?>LdMaw
z!6f!kexcYUPb~$?Mnl(Vyyw&zxm;6KSpV!uT4MgnvL40!^KSY)%YQ8t8U5(+WXJq5
zVZKD_K9|NfR+lytj2A^=t9R<UXl}K+tKb{DNdpYh?_WPN&g$XljBPR<JEL@)@Jrip
zqrmou6x1s?daY43L2MxkVVo;*<UEPuQIMOZ%QgiZ8H4p-Ll3?daC4FiGsnD~x@F)T
z)M-9cr;eF7eU@tqTd|TR-T*uL!Fin|NUEjW)XOl1LZ35>O;}Us?8wg&NX*u7C-z@M
zhEIPXo1<+BYr=Gp__|G(xX=5b*SdwsPJn4|0XCv3bv7rvLMx;EC&L&{1WPlO;LBk}
z;OFv|WYs#?MoHc=i@R#czTZS7IFce<QO$?M(HJo%Rh5Kp*K=6!SvDKeIBBy6p4!N2
zKk>x>WTApkOoUiAfYfvQctiNuv!p;EHYMg`D#Li`BK6)gGf?u`7v<GA((#|o9<*a`
zGQ;I)`wpS~XB4Hj(B*`?&IM`Z$R(yv%hcpNdXR-WQE>U!iQMWIl9*FSv5mEyr5pOP
zxA%wX*@&xYmty;KDQQDdJ?7FWasJTAJm<RE`TT}F^zs<Z;$rqNg&#qmDkbzmup>&P
zPG`T6H8eEy<#`qI9MNd$9@0mwr!)*gDR7+3`F4woOQb#27?vNyfNo8}^Uc>zow%!d
zU51@|?->4J|5-LyImQj4dV>-!EzKS11A3#kIs(>o2hx>eQE}w8I~xuun_c}RuDlwi
zU%rq{>7XG%a8Bvkj`Ui&c)3GD5}f|r-sF8RB)--pbSkXFiD6rN)0*U!wF&h|m$_zV
z!nUZ93;RI_$LD>sU<8ar4D$Ea#jK?gPKsRV!a`FU8_Hxd`ud1U6G^}(8>p}F$Sq+H
zTnY;g4tCvL;Y9Wvq@=gqja_bP7+a+rFGSh?dp>tpQE`sW|FF*Rw5lAp**YN(o;rVp
zE2(_OQ~WWiUD^r7>rY|THd^)sH~A`pRr?En;CfM`iwmVzHR9Qsl9}NYtM*K7ii)6K
z4@d)@@#4^^XHviX*F|;m*{oXu)-UF$kL5U+A|NP_YXmKsfqRGNlU%z`ue#pbk5$eb
z;`L#Zmf6?tvTh3x#h~9baO<&h;)eWQwQmwJN{!Zw4wsocROz{Evf1%vXi5qYUiuJ?
zD0bt&75I8HanY4MeWT`|k@ye4{Wi0o`Cpb^@9Z?5qc$W@0{w$H=XOhlDWGm}JvL;|
zs5>NCA2tGvleLK!K+4dALweh$l9Z;@4J}|ob{zE(E=$`{dPcY<I#?V5Thl<!1Zq6+
z#Bpe1pO!t06qUfvx1TBn8!AX#+#b2tWmu|NJ$+$4UeVMI2YeZaBNi2*n@)mopU@~A
z&Q@)9zWf{Pf<dhD>xy_Etp7{v-RsLwN}Sh#{|%O6Uz|ql;!?cp{AHIi=WOFezRz#x
zRqoe>A7N>$A38wF^r*}5m*lp7-}Wmk+&8ZfC(*y}OCLv-rt0J-@Igz7A}p9VUie+b
zm4)KjS5MH}p@-P9=YuaEJvTwGB(K?>FTUI7PR{mYoy%P@f1mmrcB>Mb@@{3L_x!2<
zJon7w6|36+i4yC6#y@7xLqUO@zDBF5RhE8xozCb16~{5Mt*41X9|d4B5)>iOjiDcS
z|7`Q@x7h4PXpQW*GvQCz`6BLz+NnD7yzqMB0r<}VK8JnT>AWL<I)1$tE`HH|MVQ*S
zYYcz7^^cen@Q1+7i6h*s%AUQmr!_KRb42|+tp+?t_{+U_mo#M&M;7{Vn**_i$FIF(
zZ-qdfZX7CG62RzFFs<gkQ(bz3-%RqUv8;Ra6FJCFK*+B%e%mjv0<GwX<<N-Z*IB8f
zc%Atz!}sp`{WbLYWE>Voie^tc{1gMfsdK5PbG&1YEgj(kZD}X5cAd8Q0@5AxTen@%
zv(vUAlQ`cu_n0JrlvifdOpB+{`b5F!ty^>P=;Pi8D6hIb5!H_^*~OzNQ(u-1I|v7)
z+7=*#!^8JeTaw-{6B=1zdt+W^aro5weh4<(y<Mx+CO7OZ&XhT2Fw-x8*YHi+hYxJ9
zx|aBUV`8w=-!vbl2%)4Up`@>~U(B?JQ=G&bsH;93Gf3G>!pEs-!f!ENcx*MITN{1b
z(*o|#ceK>sYlwksa&kbSEA*<mw%`-KV^MA--0<J~8<=CP{qbXP)io_rkIg<NCWDJ4
zsmE*lum$tGoDQhk+d76A>fJ^-H!0f5pEEia(YvmWTO92Lcy!C|n2bv5s<IzPcOSj0
z5WkXdAdR`DjZo{W{n4ueX&atDJBCcN<9Au}%RRD+HQSUS{!WoT%e-zXck-e%vneX%
zAvR<Bx#(MEnflyu<9?>};^OSQUW<2hQaUu|^+lrX4Bd^-o^dl+_PCt_Z3t4VC99sR
zoTo+H|D7R72!zv*LrL(5y$?*G!)md3GQMgCFZq2+D>b}}USP6glYs8BSLUs;Vu`3l
z*rD;%-Gv2OdwnfHP2?V{rJn{UPN7JJgF%}V{n02sz$6JFLbyTUc6pkcwMCXlMT>4m
z*R0rCvFMPfdBa$z_xlq$FUFTNW(Cao<OQs&{@_QQ5&B%M5|hHX0NZ3XRn?^Z5oRp~
z*I%)Tqy@;2zNbCAjqn}M0r&dfU8CtFlB<ffx{odlhsC`mv<_NW#iDZ+;I?#FJx(x8
zy$qr+_9^<DKc!H4x3dewXsG5z)Ky){B*Pieq|0&RNzqWq(7cz5qZr?P$IRf`7O%x0
zM4$(OR>T48GK=?AlYaYo8(oE9^@Ky^m+?)9AOVnc=t-YqftMY?p>TPN616-?tKP&|
zxpQLl5t**$R#jJ(?h{r_G{~s1kHlAFu}(-~Uo-rjuJ@-0^_FUU?$pn8e_J;np)*hb
z^g0i_?0@2|j>FmWH7I1R^Dxa(Fw@P&7|SH@Y=z!@>%3ZHIEW->`xI2ZI%a_Z0&WCu
zyIzEBOtMTC^312igQK%hy^>I^{IIb4zH(fJTcJ0J^*otuQ2gO|Lt0T=biVkb<`^?I
z37L$sC0m^}?A|`z!Lfb!WFK#x68WACDD_>n0H;`BWDCOVtOm%_M1nKPxzohX4&E+*
zqj&0ue~9Nuu*_sw;k0VFENzu=OmRhtw4E-koIE|37=NT9Gi=_OWb~gHlblY<b_h8U
z5mDdd5Zsqs1+m$cAkE`^9nB|1Dq86t2We>+o&p!tmScUY6q{;J@xX{FAey_oX_Y@z
zJw!D1D^qY~m2iZsGNH)p_HDeVFESU7Xi!Yd!NIYN{wqM{x&7df80@J7-EKyJS_=za
z>(z}+QKFXApMVMtr8lYf;^Yy9Q8%W1Xno^8dO;)Oet&M=0@ye_RyNb1V_z^P?|pOe
z?d8~IeaQ=EsQPO=G3)ut4}RG7i6re{Bp_)PupKy*No)F`{tyb=blqsWf3>H<i_Iy_
zB@XHZ>Cgw-LNeq%Y)DTrb2}Tc%iHm8N4!<W*F4*h{}ST%;Gg=N3RQm+0&KVjsA-@V
z?4omk;}JiI39a85Ss4HqUAYaInWfBSiI?@PKWr>VjuguAE+plbwqw6P6}8G&YN@To
zHoq=!()dDPSRO-^m(srCkyxvHj{R2oV`yY`i@(lN=C&0f4_Qz{Qe{4YaDR+U08LFX
zm<v!~Pp_@cC<3Ia!_#uH!x_S+#94cqYq)WQ2q)L4VTyXQFfZ2;aUCH$;{7Ep8}cG{
zlH6nxE?x{4h%LE|X`BF|kcdEJl{huioFZi%q0`ww7puy1s@!SXvhAtq^~k*j_9lZy
zbx$lUJ2g|yYX-VayzqMnma^rf8YKxj14m9tIpXPB%z?d)q_iSae?CSMxo@ie?6l~c
zT(hu_dj5L-O6A*ucW8!i#Ka{-D_Z=+M%u$i*qgCk!zD_Gs#<tfR;svyK$Pz0rv<v6
zf>}eOt5j*N`VuzK^Fwe}p>rK?(zdCxKvE-jFifL5uh)LSr&of5dt|MY?Nn`+NsSo{
zbr*OgMI-_KhTMh&k%FzycnK2BYz~rYc7o&DNjnCH!mO&sVmX)uK%5cupLSR=?@ipi
zh_R#aw{yiFa!&d#unL@{g;goq!%IR)C+@cYx=bmKJ6w((t3-g3?ike&Og<O;r#z`p
zh#kqFAFv1NO<R8uf%6<+schtw4f#~FMZlj3*|!W7k<))fPR;AYrq5H<)$!*R<RiE9
zD52f(<rkG>T)#)JYIa^LJ(itrAIrdYeBGY$kFKde0E!dGb)Py*RO-tx;&qd}a}*(v
z<Rp`%Zw-F?H+>x%-T%kbSw_VbEm1nSTjTET?ykWtxO;Gi;O-XO0yG47cemgc+#y)d
z#+~WB_h#1g|6aG{-gD~I-uo+ni<G$<)t=f<b$sCZTR^`L1a5Q=Osf=Av?4>aWykhF
zwZ%L=6{cEdyj~oN%D`u{`1o!4(giu1{U}wKobD+@M}CNh56JRw3>%Y{C<-UY0QYJe
zrUbkL6$7~kzWMUhB-V08Exre333TU==for-x6doqhQG2D5$9~e@Gv`G($nekqNzfR
zXm71J4TAB~^09{s)fhNUnX0SEl-~z6Bh2RNR3j+dRiZ5<@Gd>p$>7@p;oL<fFq9}d
zn<P$#uX%&1iVpw>S)-04T>eqVRgMDbVyVOQSyJkB6Av<`U^|)2XubT`)|M`by{zJI
zapNZPb^7>-(&3Ia|6L^i?aK}6ZBl$e0ns=gFN;>Me^TLDT4i<27}2l#cb)sp8u|(r
z#Ds)l$`yn2F09;}TP2E@OpG|<+xZdPVTr#;@swd9CCO7|rcL*swD;0*Zd3&^o>$Fu
z`aRYg^@W?4be(nwPe8KJPj&t$C9He|y&)W532ne|>HV=A6GVt<<o?fM_aF!^f&u_K
zaRez)lt{3Oj8k>|D`y&{U?U%shG_$&fB(p_9S=$Dpan<YxhDk?DkUJELc;jZ03s4q
zfKIGN|9L<owO1viqa{5`w|dOlxO%RD2Z14!IXvzBK)oHt^~$V)akSgfjJdab%;a@i
zI#PyoY)6b)E-S;x?_9)*r{~d2mqR@f`m@GTmA#=SvtM^h8~vSOga~a>Gtu`Ewz>Si
zBv3`1a+a5URN>5Z--8rJCD8Ah)O~(PC_Ipb)W_fKE1Q`^v?BjdPpJP+4_(L)Y|2$K
z^>P1nMCW9ey|#NL3-iz!15S$&5a9^R$ja^_)6fC6O@7m<8XCnlT2B`iIpOu&a9rZ*
z$d9tq{~cb{pjF#mgHoZ(6Lo#4GwM6ggIV5j)0<t`3gXnnVK~h;=@9q2TyuqG0G}Wl
z)rZuzTW718so8!nMqIqJ|IAnkZAY9Mpc;>vQCk&_PoY&VDCt4z=W|*Gd*$1@SJeBk
ze?jXr0HlPlR@A*WYa10?_o@;3VtpW-gg>x)ZmOMj*U<t{@}K{d)_*8s7migLADXse
zbQ<|U8V6p9`yC0Q?N1oL!7}JYhMPM!0$4?#F#Yy((Ds3~fhfklSDiMvQ;4HOg{ZG@
z+waux7Yq4=Dglp%emAncVl#g>iNm_T2gN>~uk@bd`=wp%cW(Qj8$XXPy8ugKsm3>l
zn;}_p;&%3STR}?lqnB?xFOLJFeyE+wspLLN#eStO#YoLMD-V2%bgTj~P64~5SF^48
zVO#i=izyPacl<)PN-?KsfkCXZ^+#SrLCnq>!!te*t;rI<E+yO+VT7LF;6UL{euPDO
zq+0Xrzp?U%C`F&>NuIVOAAgsMhPI;NlBXI_1gA)ugV=>`;|;O{K{xrMr<Wv=w60$I
zH%mx-5sDlU^O!H7!OH-+?NaND#{6gKfcslJ)%B%BQiD)w#=&sRm#blwSL!_Pue4|V
zj036S>`NiNueBct#%~w3=*q0-4%DFwP9mYAFP9(0+wWUmpz27H0fpMji1X~5e~$Vs
zR!6-)mmWBX(#3+-ZaAM5V$=K-sWsLs-uzcstJL;-Gf25l+_~G4y)Q#Yvz+9VE@yp&
zD(|0+pQdL_(ZW<+Zc+T6W6{jiEkg$BMlrWv7<%p+Gcaaq%zl;vwx2*n$3K$I`Ezha
zB<t%vyf9B;47k2pq8?WXMJEQnrr40^25mcxcCx+^<-c6F0vonBaemstY;34firhr2
z?5q^ShMBRa60awKJqAZ?baO@|m0rB6=+5Ph#Z9d-pkOVb``G-Q*!(A~p6A&V=iwz2
zZKb_+<5w&rpBFkv5LHKo^4_KByNiK6$<X*_oV|G8-7B7svX}^G2v|&_CV5^H-ElL1
zA{c27sA94-Vb^%N4gVhX=(2M+3c?M1!=J=|tz)FUYMu!ItUu%zzsMDoKcb7g^ODLs
zB;xVfkzRS4yy5XJL1rjRfm;ViV<7}{&gh0<?S?n-PMc42BV9DKE?ruG@te@wkP7G_
z@SR-<G@$P+&G8f}MseIXeMCB(|2jvy3nv<gJ$J^D&iVQ5+dIC{-K3)_k%<rq=7@gH
z##GM1&d#IUP6>=bX6CIg`os4q(D%&t!$;ZROD|-DsZ}o!NW~8u6Y04NsS-2P`y6z+
z8`--Se5-yzE&AIX!}#g%GWeE>%?P+A%L_bB+L_jaCYZkHw|?Ihr#lmm(qrA}ck+k3
z+uVnjz6@x^8uWq4_|;aIJZ-X!Bsv_L*b^l|7~9qfoBuIst-31w!>e5o9Ke~s83>pQ
z#swWjk_NAxVc$DcAo#s;2F4E-6Sw6EcV)nAWC7Onspl?&hbu;hB?Vz1aOJ8CdO?sP
zcdNApz7j0CDeiPvzXpv*kS=q@sQhs$JC*zDmzq>(Ra}}28V{j+o~BqOf4UzCAJ)kS
z#Gv*@JH727tc1ASYUU4E_da?cE8v9hLktS_sO&kd_s2$AUu^jsa7UYlvO8N1gY%y!
zDkcwE8_-k{&5M?N=UP7Z4l8%Ri@aa8YX>o=z1nMks=D41cRju~N}N7WCU!?SGsG$i
zMBoNKalY=96W6T}Jvn~)w}GuEf~{<)EGPhGBT-lb@~F-JjW#}4a|&ghFTpKFYev2o
zk@1(ZeOYOkj~Ch^v7^SDC@Os4y<iHBI7wbEjzHHnH*!{PkjetHVUeV-u&AVhG5LNk
zIV-+}iq6)@l>(ux0f!2B$vJGRM$xQ(e=k9^UI9V0`96r!X;a$q!g@yI@SMy}abNm_
zPF}#}Lx!F!B{ssoF5riXgJ?__Nw{qjlJWB%uFKB~{S{+fT?r<f!EqF8x*CM9uL0I<
zMi|Z<rhyNQq5}^kzNj=#EJ|H8{3PG58dn19;)bj*^v0whPY9=^iXYj`hb~*WEy0D;
z*WB$^6l4EKZTJy&n~pkCW4~iKJZ(MK$bA{1yQ0Xe8|&?G)?`eKatnh@1Ru&ORf7!e
zt<s>jeyWJP?4rlD<=!yUV%e1kLGCu^zhnVVH>CT!P9NyZp@9CkfnaS={N+2Ay5V$-
z=}7tLOz#7F-iizSyEn^4`%9Y(Z;Q#}lRtsamOVg{;jI4xH!yf6@NPX*bM?CB^!xDi
zXkb*n=p6&m6HZ%njqU57BNa1y9|+%8;mAwTXMovP`Ad8FT9FsJ_rrycAmi6FwXUmi
z&#00EZ9VUDWa<=q*vt4!UhR>#EAS4rLZpw_hR#X52inV}4-(B72Gucyxa6QAxLS{9
z6_}QY`AG%#sTd!Vn^H$4)d3{MGI#n)jvGHCFGu+Ig1Qmgo<NSTJA}r4t%2ac&7JnT
zH&Q3c<7%sD{IaL9lqucPfEZGbG^FE4fA{0=Ae!0sSj7g!fY_q0A1EbXc65^B6%|P@
z=dYTPk%aME;tuP_%=Vsv5^uxVW^eL{v$5cGzGz}gp7;=t&3V-0CR-*`l`_z`qea5h
z%+hkAX4nqKfCFoYHSm^O=wT^(0@BgtCzA2|UWRj9HbNUWknrNQ+`P>0JVemjztxsv
zFLc^QB4R!(Yo!gRN@9jtq?x}4+gUL1$=~k-gllqrq{rB81rzXkbyUAE#-E(^<&jw+
zHD54tK8Aq~8MS}L$0At`kDEYB&ZK@R%MRteM%BmRcZVA@50*0{d+z3qK+k=3=`L;X
zwzCg!&nuYe(43i{n#^_py}{YJlW2)Svumtv7+e^eLH6auHDJj!O)6-yAd)u|eKOI2
z5q@PHftMP<18}ZX0PhXCn9dcsK{tBXd`-TDBu{e>pq)^(eRmfq2@u!xg)a<Rz@>H4
ziCcA^F2Fg_|HD*B8IlEkhGMUI)<1P;ub4wF4Ho=?tEw$bdGU8Z(l*w20^&Z64=$7t
zN6ogNd$6j@`Eg~b*_=2_I|Zxrd1uP_^;6>8Uli|@N;W#0s}+^NsO0pG7{<%4SE`<y
z6kHex*<$Dg^U$*D>f!c%IM7vwNGz-9BmB?j+#r-T`fUaU=aMokz|-B6j0%N2EHh-i
z_xn~2i+QDlk)z=~7%U?43U21s<Fv3LG?RfG+L6$jvaUYvb7t+_DKW1Q2Bxg)`wF=G
z%sBeZTKW{-+YRajiJVie+yrv#^d{?cs;}nX-!{~}P9Yt!_qJsGj_izw_Gd1G*4*C^
zk+PzYdMWyE9xLIJrd#`z+%@<5o&1QYzj%0`ts4)wgj&ORMYQZuKAu_kFipZ6CAtqq
zjFLPf2i)FzdhbzDC5z;W_&_gWjm(8c&dshxUpK_^xdEZOLnU>RrhzR@MDgGw{N=fr
zwim8UWTZ1_L-+UMGO(e62oTOg`Wz3gzo|0}evRyVAJkv&M9y4v34IN2rVBW@$(Q^#
zgB%^ir&lq(zmc^7rjCRSsZ(d4R?68JiCJs2Y9itj*fOdbX~WH#u!1}9Y&;?%;L^De
zSd1C}<=~hEkKDx@36dr4R6_Xr+5GVkjU;jl18{Hntm}7*6qqPE{9~ZX_{4-0^;|$~
zxwd~U#TuM?3euoeF05}S=A4JQ_2S;$JGsF-JC{_DrIn!>nN{^buuNMltE>b^ok+iQ
z>7z|=EB5&x^c#~WO%`_V(TTi;!;vTdVR)jxqzHI_tKDC1O{7#F*Wurcl$2F2>M6vN
zP5c2CCj^!A_!)<!Dbmd9YT<@cmxcW)z#&%?3qPXjc#k&cUBF-Z8jtv?s|csUb$>>P
z(k}IqRSuVW8+0Y=(JL6hS+yjm4U<3=tMH?tBK-}f0h2sn%6Q}yE;h_1H+waJNFX40
zz8=drF;_}kmU225$mR64fAS1D0`6IL;G)PH-aqx-zX|*>h0ixIG_`USv;Z-bjdkFC
zISr_Ht}RC$)OReOub!S;1EQwCw-W{e;2|$wysyJscM*o`F2nP8L_a|JI~g-QL9JVU
zD8|nlw4mj{7y7OibK2XB%6$&O*&vno^N;?M>;O|^cG>}u#;BUQfg&lp_3Xw*jDlth
zYr3Ynk5O<|zh^FUdz8p`cxELfJVMN(;u-+10;8&icI^0?)}w@<1T?s_qJ+p-I+F+$
zYvlL!cT9fN`Em1e65=C9aYnOQ00bxH!Yp0d@g)g*x>WX$9O=s>_@Y7<WHi)5I}=rJ
z{--Yf6sl7&Bno5&z2W44*jvEm^lO=na4?bNnIUgG;1kG>AbB3dHi<(xUrwid?n9FQ
zJl|S?5jM<`(DlUC1L~Fqa_ZNA6zA_%ih3j0tT3eS8FhjFpn<N6So<*K$WjVxZ~dzG
zxo7s*^FR0kq?cn<hcn{^T>d`NPfm|J2ZwDmst8BZ<^{m|J`nZg2)68|X>a%G0%+Hb
zzF|0>2VhP)Ft2p)qX<3Sf_+0aya7*@v}#-Pod=V1xk0|E&>N&==`Bd7ibevD0wV8O
zwc?IN<Ms{+NB2D;Gl2)>bVTeGNd7ieLXkCjBDbFIyXCY238i^Hke3&tQIe4lV26wG
zuwdsF@XgTs?I1%{dohgi_NBfwZx8{%<kWr5<Vh@&plWrhm603tQkwx|;C0~g`bH}f
zdPokS4%_;>|M+J+5Y?Yk4|rhN(3s7zfcWc(1~l)cvR5w~7{|NihbxPAHh8*jG^&4j
zHt^1C)PKs_oxo`cmb-d`jNh(Zz{k3-yAd~U%NG$md;MCP@0iYkem{Z)TaQruo(NU?
zQa)LjpFeJF`xD8=<b)5-zZ3ZFa^}mZnfIb=N0*@-#paM<CYl{h)b47lh$L7WZzV|j
zKI|N17!7rHKFnT%OVv9EJ`H!kxza8BRpaQfX&|ms4+xOw>mc|CwiNxoWJRja|BcXi
zq--tp;DE^t#5f2EOBj2_8~CPO_BS)gtPLjreTdds&&J=9l-Ba`j8-&yyvC)DXZKsj
zOe403>SV&+0dC$XSSq16+G@cpogo?oyJ!@@zOx*BkaxYW5%PK5(=o)xUNz>6L<svP
z?#y-yUTsv?n#*)IzxCgl@8GFpkfPfA5*WWMCDtc75i^?br-Tez1@k5uuQ{YaZ<vdc
zL9}9`8p9KFXVjhFX@j0mYyTOOMsP)6KEF<F2LNijdWhxaHClKaQ0<N@1j2hiI(wz5
zU%bgDmF~bQB&-?WBeJD8DF5{gLEzHkZ2N)5$nPEIY`YUl5bdJm#UEyLIt|#}f;IEL
zXYFnMU}PU?E|?c^k3xsM90(6~9sAw>b5t`sRUtJ?T@D`|zIrQ>4i;6wljvSaoLrgF
zV+5=7BsvOwtLsIJSE??n`a1Ab*tp`hgDxM7S`Z0s;9!nvEAYH~|3~k9$#_2iEY)9}
z$3}ws^51!;n-4pLPL(eQ0>S6&LEhd6^RCWQW}%NW4J!Dp;HBL`MPufc%MB>TFYwA!
zTqNHf86Pha0~2ubisTPYx5d=_S;OmKpQLC>p8p<!Sw0^C72$Uczqg!i3G)vogjQ_#
z<sZXf`h__5*y-a|sBynGsSh+ow7kt{9p!K}ze9M>o+lobwBH4-jo5Ig#DKFe9z2UC
z%UhB<nHc-??VNnt?jb!FcB%m<kO|3hw&m3$f=<2Be``#E$(zWEecaI`L%|J!A*xKv
z3^w|?{WCo`+(M6Ur29|Sc|*&+_b5cHUvY+Z{;ETED^Yu&9~`M^E(PUXu;dDLpxvGO
zXJ%uWE?@ZDeEmuxz8d95n^@G<28(Su%;$VdC9u}vd=LNS_=ttVl@oIM6<*8o16J;k
zMny_krtA7o;uW_1U`APp-<6&5NWz;n#^=Lp4Q}orUSn?rS>-$_1ury~Jb@UBjvfoG
zI8NGx9d%1iSb|FD```2iWn~hQ=ETZGf^mNjJ+C`SJH3d*PpqH~Gzd3(LA6PI-VB!#
zI?;Q-TCBk*^heaVEv)%^vV`t8NRf|W*8SmSqd_l{XMsGQCkLG_el?(eX5WR^)<~Z4
z%iP>*Y(+A7nW}(aSZL()G(lrH)n{8<XKu1L>Trj3a8RO}Of0Nwf-OE$-cb@zvFhr{
zc@$`)KSzDVnY~tG(0oeIUu4Q==?d+A`Lk`Ji7PQ{-XGj*JX}eI)7t$E*>iuux&!Wn
z^qs|0Dv%QU8v6o_ALp0pri_PMd!M+4S{(wX1Bm*`@`p$OW^l*;bMs4~4M?TV*RRxa
z7OuI10r0pJcHoRvkel^PQQIR|#rQ<s#}2#ZQcFS0qtMnyGhAcrsg=j}r^$B<X(eGF
zIJeC_t>?DqKcnwRBKNKNgVR3*LD#V}yQ@cek~5E7lN~T!Z)>r~L}T&$gYrbI0Y{9F
z)0Dj-+?iM-I3>vlrl1!oA@C~qsQ(!0^oq=)^2wzYL3ZmK6l>2lV%nSWUTppg^5&&c
z+l`e*++X}Ne`~_6RbMPaL&GxqZn=Z_YbBxJeP2&tPxN?zm*Bzbw_Fwm8Cg5bg!Aph
zm>AnsW1+-zr;A_)QH02U*sypoDP-vx2kmi(YVNul1M2--C_&&{(P*IU^4>O2rORi>
zVOu6e;|i;&XTjOcg;?EaXh})R<FjM*4zZC4--3Btc6O17JfKV42LE8+sr202P&Kqc
ztvB8b(OSf3%W3=JS2<SC?snq!mhNB&r>+QGV{cTa?nYdhQY6_eKh#9g2iPwb?T$>%
z7RWDK{z&UBz0rpx7<*X;>$rqaT)a!MUY=bs#7@1jj^Fv5{&-<0*RyoJ99DXt9B9{l
zTp>&{+0<rc>gb2Bn~rp8BDS(J!82E`!ncY_r7274C{d=!lM^BK?>7vZaFL;3frCGT
zU%duwW(SE^I_zxYYbbeB#kgKLlCwfks=pjtm=SHf(QK`>KzW?MMIA~5B!3+NaPE26
z-S$g2Jdw_nYwL2;a_0E}2$VR9l*bPerE`Nv5B>H$NTi>%Qb@ESPfHY4tHLYl4*igH
zI?Og!EY-iWtt4ufg><XVeNwp^r%H4eLTt7V9<L(NmH#C-i&QigqDdo3N^%Rrh#~7w
zZ$M=8g33*eV2O<1y9k*w3mLN!7sz+YG5uU4aa-*03-w4Z6uPQ}eSR};zjS<eLi^q{
zALUDi@_uoK(E!Menr)>PFWa)ZRv;eWT1;?Kj7?=uJ}yaV7R?1I!W*(nrw+<AQCv5h
zM{v1qGfYk3;d9VBR-zf=#g_}jSCbc<I}Pf}+{>JiWKg(13CI=lCz1)wuECTrm&RyW
zh#VqZZvjS0?fDe7iDzI~9wqLB>wuy1*tEJfSHl(LRZYleX&9_=>0J@PT#zcxetA{W
z$GZvqSAarQ?%E`*jsp*0uCh*fT*sN`F$&F4vOb}?GL1%N4w!>8G4<&|znRb922I#$
zz21NQ)cdIz_n6-Ydr(8;*sgMD5G^25B;r~UUW?O)u`}v=TqaCoS@gx>4%>YuUZ;ek
zQHE3*rP%svt&(;3j<@Ceu~S<`EN_moSgDp+$#1eWL+OYupiei#oHrx{E8`1>lo`9J
zE_bLAT;zm;<s@ol+I9SRcET%-Q(+u9n*wg%e?>CLWMGE-qE1T%`|2tdeiZThaj^h#
zCieI7k`4xC@Te8Af!#^Df((&j^px7m=cyqkV@lQ1kp$7&f8~J^ES1{JSm!cOwT#dX
zBAz$u#;aA_;;&Bd<HVZt+Ya7m<PSepu>4%czms2RKYNssqcMx3tsyZUhAriMaOR_^
zQhO3N{YI_ykW0qy)m$;IYB_9g;%}lep?WZ(7hmI8ZSFZy`2AQZx=#?I1@(yF)U~UE
zsM?f1N1EXW5YEMLNGl`Uwb5NWzPB1Gnwv?DgvFRSc|~yy3*llQ$Y+URcu6c?%A7EP
zT3>&Rn6-++wY7izkV80wk+J<KtU5AV`QW^%{zxOr7i(hdlkE&?AEOg#2(8htd~Sfz
zR|~mc#-g{b@f!<r8a>$KAJ^*X14u}gA5i1m;I>raCmw9DuChcBIl(-u><(Dv&}-ip
zfj(i(n&PtDlga!xo<21`BXRfQ>L|X~yu0NDb~$V^X{nQ&0)hwgNzDhr!F4ASYN$|o
z*!X_G__KfUthUy=11i`SlqdfvSih($^S+}_zt^IHb?Tk1T7ORPMFpYWZNN3h25Vb6
zP8%eWT|vO_F#X_Gh5w7@aRvvVQiIF~nE#sJ!gFe@s_Vh9d#%p+3-Rw-jr~7xP<Ifx
zqo&U>@j1j{7GErb625hY)gAc!OX*5-U}|Qh4QAE5b>nBm9aESa<-<$#|Ks0mApJW<
zYqjtpa7PbDvNAn_zJC4GNkc>j&;>SkxS8+DwduzDFip-3o;j0e=1=zhqG5fMyTT4I
zUJdYuAySayS@@4b=buTZ+qDvO4Q~HXMOS~#!ObUZ+*ug3@@v?L`tXp86)(nQ{A`u;
zIdON($ldD!Nk;1E^RIepXPS}{pw{tDUA74aA=raF66Xz&4=2)SbQ`c=dYPixID~Xm
zVyoOS;mKjrTCvySJL6wF;axxaAB15eRf`dv<eSwWn<U+Y2U`bP;?f8Ahauu|MU$RD
zVFQt(4lVmCsHZLk+YyQzXp3EVKcEKj@bjcjhY6aNcniRiH*q(VP1j0L`<&5j;%&jt
z7SvE;k1_{)86`JSdu86t-IcrL&gJ&3AakCsT&k@NmQoXQCLHP!*L6OJEK_AGr<m0r
zF-Q>tZY{e!G*9#^r4$?=+S6m<Zu~;7*2{E{%x%W!o_F;*ls7qOc7u<OSWDdRUni;-
zYkLDd?ccf$J$t))^ZxS&2Z9Zv<w*a7wbMb9-dePqzura@1N^!Fd9|jfiFaiw%IrSG
zJ4-^)y5~RpXV$k}t%^gvd(}b&3fc?>Ixg*{Q2P*_G$Pz@okd8ydo%&-fiTP&dTiVr
z!NEWyu4YeQClDc?J41DGEo_0B`q;)%%vYP1C3$uMuPUUv?GEz9=*S9^<%j&BV=F?M
z$l&!~f~q;o<B$nC7VK>C<>L(|7dM5!m6eRzuT|BiSv9R)4fVh+Y^&T<jtkqWO)WQg
zJ1h}S7T-qGhLEA`fGn3~3yyDJHnJcV<1Y?ml!hhv7$@Y4lS6=i9w2e@2Otmm&1>}a
zAI+96zYYJ3T=cuNexI^}QR+u--~RVsT74*4y6rX%1#PD2on_DNtyGaL$k29?kapSo
z<z#3U8X=|Wp`?6g_WBdPY7=CoCX3rDQKUN*q8{Fo$3mxRyHbU7>;c=haq;5FF<1ir
zViBQ$oaPR8FfBy2jZ^g-exr$k7YlV!>JGz-ff3cdi)nkAyTE6BENKdyBIb7KfvXOs
zB)NkDv$csVrYZqu929|}6nYB|g<r{pm=0MML_T*E;YT=HK~W>Fm10s*Mu25<sR8nS
z0>3yce~z?9tQoz*l{RTB{yg1$l{#?7*xtY_=vB?nCcoWSchwXdb)2&_XD?T=@BA7b
zDWkEteMLC(b66wW;P*_j<V>-~Y~(97Jdsuu^)VqPPh5@(s*QAxy5n26Z04w9jgZB6
zCWJ)`D(hQ*oJ7Q>E8ST9PT0;-lUY{x!HJ{dSpvl<TGv8bOa55ZKGw(B(G~xn;n+A}
zB+TkhiAu|;X)pCGWSBv@q0m`;I!7R1v8m&?D(?`4$uHz8m{_Qc3qVyo5qY$BMTXbu
zS^oy-{Z!-0fq;8hv+VzRoIQi8uLhur?7nwm@SICnT1c?$Jy3MyiPzRC19u{&@Gz0U
zzE>LLm22H9OXZbPdEGMPvBX73+<Pd97I~<g4d*+L3%ISgAak<_)Bd!PDq$FNI;3{m
zP^`tLu_Rn1b^1vwN{bt}%-lRmU}seH82w}%nz>O;m;o?MoK{x*5`753KLCV}bEO}l
zkztb^Jv>ZHEmxM>W5@F#P((&C_3=d1nCFj6R54d88XRcCySV}UlH)ran|XZXvtam9
zr<h{z2)mGCW^)&tnUgi}7>9+qUxY`P-`C_#;HF`o37F}-KtX)?4i2(O?fJU9!YXHA
zrxamkTJO!<4Obb2<JaTOXMI*wo}x&eBqITt7c^q;g~J>xS!JT|#DwB_CX%w0Vw=su
z52X~LFT5qjD~XpIgoW%e6hCqX*HQun1ck$+=@HDRYT{&=Es&@nm2i%ajTE(Tm*m7?
zHmxQn{$yrN$5-EuCTsE->Lg8&rO~r<vd8Fx_)08qQfq9>jt-KdWZ8wdQ39!?N%8eM
zGB6N*ab!Ak=GEcKy}|6MA~0vF@AsJyEG%q+L1zDCu2j_N<1t^VE%iL_T*&|M=teI3
z&_tA+)D3xxzrhg(84JjS=+^jz&3_D3e){?psw#;S?x;8fWCDPy&qCBsaA%rv6$=Mj
zQ7#VHSxeYmhycdN0LzPEC?)-83F4{5u<G<~Gt<7-mvO@LJXGlcsHo;~un+<In6r4y
zau&&|;})63gtYzaK}%Z@02wnmE4c!tXm(+x5PKttZkgcpCC{j0hMyc%G@p0yQmLS+
zi;iua#E<%@td1;ID^jV3O4w$#A}<0knzTx1vyWPG*x7}`zPnuW^2R>3!~CMMZy3jV
zrac1Eh*OeWNN?|e)k-V_926Njy!iM;lk}m#1G$h^u`vD4@H7DH1+49pG4U8DQkg8g
z)Jc;V=(8$!oIPE7WEo*t-_BW1wh(U)l$<HZV!u3SRzro#@T}oj#Fpj4VIqWI(e><d
zbRt!TEF`We@IR!yR78CQ_2>*ofE+n>WEv)Iop77PQ+O0E1j<a}DlT)X&*fN+Q~|}Q
zXqc(2m`UGr6kCGEviOk`;=~)tWWW%rY_N}-f*^9($I{gAzy5o{;B_zn(Snf;t8EU1
zCdiBFY!AzT>0GV}c`-!5w0qjQs?(Z3dJq-~T|K%Vu`FA-v>!5NU*ha9XPL3%AsA*3
z)Ip5aRL9%LNrWCtM0gKE)2hVxRMCNFJ-+EPYk{xMQ_esFc}v)UuyE!RWWfNFFuPR;
z&#)ULyG8_v6DeefUL=_m1Z5|541tl6i+V>1(c#gty<;?TamW~t9IN914XnJeg7D1~
z3XDq}t6zM6Km%OoKBUNX);MMbRnv)@s_#iCgD38NWxV7>Q_MD`iD4!sb`5;(8!TZ1
z7^a1iZ0J}u`^C<NBptY&hH`{U)5BpdRDU9eEwB=veqE0LMNH?U2MTWOTW*%MUu9&-
zt+dl4%OlBH&C{ff!N<M{()DNoLbpuhbX0$MG}4@`MN8$*kI9eH#miZY+<XNmEIwE1
zhPk7JhdQqi!$VU_`2CaS`S>oV(laukD{(L?W}L!uaGW7(;Y<O@AXP`^-*?r{iYtCt
zQk&pSP*Nf|3kmep{i_b*fy!Qej0z!~QSrNt31ras_)0UZfQ5GZ2`Q6ZKEl`$y4;lU
zr|2Xy7yivCS~)*e@6#FVfsVhgb_1p61N=;rU808pPeQ?yfz$B_xl$o}23PrsgU@WM
zmlLM-+h-)pFEcNluIH}-TcYcT%Z9y{qll(QgN$wLqR|$)8?F~Hf#FxnqtucQ{Q<S2
zz0T*A`=58~e5Xk<_v+t?4%0uFa}`Ecn*ZxzzQkI^^K4wb-J)Tyq6Mcnp8c=dgmt(&
zcb&gspt6Zej=n<dLhh<w(R667G9WMKpqd(1z1u0qJj&4>(C~Xlx#!jxU*)*<^2Fu#
z?|>Hq7BC%Y1v;3`uDL!FhJ18naMhtTM{DKWQ#{Sd@AZCe*LfrDbc5js7VA<~*BtwQ
z=~XXznxpkw3~-ANS(EYA<lrblCK*z45Qooe84^{!F=>C%9nF~yucWjD3y#I6A!_Ea
z1P?Hlo;NGlLo__Z-pW*Ug~N?paifl<dH@=hXCl$#q29a-X-dH?iP*XkeX!|{eOJbe
zNpX)&ZZ9Evm<%cZ*R<)f=@G)ZUmFuLPK`738tc%$*67)0)IV+m&7KYtN=|iVn}#A)
zm}4(WqRanc1It)k(2IAx^8_&VtB|-4zGNQHSKp-J^MBl!m;Q=~Wc^#$xg6uo2cKgU
zo<3rAdz&a`&Ni^?E>`<R(y6J>jHlm(3t_*7i-23x6<<as0*10@^0->L7EE~Q3-Knv
z3^hBBlPS}bx49EI#^s(pai9I$gtbNSTTj>>Rv71JBiM8YkHMQ0H%pi~2B4OaiDaiu
z>9?5|AESX>$#u`eiS^k(Sn7P30D}?!6LkSM{x|<cQjY~tyvbc*K$PD;)t*4wa6E$K
z+DU3#vci_Cqqaldmr#GFY8Ev&62}_~m(|uvXd9E3&_v9wE(VV*S#fc57ZkUnVy7L{
zb#~1%kI!!Cgw_O`x-T{Zn+qYPlpOwrG7KFseX^hDmL*N+_zj7bY>4s1T5aH&v6hNs
zY?~Ij&8)QIYFZq*mX?4`4amfX%y`H4gF!aX{(rXAHDVKb0`Q29`VW_%eSKN~KjLH`
z3Rv*>jC<_TasPJJG#?v@P5!EiJ!Jh%?A@^%hLDC?j}CTh5#AJGmI-Kt6^$nDtqiMk
zwQ`#mbiy=aOY`~N;wh)50!urg3=OMozS@N>oD2<_2;N_8MPp{zs(F<YC{c~uR_f2m
zo7G&X6Wc0l0!z}R46TuTvMW`W=0oP!WKuC0KX)~2@|gMfA&))~4WBGf+fW3?dlb80
z@HgGw7gUsCoxAtgC_<M{M>_}ozkwcTa6Guq?;GlRq9lv^jG+R4red*|C?{k*?MVQu
z!UhBwN4#bqxl(I#Kr~ri3gTv7gfvWv4BVWknBxsc|8W(VD}2(0#S;l7f5PSC>%-13
z7|A||UQ%jRpq@;chEws4`jGYrTC$qpoWfn6|1b?}D-{oO4?oJ<iab9>vQ`UNTZy}$
z(wH=kL-t*sO;j*=F4{$o8fms1*OZIUw5dM)rWV(tRsR2y_4qDe?6<<@3r7#{O}6YK
zS4;*|w_uAGgH3{_BrIDdUElp6df80LlJmKC(4fO~i|s=oa#Ya~8;Y}EpVIIkL&h+8
z`h%y8P{LgUkVeC{|A^utBCZFC_WD4z!=3OU#X4k(;?U&$K{pFneG+dWfHvHg4Y+Zf
zoH<8#iu>QG(octsDNqjk18(@C!Quf?KRWWSXX}KtM}vOB`j7Q3#MLK7#*LY~Copw|
zU2KmQ|CW-NVx9-%Hn=*_CvB7Wnlck|Ea$OpAXhihZfx3ApC)3-X&Z@G0BqyFbMYtr
z-(9sI0Ea1VR54?ZGcjVtR71`g+nn~bN}v13@N1(bbr!^(K7`#P`|+J7t?$y}ll_GI
z@Knm;32dlQoozpp+y;}uoaGt*?QZ86&)2rCZ`h>eZhNvGs6rI4o(6#iJ9ig^Ai*?G
zB0L)Als3@Xx;`S`$iQDD7{@<HMSVE{XH9f1t?db~;cD=dt%DLo;)&mc!9S)+{^-+n
z{)asHz(1cAXJQ>!4Lzjj=^(Y_HvB69&adiXLJ1ZbpgV~ALQKYcD7(TD7($3p@!H;Q
z&i}C-L5lon!gajk$$wL?hxyI}Re6)S)A0S1Mep*mVf)+Z*uWGRw*~bwrG;b$>D>K-
zZE)VYV?B~LkbkzY`yY};<8|c|GN>Fz=!$V~fnyDjPtmX)ceauub$FT8wcc#XCL-&n
z8Iwr-Tl{1Set8p~mwE?Jmr)Byt?;OX?^>OYCJ65SlzZdBR^t#9<G?m!1nb0L{Z6iv
z!q(pvqZ7ORP-loS;fk;kqG4j|?dVc8##Uphr#WcGel+yd*${U%4jKI#xp^TikcEZg
zWepG0mBh&9td^@N!;Nf37%kJXWJ^%518EdXlET>tKbm~S$CNq-D?s}xb}<3kFqXLj
zETG=PqWqQ-G{n>~8bf4cr8<6P+BD`#!AVb*AHs~{;EkD3=Lyy1f=^k5%n^-KrJ{is
z`&Td}yujIq<F{a$hHQbxq+SIY79HnLQtMiH^-1P0J;X~F;T4c%C^3f2)hd=(cw{^@
zAiq0{=~%Jjpitr<AesKL&#tE?SiMfba8)qyh(`{;EPRfS=7%kv3gRCV+HhoD^q>b&
z*`JKkEy_;l7>%pGr51MBeyPKpK<?nIs$m+ua30vbM|dF&UR<`f43#jKG5taeyOcKm
z_qKVFo2j%sA%1w*LzkU8Ps;Xd+G|PpU2QiDVG~t4#|gDu?$=jdfEJpNlEj(iFm_K_
zpXgS}2<=SPRp2E!2#op_r0-O5mE%-)by`ag>Qg{`?KcvB-)jrru=)5x9dJI}rK3-Z
zy3aU7dkD&i^icH%+lCmUT0gNbD~;>ztso*i?YGwFTpJx~K~5jlBcw3l6eGs9c$j&s
zBd7UbAT_%23wjHn9O81#PLz_Vv6z4x$;l`9#~uQTQ<IWTEy*?$eT7+}a*kp=Ibp6=
zkfCoHR4Z6Is%7P>#V4`D3Bd1alT(Z*uP~F-W8f9Vl-maQ(-{s<`k0tNQYcG;hM+G*
z6a3IcB8(9=DWg$I#^aHY4p&(qV&3R=SmCf#;_P#(%TcLcvz882^iv4e$q#qc&35Zh
zgh~m({V+@46Ar!yeWmm85nuT)22qp_zAYC%)<~MBqmb&?Bn=c3kD&Sq^rVb%$w{{;
zr*Jfw4Xam;W7{0_mm2>TR+uXmQSJco*gaNt&V_psUke~2P;v9e6+c?gdaLg(?ewSI
zWBpx+E+etsrWpz%<y)wPKmTWsG<o{a+#2$tXE|<BxUmo{;GbkN*j1lZ<W)tS1-F|_
z;4?_(msO)CD?@m5@9Myn{Po0NSJ>8d>ZaprCfa&AQ2L~XFfV7!JJ84!#W~!M<j!H!
zSqCK(LnUP?+H5Oj_(P~_6l!K18pAV-^%qFR>%>`^XrQP5Q%m&5qizbOsGU2)W=XG&
z%YM9(s3)p7NYIH9#QJayI=2;kKda-RT`|(d#liGbVcw}t_`7Y4L}d5u?&E*l49B*M
znj{A*&^GOB+KNGs#^;$<$}H<kpTEX^E~;gU9oCXDLBJy8<)IHIW@JhkrX!*Rsjc89
z9JShWKnvoSVB#z>r%@9XIqVXIzh7>M2r7?Wznl(s@w|rUv!Dh~>~2PZL8wwfQTSuf
zK6)?g3#=6V-0=xD7;*QBVgjr(vc{wY1o~tbwbG-iqyjQDKs<C)u#3ZxQiH1OuucY&
zWv?)#iVC8&0XkAEAvgiz7FET>%pP_C@=BbvWaMRbTQsgGk3Py8XQ$*P?elPE4zc7>
z9~M`tsGXgHPO1W%_^6~Qsf8`S%<*m+1AokO4awxpXEvs6fF7iS3`~dYsG6=(#NM?)
zoU$TP#P{I^%A`r<qI!)ma-X1sWVNUfnK=p21p!eoYq}lwpZ@@?MC-u4y#a<lUXm<1
zn8>@<4fHmPh>FUJ5}zsLE0WDUJrN}-F#Lbds2Z}%cx2%1Yl=>)8?sB@jsLnLYo7vB
zsR5Lfl&Va&7%EiXH^lntJ95N1gkdqBuvHRvkHaZ`^J<wZ(~p|yv)abSsA?_4TXRw7
z>Z3c`10v*WN0Fn42!o>~c^n;GT_Ghyp$5j)!UZ-CC?IeVP3eh;c2=-tq*5|-@`L-S
zWV7c>ihFQM6)Fm7AoxTCAagduVP*jD%P7zry&IK-TaK*CD$;BwF@;8$va9y+a57NG
zzp0#U=z`AuNnY=B<X@*DptdlcK%0P+Splzg7$Quk$xNrjsYL50j5Cffwh9iQr7~2}
zLOgslPopOW7{!2xIWur#<$qw*W-}3HNQNFVs*F*9+{(8xJHE)4!#n`cRb>0N;aG;7
zHXx5^pT)#_-gwIKeJFw70SE6cb~a}P5sgJW6=5&#X<{bGG9c@d`MN~c>KVW@K3DYy
zfm1WgL#Nw*&i^nyr+*Jy3Wz3Cq^!eE(W-SCe?II$y)!=sZ`nko9t{xb*tQXZj@N=Z
z2_e#oB*uwVdvtYKyPegWWJ}J^9E1{nIyt)_2XZH-rCBmj57w!zRo7Hg;9SoQ7DeO^
z%-W#n80m_0?EtiL*fOgm)(8|)`!`MJ=5gmB6>(_IKv=_cNch6efGor@3*;WMVl^)1
zZx-SG_9eAc+`k1d(=!@w$>2<ZeklusrK(>|3gEP>t*i{On!ZSyyO4>wu(Qs;O)&zO
z{*tAzQsj2I?EZ_(?6f_AE!B$1^*F6|V;hp1#*a`URAm<?hCiy-Ii&827tTXAZ2?12
zcDkH@o2l%p>QsN2{XPv#OJ%a6#97pA)z~Z{53Hh2WJVe8us~V{6TbPuZC_vw!e-WF
zMc9IESkzE~I`iP|Z}jIE*?KnKQ2vTh^;OIMH5h%$rXaE(`-MKfjCD)AB`{0N+bkIx
zvlNUIy2qMT(rPfQn{Ir2!wie%XLyy2O0X6B<*3s?)id2Jc^rd%b%O(+mnh!<Mu9!G
zjzg`L)!ub$375+&pha~g5{A}Y(io=4S82`w>r#Rbi&EH+Z~3sj%}O54-sWAzV2EBU
z>}Rge8v#P4S9>#&Oe>srA^8CE5sqcju!$0BYd0hUTYYi@f?+oLjsAY}{)n9E<1oL5
z$OP=7c3(W=FAjL5gp?j4A@m?*8XDQTt<{k6YYN4gX;WK2Xvx7Msvx<=6u_mugM`B{
zwfcxT9uYRMv=vSrfF~(Ah)0kUmLrurVJhaNEoyb7Nu?;HIu-lbQbnA*G;Hx_n70+c
zU-<l%nk^n9#@Ki!s4ir1HYo~m6#8(eh_1&QVd~salPwFc%jI8!-!UGLM67Sr!_gn4
z#A9MUu63+qN=79}rMPV+dYnIFI(&A^B-9_}jCw;xgc(qSSm>A)o<r(1^8A*Oo(?0*
z$cV*5_$kB7dYR$&uCY(oFOx7<pIjOFtQCE^YkLAzXjivwZ=d6w`>Q4Vv1;~`Nm%Oa
zalGT@e+yFINDz2tYM6`j*hVI|sp#~*+hn|{0{p1PK>B^S`DEZl?m+uw_m1Z|HzMS;
z!hnOYj$!lUh^_2f(&TjC*%jiQH4xPjg~uM5xAF)tydz3yWjpHhl>WYR$0&2Cu0!6@
zK9|=pgV_4+!lx=pu+j~`WR)u7ZEeE>ddc;EPoPK4!h9{yJO$JBm3!@@`DiTueBplC
zs9-x}yKCL;bec6O{G|;mFhCXV=>;DOmt353Ssx^|NcG<2PGF4BQ>eBtmN_K{f<Z?W
zU=tLGDT%Ra`t1ei1P5H=67o>p(UgiR?*Z8am9tV5m4B}AHMP=ru1*@k{9#!QPK2f<
zEiUfVqV8f;=5DAmI~#EgOKR9r+Ru+^h0X7fdYyVMJuM{6izvr7_EM5F=mhHmJ0=U?
znQc>z7)JYMkzYl4twuZ53^(I~BUlvUnhUymV433&j!*0*K7SP?V9_dw9ylk-l9GL+
zcK7500*eSK)I`hOctQ{56}FneZO?9Pwz;NU*8kM-L_}Tyh1IG$t@bgSphYtuG_I6S
zRP#<P-Cg<Cj@z!o@%Oxlq0RI4E;fWAQdpICwGNa~!)CLmO?BWmaV}7YL}T)-vOc_6
zjZH7xa))%U=|kjbUPUj+ywV_42eugcV+W=@s<f6vzkh7~y1Db{y?LE-;P18fb-;sp
zr$Ojq&E*s)ojk1d69&tY<W`!?mxDFw_^)qyEbdcZT`Z=<SX-yf#T>-d+0su#)CD5H
z_pnbYPnp+sViIqj<B?FREw6+m916Jer0Ce4O9#q|f_XSDAaw*-sX?kLf;qWD2S-oD
z`Equ5&z7R<Zm7a{$0iNF&_Z!!w5B580ytvxl%#|i6DxP<G!K+E9V3*+VK9A1EbD8*
zq_c*BUuHhOq=O-|k6^aivQB(V1c7F1-e8}YsC;aNs-afmE>NVY^}(c|lK6&$p2n(#
zU4)&6siAjOr%jOhe{&};NS2b6i^J+oC*=o5EJhJWk$P*BJU%-fPPf1uCKwV2r2eXz
zp~2rk%v3eS0c5`M@w~rxb5cc#<7`!vHFiZvI}xNDQVq5ICf@%^4HM5AdNv;K+YbJ%
z><d3NzVKAA0R#VebJ21p;su_C%PB!pAz!=OOwE69kYuneW}bKcKn2cZp<uc5|M<gt
znV(RvTg87m_Ox2%&TNGiQSRcY)MCV-e<BV~D;mL!2S4D*URc`*^(JZVoFs^8ps0yG
zQd3{=Ceen~Gq^i65E90xu<Ru!L_t$;jnnZNX}9r)Wi)))9P_^v+JEvEtH}h5=7?M$
zYuq<X#ptA+=tj%x>%9bGYl<>48fV0iimR7~9MPl5=o-e++T01NQpES`(VDio9yWRk
zGUO5iO;*Gf<CS{5eV-?TT_Mk01Sy&>x*jSKq){X$gHVTBlvBO`?_xV8(77gX)2)vA
z0fDNX+nKXwoLX6A;L$hDSkQV#xz!(UM&69z(MLHL*-?!X%Y+?<`i2;=7F#TJ5V>c1
z<ybl2d>;B~RO-Y_c?E&N@lWPZ5?Q+DJfC>-<V@c7u&X``ce?v`)Z5uZYdL3RWRT${
zC>s5MWvbO#W806v#61(yIN>UOSbS)gSY{cDM+viRiFUMNPvE|uK$dolGx!wV#f+EN
z#i*k%&4Gbg^5z81Q%;l8)9jcC8P-3NF)^0S_SvfOr<rBUl#w~lPe;+Eum(EhkP;4e
z50D||bp$@f)cN77W7xnGOx@cQ35=H3#r+M#M(I_q!3T2vi-BH8az4|0PKeTE;nB$&
zhmqXGfNzk}j#=oSQ<#Ln#zjMSM+236JaesTo;p!->h#%zmI<g`ou?MAlQrF%X`1(?
zrgOn01qSg_$jVPx=`wH1OzT%5k6d6;Lmi11L!cx6fK<<&B?s@ABO{ZVk3|`YQ9enP
zV#8R_=?!a+vgy}QNBKkE#tXygX+}l7N%9BfUrKBn9e(v4$KCGuP7&ZHLN5PSRgihO
zWUX33X(KU5Gb+#q8O+n{XA?%&BqQ>{uF}de!DYpYAtOSiAfm;P#7`m%WJ%OUM^tmQ
zX5@m`syRn}^oO9z@=cuvvLRU}4aZyV+}<`_&DKK>40Px_XM@M1Xd|#HMQ%b?E>J3J
zSU1MKx+hj0q@rL=W${4xc~Tx)BJv4~PpTvo7;_<~Y*G&Kry!exhgK~h`2f}-r09iL
z8dxC`(P9};DC*fV9mK7Gf>?-1W@AV0W~N3F^}FP8N=k#fD2U6ZY&lb4D}T5F3ogm?
zLpG0{-2|I0HXb4FAgS5HncKIWhc=)_y{`*}6vZIj4=`y=l0tHTQSKmOTrtF`VUo@w
z?zK^Ob8-XqC8<sgKZ^*nAK!|zIT;=%)V-G+7~4x`qN^R~?=MURh(-_8y1#JW8Yv`?
zi}7I>;y~<NPvj#UmH0L>UcP)3EM7Z&7KZgbDgPcS6~{$>nQM3*tuz!R^omUCfami!
ztc0*~<j6AQI#Udu$;m15Us}XK+{y{t5b;iULc;r<JA|d}tSm_0aNRapnk`s3xVhC;
zdd<AE_g0^GM;yhbl_{JyCQm*h9-DX`Xk90$FHz(fB>O28bn%m~;>mmE5$eE_mjdf#
z2JU;)bS2ua+mSHiIntq7*DQ)J0dj{{rUlMfZ1U785&<$4^{-#VmtEm!PA4ZPUl>w&
z<D0R)6=C@d0`TH-R#vVsdU>sN((+2h)kHTtVNGL7*R8@dCB9+BYjlN%1Q`|{CHmKK
zVxsB#^m;SPD56H!*?{1&aVK7E=-|^_A>^C&yk#4XG{BdVzU&1{yRlf^qh&<UgHLi0
zII+@lk>TOt;P`C7f~h6F<jg*#)UEP&#>J$W8FN=pqhAa5G`$_4(&(4q(Gg^!HFPGM
zuqI@A%C;^{W=b=*IN8H~O-WkTtMWJcW#{HfnVT1>Vl;Z4Yf&601RK4Z<|CyP4dUfz
zhif%PMMr-=u4buQktx!|q5l|g4>a;Ira4)aAC}bIwc9Q12<y(Mk|7ofuA9Xh5DDmZ
z#FfyL#r}!hm@#rKOOvws!_^0hN#jQWx6O(0E@p(@w=<glPd%)^u1!8?em*UFa1Pp=
zhIU9A$Inr+)nFB)$>^87)TWWr?fz<zD$bBbnK!AbJEs2QBEr3mbnhEV;aJnvbj%Q7
z;7qqt7Y_6X+1*Msy6sCxMC@M=l;PmKa2>?TRjMXedW#$NV`k-*ACp~Kv42YoR0AWA
zzX7xoe{I8I>Yo|bET6J2FI?gp^ld^qY4x!$keKg%j#EDn;#i6Od#w&0cU4$l1UFc;
zf9zN$W9-BlaZF7K%<xt)WEOynD4(S&WAgy^w1|73D5{_qMJIT8a1|6b5LHiAA0Hn}
zJAA>8ptVXen#M-KDb33xnOvBNL7C<vi1#WR-t%E9-NU<Z95_+nzD+urTUZLZ{;M^a
zoRm#KDCw_&1nax5W~>oQA02|YiujX~n6A1?O8WuJ3e3;r;)(*!eGPkaq_dWyW2^;F
z`)p1{^*BC18QAF~a{$lmy6BsQFV3=nJ-5GiRp5<=Bz4zR)70ci-pTCyb4vvqIpX@g
zC?j{%5tkv*Y9gT+vyy8|VPf>JE5ZB;MpKi!gb;Ul!jepr*Ii+EJro7tFGCtKcy!LV
z3en)NpUCz0h=cB%YZdayx2+NqkPSucNar4R;Hiz03U){W>)CTUhQX-gFC7s)P29f=
zx~pN$lVN@~w&PMWx@~T5hJ3QbX7DZNP;;X-t<MUNmTctQx2dX@aP#NxphL?R%$`#@
zXlrgJj;H>D9v?Hiw5s&9PKkGRcIjBuU?l!9A2pqh>dw0a{IRz+zZslf0?Wn2yJN45
ze?~RZEDz&DsLw_Z0M>Vh8;RZF5uC}&YK!U#b{>b)(0Z?QE35gSp`aj;LQHlDV)nK|
zok5v{6$CePvq{DH!j^Ij;ZT2@Qop~B6*3NP#IPs)gg>p@s&0h{{^rbWNqt*dqtW!U
zx+4M$@y;Lv_72$5@=1+@t=X``aR65nm${5k1ZWrHdK(PGWlY~&%`{0bRcxyhvLwa#
z;!@Gh01}ZF9;rmnsrh*Ntj%q%MnQ~cBy5=)(9!pYd1Dp%JCyzO`tmdk=s1G-t>$xV
z@Azoo+4P%Noy6Td{kl4FzV!N4nycwS;__<H>bIGD0a_Y&n$3mnC{y_2`eJnUyn^O?
zxsb}FnY-C1C}HAb;#>;xRL;_&aSmUn6L$e|^!hIU-b-dte=7Ip=45BhqLjS)h6aJ#
z=n;&fTaT<}&5`HX_4V-V63?ck-{y6d3Xef&=NG`lbhW1D+quqmq#wdiHf3L>h&Nk@
zG0_=JmttnN>X|Ne@GUNJ(lbb<>^8t-6FF~R;}g`{b1;f33JKDhl~nPoG(V_L_RWcY
z82S%L_1jhmMjTVx_}OP(cVjX)bK{Ya3_^Ej=ygaR+h0c5)J1O1aUY)(QbVNJxtQO{
zu`X)-AGY2qtgSX$7scJ(-Jw`<*WfP2-QC^YAyA5Yad#*V#fy7!cXvPeyVl<4;+$N}
zi_9eR$$Y+i8Sfac{PCd26ltXl+(7&x#^v^?Ml3dEpzDhGm%vuVuSNQ)E@hPZ==ikY
zutC&|v{ktal&LCDnrpE9-2`d2{-Y0_gS(|L&<d+M6{HVYl_jO4w=!?U%fd1ZI@!HJ
z@R_>5OX&gleB(5g;DCc)*j_NFrmH!Ie$8%~f%WrsXFEB1fy6|psP)5hC@<k_56>+Z
zl|3Xt=*T>Y;zFA4sERnL9mNk<-k={2<BRHI(c){kGjpGLeFxiuxWMrOrJ|0frxO*7
zMHyJA?UvE;g%|Fy`{e(U32xMGS6?ohwXr`fi7_QAMI{C3>*ify<Ply-2y4V}PS}^x
zbwxGOD&<#JqWg<enSr`~*r~>w7lKD1zMF+UBfD<~)^A;3-;TO2LO5^ve!0Tb39gG{
z>KTp1gce1P1@(fK5^!WUmK1S&9>60HJ7sC@CYeN6&Yg)Jx$|FnmPC@fdsLAYE0N!}
z;aU=frS-^`O1Rt0z+Jrj$OJ)&iE~Kx@|OJKA~`Mm!lN^5tklK6{o)w)qLSJjE>H$d
zN?lHGr@a4jWu!lELwKS#be{worfU`S-eNsWnmPIxDh}ps!9>Kvsr-s^WO2cPbj<r%
z#5zJ;W}Mx<i*+<P9N@?hn-FWv!7m$*c^nn<Ws$?w!dQj`A&eWyLLm;06ga9D54Wx9
z0+255gr_UWhI}ULcIi(+QfpPAsrNX;8$W#MYRthROa&AT>+~Y%P9@BCwG_3zVerW;
zbIe9c$XP@4y-N2!JgAwkCyd3&#w8|AU)YHU3d7f*=wz?<z@}B$%q*|RZX{?nsjLwm
z8N9o(G_*s@KLX3hjI|^~>hcUikU6o-swkZeRbU*CWEmO8`4=%pp@=F4EG;b^<;G#Z
z8huHV&rj`+ft3kr@|-V<`E5BE&cLBsytJ_-lL|nb)aQxJ93qHgt@pU0nlxaDq{RyL
zSD|RSSX^qIL-fVtq%xSwVU#K@%M<#Qsq#%f!bdi;;upZ}KH;D?lQE?ViT&Ec^TrJs
zFo?8IFGwk<9^K5H%-R$7Ba>bB(m{Rh{qdfwpzVl<d1hEmSdbDV3gq!9fzzpk1#d-O
zC@wB57^^I(hQ`LVomN)~g~2F6C_+R@NstiDAybDv*0!oCmc3NPe~~6~Pl>81N^EuU
zL3!cJEK{|W;!E)jY<Q$&Ts`X=zQ~K_rNP-ir3hdFy!f)p6b615LZPK8ofh%VZ~O(a
z!cb9q)KJ>5I#Ok0&g~Am?o*MLk>&<I+5PlXwTAcSn3a+h7v~@B2!+z;+@mQ~4*pt~
zD6DziumSTRL{gME-?4&i(94jjpX!EFSP<}Q3jUAuPxV@k0$(eLQT3!;p!Z81!S8ZY
z+8K$<bR32r`#bbCDbg%=d96nF73GMV2xgzsX4SuQk=p$0j=I9B6G2YMG+G%V=8t1H
zk%GQe_eTzhi~D6MV;ZOg(ptzV`F16bO5b!lt}d!7E3tC5(fuV_QdTeCrJOGO;Hx&s
z-T?S~NB-_LWl*@WM+3<>tr<7o(j3uVHt=(l?|1cIhB(HDw*&MFEkCA%#p%r5-K7X|
zeyYyT@L$SXGd7Ha)Ug&b%6>n7o6!pHy58j?^^y@sO3w#3{I!@@2TGq=kTTo_i%)%Y
zi?=5}X9ta^dTQd<Gh5RfXn9+{Uc&w>K+KV{SFMB7yGQg5EMf+cn*p?1EnK?9{by@r
zT~<hZ$Z<4?95&Qd%q-@22x11Mb$S_^j=d26=hmDAziJ>i!1Vdif(C3b7c(2xwzW|o
z>gv7fk*X^zLn9_T2vKz?2!d8|Mfvat`?JHkVGfN-aI<x~!P;dZBZp(PmSZIu>PP~i
zGSuate9YHXJu0=2YJj8IQ6(;>^Vyn$2e^B8?vt7^S`uV<7{AQV6<OZCGoxg|^T`ta
z@PN4)7-IfSp|VV;zjy1JRM||GTcdtarQ8S`QH*>VVYW_s2JJVlr5l{cz+Nni%-Hn@
zN&Pz0UJ=SKVC*X{lX~>TxS5tZ9o?kL*tj_q-Q`L$3s)sLdrX#Warm$dHheLBqmx6k
zc7f&yeeHx3-`RJ|Sf_UFZ+1HkVCLRhBf2fQq`u19#euZ9Tv;+AeHM=6sZq3;A;s=3
zC$P57895;R-Fa{tRFr5dTn_L?hkRgUgf4{YPbXHO@t>-3WXSczNu!Y1*{JqLcxj)m
zgnoGnS#O-5wPqGrYhpWpq=xNrAbnO>kIa|Dq~FG#_&qM;&hYK5t^1yyp6rhUjH1E?
z)K{VlmMRL8KqZSXM8^O$=6Y84tggaTihOzg;g6Mu2C<H^h=kmgKeGrsqKS1wY?W)v
zh~5DK!BBAPwF9!&CBb4XV5u%DWp{Bu7=P?)XP9}9NtA_*jjxZ)sk4hsW#ZZ7V1M0F
zxkGguFstu#U^fw^i4?7kkmo|h6qLdV&Df9wl;LoK(z%ipCBhz)62^j)$4(1nQLDw^
z!$EqD=z23ICL&9VoaK<iTXjGaAEllLVJdoP5{iqgRMsF|{Gv1j*U~RNY1kjFOz)YQ
znH#MjO6P(-w{bFq1=sfh@j?ZfZ{$Qulv#>!Eu&hvJ%c|>+wjp5!k}ysb;hKMR$#bO
zZL#-TN6&(W&x;Oc<)=(<Dp196EFV<*ppb1<+ULIPaEsAkN6PbsdOuV6uRWF9RTxnf
z{A$Q7P7JLxY8I_j>Dx!`ld+!qrMiAsb-Z#SMbLFMX<VIe!!Q?6k+oa_#nnML`gX#{
z6sWaPXBpq+yWEkoz~ZUfTg_a&RmeAO(TL~{mep%DPk6k6Ltgw?0URUtO{~Mt$0>h1
zI>OV95+X$G%hv#s`V6bKo7yH2BCC7iRY?~&Mn!h^>+Ey+<c8h}waj#63U1mh(7_5`
z+6g+*)FA=B?x;`h0?D2i2E;FYBWZ)=J>W$XWBcbs9UD|uOfDbR@O){zPSw9#1Ye~V
zV20mJo)opW^I{ZE^uzvn1;=%2?FGexl430*MsT_|{@H6IIFtNNb?wwsf?Ro}ZQghD
z6beT8=|L>L%<ha6x0X<oYMy><ZdDrNTGV%0wPW-=Y!K2)IvzDMEY0NanP>mN+`j5P
zHpEcEPI}dQXWKjW06Qc27|_eGgX$ObsSn}n+2AsEnz|ags<F`?)B(ML`hR?EcLz|J
zw;X~&#QtVR+bR%yYJ)GsJ2ZanKi5oQ8?)1X2bh27;oJI69{z`}o}JzL+fMVS#^OL_
z*|AUYfW{Q%zt6nE;rT}qQ=H`QOWk(|^woYf@)K<P@67*(L4#VZ2*+Mfpcpedhro^f
zq5n#v5$LrcBb@Uz1i6T6@Ql58-mi>Vva?H5)k;7^9fMzQ#cr*o%dTspor#@hrq9b2
z(48Ehz=$;gO=EQ#r<-MCj{7*W4DO=<N+)nn#7=8)+H_4PG7zg}ymc8gr*fmAl3D(V
zVZ2-o17a<O=*2s2Y%IvqAcv|VcZ|c9&LPCEdq3~@{Q4e|wI&w5+8XiqT#P0M3qgem
zh-q(Ji|<pUuk|r*F_n>HG)}|IWYGt+5&x&wM^KS2eZBncZ^}4UjV3+j*|v5ZO`G7y
z_;G!9OuzgEO&0RUUQFFZ)u>fi%3Ia23k`IvA|n&5dpm``KF*nhWFa|ThQ_Dzq@ohv
zLAY44q)iTTd!-0=!{&LIrfq)YNero`$}k3-ne=aVuN<K;J<*pK1jNP7Y8u2l8dyKK
zK$y_ni%Z!QucWc>AocJghE@jW35Sz+Z42kfkF;yp<z!1z6zzTkuRl!igtiUe|Bxw|
zTMJ@*)EQBZoj=00yqR2EeMqB>ALD&zz&4AKWWZc<bFcbBnJW)Z3S~>`<}>3z6k<o;
zL6!Q7*KoQNsizylf+r!+7_t!J&-H@mJagMbHuc4GxDGH(VMpK7*)`;gZFjELGY*3&
zcnj`hn03644hNmDJKuL&>Z>%g<-)V&=555Tn<T%v`q+p+TaU)1$qxbKvA2f<#U=`V
zt(>4-UY?)rV7Vq)V(Lz-Ysn0s1Kh`~h?0&~ey=s?3&<Hg2}`^AYsE^@-pRmJG<b&c
zx4h=sOK_Ud&51XszdPkbtt0w`tPwlo?Unz?T{WGCie1}h5puc=w><9YXuY(*FybWS
zPqNXJMlCl54vLzf89<;bOkMzml9(G0x$dw19!sb)8CdJ8+_i7u)C+;`!=%H|?<YJn
zby7C|*sNg0Hr=gixHjHvDD!?KELmiUfvzKmv;LhB^oDSdWA+bYHyePKxWcb8+(jXG
z9S%HPIkqo2;`C`Cs}+<NNqms8*imqkk&Pb~#Wj%xWKNRx-Q%CMu1$MUU&}0`;($6w
zILI7MJRk#E+SKmn)P`Z;XsVlT$d>Siu-pAfromVJxys5?0}a6^vK}g9R=%&GN2Bjn
zuKyp(pVGxQ#Ta5S(;ZUdSQkqyctp#GnJc`S9Y6$*aCN>|sMYiP4s>&0ViNA1dbn&&
zT84O(h#VNzYcL`MVIoaf6h%egm>JsD-|grjG*4J`<RNRnAz2yDSm*4^JTck~Fgu6u
z^y$G#q!-Fy$4R(~59>)o6$Yc*M}LC8rl6z5qG-m#?%NTNyy7znkv^cJqNf=3g`%ql
zU?zMKvMYlV0<<or*@>e87J0uh^jb_0>|gaBCQ@X=QDQ#!fdr5CsD0I6w;VrjHm@co
z;n$dH#rDD_7)Dz%fTis9{KV2~GhxIIZQ8Vsz2G_Pl9VqT-_O04`<`dWDMpdrP#E<-
zz&agJ*Bl5H-AlC`1K=ZsS(2gqA=C%<vgCOn6DLs`C!(CF#vXocvp(kw^Y!(uperUA
z?7p3$MSEo@$RKx(Vl;|k^W9kRU<40iMkoftbcNr@n(BO^LYu@s#`?LyNitS@v6eqe
zvM*QNLEuMY!Y>!h!@x=K2*AD;0pltP_0ua&`8w2o0cC+ZobIAl(F~e1pwSveETfJp
z<JC(*4b7Qm6K5DT{xzB*+)gyhi$i&VU)L*Ci|QkS8`!_yo!G|T|0EK<aiAcP<dM%n
z_CniTPCvtOgEPou)KAE|Qcg4{fP5M?1zKUD+~UX0M>|BKOGUz3-ESP``q#K|lJ?VQ
zs7~soqs3Xm*|EDl*xQv(f%-@F2|n&YG<{kH%0ZFrN3*NwaKF&@yfK)Ba1_bp0v_7e
z@FrS<(<p`bH_pz<0sL7Md2$HV9HKfuT1KoIC{m=!FI@Y?b9s3LhWkFyb#{3pQVH%H
zJ)In8jnjrP%OUJ@FmpxVmI9q%03yp1p}r%JftLvcL9fXBt?~sH7;M?+XS>pl!IXQV
zy+)zVkz>EDg2%4}cR041ebBq5;|%-=%F}U!%@V*S6~J)A`%EI1iU(qGKYKT#4ffOD
zRt*Dt$J2y+hi`?h9((X)LR|B7Bhy$6wk9Uo-X6r4A%xD(x_^%^1%@vWi^P*S($hw7
zo%76UUnO$0ICnn6MAklTB~q)%1JF=?;Y%={E-r<)3_m}JcQTq{C^qnwrsZ*f2sG2y
zOGyQN3&a;&uYvC<w52}TeD4hXejG$W>lP6kPEnT{F?lpL`w(jesIOPPZ@Z4407y58
zx#xOW_&boTN%}nu)Uz**ng}_7413&^BSS^zu1;%`KF%|qYBZ}QpcbZdI6SA-*Xwq-
zm35j-w;Fx<kB=70hRI=M>vSF_RCexm&*$9dZ&b%bjlZ=Lz0p*s=MT%q&b}*3wRJtO
zFut2zeU+puKX5m9MvMmcm?2)$N@ntr=Z@i#z0v_&*xj_B8Azq9S_%kTdK+ET{ugcv
zyo$5+Jc2@D`^zCYfzKrT!@jJ#@m}?>nQxVcUYW)%r$&u=m7OJ`eB^*w;)x5iN@wgE
zzm%XaiJ>`=V~2*$0P$TH9pfLJHC(ic)@C4Dyn+8CDiLXRvSHj+I0b@002f6W{j7Fe
ziENamTHUe2^f~@Wmb2X=rWP?yDqs{8eaiX^Pa(-wZR3R)O5cK@0`u+a{gH>SZue~u
zZu4_jmyh_EwkR|}c1i0Yrf%5UuUz~A<>6`|i}+_sfLEDP&-1n;509`UE3l}$u8fI%
z>IWAjUn2URubNrKo@6Vr;@9WzE}6w@gb1?*6N^sIh>FLq1^D(g`kpYMijm43!F~l%
zF2!XH0ba*QasgNQOOX_P--=d5lD7mekSIuy2k;Xp@e~Wc;A1y<r{V+H>EN&%**dAO
z;GsIdTV@1D_fOeo?F$fRFw0)!nanTsdBFt+I!j0mN2wMi1ayn}2gWEfD9}zJtY6bV
zxY3N^<YcZ2(_n|JTimvf{h`3O4~XXgdn6nyh2YVK<s^((rT`nArL=Ne#hcfqqiUc-
z>+-abK}f^xc7l4J(Nfrzk0gc?Bj39*PtBwQ6z5UwwvCEdlf=%Xzd)kjx8yIL2;yIQ
z4s;(qo=6XCb0d7~(FIhplsE3cp?{}79yDu&DjUTzsmGd%?!9pDo7%aDDiev+s&rG}
zAc5+#e$Y;OSGH}LacG@?Y4G+8Q!EOdu!tWtsoBU3^Rf@~-$5A!mTpmbZ*p{18;u~N
zif)UP{64_k`<l!JPz4*+?So<{4)H<EOyXerAVU}===+O+8w-9C&#W_nLa@LDGeE)|
zI6KN7t|Ojgph=M{K}Do~Y{hrZRxwD_e|OadRhc0V|2_#eunh%DMw4L(_KMlfwaj^b
zgL)O8ef!Byzh`Ae(T68^2$l>5OvX8*pSG!2KJEsD;=J9d3eI2+Cl8V3eLJ@LVK_?I
zmX*bb^dfj;hYC5S&VVNVeNv49J2dtUAL&qqS%ZGSdhZws3DzHrE=w`;n}XDa-4N8B
zfdq!kd=@7kh5^<Xh{A9EeT;gq68l~^bC<M;Ejrmzb(BZ-Y`8LO3O>+*jkJ0Db{0ry
zwoO?ku(D93m3n+-o7&Gr0I$*`v68@5vq*@w_r;8^N;QglB+tMx9i~Bcm;=F(OhkOq
zJJWGXt8#oFF7-m>i=<3_H+Beq#`%csOR-%xAD#R<x>WXyRkz=eTHKOcQ^yx196~p1
zN4|G1*<&h<dc2$D7~o6W9HDDm-hs3~L-jY?8zVTOG-%@!`HT;gmu!ZG9C=KBqPIWS
zsmD_ss}}|KN!ANy>;<X|?Kw^20wh=Hags$)mc)8`21To7Dv7jZrvz3_nXBq9sWiWu
zZnG*GPke9q_XTBFsgD~%3ds0&=`{!FU+$STvk+5d8I`h9SyI&*M1iHkvJe{|<AKjC
zJi@}?w01Trk$c}GZge+#WroL%9LC?dw(Zk_x&#S>ezKHTb3{IJ5E-%KjO<L{(0TPL
z<vJ~=8V(MQ>NWF-A?c-eFlMWYE%739szmyYU8;t>%*SHP*he}>GURJX+ve}_Kl9L8
zTXyPwKRP?tuClRvHp^U@z0W;NgR01r&*xFQMs)RVJ&zGb%Y9@LZL%)aUmTt%2X?|w
zcyExjml_XlNfX9nde6H&eZCn!ybccP_<tz7?RkS_-{L0sdRM#+-7*(nY{9<~RaU-E
z5P4GFCpTlA=zK7rR{vZ-(cq75QZf0E-W0%2epvVa`#^h2W7>G06}#Cyvs*sfQIZ^1
z8Wzc--YsT**-VfZAIG`M{61R(;)VFG3Xug)lw$6K!Hw!DxyN6j1Y)))`F_F9(|3Lw
zeN?@8zHOY1pXDW7tk<_KP_dmeUcULb-`8Y5Y~*$S(<07A<f+X<OO71oxnzs)IR^VG
zc8|V#YZmR#a<7?H`MsulQ1$M2PSyCT(oB8-(o|N;rCaS0`Um#kgemBpo#NT}OY>*%
zl&iInH=ev?DQeVfyBOZ{G3a40QGULhKcl7d)lCIzH}xZDT{-C8KbkadSK<`!;V3u6
zy$qkWZbBMlb;%CLE-98wEQ=j$Yb045?dz(n^;Kx;uDzy9QO`&77M7Ad9|E5ZKX6kS
zHHIGl&l&*B1`t@^-2=gXMcS(8Qu=?%Qs$UFvi)hs9{qWj_kjuGXM=V<%O8f2PP4&<
zTg`>o)qXjWW^Wt2AIq0h1p<#Rw)?^s-ove=R~PTsN;}7!E*H3TVgy0HKX2$AxAr(I
z<nyc~8Fgl2G@Jf=ug*$0{u0<4CAK|+24y_QtTgE0!!-NfGoVEYF{(S<ktlZZWpCY*
z{P|(KzBXF@^+L$@=ZxUHc5Ei+taQ;Q&rk3+DTX|hEwi-3GwHPpKuV5f!>v;X;(g5K
zH=E(|GqJ8;oBA^5Jvt*78RrR-EAb2+jA;UvT)D>Y5|sJlDDtBiD%CCXC@op1avThj
z9GT+gy=ImM&8mRrjb4-Y?#&ItR>G<@SEe6w%`hS!=j)H79-h<5@9!Yu-0zEIebI(h
zX|Wh-IGkt34j9r4h_3E#lRQVt?afQFWVW`=1xEhh!(HlA#;s)cwpI71@!u_V4wcly
z*N_99T3_aCXbYahOxw1;n#Dsy%eM5^@^~~*I!risb^lWDKws*#VE;H~-YXSrIQ{04
z=iqt1LHcH$70zt#$*}r*YnTfwld?fC9q?QijT?(Stj3P3SGI0TF^4KMq~+zvrJEER
zD0`E2CZuup2<(1cb5roA;BPmNTvs|3*O$z|0Q!1n2XcSUS+RRaA#QB2y&QE6GFo4#
z(O%TOYdSKR8L+`+*nj=uBYIAP+w~^0Bp~(6xI-du^eH+Q_#lnmj@`w`ch1{-DQG{e
ze%CSWLHp^k)HCw)EGbR@y`jc_(D{c)>>uU@6rYFaGr)d(!<_n<F9}WFZ5zm@gSWfz
z3-ENl%RA?{TZ(D2zr+*3gV}IhpRs{#1~P1z+3Q_UxJypr6IL41DN$VrzZaeLcfZi@
z9T|=j_clFEJVp7kG`_O$YEC*RM)jbCm%qSjt~x5U_*dlRFDPOC&U+>v5-yTI3!RS=
z+*k?M;N<?aZKIuQ631(1#ocj0xe8c`JM#6<=n6JiLp0l<yfotS2z!tjmKCPUY#r^B
zAeCye>!ROlV!ro*eQ7cNMW(Djf$ox(&%HWRmA2&xt-R$P55OGsgR#g#36=)XGpNWu
zd!aE$LVetelrE8DAq<oW8}~?VyZWdTu*g(vd?|4bZ~(CDi?wD01kl4LPJ&i;Bw}~9
zs?E@xsMv_Vuv#q{^9f6mWn#X6I{#{ypuve4+!5<olFABdTCgh6bSzY5ESjq*Sg|3)
zk)_;^@3o)lBY_(@yy@M&sXRj_>A{RgIyJBBKfUd>zA0KfGhsa{kVxuiQ&Tp~JV+sD
zI*fE$?%Feq2F^=%sfv0|4@;}wt7oOlQ~65bIUC+sZtb@x;XPOsDRx&D=-L;h)0KNU
zP@LM|SPNx_kK2W>?*=Wn0PydMRzdUO3H6w)!M5P9vBWr8h|ex+#S8RHC+SM1>By^P
z*J~afp%#sjA7pvzwkO@8GjBC8dC^vWC!<8e&Lgv8MS6g8<)NUhy8{<M_Z=Cqwt_=^
zm!25^#yH!aT}@b~s)=N{GhLQaL`bpJ^{f_#@BKOj>Y|mSqS+4bK|1+`8zyunMuZ2f
zbt1&AB*;Z5TAC?>Z+Q9q=j3x(*tSwCP8Xj*Fc^q`!#)ECvKPqa;<u|oGZAGuj{pxp
zI9lP;dUR{dq}XZ_vxKK3%T+R`i#6sEB>x_(&68s=|EhLZ9!S}g0-lCQ&N93v&Yvky
zNrW_Q@EeE(v+erI+NEUJPS7vYkussldiIERb;EaJUb_kXjVuIEEs<3PN~4sd&I<WZ
zPaG0aWig;kjUpd5eRe|v6;ck3NNIE7IH%WAGXE{-fN{b$yo`ghtMBqsl1J<VK4w9?
z^WdR_5aY+2XrnmO_TRRVhtcGurwvdc%zg$f#cKW#Va5+l`_t0l8q-Dk08iw`!%cX#
z`EmN$Tlr2IhodyG{Mg|R(I$TO?iDuI%C~F>z`GMR`JCW=NJOr~qXToCbozJ!6ZX6P
z_I4VJ%kz~F9T}iPhdpzF29<g%UFs4Ao6~s#hXRpJ`tgA527~yjoG9K!Qml%yB9CGT
z%g>q(J8l16<7(BpXS_T1T1Y>P2nVVNp1>SFf~a>UgM`H}ueX4|kZpE*a8)gvD5uYw
zqyK=T&+i1loFU4b(|<k5_JC{=VjbN_JNjHZznbEk%<Zutn;<&?Nm={(u=zpjv3a(8
z_D6EJCi2}4mZjSpd_4p5rAzSb@^dw?Kk)q&^-2wBA%=owP3H&Bh#|z1fTGBg>vMK_
z;_NXQ;PcM?me>;*DpBnJ*u)~YD+*ic>j?kL6JF7chl}5-s<H394s$wtH><}_4)%BK
zZCd2jD#X;H2<Thq7rDE*fvsi`cYHnweq8SmW*<*o@9ZOX`czYX=4@TLk<!xg^DO&A
zm#)i#O0evBR#I6S7>H+0=*SMKr_0Z~&8zj(Z&x#LZFVq3{Oi-8UKnJ++tXvu&T5bU
z@GFt(0lbfJDWr#gbSF!gTR}9D`9ul#&Q_%O6BXuwP1szc_!$XNpOHHyR<tQ^F8Qe}
zTHWJFtw;7r;`Kz&JL5+8%&t`+Y~XX=r+g8PS7rvDLoM6oo^i4GVKFeUz9W&;YR$!3
zxE~zxA;F_8aMIbq)AVwSnt1GGJ$x!j(_aDuoeF-7FP;E`gs*Y<(9LSfm{ZrOEigo)
zq9rHXYp99n!B|*$;J6+7S&XFJFM3iL`r3;i)FCz~QY0p!V~-Zwl2W$gc&@`rt?+7Y
z8%`?4?TE4L0706T%Bykjyjzl&xVQ2WWQ_=y|24ZJ|I(llrQ8lA%-I%FLR(RfQtZiK
zH~IasfzEKwwHV80KTR*+1X*8)$X6t8Zq0^wZgv0B=34Ua9~@yzLhsiE%$o-yQ8(D^
zK14+{k{=DfKmp#3Ga<IQv}8E5X2sEikCnQsleah&HMKmy_MV)!#I8y<;gJe4AutMN
z8~(*vLWELgX^9jn?p>8?G{5qm=}nPz%|qB_kiv#q7~<{hCz$l#6wR7=RXXUj1ti)o
zvQdkq@jVTLxf!ec4ONd0|DPtJXFXI_N!b;Al*w3a$|I3R0tw{dZQrNFJpJHO`VwW^
zL*NC=kG+Bru$S$of0AVa8NRcXq%GPmqTTTsJHMdAqY=Rh)-?(xQ!Sges+7IMz04l9
z{7P4ZVfY#mdC2isLA?xVHI!Tv7ZrOGIamRbgd6(Dz3X(+aA7iZVYt@_YFa}6*_v!Y
zA{v&(F*!|A+6!za+$<x}ADoecU8n+;Wu(I^-}SoH(7VhoCyeaX&VV}_B~w|AuHd<2
z<K|-^-OrI8Y%i;`A_LUn6$HxQnpM(ZT}LUt%zz=Vi<nLw5m2@@O?Jrp2o%dOBhmGY
z_N=%gN||#UP0085I@uU~X@GIzk`Tp6yN-u3Y78WfWDwbe83&mpB?c`ibSQaS5!>>c
z@tzBmf<=l?2T5!=+QF?*c7ng&FUi^;hj<vje_}dmADI#9B*~^7mDweY(inLzqecC+
zBD&R@!X0_0h?=R720&hU*`FwA(j}>|o15vzq%LCm-}=Pgw}or92kTVJ=NJX2zzAX$
z62bV}4bvw~D#3|N@bC(XG|zN)T;R_RV#QlP1MPB+1j3;16ZW<qr2lfaXj|5m->K#;
zXnR3rDp=0*a~0F-yS*_sWuX5JmuHsqj;Ux#i{<@plZ;N6ki;TQoDJZ?qL@-UoP&uv
zhl7ULvkvK;QU78-`a5*lx4E=|P1-@DXEk0-NP+iW1qXvJ)%JT9L?JjSQPYHC8m7BR
zkZ36&$q&GvFU~}=)2?!p9@|?R_Pn!XaPh`x4R!$>qlIi+)#a38cD=5!(`?f+6j`h<
zw}U#xX9%y7?Qj*wX0RQ$Szxe`%W&-JJ-890zObLy#Y?1N5PeWz9EkU^YJL?SoqML1
zk+kX2GF`SV(yKO=Eb?m4Ko{YJJEOv01jz#C_79T5qWq<UIH*OE-pX#9gQj(vG#T{_
z<jg#^eFuEq`8!*pugyYmE<3#IxXw>pLRaht1Crz5mQG$Xdk~N4mTaK(SL?OWh&)#H
zvCX^1Svpn-(a!E?&Qa%o75g-Yfp;+%oQ`vXRCvQS1upq0w5ES>8Upr=X*Vlc{hM{f
ztBp^aboZjcxo{g$%!3U&5`2o{kKLkIVcD0CIc83jzT<YH3u#R#*K#kn(Cgf1X2vAn
z`ynq{-b<*e>!;wJVnbXiqRMG24X~ZhR~(^A9X;|vwd-Rq^r$j45U(Cb9ZFM_UN&Sp
zm06nJ5I(oa<=S$c;>F?IwWRH(fCKg<y-mN3Tfp@rCaDXwZR95@R9ZV}L(c7LJ<?T<
zKgXGVIj!Teu_=+^#Y2fKn^v*rZawsK_+_kLImq;~OYY*#mvX^6<k{|dI7bdMZ%a+^
zIv8^^&~mr(;Z_q>+!XviQ&`kUmN$mwlhZK!4q^Yq0jl9~874qYn?@z?o{|JBWrxyR
zL@tHJ{FrXwy@G4=!SPD+k?_r4*b76-C>`tH^OkZo7`(Y{Y{ABW$@30M?M3#ZW(@)f
z?PS(c2b@>!y+?$5Re@ZJOHK8MXs#a1Bc4Zq_+42gOcygkJJHma0=*IPDb)(k6&Bt0
zG)~vp6^Y|xb%t=9bBVOP*LmpJ=OmB9k&kR;N2LXfjQiB8(-ON_zj3~Y<MfBaWETp*
zX7bB-=enwY8>~=x1rR{sAO90aTDU;nqbHKeKM6n}DEC4wK-v93+dcn;TpED>ANEQG
z!MmLqIobeOpsTRJr|Hrrsqg3NRIM*YxVw)Q%kx{Kj}XtpWy`kO)N8(<*TsOZo$%*f
zcf;z<fa~Y`P2W9g&GXf(QsU>^a%7MH*<Tjz7WdbDe^R2rr`ILbi`CMxceaGr$ezHn
z*8$s&RL>sA&w#t^DfNpyf5XJQ_lK=zrS8DJ+ccX2$1jif0pC7ro66X{m2<0do^tj}
z?O(lp12qHAvtb`Uj^8hYKKGtpr%-F38)MfD{|78U_xh(3i2q-dX|=z}_-Lf?U*Xk6
zul~O%bM~nI--|iGN<nwU`X}fhi1Y7vn}@h%=J0;8%m0_8Ef4Y2{8zY{h!+FZOoe3%
z{6XwsE&CenjQ*=Ralh%zphY<E=@(nc0K#{_wVIk%m5XpH-=T@&hzQ*GzbU!u^KRvr
zj^~-Raa6PKf`QWC9}_XnuPNWDir&|V1+`xv^^S#kPCp`x6aU8f`rgQ6Wx{Ncl>4y<
zb#wumv%jfKS<b;XtWXse@C*%5%MrG#!vUqW25XOzT34@GzPbJmA>WJ9P#=S)y5Uv7
z@&36(&*7v08^hTR22&o!-^|;O{dE^T?-NO9lJ?4by>8hqCgbLq2h`qk$>4}d<r~{4
z+KGk&q&#!^NmEBE^F(ZW#l((tijFU`Ccu12{ZgQ5LxvAxtIOqQD>YV|%a^!@3_NZ#
zFf(gPUu)mX!XH~<h3g@Z<e?4@1--Ya(>G$RZy2%VRo>|(!xS%BQEWLC^`7n&(8=y6
z@SXcK{<ae6^AQwhNbPm&RvjiyhPtUvi;WtbO~3uXwcT)S*F28!Axb%Ri=)0&qo1E)
z;Fzw#R<UmeDwxwH?Lor}{P9hb!<N9npU<?%YJ|tKQP8Ww-AiM#c`rrJG!{3IAEu}>
zg}q(TD=yS#J~(pMrTcMXDC0u{pXQ>Fo6WG%mR`+D@<)AyRK}gQ{P)WO&MSGaJWzlL
zwNQs~PFtJNppB|+g$ZyKE_MZ5geRZIU^n8|{<mZWJvVcbj?`6tL^ruxM)f1AvC+UV
zz#vF;P-ssJMe6Gh^pYa-hyfr%yQ^;_Ao^ySM3L<XwZ5H<jN0i7ZSvJi=v#HUSfPBx
z_jT0_0oHs0{W5h8C16c07oFuCT%?*3jpl*rjN7sb+f>EGVV1&<+R=lHq<%)>22;fq
z%Q^sZUk@Z!&f^MdVbAUL@{WG?3PZZLPiQI7W1;}Y0RtJEP_?mcslT)1|9pORX-2M|
zEmTaHu0a9#yLsg<?Te;0sQekSj$~wTlWsNGyLXS{vj?$skPb0?4soh2h}S(3&jHx`
z4@oXUfZQp3HPknie;a^OAf#t#&?<P*q`VP&#D-r)%F-|#Z=us|+sD@C7EO>cFt12v
zFP55J0k6g=qzBUoOV#OF|4OH7d4+dqG6TPKn4f_<YJfOs(o8b#-V0&=RNblW6Q<T<
zqrxbPJP-4iDWRRE6wh?djuvUyfJx-KjTE~=(H76}_9(oaW{bUN;(5We+pj3v(B;)l
zQ2`=Js;vm_{(w;lV~;1efPrOS_mKbwOt|KxQR-`tL;kjBCaEBQo0ZU+vPjzR64T~=
z88aaa;T7WB4OvqK+}dc-w7{LNYCgd;5`H(|Qn=S0I_|&HLq$+w6l=zv#{5EmTRHx&
zs3Xx-LIx|Nm3BB9&u1Am!ovMtkMgRX&dD7xx#{(D3i~|$yv@5-+U!2?`i17anp9c{
zAMs|_nszR*?T^I6!ymk{16V#)EpOfN47!m^2|6xnbwrE$Z8Vp+m2GO-m}%Th;OrLg
z#2hi}N(-)&;gv36BGF3{wmrdyGKI3Gy25qGLra=>L27d8Mk*Cq>*RI?FxQZtLu&%4
z{edx0@0STs0^(MAy}w{TC{4{@9+#n_gb0&*Gn2%s(9ofFMAofNNLw&^az4rb_BaqQ
z#;WxHZcE*=06!NUjslIm;}ezAD4tDV@8l~!GHtA*fGe%zH_||?l7~og^VpZQwCr0M
z`te2t>-e~JH<V{a69FFIwz{i)qje%Yp*Ii+Bl9tbB^o#G6C=SDyK->qf9S=A-|G<&
z<3DB^DI%M_<3a<cMg^I;9<w{3_R|%49s!z9TLa1trET&I>e}E*<8L)xgG@-98G<n%
z^<#Nc2so?(X=kxMLS>x5uSVB4;_t61ka$(#5W5U~%}8evV0spW8_AdB=R)^G2q-7w
ziL22P%L>GbgxF5oZ-0UShl%{#{~C+sV2Tpu$y0q^Zef^3*a0%0I|$QtnDWcnaJ-)A
z3dQjA4N)|6P&ATz?8Z+f);!rLVHE1QcRV3Ns1J&9P<&EOS@%vlNIXqmMuiX;g6Lqh
zylewAWFgyRnfC~w<nK-g;X(sgMFqQBPME|6=z(kaekc`m2&TsMpqzI|zuUxbS1@7>
zJa!B?Lw(z9qT*2DCI;r(XqRIq^?d;~!>ymUQorYTsq;0*dAr{~42_*Kx8Z2fqM_)f
zu`D9vx14Z=RrA%FNxGWw6j2O!JHGj{uIQD0AE)~k!y&DRz$>^UFKOOi$6tkI@*sHn
zx{mrumOfs%bW|WrWF(Zf<|)RFheY6no^*arVsv<)$V$lM)S(Jh=7Z;9xO0x$!Ag+r
zgn8BJca3uhLzo(dS`U_o8|(C^5e_5lG!X^vZqnJpbyv@_@A`w}%>h$Yi7Iu`YB_Z2
zBHtxy*XolxKp>Ta4Js!Y5M!hsf*XiTC93@Oy8?(VmKaU8?+DS0V%&m%WpapZaG5z`
z%e<^-k<fu3kce2H^v#^w>OMkC>C~y@$S?J)`iAAx1L<e}PHVqHk_Bg$(~i^5@`(f!
z&hRR(@XnojgKqj33RJnckZI7us_p!d-%~$Zn3{8l3ub~r4h5R@){Y50s`-7?udx#p
zl^;b~iX|iMrVOpN%a);&PI0&_2BMymEqQrck(Yr%!r9)*8F*Btv8$J4Ru6?je%+!a
zf$>xYzA;?=;$1+-)N5KQFs}v<;<zmif-=XcZ3Mt{$yqgxyBFMu9tlfAqWe`x_WZeq
zIwQ4&pD0x)`tL$x9`Ej9T+uFdF@{{SX+|T!Duo<Hp(yvm;{#g!jK}@U{Ht@i(&jWh
z_rTc|rFNAG?<M6?%z(_RbIDTCtew$v^{&(B7w|<PF>-FECP$xlUV&gdKuX6-p0LQj
zHGJ&2<)GpA?$B7n4vz%y5(dB8{39k=@OUXHDjba>A9#i^dtEvB9Wt$ut&9xghBD<#
zp=zo%x6kW63_?cs7(~+KA&~w@t~``;w3#sFNQT_^hXBM;uWbK$YAuGsjSGzVRG{%X
zznLF4Z<axFX8|2%)P5tc8|<BygCpy43tIe;ii7(C$JG4-^wb1d9!sIl2qli9am(MW
zmluS02VI5z1v7-yT(zPVQTi$0Z<T(U7{{vEm6e1{H2!8<d1B=yv$g6roDinb*_*v)
zZN2v|vc>AarLAW_{4Nj7V$~n->teA+vLyh^%aRI5wlhwk^iSn#7Xi5GO3qP+dd=sj
zn^8K|QKFM(6r9F$j+KQ22+4$Rxd>d6kOXm5Prj1WVl_+8Rbs&NvI3nk@>Ch)Ct&$1
zizvG}jaqE%3S5R8*0Bk6h91E^&1<pBr_Dxh^xEjt7{{v%yHuBQftsWc11{VVCK30I
zNNFO$bJ2=}akEb0_qe`G)Jp60)mYw;0yNcj0hl84n|7p30mHp+xzK6yPpm;}qfZSh
z5tr|)F6B||``RUr!n86ULp<(^(e}}8p{#lQaAHynHM%|G22403MQ(Z#rg~~U3v@+&
zS|Kkn4SIi6Ye0@A=3_AttXai<gd6M6)<820;7dv4eyv5tXVGuxETq3plrnBUN}P;C
zdEyN<piaZI_YJuyZ9seb?|bO;Q>!?iq6lTyFnNY>^m9OPpg8);w|ed-Ldn13%B=E&
zKL7$40498?`oEfrNBJ6}92m5Qp3~=^BfIoXy2xWzDB6FMX1sp>XhmA->Eg0?q=_Fj
zQSfI2R5P&atK;kb3MD7#j5K>_?|j;Iss0Zr1Rl`9$PAE|bCZCa-teKcQyR5uG-?1D
z2k032RJN?ON9~4JPij=&MfC=?3nnuYg1z7G#XN^(gMuaMd)gquD!zc2<?Cgw7?(>5
zn-%WT$rW;{7WP6d2N6?1EPWFs>aNtfUq2_413EtSRnuksfA1zYJ0q@GkrO{BJ)L=;
z9)vx;pU9fr+CegH%<T_yVgG%&9aK7@5>YPU6zXi&K^=S@X?6{9FVEsj>{-9cwAX*~
zTfC)Dp4WZS_tJoFGB^Buh$o#2A8FmAWW(#vdYt&~p7{vhCk17`dwjOeBga?r%AMTb
zLuz5&RxnU+ya}JkoF;cObr1_48=qWi%g2I=^a^F;Y2T({>Qj9;=|8~?ABIy^JI(3s
zk>z5?|3R@znmSA?)(~-dBl^-+`$NLgg{a%W+fS*`@LPkX#@YBfTY>IP^~hO-$5sU2
zYX}!$QBLkf*!e;7!)*OHWSDAU(S&Wlt^V)W*Yhz=%khY!c$ew0-wF0h7HR|+(E2N-
zdADz-c5&1HK`~*>-hbfae-H{4a<8E3Gbb1=F<oxUzY*HMY1)`0{r@{-ORf0-o+wl(
zu=x+-{P!t|lK<^Eh2U+5WY;7YLLX8;eWzq7<4KZ-a6z-bjAKSL-hWq72cwPg<-)Hd
zPFz|_!$Xcd@_?}^je`OwLVmU4%%WQ&&{{vY>D=~S_kk=L#TqF1O-AS#j1Ftwm0n@g
z8oK~pQY2(?TZ);l+V78rNdGfMazUuz-fxU=av}RetFZgAqioRzPXX8N5ZS@OT<Qoy
z{A2NygEeDf!997S!l1Hn!GhG#-ZRgGK(I>VDM^ka(;eGmKleu?^w0o$-psI*fZB1V
zPYy}R9R1}?pE`v@BWh%|5Y3zZkhxHn(VAmrn{Wg1`@su@Lc*X~L-ha)X6=4@i;jK5
zipOE{*#|}e5RJhG_v{?`<($0a9skw5$U_X7I$I*}_aW*G&8MB`!bZh<`8rn~e@^+j
z(t2N%{o7;sy(=)zx>Q5FR(J?|SoCk1M;?OkMzijVX``O;8otn|mr<VB?2p*k36IjN
zLF(tr%;A<@N`42+P&Oa?n>mvRgVtc)&yCBcl+Rk0rLv_{hU`E4sd^pzu+J(UJ);gh
z_>REP*G-As{aZ_FA;*DVQGR0%Cf1k!IYEp}i;T@`dLCJ0<mJ0<OOnMp-+=oX>(8r$
zE(+_khn;yB-ZoV3d8&&r^PH|Hp$;9@9&;W##3%TRhN?#smTkX)OhhT3D$jY8`pS_H
z<=j-S!%=)5Jh@k|VEQM7EA_m1Nc9_UZr|=2ss0Af<VQ~GFK1B?J4*8lWR7Z0&X|(I
z$qeOqG*;W)g&j&yZ;pD&6R#D=<C#vM7c3F3owF9drz^7Nzc1@KOdmQDKBS&`oO9`P
zI>f}^u>_`B)>u$B>3+%eEfNcxC~FPZY`Ug6bg>gC+9(Z3kNf!<7%0H=Z_V9tJ1xQa
z5IJ?ckNmu4&6sj}d%#=q!XA}?E1A1AYFgQLT1Fqm(Xc5AsDx`A1W#LyG!uZzT8*WE
zrQJfVTvi89RD)&|;Qt#boT(vyk5#r=zJ26}%fCt7dk%+g)q?Jx+eaLWk^iHBpI-$Z
zNpVU^L;b~sIZ~$!sb>?paT_a=U$~brrt(hUb_I`X7oSNJR_p^!wH^(r)I!T1oT^9^
zPeIBleD|ytk%`VP;VY$I4eLz?Pxb|v7&B_ZqmuE#=3Eix??!X?P1e^1vz7v7`re=X
z5$jGcp%YM*!cpq12;(bk*}-%G*A;^g=V0`p95`4bR(|F3Z|JDu>PRJ80`YD%!K%y&
zaI0sYQs^A~^{+RiUcL?yp}S`-t3X-W=ao3Sg18`-FtPRsuW978Db&V+7}FeMM4mh_
zg(3f=L=PkObYLNSbV{Tt5YA<vqM{fgBse{$XKyhJy-q5(dXCXpm|-wPwpmRf4c!9@
zJpmRtbqI_bM5A)VS5kETDLl9`it?w#b<fp1q#Y&VmJ{3ndl-k7ND;Rmi1gM6_O=Zd
zFC9Cn1&$9v#w+|qTga;i%$qMoK40f@ePQb>db}!qx=8Wjw|ca%Gax6@AeT^-K?@|o
z)qS`jGz7_+d`JqBFD5?&l0BfQx(rbaI*<Wlg^@4x1aV|)b^;U5rP+&(<aqDKPvXWz
z*(b&gS=$Ynbd}CG^{^y8sQ6=fqMk8)$RDo78a*gVWME1Zh_5T?c9UcnqfBeeES(OF
z9;gY*)`AmW{ypI}2jXpUe1GwAOB(4LqOmYUanGU~5Pmzj`P6B%sHEI!Cqqoygs$%W
zRH*AGRZ_ip+grg)o_{2Xl<Sg4J2_x?%G8JIhHQK0&Z#O?88`ZT{Z`lU*3@o6M4D4L
zW0P;d*mvkgCMUS<_IJB@9gU$h#A(ihDw$r3o)Uvq%hM&oq`DyBQ}7=>p~oD7Q`|J5
zB`^vT65DtLId22zv;dqB0v^QQ{>d{PYCsI)Nsi?qq1}_|RFO*?r6>*=bDh>bK0trG
zOfc_^LQsIi{-Jd=YD$Oqa>1L*i?HM*aNBmmcWS5%eI9{m9SkeVadcuTkGkVKBfW48
zCBtY7U!etB!PQ%V)f#+)wN8nPhzuMelM%?6%5N!GYHB3y;%){EJoNM*mm||!axGT_
zc&bZzxK~$5wL$LZogb@+ZDmcesRDgKY$1ppaRPkspqE|B<#iIXuh7dYmj;Q*uP~Gz
zs7l+ML}J4}xyyP^=?YL3!#wrN^k?u*yps@R`_;<_v}|1tR&BQG9|lAuB-^i`c~;*J
z8&U)q6A|P13}NRBpm1ST1190~_VbP9sg=|Ngo=Q%zkp+ha60;49f3hTAGe#JtXUNX
z8g*aL#k4%LVlF<htOU+>vd0Fzx?wBl!oEfl9%>4AauE^@srkLO29{wN(Ij{;WBar?
zZv9?W4D;vtORFWwzI)!|7fHJD2A3lfNxIqD8_UgibWDZE<i_xa_AJp90xyB(xpITp
zgtvxV8GT)Opl{XxE%Eb1n5Wy9BOgV}I}tJq($WKU=Nd2I>DBP+WVm&D&ig9Dr00lE
z072idK$<n>&k~T{+;{=s`9%k|hedIKJ2<1EInWI$l0{4(tItG0yf3T2Y*Td2av)<H
zYBS*0ljv;q7!Mfuxo>Dp?i82_Ty&@-njV=Qk%IfNd2#M4zgd``NOtsfdw)`nD3{nI
z&;QEf5xQdH@4EX`q60VOo*aD}h4W1bI-n?aG626>6~!YG+R}$IXS_4U`Z?R0ji}#v
zT4gD->{ZQ;L>I61_UfSGC}H?&*5K~1`yM;*U8Er2KKk!7@RN@)*<$Q?^XUW51rzvi
zKlt$lu8)(7Rq-|aem_1bu518<sz{HnXjf81e9PVhd5(WdG#P!cMcSkiS8O^<lw*LG
zOcqJ$ZDYuA&G5%He72jLz~a~RDR>T4q@%mQ9_IfTKB-F3PB$L%2G*th;1X~MW9k^h
z2$~@X?70&~ns8)zcm3z6`3uJtVBJLqhz^OQ*XoM<2S}<w8q7CBg(8tDivC;IV;%@m
zAIxJ6O(m+wbsyJYkB$&l(e$}(DX!F?o{ojEyM_ICeKwp$nl%;l+d5sc`8YHp3Ih&Y
zWN0^Yt}<jmW|Nk-{)MVUk5Z|FOVD7SB2|Xbar5G?NYDH;d;rSU9$TVym2RMhdti6l
zyBu!^D)QJ2N-<!nc=p7%d0j<KSkh-B*-01xjtV6XhbjFWD#X)?u5N?<8=m1dm4Isc
z%48OhyP?)>0I<Ass(6X$*QZ>*yEOn069YFZBeGo(670w8#DUD_Vlh$2nb1L;04Q}e
zB!-7DuzLyRMdX<h6gJ#L4=^aGu=ib_#Y)qK1#w4h?^(;o%b8fDts}H9Me8+3VWj45
zN^MPWMfyW^-CY&kx#hqxHn=h8GLCW-QvLj~kCfvAY21-_L$Kc#X6&rJeM1dY+y{;%
zwYtc-c{$Ky)8=)s72pPT5%r#2lZ)g|;xt_OuARh-2$86G2k&|lWGF+Go52)_1U2MP
z*AAh}l{z^;dvCTR_-dTs;udCLb!viS0e2%fr%=h?IBe*jj^w@H(8siqaVxQ1-p;6x
z<SbL>1xa|a4Sr%k{~i$KGZ0eO$$S2?Lpz7eY$3QuVBe(UPIV+w40oU|%YOpiGbM9n
z9Xc$xZuYfMH0Q(a*d|!9R#ch!D*<^M5ejvy%#A^U(SY1Wm2#TkqexHeN{B}<V&VXp
zCr`wvU-*4hs9#6ovqh-9khs$i@#=*=FR6J%aPLay78()#Q#Y>#IrN^TP$!CDA33`x
zWah)K^DgFga7Q|+IKhsX>ze4#Zt^SV%2Ws}-d*Y?Z?g_wYXN%*-gxjQ6vrWB4jAbC
zCPlX_yc38}u`_TO<rJcYT;VT!W2HU8t2O8<rxFh4$iUxTz)Q~_6>AjOWOf^|x>9Dc
z^@?U)jB@=&rz&PMg)tCmmMb@o%^b+7$$l8v<8VPg-IBw-%#?<wK(opvO!ge$-mdRR
z=_o)YIcL*#-XjN5(q|O5ua6UwRY|C)Ru^WLGm!q6(hS|8C{MAQIHb0ah<Y63&q08!
z?nA2$$(Hik$gHNF=;V2_FbK1IEm5tO%xyax*wAgvzU}Y*9=5b5HQdwHPDPg*hu9Et
zUYdI<cEUkW*)sBiuia5Pl(?A|n^AGdW%BN;YMr@A$hps7GLv?Xo6I18!mWDBLbW;s
zZK1BJ6h2Q-W}KJr^IU_PHplk*q<VjDrg%lsDRb%RdX2wHB?v(u;6Fl3l!ZTR0npYP
z*O5wCa#08^U`JgmWG=6(K-QBTPP&9$=Ni^uj25j1X3OS{`tZ1OIrZ6=?tRq;C0VA-
z|Efe~uk$1MH5g|4tK`oDf(9Qib=9TU{fS99@+tkP3`;ALLU&I79C6u)HVe*K3UA*A
z=b}sQ)d!|d<m*?HoPFd&7q)LM)Ti9$6SD`Ze@hhGUd1<3Z|r0iF*hB~A@0YM1-J-M
zrq4%zZDSwUy{c({dzF$IYEU{15WsV>Yvnrp_|kIpt`aCQY#I;hv~v+3h97yKc#R&+
z;l8eu&K^9>oO7rX@Mw?I_>pyz3ow&?+w*ADHj(B<^Tu7RQ*if=hd*~}To~F3K2LS8
zxyed0!~K=yzWV0Zlko7E{NHfr?Z>|f)X{0tX6+9UfsrykAP2;#l->vJkvOB9=YQuw
z%*dMsY@qXX-6pZ`)AP46rJC0e^Vf*2-5x<ErQ&X#XZw9y;#MX5rK!nX&kT*W&-2HJ
zsl%gh<o}BeTZzN$O{}W_FU>Mli4g?&=Kud7AWysyAkeI@0$@mAUao0B@sItv`aeT7
z;$C~oPD8_SW|n{rJ9V>z>VlqjL>+z&V57NIJjF*#x}B%&7)s&F&ATEe{Qtw$IYu|4
zKx@0kOl_pL?M`jmwx+giyHmGQyPewY)V6Kg`f|>>_gnXGva<3cSu5H5eV=D5wP?^f
zxVV%RL`tUymI%#~ujDtpgm6oOte353dz87>jv&ad95icGUrsJ3-Y<FAJ(C8xO?c_n
zjvun1f7^XL#KB!58*bC7x4UxF8$swf2s#?atPgs6x&leojl5d{s6QFIiYGekXvNUg
zrdm887Ub5vyuZAnsG}6@(|a~g)4hqhqDk|pp^)icIC|rdeo*n)@{>t@3|QUS2u8wX
zRL1Olxz)cYx229lCJSo{leEwIik(xes8Y8V@{3{0o5_$R^|4iW-OZ#M@LO}e88zq_
zuqJM}BTo7ufKRkVeI~;}5ZBO*cATpv<7KSj&1rAY^014h@f{)ICMpWwXO{Aes5s@j
zqBr=w)3hIx@r-|5z8=ZdOMB+qlpcT4n97p{r%bCcOsS+Mj8(9`1shLnk)b9o<Ib2q
zX$A%d^EYWG&|8>a*-TEPL}JypBCYZ6xvbrV_+iYS%+@%5Ht{zjqyK#jzwA~SvQ3V8
zW7*}g`ln<7#1AAvQzXR_CeWw%*mi)-RupdbAy$<cGEoh(Z5$?jGv<MsdPu5<%<FZ#
z54D^IE0zc&nt08UaJ!;#S-LRiwm5xK*Z|Se{Z-EWfhF^4k5OZu26frRSz=o;on<At
zu?n?|vzDyLJO1C{<X#P=&v-=N65Ip@uoyAzB52fr;bM~77Jx;4x79?kRKtQ*BO?}q
zyB_M^NVItbkrol~o*YVeFQzkz?(kg$ZiEeNQZJICJk}nzAa0B;J6hn_iFgHvSbJ8;
zz(weSsd8CEF{@mR7Ty>S86)<+iq>y0!bc*><1}yXUWe~Sgj9|0wiPRCRPCo#ZBnp{
zCO*nDytfHxMxYddWwdM9D}#Tei?<!173^45*6Y*?10`q!ZP>&7CjuzXzUW7LG07vq
zj~a22uf@4i0aJ1W6Q1ZlU@cj2YI9d1c2M^VVNHZI%d3wh)m6HFj6UQo4V1EoR4E*3
zEK<7p+*bYdrYSwg|CB(oO~bwsNk4kB1i{eIn+}(0-`C_=-z2Od`C>h#zFaiwBGe$r
z<HDl!A@Zj6%u^~WdyD0B>)_{3%=S*<wuzQ&4nuh9(xEkG&E9*o%713mx62=Wm24}s
z#;L1h0HJtLj`dzCu~GTPMM?sT_TBW>7d89y`SMUc%64VZj7fB5j3isK|Kt|91SQ_T
zQ4n94`KfAgpEz9m(WQV?*v{%Zm7vzoP8>lRIe`$!hv{O7mvn+Pg0^;5*JD&?AI-n(
z&dbuaGLDS+YH&wtFIlT52|P8F+k?tLtyhI6J^a@g<^>$!6k&NRPLx)HfMCm#uVA}Z
zM=Q9ph)s3GA|dj<6r<igfr0uV@>?bvBD4bKVnR%q>iHy}i!NJ|z%)UA7cPlxrrvot
zs&9pjW2cr_W4dU;^55TE1=%IOSRW3)|0axEw@~!Q4m<bTXiycn+-F?QcCp*MZsjuH
zUO)Uo`4fa1MWDV7#up$@6}?{%HY~5KglrfI%sYfCM`ia=$cj;w_cWIrv7dKrh?6R}
zc}=F3=(R`A&HYIK>1uMv)uQpF?&Y=2#oIe}wMCdPoEIO_kBP7=;TF6%2d*Ix&v>3~
z<o5)U?;iR@*=x$*A8-i)JtY2oID|Q!o!d_kOGH&>1g1D|g{}fitW*c0=ktbg<i(v%
zH{|YNADjk+RDm#K`P|OK)|OI23hbnmeWtAY!y^_qDkuv4_2dY)UiXJ0B+jFUuDfKh
zn^G-qHa)Q(i(Z#+#H)K|x6-Bx?_bATwQ>~+WC0#@1E04&H%=bDFukkLe#6kIzmFX&
zVS-1&zHXRbFZ>@h&)r|Q;2nGn1&2$VZpeQd@VxBw=L`m6h|g5;={bLTW}V{+nj;#t
zeZH(EFbMYh;tsXj<?)a+aLaHux2hgO=B618S`Gr?GCK&m&}NEj&5!-ZBgtJw3S!@5
zxwsupx9#gpb$6$0D2z;1Q>2wOwq5rtq&JFoPA=b={!aC4`*AR5I2;JZ20`pa6W9SG
zC~+@}=Qj?&A#Lgn#sI;dpCLI=1G|qTIPk_-z}lpbC>PTSa&ea5qKdnE+OQPTtRv=&
z624p^_E9@`a37V88aN;uU~sh$V0S}e8a+##R2sz*s?ri%HVug|_#ANi>d8zq=j7u4
z8)erWHi7O1tUQtqn$h)kA@%{C&O=K)&#|vW$PPpj*jqo`A%D1(amtXNmXr6sITf90
zLeIE^K-D0IQBX|dLjJ)n_1Z#lUN&IEPGD%>oVw*z)`It{%>p#UV5p2Fl~E3*#<oOo
zH%wlw$l%KcQq{HMo2N4$iqYbW%GuZyMJw^e$drdiwPO{!jQZ;yg>0evubBw@H|1?y
z5eXmxVE!tMl~5Kcs{B&@Ln9hE1cO3Epx5CIX;&Q=^?=saK!OGDDFWu2bquiAhUetr
zDA@dXUVGm9Z&CYC-ZN9Ky2FfP;OH4X-9S0x<&v#!@Dv=6;IvJ)%k!fbcpmE)>0f$s
zSVxpvl<?<uxfE{cjyHGiut-YXxXkTd__-BW=8)4QreDmBnX=H^jvn!H1BQ*qH;2zy
zHF3@+j@gkacnCwVm-URelRNfr@lht*+}spF_(TbGrL2@pO-rYayT=j&>#zZN*uI{E
z4&9h~-xS){1l#At{Ds=SJPGi{<G-yyw$DiiSqF`s_~#5BY)??Vl?2iU6m`7tn&qCs
zlLz~_Vr4_9w<(M8nl0;MbQC1G7LOj^|AHX*JijC$RIsqGT%*L)US99aUYn&83xa}g
z!KGkzEg6Egcd{u=KzXO<8HeWKT;&SbI24b5XiV2-jb~aEtjE;YMhM-B`s+~5Q<xxA
zpjOs%;Yxz#jP$;`O{h<csZZQ<Hf70v+3!w%QYeQk6O1HLq&Wog?ur}p#T76?L@P%?
z8|F#f{I>zpo*7<g)U>pvGu)$Zx|_SeVJRuCYME<usJ9GN&km+5KDsDOj8JY5nUG&|
z8dt`i%dQ`}$YGcQct)wN{Z7qP9k%TPpp7ZR$A6E2n0P}fH)4%Zk@PP75*zH$YwpM1
z)+yMY958ex&WRV6{lM?(6Dq+PHC6#%z!d1v8Jou&DMB5xU=sk~H@`~+UxIE>4g2un
z&YPqJsG%O1Al5nGj1<qV%4ox+l~blh)n>#%Sg{9M@C(L#7a#I+K8CvvJ62J`d>Fb)
zW8>v%`;|XK-7lWEdo!!a_$!Z}pLpvsfr86*hSPE2a4OZCm*ZDl$@MBNV9crIorrbK
z=a03EyCp-PbLiQ7mh2#MLM711W_wypm@O;Wo-$#Id<z*rg0V%nmLTv_rhvi3ZR8vG
zTRXaez!Kcs_SA}lIC;&cRR}Lzlvt*OJmtWFVzXmI_|Nh{skSjc!Co}C((~xq_gPzQ
zWZ6Te%&*t_Bz+)C2FxeuKrVNUs<1@sDQQjQas<qo*Tt^%=|U+FMQ$(`vfAUv_tGLo
z;l!2yWXjI33Zrv%iXj$k+T^X;R7lM3Dn^$X<VH%2u9Yu%N*3Ev#dT^`70g^3F#b}Y
zT(wvnqpnhDpA${WYudn@6`-Z^XG^YdY4U5=vk{qAsbXUUAfPK`%2H52sD*v#?f5MG
zp|otwDx7$G^aB69FzVDQoHAF}#*-0qth}?`hy~OvWn#^?m(L1YJHMn!b@n^8Z4^tL
z|LBey-uStwSkX9b+BpPhMtJ)w+4GLN@pqw8WyFbj@xtx=44>-W=Zu@KOxEz@i!%0p
zG1yRO&=c-tQE@4)?My^2P)qnd;zFH+Ben;MV^bodETwW?BCw=xo${w^(ZZ-nr@WC&
z_EtBHuuWL6l8tA74m5Iw_BDwA(!rN1@xcykR#eZ9p@#ANQMIiS|D{H&0%=(qDw(S7
zgZ{OU$n+H~MMkPqHFcbzd5MO48Z9!VZFF(^r_(!y)A%w+J)aXdMNOjo>HhZ_+!%Hj
zn5(VJhp*&DX5dnkK8^BF*+Me1TLH`#?6!A9<uch{*Q7d~p>9&TQLS3JhA?5I?3`Lx
z@=({VBAU!+)Ut4)&;C`V1mDiVM{=WGqpnMsO|&a(B6<DWF-A76@~X?IQIxm$m)fD`
z>;xo+n|1%{1C&R_5PRIrg+p|ywe$hEpBIkY4grzoDWPXcx@^9TruMk{X-www82QDn
z4f}x|Hd^^P@UFybvN25_eHux4&GaWyI2p^lsxaAEVx)th7c=&>V##Ip<RI4i%A#OR
z2(4+GlHJUp0y(qf{xMv%W!&G-3Rb;8M<06fbW!o+n97<A+}Vb{6g+;({|;AkB?|lj
zd>-FSaRJX<z@YF~Ss=wG-Wyt?=pKJz-1>HdoN&Ut(9@gw?G=GX*Zs&`@zh$gd`MF!
zj&BAA1bE`nweHos2|!fMuXU?w?pD8Ezj;azdA%}?z)SghuI)of`!~E_XuhY-YnA8G
zSwT(BL7!7SwzxzLo$15JQ|{V`*Bgm05rdRTe=ozF>(cY%9y|Kl2Il6`9rxnD@xL{Q
zT>7!{*ajp&&u2sZkGr`^AEN^zpZljcfbx*v&O72*Ne&RZbDLWCeIBvP)tT3IZ$)!C
zziZxGiY(ufkM;Q-%g=N4l9t>2R&tPo@9X#U_Bi%-MUd?Ex@?zQwEp8QhwuHP-<ZJH
z&poT#`@XqE?Rje|_G5^0$~>B{aec0TN(e}P?7SeJ>|7C~zHMEd^iSm$!u(r^ECJyZ
zJge{2_&<e8<*4|7tBRv&r(xk*|L2LN$bX-BFSFkMkLLSl#Kr&jF$<8(J?A=2VP=W<
zWZSxg@T0S*_Pom<(Qzn#uM4uEh#krL#rpi>9z2MAUy3NcEnV8j<q(%~TS|o#0?iy(
z9w*JW5fFE&w757l7Qh&@JLKPwRv9#l(k|i;Lk1fA7}sbKF|b2$I7f!j07@OgigLpV
zwu1%bc9KHBByB>>lzb+uLM^&KYRc*nXTu)UYZ0wO6nAMs&7pq8kDf@kaN`bFIPyL@
zys>SxsJ`~t*#!fbX<7YX$*A2(d2f1smtXuwP3W?eGd2NsV1qt)f|KM6jqC?ecq0MH
zRNee$1+8B*_IU-r@UoPKJ1=DlM~>?fXB{|9{zjV?QMgHIT<_WQd>h?vn^b4nY+Z_A
zrg1-1ifIjzk&D!R^a!;fhBqQ2R>aj_(+<)+;$1$wIQ%5m7@}7d^->x(;~c3}9d1+o
zdyu)m&c=0B!o0!4)yra0s+5(RI;q!(pBHkq5_6c;sFbbUCii}$sVXtCc<$$CxsnGx
zskNNSx10r(Gi*~QPyXungfCfca5mouIq(pnNM2s0?yb24t3Z3!NCVP{m0t$3y6qny
zubx3CM)^ut>oq?;p5M&LVwe7K^q4gDxbq%7Z<ahHZLwP@%gd&%%?q3&eJzeu^crA2
z9I~H{Etmxvwuh~F-yE#oz&bnmgm@N3qnTE3*brt;D!DzWq(*q!1$&bRI2HwJwFav+
zg&zc=Nl(RKB;oJwaJq~hUk)!xa;RfcW7+i(^f|i(__hb>(1&@K#e)76rPuE{-Tfwg
zx?@8fMEtYJWNpMmnYvxBHC}m7A6S2x!c>JJ%y-TAcV~_{7=TopW2%wOTe&Qd+brdP
zYB_XjpZG?7fN|JQbi2Z9Rv}$kw!~7$sg&_&RDe~#TBYTeXW>W5Z~D1^ch&z>f2<G%
z^B**1%-!9eU^4oo4FpAu7WWI<z!l)d5o1hHy~#g4Ks)b3;<aU9KH;>{W5_6hYaWU~
zZ2%t{f(}QzUy<d0hK<aLd_8X-<22g1rx@b=!A67<O=!VCG!h|V$KUq^ZKpbK6Soyr
z_(6aS8x}7^ffR?lt~t)hHCre%&2r9`x5gE8vmRNy74pFmb`9~tdH5g~27M!fb|i+1
zQpXB^5^PWow{gP-5W|#v5NBLI=iKBERrCXCxB)p@1c9t6k9J}n=Ht-bzIk<UwU55L
z6F%3htgY(`-4NE$<(tR(5lu0t&nlBR$A%5xYvDlM%LcgPPQpV_N6HUJjL1V33&KX=
zTk`OX_4~B@!UQ7D_&RbFLUJ^q?y*yD#LCtrSl@aMnrgRV4cuOk;otID*2(~%?nuM@
zL4*AWlZc2&vcGpoyEC#AnfeggCxZKvge!CEX1pX4BLrs)A-(Z`gGnyOMsu>{^c^Ag
zh;6c-ZA{|<46ob?!hrop@0K8Y#^1a0E@DpOujt3#h9bs_oacHu4ROZV0R}bUM&w}p
zy~64BIIv-cEXNMc?n1t`B-u4v|KyMls=b)Pb+h@Esz|P02AoXD`zptru_~^~P8Ht~
z!Z5jT1}3~Cf(L>ucmp(gN@lmR&o8#^<;C&M3GlM}@Fcc2-YpY?)8aMa%qpOP6<NU=
z#1WYQ1ZT8IcYO8@{K*NmbQ#anQW6zdy<CzA<*YIDvaeX=sYAxENQw|rJ7+S~kQo!v
znk7N*4B=F{+6iiQwXlssCvKcS`4A=pO2~Sru9z1RgvUbu{`3+VveP4@qDI$APvXud
z!Mg}Fu8(mr5U{t<B*EZ%DYtb3gh%y%E$?V7Qj_d6gs)dF+~3R)CuZP)Vyo9?p7|Be
zjt%~zcXJC&o8*XXhGL_4y8lfb8{_2!yX8Y{_j|;^!;!`_9_7k-&#yK0NhE9X)o6&&
zNYZ!wi%|I>l01sG3vUR&6@9~rLFr>HNMu<sWbXNi8R`KJj(%|)LD)jonPA@&%~7Mj
zGtq@$&T3GG)SIv(e1H-<X(={rP1IB0XT&WwT@==Pp!)I}8~1p#w}yJacHm^G@qn)p
zI}V{|n%tmxo{O7LLdi_fRc!CReIL4z$>o7-$&q=zx7FQ$X4f^OjkBy=ku=rRYqcIQ
z;0Pv8SPW4=>eY(p>D}HC)ZOhF)xQKRG(Iqf?sEDx2!~V$#ew19mMGAwF%}TUg@MDZ
zRMU7GT%AA_8YcO#iW;sAOr8-KuxoJYNpe<+X~enKeHqCY&DNj6KaX|$1Z@c82|?tK
z#DnLn0AO(vJ=^6#(h2Rug{HXIDqYVnItSPKN$$hsNxJvlrvo0|0SOktVwZG!S((cv
zVEgCxo;EEVpHI6~KL`?K;1V@=vhwCVje0-z^>(+DbMY`b_?COm@JPnVp#iom>$H4n
z*$9!C+)41+pGcXOc$-4t3tF+UgUFvZ6Z|UWyd0qI115hHHX@u#5La}d>_{J0BS2ko
zfH#4qz~8ayE-%nWZzv1Oz+!#`P`@m?TM%K%8g*v$9=IU?&F;aRC`A()yFv4?`*z`r
zNfd_;HHNL%=^b*X%pmis-0{2v4bhiDkrA<D)F4t9uZV5?tC1OHzHDv;=D-ML$BLlS
z3|-F-2}6=%u&$c*mzz2tL*fC|h|D+88tfG%?71U?nkP(20gtNmLyZNM&spA~CLL<R
zsYjj-x%6>%2pu`JlUfdUIchA?SzN)a*c2LoIAfMT$)*5Nl5m&C;HeRfSJX?oTqAUZ
z21KJ3IMwHc60}<;8^pQf_@U1@1>Uob;j(473lyqUhhHwpq-&)(t+xNvP63N^q;Mg6
znNfht$DUID|3HGINEbTHuxNLbGkX_sZCH)%rTe2MeHc(x03is{L}IDUSBc*z12*9b
zlrnocAya1p(LMBNuzh=og<55^(;_FLgF8<i33MFSDl*3d2k1~iO_7P&GDl^U-(eth
zh7Zq<*+U`d97Kc!AB8gpr($%9OZ6N|P+)&6Nd_)e{z~j<D-il7x?OTTg62qzFWjgn
z9_VK}%9L63^mohaBjdD2uOvi-HP)F|mJv%i;xEg|@7JtI2n&N*YOBYEgKsOOKT7T4
zGIT(hz;=a*;0dl$q)d<yLtwI$)2kNOELY8>P4P;dDjDdTRtTD$3vau`gcJiOz!EFf
z`SitVcti`8gvPIwB;&q^P?PslVMKkmQIj@Fgng7wH2^Zcgn<?!oAqsq)$_-a#mked
zy@dq%?varPmK^~}&8d4cSa%M&AoDSVpsu7iLb1j)#?3l@WFVKXIH;Bsy{|@`f`aZ5
zdnshYH>jlpiTgoPc$zpdLao6w7Qsf$P`MQTFOD&p6Cz~&v7}1Jk36hchK&#fa;-H>
z)}^eO)Y<aX8TkdWL~?w?W~2$8$m-n%>0dTla&IutSrT*CkjEf7=O>D`k0T4srRv`$
zNSEpLHHxU(hzT%^nYd+%R4i+mBVb&Vvm7-`-ceu_F;zV_m48n}B9NIf$sCcO!1nLl
z8gt?pbz$YN;wk8pE+mF(wU+w#_$;O#i7_iP9?v6RL(d#bga)(|bO|LkMSf)8uTd%^
zWLB{Y@nIU3C68L6#;?$>CT;rfNq0RU<)v|US=K=(^JgqX-nmboiN<>;)HGQ(SI=0Y
zSsM2r|1mB90UI_EYE==nU?hk;J>X6)omYI!3T>e#4HF`KEPJTYAk$`S8b+RISduQ>
zs@5OO{xt>jTJg{KwA&7~e~46i)}s>r*+Zfa3FYJcHgV9;DgRUNx`y^L&4r3tV69tT
zK}%D-tXpI#)pf&8BA&Zq@0}j%?p14X>U#O%aozf*Vlvrslm;DCd$K*=+FgcE+DVjg
z|5q64lgd+Po63}8LaRr;4vE2e&is$dMe^bKAkRTv-6DR1YVGAsV{JYFPpjB$EsSp2
z*=0`tD!K8~oy42t*W1yE#^^)l15_G{>iZ?v()+u4Wwtw9+flo8Y}p^#*C(p_tz4mf
zX>5uCh9_exW12l@j_O3U@;Tf<n@WrJ0Q0f5NI$MvL=S;WG9QYiDBi8R)3m&bu^3O+
z8Y)Zw&1S)U#TX`!yRK7UZBQdg{@{&n&3TKSOML`$Y>xDlsA<ng7`rehm3>`&VXH}z
z9S~8yJbKVT9vc=t5XOCEO=`Kf@G5k0vJtxng&SK0=>DyzJ9*--uS2CxqKR3JCU57m
z6q4mt<E8GDLVp=K&cH&8_;b$l!<S_<b*V^y3wETbrg@7m5Blf>_P?J&#D5!<`roMr
ze4k!cW*hAM#c)2DJR^x~A)|rQ*PmP9^aUlL&`s#_PiUsEk4*NmZmP3-UAOm-r=-i~
zKPFBd+<xr@=KscORI9ix;`FO%<^RKvS>9{>`-VU@8fRI^m)mB4O@a-1%M)uC21@VC
z{G;_fK}eI`-hZjz_y1u;IdSd=yvto1hbRA>m_+Xw{B{-7)2&j~As(5XwsEQLYG1l|
zV1w%Tvg!Kk%-bs<q&RMd1uw2qotl1)Keq5sHG3ehtz%2*F+|d}VxfWz?Ym2pY|jdt
zSP<XgUC6g7#w;18%vhiqYTAZ<+Je==VJIo-21&T-f#?T>+a0zaLCi9N@uLp`HH|;g
zR7Na0b!3-`wZ?}KrT>Ft%#A@Gw{16rneqMd(H+peqksEm!07F#pXm8H)RsDw)<8An
z2g80x@n`#4XMNz|S8TDy1Ta~-K%jsfV#1oL&6;F9eyG!+RW*xwag4yu?be`O?n3s+
z4_P?03`S01!h`1utvnNMGr~<9`$_s)6Yv}FseRg(tCWMFb_UYaffdWX65~7$pFNXq
zYkh8FLF^=0t^Lhb{K%`VZEW(!!S%KBuar*ZqSaE)`QTfbVhj0Kb<^v9R{^gdJAg7L
zYjP`Wc7;}5-nIGuM+6JitE+tpL1^+7r0Gv$&+u0R&SOKNPS)J0%k&>FkMCa2E_Fi9
zb6zD=U22JJB_y}T6$^u*-oUCd;P%aex!+6{yNEBvFu7;Fz?fpb<Zd9Vty6xDMR}_P
z@CExbBFl^a(E8TjguJz-ttZ{pwIN|+m*Y>T&uUdf{oL(1a4`DLCw|$G2Y3Ibo01^1
z5!9w1TSX<Td@9{~7wu{^VeQNC-?R<hVl5JgAKcHRGK$U#AkQK=Rh;Bd9Hubf=n5IQ
z^q)HsDpx5I%6G6+->GdiXlUPY;@);@-`RKj$bejNM6Qbm4-vz}55tDa#2xcOyAQFP
zx7*cm^AAcZ2^VKRj(de^qlF1IvTyk04nr&wf@%XYLD?6*JM|>mm3ca&{boF2lV(Hl
z{^pJ8`D)b#b9l8=x0GmiFfTsT3WaNie=C~JkC6dXj667fzE+|9+d-T5p+H35h$&2`
zEZVFyS|~plJLT7J5heodc&U^+EElAQhATN4AhciV+D6U!d%;S$nL|Nn*=k<F+BtdV
z1A9Y<h%N(b9ASR#CmIVjnv>{aLm=4MS|x@?7+BvYL;(WB{ZKn+v)8tZ*LFigbuZ)4
zB6!?NC~7ujolV5UH{y)Q!uZ&o?R~VE-up{K{Zz9g{Alx`@FGV_vj$34YCu16Vg$^&
z+}c#%7O#3+0br@Zw23axvkT~jiIL%p(W;7-Dhq}fnzd!@+pq00;Z(Z8#(jW7f5B>a
zfIKYZmivit`v<yA2D{ApTZD`nmu|l;-hkP6mmK}7MFo1aWk1Qy=5X7u61lNLR6#4Y
zRMAc@k-`-bt~6opjC>N#zJ~)egl4>a6;Q5QCqLGHvR=J)Dcya0Vr1#O87o5MZ;ClT
z!o^UB>tYUY4)!k}<s(RWC5SQuB3!CeBd@tPBuu~Ch{J6<W2<ctRq`I1Wj=_Zazl7d
zC6Gc$b*cp)yu(SJCYs|+UM5M*k{28M0<FDsP|*qUM@Ug(hHmaiupahiwefaG$BWkC
z;>OoA#Sj*5yva)v%rQt8BCG&$YAj-YcgEsQ<kLf^YwmZ5K;h>LzI`XzKUTblZha@;
z71Q4AeI0|1iXvSLA<`D4@Q}iWEQL6ehF)(mVw4i6h6%^KT08WdkMEa<)l)pBf9yT|
zw*g9}ns*O}YxW9PF2pm7gM2gwrwud9!kwti`b0;jPH}Ajlcy}0b^E=i2f<8sesR%j
z$w9QoVeoVf2Ms2`DN*zX_vH~wH85W#-|;D#K|aV9)eLy}P9L!2e3UhwW~9wKt-Zm?
z%^5UlAzHN|#Ec=tYf*g5YIt-F!l37k801S(f<a?si4&KeCa@I5E13QX)H+_gT^ZDo
zZaa7&M?o4kr>j0jdQ*kvtp!|t9zE3}@1MfLx#{~xUFp5!)x=G~CdXax64)WjCsU0R
zEuNvhf`fM~vOHe6xj*b8k#{0s<Pum0)~XO!N4ryJhOOiYbL%VNzeVCNNIB+gHY#t@
zE?Pt4SYraczc(BDpO9~Wtve?US~I*#al4z{D+YUCss36&|F5O5PasqHjt>JB|EIIJ
zbqLXqH>P>ZC#>*;1R{wGt(@yo-G8tvM1odM;gi*Wrgkgz@>&71lh^$YuWN&UaO4JG
z?!g=)mtvVW!ShoQ1q2iE&EByEdMpB+=Szss^8s%X{^<E;A<q5f6i@<P!pY6E&3U!+
zd`+hVQR@okuVo%SPz#0`pkJu?cQX@Mdh~mx=vZGN;<WEGoY@<e(<4Iq783Y;bLH0?
zx7E4t6T1yNNaz60kE^Rsd__WVcsh*M0Ko(WP}1}1!eXyL#;Y|3PNTsym!ga)z|y1W
zAT~+Q8S!q@wuoPF_tyi1``xdli>uw5uiF|338IIlow9_#E7tSW;e$%YjhPapvsT50
z@p1hFk4LD28l2>wV7Yri9F#}~{Nk%N?DLtH5I;Oug8+m24&+b~Q_Ixmuqq7}s#3!!
zybD&Ue}zD?WR5tw*@%%N3X&NL<_ZfhA4v@C9nSl&CGzeiP#TpWO;6n&bTFJ1f)AZ*
z1Jwxd7P%6g7kBdk7uB#gD#@Nau@a0y&ZOab&G}ha-?Llq@JN*YnC=LnSM30Z9=|qc
zV9$M5DfgIcJi#9~bMj_hKB!jzcMmBua?is$icjIa19PiF86yKq1eQ#Q9_3$W&naPw
zE!sFE5cgy=2lE_g_zaE=5%Es41JeCwP#iX0ss@uxTK0(4X@<9VPy;?ZCCYrUWP^@e
zFzucth<2wLOv2}WQWjN*8dsuaT~4*P&=I3UBzqtaZq7m^u(y31rfB^*W4VtUMWH|{
zaMv!w$faZN(FX%%WPxH3L70+>2Rxqq8)kg+$t9dz39TLk44)$=A<0LYOt#RHt!1Y2
zVWvR*u)zOyLy**>bmEW&%Z1(ZC#VQ4Yqr|=0A;YG6#!nW-QO#+((?RGqlEC+l%EAJ
zbQ?zNc0GHK*L>_PD^2dS5lVI9SB!AYHvsmapof^kbQ;ClQWI*n6b~Z6EfFB9SDs<|
z!lmDkolv_ppXL09%Oe^ZoHcW!{m9$n*97@6>iS|iL?r@v^u5>z=q+upEj7Ad8r*AZ
zl7A_b2aPzHM)c7(kzM$>Xd&qFPqFk1!@qmjf9H_F-Z@QGKm;Jj8^DdJKh8`M9|h78
zG@?6z=euo`Vg(ZGabsp-NE7WL3x{vg=WK-;$M1$|>QrtwlHZQ<apAPc+`aWgm?c~2
z5RMVXhfOM4+Pd;&inoc6;Y5@ulcknvQ->81MM<M1BE8Stdd95_5;}fq)-KZ~CoLv<
zgE#BhurU2qrh0S{DcZ`E6=&^Z+g}C8xkWi(7d4jEm8OtOb>|gF*{o6p8tDL(3tBDS
zkruD=1#6kwr?bpZo$Nr#!{`EaAE?KfEHrP58u!+bYyRdXAzobn6?|U&Br(PT)?6`n
zHs5{&M7wXdC&|*~h+{FXj$8?4$u|wuX*MaBTe0sK)Sv`FvinH&?B}1=KTl`Kj<-#d
z2V%5XN>5aa?ddX5Fz&jHnbFr0#ktOKd?V$kBc%{e-D&@RZJR+jk!!z?H06y#rDaO%
zNbEGGVM?cz)GS)m%{5yo=zWZF*Dbt)?I8!Ox>qmGxBxpuE7qQ=xRnQ<5wX?P?l`0}
zP9CkjCe!MYFQz{<GX2ufA~Px<&f@AcM?D!mhWtVfya#>H4T;YX#lYe4_rC!5%R{<>
ztdDoj<kq;aSTREooVqSoZqf_K2|rEXSDZt4?8{@PUT8HjXUu<W9-x`#x@OA$fi_++
zR|kC8RHwA|5=(;hyf2qZ;ikV_6d9)wo<FXVU%p}qY+G@@$*Zwr!b4QuV4$aG#6i$(
zrdso@S~MKiuCVpvL4ULN4^_&&Nu0`_<vFhy{?Ki5Xl-*JBI%RI%q(GncJ%4SIzL4D
zu>Br11M~CtE82&{G?PO=qEW$m8^1Cj5sjN!FY&v2qM7_~Q079U!A}`qQiJw3q0V^W
zd<7zqJ(s1l(o|^+msfxznD=diPJ<pjXEA2-!}rF^;<d{g&)XkEegYpv)^7N<!{+(g
zv8EMzy%ya0;F<!g$$d7R3&vwF5PLT;F<Qo%<S`%2MsHEh0*m_(C-J<zSc)8U3vGFP
zZ|1yTC$GaLLQCqH<=Kr|@G)wr1CEd^u@xPHxp#IIn+9Lf<?UsW!(Uk^j-3J}qS@{5
zzx2C*E}Z;wbr9}hYniLtb!UTFPQ8O%l|9|O^uGn_{Mi5KRMC9UpB;*%p6w<(t>ZRQ
zTRkub=;==o4|_`1l^FGtO2>k<E_lZB1?+}T0h^gN5XV0;=Am^Pa~y@WmoENjhBay(
z(b@?e$bLFE^#r=0Wu);oK4tj%BL4f2)-FS60hj`H@oAy@>+?#?Jpv@N5P+UXR}oSQ
zyFETB$7c?A(e9o3DY^g6!gxJTME;${%oWSOGR9i}?C^b+0eg`)-#i}Ep4ITaL~?vb
zI~e|*wsN7in<8reF;V_c<B_ilm^3LyvHz<(`9EThNT~lGNfize{~J^{fUeu=N>H_f
ze|_w{GqYw&h=r_dG=I61w#Q!f3)w8zx8Ki+KfeAl_IyJVS1qiFl5V_H@#*SNur}ut
zBf$NMJ;#p{^FcMOtatn&d4G<ZH}hk|mot^0$6mbK`5imqe{~+MLPTjQH&&$UBE%S>
zQ|LW;Jfhv&;=Jd<OGiQdCxV4M3Tc%`#t`d#zZ*o88<6+U@aE4<-N8XqRP&aqiBqHd
z4-knmsSG|un3={)NLtp-(kHV@IoitYv|g~7UjV)1P!(e|GU6nEI}Cq2X^QL;p+$0u
z6c7Qi^L-Yozk5`)scWoCcP9`@Bf)w0fr1SI3XIVf<Y7kCkOWr_1mJcoxP-l4Cf`LN
ze)#V1Zwm4&tt5VXsoif_@JK=i1KlJ^5#z=eCC)fn-ru<sRj5{dS&FeTf39fzOf}Y;
zG~GrNVai}o(aK-&E;^;|C82<*i+TVXkb!KJflcv7X_bP%k$_9EhiddhzcGPJGW-YS
zdAO7a(UT<IwFx8ml)wr)nS-&e)saDZ^inLBS_B>Ot?LW)S+!D27$sGKE2;?~jUKaL
zRiR2tEyRYZLVgkJ^OrD-hvY7TG72CxDuZ~L24Y7wO8FZ)`n$J>7-yOU?9G^R%>>y*
zSG~T8Xgp~UwrLeyP}DK&Dn-g`5*m0w-$=S~<Lh|7|MBw!HT*p^>b)m;bZI|S5NIkU
zMA4G;s0>cyB+Q3iuIB;H5=8Zjf(9h*<N=LFl{%K<7rL@0>#yveEg=+%j~Bvi2kEJ$
zUhg}<zfI$PSDvH_Ly2P0{n>ZbM4T#d<At+h0hV-dCo9Z$%C=p{qgeU*S^6~<K*}mZ
zjvX*y(l5b$o=h!eCuW4LLZkUyx@BG=9bG2B2bfb~4Wtc_r9=^keI!bfx%NV6bqA}H
zc-LJ{(P9F(qx=n~CLikf6H9Y7!hQLB*jUVtchxK)w4YZ`LJ|6T<_u_f#|5fk&>7n%
zyH}(z8ypZL+yOy1>;sDg{}qKzK*Sjc_g#AJZ3Fx9f@g|@Y>&`Dt<$4-{7;S<u2KKY
zk9weAvuBgVOG59+UbhbgS<Oa*2<9#r4o%j{nUY-dJTRuqxZm7DgdK%aB!Lyn8+dp(
z1#xU$3j3LeQR4?mcLzCDz=pMZxi>h05yY(DL>VuG>zxyHg$~$Dk>Q9kW);=`RgElG
zD*LUZC^_#rqK9Mx>*3AGGrMzdLIC<Lj0Z_5yr)^vAS<H1&g~gvsG8D|h-91{+*vS?
zGZ#G!x_y~zp>WZrAbxyXgIP%85i$&tffJ#G`+L1F>V2{Dd#%%N0nJ7Ypc4LogS@#}
zeb^iofXaa$ipj(89hDTMj3tZT^1~J4oEva1kqV6%{RaK)_jU9Y{B?B2u>H`UaL<!a
z(Y*brwf)5XPZC8KP}q;xcQZm&*`^CPjYS@vzsz|wwPdx}akfJwx-H(ZfcD}Bzdt%+
z)O6<L{_*Y!_M)eos4om?aB`p6ZzOoUwz?wo7zy1g6b9g>1H-uBkE9=f1Utm%%%KZ0
znOSLMxCtoqWy%KA(Ynj|aKHDxD|gYHI0}?-sBFeCV*A&?@M#G^her(NR(IfxeXK>j
zyL!-+h>dy9q<lbVv5dlA-Ku?4MIq?;uF;RakrU8ZXR+HROjt=|R$aoMi1|ttMA+9o
zr+>B=p0<phsu0X6DBNEzo)}m9<sI1toNIpnb@J+i_)Uj%PKh^&!<>NyIAIpDO_B;L
z;o(1c?h-9q=xV?Am<iqH$(SPEo+ru}GpzUcw9E00APv=TNH6$=%Ui1?Nutk_!rgXh
zHDJ!(@vm2>Ry$_JoIYhm{?oqA*Gz(sNGx&0FEpKc#AXV6DLo`|8}nVXG|kWZCGd5<
zXqL5j&k!=4x)nlalkoK6+ruA%npio?Aq)WiWuc0ta#pJS>i9gQ9BDs37OmbY*$x#8
zPBuS2mexOJCqDEZNrfpbCd9E3rpa+vh&d(`UO^4SDMM#>qz3@85LxahDe{zwLfN9i
zxaiKe!DDoCrb_VyQjKe<{%LGH&UJo~X=^b?H2;Z{pcz|nyI0m?TJt+Dr4taraCr9Y
zput`d;|IEcS^CE(1Vh8O7<2RIof?MxW(}1{@~BTZ!*5Y*sDX34B4s)%k_Tj?-MNGG
zNC>sTNTvju7T2`qZ`7(06i9;935o&SRfEFbcm4dec8-MT4t)o8y(omkPHWeWPw<a$
zP^_yz(FND+9bwXx>-C>u_oJl(hTaiyXcxnBH_qp{JMVq{g4K!w&E!$^x)B*Wig3X)
z$#rZoAD63>3VrmB#HMpgFl_=}44}pB<d=c^P<ll8E(F&SOwe3$(M#Jnv+w~Q7--ma
z88OZYbIzwh1B$#j=&agXji%LBuf?>Yo7y4vmNLLDC(qh|b|Ic?JH8q<ZOzuh!@dw%
z?T8}#20fU41!Bq8Rf0IYeOslw)1R;nVO#(Nn{9WtRL&k6d>JhvRAG$X8&;+!>Z3b?
zCAD`_Z#W*cA_pE^?%e2Sy`Xrlo1BMykrL;s*Z0f?NCrF}f|ziKr%xLZ@a5sb9e7b>
zsf43wwX7>_N<_;=;|PJ_F$cb&s9Tb4C$<ctGxF=QWQ(42h|8npjkT}=5iX9Cy5{yM
z_wsjA&~-B|;lw=N>@kuwS;aWg1?^-lwkV6LF!HtiyO3?ymSqg^Ul&`sx5v_n5RsFI
zO7_4-qZE2&7ec~2rKEG16;+g4dw>#Aly{c|50Wr@Qs~rG$cjb&_=;lrf@*PSX|5wq
zVn!Sx;QhS#PN^^^VI^LrI()?l*QQf#WQK@Km>F3#XG!vM&a5QNv&{d}LQZdF`+Xn8
z?;}AjdnR~K8832zJT#jdfokgQ?F~lJ)h5{?NKsx-+K~6-f7}bXaNEQ7XA9r@eKCU!
z36fUOqHf^&FG2cmAnqKXPeg*H7z>#(B!=wNoY=4ulb<|UNRlR)wpqTnqIh;TNkJ-E
zN+q9sTixKR_M^(%F)yZB^l8m1&`dPh^oU+r9P#&AxR{nMCseOC6bqXE*>r-fzMvwO
zq-WQtW>Q9o3{R3UY3M?v2}`eV#Fk=(m*S{NhR(20S|o|;l9O4O)|lWTxukA&+B9c*
zttU%1{qYHsB82=PmXt>qBve&|!lz$pR(@smfN^^8&2s}k^nSb{ggUgJD6&%CjZw{d
zM(qyLGX|=SmoL-rSQ6OgzM_|9s2=l5j)ZiXdhwR+nG=r~Wlf^W+rYP{<=96a$#Dp=
zstY%2l%00!%r?u8Q`lx%V+8=ibI8Rq;Q<v|DY5VpWP^vqy;>c5RjmTvUdd`D)sbJ?
zc(F7?4xKODl_8au+O!x}QrAYUV(nt!M0;9v4V}r&o^g3TrMHAlp1PGwG|7n$)E8K(
zxTheVy9p9l*tZ8+w_5c3$)H$?Ph>&E_RMP7pwvawFKIp!pOw?`^Q+lYU6(gTKa{yk
zr1YX*`f9UyX0T;as&SOM=PC71RMe_WJIS`#ms9O|i&m#8F)5Wz4@}t3`o4RxdiJ;T
z@YA)e(=KEti%?5?$e?D4G3Cfm`bpmdcY33cr{NecE!E6B;p_bJZAEw|B>hZh@ZFye
zL#VME-qVFPvorXyDz+D_L-q2yS(0WJ;NP&652aS%`erx-Jdz$uqOFReElA66^(c%L
zxhWmE$>~-TtWWRQM~i-GF)LN1ZkODt{&a=yD{d)>$xzal4n?U`r&}#TbNLEx^Jz?{
z;+g%~Jah3!Wij;9;_um^)YaF2GBAE8)F9f(t`2QNA9*ktUm=z1Cn~OL_iB*Dl5%@e
zx)FBWMK2U^D$AbDxhkt50r?28Lf`H-Qu}t5p<rA0PqsDMiw=f!D3@x$7uE(rn)Lvo
zr0%71GAyj|nA?kwbmHmx2iujztM+7y*RU`@A$IN?`{vSJ&hH-t6}jA3;I%&dp&T8#
zIwVux)c)_niLcThzc<#pQo35-ZfJg6Hz_w}9CT$r@e;9;<Rwt0ztOi4FL%lh6}kH#
z@%^sS(JAXf^}xh$>s~q{PhbO$jXDX8g;=xKhsRHPm6XbR6Yk3-P7~7hSZ%VV3FEgr
zn#=#m^A|hWH?8~0C8aIu5_lx%h=C2k5C7-Ga)aF<#Vow3vXT<DCd!*fYYI)m3JqBO
z8qIAnjuZEb8!t@<jWInH?bVA=s{in^oy%I&U2sV=Z~t2<Ngo3uw^~lW6W{OLtUHQ-
zM}zka5V?PZ_rCW8f7Sl+bLfZvJCrYhWI5;E%Ke|2##i{?5DNVQ{vSl^Uz5lG51Z!x
zk>>wfvy1xo)l*RR`eU9rnsC%Uj@{{RPP49x&yNkXwO=Tt-!-pt->tz)W>^aNTLd)s
zAY)ixosN@4Z<>eCNo)k3S^h)6(0fJ@N@i-qPHaNQqToF@5O5wa7AvID>3=U-=4n+F
zD3lv?t%`wlx3&p1=!n`e?y@{rekxp)X2_9SG?iPhTOU6_W4XR{JcTihb^&y4)rNng
zz(56+HgdOg7~w8ivs%eIL!-(J`ZSpXGvxrY=8`7UW?b25a^rhXyl8W`go>KQW7k!z
zTd$f8rJr~)uch;A=T|i2&mO$`Kc~oawB*7p8k=`i+l*m#nZ-I4#9LKN{9LxODR{m}
ze@nOPsVg3v!nJ=O4;F&H{fU^^Xaiq~p!oQRA_g*7PC}iN*7WqSS_khJlVs@Rp%+P2
zN7-hGg_AI2FK7(|C>v_p1HW+Kp)FW(t<2Z0xI{B~iFQbF-f4Jnc_!%T>2pJSyW7_D
zRBH?wf7!Y@*TtDYFGc<Y#D(eiUUt$&^l2xl*9_|~;ogoY&E}2B%~%h7Pr5{!&;s|l
zmFm<Z=0})+hSirO(9xw;q)t<$Rju0`p5)+W?i22)8NO4gXRh5MC5hmbu1?9$BUr0?
zFa6tAU7QGNRMppSLy1UZ*^CvoMuTo<+}gGMT)hls_<##X3gcQA{Rt$F_X3wDJ#yBC
zS8rF=t|LeV^}{;xPbXqW>t}vfCp<>*Vau3VEYcj`J_&Y*iB*J6uuM|d7vq=Bn!$<R
zwUg*mjKm&S2WyRD*0psEI`fLPF9=l#w=?6;AvoJRxQu;jP<f<G;|s_76l$tti+jG)
zYl?aP!K7O)edA31ep)Y9SY)zm)G3hp>cOmC&Zz9Ox>F&&8Y32SbnkJ+<!5JDhq2}t
zwc;E&;4SyYJ80kb_u=5z(mjx@Bl~ymAF<mm6?wPC1^k2Av%(cC13I}ym{kNw&x3ZZ
z?HGA<u03>MiX2rEO@_5FFfwuJF>4~A4C{DQ;FzLTM(z-|pVoHZLU&j_5?}@|@$V1H
zw#pJ_Hg^x!@ctGs1$W44WDB-bnYC0x0Zv>v*)*2%apfLLVBFU^S9pXeF@!k{glTh?
z4YAqx=+}-zfBf>FIqW$(p*nv>JwL})9i?f$q2rAR1RI#U0r7p~a-9Ss9lXMffRHqw
z6ZY4gdMpDs$Yh1sx1SK5dg%5`&W@qR+3-h4+*okz%)Vf*QLqPcaZ(16-qc|2vc!&l
zyx9vE6J#g=%%GWAoqT`)wGey8Kn2bScjnQvei$e)dmf?d<B4Zr=`Nb!acaAEWxGzB
zDj9Z}R_yn!>E93bbk43LGiZ;$Wv9E-UZoZ}p~U!zYn&TfdsszCkFChj1IX|pJ2%Vr
z#XK)o%uL|`OebtoBS5zW245lWW*&4I>l)s-K4W+RKj+~7JCZCwH_=v>eI+x*Cp=u~
zv3U@4EM8(n|Mwb(Z(;qQB}?+P;zjyWByu36b%nEKtZxY&C%<im`Y3%a{U;z|AQx+N
zE)-L#B_!4Wd?|q^RzLc<4#sz3XJDi9SC5T^he)jK?K{Z&ItWf|z9AHX9)&^O(mbS&
zMVYkSj!jOck)CcE(SI)-2=c6g$XyFEq1*Ju2LTyAkQ5PAp^md4h0*Q+xm!VS7Q>}Y
z9+*oqo<EuYA&z36uQ1-@?CMYXbNKZLnZ64L#heoNVdr@tfCpBm!W$w&42%2FIA{2G
zbA~J1m0Pn2<-rC=uL9jRNEg!WX#hovVMqw}cUgZ&a_?IjRFGK&vut*jRJn6FABV@L
zZP=$t?jx7K*bnGJIp#VI%5MA)pUx;LH<7$Q0cl5}V1EV-8OAR;zm-wm{}F$fB$$f-
z-^v|ZTJ)ax7t)X?jSez_5IM#88+TUb`SmY-LRH%Qr79An7?QrkXfLD@b)<W*kvzrp
z@gsYW4Nl&|8SfjM5F4BXorrI2VUEmiCdo$@%OP{7K@*lFj5oUrTiw0<Uk4y7A|QrC
zM4P7<oJ*S5i9fHEmu+m8=-1GS4A{mLO~yR-N9m%ybXBalARHlE0zuEOE(M1^8?thH
zWkBv97rOh75vUFTQNi}tk7Ta*<e#>oH!6rFQ(?6%A!>!eW+k%n?V%=|!RlYH@S7cZ
zH;pR}<xV~1p~vSs*krj|!UyU?t?|8+Ynabz-Jf}INq>ib&5X4x*lAy$gzl*Z4IK^i
zeu8#=jCF5YTw#fk^fsLU20PQ9Z)zCwcpCb>9V5TqzCOQp2pFD_5uoFNu8&D`OC(*+
z0;8L?Nf;$MMvcJXPz%;GQ&KQXXI%NciBpT|0MQchWbc-*L+$tM3tp~GGb%>ZWV@~c
z6|Iq40*WxNT7dTTV{Z4rQ%(0!>kiyj=Q}=s2X~mDd1$YvT#z4B(oS;Z8bZ*DnCOqc
zj!Ho_^MdW#13N(R)e!#&>L&g<>aeB(dzSH*)lkAfgavEh)#t07`^_G1V3BbPn4!)L
z2oUn=5~2c1)^tV6<9C;F?4Ngo<>cWqAJEirV+dnH2JnDLt&-r-_f1l$k7`Hu*r}(R
ziLKAje&O~}fm=JE+a!4eCWqK8zIkZD3i(6^KU*z(kSlD*VAvQNVpR7}sonY|$j~eZ
z9=uB#&~JY0F=N&sNSp}_WAZ;~4eLL-HzWO`O(LY4^@JKV#S629bDEUFjLlILHEhg|
zW7L9AO4FoF?}r;;`8_s}MM7iiI1<DtrP>v$3bPnW{kx+Mv?g-opy)JU9%n~jUiTAf
zO}M!|;2Q?uDria_U7D>S1NkzgmRzL#)hyW<@fxY1y@0B9LDKVl_&mAk?A}Yb0{*sK
zve%FQ)~&oDqkeNcARYy`XrSV<dOL{$z@L}M)y?w1$lqSKVS}eH5LM!PZ)(B2`Td<^
zrP%R>gM%n%u731VCe9ERK#-u!bj$b8R5a(p`D@$JPvhRtP{dm&-(I)Cs99q5u|i~c
z=kz5gC7c=0Q10@kN{A$b(xg#iJy;*dE`QPhC2~(E&8o2@N<>wOh$Sdg5IzX#svAdj
z#5pzP0RJFYa9<Cvj9~>yH&_gy-IZy7md(?Mu4uh_rKHL+V>2B$K?1@zu#0qRszg}@
z#3T7u<#-21D+qhYsj%3n@P-v91!HxB-Kz4<`Gaxh0Uiph1za$&9&5Lb@>>Wq_XR99
zgt;MRKnCf#Jo>bC1HUIKBp7NP46%)P0-@rjiR5C0#j?2Zs4uKEMkK3Q15>X})X|s2
z&KHXWO7$4pK;D`N;c*~GhM-Il#b~~O@23_s)3CE;Zme+4oM<j{%Dti<7k#TtVEu_0
zW0r7&TncGDeSEViPDfT`|H-`}xBiajkKlf3Uy7@ga?@CAqy@3>2QrC!x<XA#Vw^cD
zE8@ZWO3reQt*lDPXWs*drX=SKQTcLlVQ)LPb^<PkD}fiju6Lx01h8Qf2vDhcddXh8
zkRtk|KhZQL2Lhd4iCKMFe~n-TLIgcr&UrhLtq2GDQW!-*^w}is7o?iv?m1u<O@a)_
z$OW_$dvIk)8Pi*)<dAG^0{1@CRQK^mp7M7;k8?%9wsB&h#5Ph#({!!p7qBQ;G?QTt
zNtc>BnCzZBC1xg{--%Kb$>dt2MMzb1;#?^OwfpW+9Kd?<T|VKtABf*U`B&jJ3+D5(
zZ<ROaAQTi&Z6uTR1+(iJ?B0}CXu-V2+;|mP(2TmtoPtJQmCJ}nwkl!})T|;O;{MyW
zzv8syiruEMIUsgNUB^HJ8}9tFORTxy(_0j*3l<^R)azr-*h!pQiWCp*)U|V;r0Euc
zb4j!6FN)2p;GZp>U20U3^cou#6W`7rLbTLLa^fm+wPh$;IyRdGUk`I2o;PRnWXMs`
zCAEv`$bO8}%p448RiSqr{;(^Gx@<f8^}&%jvGA*L0eD);dSNIL&uHXTwm8Zy@+#FO
zO@+2%fxYhuGG_UqpNWLd<6_@-++<aCk#l3tv#}?7i+_E%ZvSTC5aoO9o=DYByXs!o
z4hs-oNs*G32)-(je@nctR@b<SIIWlo{wRJu@Hq^q3BX6Vd3Y$&nj^NXGpQu|$QVBT
zh0yD|F;4g6mKw(yXMUFIll<hiIO+n6ei${;{D#jfa+<6rTh=@|0KW4bw0PfVCyYUG
zPLTj;`d?ij$HU?lc6&f;?KJo?R5;V5`<pC4p@v^6mmyVp^e)j;V$oY^vAFMzK;P=R
zNb)|S((Ym|J<jwe)x%??4+AOHu2_EpPSk|f{w>R4p$|k`J}P6b;?yVX$^T>PErZ(Z
z*Qj5h6e~_C?oKIM+}+*X-Q5XN+@0d?6fZ78iWA(mxCD1Sd7i!Bv)?&$zT6+~WF|A2
z<o?gPuC;zEE0<?osl_k}?O-m)1l~Nhty&dJpMS5O&i#>UNZn4hjI-B-%EMCJpNj6=
z^C3zYtigxWG?gn{!=&kS^4g|PCRu4V{^wHG0@^2EZFL-L7o*bmzXp_k!|ci*c*_YW
zKIO|OQML^cti$UG|Icny?tjoj{MRr4#?B#R`zz{Wfx-p|BQdqM#_sy7%;Up3sK^h+
zergoZd3AmXrn$a>gsnbC&B^{p4SnpDrm^{7XW2^{`M(ds|3BZ~|5u7Z!bx%^4vY)*
z$L*)uiTaA4mUE~>oPBFpv4?+2BX0SUOzU~1O-h<Juga6lj7|Rjx?$R7U;@c28dRF{
z`1|N?l+-}hku?h()xF^Pk7?K7$!zfCc-zYK0*Sq6lfI!Hsj}#gUk~2hT3g2snqV7&
z!Td#YlKA>%J>!0lT29;MWGg=X?$u`sfcav!*jRdwd4s82vtDJyeFLu>God{j^F_<!
zu>(B*IYkFldKGx7=3zB+hqgn=Tz`OH8X@U<y_+OyP1J*L1hq7r(%8t%vTDk&-Kc9*
za>rl-C*!K)heZOBnkK~OS)EqtfLU5J8^EK@ekSb!1EQvgo2WgVG3Bhb+&$^21trd9
zW~>rKm7IR=;q{VC-$hyW_m=;u&uDqv8BY01$;%0!vXh79-kXP>`U)aX#GYnvNPZ~0
zaZ+3-s;AJn#)AtX+uH>`3i4haB_0;B@5y>R8K^iil&;EQ&W^;in{`xaxeeJ2Zc<ha
zK=@dRzZfev_hp-l-oti$#dF9z=*;2wJ_2+bVh#J_oR_KS?^Ha{4QDi@JSdhYy7ct7
zqVAmkuzXoaNr}T6ExG~j-C|obeY9N`p6E#uHWSEFE}M>9yS)5Zt3S1Xv~F;j>-Q(~
zKz>M6uCx*CoXfyr+_>$k2K%AyK|`DiJ%{N|$NZYqP#QKe{P*sExG#QB1g&2w3!y2K
z@KQ$yPn>(*9K?%Qg_@H>K_19i{U1B}BmHUyg>fzxLdW)lR|&+1&%^To_8t^&Pi)0l
z0;ewzUnD|^QZ=#;Hu?7vr_82;HoSi9wD3^w;LVNUWw<-29ix1&6xXUzfaN1@^@C1v
z#S;r5+m$g-O{!cUrog=_s0k)9puqFk(Q*u)AP)-Ix!{g*@(FhG?mYd9^91WGLY|;N
z^URnWIAJBxttUZ;Ey}7PLWVb3u@SLg6}RmL)iD<4#sP9J@3WgC>*HC7(&nN-<oW=e
zon=pt9W@mtvEs1f33G&YbhnSRto7seqJR^>A;(U%B+RBcOr~c1x0+Ig20EH$0;1S<
zGr<<}Ao>N|)_tpbokjX=c!F$vNFy7i3%8cMFBdN}IiVcJE<ce|cShV6a}IC^DPN<e
zP{*-A&xpih<h_eSW{~GkGW6fw=^sqDcCq<CpbndKRzEw$5_^~baH$cqEDq&a&55?y
zuGcXxdReJHK!EMEVqejc%KVOq!sa0C=-In{m9J*qkdnZp{&^V3`<Lgl6=znt8oky0
z3GL@7t2s*j4aI(VexB(Jc2@E4tD?VaVtwi(+~`FGa<}$fN?~+pkg(0zypjL7m0Q&%
z*(Im4($r(E=6rD(ffdPxsvRqYAjo|ArIUW|n>r26M9?JFDV2qpl8qL9Sk^;qmO-tz
zf^G977RY7u`;#c9(NE16L~0Ylo!N$fd4$|h0b4lurPF{HVjN@1;G1w_>Iro~_|*`J
z?q=zeidvKKjg&aPZ|{x*8z<*fqG%l$NTt9}P}mjuAhK(V^Y<r1VIun9x%;F@vaL%~
zKOC4cO@>}YqQw(-^{L|oP>2>+uvPEJqU9J=A~xx<JtyvwdloHgg3*cGIfOPh%o0CT
z@s)h1_Nag|8Qyc@j-HQ@eZ#*`(^=@XZ{z_?3ipcnjR|<!5*d^=GZnEh#zBvVOc7?T
zYG+ifqRL`BX1};%eM^6Ib@6lAQJeKEq{4{>2CBD&cP(~s@fIpm?JW47@5K9C<GT?s
zXT&*O9Dh!u_@rmSe|Iler>casjEr37gUjIY<<lAm+o~xIE&pIuh$^H!(ros#2u!dA
z6<Yj6pkrK2#84-!0QKD<OB|{^GkO9M_zeN@J(4_>^YnU~NwBkbxeYbkw@k_mtNdX0
z^9nhN9rjy3S`A047IREdqbQd>kJ*^`4+>=%Gm<1>cvR#sejUEZ$!CNWa$!haVjsYN
zJej)1o0ZFES~u~U{2Qsczu3+bLKl4U34vznc_vUmReW6j6y6WpvW?Ke<XIr-Db&*u
z{{9MhHoSa)xs`+!fu;mIIw_d%#Fii+AYZh0IklZKYj6BLoS>WZKpwt+R1AgGe~p~!
z#;v2;DPT>4i4W}qJ`Q|T>v=f)Xs714-{lGm4m$X>b;v?<D3ncj+UH|3_+}U|P}QZ$
zoTTV^?|FGwLtF+=!?i#(<8^v<ts9r4%1v>*fqQNI@t0r7q!b1`ujE5Z&kMoE={W`Z
zO}}U^m%F#I%WPuw(8d0<<K@%G9Oh)y0<HaZNY+L~6K8ljaX6LN&Ev{x=4kqy03EfY
zPCHi3r>QHMjm!VLK_qP24qihX?X4=2atpRZ6|tb-Gs;Fc%hv88`sO>BfG2+%5-<|B
z;G&l2Nd!h9iM{Nc5cxenQ3b`K3FqO}dKmUuu@p!tflD@OK)GM<F{>DT32T|xMi_3w
zH~+>6m1>mECel$z!%v$wlIq&5cd`3)Q#!V1g;MTO$9dEQ%a!KO%tyw$tCsQhu>>>0
zk3KfYM5bOmZF9CJ7;QcrI*C<y5}5O>K9aM#>7{u(Lzmscy-?E}Par+Ht+>Kki}UO^
z`(X+PKf~p4XN?2`o-g5B359v?q0Nq7s=t^*NGRpcw-I4_DI~l^2K?YmY<Y-5Wc><K
zEnor5s}^8@50f<%u0|Iw!}qav8rqUH%5FTyh)W2>91MdUNx5c^N$3S*%vEv2uOQun
zrP34n0hSPh#N>v!+6U{U9=AQYY=>j?vub_DkFniAaYs}CF6N|yobR}hl};F>AU#b)
zGGVV7Z~OO3K4-28$Vxm>sA6`!Xqv!;apZ`g<eSxPn|c&x@&sbmdZ=5>tH{=(ohJ)%
z9Qrn!!P!~AT<wZPEiHxe)iZy}3_J3({de9E?5}#28tRjx>HSfdAZrv$TC8F5^)I+Y
z#OiBb2xK5n<N(5ggJ$20Fc}u{P-U^A**{i(@1@&t5EQ9H3xN-jaLJim7nS@#6$CP)
z6+h5>f-o*J>{R{wMjQH7l;TKo_?$EY8Auc}<2r8F#pg3x!W#b*!Ag;Vb}?5$CU4mc
zs!;*HN<Ex8Rp&?kvdMMddEM8*05?B4-k``wrEoFkM?#AQ0huefUpnJo15>Fo>Q9f1
z>UBo|sHb^E+hU56!8?a&9T;&>hY4nM9b}N08FHAa9wSd3oM}YaUqVM7yP<Fdu_Z%;
zvZxt{vT=O%w^=UagHyJ2G=Uz1ZYeSO4gd$a&Z$aIE1$y;%H$s-QT>Z$yVrb-wM=Sh
zC=@8E>qNzD$%8(>g%+?Rvco99peVti*o^a^ap`${QczGpM6XnITXU@Y`5V0m$f$Wl
z%3I^)g4{=j7Q{YuXqN}I9`*&L>oD)^?;{MC9%$MsZGH@D_L1N)+u+7mes`5ftz5D1
zjTE}WY_*m5{b!P#=|YwH$_7VNC_@z0Z|+_3;1@jkfo%u_<;YKyKpv(E_Qfr2wuvGU
z0++fAGE+!I=3{NdmM=xTl1O=l*!@arC1wv%R-`U@T4v*98mnfQM;p>DzI}oxI)f1G
zoa!Cd-E>wvH8y_Z-B?a3OG?m@1S!Fy^4vwbVKj!OjlYegDH?njB0s36EPR$(psaSP
zUnwWd8oSLjI7e=lNtEb#Q%D@k_9-&Zw8amDNc3+yZwpzFqG>xdw?mD_NMh*m^`v?l
z;lA(b>9#S?`U}mmp>xT(@_Dy}cPmy{a{79D+e!XY=ieW@h6GOY=fPF(MmT%{Jqn^5
z9wYY_MK!F%H@@GH7NL@r^N445*L6Qd)_v2)f^d0<iX)d@iWcsMd0L|<V6w)*uaxw@
zwO`#2of$N$51Mt-m#A9LQ2u0qs8456Ig(g|o0RW~>?tPD!ZRihv@Vy@99RgjtQzg3
zAA{XbrXv)cMr_S%40~pUqM=-6c06B=Vzc>rM7L;dN9WF~J#%(Cm!xv2wgb?beXvdp
zwLI^sq`c~-6<gNLd+fO+cBcb6q!V~mR8j2Xa;llE(Mc8aE<eZO!X>J18+-5Yl;CWf
zcr5+t&g4ir65FmI^EP445>|0kXQiW@<-S^CcW`7>V*H}y=w9EwR(`ZMox%!orF!ZS
zdm=%FKlEsKgXMZlYN%S=^QRHiRlHwv^Y2oY#eb@n<j546!s;4B7NN0I&==*lol4YR
zGndCx`DMoA1-y&4^W@$?zP9S^J~H8YyhWxnjG}yO>omvsiRJ(8BwuIZi^Q(_&$qN&
zd4glLkviux`dpfIm3zB|D3DmXyoIazR}MEhxGsU?xuUOe2a7_o#}FGz%dAaR4Cj1O
z@tlqQt#!$-n}=-hIc5sZa0_I-uV@xqqDNmKqpSNh{jeA3vy|$U@5Gz#l!YEcYVPEW
z@CoYBYI9-=B%vENXcAVh1CY!SBBDJ(G5^+7-I09jVe)mL6r}lee(~OR<^8`13B`gp
zp2(yZc0y{nec~oQNtN54=a*+I-{!RgQ1PZOFS~^&&X{2;&z|ShdDofi4CwjgXz>x0
z560c}e?%C8D-L%A?Y{V`@Lgh@A9pjE%e+OG0z0aPN&>Iqi?5%KG8|2H0%CrH{ho#o
z7XMt?me$sTAr!)Lr}sx9EfZd<`7|5mXqo=jSMfw1&D(H2*T_#WYk4P}iJ<%XrEbdq
z!?`eyu|Jyy^w9n?eY{w@yS{5d13{Y1lIhWoJq$r;C(mck@I!(O_dV-*07C)3^SA7H
zq8=ua4h<sJotv@y*Cj52&c%KZ$@5$C&hho@IY~B6kKoIjSXAYGh|fA8!0ToE+)#4)
zH`th<<f7+3@B9!#2e})1J-FX1yI0!-z6w|-S~{LImOws%1YpRd4thRE6BM)py|yVf
z^Hm?XmY?To=Z@jNmR{w{pRcyORtapr`fCxtb$=6C_2pxD-*8-Q=z81fdDS-8h5s)P
z64Dhg%kY01w;>+MJcHkkIPCv0Cud8Q&J*7N#a9W$#J*mW=X7XCrakW}7*9)=;o^s;
zLjYTEsryYqKFP13#<kh-Ji(H+*`a`c2$hAYXk%&r**5BZ_<sx3tZx$jBfO!w<}W>6
zSFRqn&pvA(GIWp$B2zg{oHz8oK1uwI?~>e&^3vNMrn&*vq8uMkYcF-B5M>c8hxWG{
z0y^VXLz^3vZgkvZvwib`LQ*Rp@A%q>`%jo-o*hD)$?c%^gS=S}j1$qM&{|E;4!*s|
zD>=m67c7&|fEvTSHkBc?JpU1&jrhgzPxJGQ=U;{d?6SynsfS7gb5#c1tjol(-|-7u
z-!W98^UnXA23+1KMqWw%Otm@{q)42PCwdp5Y!`jS0zShg-5Kb09-JJAv0A7&;`KZ`
zuO7?aDvxAm7n!;H9%|2|3AWglr4YA0`_{hiUYEt)tCoSi>{qGm+evo7THTAPCRr^z
zK9*nS-F1C$oHA7oyK7Sn%BnZ+=N3@y<9k}DR!<zg{KjNg8&mb9Nn|%6CYuh^p5%YO
z!DQ$)F#B<8VU$mI21sex5+lBt8Sfi2k!K?44|=Tl7Ml1Jf&9FYV;UQ!sB%hG!#a1U
zOGnv^nDl7+*aT*c4&tB<%7~Yi_#Xhhk9q^nk6;0=bw;s1;~y{qYO-{nmja|ssr;#o
z1*wa2qo!3W)DtHum4D4E4VNSi@78x0*XbFSTP+@mXqU7kd1zkI4PbJ|&@_5VsEEL-
zA$^2MQUTu*p$iKN-Bzl-h0o0vD5*e>jK86F^#}fNM0dL6p&lKfn0a{82MKi8EPG3K
zq38G$CeTM_cltWDc^E;4RXP$3nQDohRNsS&EfWvos41{DL`CA%u27ny+;4Q%n|%Bs
zOxWKokhEW<9AnW;Z#fH9;CZs3OdF=mJfF!?=gP|4XDfb^KF}rdkSqOeFp_$mo+~nZ
zIj7Be$|9s(YchF6ti(_^?f^HrEUl_UCZ};9_txgyu8MUErI!^?ltN3zOf#L*q(G}y
z9BscbY@c(?FxFRtuNB_Eju@ntvJ-EJK<U1bkm?hLxr1mB|KxX`9gTDs%4O+4^j#@)
z;v;htnXIz|M(qPG^^}G)%ripjDs&GY$c{7Pj^nv&PZ|Wn`Xm2t-eSpM-6c3!oAKUa
zvd))|mXaktp47l49iIz@!c?k{(*ICp%_)e}+0=i0v0^U`pwm!FMTTXGQ;!AH?^URd
z(T4~nb@KWIAK?JllohB>HL`z;oJuR+ln#X0qFN<)NGXR$5$7dJve~)D<wKm54X@5>
zR%}%Hevz+gqZV{S+zjU;RWX#iQop5$n8jEzCA!%1Q4I?-6v(nh$Ve1Pf!9oj`JSun
z*i0%7=Vq9@B@&jt@wo#;sZLZxDGymcFzNPPas4Q>KxO~JYyTNy5Wwnj;NE=k@-se^
zqu~m04@{tdZW%&cf9vVpMx$rmkEK$7X_6s>%VI)mnGN+@f&$P-n=!;B?}!#RSVM%2
z@p~_XX7X!h02xwR9dV~?etO>Z=cJ{hZkdRSXDuA$95;JSp|viY8gO`Xip$XtjT)z5
z?Cj;_H30JEy?C~B^6Hl=`C7i0gb==7*VgZJEiiOI!^O80^frgw@ijki)95>-1tR_q
zb?bL%zMw$R*iMLnXN+kGhH?ByxDdoRv(P}(xbnp)*PJ-0inxePl(M71SMR8GS4ee$
zVU-<1jRIPT4Psb`|7l(pvyOwnvGDqu9yt*j(9D_s!vA;Ar$!)5)dYOcW@vdhh-V&X
zaR(grcw2lwe-C<pd$r}tLH&`<K`D#9MCj90g?BeZ_X1=lq~XcV%h<ZAUx$NV=_*Ui
zJ+xs91+PVfEW&$rUE_b@JSl7GD;Dg38^Kukeqs1wME8#zD_reZP&qHs>?B>>ZMc&!
ze~LblHz;oQ)&G?6OzCGgDX3ed_gs`CUEKD2f3ackB#9^=anQ(a@8lT)VG?}9Pviy`
z!8JF0zaZv5AZbh)P3IdfYF21i`3u{dk6K~(sCVCRIxnq;%!O+AB-(96S#+x&8eMz`
z7l)2<vv0zrdR^`}3^wlssZ#XI)~&m?y7wn+55v6ems7%_XLzT_JS!;6QHUEMbb}yp
z_F!mio#K=jOd+OE3iSJ?LFAtBaoP@1qDq-t8<fg8gu;Vn-1^rVcM{Er?WfT+UU~Qp
zbEdmjb0g@|0bpR@i)`}xsqM4ExCOGWd@+`F@K+|gNOGB2YGg*v{aKbEO^uSqYi)a{
zTpcT4y$cn%5Vr=E>Cad7Trf>IJC7X6(}4;dV_Ra5Q<7_z;qg711m>SrmA&{JGM3XV
zefWi)@rga9N*a(QDWslWo3y$2pk)3~A|jAPC;<*ZiMx%c8^rlqj^&mw#Q%<n72%y)
zXb&2hiHLSmqWFcvq}pEV2(y7kt`xf~lB}9SslCGFqS0k3(r{h|(1}(skQQ$PaeQdj
z`6|s#({s5QoY%nh7KvOO$ru@r2Ql&pMLI4Fm<c7W9|pDIHY}f>A9cCb6@nX~ASwf9
z;{{=7nZOG{M~@hvEx0B*M<0S$5Mz}c%oO9>qG0=jjzDEpJk`14U()+)CngwIzAC?a
z&;>)G3a=J1X42DI3IPTU@vp&aYY0&=S@=Zxu`!C}p?~^Tea;qmL!cAL#a}~NC|oAf
zc)LFwrMiws4o!eb7*5#5)Y6Y+*&AY25XRDVqXDS?`?0G`H%9Usj0>lS$6ehRhqj!?
z0t-s|#CZKW@GaUu1DUaPT;t{9RW=*5H@pv;a%qwpC4g_c#1prVfaT`7`Z-$v^gItZ
z7!dW`e|VQC6ELEy#`aO`4(-zA;M+K{AR!?ZFR*;*T;0*S8?L>(T`Wu?#cbZ`kdW(T
z)s}E(xsGSp6yEXD0tA~iFCS<hl1{Zt1Ay(~;?z<5ejlxk)vX8Nr4Y9#LpmP7f=1**
z*IbBU4Aj|N*<7AJ*!ip8j~`H~Fi@|4G7*wFzCN+W2*z4jRaS6`L?Zu9`A`K!ekC@i
z%IMoS5l%Q#R)F~SA&}307glj#mfF!Fq+A1epRF_CH7tKYv1|`n@a=&DMdQx8bjGAc
zqX^$`8KxnWP~phwlsK0>8MW`69YP`9+!^qS6XN@jJ{x&v<mS1~RvgW8HHbVT&r`4t
zS1m!~mc-KU66_j`+c*&^NB>-0dIdm3RKkR^w8;9q3-WLbT+WY47<U`rCmdtexlNJ@
zr)>+v0wT<~RVPK_u3-fKRw4xZ#I|$xztNj^>s1_0P8dbFk%svc^*vK7m-#!+yTbY^
zrywGCba4cy+<zvzr#0{2K~jeII=?~y)n&vQvF8|DI^t+JqLanrN#vmNbbac--2HXe
z^B>wcWHC|QsKaPsHBVp8j(->rmyvXYUjm1ZncAf(5fipf5@+mlfKrWv^`l~mKp!T2
z58>4~J)a^}iy=~{Q66rxviP(@j4<|Y_7dM5NtJwFw&_^7B@&kZvovl_K|a;d_NNdk
zRl4u^RK={;YBnfymF_p~{-0eDeO^B5MTK~E6*NSu9DPX~vrxw;IXZzrzN{FcCatod
z{P>P%KgdF;(U@F+)Ms8?>ZO?1gy@os!&3%~+H&yeFW>6DkP?+5476Y;EI#~Xz%~#r
z6$z2DbV*2|=fi7uK^>7x^IzT4;!JRKQ!l=|cMAz9i-Y~xrBhLu0IIT#3v;Cpr&qxk
z@usUi%esNXQOj&;ZR-?@bC=n-`JSSQi@ai`7KI>g^8HDD4vEU_Xk<?dguLqXXypGV
zy+l{eYH6i8E%VHwDRY=gl~$9Up8uzuH>4CXOt`e$Je#wTs&W|<X^@Y8kkBL&f%Os2
zyEN7$^+o&xGesR;8N>qDr&Z0-x<0;jZ9jXB{6}=u3T{GyB*zBN{>r{_QJf=7Rr;^2
zIevx;9@U1S%C7#^a$fR6G#L>U(^a+Z(q8!4aEy*+`9@)LmihwQ#HJ}y#;DGk3q2x<
zdFh5jq105mloAL2w^4i)J;pM^>@w+=Rvr0iV);WQ52b?H#j;8Hh+pOG)5Qgf<|?BI
z2d-2Mf|yee%Tu?RccyYevt{~H6o%#GAm{NUG}~PkXsV>0>z_S<BI0$WbjyU8p~MLs
zW<$fjChWq#e42Q6HnI4(p33In5o+4JCKUGLMM8J~G#-9*1k7<NbVN9GvhuHLt1={;
zN@tQOixTW;@w;cG0*)Fg2tJ52F5*<6BQ^YfVR-Y=*rg2^@K4Z*XlO&Dfs6#zG4cYP
zW_97b_51tsGa4iJFEe@cmmOCH(DKpp(a+_^)vnpu_1cXpdZYwWGaI7Bg60Js+Zy#s
zM}dw+$a;koT8#xL$HzI7K(@yJi}~{BbC(5d2=?5ueKW*nNd?hF=ztOGFvV%?qQYm}
z$N=}MtaCu~#v#TgYPxtHPL@?Xc<uYGKgsU75A<>7!a1i~%e!ZXzpMWvB%)dD**9^`
zvG`(y>}crn8G9;4w)0&ltt~*xQ}Gpd#8Gd3BNgia;3-_K2QE4Q?22k5Jd=&UEUl);
z$LunuGOToUs-iz9a@?Ykj$%Al?jLaeC=jJsKSJ4<NRI(YAd6EA{Js?ZMH61DaUw4O
zSa`7ia&xcCf5VF$amFsT&}}ajJmu*TH*^W+O%mV>?WmJ6bfh`xw#Qz*q&s+UI}E$7
zH~7Kyx;DID`!a$>y?o;-UDuWUEuciO!P<^Pf2wR0uHkF*@9SUu*hHxyu@<H@)fh{a
z?#oGNzX}d}mW*^V)p>k`-Z_iV4pXmZorTgdFTu|cX&m(63YASeq2nwtNYL)vnGg(f
zeD1r_+2cA6KIemb(|X=`e_gU9dGiP4+&-hlKVG!n=XJfm@OQnRzTTeA?02HYKi|4<
zUhhAn)q1|))^1k4Z{+m%ki3LV)oyOS)(B<^+O39d0N(0dbICWsvzg~J=l(t1fY+y2
z&#XmHZL4d|!$q){)mxWGwV?0&>r*3&|HJz04lxyAN}=Ex{C?39Z?F@25&qiteE)h9
zpL1XQpl`_0^cXXKetvh$Z!ggEysY2u8tXaqvT%7Hzx?uQ|7Im95b_T~Qs{*aiUzB$
zjjgEu558^nKbMy_2FQvR{x1mH>4eYnzc(ST<bnQyH<P|mEdF1eeCz-IrfeZ_%VJgy
z!vMb`plC9~_t&SMCo=svi9N*Fx7V4{ze9Q7vLMFY>DhmRhv)#tK&+i_Z3CsVk(Go~
z)-B4l?DaYZTQ2OX+F4_Jg`?7J`qirHdWHu1X-xUE1XrAyRvsLWk-w%-hVORiiB0by
zzFh36(9ThJbw*7{e4H6qeom`dN8e57RJLm3@~}Xy+Nl2N;f!b`j7i$P4C}3?*7FGh
zhiQ7e7tl8}EF3hYQWrhqF#hWzAljzZYsIR1K2!t^*Y9r7+#Lfb3Z2f6x9AAJv;*GD
z%Q-gI8R|1mmupU)C~|oo7sXGZ{85R_SLs(NA@){OeY^W8oIRD#)+_eQwJkrpF6U)k
zrzpg@Cq$<vY;5%eMDrmv(}c^{@8=8?UE{4x<n_Y4K9md4neZZ`3`yU7q~E4Zr9-Ti
zHoZmlAucUthvUGJi@0#T(zLlfOC!w1i$$_PNon~4P?M!uSvXt-<#c*r!aA7!+d{%S
zImhSx2+6c!)aif%aoFb;5?Uf`4;cZMr7T~<;@q3P*C*cCPuUmElNifEPRx^xDO61v
zll1-8cCD%08Af;CQEDlk$TAt(yDDjd)uQYL>z?+m?$JT*1Ixx`vB&D=zXYwzLV%T>
z>?lA2676+`8pqFq^`nX`I95<>dokd6X5W+Ri#q!d%2OioLEFfE&e_HK<Xk|@pz9*<
z$e^N>dOn7Gr*@UecYS3E4XgQ4KFQs(ARYgl-?j=Q>U3#`o{*DQ;sq@G#_@`Hdl3Im
zxg$D2Ah1KEcPDU&KuKcCZhG76;B%W7c7+(i{%kt)3fQSbKf(-&{>ZQ+H+-I2`?V_~
z^pzgbp(aH#vzInc7P#F+o;gDC8A+g$P_E14qpvT7H8DZ(1A-h_Qi$h72oZ)a8UgnB
zWH4BydV=RyDN<z2i>d0JS)=WIa(d)tRMZibVih=tT2Xswpl}|o?n7nXvOv_^O+HiP
z<vAGN-73a;)>-6ARS#n&c%}&ftMOpY9@5OwD*KHJHH7wLd-qotfsa{V1NF$^!kHq-
zg~ONkL~^5e^W-b?sj_p<>ednKu}Mm@PCgBU2taI+wDmQ@@mc;+<oL1_KjVrLB3&H%
zE_g&Q@M@L<Zjp5@skw+y1NOzTd%kHuxX$Ard@t!O?cWg#9L+>{PM}M1033m6=s1gc
zmx7Ph<cxBaN^B_MlVdcSQ$jWg_A}JC1zJdrKJhPi$hqAAP5~*?V9`>4Lg0nDfa8}k
zXN_p=5s*axldPJZowt4CMPQMP+GeM~J@V!zoNoY(oR`+VB_~u+&U?(fsyr2E4=+x+
zG)_oUD8neS<05hxFf~@QSzrC)M`a=y4TK$?XRLHn`Dyhz;8?V6gW8Fx&xj|S4Of+$
z=A<SUW*_7DSO1<eIBgA5VDXVU=Ob|ojzGQg(GW$g=h1#tkW(1P0!i4=!O%t`sznDL
zaTemG7vYE*LO>7vw%QkoEIjbrto&}rp$1*8aqAA<%BUuSgh^AV_>!H%Wb(&nNg7(t
zJg36HDATlM$;#Q<_8AyX=CgAZa+qHxH~sj8!n!H(5P=S?Kv@XP*3RZvhzCy692gf|
zHAG|~)C_mBEC#Efn-V}4tv3GQ6WEnD<HwM30ZM$q><KB+ZNIte*6AVCGfy~AZBmr!
z!GS#?7~Fg6R46ia`a1)CM1Afa@SjscmbgITRe-Q_9Vn2~3N#OT6^g$Gs}def8Vfw3
zZo7SHwjovkpc~`QX=Ma5<(4G2%xJ?o7xMm)how)HXwwj3Nd3XN^#@Jx6~U3q`S~kA
z;I<uw2a4Yf)+SX2LpYD1>^XcY?@ZXSo-9KOc;G=wj7l+Z4q4cE7<L1DURPzc2#FzK
zqF_9j4-$$T!F4hvfyhDn-CCk_I1twFA4S1{a2&xNHFwq7Bjj-lqHf<i&%>A@=4_Jw
zGenl-O0v%veGd2e313~S`M8#SQEP|7G6ECiK2ikBdvZmn0FY_04G2}66C^Wsx_UZd
zU5ljWC37(6M%JS`;(vTh;XMARMdU%hK%D!2!AXCWII7^tnhk7vhhqZxg(g$5P2SyI
z0A9}D;oq)Kv7y^OIp>K_<W1NN{F*GrL?6qhW~D1eu<$f^4HON*jxT99>zN(czWbtp
zw%I$pwKM#;Hxc-e2BlaY@WXPGzyIen>T4F(1H%T*r!7ij`?>S|HAi3_Add5W2QOgR
zCz1{3x1mAL08_1klb=(R={odHJAXDY7&r(uDAo20^Kkr0e2EPionG6nXXB6I+n(Wt
z2LK0kv^8>ZX~%iU0-ijj*)ZS%)zQE~v`jE)jD)=ODaum<!KMLLf7%W2(hjDSjX!QP
zyHB?4cQ)G6CRS&OoUWcQY_PE0vuLp$#`lhI58wl?1(Lr*=iU7aC$5BN=Ub5aznpf0
zfb3M<^0H(Ld<hr=!1rKH$Bn;3I82GfMIOA97yZ}g&Q2aNLVWPakA&{Qmo&21sC_Ij
zGlat448x?G(Of~+Wc}P61a-b%F<N{dDkh#&jxwPbC3`(=nDcv$1f&F=y*i@}H~1uZ
zutfz7g>r!A8F{{hu;&t-!O$cwHx#Kdc#mqqLuwm)0k$d8PFaP+k}nakrwG&U?S#s$
z`W)&SwK}yFlD;`(yNQvK2od&&Od7O5M3<fda2y&D4-Vi6W!t)vMJe$TUK8(2AVYMa
zmq*VnhpCe$jB8(v2qh&O?C%ZYVtBV<$<}HOF(&?uUNFLQUK0XEy&gpaQXBDBe31wr
zr-?4ud?Ls{NA~tdOrLGH0ih;u4rtX*T6%5{lA&^Rihe~kx15N3=`)HgGxf}(YSIR)
z@x+#=P)pM!#D!P*3BwTc2<KoM)RNp<d`i9)qtawR{~>(~n?4(4S1)Hi0VIj&BcsaJ
zBfbd}MSl7~X##QSAXoYb(+x>|MHh)gB8)~aXTc}9k%SG^Ze{R+*&z+86HT4fQD~>V
z<n+0wLdwRf2;wA)Up_;shQlJN`ZRBWB2MpLG&|_$j+42TKg-Z)&&WmS@UdwxPQ0Sm
zO8(e7H*dxos}2sU{4+gmQdVpjD?J&^@6Sb?=^#b#2r`in3{qUrx;(te`XfDf07EPq
z$<(ViC6x(7nCnvZmtt8J$GS-bjzEME%pNG*Wb7cP&mK8H{XqiyP@e9QaC<^&P-?6x
z`XBZNPAtBk8DBUnBwz|Bp)zM8kO@mprwm15NIXaogcZ^KIue>l86yo6Nm39wtE0v>
zD)y3-JB}z-p%;=Jz;r|A@IqYcBO4VZe>+QjUi=3DW3HabD8}uETf?=+BTBEU93RvG
z>#l(FJSjwL$Y3n4KmHJWq2#DKr%Mt-nmiImd%z>6YsTujfoB9sb)Li**;Z2%6<5k*
zBg-67RODhBb%>v@5%Zp&R)Hk9M2Qu0o$Bw$=<sXk!4?F|YH$Kf_Br$8-ci$@l-q9Y
z^H>pvG^hX_N?E-m<OY3I8fe?k*mN5tSAS!IQu92dh?B$1Te@k%g13_=cjSj2Y!UYq
zgt0*5W;W)?LP1<QT`G6gPjpXJI(W-wLPY6OCDuEKo(KWap~&M0)KBSrqp&d;Z-2ZX
z6z!r=a!{6(c$!}3?~UlsLFS4{2(?*H;s21jA_U)2vv)(1<@Uc0V%k?ROnqg2H_&IC
zvgMp6m-0$K($2lU$DId#!9|15z`U&8XM+Kv^1$NPXb|)R(M6F!J9KT7)6=m&pQ#v5
zrr=<Uk_LTP@lC(yUim9FdkYX1$zHJMfsS6nw5FtEyiU#9Ir3qA%<YO{wX2r%8&K5R
zzG+KR+G2+F*YhYyEwqh4>Z<4qFKoqzcdg!%@H04m6^@v>@6eA~4ii`<J-L|kn{qa|
zY}s9tPxH{>ih1yD(6Fe_uHto4F*p+Kpjqyw>0C%yY#T6R1*X{dwD0m=FJ0Dw0%Gg8
zI@e1st$u8KNhnbQX!vr&0<RfP$X8Qn@Uoz5xqCb}@}wL7IB^|1zfo5bpJKzCjI(6R
zmD$u3rT}zZvfGhWEMWT;Qy07mHv2()CO~f@Q<*gUo<{CH^EQ<$=At#3xFH*|a1-T1
zZzTAkigg>MU*RdJqeFIu`<KCs7&$oJX|@%QC4^{r48srd7HoS`-PDl5@=V%yJX(2W
z8JvWuJ!ais?&1qrk*A(3`V8hQgan)gC`s&+vd1HG``JECdfzHOsK#)=XEk@kCvq%5
z3=&6nVZ5Hr3XJ36*scOuaHrE0s2e>`3Ueu^E%oXJqeBnLZ<9GHHcRx6?v{q|+`Wo9
zX87EbxCv$j(3Y5v%GQ)pD#<8T$^+8h!gy9}Tc!$f<;z1%pK$1W7xyjy;tY6d(5oX`
zMT;wn$D8xFS6k<R{){e;bBBExeUUj8^jAtIt(SbKEFl;Ss9n7@(1IMr`YMadak5W|
zf+{ipDl4jZB?#@Z$T406GlBn+7hiF+!uIAo<&2_)Nk{=^BNyghaj6QyZz@f7{Uf~W
zub$1;N#5V+>YCmw?uB;%wJ+bs!1&eweV@at)V?X!|0UFPt06kg9E|Zl1gFwJ%FP7j
ze*z8dpSp9>H%us+5W09Z&f3}yFr3c0QmTGdL)PUTx_E=Cy2qgY^-{;D67#O8Y^KHJ
zo^y|10x(IxZ`*SW&0o5^+lBH>n_H6$4Om}l%{*zIe;>`R>j&N+>3GCk;Vysk8DZ&J
zb;J{8S0HS>b(kSY?bY-!Ti36y9Q8}Yxu&Xh?hsY~<;~k|lRH;6!S#L@SBQ3S$v=_q
z+FYgHmHTbZVF$%Nz*g1al(FU+@J#f0Ii&+vV&5Zq^%}MFw95AIU|m#1GSj@0%AGmB
zIg)*9M0_WywLS^<6Yy8_d7yjp65LESyG^geYIczavtnaDX3H<~UYyN7`7{ta^`C%9
zK8)<pPSZ?(EitrP+uQT)pvyz71t&ZmO3(Z;h(uXm!kn-5e8tLh_PxL=o1pmP`P%;a
zl7nI{c^<%cXM3G<I+v<Oe*#)qOt{Z76<1IzMW8}EIT=2g*qmS)rQQhWxzs)1Gkke^
zYLxeV`zJB{;nMO07m^(77crh>(X#d6&4b{1Bgw`E(W2aNP(}E>L&&t9c)^B>ZdX}9
zYPJP|Ul1(}as24Wcf#pNWO%C-nFueK^6yp5Kiwk^u37|d4rZ;U!bWVA&71xdv81UO
zR0xWdq=c+nC{fi?riK;MMwFRIi3MLYIv&a4D?m_-Vj4m7pMpuHg~`45B#OwwLQu&K
za0nd)Kk~%PhESy7^Otxvh#NF)SgIhV){c`X7OdO#nlzH*x)hFI>P#ESE;o1$gX-P-
zcaX{PMlh@<6XG7XP$gM1Vzzc1rP>(V9LR`!e*#}G*OV61E0aPd_JuvU27dVCqevd!
za+ke;g?r?~1$R3w6F-$a=o*O4Xy47F#jl3r0zekdg)4`30IXCMa{TK?H0NRp<HH<i
zITC4^IK1cW??+2#=<Vyoa3L(f)*Hw1b87m$ncy9*t=2M_BN|;9S!CyqX`yB<B|7*&
zuwP-cGH=OYSSDrL%2<1%QSa%Jl|9i5oM2)N(!<ySJ*rAohV<6(A0=g*Bwr;^*hj5H
zfN8~-crrX#lVx+4`qldp9~mH&hY;Xte$9yq>)Gsr`?USN_nK0PRsvy6mqt!|mQc0U
zkl&0%k$P#I=akLd^f79A*4z#>C{c~5C^v~jdX=TvfyrSujgNA@PH@i+Hdjk0^**^0
zw%&};p$g?E;i?W(`M@aRibX~KG(k5L_T8M-N)3<%nM~D|3=fqI7om@)yB|l@dzP?i
ztmN)N8eS{P;g^zJ*p~bk^#-r>^+=ug?)t^BRh)3mt0wo8i^mV;sG1q5aD?&9Fb0=I
z&R#D`t1Q7{%z;j{!FGI+37o|<LWr?GC>b~5P7majuol4r6k900qVIOj?JQZKDcXa_
zpPv%NkSvlBD^A-nrMprJ81~dfd@6ph6dGQ*qE=3%J-z*l$3X|Y5kXd+2+Rs-?#w#t
zTrJ1>o7`b1Yabftk^6y$+tJj@-z>L_jRuqG%>D{^VR4^2&k%B8VKNd01YBZnzFy#O
z8=+d4!Pko+toqg(e-f+nqSRToPIGc=iq!<=ZI|V38Xepc_}wq&Ik|WQ@9f~fI-~x0
zfw1MXxdb@Lh)Z3#?CV<BzE?UtSQ*WRV!EhJfjJ$WTK!{iKyP6<j({+hjG+D#35XqM
ztViX(DVvEDA7OiWl_<pq+W-{q^c}i!IZiV?d@83q?9GdyUhRuC3~k66E)7j>{lq2U
zd6sO5HB5zW<TAbrwpw@9F+oO3I~7yUhyVBQIA!bG#c3RDk%que>j;5k1I8ABQ`pTO
zzjw}42k_3#ICRy-aNGJ&mf?mFz~(^jeCz$S=LPh@1OTAMgQ7DYzfJ1F;A1WM+!4LK
zrT6q7DUxfB^d4~Zdpis)6cF3P6b%W57+{6#))w$?lyv6q{7`rma|~MD3l7hJDI?*k
zbzo9300ZrP+EZ~UooJa6nDgvR?@zN|*|#4z1A51Bn4HQRxAo3<U%cx)D?{e3|GdQ!
zhr@?+xpE<TY?$27Z(goPFVcE!9MJluKpI3e$f8xVK04mtZ8PIKmkWlk`vl9d$C3^i
z9c*EHcm(t<WPLa;A&Lvk5~4vG%f;hm3dry7%C~3TwzEv<xhC{+gxN7btdN6k(+fqN
z4e#&5I@ZJ;@&(a>hL{P6oQPfZKzEl+fXBG}){Bb<5lg{pD&w1vM)yw_FB6Ogc3o8Y
z&SZxzf49tVzI1%tR)dBc<Aw%nGTPq3&rCFZG>iZmmy|$-MFaPi-w@4J(V|BJyK?-W
z((u7cU_`|<hpDfU#t0=xfK>!|7%6OgTJ(HN8TJfr(6#ZW0xk3)Kde|2RPRwU0pj4*
z?XU^_z~mq|dVCdgWZ9oEeimpSE}AzC7-$flXi08HZha8<82mp7XQvCuSaL}gWT=-A
z=iH1P@DSbI|2`B{X)RWidcb=?KWsZnmb+mW$bvKt-YZvf&NsjR10VQsna(GYTE5}q
zgWNS3r^FLi%>;Xrh)NAl)P4^eB!!#km2${0YosDfMi4qi5(cyiN`@laV%^?)$mkRP
zZfI8^wUwAJgg>chrH7TlKpd{2u<vT7Vt^lum7R686o*(i`E7XDRq6+5+jK730@lt0
z-pKtK9gPd)YUy!B*6Bbb2E(joT8NbxcnQRaGd$lqjqo>XGA+Wm3!{*tMr@}yPyMVO
zwZ}Uy;rBjfOWA<8`^j8=_H1hlN)SUyJErVncDc0iquZ)}G2Ty|2|~|gqAy(p#<i0A
zyb4Y@PCA!k(UuVdnC0`CPGgX9oe2j1y-)oQpN`OND^<@sxPAi^)Q*%H%zUq6)&R*q
z@dpH{3HT1Kb^eghYiyHUPleu{y=-^{s22quS$w<}!Qd{ieKuhpnW0VLas>tcZLevW
zasIUZ4KX}=LPuqL5yjm$)SDL6n^<O|6)bc`gz?<A(K~`f77hnYE^g668PeA7r4(Iq
z@TR?R@m%1}QWO}+ar?T>*!X=?Q9kD46_ytcMw>rQ!Ty2^QHHj$oh@<p+i@eo`UnN2
z%2smr8&)0c;TFssRl|g=e^VatpuTVGf)xF>P$@#mBgBb7zK*3Xr32{?C(j{j@pxJ^
zlt8E&*XSh+xsIJlGp-UR1tCFv<vqT~@^%w`!6Ml7Kn!h`JEW;!l`xOU^nO67>^CFQ
zTb)~|cn`8+X#^ipn=~LwwF?7Cy84%O2RtdOE;9x$>oUJsIzn*-`35)P7b+DJnbzT_
z5J1CXI|RFB8Iwpn<$Q?q&h$_So-UK;%$~)3`N>yU&-HSXtfKPOu+oH?cv@i4nVY0Q
zYqS@yOt3@{f^$X|B8TO&ZY2zeiw*%0NsVz&5GTFizKVwDhcD)$CYF#8%i+KRSiEu=
z&Az&S*JW?jQwT^m%U6YThlZ`^hc7!t3Gu{l<bV2V=xFZ<JiQ{{ZRz)N2psvVF1`9M
z?Bv7c0SuS-TbB-F#03>^kJ$r>sX*H4X414@@N#Rc8N<LKZ4qnEC&=kJiXc<^Zd3BZ
zq$VVwCDg7!D8Vgg&n)cHD?*PtR-&qG(i@rbk1<DH;bM7#7DMB!ezA);{X$9<i%@cJ
zl~95@ZF=Iw0b=h!T^dXAh3rU@0stieZv8jC=p5KxnQ>Qr?*~$REhq2s^g{M%v$kg4
z?vjiL__93y$S!Uy%QiK%a}YAXz=Ihjw5UX0VCR{j4^m0riU!M+Dj)DsBV?OKB7=Sw
zu3A@|K8onm+a=}KtrFyab>&Yuar}G<M--4ZvO5P^Smfx2<~wrenvCy^wta3`CSS>c
zKDg=vR;M71I=k!0?;=sDCz4HE9--3M$Zxr^3RNi!b7&46Px=4_lNp)53{TPS%VyKy
zJr811#mVXubEZXCj%(LS;>Af!J2*m}%~B-NRQw`Sr=gDiG!AE)Qts#t2jM3YtKjsb
zvgPvo25J2Y6t0a|qYt$ys#q9q#;d`hts)=_Xc`DG7`Hs0?op%udG9+c{VH{=M3?iI
zZ*gwtojWIgEfp7QPED5k*e=wRxnNR8P!>0K7vq}n)j*Zs<%>1A`2<-E>(K4FJXI#;
z9@AyclrGbeYklyfMG`sgxKeM~>4`n?4CNQ&zS|$ymE$kR&G=vDwh3>4Pe57MCq!YP
zd@e>dED4J)i?K%-FCmx7dQHI$)t<BteWK%p#gC=8SC>%Vc=&Rd>B?hb81<M<uSH^P
z#3ZY1hS+Pw7p7*LF|(L<WZAw>*4}*8K48)uhdER%%q=xoSebig)zEAAU0mM*NotVd
z_}q#|-E*!z7N&5UGzm8PQ4fx4^g0EqR*ctR7{~f6!X53V{PFOhO=%ieY`JEvMfwxF
ziEfx(I)nVf&_~%1PG|#$F7W>nWS+j8psN>QX$fFDy_!V`r^1Rg-{rUj;alHGq7O>T
z;9@rVOTD~Ea8$ia{%P%?G{+_>vV-(T2R%Tv7x@!t{}!?5O>d{RcV!8XDJYuTqqd(%
z+EWzoS9Y2C2&xrO&D)$A>Yjaw-vcP_bQZ+>d!_^2$Dcyb1fLP!k0Ica|Lny+2PQ+S
zMQ^e%Xqm?Td+7=M&xVaVUP&;l@_+XM@&Deht_k{IVlwI<#R!pe@w0<2L1Q32uBT>c
z%$ql2eTH-`#`m^IwV&ON*Mk+~>+!C%-=9R1PEX!xBN3!h(f@(p6fyk+HADw+1a`EE
zRB4NsE%uuTNH*(<aO4cxH4NDC2ti7Sd2&Q3)5HLs8~grUnG^(y`SV#u%^Br{a<?`g
zL;XG`Kgy&UXDSX2TV7ka6DuBv?b*dRasAkEq6EdyTi)6r>eKNyWt(sjlID#x7*fd5
zV5yC&kMGOERDDI}wNF9XLmRapsWNDcv!adT7;0CcE1Y&9Cy*yi|5l4eu0KvwuEF)C
z29@<EOlItt(Kfz#a6YBAR;9c9TGOmJx8Wa1(<Xl&#Lp!Pm{Ro)#=m7XNko6Dyy|05
znuZ#^-5k!B4_x@Qn6T&gO#{czx1YOBg--rSbc9b(d3DNmkGg#xHLUAPdk7hzBSNpB
zbkvW%(wj<@J79sxDc3t^Y#tM=gSh9iGhO^$Ya%QnR7C2aGQ)Mv%zz2OMUs%Sg2(w*
z3iy<sgxk4nS1MDj&!~|Rmu|~E>5c7A@ST^|!lnFs<?tS6$`G}?q0n;dO4o0l7z{;9
zjOa3!?MIluOkTgt6uP?gD(7Hj;Sd^^^+uwLza%6%;bb4y@&unAwDR_PvFetwm~@n$
zwp5Zji?-RZv*e>n(GzQjx%LC_L)|B9e2S_T_8GkV%BBabxRm34h^vsLRy(q5O^RYs
z?L8`l^iSNa0M;Qq6sgy;D$!C%sUndc+Z>@&s>Op|ftX<Ha90(k=`VL-G8;DYaG6cO
zK|f*$SCrAcEaGaRLQ~1%Zt5H@p#+4Emp!|0(MXkIrC5~;QyBR<%=LKDBnZymAu*5B
z$}xJ6u&34~W?)idx^iCmn|gh*{DxAMifGk(Q9M2waZJ7hfc3Z~q3nghs;EPM1+0f3
zD<N7^y!^1`+#}mDHI%<8TC=RNl&?W&%KS9s>htfv>>7HFeGT<fjKo(MAnxR3eBHYX
z8ipcfKps|mR}b*ijRN-qNFZM*5>&Zs%FNqY$Ez0+y1umOj~Fc-pCkG~Pl1V$k(Yd$
z>r~>CU%@UI?e%fa;d8xb-G|pB#AjPk>a6~wO94Lvn!lH{Q6)%y0e5WK!h!iho&iy<
zn<(L{u}-9LwS%$rMCP@dk|{d{ylj0A_2qU85J;+|C48MvvCkm1g2H&Y>WI%eV-yS1
z9qMN9A!489G|=Ujs`f5_B4uAB?kO?nN|(S4qu?Z(;x^)tF~7jzc7*|SXWbBL?KN^Z
zO~<fO#om3qN5FpPLw);G^GHWqw~{&urF4DDe*NL(Rvpi_OE~)Of%N3h37e3K-O$?$
z<oBn|H@3GopZGlO?dD93cyVW+8+@Ot56`?WYeyj=tmGw55NJdUHH}2_kh7&H`^nDB
z76NbWeLcVrL6a1rWdfyRIdErIRlW37mlRqRZ!~IgPi!1(uM^L>E>~3{#EJWq`6Qcb
zeSPTck{I>QaC_GZKG6wx&;$cKoswT3h&385xD`Hs3`BH?wA2<U(dH+h0@Fv!>B*e&
z%{oS4UzfQ%iE&sTSL{D^V@eC^3-8Lp7VnXZIG|M@pu*fB<>=?R`Utf_Mg@B;gZPky
zT;GAms0F%k%cla`+dC_ga9$o<6lz@egC^mhlG-BjH%*C%TjTPtCW3|z%3+GAkR&Vy
zlFznVrct9VhMWbr<`a#6r15lZ@4gF}o*nr<I}ihT_KvDRP%v!FY5Z|T^80F^<oNO|
z`O~aS--j;2P?wrW(`4~^a>im+SYGLeY=tE-wcR-pX-+L0=`S+juIMK{r<ELLJaAKs
z!@!Hd4;W-QQD-h>kJM`=D*?Q}yYr0MO?&e$NHmTfMuj;Xc#2M9yctZzTi2n+`D+BA
z`?|(16v5XRSm&P+pDfbRfKsq<Px)?qas6Qb-9y#?PJ8~*1!Cniyd6t|MJAzq2ucx?
zEs9Qd%>Cwm1;=I@^xhAB$`TjSlqSRv$=tY;hg_STy;X~#ZJH_W`J=iP-#|kH{xYRy
zbg~OX3Dx*NUZ`;VtvNg|FSGG>JB&9pk`H^2Xk6SIVI$j`BmO&=u)>P?@G360C)^5X
z2HSX{vyj9#u5^(~4NDS(vEws)z{^`3eMoBLv$M@_6HiAHi)h496MP4rWT)TN4Nh6{
z8-F3m>fWG8R2HkyL8m~lDVE$9c#(SM1{e6o4Y4UPaX#LV$<r;|vaLIBgwI_z<Fa@p
z(7#a-C&hE7ll2xY?wMt5jhRo4`A*TtYo5LPG0vOD>UfEkR#yI8lR)z3A*Q&<(73md
z_!s~feQx;oW&mk+gzjw*@IsI?gpt#Mquc@w58v_d__%5024^&rBT~ydu-YPMYG^6;
z!_>5KIv@QrA8NZWSt9Up)&AvmIeygW*yA3-z@1rZd=oXWgOV2Q5!Z>Z*TwG7Y7bw3
zbWJ+fj-P<<BU^y?h&K=W_L>_~@)4{>KOQhQ7WyaRyapO16dEU&dX+W!cE|X3%LD*!
zOk>!kx#HfGEs<rca%y3allr~AZsHj^A$!|*48?zXyVEQ>`TDsJ`k`NXROd4_9E)!c
zdPYZ|7UQ2vy%mnzX`|~3pQNNIE^q|olq20@{k!Fs?(_KJ?!G$ZQQz;rr3ZK%#U}#=
zUokNCwNGJ)Sf0ABrALx~O*jdv7d*AS%+!QuNpm4S3%kBggR)hJPx@1yRHd3C3%O6o
zd(}Mu`DtR)`IlfnumE*BL(Rl1o9*_|Ekv95lP`Jvh8wi+RJ_LjL)Tjd#kH>8+CT`w
z-D%u4Sa6p{g1b8e65QQgg9U;FclY2HJh)5a4vl*wU$3>_{k^B^)cHGGYX0b&{oMB$
z;~Jf%&+@G)^qX>dTHh!J1N-H2>5z7qi<q2``1*PovKBD2&=II$$)i)5+M0N%CMd!?
zZw(vOc*4owRz3JEr>L4nD<0wfs)%at<4rh@k)BC!NEi`J?FkP(CY0{Clr1!8j54<(
zMeIlrN(k7-7$@T6ZBF9KyY58g|J^4Wz|gmN3>8pD!^1C2kliYw_yN(wED*e?uH8R{
znFJ!xVoJ4$_Iz#X^PB=wV2TOoOVOoDF<?tD=16jqNk+p+qE@6-VNq78z>vqtM{}Lu
zlMEMQN8)&DewLQ%7ojNxMd7MBw~X#fRqIGmrqP&OmDlr#0Hf!D<idBB0>-5r47;3&
zL))cVW3okN!@JIio}C?9*pI#$i^`_#`eq}C6)B$?!(!=Y5W}crlj@IaHqO7ySr(fz
zmkHVwSfM1UAUef=D@#8h985HUoGOts?ZFN1ko_QF)<mLCvydW~%vH6SqDV<eOz+G*
zCb`kmgnt&tyBz@y7<7f&e+ee8A-Uwkx{&@pfjgb7fBdfOH^<hqG#1t7gbQ2$sn4&2
z;iVKr*?!xAlw4u#7^>cl*Q}n+lPR>eD)i{ANk^JUv({i->c0SSr(Yc%o>v%_xFb6=
zMlJo1&_&xJ6=|%x2==fQ_Jwn`L>(L{JgGQkNboSSo50X!kG+Svgp6}1pl|EPj#)Xh
zaLMuGY@&t+!ae8JJn{kWz{%cx*5~C8Te>iAyWqf~8o60j6p<X1C|`V|3X(QS9QpYl
z-lzH%_>8kynx)2YL|&CS2~t}~;e7YBh1;gbwz0iBibr1T*mQw@l|2W<1PvmiV3CYC
zrliv}A^8|gsS<t+o0U{{yKj7ddiXQ`xLyvA<-U*^PE3=!s@ia4?fB9Xx$f0B=9wbI
zowlR|eVcIrImYJ*RM8pY@|VP*AW+X$sQt*TGLjS`4j&^aL|sgYL!MdCCSjesB0_jJ
zvf#U~WAMXrn>(P1+#y7J!f9l3o0G?5IrIn@h7(YR;Rvo*st6Vmcj9Co%bGz9?=R&Y
zZM^k@Yh}N>84%AQ&^?|Ag<;E7x_Y`9D+7$CCh6s?Q{)<r&Lju?6V4KQruEnqp<u$~
z0FhGlklf9Cr?hitD?N<+=uLb%d4K21J$nR*39D59$(iqMfUcqE;@7HX*Z#R)#GV_v
z2}u5ARzG2@Sg{9ac+8pzaX70iN({c-8IejwB`I$T;yr!yH9QVod|dLz)07B<Q3<!;
z&t#%t*i%FZnHKymn5{IgSN$`Ed*|E;v-Z}<P&5BqgPZ=o_0+j}YuoPFH@EE1WF8)6
zlfjD{H%=m%br>kO-k^z}Oeb!lD~68f2Ojd@qFhowsY<vQeIE6ci__M{xKFp91uuv0
zOk5`4s@LPoFI)*f2EOth>RCj&P;ydz>tbVDRvitiOw}zzL*o5PYS94FPk`+vxob}W
zHvw1(b^anEo>>KVZ~7`Tj&XKNj@BMNs8tm}p16t7G-_w8rZiN)u`S|w(ZZtY%EQ?y
z#M~4u8ZRQHev)<>ZG(ZGCy$RiT-zyflSimai_w=6z<KneZ{hV7_0pC&ADO8FCz+UV
z1N=;UEYS92?~daiy=Q2yTgx&i#4LrfHYJvCklH%QLMpICNoI;CQmU)??(64(w)GE~
zm&-Vp(l4;L-hQM=!&>C<YHDyU@vt=ot|70ouKNBEv!+~@%TEc|x=C)8LSospG$(lj
z1|0>f&9Bt|dKUu-|CPWt;Qg4<RsVsEX8n6v8J17{*rS2zAEV<2eoP|n>yn3ZSdKU3
z)53$k<$s1K^uSd@&;JZ?(2;Ft@;{fq{j25uiyAG6_}9e<t<C!%@+h}A!~f_$zcWc#
z2wa-XmEFt7ztsC^xQiQJgNs)7cmOxkN4HL1?JlzJBJmKvrWiX;B2yv1?r-YgXoJ6V
z_VSM}Bew34@f_tv?X*(uvGldGJ3XZ*2D~xCa#E4=u=6Lg0soKlF0b=u<xCpGXM^(~
zQm?f73hO(2g;0AoE5gZ-{;52B(L?fdXI53wy;5qhYbGK;P1p&$^`S?d1orJOBzjjK
zkax>rHzz_?V~^X(*Gz($;UQS7&s&ezd)tOu=i&je%MUN;oy!){SO;n=0)Tjtr7Tys
zc6HmOb5nMJXoj;zJ&C%zoHE^sp?0^lc2+y%5aeF*?@rNphUWA~#@0bm@+n`T0Z(o%
z{?)+(k%O216rB9Aq@d1Ol8#l%7D|rd`q?MdzYME%axotn@73fa$|X8Vz8QeNwF5*m
zW2cYYIokED&R$`JC6co1U5-;ub&Q>!>FWzFuCS?(!M=6BPKtb$+9`BlemQGmEl-Q&
zb*5xrZ<AQq7x`vtwCS?oKigl~ms}>(jqYT<;OKVfM5B?3@g$8J#6R7n&Z!<1ox-Oo
zz}3(CxV2a4xhE?h#aIwD4Tn906j~3@1xWhPjE$#^6*QYtrmb_`Ypx^}QZas(Ba<ho
znt%mMm2X7TZv5(Z+!%8}22Ny!g}b7n>;L{4J_|Z(BR*y$!c#Ngf3DR-<6B+K`))&(
z8P!)FfD$qQ*RUKcl~);Rwp7+@QCn_%c<G6Wt_;HpSD@CFdlk#iLLXVo#V05n&YRKp
zk}aC^1V&bJ75GEVvCC-#4-!Z}RSN9@(lC?GjlSQlw|U5RCyc|VDeynM^)93xN}mn!
z%_|2S+44yIv5VLsSLNS8h7Y=xN5e|MTlYjS(}25O5F_<z&7dZ$-T7l1rus#U?}sFh
zz8DWy5Xcso)?@yOv~P#I=g__E+upSouBTygf4r+mgaT*$59bc<LwNV%7cSh<ZdG86
zD{CrYu)iipp13Z96(_@P^svSC@E%v`59jAh$te<<xvh{(TXKPj4@&JJr)pr2rN0b|
znZpNH*6w;2KDHM=po=yZrs<34#9eI?3~%=Av;I+@Jr}^L#Csy*XtmC0I{wtrf>lch
z6ylSeI0UQq3Y&C;(j+hK)IKN1lx}6rpEi#ied@7BUQ&JRWX}O@^@Ayy4VG`spP7r@
zXI6N^1E>}&;*((i#GXkB7`a_IzvHl7RI%k&VN07M{DJbGM%^Ygrgpj*u+h9#ftl^i
zPo;a>UaC>SP^cCeYF6s;1iwYC1GakD(fwmC*Vv9qLnswK&XYb&xl;SJDp-dCCSoK=
zg`s@(G4&*SHAa-J4GI9}#|x#!)bygHJ*po&2?kk62_;Ifkp>Oz0J&2`2DWp_s@02x
zq%%Cq%U7h@Ry6sg)ooUEThM?j<n5XzNrWwgDk5G~d`z^@wPD!sysB9)O0+p&D^hy5
z>c|jQ^7Ja?0(7PMaKneJLMHcv`%Qrq#M-S==35Nd;^c5=@Ihb!m`QpeJ|Q8AJPoN9
zP*B7xZ}NDb6<5#kb%AWVibCjC;}X_>>rli{soQRN4{iQd;OOPgc!VwVgQ?P8>yNCZ
zEpJ|4|3179-u)(#g3G!9NdibpRoJ*HBfNFc<EDt>*vSJDta+djNP!nhO(jM$y3Mg4
zhkwDcQvFjT6V}#;6x3>WJB0eH-4vQO*q&0V=fY$~r_-uLir$1rP|M#Q0U#Spl{Jy~
z!--N##d7|98<LZ=b^D75fy~AK3Qiy<8Tq?-pY#_o6}@V0M4e7Rn&j_nd!5OI3($s<
zX~0_+jChTFs%^J#d;tzuuSs+dUuZvQ(bF$K;&qoW+=ci+fvCzGX+$bTtTG?lvkm-Z
zNnmLRJyl37aM^bLJ572Dhwt^X1AL&;ADf$e@sGdW#wNLsr8Ort<{31-y3a6!jH)ss
zKzn~KN09uVAjY-roe8sC1PXMdEJLfFx2Jd$@l|}F_1?Fq?q`|j#dCj3id!nu`fCq0
z$0^lcksOgy)|dvK4Y$#Opt9qK0j>d$#H}1fzu<<QY}Uh~jBw2aYOdb;X*6E6f_~R%
zsCkjP)Jgp9E}dfHz7W>n@A=^C9X{#@pzX_v^26i2GM}(${}}Jb%d2@tC}qb{;lka$
zEvDe5r4}btpD<TLPgnsW{rg&RR1>M)!Q*1%4H7UE)8ep|AG^eW1JU|0VQVi%CH{Q%
zvT^aej50cgCDi+{*!fLPCHe9pag_HvW1*>t;LzoXx~H%z%fY*>qlCK704ZS<3b79i
zsf19#jkjyGDzD|;Gok3~%lVSOPkjFi>GR9Sw{Vx_1k+>lLS_X$-SlOQkB<YZtj{;c
zc=a}-A++y|x?ZGHr{uYGKGV+<#*<CX#(pe1@gkr^`15lgCdv%fy&aG4g)*p&D9RPv
zKJDF4U(z(??jQJc<J>GFA8oe?vl8LqM3`q1F<BbrRv{m5NZb(&-@AH~{$V)r4~gjt
zG|6@WpbimvE=-$z2e;639M<G4EwKmyz@!us>~u|KIQSUij>uZGSnlykM?=ws)7=Ao
z;!lJ)?)M3*yKc}%Oz^YFZTJv8fNxsYL_~Ce-_K7Swj&_^-xFagjM5plT%WRNTqkHp
zvOZm!_E&HkR;3`JG>=vIq)f!&eV$l~C~@3$r5dau8Szy5DDj!2AQ4y%lL*%5=piBD
z9&_wR)Xho4ar0Z&v^OO|*qCWgqIiM|Rp^;Tv^aGTZf_FEIi9OPH+9}wkd-?he~A!_
zR-IM@TROP9SiU%YjLxJ4+mj!Gry?xcGVo{(xqAq;VK!uT2gkEhRe{c2b8CCo5#xXd
z<BF(kVN;!`;hnwUS{EV0&QGT2oVc*ZOrr-l*igg_A)^nz@ES<|)q)~{yuXGV1tdlA
z242TVb%adkh%GG|G=UbKt7P_v8R&6=t6Ra-CRQZlOqo7(nv&@*HhB^!$_kF{lEX#2
z_CPJmz<VE|tZxF78UUq_5W1g`Wv#M4N9V>5C9_dhRq<O_lX7QI92v3R>_@Kb`Ztjl
z+mUtTJnb0%ANCf%1}c3qF@|F&Kf<IY^csb!)?=e!_E0w`T8dY2^fo|zfbwoxj^q5{
zUsNCZ$@UmNhY8hBV=4fdy<a%kN?6m^=2Qg&#Tdk>Yh<#}CBL#GJj4EGaG@KukL?W^
zw+Q9M1V$!y<XnG5a_c4o<*JYO?br5`C-m6YZeENdnT-f#L*8#+vj4TBwuN^rQ@|e^
zL1iq#5J{Y^&Ea(D`#FJ_!;79UJLtqgrCupK<JCRrJSWzuBi*VOng+i8-O)&z4<RE&
zE#c$i4^$n+o>5iGapv3@<3KKA`Pxq;55M};0Gnfl3gec0fMVqUg~Hf&UC!iL;|QTb
z6>VAqE722ID<au_AzsZe`i@|;FbC~Pl3}qtQr${;u9f?MN9^sm@a+?k9fKAz;cffy
zU`(lI+i$bLUwLaJ3}bbkm?0wo&6Pl{n$MYZw{hmfduoW-girZ$n(vk^>T*}?nMECy
zE{bQfISB8|GT)&mWahR8j@;y=(f=pdMat(z_EC52BioN-ujhf|VBc1wnEH$YBer~r
zi+bI2+HWIz9bFbr4!kFX3IsX|^wupa-#-DEjlMN?P>7Pre55hC4OTLl`c?osG8=Ip
zH6N*{Nc9Ho{l0}r-hGRF&8=C$a&061JFiozd-!BF@rpAXOLurz^!r7n%FtTPG<=7H
z7?3&MCe}pf*raBuLIe42v18A3tnn8cO>eLHsu!=#cG84<V159O)Tl&{t!$;TzPV(6
zQ)hB<l<pg}c6i=LWJp6ZA>HgT5nJ%ex~`W$`PLrfjsjX2sJN#+@SMUUO8mQlVszg5
z?SzZ!6rH}@K;2Nj_oA%|7&8>5P>b<AjwkA)FmaJ_y<GZZ`s}u@@N{HlT)ch6E8S$6
z!`j0K{!AU%^oh8#L_b<qIR4AqpNq1ghg0KB=LPe(m8^{|&v=xHI1LrT$-=KgwDODy
zbVtwLe)Jn@NXNw4B5s?}E^AT&d|KZs{{V+q_`TLvY&<vs=&D8iN2Mo9bLW1FYSQZ!
zv;yUn?=rcA*9ix&Z`W7}PlwxbysN}Pd3NTjPqtsWG&FnX)0L`bk5o7C39tDWC+CQS
z)@5Akjci6Pwaquc>Mdn&jRocc+OS}=ka9C-L_~a##RuU}ZF!*lxKu$~wW|FjcU#Wy
zOx%r4**tbu5ao)eOPN`;mz}F^dCh*Cxs1mC#=M)<dSKOjeq0ea^>z?sCCU0TQJ|<^
z#7!!PI!HTpD6-~v`mFZFZIZKpQ&yf_yHIMA-Sb(Jh!|5+BLnm7<NF^CSmi}<@~E{#
z$%*w_1b}b40i8N*^G^c0{l1iT1>I@4YulNxy8k^pOy+KU+DzbT_M3AR{N+KqQv*yS
zf98t6er<ibNPWGev%Z<SL3+egp$oht^$Sv9czmSaJ<ln*br>Uk#(27jKfB%YSb3T}
zoYpQ-ZoHJc*&;7?Xm#jT?#|He>W2L6c<r2iytu)bd?EgCHjOi~+p28mZp(*OYPWsJ
zPNaR3ob3Ab)_gmmNjpEW9lGRf8R|Gl09<3eUSxfGd-{zb`qugFZQbq6-{T$vsX2#!
z@AAv!V#nj@UHa<e`LAoj2ScCp?l;5@(fhJ18HoG+rvzP`jSazr*T-%T#jWvs<7D1$
zzts>A@RD!WK1RaJCd9|PvGvS+x4rq`1+f133i^`JPM))mu^P}~9DVM4KlgZ+RsME%
zcl`=UsBJ@kyBdFb0dL%IfJnO&Vrd`kea=?T0^BS2^!`^t?9j)T{2%=gI+Ut+z<&F8
z#*ifcKWMI?e<#)ddjL&?;cKOB^D1Vov7|o=x8VKjT-RgUyvfl*p2W6~()3#gUp_!3
zF7Vv4WZRr}`F&d%6@^_|<#Oi2n9m3@o1n1eN%Qf>*COXCKXkd~ZzB}ldTd@*7+lI_
z`jhpN_Y+FYx)BtD8od2XL&NB^B(GhkV(N^E_SMVrw@p%q=L$hzOZ4b3vD)^VEIgQ$
z9|PyW=c_IjC71Kr$hh?<I_}DbhK4HkB5PR9I+Y7xFIU$B_cK;L`wBs4h~kV@wJ0YB
zZ%WHJn@wW2G1jCZ%YM45gD8-yB_WLGWYJ=L?qF(fAo@<OJYPs2_Jy>qN<bXK*v8VV
zcjF?byPmFLiDPd!<xu)GOL3<RF5b<O*F-3zqq=is{E7U_xm!en^9u=i`6)Yi_C2_g
z#vXrzg64{~{b}GJQuqgd*Y@*g9>lU*3IShZ`g6F#@p#v!hWiNzIbalXD!J?9y1`m?
zB2GYa-OFg2E&2mJ6pf4VCkJKI9%|SdE>dCA<{(D>9x1bRA3AlSFm<x<J<@X%<6-Oa
zNrT7r=hdETWG!!?ZC9uoTd+Y@RkOmq9@?(D4g3q1>(jd%h~HnESTYpFAz?m4rMa(e
zg)!2h=9CW|=#4AFxXAp4$)@lHrn}2E5>!xQMU~peKlzNYNH^Z6liT=zS@(S>FO#a4
zL&V9O<jLGKk#2z~t+ohtu6Nn>vH~%LVZ1rY6o9Dw#Y_`+KrX0~ib(E4Ab)PLG-c)@
zLUI@%84=jWpgkrl%|9`~#P$QHa69R*iyaIbTd~HkNG3nG91EqfRu;Idh%L`(tW{wE
z>imxv_m(*E?gD?&OqTpCmfS3;zpadtD2|$VELW|D;zw**lJ$!{Mw2rVtOMqNJW9V2
z#?HviUD~U!-rqq)h_I{`%BlWmyP@;Dr$c8Y<Rer!Q&*qeSvrmhHE$XDGX)=W*JI(E
zh^&~)P;WsgVQpxSD^Ms|f?*ff^<CA{2Y!v^NazR7sEFIr4ocptamh&H948$94;Q0^
zMZ$!kLzh!Jp_(x-0w4Blzde)K@J{XOiZwToJ^8y8b~$D4>{&`f*6$++D(CWT$>>%n
z0-`G|zI<?LLlJPdQqCXU3(Mj6^27~sTges4zQ7sC@lG>XVY1GtG7@0kJ*wohD$=MA
zr$rB!B+C|FH;&VW=GP@0Kh5Tnr2bwbN6c4YD*LmiW<y1qKnY0k_Y*4hjCOVTBr|*v
zN}r)FR;g7^@v{(=KxdOYiwNI$_<33I*qG`^?syzU<_Hxrn(CJrS$dihk^`YkAe*|W
zi8o4g^+DsC9QRSh3P3Uq6yyx;H~NzxRV`+`3Z&T#<NcnC!PIwtpSO&)>QOK%!;|SY
z$4qNcVfPm(T$m(x^BVYP>i=I)T*xlG^mFNe$+EJ@w>JmS*AU2Ac({~W-aeeZ!l*^D
z17L$cA?vac1rCtVnbc8|@P%>VZc72Tnu#_q-ka3^c5<$*80~kJNf=sgA$boVv+Xr&
zGCx@g>~HYPB7K94U=DogHz!P3rx1hr#*0(?i$77GK;<uuNfNd+P}s=cjxs|DC$Pzs
z=lH_=3jqQMsoA5&#C6HBqdN>S$e0g1bp31oj!kJ2qgFD}q=$z|^GRKI16q4;tSqNu
z&yS#?Q%bSQQch#oG+4-xkEfq!^dbbp{;PBQvc}2&j`G-JbN<?p$q%+liD2Y6xu|eJ
zF-(D!8VP<<n^&19;Q<}W8W}Hoi;-l2GkVB0TH082;0r(oBEx<RU_U+Gdb`efrGBkB
zH}0`&=yTwu1j2l4%)*S7*}Q$^&#`)_^43A6XJ6?o{giR+LH6!ezzteM_^x6oA@V*J
z+|X;`BL0Qj<bF>dUNY5zs)v9AAL9dqhqtG~+^n&Coku-NW`EG^tocL<)`!*hrF_&g
za97Xz9kb^eo79feTpM+)fY%|M(;o(c5}5;NpX7UY#%tAMXrwKapD+ljr6D6YD(Heh
zD-i>>QhbSi^xDQ@Y#+ZD##$oVtz@tm%w;zS3%fCe%y&e9LP$?@e)UV}<0)HmkSk&e
zd(4W^Vma!V6!<!Hdd9bWjCb<&49#BDuWdIsZprv_fPLGTim^3^6WVVzw4O=&AVKuN
zNABGZdv||t!oF%l-p9xFt6;%?<JUu@ES!9qfXl_c%xTVPKOl1Jlchq9VBnCcSl)a<
zVJc@=R`o}qqn@&p*y@Vy9G{1r1>w}{U#q1~qpVdB;`=oQOJ@e`LdakIr33{guZCpU
z#z_Jxo>U;6{7?1>4&tiw>Q6CP9nY7vLK74rPw<uyOs(UROJ8!IFWv~xsAjg_rvO0z
z5#r|Q+#eIRh?x0U_t(%iTZ-Dkgc-pt4?RcO0Au^FMU7;v0e7T)&OcSFE)Nmufhcez
zh-zmr3Xl@MmNraxFpe#awF1}kSSe$&X$oebV4tigc7N??X-@pQw9NT6#O7iLcaGxj
z9{w*4yPwnu{ZKNJnK<)bo)32u*^ZB$k&pxvw?_?9iA*IX*+R@1mDax4U>Zqpj`tC%
zCV_)Dv_Zis4dv`f{A;U&t5tRYJBKas9goBjHu6ty-=Na+FZ8-ineYz$$Pc}}B1WfY
zy;e<^x3I1<kmqbFx&jg8C^)q`PU1LD&M3@Ec(M}PvC9!6RC;(HHk7|w^ypr%6$gUc
zh(x$!cuR`j9iF#Y;T&=9MR7_s6=x!qM+h%QaXoWEc5sbVi`^>IijMrt1TnA&u4nok
zKg7=iSIvepdE4QAcz||fcmtmz)CJr*xHazBgIYb%D8N6=vu5~QKNQHki$>@~?{H5`
zQcSy~Wyy<d)6Wx}#)(`_oD^0p@yOXtlo!BPgPE{&G<%C!ToPQ57;%nITdldY8bYj?
zSH!dmiUHg>y*{&L9mdA4Ky(zpI?|yqq|ES%3J)kx`dgTo6gO~OWdH$KVgUWDlp2Qh
zuIDgxi6OBeG1AM5-5ldM>m}wgLLoIIDk9CIMs(xsp7R*<ri}g_m#xEeffJ+(PKWC)
zLLzP4JvAiL(L<tlQ`#Sm`yI~;e93pxa&r1f6ol0R9jof^AlCFC_{kyE`ryU_%8Bf8
ztKgBd+=;eBM^Z;VVe5N@mIGnoW1erdS>P>&061l#5OX-S3Q(ZzQpl6ZGZ=>N*rr`I
zA}uKOBcW8DibTd$R`k$j!AD1xoHaHs<N;*A&#;s=<W9zf)3SsUVv*Mh-IODZ?W}*^
z={6Em%Wgl{E=EK1qhW!(fk3FeFN1TZv0wR(qFGR#r9gkY_q@5s`mWywBVWxSca>=;
zQas@y+hhtYCayO~spM=9%|2)Und?8N+<;J~$?X!{HsbdsQLmnXHUWWJRZ%~LfJfR`
zU$`+N|8V@Qa@hJT?#6L5zD`JRjTOF=SHAIsb~{afx6BnE?N%gaYxi=EEDiN0`3N)4
z8LQV38|+WsAg6EH9Z$<ux`-@GV_r_&YbIpA@xc}K{ca4crdOU=SSIVjMCEKD9JVaf
z1(~w+<)}NbOiz=Hx<sXV9e>Iy#jr+`Fl-Mo#mf(<y(f?LQ)tLaXfWNxTEK8JF)&fB
zEMDY*HCdrRuc|`E^wF8<78nvvF~qM!&b&Ov^%MSBs94pyT&7@05T<(d$6evWs@q*&
zq<3f3h^Kg%J=K^s-@v!|W4pg4EhoFxH7di!iKB~}K-X4U(Zi<ia+b@*oZ{X<&2)yV
zbl{2qQMG7-h2My6TW(g()VI_r(zq#T%zhc07~nBt|Hir&gcHJ>t&}Qatb%dk3PU?l
zF;}cOlTPrNRZ}|8fVlvuoBGK#EHvd1N!?2OcWXKoCL+b47p@;Gfy>-EEEK8$wFC+H
z=>o+9({?^p;Ndc9YLwC!eO0s^f6HhzKqZoTRNZ_IGlV5nsw(ve|4P;lCcb5tfh3Ey
zC?B|cMMc9aZ4nZK@tNk*6p912+C!LDKaOGPy$tEWzanVIM0xufmb@skt5i=7Mv|t=
zSh}sG3fTb@o2k;6%`b<UR(+8aWrSD8%Dts>lw<rVXU?n=CvfY2x2)eW&VB-`aAb;e
zlF7txR;?aU5?@iLj?dz2W1+~*QLE`1r6|&1#r{#*Sv$Dm-}O=mgb~rNHt$NW*n77p
zuU=(IhUU{aux-p#s@{zg^}C!-BhSvh`2*n%34<lh@C@5rDes5{w)*H;%B#U?07qJZ
za<$q5Lh0uy*5iq=a=4qxf67K8yDf0~OAh7n_15)Op6iB~>e+A4O0HgA2&e+=lEP-r
zkM<4QEqf0PlLksNCFci&$B)f^)#(Z`?NG-g@{$njzBo)<tyvWGyr3c0KinSQHF)em
z5}jTFYMJaj;8v*0l6LlXm*M~Nv$7N0n^!{U{A@5{NcO9(gK>AxvO|K!Y;d{S1qmnT
zp`2Iqh~Q&qzRPmQkJ49j5`qP2A{KTh&i9Ro=A=Iq*og%UF(v^0xO0$oy$ey~^>Ec+
zpag+ZZqsedeG11t<V4c`R4M=bgV0$~dI>Hsq-x>_yJFa@p7VJM83*!RMyXj{0e$zt
zgYoUno}G!dJEGMb#-qjI7zakSS3us4lf&^9ZBQ3PFXW#@-uC1>$MZ#{7cz&#*DoF$
z4kD{lkbCHG%HTO$zj{xy(&6v1_F)6mMNxKcZ@jUX>~XO6>y6T(>*;|5`r>QVj{iW*
z(E1)4DBz{;p4|VnZgRo({sm-CM&cmbNfU6IUNU(iVsCx@__8QL?$ez&?h)-E3i*EK
z`-Z3cas@)@gq*z`cqHJdor_-SS-YI>>_PD|Nl&MDx8eSN6SG@rc19JG^A#nanuJTk
zHpuI%$NkY+%gHxT*A{Q)w}4acZjrmY)Td`tPsx7|khp>Bs-RB=R8g_qP(joozWe>l
zf^Etmv8c#;;HQ5#PsBY)Nk0tO{|{Eo*h#zNzaRd8(PHW~H}r9zif;Vh_c+Y%?Llmh
z6QV4pPfBnV3j)6UiPYQOcG=bYM_{%7&rR6E$n1c?+|YH4qgS0&gR1u9B>pw+j~I@O
zTV&_fO8EwkE=6kRft~0hZoO=gj8A07c6pN<Ec?-i7~u^2C|}1sTW)_hpBu9f3|q_)
zu8;lohjzpM@pq+-lc9_|GwI=|ELhm(TlieMz(k1ZQ#$`GeRSdEgxU35oQI931!{zl
z_F$*p7DuuO=Ml?3!MC7aXpr)iklhboLGdHboN7^I>Sf%{Vf8D*u660T8cex@fV_>e
z0?^qSNaa4>zFG^alrfEu4ILqbD4{$WY-xKv6kjtI`o^fVPY-+tx9UyQ>Qt#5Wa06;
z{QPLv<Mh287kmaYZWgpyk*jM1T0Vm20N-2IrF<?>v)h?iSuvg-u!y(M-tmIGmL;Yb
z>dPKw$KdT*gv~$q|AJBo<`{hpNA(Jf{+M0n#Tu&)&d%w|`L}myJIiBNDS3fqU^n@q
zxJJ7*0@D?WzjlrbwzcM-#V^0E-qS3PEHb5GCeW5*v}p2{ayL*Ww1Xb+t)q6<t5Xw4
z7DUPqHn8Pxf7uE|C<P=RACl0HI<%-tHwl}-1caz|M|d}dB3P<(a>~9Br+blWSl-AA
z6xV-t%M|&YAVC+wVV64W%_c*lOg{B>K_xdJ2~^tePdcE6BxyvStz^n=bn+PcD)l_z
z%Tv@@ywTmI!B`z$01dmmQp^22aR+=jLl#LxbC39N>4^-SMT&2Z{~nEtg#<C-^F~M>
zhs_y^GvSP>-i@rVGTFN<5qJl%qBa;*UlI~pI1N@Rk?gSveSF4sSU=uGqh&W1j<<Wx
z_J)OgfLuHZ$yzo<Mg-Rif@*yX_=H3xC^iQsGIOxTa1Sx_Yg^aYv%%X^4!JXyTlcz}
z3m5a&FrtuZ-gGQ_S!AEA+H_Xg;_C}S!$@fmp9n{OiE~FBrnA0D%MhY>vZH<h!$A`J
z$s}g+MZ1A}I;m3ZQA*4JD*6Qamg8}r;M&%22-1aG`KbaGwm3^7?RS9cR?O0h*LxZE
zhiUlq#YF-p%9?d+$)La~8=l^sn_hxQ3StaOocsPG*IpZxz5=eT$NRVF1D_J8*YP4F
z-qZzRQt!=|=KY%$fy@KFf*18=i^x4-`#d~^`wzx9LXkA!3y;$MdQYyP3^#VLXj13~
zlqP(gIr+!5fseoXy-or{%)(}J=NJt%fu?NCLM+af5wa-u(<L1%esI&ReT&<v3j@8*
z!#S`&WRXu$P)vwerc+Dui_p+-?Y_G4D*0_MKh<;v1j4e#)US9=X4tB5ckp`(SAtIl
zY=o$E@TK&vGuqW{PEJw5AHyYDtK{Dgy!h*&xi=RKihT>@0%83<3zYX|4%&$p*I2TS
z7~7H7xLO;ao?BKwj7P221=s$pM3i!FAqX(w&YyJ?WO39}C`EG!>2>%{laRaHz&+b6
ztxoh;)T*%y&y3wz$<q|EP}8Oj*Nq*^wU2nrT!@%5Q=SU%uHQ1I8-<Sf=ABUqIoi_+
zjN1whA{8kzG_xhHENI8G$}sC)=;HLW1>^b!sB;uxz{d4FLZxXH=F9}s{xQ~q2`xr7
z!Hh2Ey1;yw38SL>-)EgKjEAHnCYAN-AZ&K)z(F8nF7g_T12~DR%@&rV$&{(m3KhhZ
zV3(r6a_`MyGVyRoK%a?>^dlE2AwUm6tugMDpxX}xc?N6iTcsb0Wo8d0J~VBd_n7jl
z?%5RHl?^yXcX#_nkvAu7<xUM@V*x+8nsg!ZqjIH|7>!U6#!@6lQe{%+GHI&B(whp?
z{Jw0f^YM(o-ob(6VjgWG>sx@i8sIZHqu|ug%2|xjp8U0SGZ*7u@_wi_ZS-qUoEWdX
z<!8K@;TaCzRX0r{v$qSF53BIw`|4RUPNaZeYK+N_dgJismbfThQb;rjlXtl#lJ<89
z@KIa}zy^;^Dg1Qz6}+V^bXz;{=KSQw&dmcV&^&O|58=8OzuDhEqyYzI;^^k>`t7`X
z6JqSXS<(=z*D`0|-H+6<X+Q_(zBIYfNBptJGrxc0UbG+QN`>xg0vzgXyCML53Ptd+
zvba-EoZ26<z<L(C#%&RH3;94rwRgpa!f@_y$?qML^x26WcT7A`4tx$gA!#`mR_ACF
zifY?nG@}lY9YBtxaw|t>f+oz~?NT0nU|Ew-I>u+my%Ts_{?iW7pz#~H2CDg3nV5zr
z4xRmERM#Sivqk-w<Cg#eze8~G_6#-!z8Z7D>^SWCru5_X>eIn;1-05A0Q{BVV+Otl
zg=t9h2U24eup*ZWCJ=o=1si2fOp0am4^E1{gmxODD52k9p0<;3I!Z%vg>PCd<D1jr
zQgcxTkkwAECIePXIc(qG6N!H<ISl;AT1Xt&?Tby~<&(B!%Q@B^FgvdNc(SFNjAR=0
z!WVz!8dXgm?ng&@OWcraKBePEr(#nzf^`vABj`w64^S)7tO^?_`A9i*;@AM4OO}qx
zn=&xG01QX(-(idGKJ4vljXn{mCQ3(wvDR<<>KUTp|CK?L5as(Oam5X|e@eBgO6ntD
z%!mzgdCj4Sdv+@E*=Q8~iLmfY8}hMFz?jw{HU)N4Msf1-lLi0s<c1CCDOq1-MSqas
z_)8`y?&GDvkdU?=YY$EKWGM+2cwzV^!WWQY;IWN&NhQh_V<AOg%F!fF(rzUbPMtJQ
z*`!XBD$W&D8qmn^oJgk+JsiTntiwDN@E<=S0}IHG6&YPcC0jJ<O<bsON6YVv6y6`D
zlcP7hA8?L>sT`8^Ejp`hJhp`U#4HipBQYJwWR7>?jTuLedDEUKd%#YqL()`n@f!@U
zhJ-sRoig?*1tm^U=@<bFOdNW^yoi_sskgT4F?u8_4sP<Cn0{)<jKkzx$Vf>gv&@Y^
zBsKfqO_VUSh33d+{><#rFvIvjOI4`wP=zkw28`((a{6E|LdxWLa>bXJItm*{*Kz6*
zYKQ6#sFnZ88lMx_D=U!LEqrp6NaJPSl3}e{v${to;hr<oU`+$lFb-eBI}%74p~D#r
zACv${i-9+_g!u$ecIrIr-FBqJMB?fhuHY166o@wvij5W08{Z>*RR2ijG+Hk+Vw7?a
zk-Tl)wGVaf#<pn+FfsQX(HOXzKpf%|N5{+uza5(ga~>6+JrPc6IMwM;?4WQynD(T6
zrapA(10JL)>@&U-LEwOw*&8f?KZABZPk$%qGQn+-xk}lllyzt2sqo?hqc=(Itm8a8
z#A`L6tD!db*U=y(^Rw*>A8R8_OCc9LzPDQ-<cF)VDu@}lLcZ>e6fhKz4ji}lxLU(z
zdc=h@Yf;yILSNw=buQ2aLj9A^5#OU!G1iO_zT9x_u-P?``{xh@StEx@;A1`2xpqY_
z-<W<&grWq49zOGM43lQM`KK{|s;yrK)<1mSw;kz+dJ@_5aW+j`Tnk2@WCt(ioyARD
zqfmkimTjvilDm`e^yFQ~3Eq4=n?$1vA7{G9=99!C?Wi&Ju?<Gy&iGe54A_<@qlg;@
ze2eS9Oj@avF(>fa&mlyPW6EklE-i`&#h&;JsIk~9<MVpk^n)a-KmOdd%%a7)4|{qU
z0fz_QFQ%-X&lKY&7_uypk<s_q^B9*pGtI=0*SRzsFFeTVYXf{n&ivA}gaStSllcv6
z?Phq(L@4oyd9Lfr0CkkG#aF-eU-rQU$R;VVFQ4Owk~XS5vl)X9eV}+Zxk2y2x-4~c
zX(P*6f(E1^3pt~U>r}mK-lFMe3jH^n!tn*ayw4Mzf76D;hDVPjcn(y^rSbWOoNcqk
zstoKl)hrTsxQTD(+Z0=)ha-j)hC>cRYyVcw7>=g=tuqL?q_3n-=Fg6g&{0FLK#h!E
zE<eusewh6iY$0S7u!t@h2rW76XoBKarqq_XbU*TyoW2qHJqWd_o;ZK8J#SH3)NU+l
zG$v>{3GTMUel(mB!SI%BLRVV89f6k|E%p8kGEjRfOxeD2&L-4;4qwvI^$^OQ{!w<B
zpHMWOMBIZ?=OEv0Q*eZ_dz<2}{QMWqukiuf^pe!<gET?P$8K{jvf%&NbN@9}KHXW9
zeiyEU4X{=N2do%Q9d0m#(pG)W-x~<KO)vZt#x8-$l6YA>DK&&jWv_QSv4s~yT@V^k
z?A41_zbV_Fg9*`$3FO1zm;2oS9bR%Ilz#~-*DzUxLrs^n|IO!pdIjJ|0}CE<UQ6DP
z^!4@6#Xt_wxwb2?Nv8CFYUT^4B~|H?djlRnzP<PEd`&(9LvQmvbjaJFbi2RYIOrp8
zI@`vHzSB6;2QMyC*q#2H#-m+!)vlPII=>gSk^JZV&yO%?2xEH^V3R};XMKU9JIV;m
z*crZ;=+9V9INcHWPLVx?*=d2<N3*UT*Dj6KNBW(ScIlt>$xZ^9-J%Cr-`DQI&bD7u
zk)J}a*tAe83$tgVR*o25TQ?z>I$*sNkbT24yvv=-!0QNlr{bH%!OlLQES6n&lr1;r
zwpyzR0#>r}Sx%*Cf1P9N4ueZL0lD7q1KpV~dFSjWA7h6`m6pcY=H3tPU=4niIW3WM
z|Da4iYi#M6=01XMnzw8*;V(zBkgMeH!<FV-eYyfjC^>hBkzepxCTjAP5)T?KYm{?W
zR9Zf3rxE=9x?FFQ5N6?DSkvOL`-XAoT(_I0Xus#xv2Y+r)5a1d714j`)9NdeBKYg=
zWbzHrw%swpCb0bSObKFGelY>^W5z6}+}T79WM?lq$3e_*9wM95yhX?Y+U0zCT@_dP
z$P`oTAkA|7uJQbqs(;Rt?tIt;+Z-UQ%fvMOy}|xglJzd$l)A7|9%cRCTD!Fbs|Ipd
z(r$V?iifWUqIoi|*oLA-mkuLO=?LDa5;)SH(H`wCVKG{-jZUWpGo{)fPv+3w+sDmG
z1V`SqfAEs40S!hGt9BumbHRG8Az%5?62OG`nP~VGXsz;wNGqkQf&Hg}(8|IdaQNz;
z1RtRqe~J7&aoadTJ}mi-0QFUBGj{QiSb;yvL7Vz1DOtWsB}EQm&t5|Bd0j6Ka=wuR
z#ZFwGWfL^67OFwjCvvnITa0z@X~M%l{S))lh{aS`G<1A#;Ja9JI&yE0L%zlY)!{uA
z@lBtthnZ|q`|g9XH=3s*&u?FGqyBKFfRdCbimb?jdHVuYhcfU+r#q=u11woU;0}?>
zJT{fchZ}?sGp$0lR-~2Hwes&T+j%khOOA91ttMnD79}&Ur@vl#WUy*{wRF|{)F`O<
zC)kFj6YC+H?svb_!<td^Y?Le?YUX?h%<4&_4wmxXQZtYIBkshl6+D$qrT?D68vyDF
zs?9#xOrTSBNMXE3n_FJ=ZixRr6rpzHM3eaXMGn=q!AMe)iCIIBp=ivy@%Zqz?a<lY
zxegUt%#|g=d&(nhR)^VrQi15D1S3Me;AGX@XX}=)W8++TT&jYO_du$)C}`-~mXfNa
z|DIp-*eN0)qNT{Yi?}Z5R^!+8;un%kYc1wR$xo=XgsoXU1UJ;W<qdvr2wZd00>6Lv
zBjG^E5=xME5g0685Pc+vtx&8liNT6dRWiV_Jyfjj&zdMi6XeP&H!{hE+Fuu<YY%T_
zt;T*o^O%(<%#Pzl-!RAP1i=m<54a-K1(I~#v<X=<rb#oM7UT@C{escJmRo@^WK_|0
zxHGH$>|m<fcTe9$`mE-KQR)661B{?HTD^*y7f`z#E2~bhJ1A9=B+d6jqDW2kk+QuJ
z#i-<6k>1Ij_Nym0rn`rFKlBl2>-m83wk5hb5JNy52*C{)A^n}Z8dU%?Ka52`to$<N
zK;G|d8?kQP_xRe~E7Mzwoy7-7`3LbPi33CElBL<B*_11r+ID5It{*KzH29?|?ZQ(S
z9>xl4rmT{;5ytlebC2-}t@Td4vIUELjK5#sY$r!gM2*-)Y`eG~Gbh|2>$Pm@2ku=$
z5HCvM=^BXk8`Mt$hp9=C>WELaQ$(?@0Q{w!A-+b4Q>AGC)&d3}-^$SX2>&)b-n=uG
ze;RsCvw!bv>$@+I8dL6Hn>Vf~4jA_rr$aflFIE_j&ZKpo*lqo+r(G|wZDIhrX33UY
zfPT$=X{n}^gh-*9E?gPhlR40|qNokU`%Niq&2Hq&4*M#AJp<MA71Vv1;lsC|m4O6j
zM=$942=!?yEk%Iso@?G}-iY2FYeaFr`(Sc(4VLv6aDrm;X<xLKVk7v9ZA0HFoswm5
z9nQ(iJn}hfL)E;j)3d&Pv>tP>81rPTF9-Oi<YcDzd-xKGqXkG5uS7{=6!<rrH-|9I
z>Ll)OcYsMF;eJNTv-y)W&zJD)`i2B>2rB^4F?hFXTpEJ^8_{g63U&|##}Y*~TEqfv
zP`XG9cqI3nkkxUWx8vGeItntvcJKjtKJH*V97P=P@rwis6229hzDgcl!P%sxNK{a&
z5BE4151oC4*nUAB^UAqyi{tf)nEH8&7;0X=Z_|e@l^V!>%DE#I5K0aWs&#lf#R{*K
zoWFt{8o#~Dn1`IHRjh`AEQ>;Tsb{^jD6SJITB&j6Xc3i^Fh7^DKNQcd8x|PH_h8C%
z4VRW?EHz2M7bCv?U}o68F5TyH)HR!{xFs6bKoB2lOVJX*l3>6OTeOzp*&pf}k@#t4
z;_e)7Z4k_5r0+1W6+=p+exqLpc=v=9(t-mxjC1sSX8(2CXWwYz0YOZ)`tm}JA!dxc
zY0<g%_89P*bM9UV%>#Qpd|v4J#9+-9LS_|Qt0NKzhgP8eB@{#=#blA2XMm#lqbIL#
zxI;s>ZwI6Is|%;RBgJM@#giS>GJk;Zj-Dw(J}>u}wfL%N)%fvRj;vuX=Dns1HxA0C
zV;aTRlh|ox%q|s7f$VqdE`rWSG@O746`By+Hkj`Izlg)A*~?+BYR8G_(>9A+6jS`X
zI+$oaCb_fxg8YLcy(BvC{|X$2ZWFmJ{;}sDIP2wk-lD-<gfHorg=vXd^nt+pe0e4X
z8fUY$Wi<qjp~pM|$eKsCZu_lxdJ9GO(u=>drf~dH&`jLcDv1NKM%Xq%+Yt;Y-h@FW
zOI3Af?tsfDHKvhs6e_G5ibJ<P`M@&4xqkb5O8n@)qZ>{Ed8*-I*3G=x`wyFRguF!K
zzURS<cHz`1QU%j0mOX1(kjEW{>Y(Y`2*h_WsFqy2LShv9VtG2j{bn*#I5Z|l>tv6O
za@aoj^^AC)QfsD!ElP}Ev^+b}0f+HUu7eC4B;xGb(tO8~9BJZA*nvt85;dZIdyPoU
zy*eyJVKD+ezMjM8UP5k*VE6t$e%`ic*%Gd)9J2m_#h}0suhxXj!R0kT-bHKtSw}BF
zM7sQ1)oxcG1gWD^HntzA6w4mLu8g;IcoO(?5x7ItzvQR^W}AoXo4ZmUT9_xq{sx;L
zTX5=orNG#8pH@7gz`q<%ytc@zA+Y5r_nPuj_KUeb^4YJ8VuDQgOR2;*@e2*lZz6PJ
zZFq4~CaopjuNU~I<qC&vIgV~Zh<B_=iY$m3N86W<)H;KFS%SYO1aWVy9x3}O(K9u5
zFkK(k`fTy&Y993~w1!>Qz5^{I#WS2}A=IlL2Q4cIo_#L0#KDj@hTF728n)mR59KM*
ztAhS8)t{kOU<9pSCCY=;O$&BBIcALC@_;99(lNT^kFIcKwyzV{cX-jUG~oqEdalRw
zcQ7GFANEGuTxIx;rK;2p&RZ_iu^nnEq=r{GM;tr*Y&j(oOe(clu`qAhPgR`|MT(U9
zg9F*9cadR@D|n%HeTgtXy^kN-fsARAA=BfbFjQ$H`NHYtx552eFn(~A&PRS#Q)BZ0
zD7Bh2UbO<GdE&GGYzG@W4#bIDc;eW&9RO5Wy_+3CegTrkc_$y-s+L2YOnyy3JFcvH
ze6yv4R@+ri?>CM`G=yyYAa`9x#gN6XO+H^i1FnBwe_S&-RTnP3-e$M)#OdM9<F8J-
z|6uymH1W~6(nPFa){3O?&H3JmCqU?%`vTE0Ka=b8tZLfyVeB<fm!=l%p%2)Z#?e8!
zwMjZXJ6}+!m+ZGU#w&ODbi$AplVW^)?)lftUUkCz>x&f!Bkh^miJOczia;bGvKsC$
zliK;xnbr%y=%T{cqlqu_XJf9lq@#YVbXVGvA>Nlw5$Dm~-zWb}A2uhV4j>M89<Ep8
zkld~wbF{846Dp>CUDr>gGAlzJoI7#v?4xK1!UF4-fTW6)1i3x4+<<#ZUJ=(S-kZTY
z2|@VDl*l(IA=BFaG;j1%pWelh`Q@bW8BD>h8?YUrWR}kOBYUQn<N6(2C%>9E|JFG9
zl-8(U1q>5+huiaxac_?>%M&9P%s(&72a>SO`>cQkf(){|ycATj4j!2es;p2?hejh>
z1mEpp02?7E<xCju2xl&^S-u_~$svFm=#a4WvGw16I6og6gn%yJmB|YH`lEx)F7twE
zUb#O^ydDG)tPbCcUxo6T>s|iQH$^b^E`Rr%5H|fIMBi`1qkYz>ffD%xGJPwK$Y0LN
zYQMhWoQDj)89i37jh;Z9pBwj{*gRJQ8#eOMtlP(+X9Ut$08Gn7Da%0R|KdhO6VBgp
zqV>E4JwGO>?6o%jm-AnFd2s2cQVjcB^n24M$NwF8{=uSthr)fGk}AOjxW7K;k>J_M
z&WUetv<vcf<Aa{#oqds_gba+TJm}<{mojTMQa@1YCfDf*|N07NoLOxd@c_0My^8!u
z$#2BuZ(W!OB=%#2&R?*P4X|tDc;!WaV<97XS<6{DDM_bT1g_X{Rtt5?(0)o!U-8Bd
zCs~{XF^t<m6!l@q&Sj|EWkSTa$ed-k0xxVyKT)rWs3b&4qUXZ}4mhT41wuCtqzgd(
zcte())|9^#@>j{3KF~?f9!bO3Mq%K3bwImKiqwD&t7^J$F-OSz$;|P+@JAN7P2MO?
zzGO$PWT|>cHu2(3-y=Z#`}`-DN!S|mzF0*PSWREib-Sw5P-OpLr?Y4=sXvAb#BpLD
z;U3fkS<nOvtP12PdyT_!W|im&h1;Lw=wI@exWxx>|4>`~`+i;)8Bfk-hUA7lThY<Y
zCCWK3TB|PJz9HDVBu0TVL`u#1;d0Fp&;-O;Hpr--mf*+{XUmZkzzP&i+<9#2zNMc{
zy8a$3&FG+c6Y=gZ(iH8xCtnWrmqYiG78wyc>}5a#efjCcSAii<ig`Y3M5MkN#9>Gi
z&rC{*0b_y`RVc6l2uc&%1CGysU5NOI8MsJ3=-AftNi?ld44crvn1wwnmXTbI&3<t5
z0fdKkHb7e={=M72Z;`V3%apY_dseP;XO_Ho!I9mRTZ33s+Y;G0J6YWF`6owKTI>tY
z7lt1szw@id`IT<Xh&tB=M7QS&;8tp+)q-nM6sd6KO&{Y@d?BnEs4Ivw5h*7dK%>D8
z8ib@<GlVkdWKN$D_s)1BzpvE`Mb$>LU5oq&Hn>;kFJ_sXhQn#ri-NL1n`;u*zjS^p
zn=sBP&{Th%HD{4pNaS1OpjoM=JR-ugwd;qDJ~SYR4!J10Tuv_+oHM;Z;7rswcaQOp
zOeppW&EhRy2vo9X>2KbK<#Cbi9F9{;Oz^FdeYk-HM1TlX<Pe0h1R^Dn25h0$4creA
z5w-HP2nlFgo&cU5ekGP9A@`j4zKDhbyWhT8LMBWZAM@RX6JB<xmnLrcW^<^u+4^i7
zR4J+0vq^hK{Jm{~hZ9v(q@-KBn;NvnLbE?NYYDfmowJlqhv}IatdjWF_y_M6pmK{x
zUJIY8V>;A=6_`5~4h9Q{ZtK2}J<(9<|3x$RX-A_4r2-T}oN6HNsY{CAvA!OhBfm^3
z>$)=T`MA$2Za{pQi}LD7NG5mYV;{H<h5q%jQ3bK5b_DG?9LDUX$phc<@#-(XA}YDJ
zI97A@nB6)V8AN)rPGujP@ccGi7ya}0_6F(R>3(}gU`s<0-(i~|CDSp44ecQNy{44v
z`4G56No#Og%mv6=)u?WRA`0!_$q4E*1zECKhl2J(M~*|MzYc7z8iwZ2*Pw`zMHWuj
zGm(XZzDi7Cg*rjtKhXO){$5LA7Iq!tnYb2d#_*`?zQ_L1Uc*=;QplytjbI+zE`3-Q
zb18*N7eeZ=(KUEBjnq8}#q0MG#r2a!QUH**vRqhG1uOA!uzz0t!yBo~(bfJQ*dZyV
z6}oX|;uDM7h>V)y%_p?pA2p4TIUD0z9XsF|UOL@R!71J9-Vb)!3iMlD6$v?0h<IT=
z&SZXKnEiAU;m2pF1#e)5+np%3W8RpLA&=e2cc`CV#ywc!AWj_+gSc7W*xAeN4I*>n
ziDJ1O1B~ZwoKcKz3VjxKm!}P1H7%X-cshmEyn|{BGy4&k|1$X;%^D<?{hEFqepmRg
z<sP0}AUXpkqm+8vj6cvsn{!=)Etr+@ArDdY2-RVT-2uJZC6{AlMeFgS{HOSYXp|O*
z541c0`@Wy37&ASaZ$qFsud&bEKTd_SEI$w?jQXdQE7m>MU#uPgS-%<2j8hxtXIdmo
zg(U$YdO`tlZfsx@#n28~9`9?t%nuCd|F5dI3~F=#zIcnfQ{3I%-MzRKC~n2w-6`(w
zP^@^-;4a0A6WrZB$jv$DH}`+<e(}7>WG0h|JbQoFUZ0h0&b!sxR|*`N1_GVt=ylI|
z7{c=--f{P5z`<@?kv-jmtfC?VE7#;qB&6|Eu``#Q5p&<e!>1@Pero(m-!63ZzCFRs
zJyqGhTJ`QG5%h)b*(P&=Rt+}BYgdQB5J)TdxIuQ@Alf=JD6e9a3NfTo$Hzk%@p`zO
zhW2IGLSoI2+Il+rL=s6%AMcy^>5t7!pE9jI#qt{U*3DCHY$IZ9tzPV^UPTLNT&}y^
zmLLJq4waDjo@b-mul7^!B!LCUoo_QBx~8BNe&<*HG0M|6=y2H#=r6)5(c*tZ>=xEX
z_iD%r5rU<CTFIbdL3tG`1Amss!UbNLhLUeI%;|#`g@_usB7zOM65|_h7Yt9jO&=4=
zg#cw!ePR(`7h1~e9rgykpCXL|Nn#INJC}W=XX+xw9ZkfF4~34kK8KL)D|<SqdphG%
zj!QO1`H@GL_>Vt5in8f)a<H+}eeyCU-{J<JNy%KlJgcONL;6kdhZ6KKBz`Q&*~rV3
zawrgypM+$&_`V(>8>*zn+dvAsJ2?iD;&{S?8?_bVu-}v+E+vRPb5U4t5CPurNWjaW
zi@i_NfiL*^Vwed7kp6Oc4sfWgC`pM}`;Pd%HR(~*yU5V@a{ITLesk464s4ePCSV%J
z_d%PIaD-4=eWsdZ8^xhK!)o!bUrgF{7557@rT>zGZz0mT!G1*sGK1R^LVE+z(l#c*
zZT9TM$;j=(U;44Axeml+m?-3#EM{D1J5HC(hI8fkUirYP0eb)2%8g(LBLLJR)xS6B
zI3G7XN-{bfM(alaUQ0*C{)EDlPmNGN1R9DBw4`@fQ?lK=a2S{ms2`Z!%bYb?k~obX
zR;pUJkVG}ZxQ7HyC%-rDE)X<=;rz|O&}_z$A_bWePZ8a?(NQzgg+EfRR|P#gLKM#g
z)HFJXHG1HJNCyM2_oE#fGdB0HX6Cb9bj)*D9ahDn4IS>BoQ3*m_3eNVZGtA#4}uZ3
zVOxo<Oj_Lu*IXB(a=Jb}zO8UpJjsSkO1d8vHfR*{aXx8<lrfNX=N`UV(G_k&Vc2O#
zHibS2sy6Eo>26hT4tci*;<by~_pqCDaXw502SocWxsg(-J^B(oypjNI@!T!;!Obb$
zDm-xLw$g#_6fRK)ALa_=k8mN1+zFS4sKiteFf+GwUQwWYJeK-NXE8?@HhHAqKR%MG
z#$Geo8Wq->%Z4i-UsF+9>v=~%>QR~};tc4-H`pdBmH(zlvop#ehZy!2RX$#!lf(7S
zpK5ENL~90%5qpQ9recM(_G{S5TPTX^FEpw>)zi23Ma_g8EfbJsC`a!8y^9UKRBq$1
z3moi;lZL&e(&x6A!p%4?_i0C0Nl$Pl;OXwmLAI;Dx(_bm2)@*)dempcc@s~vFukUD
zJB}Ytx_6DiLhjn*^JxSLl*?@@>Jxkg@#G3tf!EBU68oL^KzC?<*?aAeoSBi$l8GTX
z;S&`qPCQl?r)HueRVF$R|F>@@(m7g;+G=&J>_!Hr+*u~0L2Zd&diQVW3Rdj3&`~0f
zQf%i3_>zAE-b^AnnBPMKTGY$XP>Tdp$K|205q|?42g3sZ%0aqR@TrKRjZ8a5|JW!-
z3qIiQ^93+w{GSjgf2=@r3OoU*LdZwP@`BTTrI81zQv1rO-^d2&EY6MUWsgWf>JB+o
z@!ZsXBE_g(Fs)pKW`54H({1bS*t4a_4lG*K9201!{(SlEJ0<~jyE`-0NR^<mn;YaZ
z3k!lv+1Y|DQ`$U?!3}|8{H7bj?ttraPL6Z3bBf1k2Mv8F^|=8vu1#zm{oPGY&cyg-
z)pbU*(&OTDMR$YB=~A^j2)jnHyawd|K}6z7@1NnUTY0aQvk6EIxF)Ek?%Oc)rU^(`
zM4+({@BULAi#rne%A9<swK!18Zx&c*UX(N1l8UqYiXi{Y8{NA!=NFpw%T>R2Uu@B*
zmc<-p%@-ei#X!|^ux*OI;N&H>Ml^KZlJcQUHgVDZu|eLH)s?}8zubO>%fDIASc$eR
zNn;jYq2Vt|((VXDodl#<Myu=17cBcT^>Gp5^r0p+C7o13djGbI^SI=RA-8kRaH%Ep
zyzE~o8iS&yO+yFMX+0SF)4P>(>K*E5t&rlab>XRK>2u$ac-*8#U6yt?T#*9l{_Wat
zA#!EFBt_=G>yzyN4hez(<b^{#YkayegR1(!)UfaG^#q}?Tkm4;xq?m{75}#jW;E^z
zk=6OZ+!6Sz{-4R_|EI3}zr#jH&$7`!>t1&f;Oh&=KfbaXuqWO2&(Bk)v!$ivbN^WJ
zzzPouL&I8dLppQnF=Ops-`SO}iF4En%>09sc?EiR8sGd{w0T;he`&&zUqcM}{GPuk
zno_$`U`if&?N+-{m*W)*CfuD{5{F((og?O;!s)8^9_-Q&cVU2hC(Y9F9+q1t+jVe{
zJXdWzYtLGUZ<cLW<i}6H)mh?Q5#U~WJgpnEA2xfv1@u%8+rQDX6~xY-qBwc`R{WOr
zV&89j@Q(8Yv^cO4#%U=;sm!4q%puf)tza>#FANG?2ZxOVst09D$7TYV8y9k&gVt<P
zfn48OD}fpSr^sClnGz9!N%C5U&v)$nV6leIjKQ_Tfz)@{Sw|3^zb>Jo@&kJ;)5y@U
ziodhHl)bZ!JN>Wtjax5&%Co_rnR6bk=D10rv7V*WB~<s8m6LA8uMPNw_yY(Qy2C2S
z)ro%%NUp5@+z*+``!;UCbk}k@m#sn>n2-yatpwmBEpScUhxz=qYhg=wqkmQPP;>N1
zL-Kzk@uOKcFcTmso+IwgiE&J0(Ls8ltc1Mf`->(_HEGRRwi>N;>>^U~jaZdu>CJHJ
z@UBu)i6+NJz*e6bprWNvs;mPRmd9A$YRwrkm5-3DK||@R2Rpbg<1Nu5iV@J{4cj}B
zgJ{z~HO5n(+}jTZ;#&WiJw*w7*A4nFTl&tgtBF))cIi<!NysxQ$g<%3yk3#+XgL2^
za#CbLqP!8U%V5xi!o0Y0o>^jL1qyqdT@d%XnMO=rh_xHalBY<~81<jD9^O~0w`vW~
z9yc(ECo7w)R%@cG(5Nz)8w;&RF6>M5d=3X%idPxP%<P0spGcM&N-$v$Uh^beOR-UW
zvRUGXrNL6NB%D%4HFon-n>tKXqM5C**secTy_nQwNFaxZIDW<MD<mx{#F`SrJJ!UB
zHYX5?`3&;4qHBq?sa1I9`g_duqn*kQ2Tt9OSaB$6tkk)&2?@Yjb+Gk#BeQN`L`HHa
z?&%=jt}RK^cl+#1?;?;RRYu0Yo_y8b51*aKx9T13ANtv&n%JWR6}1%?HWbCO<^0H;
zl%y4^JQ9b>ReIjmLQ0~+6ZUxer&<rn`nHHfL+W@}#@Hc$B>hwa+#yYu0__cR;;2l!
zt{8cSH1{`|`Onf6#Ig;#5;S=-%fu1ePtddxoZx`6UQ5oZOP?;5h+Ar?B#wtT96V;8
zFte{x{Mt!g$;yS2{w(DBHPySW$<=IWU`1b6BuA!e7GU3}Ljl<&K^9@!9Ey3*$;git
znjBLfQ@x-{&EgTB5+$8tt!||aZBO16-eE1?i>tXn7~;VDM*!)yDnto0T;WzNq>UcR
zsx^;iZ!KtX4+z84NZ6tIhfWwpaS9;2gGLhOP@9<0;dG%=si}TUx4&c-&aFp=o<pvv
zPjm~|Y8=`aGncPAU-qwPCb*I-OOwNvUiFLIM}{p|TrufVPVl3T30jIt(GbqvN%>+0
z|5FiK@;6H5Cp(81?iZ)ZLUraeV<ADwmRF}TCh)OG&?`8%V;54{1I<Y)((!tAOQ=X~
zMRX*q4;r|_Ie63ts9`V&jv5ajNoYg=qgCJ2g9N6K{62)Pi&sX7|HJomj1qUu&!jA9
zDB>H>Tc<orD1;h!?wM1MM~(Ehc|DL&XEKww1t`cTCs3)78g9^pZMnrF_|VAB%4O>o
z9(?YDI7@z7JRF+E$SawRmI9v}jiQl`7<(RmMnwqfgy#2oLwJ9gQ;GV_I7<6%R1*NL
zjPI4J-RW}=3Blmdt{psaInvbg_L;T7^;fLSSpnYmqwI17Mcf+W>&;6ufos7;^jx0N
z)uWXiE3mQE7cpl*fec3y47AV10On3To4N<a*UeVo8hZkqyu82y!+DPx=$u7a<r^D;
zvhiAA_~EAT$XEkR$NIO|@{e=T?ZDS3#6Hze@*p0!{7;Z$$N{exmu$!J+rN*lJSIMM
z^(iIR$6S8g3z{>W12<n>D>v<({-9!%VyyYUQFc>~iY#vq(?i_SAF5w41t3v*mzW0d
zK6q~QJ6ZPvdtReRjb5X6o3LJAZ>)p@y+bs{4;$Xm1=dO8(L9Y?ox9<e$0tcFLowIF
zY3!ja9wt%WFF#IucAj&1>oxNKL};9Gp!0L^<C#O#<$U}o2=I#E-Sr>0+4DrXB~{kR
z7=3<?!T?7T)5C`OoV~ex;th@4H!XCt^YtW^0Z{d$f)}~ITE&VrhgOV)NWz+Kf}=Z^
zH#l~T9SOnU&JQ>!)ytA!gEPhc9xu6WCoJarDL|DT;bg#13|KAlf+W}MA>(W2O^43D
z-+95*>5{<^{z=`&Gk^MME}Qr@ZQb2YK0loyyd2!~-Q7?Rc4EvQx8ANmL+v9&BL7m%
z!i&e(JVkMUw)Rb-7d22uI9uoQX^-&}L2xV%x;BTOc!ofox`TE$e5seroSJfWGZq5?
zb$YJR|FMniO~W|dSQi6rI6^#oC7sf1u+>x!(SHNB6WD#ev~S(|Zrwb?i=0%|yX9a2
z2Be`*kOmH~$;2cHqGgWRgzAr#;9-PfDM~GK!Z9rIcDKvL_m&EWY{K=ZCwTzyz3}~h
zBzVlwg)7JqDp2btq!5tmJwT{HHpIGFL{Z8@RiPhJLXa^75Urv=OajBSL&ai8yy4IK
zJC&DrgBDCe^GC3Ah_yZ!avN4wFk+$Xp538aHqm9m$+zDgxRYl`kz-yD7`qp#+ne&7
zP#ke!z51X>k8B?<NB9$c1fe-Yir4+l5wqYTDdEJs%7x^}`k~+kP8uy)s_j2_<0Npc
zxJ{1c`Vo$roJ3}DXjM-@3?0XwYAtjFU5qkiKYFRr^BGxo>mhvW{$(YweEf%Fnn0D`
zrA3%E*UHRUf@9$6bQu_7F2NG%Q}!um{Zoo4a$s+`7*`12q1|=dT5t+8=-vjuOada!
z4PwKU7IK@cSRp{EUUj;77MlVAR<{xyoE||0a^wMOnLJH+!&$Z_xR9!*i4pM-a)eVP
zlao%zkSEIZZlf`*xN$lq0$i`X@JvV;$149JS!~kv9yd~E#`ak>?z*WYXtsn+R3nZ1
zhKQFClbo2upBsI#lJkWc_ZV6>?3so@vJk<XQqBLKAVq5XZ$IC3oY=8%ZWMwyO&S^J
z2cJyMo2E{{Q!TB9?-gtOl2AhUO9n*>VNqh1&u6}Cp)^iapri_jywF%8qCQL1kyoTg
z!FhhCHgS*?6~0w$G^t}lhc)V58Tn54@wexx(_ucF8g|7bgpZUW)jMM%PQ4`ZxIz+S
zXXzAxiu<M~KpZMtRXcc_8BfZ>HuG=mwiyiY=4}HvZu<s{c~{&piV90|2Zu5>{YQnN
zp7JG*wTnv!&R7C7edfUvLy&J9s=^$p1c8k|E!oaY*?feO%7V1UG`q6nXB|A*h>&N0
z-Y~JSXf1lOa}5|0zHRGj5hZfN-adC=YxnSq)d96^F|nP0`E(B3c#CgwQzT}pCA}Oy
zfKIM|t}O<%`kkjAq(F?9VG4AKh%ckpyeA^^NYpL)TFuM&t<#F7Zj#g!bMWSQKyfyw
zhm3dVPM7oDJ^OXAgt`MzcUa=!{C^`*S$s1qxSic~l*e)Vs!!g0D-iqVpmk|=Ch-uN
zR<YSo#p3GF@o|OZt1Nq>taI+fid_iJVL%H0$286NT_0v_(8_n`3s`F>L-V{%JC30f
zLT^J#TY!`Yeg6-0<}c;a_(h%32FjL-2I@;--{DVn?(h!%v7bp38A}O3M;81}?Adhg
zJfXmu5~V2DqBFTlCX>qf8T-e1y-A-?2$X$GH^9N|>EF+xgNVaT>^~}niu<U3wk{y1
zyMATml8J#>x-qTc22T^3<ZNv}IXf4$v`{QKiUU0HGldrc`n+xjk|zhPzK`~j8NbWd
zl`nO84)v+7DLKCam+k6Eap#PbBkoYnFV6K2ZMD`b=Jvgq=m&nAEZvpunxIkBf5?jZ
zI5();PE&hj&pIL>n+;~D&`Peh6;-wTJ^t-1FX`vstiFIdh&pwksFii7?$-*bfM)e^
z5z68Hq3`ygYXTN0Py@#(HNoxw5s;Go=JH`yNX_Tud<h($l?Gm*3Ic}|mwVVctBOW0
zanl68t*k$Kih`Cs6XF7!YW!FM%9nw(b(f@|YS+NsCV=0gz~cu)_uKo06{+6`jNjwS
zW8HP7?S`<9zsKQ|N*>6n;kV+!MMKMFg5`qB@vY;XXH(4G8|ZPQYN@qgb04j{$N$ah
z3gqFp90}TF>|R;~)rl@nj|`ID?GqjZf)l2%{M+B=LHAadBgd`7r)KZR(_5e*B@qzw
z%kuUAL>SLNvHw$GdQ!oC1zh6;yw*PxjvV;n1K)u*4t{5Fjj&t)Jp!h<N0NcfG-Ur!
z-2GD-5;Vij;ZDL=*WE$yCj?+Rz7|;<Am58Sh3S#k<`DR%iQ+PKu*?|X+3rI{II^<Q
zpefh3PEu9HqEz-{Fnm>-F$;L;Cz?~|={|+ys`V_^*v*=u_$wgI(f&(glk3=RIRn;1
z_-Zuc7~|$F_sCQ7?%?Uz)OsA-g!_KBP0_=`k2>BlAxDRVZ;WAQHhR~OxG`yN+r;Zv
zucw>3`~Cx`6P;sIoq$rDmd${c#P0R19K{xkzRlEA77N;4Vs*h(Uc~W-(b{!cao#1O
zOMdNELCnAe7K>L0BT@O}F<M8rdzNp`7d$uK*UIr1=+jx#R+kLXYvm)@NAe$Gfr>4c
zbJQTgEY$?j+ousJ)6jz$N6LlCOHBKS<+_P4V_A-wQfQl6y%@l*<bcgp7qA^hrD4EU
z4>aSxUxM@})#zIwrME~~Rn$}b{<*{79NTLw(-DXHhMZ98yM5jEjbY`Of+QyBf5Xwl
z-ob18(MlXY?7E{!63`+$o%GhMd8wDaBA685v$PU=L?Z25%H}m@B5%33VZ>8mAV8zT
z4{F-PDg(lO_~FXe!w-zZ6xd@bM5EO%UB^X*h2lWWnKd}zY~kiIfFV6t2kt$8q})Ox
z$3*Bo|4p96Or9~_kEI9>z$7bRr6jg68bJ8v(6?FmO*X^dA^mR@HN~hUC)+9$JoJE5
z)-SpinG?QZ*gaE`Qbes%j_+YR?D2UB0R^P{1_U@cXy@dguYJPo`b#*{6uldrxMG#s
ze|#?wk)nu~Xn>ELi<~mf3#`$%0HSE8_3w+UqucGLAhZdKBM+OUT}ZtEZCceF7iZ47
zW-eNilJ}C6kkw~D6=w-i^udP&CypCldc3Gra%(DNk|aFx*T^-Yl{i3M8-JSIu>W{B
z&sLGO%gH*AFIu+&`<#ltR#)T(KrZIg<SY0m$Iv7qmMwUI%H@)Iege-;=`6fED7h5A
zOqn1-b>nt1mm|U}y!XqYleC6&V13O{*PmjiZOcmlvI%~x2XtCH#ZtkDm#hruibo!~
zR?{Byc35*|GjK<z{ye$P-1gGAIb_5@@f9=@ujVZ6^q8q#NbN=~=gh96FTSR`X{KQ)
zL+m?JfLQvyghqI-A)v2HeRfhtp`HZ&Lr6xUU%n%CL=Lwa1}LAidt=t|+9GbysuetE
zBi*9v+bHn#bug$gIljMu!EA`ERd19LL_p7V6vL{<h+};?AUBBE+P8;7u)>twklHwA
zQkUbBE8F@teA8BzFH3@oASCC#c;!1qMtt>aNtSu8i<xB6B1Hs1qUWm&N1jfAQPr>5
z3b@%q(gpp3xBoS3fnh!<1p^VgZ&-LWEV)_APOm<ss9i`hO$Z%%f#I?WzI#~pAbPJ#
zE)Hi>gKg}V)>aet6D?S`(8<^u-suK^ulT$rfD`5)zB9|rI|sLHqZNc#*k<~@5m}(u
z+YN4KfNzv02TH;OA}hq$`!&ADhRDFw17U8ay%P|H%?n|;f=`{ATt4xzemRj|Tb0>j
z>()C_$-<c5FZiuVL#uym-yO4awPEO8e@%@<M~3F}@CLA_4`Y%78`U+J30eUa&&>xf
zUb()<HH<A-vkNa6*fDL3&o?a3SCNa#(6rPU2d1jQ98fvCR2s<8=Y&dnhSY>oQcX+(
zzj<M%tY<?*wiyV(hAzNXPl8i^M0fYDuwPtpiBLJ~ynnpa2p_4O&w%|TfuMvB&iC8R
ze8xf&p3dRuxDn^tFE3_i=a*Y<AGo=>M3Rp86^)`a-BSxBQ*3?+^6qh=t#wX5^(>_B
zGWa5`ZPu?s@NG<9w>C)1j_46JlwL~tw5LL)izZx0;TL=G9(hoa(;GYI@A{c^DsYjY
zWg!2^_5+CrTC20y)sIV~zGJsuQp6G&Hm(aC;~xi!lhn>_o*`D#0fUS0Bo-WUTULGi
z;)z4&l6*w{8>c#{+xB>sz#^{$?W%6fZ?%aoUP;U?NsQ`KaWuK-jl|nj+P5tCZW%9y
zp=o_eT>1U6TTBi&m6&D_<1J$jgVkU_;^YJt5i!Zu{jHI)a~P?`%`z%P)8zM}IUaIg
z08w-UX^1ujpc2|3-R%8~N!v>m=6%|6HiX=#4l#mBnb1Bb#Gz8s2-Wmp3#b*Ph(32@
zRE@nn!v!-0FMH%)c!g!A;!>FG(BDUrO?V$-Epw0T>gPm<Qbb<n+3o~5QH>n1Dz1gy
z^<2WhxT@u)oULm(r+`kVgvsFbRuEeDpx(d7wn$rhsK2COa0K=_Av4g41BY=#o)bR}
zY|G61h8d^!#*K<9Z!=<vVRNXpg|g=oDq+**?>1o&5$%Fk=av@)kDsQ&EW)t7Pg5pn
z?1%wG?(e0>P827luE757EQEa<;sphmxnp#aas=fVwX_rgUj6NsEMtWF0%)fqWBAHM
zLXnUV^{zM>{;~_XhynJaM?=$(JLF>tX|3OM7A1TFoc-qr8YZXEw#uE}x5CI5pCq7z
zH^k8I1xnNaIfc8}+5-rt$3z`*OcaJt$|%~<r9Am_WAGCwCGqh-jz~Nikz%Yxm?=Db
zaOADTmLV!SRPvH)V!`JpD7?yB*=B~}p{Ra=m*{W+N8|l9pRVr<vTqNJXPs-IV@DD}
zvuoE4Bpw2TL7Op!w?x_kt}1j9O>>l;>pm!N*R~;Kyi+x(L{~njp%`TcI<-m9gj^?{
zg@OVR+pnK$3kl<$umws8SxPW)*2xWf0u;p#g8~jS&2Zj3jQ7x}ygQTA#-Wu3Aw5Xr
z3mkWKJ&|M1iRwHy&||YI9ZC4`l-h;0!|+q3pbT@5<E-6ZbmLCzW&Xxq>{j^!!Rc|v
zMSfAaz+aZR0=axVoIB-b=VQ4AIS5geSg9)uOMac>#-+nN;5PYb*Cf*&_N+%JL{#jP
zCwt`dWk0+4ua#}t%;0@LF7a`E37Q=787nJ5LWLs`y#MNPlzRJ-{lEyK3-%4137wDx
z;TPYg1FkmdzG0@8mxaKF?kF|HKJ)rFUBgzJz!<LHsd7bFS_SR5L3mQcIdKJ}+W)39
zM+5!EOR%(wo@m>U5J{KHCevYH-m~7s5+Mb%?Cm?za4N?p#e|GX-vRyeI%seA{QERf
zQbpjMI4~^{3cR@4Ke`)gNH{fphio9h0C6Sxk4ycZ<HRHj|1@*U%STYA(#Sa7!}mM5
zk_Lvkq@vwKfug3N7w7dMn<+Vp7zfWFz2*?eVAT>mZTHR9Jf86~$c{W5g(0S@W*inr
z+wQj&D%;yqAMu`bV*ml3idCla0rJaXMH&)b9Ib9``iYtodxmVos_OmODp-eo?N)dE
zMcg;}`D7onN-Lf{!QQ3QHxvVGTmHE#5(kb^azzJ2k*v|{wf5CiMO4Bsu3H)C(oQO{
zwk%w~#(L)m)dn>6KT^Bt5o6y<PnpP0DuTJ`5#z*hL+qW*6rzWhdq{Trts`ax6|<_b
zG&zEKym+JM4|ee!Gg_|md)$XjX;m|-W94dv<mdIw)kEP=O0#TWWeRd0HLz#QHbc$v
zil80R2U<Q&0pT8}&$g^kBu6wEQ!4`(Y40xrw)I^^V?Yvz9y9ig@twX|4pJFG2ho5M
zhx`iBTK@f=+(rG=p=;SRuKIcDhUV>Rh0gco+X^0^sz$k##&t_7)>C?<XgXpE?3jIO
z2bRMq>5@?=!x18I;IMLFRFS5BVN!<dIrq4AnL)`Kx9ZMmM^*3N;*{r($2u^Fs`*#R
zc(+t1`7->d;9EnZR%k%Zi)z{1SkokD^ZW0<cUesN6Jydzg{%&(GG@ZUg^D7%cI!vd
zk==KY8?%-JgY=Y9-pQk;WXyEQaYc+$MDU5R4`{4aQKuSTZ@$Q{TS`#g*p<B`Umd5?
zw{iICCgep?pW)#f1G@o>PG+3!T@j2_iL)kweFy;c23cXSd&!nMweocC82-ykvP7j)
z&gQO{C0iOIQ%v;DbDR%xvv!6Ld+}t6FrLb0O^iSMf8vFx#2eSQYl25bm$f`53!kUy
z$r_ARrpAC#nA8uV^$O>9dzugRN(bCLha){6)2mNkeW|G4K6;05a?yAg*2tY1NGVr-
z7rq<L6m8`D1f~QN=-dMyhvN&z4x&5>5#&h!^mY9-xNhZHO6<ABokU!(7^!`fA2yN9
z;a~d$vUCWqz4%xzP~wm!<vNaEvnSfU#Lp;KD9-rHDu4DIe-Rs+`aPvlFDJpg@70pP
zqVG16qk$&rvp05+q1U8y*W0V@+<i^$AN*7$QQgQ^hosTR2y>Jf03ZxI?6I+9v1Bsj
zW<=iZvVeQkDC@oJP9y1PiTKJ*lF<E8n3_oOBr}zFEpgds7T`%pwz0AcfTF!=4EV4D
zay|Rc)}eeD`d*MS{$r!ro`!IufG552Rr7vaIro+Jj0a)*1ip>*c^+$AUe3MQuK5Rk
ztWA18ihgjvJ+PAs8u@#GUPRVK-``IK9Y5R0_xP?I&aB_Q8+6+z&YWBI$o7bQ&|iZd
z0%I>whKThF07am~j}7i{p3Okv?ze4Us!e~n(_P-X)62~{kgX`o#thgwl>Wrxe+F`l
zaTH{@n|&lDOaStJd>X6F+1!{p$j+H24f*$6nEuma1H=N@J=8;-F1SSsdZoW^oq+=z
zka)b`QmqESlONQ-s#uiX{|DgbC)x)7I*^VA?h)|)Z}<a`dMN8~7XLmU4aTW83Ix@0
z`@X@OkWF=Z4;Pbt`FL7T%G$mrdNa}JrN8>|^)R56Jwqqsl9$bI59C?!+P8Z%Lv=$h
zv%SgO@IgrYmR9R<G{sJezAw(hB~*j|kr>c4trC>)G}jXa{%CGV%hB#{H8|d^COZH9
zKg8`FQ_k?Hjt{7-Q^1tB3Gu6qT5$`0wk!Q>YyS6p8ka_65z;pn+)-K$>)!(46uHqf
zn@bw&x5tnr+ak?c<7YYbDEOM?3ooXiAl~@>WHASBNtz@nU$(vz(_o*j2$|*xKb{1S
zo=BJWFqxFMQC!uU)|tfL&}E1?Rj>0f3PZW$Va#8fV!|Oi-dGwda}{)E!7u=Ok0nth
zy~zl=&m0w+NO(pDCVdUeu6B`gWvk7rCt&VF-5l{K9%3t@yLlrFQ#vCPoEg^-Ev@?^
zPCWnqm5stBJEx5s2I**q5tj){d8`rzJ9&mwnvQ0cgI$Q>CVYk=j+=b}fqMZ^(vTfB
zAc5D_C%jUVi!NRBC1OM(`7cd|a<OV<ktj*E-*-qEbGZF_-d?v3mY9cm`2#V9W_j=5
z`*y)AQXcg+hcX^YX!_qY5vjR+lZR<Tx9jV=^#x%dKlY)o%`qFiU~hrmT7_{&3YGb@
z=07HY-Wz`&U+#4ljaEw#4!<Y_#L><xYV9b8ptkHDK(31yxOlg3kWWmPa;c?s(9(Nk
zp9k9jO26WJ!evh4+SpxOtOY1hA++YCQT#pT7<s>59*ZQC_f1tOoxKp5N@WSeQ=<{Q
zM;xE*P6nv8#@JK_=~+qn7w0Q9r`RCe4-fOM6>i!TtChcz-dRulWuRWT-zQqJ!*qWs
z@ac**XjkZw>{+d($e1o!Iwwn0FlN)!!O!{<aR(w^1vK2eF`oP`olVj-Mw9kD9~^dg
z#aS2C)`fEF87TON#9&wsW7!1Nr;02vfPrdwNqI2Yd+90O`sfKp)<1PQJnekf;!wm~
z$tE@=BFXDF6^aC!hOuI6N89Xjm5SFvjg*fp3-C!h-tZ+qA-WU5oDp~TosxPO3p9}t
zxa=G$p;Ze<=`uwP3=p@)!k%5`ljSmF9Pt~oA3Ocz?KOUA41`$DQ`V$vU2h9+8ffKX
z2W&OvIJ-E-`gcJYRzsjhVz6#@hxeTfS@RA0aY%^l^yjP-$4~IMJ)pZ};T1zrQe;tt
zbbpFhc88XQF<`Qaf)%cB7nYMMVIw$q>vUdDxaV8v?**3lr&gi-IVuf^sYNKH6lcAY
zA^f|-^~;BtNSijdmMp|X6jL0R35W0uhm@$?=k=WR<MU>haL}Y><e?v_Oe7&}Ow6G!
zIx=jMoD{~6QRp*~W9uf_7qVwv>lxb}H%GJ!G3etqB$5I`o(x>=3?x}cPxK$!A`l)0
zu-^=RB~q)RfRk_GG@NoXO@8MOOnW;o+tud-=K1VMFH8e3spC;wFp8Da@r}VuuUG+T
zBB1cqODDtk+m#i1HyR|U1PX;LI>;<035={m^jsVyH><;|4r00e?i+(SLyPtK1XHAN
zbqsP`i|hF)^LR3=m66$N5;tvJJCD}!f)=V7qyped-KP)|-hIKKrci&Pi`+hIwmzx#
z`-mPF?&#^#J}>ylb?C^UAcc=>Xz4(%G1EsS9+=%@lKyCH%gviO7g(~iFgTw;#DQ7#
zN^7F%AW1FpBo41EDaf(Jf)?HzmUg!+j}6K+JOO*?Z`!LIqNXCGkStirzdUjY|F97i
zkR_q^eOVV4=8p{SUfSmvNEtPAZ;)a+DPDhIPn7R16cwi-85w(ra7jBjuY0}zSN&l1
z4$F=nfk%CCD&!r&xFIvHAE<W?(I|m&*i{^K_2wd=CXgWT5eVn&lcUq3+Tst3*`mIf
z-5#}*rosuIzAV8&8L(#Gja{P8uxahNIZTn_BO%S33x-HHLwY5l{li1);eqB{-xQ})
zm)}<bwmoH~^-`mf=H*T7s(z+ccDK}0pOB};DC?K+pJON~E(F4+jD_uDK^fYUl4smu
z!eew|k_j+*FxVz0spn3)BZ<D=AoXprD|O=~v$N{Kuy(#~NEy2;i+!d!Vn81}_Wl!-
zM-16c_UcxA2p#<Z#raFXkW*|VO&%PpYRZ)k{fkn`($!#NjFw96Tb)j5%3-%ZATC2R
zFkx<&GxLjyE||g(_H|9FI68aSgkL}5eVl*1<GxCK!bOBZ_dMHP+l^#RAI#xp#rQ(=
znGO*vQ*m9Fk~okfEr6>mx->QYI(3){J>>0`A9xYUiym<y1vgiTu<~b@?)iQ?d5t;-
zYnk-IexTm5cd_R^jMvxEdFt7(;U1B7<H$)FpBp%B(sW`>yZqpN#wW;IvUp;~{;OBR
zx^QvSEYKD%@a?o`d+SUp4Zw-Hb*UDZQ0Aw?5sWJu@DFkU&)c3CVtwRhNEq*%QL$Ja
zJne0i6((B&zEcacf3#^kQQtwm@kfwH<O}|ub5kEYzm5U*JZd|>TpsE6^Ry^duYi+>
zUl3^zhy>LWnRNQk)1f*57(90<#UP${AvEPv69~<mfh46N4?9RxiUfm<yLq!dO!!BT
ze;JFvG?_k)EnuFx4`+hn3t+{%b@uz>wkK7CUd?6DW6Wo&H?>s8&#Tqg3e60~sH`s0
z@X9s6KV*0z=cnyNAX^#5uMUUCPNB^IB0y_c#L7VBlAIgo1WoST^je4nUmPLRTJgAn
z-hdu&|9xM<YF#6VLgVdWigRh>S51BQyDE2cv+r6DrC+1_4&8gV@99kvgGtd=uV&O}
zG{ESM#gN(34nZ=EK#F{_-e_|1$jjR>1U3?tgY*595Hoej)Y*=K<8n@03fzQ3xgmL4
zcul-FxozV*(O4=Fdb-4eI(P7_8F@i@QQ4fa6nB1|Q<oma<Wd8CA6{Pm$e}C;$$_qS
z5^MUAon+K7XKXx+b3^vkT78G_AuXBP^O2L!w?7f?^A&%(#S(W<N31#eTzIspYlNT^
z#&pr;WqxHD;IO2iT<gN#E62DxMKcOC={5Z@XdfM|iF}4jsM^1_jkYHzGn2xJ4oggz
z7`cb|!G#VXV4o3lUY2s!?2CtTkojdeDqIr2GMR<Gg<fJSOGbC{I}t|6BNyn{(^oa1
z_r=FZp=l*`3J{3^G@5!*vu;t{_Iu%v#BXWUb_~P<lSnRK*4^1bCe@M9DBajK%IdYy
z6>$AuoA1c8;wkeKOMu4|q-MR_SH?nFyEe0t3)>+DFM5?a=!h=A7`Ri9pno6}aO`tH
zrapRc6*2HgrF=IOjL;Q`1Fw)Sm0lN$KmVps_<FBL#J4O`maF(Vl`s|Y`+`T(rb}~W
z<FZwyt;dN<OQIx~)cQ5_F+4vG`w3-eq57_K$kT#LgcQ}MK)Q&b5@nv(>A8=&4fltZ
zBy->!0w@8F?aERFwH|N@LAdqUDLB<){xu7enuh(5EW&b%p9g?1mFMXwPoUAr3>2hf
zrJiR;{pG-u^VvZw@1(Y)^((V#Ub|FjMkLcFUXwF!mISKW2>|W{nzJU-oF{b7oIuha
z)nBMMpe>4Eg<4jA79{zb@$-q%09TPq(kOGWx>AhS)R<EIsu_Bb9QwUw_{$F7t2jZ1
zI$|dY+DRV7of_e+oNgyI0_|VA)SIXjuRj_&+xr}zF!Wm&iJLdj4)_Inc$Jlu9APow
z4kA;Drl+<bEALt_HJooG=8T^!L)R{F^7ih;Sp0jw>d5q|?;YW@sq^6R;Uub%>z+F@
zg^{^aQ*;Y<c38I{iP`X}>yseWQJWB-9^__5*WNTs2_94E^es23lkz^-*ACXY)8fm&
z?j5xz{c40qq~-fQP(_=%2EWX9xHf*Z;Fo<RG~zOxLaTcQKyK!A1#QMs^&O+T%Rlbl
zU_2MyWNC;<<^6SZ7SL&hI!Mhk+RK>uk~+-*P7pjdp1v>@Ch~Q#O1LmZS$GZ?HV}!c
zNk^nx%FZZo)(j=Tn?SeLXtc<mVG2FXu+Lk{s65F$)9mTqJ`|K#(wxOP<$~8jbbkT$
zKhzoEI&IXQc?vAZml`TzxBGt?TU_z*J}+1H-r_E;M!XQEWyDOsVCl1WR=9WKES{De
ziha3I3%u%+sbnQdQU#2^`PCYQIpiAoO>Lp;4{W0o052^>X~L#oDFg-<ye8CSr8bq!
zAU^_`Lr|OVCki@U<sdvGUp--R!~Uy5`$WhK)Msi4TFVN}isb**=J07q?6g1X>&i{D
z68)CL_7Xf_z@1N*1Qqpv<#_l-eE3i#Qso;f%o=lQohmiezjXo0E1iYy)I<4!1$p7i
zod5b|OK0SftY`vBBT&Uj@`W37KqrW}NI}TXfVsR4ZBj=<!jzi~W{vpf6lM+5%$>^P
z_tq;i*x0u2@KG!=^%HN_xq3yaY_ZoZpk3d_IYPM$!u^-oGHKyDvFW^HiF#$>+^H##
z(WH36t!A}0d-qxz56Q#q>0^=ld(JsatzYGJZGi(o@>zo&51CEV{m;)%TWdOx?<{7;
zvz~(f*1PO4=Q!)2U1Ez)fHm9v;AO&!7W{&IAX~9ZImlC>pHsw)XKv=y{pdCGq?X=5
z92rj1&G$UPL*s^}YgX>#PoXc12WqQ+Uc#Jjds8|)K}9CK>;&!zRMn%hQ8-WOB@YlU
zLAD}w{K%~XFJ5Pa{FcKD&Z%|1)TeX(+vKxdJo`6SBWc7KrVU~S8ZxRXN1Lm58J<N-
z!O|CEWIn`!`}LBwbiz1+s^)__!EF&^2>(Wkd&TEnImEMoNKXl)5sBY<w#VfmcxpM7
znzl=Jsp~O*xzkz${PO{5aoQg@Pun|oRYfb-U`xZ>=w+lU0TSpafopb2$;;r#<zsA@
zF#(qV)?dKzhvfiZAaefDW;OF=eR2Qd3MTstf!TK^yg2LFGUuSna$6|3qktDF$-LFu
z1!b29vch;x_6^rToQ<LJ-Hw2mfyYh6e}3Xd%v)23QP9HhvdU^K>04l^@EUhf>OQ)<
zGvA+_`sFje2Ejz8)G<Ceb1ueuU~avj@D*UitS7FPAM73p8o88cR+nf`m2Kz{c<;ws
z*M^B0fTGfnPo1ECva{4>=6PD<=>&3vd8kF&j7XRF0U0Q?0iyd86uDRcVN{~5b89yl
zu0&<EYV0I+^(+3kWp=%=X}*$cyxCNV{Y+UN9n8=jHy&w`oRB5b-okGY)4O4;$zfw|
zVXACo-2)qAE1xC!t9z~4cJ>BgQ?B7<ec||=UyNO|F|PP$$kfVCH99<gsP@JjeV5=m
z$=N~|9+N}2jKR`6LFX7Ny~0RmOpU^yALlo3;t%t4mLg6a8L%e;yk2z(T?yEMHM;tS
zR?zMj-E)t@eh9Br#MOHSj$`ECpIyF|JqY#>fDp=BHJOTaYl{*m5bF-WtEb<oWg&mZ
z(WRLU5`)aW*WsL^>J{3f)I}2XYJa%t1}DoG8B`W$PLPvC4LET0?N9;vH$pc@&g&Jh
zf*@qfIc+lRHhm~4@aVEIn}eY-74(#hU(Oj^xG_DcLY5=*+l+*QA>XvCT|JAuL=Z45
z_jR+O@naep6ta+0r3jd_4VWyUwr^Q}?Tw)}aeXaqk%Q7a8$>vbCN6J)Mwmy$Ok(Tw
zupw>W`#Vp9v_HH*se_bVOR-lLFn=I+7#!vY!hVVl41Xc2zW(G~1voxoJPjmGU6K&`
z<eT~;pC_sO6CJ5-OCGx@C2E2ZaiyFz!12c+17z6~{r!;1ygo{!e)Scp4zqcsC{G^-
zd>`0pEMwnlz`PCS(2Xhi{~mz?41~=QMK<J?d{v-8|57YwmJvCeNfRxYG07kyyz#j-
z2p}2ohSlZ@UD@Bd#M@x?yWh)n@ERbT*{Z}wMBLZ*jP|6G!o_E4{0M_lq|8p@-1jB#
z>}8d}F5N8b49=^yC*11<d%GSkx&jFRJoR#9tD8R^w=9W;8t}!N#L3N<ac(o~U0f7-
zoyW7&W<-I+Sr!t<K;zkKHl04}EiysNIqlh6Sj1`ZNJxU0mHKMe=@T9(;va0hj09Ma
zkeCR51c2DiE_aOWq3ZIxWaD9brG(<o^H6>{3PnzI#2DqjVX^X7_@T+WE!*psaGhPA
zlNU@&6hTA@Z}qI`4J_tx+x7S-m|?2c@oerI-%<-1;-Yl&51Nt-1zsa5(b8<6#=#IH
z4KdbFmzj#dAo+W48u!M~CNwlRNCpZT^N{wpJfhYWbO)PE{|LSJe5#X8xGEo+-hS{w
zXYc9HAAqtV3wc!efL39O&|`<tkSg*c*%@oHQthbbTz1pvwyWt0H}OTGIfd}}L%S^4
zIPkr>&xB*^IHjC|X}Rx|*y~R|h;geTfRc-Ub$u<!VkGvyM|2>j8JAB;VDPlH?)s$}
zLXZ%+T-vd|{%z!8n2^t!jnBD5&Bm>$#kGExOr4Hy*$WWe^Y&Kf^>#sQz;)cHZ;iR*
zw9|Vc#&$GP9Vpyaedy@qR1fD##vlN^jA+7FS7zNgMod1YV&W=V3Fv~W;|+;k>_ffh
zw9NsUgGityFk%6cRKLhI3Av%qMwUfa2YTKw**7|iTiyboR7gHpm0GqGMB=LFs0L)P
zhID%o%if*L!Wt9)IPGAQfJBtP->mtz>1n~YInX1T(NPa->Wvj<$Ebf~{S;{rGGIwC
zl?k51ENi&lVT>!4XgQS(AGW8)kY>sXnzoZ=I2iz$#Y9zXaS>7AJpPs9jx{Sm(Vt$j
zPW~K`61HP46g1fueg6&0&H*j{adWox74LG%b4W585Q6RGIa>GG>DA`v*P32go4l?p
zS|t2bWsR$3i1twSQZt?>C=uv>lf56*^EPL?8o@b(xfA=rBm1S(6skvS^_x;zmU@Vj
zV)3!Ce4W8*m`+5ZzZ2tT&mwQ|ReHDYwxTRK6%53Mh(eZjBQhkj!NiSo>Y~9WFi>O)
z3&ZuV!((CMn0h;pv8YJI*j}OSL=^0RT;q~g0u)3!+M+OJEQq%FbwWDZJ3DS3zV+yl
zX?cA!;(0KdEpm^-dGF`Pz;>qB`bve?cHs^3@XDMAEIDR+cVYpoHqzMv6jieP{K=Qn
z6g5mU;QTXCZ3<hpMn|=T%fFW&AqVp<A8S|=>(5B!m4-k47y|_aW;GW)$pum0KC(Eu
zGYMioMcxzz-c<~(|AsL<i&4~I6;w^%r<1~9IUd=4<GzD!@<v9gEg7f)NUNamK?}|3
zxmYeV!4bc*PCyM;AtCB0YABW7m#E0(NA2DQvolkc&^c@9N@Jpy8p>sB$gO*UdfT;u
zzNCyn9pt`>44SXv9Xv7S%V@hvFzXxWRyI)D+558AJD67>xz0-pxd+^b_N_<IcIkut
z^^+9UXVjW~GK~F4z;=w3l=0bRB#hoZa;`&$H5_f~d)_@1L1$xT!58p3k8yMMHkEjW
zCbp6cgZc$}KbM+m!aXV=dUX}UuNzuu-r;eSXXp5@0%F^2p^C*>X*YGy1yn%uXiLs?
znbdNNQbWkt0IERnaeYL6@=s^>A0B~W^vzvj9O0^W*y~9$_ZubGG@;7AVpx})6_Y#)
z$6U$fCT(jX<_Z>jJM-z4ACJ(KZt<(+&5<tLiuSw`Z}p@BaCx`SiOjsm0nEC8XoyHj
z`!3MPmCrX#4v&}+=aY~v16iM$A>+FQZOuNL*(3WG$8ghSS0VLrE=1C$6prCe%m*84
zqWcEdrB2{g65yK<x^oP!#0s}f4_1q%3H<bFj(@jqhU99(xVCeew~twpu2F{j!cd~z
z6pUD=LwI^rk5{!&`Ko7XPt+4)dU;Q<Un#zGY~x)ZaseL3iqvX~7p<ccmAedeq*$yM
zZLK{;{#3Nv`M%{}*-f9~dv!^sTny#6@r#^l4MtQd@2{NyptT{IG!c8Wb$%)hhzv7M
z8V4!x<;65d3!lJ8e4}_1F5P?zaz#Gw=1!uG`@2%~8-+bjRfJBZMn<bMe%~E$!nSf%
z6E%)yKkKjFK6ip0(%N!`p_YPvjub^8cqh~tb<L<QeYVhLr#Y_Eqe`nf%H{00zFW8K
zK95+XZlQ}oUcJNSj~H&J3>Xy#&2uzq;HmpqM2>r7U4yRR%DLw(t?yQgu3TASX>@OD
zS6j*xec~r39YQ`qQA%HHGqEMxfubnwUfaXA&J*rN#l~kD0A)N-abvFs7sm=KRq^Y~
zIZLV>WPm4LsA6ylDrhIot5P+j%K3L9j6fX0-*!lu><E&w_LWZEo>koQ$Z@lwmm;Hv
zLLY11%8w(1e6O}l8%j+^Zkw1T%1t4uE1$VwJhPMehbd{G8Q_;1kg`k0A4C)yV6<GR
zoOc`o&GPt0w8Wn?G3&Kjc5N=UuT^woD(Dc^)}Af$^Fi5PFDBz}>=52B6)W98)_=-Q
z=Vzl<!G>&m0UFRDwU8(N$df+I8V8@k4{WE_t5c&Q1vxqJixyj7Y+Z8x6!>E4U^keQ
zsOz0Lmd_f4BhuYaQXoBv*j4yq=@%2Ui*OV~6X%Utv2XJwOdu8V0w+Me*Ev{0wmUf)
zEkoyN-s&+Nc|+~7a+-=-C*9QVTO%-MWH4vsF>Ye#ToE!pNd@|9>EoGm!-0@JpB3C4
z#2Ha;IYjg)rv6v2m_5{~IA+T=yEFAMVoY(Ie@WGQ*Cn12wIu$n9Tuls`ZasVcv3ue
z-Gr+bhi+}eHr7NKBGy%-fXS)Lebx!}|DGwalheSoQ477cV7r}@y}Oe=L5*>UJEGp}
zAB+nb@5z;4q*hIqM{mr6=*W^kQ>IQ&_anqjfSLZkdj8sIIeK^tPN<QnU`A?VY>Xmw
z&nabYJVMdbwliHio;)oL0zm@Lc|OlWzInh*lYF447~zG9Qf>6Vo~>}cUJal<U5}7n
z&#8#YEBsdh=?Nsl{nMf!vARq&`9J*?2H6P|us@zIdyGf+`ppAaq}C=+-)GJ}$e+C*
z<SW>xewy(y$+D674qp55gswY`+#XI}A50R;|5s!B&o}#ucJ}tsyk4y)s*`4pzPM^-
zPTmJ*S6F;nH@9}pdSHNy8g7iMyFgw=?22D)@{5*LQ&!b!N9ljHr<24DV;jXdC9lDh
zGX2H<3$bmsKzR?Y-+G*FW*|7NHZZj_kIL<Tb0)P;*wgL@R1DQK#6Zi2^e1r1ODjv&
IN*IUyKW|BuDgXcg

literal 0
HcmV?d00001

diff --git a/windows/deployment/windows-autopatch/media/windows-autopatch-eligible-devices-historical-report.png b/windows/deployment/windows-autopatch/media/windows-autopatch-eligible-devices-historical-report.png
new file mode 100644
index 0000000000000000000000000000000000000000..cb56852f3de952d9313ab41d8e47b7d4ce11729a
GIT binary patch
literal 43829
zcmZs?WmH>T7d2W+i@Ou7xVyUtw?c6!!QI_j+@V-;3)*7Ey-08m?(S0Dr8j-v@5+z+
zBO@bcjB`%*+RNr#b4RJG%AunGP~N<GgRUSi^YP7_x6W_g!1*8{z^+hS6W+qU;M_jS
zNxi8WCq0DycxNT4BKhV`O#<pO=soN=va`IN+nYBSkbfVz0jDzaH*bCpE67M{c^jX+
zAf}V*_^!oFOMb6n6*L-oU9Kg)*8P2Zv##^|ySb9SP006^_L0?Hx<5%I%_BxhBh9gI
zBzLmiNYN}g1oyMuat{?me@wfN3##~^d8yvL;qJ;uq=9pm2<${;|9L#~L$g$M-o3-)
zC{!-E`-3h&K1x_o@4m!`ug(H!;UJ=LQ2JOewPzbyMLH=4q9I$F;gUTcW9f9%!^4BO
z3nv<c0}bMTEmCW$C3c8|FmBIhW@(AQl!`(S^Ip6BQ)UaI#l{|C8g}mIepmmOm)iRJ
zSlKBq+FwHG7kc(j9FgwQS4v)^Sps`G7?h1e7WUn+$8n5Cgrbw$6eBoVTO&0zG!T)J
zrtGQME17QuC(15#TsglZG`W~a4$|wFTIq`n<1j~6a=qarARzeF+)VVDI;6fi6xj{Q
zgIhBFE$YQ&)*(`8l)eJHB89*Ev*1#r>9>_Cr0XgMDbO%xF{s3&&<lfaT|_w^saV=Z
z1Hgs6G(@8RHRe+F_X)7|qKM`~v!I>TY#0ZaJdBx>aM{6>bkA^E>IO8qo9I^ZK^a{Y
zITTb}QMA|wn=Qg$Icu)<)@V;*Anbz*+pA7+V%gRNJ|hPh3W|4ArDib*|1;<V4Fn;+
z-gE;G<vjoZ;1Ch<*FhNHhy?pj#;stpM-Qx~H-_eO$mUaVa|@8j94o)+2*-;3Bj|n{
zOw^DV6)l|R%<vA8%+1kJwQ6FFJzw?^sNIRms%gv+ONlo5o10ECS*$!qBX(-vh3lj5
zqoMdNgg1J*64_)0AZZdvOi)OH5`YynDY9hcU#78;IOiZoSj?Y~G5HE|pK^`96t%-F
zbnK05RahEOe&7u+poWyzgcX#W;<{G^1|Y$?8UUl0`A!E?Qk7Slb@mvsjJ~dM(@&pF
zhN-LgP(YtF#7?9NrcjwPfb_(C$yVf|zQfe1W08y!50|D|Y6HJC$p`KEVq2jSHkea_
zOtElUXssOi=mk#NDHcd(G`y+nC<P|!fjZ2){r?;xPiCR3k5)N|!$H4N`^eF_;OGQ9
zB{7IO>wL?%8lN^qRf|DnkP<g(#zq<#5!bk^v2xbch=W^&>5CPu<H5?xDk(0^oWLA8
z&JOnP3M$eTwq?k9xzWzHuPtbu2#<EboLaVL&}vra-vcV-!RrjQ8~yPB`ws>k!#i4c
zpgQZnCE|Vub6u&no}lMI;iN3qvQGj~HM&2pX}CVCDRh;D(_+N|o`$FOh3*S+(HexV
zLX`~G{M){1Wb=%F)2y?WgfSZ!BPCUksy3)>eM!rXYC+a>3HD28w&nP80Ea;m&wO`=
zMzz~W#2abVdi9p{=a_@}haohC!J-FsiGhk!w}Ov*6JcA%icX^;F%F(5PCS%(b4pLy
z3r3DTyPhOfiEykr=L5Fr$QMRL=m-l3ZT|(V8k7Bown921)CN?H3jrdG|H(?D8z(XD
z`Z^v{MNH8;D_K90w8@EJQX64X^PVIBqR@3Tf^(UaV5=Hl_Ds8Oh{mrKWsi`66G&I8
zvnw}Hg!pM%(*2_^y0qua*t<!=-Q)(Vm!<p)3lc9Nr#YIb?wQ<3ECrCuSv!ORQU@n9
zNTWLOs4m%WrG6@%#`mU<Hq`gi8w3L^{b7S-uCKQW>_-Zx?#ji2@80j$1@x#ai<q~*
zwbpzpa2taVrpvKc>ck}_(zww!@=pcI7CO!(*`^rt*!dq!`$ClvYQOM>+Hw`DxQkq1
zXqgq8C1)HLJ~u*tH<+8t`jTz6GvxH!aCw^hkI=2wqJ=YvH*6cD0i+IQ-c3sB`|L8=
zZpgGm8Tb54TUQEU=!S0{%r|7R>V3GBz~~wGC#b9vX9g0HhMCp_v`xqZjqPaEVOb$D
z{7VUAvW0fW@X=MM%%}UoZZWm!S#t!G+}mMOob-12Cn@2w^^%3nTi#&w+%-}9X@UqB
z;U4wno?4^qgL*7HGOB|G?4@RTAM6~gJ?j?b<&I6+1CcA&RhB9A{-b7aeZsc{<sU<x
zU*$z0L4$9Bv7p$+!e5AlgB(dUh1)SYMHoWtAb@O}2oxD2|L}+Msx+Z#*C78~Z(l?N
zN=tMCx-JXma)Jt?l)f0bvxHb-j89U%h05M5fK>{D;z4vRR2Pr@LTNrs+!~($TYC8a
zmQIf30`cOnxR!b;!_E;5%`m{MiTlrmFb7%@#uZ%!?2-J8&ix$Yqiz+ZOE{eW-3;Mq
za?T3E-5c9>?>emqSt~}^<iJTL;ClMmXIazJZABF$wR!waNM7jruR7Eb>zQqYN?r+_
zBKeRp9OriPtKDui)KiwZ`^vni63Y?sgKSS|A|Mz|1JqXR&O%1cZL1$m+eS{o=L=$(
z<^SKO7@7}O5HL?=4P2ydOW$9G2tD_8Gq!&d`MT!9+U`gniy(?dQ`e2uF^3eV_&x;s
zE@ts<hcV{r2}^}1A`1{c*0PSrw>;s3<IoXprN<wSoU7cii7?SQQp^wg{Hcso#o6cO
zLYF@y=3N<D+&N;fxieWLP-n^*NJI2>_3$@zn+v=9E2e6ioM(!>jKD#Nq|-MtTylav
zDoUT#$lR9T-C|h*d%D&tL)VuVE(-Li1{;YFcu^4*3HPrjs)z*IzM20OH#&>BpsUuC
z^ckXa*GHt+^$>mkKkX!6TzcZwC~~@HeQBlO*tL?)%2=2s6eN+4q5;skh2XhHRUYm6
z{Q4rizT(t_qa&cECcM6W+t7+$5wd<jc7!YmakCFoLjROMsi5n-#Rq&M;uASzOAH|)
zUrwG$^xarC@+&&HQf$^S2le=b&7)bR^oEBm0|L%DXeg=zF;b*sB?-smVrY4W4~LKw
ze^mL!q7_tq`HjxTUIiuv{uQP8==IkRz7RSo;WfEk=l8kJ6-|dY8RoK1B);MOyN@U_
zZXm8<OTkzrs_zihR`M(kJJ(+6IV;!Zh<HDIJ}1+{fq#p?d&~JTbkg>F8vpH^U|xjr
z!(ZK?I;zU)(1~o`ZA3<({{<LXT$vYSvJ`7Q7;^yyrQlf>GBjZ=mQJbb8>;TnQrHky
zQPR_rwAj37kXP&eO&#GZNQ(%_!DicsJTQ4s!|!uiJDbj{l8X7^<7(Pk1N~gA_l;Au
zll0O*b(^~-J*7jgdl~xa=om#2{n-#Rnvj*_F}6DH)}%bln1QL9k>e8uP2e|9onAzg
zipyuUrq=RsX<nz^R-5^RxaO}_*`i^ma^q5G7}Oh$lAJtfP3-UT29OiP8SE~yF@(|T
z0BFp>4+tz7m`|Jw>oFO6g~}t2Q&OB<;rZDEw#2O&$Y>Y|-Gs5k>AQVC0;d?G%8Ve7
zR&3-44!(-7jK;WobP)0KjQ;aM2LDZ6;;;Z!wCfuQUc2wdlzD{u4Jf`H1g!XB3%7qT
zQkpR6Dt15K&TOB0tpok6=(Y6W3DO7(ax_eVcD-BvM4H1I%Hw66Q`5m@2J4cRpCVQ!
z9A*pKN(uSA?CnJ<cGZeAgKT|q;H9O{5qj`iBM&b?4E-foC}9OUny+#L*s-IaU*#B1
zj>{Mwn*Q+r;@<5Gwx;xvyU?PD$_F|etg(qd;jkS9HBp|_P?yigiVGJ20~5%d@Q=?I
zXj$v&gu#J?t6040nVF&5#r^7bm`BHU8uK%;Y>yQO#KB-Mq!+SNhQSGG2RB4zf<(uP
zZ3v_!4lR4V0`kM?Z1bkFO=EcuzQGksM>R+KlLh+l$mJxjK;(EhO17W}ij^vPe`0dl
zr0`_K$|xz?^)+bXmfz*^#3x(Gh4jI~<Djy<ClNP|vwZ#o`!*n+Tr|9Vz7FKvYkMd~
z&Wys9<nm`!uf5F!^)^?9Zd)KKX$37?z!Ptt8}*x;C~?cKiZk>sJux#hsn*rJWN-4$
zN=jo1pH$2RFlH2xu7N>)bLm4W?1R!*jBj1V3fYuK{HF5Y>}}fM8zY9xmLm`=J)l<5
z)<i=4AlU4D%QJ5DJA9LqwklgZ_$rNU^JJ({evCC@C|}n2@e^rrd$yn#vS<hjPl`Ec
z`F7R%_*ibQc-s5<c)cgA;*#VlXIz&0yg3KyoismCIfK}7z`&_J*3D{SW1|3aK$<O~
zWW=agZU<G*4ueNbD6I3tQrQ)}zn$-lFH~qrCp{dvVJ39hnWUtFhJ^O#%gxCy{XNjr
znwyz|$S}?5qYE7kJD&_<n-k1W-PuW-$+F#^t%l6BbGdu*m{Fv*45cn~MO{4gz8MYd
zq!7!)OqAbgq-Xfo#V#UoGACPe&8*KyG&b@vqz<={mj%WJ)g{ZEO=}kuBigyEm#Hui
zb8L7+SS(evy{)sx=zQ~pOmm2{G18S0(pd>I;1;D*mGc+=q~wr=y7&o<Wli=YI1*Uh
zo%DVuL!1;9fm@y7NK*YQVc|nuWhfZ6V>cw=y+LGqw9GlD5mae#n-6Zqk-H_6bTcEl
zJzb3V?4v<=BKhU8jFCc+vaxeG!Z57TU0&TTRdOP*7PxOzkET4d&A4Ry%WmG-ok5FX
zRIxiThH+3{EX2W}X=~@AaG^DT{$sUq?*;BYRNWv-(~7;IvIXO5Z8fGnnDk_!0hJp-
zmTd_?HBR0=Qr#JnJP>a(zXmVg;`v_K%U%v6L;Q>Sj8>wC%jibO{AXE$jMl_>ruOHp
z5drCvqa6OV{+kM^6Yn#0Sm>H~|H52ua)hMr(2$Dw<1xh{e4-^@@Y>)QPi$HCI>5^|
z7WX|?V#Iucih(<9=73Mm4<{}ub6$gtUGFqQSiP-|g%1wTWG@#(n!jbnoTSt>rzeGj
zQ?BYA2p_{sIYd|Dq!BT|zuk~pex$kZF~S2HP|{S%rSvW7Zk-n6j|F$rXX8Qa#BEci
zTy}n*`NegF+7Tp{t2`)NnuGFA-EK}D5z#+gxytGJc$^E=89XZos<A;k|0~55DYv(t
zMMXt}OU-StN@kGA;YyG+WSZ*mUAt!|$<dHsW)FBRgx{eamVs+&WkGzL@#vgD*_0UM
zHulrm{0SplWk{Mv2y=P{D?U+>nUSq$wrJXXBk7mb9o!6$hgn5k(&#+4*8Kd&!7H_O
z1%2}6T)FiLaleEPuY>T{spq#R!rmzF7l*tz`#w{1m%gz`{iIG}=Fo&-@bmmnn=n)q
zEU7*G-d@}jZa!IcBd2K{s1M|0Iz9q%Si9`bfS!+9_SI(v(I8qBo=%H#EA1@yi;d_^
zA!Kl+?-@%mHo|n)B{dWTf7+20%#DG6P+=OZt%ZkIfqdE{9RO|XfeG>a=-av^xnFJt
z4ONFEeDrvITm61H-4SRt-k242;<h!ONgmyppR9ht0w|WZGN2=3kkPt%66k26SokK3
zqA&ao;0HWuxf*S_=yM8*AT_M{o6$vI{1LKWZh`kqBg1b=bJ?2uWKNUQ+jmW>i!NmT
zSu_HEKsCRz4!$&jOj<91&^2jddnVQWVfcRQ2le3Kc+Z7s#7@h*j=F^}_gIS2t_*nw
z(3Q%s^ZT+6#yGd+Vi7&rXwOIdPSg>~f5u-BO%^ure|nqZ%!hs}i!(5MK3FE?f~9v%
zimlfIXc?!NSoq?iUTkcv{9kwe3cHQoa;=1E40=|h_=SCZ_&bFuAOhP-E#+|!WBcvn
zakD$``_oF+!3jp7mmG;=Ox+|WM`UiJezvd|IiVUwf15ByK||Ik&=Lbry0F>xm1sO$
zEG*d^sP7BpfUbwl#7d<r3z>hT6m;Jqvej?Jj&6ctK9DgC%lAZWmpY#;xX|qDNT|_q
ziHjm5Vv++L>@fEZO%Hys)7CZO0@D!rPKm0F6hr#0fi`oWPQ=~O(8&VS)tDL8<XpB!
zY0((^3o=RjcHIV?@9*_u$BA|>_Er#zjN79NkkR+315+$M4{S<DXy`(bLX0CIerx@&
zArU*r%flt)%_jtS7M~%nFHg>lf@H%#Y<N=f3w~87l<af<aQU+UM`M8pq0sA8e%~4e
z#}zO?*d;ir{W&-|+LlL)Aius517cJu;BxS$>RSf4UhH6tC;5I7H>a3LXlyy*FR%4L
zbNo-!@R7)2HZ})<%+Pf^DOXz*x=*(5{GYZa3#8?lD<pK>c;hvR>FGa1GMIl@+t>jW
zeT7bpbAQIbQg6#&BzStJ9;(EJEcS~B_zo$H%2^-+hEj~{O8emtWaV-#=a!E1r?*HE
zQs)mMk)tr80zp?0+||Gx@oT$_aWwPv+*h`Zk@Gnc7x=>BUI&bXO6(n?UQhB#b{z);
zE9r2z6R+~CurAvQrfor71{*g6zjwaQlf@igOSBJVp(27B7A@4ihqWNBq=c6(N55-N
z&&Umr+d^K!K;_XV^G}J-n^M;VV5HskbI^ftLk4z%0)VVKUcjZ9c6rd^(br`#<j<*7
zeskk{{Z*D6JC-!c&WL!<_ipWl(t~Hohe{0Ms$4!`ORqqe8@);kF+lk8cK=(Wg@Uhn
zx0oN~mA-s<lQ#CY0f_qfnYVi0p|tkb#}(Q~wu<!3+#oqm?Kl1@KnBvjsj1-SLM&c?
zB~%S2ab8Om0+~XMg;Ag&T72^FHgyL1-LqYg%s+ZdWx@eLb*8@M#Isq!w1o;<ayr*c
z;pJex@h3R(kEfxa7hpg&TPn@eRCDx`FFTT7Wpm&uPJhF9Z>0ag5N7nU5NCQNf%PbG
zG#yPnEB1Qv9dG4?{;0XNsl$ehL-_J;E0jR>kCIXZ1i5sY(Jv=@_sF3}=a=1f44=Dd
z%>-Re(y=j7bN&SUO9ci&+f^09L4Yn+$Z<4W%>Ev3Lic}6$Y{rYIIOs~xF%<OJZKOo
zIp_-N<})NelN&C2JAiLAsE*Msb781mXYVd1BqoV4ikvXOI+kheZpCTMVaG9qfn{5%
zotd}5$7SPE2ZLxXo8|+E5%@wK<i5$WnZIZEY`71Mi3I+~_xX*X!|!9kSObYP?Jx)=
zM?RChpV)!|BhGyjkGMr^_k*&kFxrugRvJNJMg7~CfRF>~xCCa-A|fd-X>yckCG~Y^
z#AuJ9ySs-(VTL3oYXp#vQ>;YdY~w@t0FYB;GGeU}0Z(fVr0x(tar(`zrixFUqT&CG
z^LopkL;?8Y3Aa=>rdWuG%Qc0a#Dcc8wmiuk0+s0*THvNO!WYriGDdbuS6@2U7}uf5
z*-2j^6x6zJNd~cX^B*U5jU>XWa4f>`tsN^QKY6_WSp9h*^~6+5D<!`Xj3xWY;~<BR
zYQv>A$PDHIu!ur+1PHWwhbbbc^2SN$#0gB!Mv9)^csDfwBHFSNg}L6;jliAO<Ag0{
zFtC@)s8}%Gk_m?&w=52hj!Ua*bG0J)svFG*$LJ)f>!-(D4%_ZnSrme6-^?emZ4CZE
zl`ppkS{aC<)J=WU)DHp0y%*yr`9HR91F6s>All5C%bbnk36;`AdAS+W$TV?@pg%#l
zr!y>;u?g`erlu%$k9x|gDpJMTAYb77*-^AuI^1htc)AothSce6Jvo<@bdB<Y+}xht
z8MONPRr?vUkAfJxDJYhUf~J)|OK7I>|G}?OOY^uOTpYS_*%H~A{=S_QC2WEivxt%1
z?_}7dG+xhFigMw)PFkF}A?XE@q1B_q9~#@txcMU&0VfyE(RF%=$d>>2gLe4f>1ohr
zef8P@4CvW!{Ab3+SXjZ(<*fOiRV}$|<Adr(=CfS$R}I|#RuY>2pFM6F>xzO4;OBDo
zl(RP)ZU3-b1ARQ=nbTy6yJ>RJ{(tZ9?-D#wB^m{wl?!oj7WeM#;L*|171irk^6=a?
zx8RnH+1B;g*L2xN5$7zNpr{JiFbZ)ruhxvCno=bGP8T``Mj(`?CrbL4Tx;)wxDQ_d
z0-U04i=A)0yg3QF{^3zHH;QJ^hRj&j$Yys6=pFvc(7}O?q?Z+@kdV;i+FCpms-ZhL
z={=aD5*ugg|1l&`R{RLS4COBfic-$jE)43n?y1n0Q=+ykDdiL{kC^3%IUI6PwzC$b
z?LnIy8<$f1Sk7zy){NJ^d~Dis67fgSaW*=rhdi!&mFD2C=k%f?1Jk49hsOT?K30@W
zjWTv2lwpq$H=|oN^clo5S_3kN*)?4aryNFGRc4|xL5KiymmC5s5t{|rXc!o#CMIu^
zlarmBMV$35HL{bVQ%<;2w7yeQKQSHQYo>!w$5KC8JJ`tBD7?Rn{;963E`L0BaAXaX
zHsbtAvOGDr6r6cvyOV}jSn`vUm31|pcgb93#rCS6_&N}6<t;Ir#?>4rN$*$A*p25Y
zrjSN7Sv6tbCq$6P!sd-Hh=XWw(02362gG?e)GIV7u{=4u8fVOOCok|W%oIzSdfWM<
zF^lJL%m_xr?Ash)0yh3rt4{^hDsWArMB*6#rOv!}b2D9nWRA+m5gO3E(5l~j*EiRN
zS!l94I%(NwGjjcAuI_J!bjCM(itXfwMrAxD5tatD(n%?#HEg-6N)5X=x2>EHRy?%k
z=JFe=(1;&e7}&=o6ty|^vq+q8rUXeveQ*|u=QXr+!x<YS=T0j5)UqVc2D)SkzC*2|
zH(aYp1R=%;9ap-)H#Z2NhDKpQuasyvjrlbV$)onv2tvn`(AAK}5>+$}AAa8Yg8Y1(
zxSSj$1bAz3EfafXuZaOY0ETIeHN%&dv}d$=z=glzIyx$?%l?F}p2Sf^{70mzy|uI5
zAoV2V=~v(~FD3%~2{E;PCoOF*6pp|tDhi*riZWY|69Rz{5fe*l8XyY!wQ=&=1qW)!
z-1ZCA*Ym-$2w+S!#C+6}LzGV$Scr*>3pqGAl9lsA)XzMIPEJPtUL)t>=a(+#9^`ZT
z&&!?y!h{@Sw&cs<=MhDn!?io-45bKj+^pm<ePtZXmFO>rM<!<#L81ZH4))y}5+oVB
z8nNi*9I6(i(c@;Wrf8=sWa<e_&?WV-(G`0p2xlx~3CARmuBrpBk`>-r`0d5^f01*g
zU;;~BjGUFJx>eJ3DgZzmJb5*taW%adYDi2E1KZH9=ZL5A7JfmQhMQ2f`By_cHFw*{
zvC$7`8Y~zYq|l6@TbD=-Z1)v|ggcGn7a{?T#S)K+0!yJtZ3m=3kq1-GxTRxgh0u3x
zqH}IdKMLVBxozLQ4b)W@N_W5reG7W$566T{NI;N=b?#@vr-zLk@niI))~H~eLP~&0
zlH(w#J3oBQq~O`*f2sC?#-%MNnb)Nzx3H!_d=7)UwzaN1&cQTb_sUj7zbPD9+TAXF
za%|g)yn`KH4r83cD2dmJEy=q$GxALa*Z&G5W{(g;d;|FI2_^O4-V*Ie{v$$@7lltv
zm7BBl^*VX~3>d+PxZ+~kmbgCC8eJBGV`HWJSYg<!ae;BMF^i^QVKidGC)xsJ*AKXs
zTYOy3F)=YnVNxGAozwr%4Y~5(F~Sd+-RSU5AD8EZ9e{KB=*5bJOmx`{<X%(`UEz($
zs3I6y*(#Fmrsv)w{7Y4p#?kRGT6)QGcDRO|07htkPfM$jp;L`E<T^IC)5tV0xM`~U
zld3(O@$VH`ay?cnQ6vcCjH4N2(Xc90mEaBC)|Gg%e@DLrfBz|$gfLSU@f{&4foQAn
z(&Vb}oANQ@Jf;ygKkX&!FO{nFcBkg02sZZ&@enpE7hQ*Vas(HW=CM9sLjGgOzxLGU
zUKd9AUi<`b7I<?Zc@Q1&v76XsP$cBIn0_vX*Dgi$ZNTyPgkScv0w`xi-@4Q~xxO0q
zBZHU$&&=A%Nz%y+aY@(@y1pKkyQUgFA1Bt=%p;xUu{M2EpBRJ-2{)v;9`5$5zVZ7u
z+DhL#wJ!-sEgvUizI$j9Ojia9Qk=1fe)#n#&RvK#^#^b~xVE_$7!TVj&{j!M-GG(~
z!XNc=-1+bjf#p+(<{`%Oq6YICbFnuY|4cIVfwcqu^juuZ4yu69HPIzX^taEtU#Btw
z=EiN2!_iFcJdGc2E@f#-jieQ|k!=C38_q(M1F;4cNqluU#LX>X7CRVzHI;MWIK`iT
zx>J4qXn|FnOsS<Bap?A@Z#(b@4y8UJ6L~3Z#tv6>6OOjxF>{`*VN1fjh~#0SV{c6L
zz*OA8XF2A9)f4@k`P6no=swwv=MLHvN9V71X%LJM<4#9EX-?ppqCt@Jfo1bd&Jx{l
zv&$;rw{MHk^W3jg=ZA;AKxUs6dwszOl03%FEjJFL6rd^#F|39}M3BIm+}J4cGHzdH
zefo-nT!L!N%KN}*<iDLpzRyAf@9H3^g_fkUf*EBD<x-jsv}~W7Lx-2>X0&y{1%<fi
zsqf1eSY=c^@TWABzU3w-1cN`~rOiQrYLBLqYqNAV+{}qVsN<}Z4wE6Vl<a#1X=eIV
zW^yCvhVRxS-fSN9j5);AI6&`x-CdB~5*dgk_17ZZxYwe==6GR_;ZgU@PZjaZVgvKr
zPa-V($zDlB((GBI2E+M;i4U>@2Yy%$5IfzHFEOa+2tz3{PJ!Yv*R(9qS3AAl6+`#g
zm3oTo;&-Rm<l2^29_LRl7rg(16SNTyV<*bO+=T7Vg)2ESD+f>bKvu=ri>sDIte!B0
zXFY3c-2kr4dhgpoPFMGyppMuwsn0Z6vO2`kQ(JYxk%Pz#x9K>}F8+#x0k*hAjX^E%
zMDeYd_un$ob2EcnJfp`w5Z;gFa4hBQaDjER6S@fFKekw#@DOuQT!4H{khTN1e;JH%
zSo0h>oCW6&LqS~7F&?UHBtva#;G-{xz$9kO>icrZn1WX}26}p|oIGiFwl^`*4_3X-
z>WghT<d3S#zl4oa3dWpxz7y<$c(ZnTU*1Ba`c>#Y^ZaBdy`#<<t>JJs<@!5|Fm798
zV(y+^B`d0E&^F0ikhIBGN)B%XuO4Ru;?>(h`yf<FzLWt{R!xvnnm>wFL`_&$=ueEL
z3=jw0(C`3wM+r#$11T(jJm(nusu$Ge=Bk5B+i<lBGp^-{G^e>IM}Owet4Leb_v~K{
zGVWCHA)*P1uB>&Huy{a`v<(MTlO)o4adWJA0IA2mFBRF?q5l$rck@`+P^Lg@V%6Yw
z5lNO(daL)CUOOcCp#6g*ild;#_cFbh*(yPq(y)6zE0MKmN6|UU`Bfr;i%hi*H(~Yc
ztgxkM(`$6*Z-%q);`&fJ12WMf2t44;%F3!C_v*qzei2Z;>G-u0HnfCmF!(3N`<4dl
zGaG3SS-})V^ta@Qz^7K|l5RronkO2jTEXvnKq@cq!J!?5CnK^uk?s1%t1to0*ys~}
ztNzmD3N!{e4mn0CYrPBEtU&w6j(?kGa`M61S?O^o8fn;mT$R%X0pUJ$c`o$in30Ht
zL`pk=Idh<dbN|9b@rQ(+8=~UXFjUJR?sm?ThlhFc<LBVHcmPksoy6jL&{}~cS6_&A
zQSHy4)sh|oqM1vX&^4{7pCxo!^&a^@ek9IiX{;M!rVSw1t$lqIdK?$}IXPt<va}~w
z&vPRsI1}bL+>|~&Zy!foG!}Va&BG%QiCp}VZT1?AF1Ge7Iw?#t0U2;WaFm_9|LE@M
zoE(*$L#plYm&RHeUJilUiN$l9`+!c}z#yvs2!*GSuQ0z7ldcpsaG9qy)7GV<9ec4a
z?BL8^O3sTN5d9Nsq!Y1Kt86&JDx+zJsSjZO=E{pKt%y$`Wqi$}UHH2M1tKlVFvbS-
z{Ybau=a)}(Bx7WRZVNb`T$}rPbcAE5_B$AXi$Wz%#rl{CEW$qM@8J2JfUwBN&d#9#
z5uwf5gR9+Sw5clS>dDaBro^qf3W%Fg9X#iFt!%@&?`fJ}8m6p`i!xQ4n319CVyp3S
z=Ii6I>Gf?BxUm3vm6er<j7-i=6Lkrn`rrfiyh?amT_>)^1Eaj^goKBVI551QW3^Pm
z;4^);qwg=y<;hjf=+|4<>)4y*!<qb+dN|ewTI<6<Km`RcVCg5_m7?Ez>AV_li&FdI
z3cDS@oUa~D{z06p^O~xlx@9M*kc$}dQW?78V?N;`#F&MJl^TFfO&axq^qP9(s*41P
zN|DYskn(M5U#vnZAg9CV(!-4g5V~p_I&k>G%|12x8SxMSK;yPmvK?0F<{pwGH+f70
z*(!0yBz3>?5Y9%@c%<wk<cslMb%>bQ25+~R>q{=}5gr?N+CQ^jHZ0Pjsii3EGf3^T
z^jI6!hm4S2Z2GQrRXW1chj$=_Lv+)#Le`JNrwQ`|`tIu9@e{Lh-q%l@CT`=|mXuD;
z|M<FSE$hxk_4$WBi>km4Kv{XLiwuPtFD~i8FD7*Js?}WO(+5&nt$H;y*^Qfro#Ugv
z_rqr2wh%<PUPS`_-s+J7?3g&qvV&(qrT)Ff3XYb0L(Qu~RapOes`Q8ikIx0saDE+Z
z`bpZ~*{XsJLahDsiqB2`D#`GZ;j~mD<Uv0&i3_lpN`gP~9x*7U8t<Sjs;eH)nzjkW
z+Tyc*(wLd@#HO3G<JHj8$i7sFrf-r{r`?v@x{#`Qv7-7oTW?erev3PhdW=_^eW}HF
z;aq0Qr0q#HAqBqsGwv(Qg)cUm=z_D21c*aev{dpZ1m9XqvMJQ#f!xdw_J*vHhfa&W
zPGDBkODvl{^=^$pY`A;&+!KEo2wMyd2Qu4KS*yyIbn>l$I8E&R-?Al~0n-myYJBjS
zvq&C_E@QvB#N9}t_g35gS4~V{$k}0yrT!$Zu`pmIXdD?)C<UWFIYpmyM2aOhJq~0c
z@GVu3K)W8NF=-D{A%mcr?>V+@n}<l)y6SpTJJP{v6lHhwI2*`bg>nB4FQEy?szJL)
z=d1}<yC<5$R{>|B*<y00YBBzqaorZwI!d(c1N#r7{i}-CRd@|bbxol$94{v)nZGcp
z661%gV?CDite#5Jw5dn5W@@j#{{F||67r*ETVK)HE~8lr-|7fm7>1*E4!Ldi*%KNM
zx>7bR2jyF%%Iql<kz6P$#UB%#)qgOCUpx3EQDRk$z6z;`LnC!N)7Ag|qk;Y2v6ky}
z+A=9y)gkBnrr!59WUSzQ%Re|uE(QZ_J~=&Ii_X7>qX}y(z3aN7bzCdG83&@<$(e)6
zg+&|@@m@p^{!j#sTle<fBWYdZiE|6W?e?aSE(W;Tz6I7j6jVo<!QVlDvFu40`Q$us
zCULm@hsN1;HR1QYmO1Qdw{G6zlB;oT{WzxcXI~7ZugY|87>f=2MWNk+@<6PUnDRa1
z@)1GnyJZ2m_MIScAHz5+P{lzI<>zsJ4(~7}r8WsTLWP7_AjFFt2J!^sw3oi!nHA5#
zC1lgtcR1XAG(D=ALKa`y)K&RrT}nH=X3y7SioK1pMxCL;S?T}Vj40~6_QeCaVs?V{
z$N;Y~?B9)cz+3<o3ErxHtHoYa%uhAOiRSP;Oi5qFS26~5jIOoKw}AAIwBn@&&1a>)
zhZJ|b9gF;W8p1R-b4qc|(Ju99=8X61s&+eev#Hk<Kv<t1`f%Ujp!htuY<8dHHE@>K
z7`NTj6u*7e&KoVa27ow0_t&G2o0?*W94@bZ?nb|g?Vg@>;wIp#ot;H-OdWZb-w{5x
z)hCFIANj8!zRYD6-WP^wTF><&Ts16KZ~(4<Ewj)ZizaiZvH9j>oeJy{Mc_4Z%@r&J
z+NDpc=50T%p)OWf9$0zQ(%Z*c+^?t#-q)>?QJ_7-eK6Koj~3rZBNM`*w3W?qCnso=
z{>>MU@KST-+KPSsWRmYz=W`(PozUXUq!Nfu(udzsegnkye|@72gty0_Z)a;GT@WV9
zlQi?Ofzz&o^Y!&M1hJ8ZCrr6b-kH=cm@jM@h6a|7B8B!iYc|i?4oLa05WvO^usOP)
zje$KIiwwl|oBbDWRYxnBUar|CCa91?`w{y^wvixDNH~Q3v&Od5MEN=KREs72UI3r<
ztY*5l-3LpPL1sqDKn-LB1mDCw?XUgcRh3oZ3p)y7`heWgiGe5lqeE4Gavw9agmxh*
zB`%#irOqhUzs?ghug5`*&msH=-t0{0gCh{{9sH^Ci{0TzyLzKYvA>0^+xK$jb31&L
z!)M~u+t-+3#CR?`XY}LJRS6s7q}knPXSw-i>-%nnW`D0vamzB}$NCs;dqRUyB6`OJ
zoYiRdnDC`*BK3JWo9hpJ7%jCUfl`-lDKwTLSXV#Cr{mW5qh?8C9wZ?JH`D&&`htWm
z{?LjK{USoPiszT8>{R7tTH~hRs0l|dr7s3xtMXavqE2pZk?RlUJfq;>Ki`T%lCd;@
zM0Gb<9h|9;wu0vD3i#7ObRjgB5*N*)lXkr3{-HkglBKgf5>E+n3E-+9apYB6u3Ub?
z#4Lr1K@~k84=T-l%S7tA!I~kc7+m7E=(`bH_ra9!M6_vgM5El&G&zf>O#I6b@$rl0
zhuLJ@q{*s`T0+^1G04j?$Q;HPh9-c%K!jl>CFegY?`QZtz^wv=#EUKJ*NxjfeM$$!
zpGJ~&_0y&O0^autM-X?QlefJ$LQfr3WtVuIWft(b#p#~~TGQdlkI2ia$RWCNRc#(*
zj7%=Br1Ws1B#nQl{)sF~Rw)p;Bl6g~<Z?8ridJ^eoeXR7%?301oWcB=9Ij^is4wRk
zoJEZ$^7zS$?6&kL&XeenQ_m5XMlAq3n)|kkP=&gRt@UB>z;V#}e!u~2+6+Wcy%u|6
z<&vL@Y?r1x43tl2SNz+Vt+ibV5ME>8+q@#=@xG2G$Wxo!Lj6&9ze0=tdYujUtdx<u
znI~4-otOOESuciA(f(dG2>Y`FbhCQA?7Z4jd5f@5yIt3`w{$T5@0bPpZ+{gz8|w=X
z#pCMnpXd8l9s)B*J^R*KJkH0v$Hq}pf9K7Wk1b7MYODEV4rlNl-Ns#jci+IgrV2AB
zPf-_3234WPHDFe<Tq98dIyj%@+o7uZP@=77=I>85JjCc7VBY@rxadKw!Ih2E4Z!al
zgPme!)R*w(o;v%tGeQIgd9TyjLU1|Z_~u|up@82Z(>R%MaN&UJ_EIrwb8c>sPTpU9
z)nbC4eUCyedSU~wGkRP%z*FNhf*(e1{}3d?Wow7hF#me(evCxGWv_xqW1nHXD#ze_
zFP_ZX?g`^$u?5v&-5Zr&EvFwEuza3HhFHKY$gwv2H9*)aDX}$p=c@FV)jGEMo=(ya
zD%?X3lleLRiyk+p4PPMK(vmQz2w!mBJomTHA48R_RKd+);vBL#>(f6#15I?cJkc=J
zlnCz9giTv*xM&!Co{@|x`x$XOk2;yRDhmHSadUjQZFb4Cd*e-h0S)F^#}!T^Y)ULG
z+_?R)|GBqe1xJ}FA~88HEOtvOTj)2Yn%EQ0BYgvs;LXC#QuR4sY6Q`V?+E+n-rv-v
z=fkLKg<edaFwt{*0*M`3Hiy$zl;}Yt^;QG*2_=+EN~wC9t*JVm-8Z|+UCVo6xvjEP
z1;!n#EW+}xemI=p@u_#qXz($_c!sHCkmzo!=NBTqaQh$`X1?oG#7ZD$yteMIj>V`)
zY;jlLfM$^c=~Sl3Z4ZLy(hg1Uy79OZ4gPpOA?FgKddVxQj**~eO3X_<@}27z4W2DX
zX;=_0ug^b+ITRxi(1_XdNaqk(z>FJ5Djf-b&E=cn<tb=rz&A2tg^`23`BFgz-Q+Vo
zGX<4}=w`!1PqrHb`w;8$>YidZ!fzRY_)bpC@pp}<T~Qsvzs&B)Nd<gK=@ZC$E|Te8
zzRyevhqr=RQf3+;`?XYe!+PzPdj{SCBibj6k9-(;t)Vgd)gQ#~m~Q_BU{?RWVPi8E
zN!Xg=!Xw-Pp=MMESh0T)q((<<JnL=rYTP`4QVX<y;m62T3GUmJ^fKbaAYDn=E>)%4
zJ^EBsYVkp|NosCfHbkr_M>u-^^Lq453JU`r`new&LzR<^n-zU+m2q#-3%$DWeB|Mw
zi(!j5Y>>{aVU(1hY5qZTYTCv5j4fq$u8`vt1%pf!wK$Xfu^rAwj8OFi(l=vRMsGE#
ztr<)mal84vIHDysP~-8$#&d%)4G(^Qn!{>MK_mg3@@aoq6DwmSSH9()Y$5GigZK^c
z7!TZRmzF)NZas&YrB4!@`*6cF?kg}>%Mp;)tSz=)8z5Wmml3_xHoGi_v4n@9dN79l
z4CTZR{AAnR?MbidE^uy{h%L^@vw2}Jnmbs((Sd+y%*4HARsT9xE+k^$*jJ;^oIAp~
z+47Njt*UYJScmt1)ob9Q#SWoe!=}3_+4ABPkJ|Vr$2NV2{xgea!n*qXt1t6fdE-`R
zPI@<W_4*h1JEuQ(=!S3L@<@IjBFDzXj{x|>z!V)X@I+*VH;0^Pi9RHG>Alw}IMRiX
z^rB+@LRxsj<}V12F2-VSq7?3|W|Pf7$mNrs05!CkYNLlal{SY#@9`jJ9DqTVFtBrG
zL%OyNRt{=`5Ir(`$0MDsFd~O2XLJ-XCtD6OUpaPW261eBtVHGP@b;kx;2IOdR9_gi
z!4?6g;vyo?`>I{qheW*micQ<&hKd9YF|d+L^XF}w$}meB?mKcf3uHq%-J$6p7$_hm
z3uCWku%duwRl16_N7aDPFwiA=?Y_>RN;v5-`$i0arpgZ&P?S~F3JNQ+AzHsf0y@ld
zg*g`1!xD+%W!f5Y<ALsXx02<&Js`K9(^~05ZIC71oVj%SpN5!AupMO6)zs1zg=vgM
zrqh_4%xum&ygMI!=8YqiO7Jto=D_mPIf9u3GmIh=b6j!UI6(Y}Mo(qCE>nuYnej3J
z&0dY;bA;cI&S-jCLx`WEe|fD!el872zVE2qzE2ZQxhGsso%;5&)@F7;u$*!azx1ls
z6t_(=<q3*@ePN@0UG&?&pRa!oS;f8Izt$_dYQx(XKP`1{jNSAa{Q8<DYTC*9jGH(&
z$N3C*`ZQ4g;<bffw<@yA+)>f>S7E=l6+QdF`NLAt>eBa<5XE{2)WjehGGv&B>cqLt
z=-hYp(xWqhrblL(GXd?cOYK6sz;7Nw)!Koi*+VxvDTue5V$E8y>b-ITCb*#-bElA8
zpUQlty<6V@pT^fme8qC3H$`vDlCP+-z-kyH=4KBKjTxr|D6&|Mf!jLW?Bs>g$sCX#
zAYQ~*5p?XbebymMCr8xGKNP#7hFn)SrMKBI3pR@>UZA_AoC`bDKg|DCtKv_vNmc2M
zh}gnL(->2X^f`)|#&+FtY@lOq1ahxqE^@5J2~V&5-8z=tH?}o&v6UXjZCuD=nX{V1
znq1%4(0netHstF!B-~?uNT1ko@eLe}U*{5Na$;DY{~rne@N0#~*^^|&Jvn1;xu)%7
zf?A%&_76Ogq)btwbUIwQWi#C6<)L;#a|1zWp;}`|;fshnygSq?ZG?3h5~V{9t_$Jt
z-KvXZ4p+y@p^y=AQ6{V$xOGt|+;N|3y=S>C;IVkz+EY4=)W^n_Q{KMGr<-3N?220k
zFRbr$H3G7-+pZ+72UtgL8Y`RF#MWDXukEMa7(o7{HEJ(Aw?f`0vupQnsv}v}Dg5Tc
zo7P%2s4QwRUMg?Qa9q9JwBR^6^sOCykb}7!(H_JV(lz8MM=lKLKe>m9YI^S!YdjBO
zbN|jFmGEsMH1;}aNKU`2X)8pRE>sj;4h~a}&r%*AY{sEZ#&tzw*R$KNhv_LoG^!(1
z`BCfosG1m4x6?nu428_uS-fZsCTR@2G>HhC>pQ2}s#}$$n=lR6F7J;tMJn7*PN^cw
zQ&QgbXj^QhSQ_lA{16V-7sa1>nYsM`S=tuFyHXNuk0eS)%o8X143-RGSZJdph&pPm
zv{I4eHO~z2oa``tfA`dIKTSO?@2K9rUr&W~JyP}jUQn;h!B)~pniW7o!ueDELuvEd
z2io^#4i(Z$2J{Gitx$OveZUfQb}oGBr@q#w6iRMpGIY_xU!y-K7uSMv*CgvT+jIW}
zUb{CGbQHqlGQk58!zcBPqW0oFclOLTY;6gA9}zf&z+czQADyc$&OUnC{cjcxBB!xi
z>UzlLJ5c6pPjTu$bDZCzXcvrhB4bLH#%7R{!$Nz{$tUvlIaYZGFO^cblPEPqkAa05
zQhY*HM3Xmg6Kra3X-O?ktD@SF>iP;mu@M#Sz$*^RkRMT&-0s4Q<t|K7MPM^h?*CCJ
z_bod!yfzcS!@~n^Ex<n{)cls05`46WP-Iz3DN0Xhfltd&WkUsT^}X6gXa6P8ni`%E
zEyCniMnO}?4vcdCZ%`DXD2L<Fy+5?iG6AUBxf?K!s)PXG>5U7cvDbv@?eBXms9&Fc
zOJ=v_M$|sL>v8WDhVpPHmoYNSDp-gLwISx89Lm|bal0xqX(W9iOXG4?H=d4d?Dy5;
zohc08^5AI#x4FHG?l!J(;59X|2LN*b9-np@hS_Btjma|_5$bvP!7VN5pJrzVRYv5z
z%!I=S!l5hB@Y~<yDXHHl_XBlLF}SoT0?-WuHEG3euBx}#^8(SnJdDoEU;j5(g3Y=@
z4i>Ao2*n=(T6s?Z@RtYT&?(oiw45eWrxl#eQsBDabe&&b{o#NxWJomV+T9B#XXvIB
zrqBg(MM6(hrZyst!KNo{xRvGf_|}IcJr&TmZL86GFDxvL=}>)QP1RUd+WvH$yuNEm
zSEC~7W!W?75aneowY*E2Wf?z#97_OMW#y!`<&c(Wx}Y{pT~O+ld@=a<-pYHY^BIHu
z0ayQZNZjI|v19rkO&+JeM2kOce+l30yqmxd+&SxNy1QQ`5dhW8s2Fyc$xSkci#y9x
z)5gXwur1|A85e-1LrxqNH^EJ1^V^9o4xZ5R8AiX9Xzv;r9W}>7z_u0TE|c&HdaPB{
zFcrev$X0TM)1jAh*-WLZtjy|rg$%jR?=M~+>@s3g9XRuUOgJC>`#OJ*_~nX1;cw9Y
zaRT_m#EBO~|D%al>i#c(6R>=CK6ib&URfn+#z#)3iOnXOlFsDUuOf7kWo~dej>EhQ
zsxK-1QC5KafTihGiP6~!3uYsh_V~`fI$z}DAMP%^Y#zM+9<A5v9v`#MBb)tOyj?2!
z!*yrh=hp=B-Uaa&FY}F8<mZTq-{SD}zD2{F>s!&pEz8>hD-DT3Z4wB7nq-3h9(Hz7
ze~}#Nybn=}d}V#bAWphz3P{26St?o&VW{pjr1$4O0u9l}^qB^%T+e^`+WDOPB?kKC
zIl_D+Fad2PqmAErsw~l^Mz><BE8T{1sVs`mA&&<aCJN>Ln89=1P|#jU(8oH<;8+>;
zLpE}5_p(HB$yA?&ZA;XU$;k<5VMU^-ubtDh()dVfc5Ihc?m;o$Q5iJ@%sV#EH8*zL
zaUiRFsQObVbfm#G8NF47(84yd-(RC+qmsVhb^16~YeW*rPCHx<u7k5U)e1MwiP!O6
z=G3VV1pLnxnC#1eN@l$NyS%zAECW6DLVpAtVR9>j9~PR{EM-JBV8@l9aAZV%I-@dj
zFL2-rN@X{but0_5K%;gIpR1HBhq3-}2EZ|N)e$xcgw1r>s!661(4`WcMRt<Ax4`I|
zWzk}lf3?n`lqEl=68RS26}X{x6(O99lj4?7$Q}BA?wl8b2_otgU|N)3(lYQ~rQ=NO
z^N%-Nv)DWFPtbi`i6FMv88}2dZi4%40%a9diDGCsr4UoEFiUU!6ewsX(nA7k8nMzH
z=&i14vdRpjma0<Bx72b2(P%3hTvu(}MvzC0RGDE%B(X6NckxWR)rqbWkxJz7h%{Au
zwlTZZT>aWzLtk$!sTbN=3O$@rxqiNe$Ce{2x!3U@k|BjrMTWl+krMUp%&-Ip{mMoY
z1LR24Fwm7Gd{ExSiUaQMT!NJe`n1sQa7HjBUT9rEOzTF5<`a?j_KvbhZAS9YD4||O
ze)O5p$lcrD1L2A0AGUU^kMcJ{U<a8@Da&<@m0B}wgc|WZn=k`EE3>r`l9!`9(i@4p
zkIC#4?!3D<t|kmJAsQJ`f{E{?3y8u-R6v33?e(7paQddme$I;{8Fx~o^4_S&#+tc+
z;J6{w2Y<+eA=}CGwGr`$g`KD0wqMgo{;7Se9Ek)tK^+_{4G>GMbn3G6F>1Zdu31Xd
zDvWgXvR|OljZhW-sP+?<6s`FrVq$6)6H`}G_!rUi%#R>t&aaz^8fBJr(3P35&%yo-
z2;m%x{O`)kQVlG=@wLJB{Yi6T<Lt}PI(0D<g_5~E&{s}FM>8fG%oB^QR#4r9m`dAH
zW@9sOKS+aMAjG*aAN+HVfTp;3+t-%Mc4P#^L$uB482CMnP-E#4Pu1d8EEt>hErzgb
z6<%T7xPeu=q@^}nZIauh*1F>Q7wSxXfW{~Fu*Z)~X|-H<`@7)wT9nxvm0yCQ7g}fN
zO0AzwY_1c&9v}r{h+f7-fBXLFD|m+G`X-^Ev<+^|gSTvOMA}Dzm`kyIQcxtiSQstI
zyE+n2r{~e{FNPao(&pVGR9*dR(y-}{4o^W<Eoreu!+|wXx7KHh@K!r@eWRf9SIOAe
zYpUuBKm+gCq;>4UnVp=S5&X~SD~)e{=tHvjFfC5%m$o~U3-#}?dGYsgHkQ#b(DzFX
z9lfB;B_=KHz5IMI`TMjgP^}#HddR=tjsXU-WSk~ivAI!7p3B_E3l&dgYkGn!0-0-{
z9MZYk3i8Oi8<=&zC4P_I3Pv-ZR^g)MM=ZW>X%|5C!S`?vDapbiPP+yxnw!%UwpP4}
zQyKfUU|OxI6W_83OJ>4JE^wW9O@E1Pc;9zzy$x?`RX5ZMK8Y<qI0E!sU!&>UDyr+x
z$3{gFUq{2m2@fu~*Hg1546}%n@utrH(yO?@;}`Gg`c(fHZQu3pH?(XF>}u3cEjQ}*
zyi#V_vT|ow;X;U<Gt&`!;re)Z=9?#*O6Eeg(3KVC5mT*Mt!dtma=XmNK5N3?uh~s(
zo;wxc37z#hL^y*R=TuXSRHSWWS()sVH01Wmc!UvCWs3*PZF|q_qsL)@zquB$@Y+W~
z?aTNcdM;vl5L8lLo`_~iyIYD7R~e8_p3&{>#SbVS`DXMjVrh=;0Nqv#28wIj0Zd%Z
z9XVsxHny_TK5RdkufAzOC6+HYE>_xH-CI}OpQ-A-ZcGxZ{F;C<YqyqK(_V8>4JDr{
zsn-@Q<pkA%I};e+FNQML805CV`IEOWa3%i4829&=AB0YOu?3)>sD2k_7FGWGp9(xP
zS_NPMiv4l&ftDh3!;V079~%V*_F*b%op><#ZHi7RxX}si=98@Z^tdElhDgpL93e6I
zpKRb5b{0?k_4#j@R%-@IFEf4K1bp3Mq%#c_gur_JU?tmsjF+D<wHk|%VNJy5f&BNQ
zuX-=q3ini(&ocm9YQIB%zo~IGL-(_OcEoJOfJEn8)uzwiySKK$Ec6;BcbBtyCJKM;
zxSap;V*&7pi?dlZ$-m3jJhLVZ5#SET%r8?>m`*+SA)b@T!{0sqB`&xcay23Xy8NMH
zr&5cdN~jl8dx(B_@L03BiQZS$680eIvpRUX^;jS>F(J1b=ytW`FVnIv4Bu+Hu_V-H
zK^*0ZH}ZbCP-4eNEKu}cqf9}@kG2wRs7gX5h6q3`xtL#8x>zZ;<l-WDCu*wxSy-8l
z`??Nc)OMDLjHG)f76sj7x2(FlJ616y3W^<@kRVw;EoH?a$;%sbQNziQs+e9`15$7l
z-LsrEB596J4>FLPF+_rIf;xCaIrd<4xgS$H&Ls{mIc)W_JLYaW3sfPk>QdN;yey-y
zsO&tfB<&*(0pOd$Ef#N23u{T60L`;VxL=MvsFsk}{AJLoow%J{WW+3B3gBf{wrLOI
zR?xkpY*EX{O~%oDdAD8P+&0KM@xMeW+(g`rA5uJ*#mQ9|@zLxn)I3qszOQk4H$`7H
z4VS!0j<0quQIFeT^nw^q#FhAX5G%_;a(qQ%B*B0_+yH&WkR}xRstOZVqxjvON?S?_
zR<L!hcrrIGDiqP>3<OEbsq0S%o0#tsDNU-NZ(lCr3b-E#92xkUhj<3*RZCv>)h*On
zv16RB$E?b!g4KNX+4}E7goy>R6hf}c37t2(DDkvssIdaifsUfEK+Dj`%nFBpx})SR
zPydbi*?%O&40aiI>~3Z`?lMVVS5%Uip!iqGPb$)tCPKpG>4GWod!6HQ^#6;tw~UHw
zZMsD_A%O(9;F3UaYuq6~fZ!V38h3XM9y|nh3zA^LA-KCV?k<hfxN{cS``h35o*(z#
zaqhii@Qbl}t<}}@si&T*S+mj#jj_|IWl|)K3Us^R`lo}wtI$k#I}h2t1DM_BK(o|*
z0R4~I(PZ1^x%2vTGwVWO5}lD49@b!F!8qLS<L4Eb&8bZ@zAJx8?P_xBw3q<7#i9PE
zLj9Wa&*_8DJ(M2NR5rC#GEs{U$Bl$dT1|TJ1%!t^4a^Tn^7l~MyZxP`^-AAUt{Imr
z^0bF)lkRMy4x$l(AY1Pv#H-nnjBdQ<E6Ox!=0pybn^0Z;%k`r*J|Q<G`Nx%ptF^=y
zzx@;3dOZnmmWQpf2Rzc-{&ly9M4_JXktY9}48{5b;qnYW$7B_^%T3ecNLyb#p~t@H
z<1S_|%$~B1_X`DN?*M?9wMNDA>Gg0m!?=AO225djJ%Z7-m+1imWS&j;SwO_Xq@7!B
zoaCg;?druvdb=mT3bVaOVoUf7Hy3QA$Ln9_dvAGlUD?t)-F%0i;q6SMl8-n)?^x}J
zJt(%oU3nyMx3NREZYt!Bq<42`3d=RsYy0A2-4j~>3vpWRuzkAa;uHVve&y9%B57B+
z7Fz56nSn_aqUX{*>cgGy1Ff#x(et~rUlq`dPWk5B7hb!LdYvPg*8~~Y*CX~UxnKW~
zBXk@j;Hfv>g=!E?&0k24-g4McMG`I^G}%c9V6^S%l&zHso}xOThO>;XF)+S4IAij<
zDKE>lG{8M|6ejlCR=etV^%dc=q%S4)g4es-QcePSU^?u;x|y3pY#*;axozP=wBw`5
z1W%=%=+9xD&(SYF&0D~4BP$9fBr4jS;|t!;GUvFfONhUFzkQEHdOKDNDr~Mz$KhO4
zg`d_)jvDbjw6!nE(k)HY<@0ZOnAldB<+*q-ZQa!x#GE%ahc&k=ecV65ymq^MgV224
zga>}bB+4-pVe1QXoN;H>*eWSvMa_IXTVC;!n}jDZF_A@GIKd*|CgYvw1^)^o?T|KO
zmhUQfSYx*5En%$@P0OBg@VbVybon7`I5ah{unOMJO2m9pj~cA9bh{kFgVm4Rqv|d?
z;`$x)H~xgXJNZFIp4+I`4HV<ROJuI>b~Z|*HUT5T;!z0(-)_&>ywlEw=UYp@IyfK-
zo<eIO91i2HjL(VPZWHC#3d#<IL4-v)7EE$&>&srmJJ-f;_tf$$B~1lu9GC+%jb1OK
zePHtn(0wyHxpuDR^XFqomMoSaFwp%)T|L+OBG-f=uw&+acjUNfd-?4EVQwuip58-y
zZk_HD0lGVA0c5xOw%*77vB>SNPw)MY>H+7D4|o|@?Rx9IlS-Z84}QOD5YS#C1iZXC
z_{dX^sOP&jZ5N2AC>^{FVfI0uG-7%I9_RMCxbK1OmMR|y8kUWcJ$JQ$uWeU1eI@vq
zJhEaXZnfWmFWp=3grVni=V?Zm7V~y08IJ$HQ|<V$?G(g)r;fCHJa;P8Ubf7KW^0F*
zzsl+LXsOqhja&~TQCH9fXEYU`=o0Dk^Q|%3-wBG~DaE-`2AOz#QVS!oscei@gOa8W
zZ|%oJSnP5SUSC}#3Pn%5WcqiwI_4vk$%g9*TvIkSU9yTevcPkys|6kj!We<}Q(~d}
z2W)P)t=}kk6UMroYNYo7>)YZ?Wowm4&jUr?3-Ay-^1fk)cuHXVB`ZTbq#L6Q3dg-|
zHGC0BIIQE>Tx-xa!%NQvx9fuC?tyuE1HnV;9xb}#>N2kvJ#2>6>^at1Ll%;5vA6;v
zLd7Ia;1%+6mi~*TJ9eL|qUo%fp8no^k}mn?Q?W+ZD_#+ZF#|JGtJrk;xc4>;`hj_r
zud1iTa_XoPqjMAfXpLyulR!@IWsn-$deO2wA<4P{)hqI>ws4^bG@t8!-I*p88<oQf
z9#Mb45Iiw-NDzAB><5J5eC4%BJ^oPJZ?vSjh+#ww!S<^wL|4O?zQNf$>JQJlCHXHW
zYGJ#>xyRzrR2|S-m!221$%=?$63Jfs`0_m+sqb3D6>MC7^?>9yJE@+BbnQ<2Ia=y#
zQoUmD6^}111D*o7>`&~e_NN}8#!#|hHahBufh=@A0+(D3ThUQ){Jb$W0xJh+xfAcI
zOOJ`ZU4yn=7bP!Oo%S%tj$p*idmyEbR`PoG>OzgQYeaV;jQ0K~5y@(KAuRkzAk6iG
zItDIm(HrNy>q?NIj-m&BedoxV2yw)u*G|}bi_&Y;wk0rZ=@mC40{et&b|DD8VaWr|
z_rdfLnY#3Kmqjd;N>e!@1ZejqZz%>SbJ!w(Jt*KC%wR#nM=eId4ju?Gb_zc7In#PH
z_;DSI&*954AGr)7{Zeb+d{}-&7IG&p+vkpq_aHa6q$H>-TQhP&Enx&_<)WF&6AO#$
z5}a{z#hc>z{YAoM!@kG~-%UlmivIkK$?=!3$;hMIJggWo`tOIi?YL?-^8JVs_8RoA
zFn!L7rnBvzZ~WHb3(oxJH}Auqj<SHo@RQ|TI&aW-%V`!64?XJF=&09uUZEM^d}>j#
zJ1CseJy$4m2{G6t14S#gkBR%%&-+&OISq8+YoR?|@LGll!$cpJg6^*f3F??Ot*ku1
zqAbWa2bk(DA{Y3QGOeQkq*J?xF-j+N`W?R1+>?`W_YZk6)bZ^d7z;il=~a`B+kK8#
z?#p2E3W>@jF>oH64Edqaib`&i+c}<4r&`PTI}2VLf=<`Bft9zqZ{aVMQAX;F6-L>E
zwljU6l^t?FQ~NR&x(nN@^K(R`)gvXEOW9M<)r_d@xmYcif27QCcc$jYv>&9TyR^~f
zc6>%_UY|6P1SQP3Y(LU+9>UK~OZ&F$7cNth1QXRBfLx1xSZ7mTI87D=9403wP)jTX
zpU(Al#_-H@S#;aR|2Te}FjpvGF_atj+ifjY4L9FpXSd)`VS5(|^|NR%UivFGG=Z07
z!s4~l?^zBLD0t$Q(+(Mv9k*cJGuju`_J|juY5k&}dD~mH@g&xEZI%mt$!ud;)q`aD
zW^3KZE(~^u-t6a!mJx3KChS|(T6s^i-$hKdsEa-%0MGXrKf_~3NBx<!I?Alw!x?QH
zPU6}|cE`t|L9vrbX>MO00?OC%(8K)?;tog^6_tt_ih=#RbQ9Amt7F%vy?sN%Qc|qH
zgS*#5my;(EnAqi~Uo5iM@?XBo@G`$eg`d_-jV|+oA@}|y>OApB@6u5Fn&N><JFR5@
zuqL))q|>uGpr)X$6#USvYm{HGqG^I)K{ueFsSw=V&70O>N9r!N+1r%i|Lv#82es~u
zkF6yfb_GkGXv<zF8ig_}%HWLMHf+5sqO>~QP-r{r%^tGdRxd#u9^T5zYA#K0U+XNJ
zX-ulx8&nx%dnTq#!RVhA4mk0jvVK$(B-1ATuwsizj}I=+k>YM78nN{-g}-EKe&`Ih
z3))u9ut&(eZLb}j;iBXk(TaE5>a$(px*dM|(VgU=xNXN#O;Pu2Xh4Wu&Mz9gf)Tye
z>IwF$aaXNRx?%K*-xO7K1H#6%*=uXwa<P#}O7`^*%ZPfoFbx)2SRQo(Bn4Rc(nRi}
z+p4MjT2G7D>&2oJ_ywa^KMGt{r1c(|cqI%GCbAV*c5HoL%}47{=E}pZ&er+yiKFAy
zPIu}G-7r1eC`TL2eAtu>{?*J6M5y1s#>WJU_C!&HG^aXlkGzRKnVKG#omL<$%`eFP
znS*2OlwMWM3AxtGa(mI6Z&~s^2REB<>H}~j;lBf#v`}0S(d6fjKZKBuTo5SoSW0{u
zOkF<e?p?w7o%)-Fhck@uCZ^cjN?5`bvHz##sDf5R@NeF@$%&j?-!Efc+|=cI5OIV<
zyBqhr!|exrT6=gdh*k)7^Bs*(<vqSv%nOD=2~4DrP0Ng|X}=%luiM{}eM4)B9PwIB
zg{tkY<Q_NKK48h;UAdb@;-)Ro@v`6H#G2p{=hHSmgp;lGZP&E!zUtVk>Q7-~;Xa;t
zkKKF?EjYf(h&`4_1Z{Jy4TdT^QS7x(ju*gE6MZ60eXi;EXT33wnj2n}HD4ew#qhXq
zpR2(Rhh4wMW`^r%Ewztidc%cW9JI2HJUr`r@rg(do{Y^-sB1P&=(A99&&eA3nEX*^
zf#B_@s_2pSBbSxV3$^1(TftCT%fG^f`A)`}va;%)$8W~Fo#$;I519G}liZ@M^g`g>
zHaDk#IbJgD^VA{QK5V`It~b!V>OBt|*K7W47$R>lP&8tAo4sx~&STR#wtuQlc*|^r
zYmkn=>&U#umU&G)CY^$j5l;Si0_Sz;s3(5<RccDpS;a^(SzAocmA<C&9?9onoop@A
z6?mo90JqZ;uH(a~MefFP)W+-GRPN-sD4<#4YLeL}_y7@InMW{WdTA~oStEpBm7F|p
z^4ERl<Eyu<`dn||UBQp4UYjtzcC6>!4MniLkq6X^%zC+CQ@EiQYR6p?LeX(!Cdtze
z`B-TUNuf(q2>YIw0(Up{dMovbOPw+Ix3IYZX7F}K6Sv38%gtNsG=5K%Af6q!t)3D6
z`I>{7lN)Kbhw9qt#+*j%_EzIfyqtKHv^N{<Yt|6Mn~)LVAC-!4nfrNcy11PkSN~#X
zQy%NQ;M!P)jQ9{rFmD^!fZ<*zZy#T`c;nP_lskQhTtgo5LS(iA^jxCftem%+IKLqb
zZU33tnShtkp4f8DZqnq~s{PkwSMtZcJ~2aY4qczs#H;I(%(euQ2D_C}-NuVu%b8|J
zybF@K04`nkR|K@l+@5Q1d`?dF)><<H+_pEje_20*XYPrnX`U8EF;JmkVzm{)qhh?;
z)8$)AgRTEyL2n+n?aEpTyUxN}r$AEK*v_rVM+yqc>m8)++yrDbj-f2yb$LXBOJCIo
ziS;s-#lm0mcI{1l>Tyc~dR68f&!3ZCpZW&T=apx;)^A^|Mn87=c47<N(Jsx`yk-`B
zly0nd=A(*0V@2L^+gsED2v5JvaNG`m9If2S-{UYhUGZlCvCdcBDJfb8(b?tC1ueIz
zcgNHtYidG|w9U60(TWgGk@*CLWN%Vtp-aa`SU1ttLv3@|k>EWsZ-}8XA!A@uZ=FXJ
z%Dmurldat9Y+O7h-4Dv1LWK0vcKZ`NGAQV8Pj5K1<)z6*KYdv!M$xYS7B*L*M9k-c
zf9-6|WdS)11le^BEq9ckE$0#07jt$O5_S&=-IF$--;=FU{+{*O4n10zl8axcVJ8z8
zHK(evbtmd05Hqu~5b2MvEHpFg8GVlzmChZRvMZ%B8MhA5y?Xl?KIqy|F}<T4A8H_&
zW=`)6ietYz>~1yp_0L=N6)nwGE4?K~*!NiH@mkkfZliB;M_s<2TIaUA;C*IP`XaWe
zWTw`*sJQQE&K@WICX&ub9)7Ono#vRB5w2=>Q^m_4eSIHC1|-ZiSiZ$FWmnbstz~qC
z8scTM*({86YAYZNEZ-)+Bo!h<e~atQU475twFMy)wnl|4Cm<(A+jOWkUvM;@-RxaG
zxHbpXx)2A^3PxpFR3Y}Dk+f!u_9!SX2a>azsVT97SXsm9x8;DqjBs%%@}so0gt!Uo
z&!T?2&9&D!8;RsX_k?Ka`~fVH8u{@rS@3qx2Z`CMoktU!o;%y33Z4r+AV1uc+v@L4
zxgMW{Gp}^v>4{jI3g!3Qz=n%j5(0ciUZin1ZOeKc6h*IBPw(7(ziVlDMA^@n*|Qw2
zJ{c$TA`tRi|4WBUk%o^5)_uyn!f~VP16!wt#h3YFPlxRqmh~s%_7<udY+o?eB{`9B
zR69FaYl|p;f=593ZGSUJ5Eq}A-Q0{c&7>#d<MLJt`PBY!?32o;X^Q)P^R$MPXLzm=
z`T)mn5EY)<V);&vFTzMO!z!aqXqcqqu{f#Smm#B-3@2*6zn1~mi!=$P(g^J*RHB+x
zH0&)qS9Q+s3M@+FO{j%!>vyT3!(p@uPS>w~*a*;dE%<5nQ9njJv>ab0d<KYU838qv
zs=;wuZhz*1w5Iu#>VlLXDYEa2sFq%*W6LaBCEpZ{76<2N<q&lJ>BFW%i`}*bRNsog
zm<(LvxdswXbYfxYk&pZN!D2MLdv;0fwKm>(1;f-}Cyz-x@_~V0T4xG0!N#d{e!>O8
zZENpUYTO+S1qtH?-lV&*saSCE8(^5gerpv4s1^m$3kSeb8H9iIi8mN<wa28Q?p9-q
zayv#0dtZ{qP1YJZ_ef?AM6G5E_e&4%bIVkY?haL4h@spOqdeaje4TSJb@m;}COY-x
zdoaYzUoJPe%g5C)o6!^LmzBWt!R2Ce2mHy8^-f6hHP)gYJ}(xEY<3-2G4i{`S$MEL
z1xQZnK>{TrUr#o3D`3|FUjo}--YlvJl9Qc*3|QV5r3OXyPnlIMd@Aq@f=NDK;`>}5
zmErcXoLJ0Ml(JNNpb63^R)st;(kQjeOprKXg@2$+z?2jnoSmU+U}d1Gi+&pO*QPTe
zsqaglOd>%@{?}oND){j|6_7^p30Q`sB;T2YKsMHjtOm19;iYIt?g?>_U*#TEjMK%t
zi^IjpbbwQ*!)iajH1BtjK^nL9ZdGg92MeC994^Eg4ZA{_*>Ep`(P-*a-??Wf_06t`
z@USzEYHhEdm-U>aHn-20=EM^2_xV-jj&_sFe{BZzdwHqAMJ~OY7I49yh$~Q_A)l`e
zz3?^A<h36fl=)%Qpmkp?$GM3y9WlH0UFek!(33IPlgPngXA^=-#mcCLFzHsL5$dW%
zeJmG_HE*uLl~+J!#zzc;^JK&g-w&cgi8A}pIF>9N80zOsX0l$B6N$2*gAD>tPt|@^
z8vP8FU>C#cSWp&WGScOb(CJ~K5VWQT@|vfA0b+Hk?+}ivW8KR`>!r=j@uani@qU_3
zQx)`)zjCZ3hy7GxQ1keKw3u?(k?(1|f-6c2q-oo?G(S<afzVl`9l>V#-PtTwcbW-6
zNu&O9VJcLZVbOq)vA{4=bxY*_-Ht8+cd6qa-GMFL3LDh4(XeFff%uV3_QguILLg-f
z{9S%^MomkKY_pA)WDj)VwuwHK{L^yrbey25CE#W;PJmcQ<n=|8=OUW0f`svs>*Cc4
zjV#ib68B$SfY31=xc;N#pTic8)uIW3h?K}_#Sz}c%93Nns03}D7rBv%Pum8siY*qp
zcMzay>p!p_Gfoz&L72uwy>H|exPu8l9QLEeC?q6g0{U-TzC)@XGVeZ=3jQ+hLW6%U
zr)xRC2v*QjFv@MyZqSPg)Zt|(CmmV`4~KP8&d{?e8?Z}C((y@BJ_~aN5KQ9mHt>!@
zmY#KuV(@z0f~(YfQ3SL_!+-rN8qnS9zR!uzz`39KYyAh9I)lt{tp$(pSfVGtyu|}o
zF%w=&jG2xw1u`)cl|#=%GsOJ<lcB&*q7;RsxDdZ7i-~F#3QA@&#>wkmS_Tn0dlC~_
z6AkIw8@E)Qe`N}Qq|wRwk3#S9lw-4dl!xz1K`n*KtI^>F$D3yaX|@v`J1%X786sjD
zuTD;o6w{Q#4yTwVrl;Su{37NE>gpY640|G!N;e0O`D@3islMUiL5%&Waed=lEj+jX
zAC_lhk-;DQNT{-|K7tbEBEP=&8OfUvyBHU9<n8*9g-TL#a$B*S{HiL{S+mfD9Ylbt
zQ1l5uJ?Xu>H6vAli9S1imZGJ8wp&ezm4PRx-5+#ViBC0(yv9-nhpPP`Wl3U|l*!z5
zo?HFR68A-5iKk6?AeD`|b1J>!)c<8F<vLY|Wcjb^9(Vjs1fUJ}DgWGifDrZ0M91#i
zE3KH94IE42SWWWN$i7MceZf<LI&)$cPc{50dkQ=hkia11E*L_JUPNjcpz85$VEKAP
z{qbLO0tX5M62g6umQ~WIrat@piv65%N!sG!=lO$RX_Prj`2|{Vp7+A8bNzP^#78c;
zEHG59ntrECDBNoyq5CHYanpFn2X;W8DO3!^0YUeIyv^|81Fa`({AnsS4+`AP&acB2
zlOm}C+b@?;hQ*$Nk{Q2<&ze2S77bGS&7-8HelMSkIe59&T7@^VVScQej7vd??8U_D
zY=Z5?OLAr;zK=$&4U0m~8A@gUL>@6^jPKoSUfL;x3Uf1Z`*8HB{O~szp@g+`U^8lH
zK_AcYS6CfOfD4;91WbORfzJTW*eIt#b=RJADU(?M<W%=S6wI5ffT~=;VVhzETFrWI
z+hSdUGLqUG!f3H>8~0Z?KLm-FD#^lN8myX%3`~q*b1+<Z`!$%r@dSUsZeA98v=`EW
zoxMH`22_0W%j@diC1zE%uVUmlmh&?*Ga39U!3v2Y3m7(v2mkrWy&9i1G-0oJi}69T
zur5XPW)QUV&_p1kjyLk2qw?jAc2YWlC|FmJ&LRbrr_^D_YTzODDqb^OqXgHY8sSER
zF`tSW;93e>Y7wEB&<|3<o2bySeilc$Jj<@kMjp4|i0ikP8Im#d5Rtr<0eg55vc*b8
z$jkO!b%epO*SZ=w7(CM~A!Mr>nb^Reo702{6=$u>3iFhHHzZ_X69|&*j|F)bjqC+j
zP{4DIP5YO$xWAZpJ?xsgtT9+FSLXIT#6ctF_RpWvy}E;Y?gh97r?)%pijA<;5-6EM
z&W}=ryiXj^y~FpWBcS}a4(Ki!T*4Ma$%~}L>q3pD*h<V<jAf3O7toFg7%V0}yPya0
z&jh9Iv*W0-8%*i9>&tV=k<J9w)*iJp#IyZDESc{VJ~v|DUR5?^zdbtSz|FJY&mbON
zXha1pos1w?fGoJpKsZno<0(KClt<Z1U-rSqhLG-O5d@+Xt%Rwn{kic@o7H3XV|@mB
zWY@;kn-j+|MSz4nHt2<;JtFKQ%rd4_O2Jq3*W?T5!XKp~az0daQb-C)YSCf8H8=3K
z)*YmH!zxZjC&xp-wX<%R7?EG!aKy#5{a|JmF_tCy8BVVdmmCDNmKR2HUeh_A*L!0C
zqz!FVfqqA&U#8ot{I^A!>*?v#in84d*K0iAsS9$O0XkoNq)x-d+D2%H+jjb5VM%dE
zw!r*x`q9JZ!6nN5<p%5!G?Mo|pAZS^UR1@Ku2rk)0kTm{HCFD}I|KwX=Tpd6cZn^L
z6cW*EqYorA<=#Xt2Lhiv5HDAcA+g+zu82$Swp>mK()^}>gDwpKotFy{m8@zbw?&7m
z#Nt)xSmekQAxtS7VG*0^xqzG-KQ16QLvi0u35XaHnwIKFNV?OeSPUq9jgJ^N9bVJ6
z;I*(UQqWP3I{B$|Jy%^>k0pVA)HNH&kCPWGJkT#}qf0=CM5pN1^cRn5<=0rX&tto+
z6A4CdOX^<kTzB;{FbLZy(h}rhojE(Nw6C(&dGVkcbG$af82_4>7Wi|^#7Iw8%vkrW
zCT}VWw{?Q`g=*$JB9NJ|v1dXNGet#<g=<Jjh}@4**<ZTgluK*!A08H@xe0;HDue|f
zqOaavkI&S5Gk=rI=t!ttZm%4<Bc60_s&ly_;lJHgEiCp)&i7~}LUgh1%G*FmYjz@7
zH$+OCy~WLNza~*hc)i}9oJ&K;NHv}svDo0cats4x1B`@f4i?eVWBz6#ZpF3&!Lx3r
z2MOod?%<XA9!j&SP!RK^?Ap#20Sc7iWuF{M&go}@UE0?O4W5vhna_t0a8Eiv94ukO
z2_6#@iZfZy=#WxXqOyIn^w4(sct?YN{<LtqK+USp#?>Jaz$eP({$AdOiQ<f=Z|3$K
zJ61|28da2q*FP$Xsmj$kJ2r}PaP;ho=I21ssMIYQ3Tl?^FEUZ@12Zf0wyc>_6_LD8
zqK3Z~Vy6oM*@};?;R(MT;#8*Eh;;qOi^b(k=;jc+F>K4l84L=GUJ(FFDmwEro1o7>
z!;o0(IPl3bTQ{-!?CvZ$RiiM@<{;W?en?^SW%$B0SV3|;ffZv8gM)?H#6)cq?C}JQ
z)Ta3m$Q(c!VV|gRdV?R;sr<AZ;cu-E0xU-p=~1m>{4qjE?o_TsUQglhyAH9kiTLu>
z57f_Ur;#&95X*Y7k3Osb-8->h(ptVLVd21ff%4&3IJhsL8+oB0?B(Zab=t@BGf6Qw
z%Q+}%!)Dj*mAz_Z<U29T?C#-&8d;gTva7@dJ6*WCupO(zqR<WAti_++fB?drx4KEe
zjXmQzp$e5L|5M{S7~jP3&mOx)y-`82>!Kfp;}E*aYm-vznd>>;r!RKt0R1}oy9L39
zz%d2`I43lHdSdhjgAap&&4`_;)~ty;^ZDWtA@`sECZV_g2C55YJd!zTKh^OnK?_CM
zJfu|r##0qQ=WGnfo(a4}%$d|TSR7cEalNw6@b7kSV+$|AI=gQM;)Ph-x7n0unaBhQ
zPBJXWvC#WdOu-4e;A1Eo@T@v@&-L|1VW62>{bWSKCL#Dh4A~J*62#=1x^89U6Yss3
zq-SINB8S9OD>2;p%cSM%Mv7D{X-4Sc+JqlcV?)UpLsn0=X-GMEn00`&73!L$E_o#P
zAHfU>ey8QQMH75W#)*FBTqIf^f*3q@5=+vmBVTrU@_SKl0bY+AaE*Fjl?Iqo>w65A
zz{e7V*WKL`SsdyhHqI9%E~<oY@eV9&lFa7usi?bq-@EHqrhv<lD7FK;to#+rItJsg
z*a#UTjEKc<`M`|~CXS7ax`WUAb&H)C>}4=bSP3`AY@%h$jkCSGeshx{Z;r^_CdpFG
zm^H-8KnKs>nV6`+ylpZbOMVl<*S^c|1emqO(S8YuT@yY)jt2$E@l+h7E=IwHW7|f}
z!?tBBxkn59#tp<rH@{X}Zq3rF;Ns<iYH?(T4$Q1=L>!gbf`cWp$G!>gm5K>JILA%Z
z<dQd_kdTl-&Gz2cCJ7cbz{h{e>+Nq0Tk;b=bE?U$FCh_y_Xbo<V&NyZO!IO=FU&10
zg=KXZgAouRV++9v7dEV(M!4s6Dr!?%wZ1554X@WbnyQ-6u|=^*_u`;Cdw@0*r3ci_
zTK2%K*!sird*&3axzXwIAiqPG@A>)tKZ*xc8;WVQbr6aGMw6DdcAR7UQVGE8qhVxu
z+#%oE<S%3iJw9KnRA-n9h`X{jz~5TcKcH7>NRk@xi%HhFqszti{Wcb0TUDsYZ|y$~
zrtaAA?=k+MXNin7hNKv$<>z0lG!eJ)?Jb?Cm<}FY#ka4ijwC#klXWip{H$ZK_8VtB
z-%U5jxr7i2UR?JMND7<Vqao23eN9&W;(z8e!Cw7_@09R_jXA3@2P3h<Q86hayyA}E
zC|;GKtPTYsfHYr&vJ}|N{A5xGz+&=RJf#Jj*$F3OQ`%ql+-G|W&gchDV!mlcq|yHv
z!%3K`&0^<!wTYAQNyY#7Z;K>GBlW(l654=Iz@iN;m^{xgn2rZo$3=l`3|Ku`6ukoz
zkdeb#(=X!zg0I0M;-V&eL2a@EWcKsVQmT3t0w)+_YV6DrG>0D#XezDjZmkz<;AkMZ
z4Zl6EMWj=h;tHa;C-lm5!>E=b5y`Pm?TCQ1!Ld(Q<&-(TME&%su$WE)JNb9JKUN&x
zR#pW!S&(scA#I7U&L`S$%1Vm!qhG!muzEYA;zRek-<#6+)6*+xs`_=ONU2Py<YxcC
zWR%@3v?&zVutY?d_khfcbeH~m*=MdXYG%56F_Wz#CtSd$q-%x0Yb~ZL3}-PA9;5X&
zsA@sR=)1Ovs5hfhsnMJ8K^;R;)PA~M1vN!~I5DB$H@A@4Nw|Q%lWdfQTLbr3mAo8I
zDX&maqYNy(P{JVgtm%xv!7ikOBvlGf<}s<XYoa6bz1n<?^1YmV^b@*k_wCrZGkR0?
z`71LGqBi<-5m-{^$us|Kn&iSO4`OhB+C^$WJYpBT)!ixL+x_FVy%UK1?m?Mn;*NUE
zNBnT3HNbrj6T)wQk^gJC5ReVACB%%z=FKG_2pET^K?de{AX~CkER{)&zcj2tM5sv|
z_{MzPfXbn`CKut^nFjNGtp=kB0hLF2zcrQPzFU>e=!jBM%ov+t!Uaca2`HJix$oV2
zc#XZs5DGy%mda#pyIFbrrbD-h<yZIeHjy0y=oM8ZCNJ++t3ET3)B;cJL1rgHLtnin
zmg7sNCXq3ku`*KVf_1V43QM!UJQm=vQ_rs$GZ3E*$v6bFX58avB)yk6MYN!^>>ZTt
zTnF^(t<dDQbvh^>&mUVU9uHh$y}l3D`^`RBjwZ}$RCs4+sYUxo?|ogloJ^?wZ72l3
z)_~nqUUeOFr!g^$_)y<K{p$1b;FbF^&rr^CnyXP67m-lVBU|N7Fp!0zR3V@bx8{><
zRYxy@Zqqkgi&M&1Go9@D`8~ASey==^t!XW@mYvg!t&u&_@kvQL@FjUzk!-o26?}?*
zsKGs>>0Z4ISs5dOW+#tL6lSL>=sTIcmoqF>l{Jvzi8zdrM2U{jxB3-uA{Y!&d|_fj
z#qu$;sm-qO9lptF`NeAsZPG*%xM+AeR;QeV0cyR>Z`q-?c=_TNXE@TV$~mHb>UiVE
z_1f<=!*qYju>yU@KcLPYhMrzRZ^4}gCNkeK!zny-q(ZCGjsB7a<Zpu8X!6g(2nOSU
zvVVC-$y%L(6l2jOxo0X;fa%)~>S+2Cnp4M0wPJ-FG!zk_4<F*fNQ|~zy<kJlAdY%}
zH5%PB$ewT7tF3hX6VT3++{Q;KX(4-Bww7Y#nAh_)++>zhZ>PF!=PZU_!e9D6it?X4
zJ__)k_}+86<fpZN6MDHhiZR#VF*>R6Wv$|w6O9SRu_i=UFY-4~s8XGZ-AQ?y%N1Gi
z(_>@vH3i2Gxl*N)qOw*1vT5wsxHz=fMf5;xs3o(oq&I~?@%Gx?HF7TlorI$_hi3n{
zf|6=z)n4Dn-wFOFyR0|`o5I;i?d@aa#5a=e#cS<YXHHHO6&PKecGPsrY@?Hc&%)c#
zK0Rg?KR1K!zE`uQnA@{Z)YT51nv-JZP^HNG`JzPUptsrM839iaK#3F;bLLU1K+fWv
zTc>OTrA9lWYFn)=r3TA3s=nT<?e@gLGO;!;{B~ZmOou5n#TPHgw=O>7;n~;#S;Vi?
z2f0mS38iE!d=W%6BS6L$N+~~Hi39=uPU;=3fdwx;wuNNRTK+pofJU5R?bCKenvh4&
zCWYJejHlhGDMZzkgQJP@>OyN|h41K&c-do}n#SxW7V1#ew9I$_^j&^8AcQmjqGU3_
zm{o<dlGI`nMZAY<6&8f?$_?;P`c7U*6dfH&If!bNis+kH+z27!;F`K$7{B!0vPc)#
zV@C_~S$J7RZbu!Q(x&1^3puI;<<RTdMt3LhKcR?n@VpYbX9~F|jZkddAt2#rVorFg
zJFTgo25H^SId#5f883M6>d6&x=6QI^o26Fty?(-+s;~1?cD5}FXEb8Uj^bcp^(f?m
zpqh{Zo6XKM0QOBkX$TlpVN+@D9628_u?XZvg#3>rYAbm6r|KA{Ofc_Vwea_HW8PQM
zYpFMCXw~R8YE=_LlBHPKqH>e*VDZa$_{>kzPPC2j^?+FWy>1=6V12}3*Om>gxcr$q
zDkAaA;AiUQQB+YBCpEvhiuSGL!SwFx8r{QwW1%;zmpm95E%ni6%Qba%A9hNI8m<_|
zbdyp$MDDV}otTPpioxbKa6Tb;ZLLFU*=u#u1JZVUCHQYEp%<mrz6@jEwuOHy|3;}K
zaHBz4kjV3#e@fA8bx@#u)O3c^6}(_lL164P>8!Pi0C~q&(xowf?5dHLP#D#ImAm*%
z?>KfkRO(E%={%mLgJ0&CpY$6}J2GNeAbrM3x**q?D#f$2IMT2{TN(_sc73+C9s813
z=;9(E^`T$Cclt5}%a*oss;W%j{a3X*1mY4jrZ9@p@L*LY6jn9`cMLdRk=i$YiI}pC
zM$*4`M_&4xev->F)XuDHF46Jj0|hW9K{9CP6qus1|H>ym#{h+Kj%iqfzrJh&|4S;+
z^`{f?1_SniH-}32EFraEggoP;-p0UgMHvtJTjZeRbk5|S$<?LLnZv*|6CJJQwP367
ztoFsq%~T;Ta0~8hPMm?(Mn2eBb440dom{7(C-fl{vp!lK&$#k8aiq&$ic{bq4pS7x
zaCp7zmlI~|k~VBxp@5OQU3*q=h{E!`_;mAj&7Rc@#eq%KtFPk<!J_8dzt&F_zkk{s
zU(S1VT4Vv63cAoillVpa7V?c)-U}We>T+1EU_o<P?bf!I_*f!tnmOG?Ip&5yyaxFu
zpW7`xwLsRRqo|X(^Ws?Ylba;x_$j3EhFm+n?4fycg`zro^qL_aMoFVqUY-LA)Kc>n
zn=^9le}!IoXc8Kw;L_S-<8qmUNjuSftZnHL3dA>u7U(t{dbxEB;mru4ofE|=HPMQ5
zI&ql@jrK0gf|p~Lzvy@Hze%w{`-EPoNsX1W?a+{VUn9C*U%6=KpCbqTs8e?$DL5@%
zv$Va#m$!MWzGG--!qrW@y+0Y%sv5c6w9E__Gp~CymczdM-O%eHk8EX#%@c~B%v$>K
z6sX(tU-ZXb?JO-TX!dc7?xYXa`x|N`9yhsWb|m_q;#?GDw6RFZe|P6U#nR=jc#(O1
z?s~kmN%4_xK*Yfv4T+F`!(Nxa8FiaBQ(!&7jOZ}lBHz*HXbimH;)5U?paUh|li2>)
z5<ziNao>-r!2}<hdzMbOajCqd8!a#`_ok@yc_cgu(C#A+R(>(8)Z8Mq{cv`eXt*u0
z&D6j7Ed3GP^)97<lbSU%G2C#|`3E<uZQ5+)NYj<Te%1-jUiryTYsN<GRr`SaTD_?4
zKx4R<Ue4L@7WKN;(cLq7tLqnX+f;oHSk)|vVPmj`)mm7WT4v|r#(LEOU6he_t1xd_
zqI_eB(Cw_+@u_#&zzJ`h3u%Ev>?Tk6-GlxuveUkLhQYN|Pqa&OV9)Xc!I&iyOHRty
zZmlFK@J*mF&h(W>w~K%Q0`JA{q3U7P$Qth|c`2xGjbo)mRbs+mk(Lqsd1_q_hMnhJ
za2$z&dQosrNStHou|2sC%~WZXMQ0jv8aj{`U~D<+en8Wxp+_ffp9ozJ`gusTFUu43
zc+)YmM(wGayBs*nmoZ*4$f1}b<O#QAsvEdXJwl<WE4@6AC884S*gn{Yh-)ubu9mu1
zz24qVj4Qd;X5`Ex(b@5N(a-LKS7JHiX<SqiNzW1bm+$W!h->+h03xDII|7rRARYYn
z@o!lBsw)g{#4Ft<pSthMXe9eVF+17v;*IoOi_pU}U7;qTo=T>1)C-2FvB-;RY(Chs
z&oR%P+a>*29kGl+c*j{4<6xJbz^$woES?PP+iy<%m21V(p{49$tLG|H=mBe~$qhpS
zif=FvH+S@xHTJyiE^%_2wA*F7@ZGh13;F3An?ngUrhdDa+MeF`_mj-cekE~JOO^$8
zblY?l7SeVRYmE+f0vlWjvE@6tsWN<XeODWtajWr$^L^akV=#Ax2lNqt#L8IGFA3I?
zdB)0TXSc`_3WM3ZB6p2ku=1)!(P-v)CuF+|;Ys35q}-Ww^Q)Bl9X37I-}7m{UM$?V
zXw@>kP^zbdctkHy4NcBu@#`sKLwFWK1X)$R``@x^P<$+-Yuzhw$^KQZL|R!~f@XZ+
ze4;J%xOcSLm3t(m>`=`fJ}8ecyjido&ish6?6tRzvyDZNT6E%xxp_J<oM@cf=(_U-
zDC7$UYIwnBIPc0bz2nC`(AE0h<*RIE7uHK9^jT87_Ose%pIYXhU|10BcV`q)!?tz=
z3gfnyL{~}7avf!uhPun58^eiN1Ik%3H|Hg;%f4;WH;16{nqo55a4B53c)~DhAkJ_5
zHRGCSdN}FGz;n8M<)RstG|?Hbw`X*(3lA;YvnL!YWNyrwQv1u~`9Gdj=?`4PpEO{(
zW4dEu8T$tIOK)5nUA$&RFX;P4*7545@pktWzb}+Tn|?r;L;$6V)`R6e`tz_I`-$_a
zobVI6i2maUr4(IQlMaJSM|~qsa_Lo6XAMEvILBP{+##;H5(;N{@y=^>a%Emt#`H)i
ziJHDPA7zUktVwMYzU%Gp1bHK!m~M^0P(yl-aWj(r>?+Mo_%EPTHV;M>@e&4j@Ji5I
zyfS*Ry6)lv!=Ibw4L!jI=t65VXDe*<q!G~HKMEYNcZ#jp#zYl_;x(L2WBG-^&Dy%?
z{63k*lq4C+pJ%~|2+DU$y*1!>u&@y_l&r$Mu+m79I$e!7mMO+*K{G2W?fBs>MLI_N
zHF|=<mG0BuL-Bl5+h;-%U)dkjjyW5BchJPL9!M}a82NCMgJ{A2+eg+M>cuMKyG{1Z
z2fbUuhiEmR029S?6sU^&txDD%FwHPf&B$m*D7o``3*$$y*%9`z@JSn+<%IBu%VrEP
z#5=n9z=?}@LoWdZUg=RKch%`nV7HHc8V3wkDqGkpQx@sLW96;e+j7rQ9I0noDMuxY
zSDv-K84EkHKVBnXcY#FK))Gag8<}|gwtLI=dS0GXSlIbRiK`O#;;&mzMJ2re*JzRt
z;`VUA5fMiv!8$-T0&3Qg9lmYHdrmiZ>jA+;KY9m9Zbx}<%Vn1~1+86X*QcV0s!^x#
z@<HpY&7f9!_gdzjMf`Fs_oIirvRq%PEDOyoMXa^hEX<dGCWsUN_QDNeN*8@R1_4_C
z6YtV>qgNsJRjw|E9^$A0Z6Aboos@GoaY|}kFASWlM9?q+MTu;#&hC@F-E5-0H}_fL
zbvR5ld*)<81~}Fv0;3k^<)9`w@mzxbP;(~*&Gmj-p5d&QTncsgSM`-ecwwuG^}Y-w
zQqh8!=rkMlChO*3Kor(wWSJ40YIzBJ1`TaS?Z-)2?s<7;2m9a5&73MnzjZ1FCQeNl
zh?is&ebWv8QLQ;qTSLyljJF<(JvywUO@|$$>*_1?t%7xQ320Xz8{-*ZH}^!`bp32&
zLhr7l__zZ4P1{m5qQlS=Pu?O>ei9iH&Z_XEn$;_5_+C7DlqZb!;DGE6>X@li_^>r)
z3HWz;*m}5kmmqm_XabuG?!m!gQkH|Rj;dy)+?HhAX3E`|D<?O5gxnlw?%4ah$=*H2
zf}c1I0E?n*$rHPbWWmo>?yw`Z=c0Ersxkz2u_`d*a`NUvo7d0U6n(8E))Th7df?_W
z&F2Q5#%=U~3J_4$95i_;b$j0)>k`*FAoM6PtwO7jtG<VjX!@Rx+BCZEf@(5_{A=a*
zyR@9rrla@Uk@=R}!aZx&A`Kgkr(iSXt{FnXj6D|vRTnyfkpXHW211ONp@wO^fzuZ@
zJq-oWq(r$fd->J(V+3<9Qr*k;DT6#Dmv$%DMAFGqF-?~3QGg<Dx@pu}iKr)yuc<vJ
z8v$O0l0BsmNuuMJ-Nu@`HuGR^%Q;hotQ^?DgYcfBqtMbu*ue&O)0x@f#~lg+OotG%
zD6v&tP7piJ<|Io1&N(tR5(&koRXZMc)os&~xO~%)gHIvFs&sZAW?58JfF2NrIXkYD
zmwgoU&O@ul*(p1>K|ZBe>y=I&!YRe$m$PWF$HpVTb3@4fg5Csw_E}}|`3s$nd(m8I
z)^hMo$}@F--NMOr(9juVd5nfGb#8QS0xoqC*_ZnZ8f#2|w}6uX>S*=m=P8S~u_b;%
zGOnV=EK-h@iaM$v^Glzpjh|*EDfBqDg9b~0KszhCAILu$kSrGVbW`nw%wmzP%t*;s
zxD1X)dKjrla_O=BRT1g)yrgOoA$|Bgf@zu$|2jN*s=;kv>K*qY26T(QV{O%7W%CDZ
zyo~h1SG9{!S{MFob!`^6%GcsyTvD(gjjv!Q?YC@QncvTXt})HKY&H<;iE}~VxcnXQ
z(t^g90aWb;y*OV|N3T8%IuU#~2>xNKPh;~t&|Py@oQsB4QK#vi71dmdMu6qGvM$tF
z`RX}i*YB5j^BhJgAL?f0;{w>}4J5G~FE3Eh`h*KNIm^){d3YFYoyLv2jhbl&KNwS@
zXb2_uznWv3>Z*B7i(|+_L8uqa$mlQw&!XZVB{SYHXh4fHwt}(v@rO+3O+QQE>cI}t
zXMdp5l4j_ROPKRZmo9N~n<)WXdHjUfl$~Xqav(6l0$fVtW#uJOI&g|B&8r8-K<w2I
zb<|6rDs&Jb)ngnFi;q`Ff}fsUq>rZTH=}F@Wza9jtLvrf*`s-@=<?p64H~T27Rg3U
znvE*ED<*$2ghCr|#Wf^N#FEfs60UT+^Ql<ml!j#t4NSxZpMN={GSdkRwO&_N2DZJM
z*Z8DlJv7N1m}Ah+=g9~5tc7u9<t!2M@`^XgPQ>x-3~L^E%kg2&BeY1^J-G8B!4l9b
zBv$?^@367#s!n@xnvw@UaB@QLI*5SWp1+(aq6qW>iKR$Ny90-*UoGu6#cu4cuGc;I
z#3Ws#Glkk{V-@n*UpM)(@VnoomxT=`aHGRMJEfq^R^JgPtECRTZ4t5;K#h#ZX=;$r
zl{V1v!dtUdD;hWaLh2L<!BZv+LnMG5lb0fb3&pO(xYu~Gu+ZN&k;^+h<ftC1w)Z9f
zdKeH2JlDHNRDalP5x(ja3*6q;cbo%#L=Q9Y*;#5+WOZ0P^W^wT?aj+@$!NbrPK|ty
z$aARGo?pj7Y?*UB9p!x!%Gfm>)N27W&v<q@<;T*mCZUEnM`*#q`w=}U&c<7dO9suA
zpBklO0g0&Y`I;OGpn|0Gh0{MLH`2`aMzQ>(I7msw@1s3sPSB=$n(DxmWlkh8I1@iI
z7#Lka1P|xd*Z6{5ajxbK8AduObKJV<*oSV-zR-&%<YUh?2To#4TvWs?>ewS#Fvjui
zhW_3fYT)!<0y=5)q_Q&$N+klP-76;{lr(%HS`i_K9GK0=;YJM0({_NRV{e$gBSjEg
zFY&Y(Z^0`fx_lm8jb4U^_#~O{O+672ZV-3OC-I{HOcO?l#sB+G+O6jA#XiCFYVsO;
zrbH!}s3d%P&+;>(2k3I0CI0f`@q_1Z(jYKrO<hwP&>!+&CTnClLj+VcNr8_)X^%J6
zbfyKm(nEBX*FlDM`Y+kW$1C6}!hK#&veEG*dvlYTHhF6RG8jHmcNYtD*q_eSWk>oX
z#BBt}Do#KwCEX(Ifl(K@DADp@MZ&tPGgV~AstCT{n_^d9f;Y13TW?VuTlC=*-vh}q
z%;qH{NGQ(BD|3Qx@-=ISatxvdDz~jSu&3J#?@TT8LZt5&;*GRFO0~@nsIjo~i)Twi
zNytPW^~uB~LO`7PfeuDk6rvRPM2ZF$R`~FX>1Kttt!KrKL;8SF=mOtUWO45n)DPJ5
z*PGx;o=hiHyt4d{6x6|QF$+tm*r(zFvVTW!Uy-ow>6=}8B89K9;rsM>U%d`^>FA0;
z*)_+Os=@X0e<vLPSbSsADmJsQPPDMHiCt$$Y7{18|4EC2ej!p)O}=sht}7#Qc0N}?
zqX(5F2Mt;HO?x_qF#zQ<M&Qi-<%wgGY1HYYW{^^nl%rnPv2i&d?KnCt^WL_iTNL0>
zE&tbJKtvQ&RndVR4tBbL4k^liefWu>f(iUa{}NbU0&xAea1{tlI{mlQ_H^_)4Dr)S
zi*5(kcI?^rG2L+95FaBNt?M0Hk33Ob1{YiZz6RON+RXf@1A6?jJ3oJPYAh`3LN3XA
z*bUH!11fz<o&P|u(S?MLeh;z;iOepykDx_R)Y1uv%782Vo6fXV`p+-Q;^)Xs?4yTt
z#ScoAafovWA3|#xLF6NmZj{qu76kI10xv^f9oVK1W&jKwWZ?auN*u@MRDp8e6=))$
z+Rwo^<#9r3RX7xB66W=~UO>jr0~ppQa(QMABrh)U{)VWQuCB>b$txa^cjA6}@@4Kn
z44%P|r(w7MVTXUGv4DXK|K;-hYil4EE)Kxtzj<d*`4Jy{ZiuX}x#XZ10G%hkT-%?g
zbhHiy!H@2t+VPUuaqCn$y~TeCW7qt{B3Ss7S7`?38_CNV39)`}UFoIKOw|IkqTymE
zhpGPNBsKU0FSm#eUt0x2uN@E7h)3#>q7;7(Us&=(%ys#{Uf~ewpM{7mG~h0?90J6}
zUOqy=6we4M<U1cSD_nYSP6{jyU$Q^OS?k*;*jn`iZVWIhK3sXkico(`0%^(^Fb~e%
z-4QcVB;`7FZvRs%8*B2KZv_qBKN)E;`oCy+WVrv&QT2aj&AQDlo|yxex<xsuWx1V(
zjeQj9fhtDQKchqNsWAUBd1lAw{Cv5H$Oy2N1>r%7H8B4*cxW~B$#DT#ltcmG@|z4{
zSQ?=;KmYaOfex?-^&Be*{iOd13^0k#b0hv6vLBux3-BNjlLrOyk2}oR+YG2QtjqiM
zcenxh`xxiHtA?Ws3&ip!BLImIcsig|MBU!?eAMs#N{wXpQSsNbR$Uo0GPEGfZ`kt^
z7}=YDyQDU#ZnHJO6@GYHUw{zCz`y|6NBY|_U(5C<kClrHcu~YZU#9Bsbphyj{a*s@
zk5l+RSl3C>?FSAN_{VLM(uwmFi08(CEL5-c$KQeMgv;RJy#ta+)kIi$gQpTyom^bn
z3>>=+|6sY}-P2HH0EKuLe4|qfq1j8q5wbD{ZokMl0CLiyTIc_~48T-p=ZFKT@|Z`g
zXjy?mD`L70E>!?2RqP9&Omvf20*?U9)xRxzKh<xG|Hq=}|626J#gQrNtpc}yP|%A(
z=0QUrn<yXd-13pQDUW}A{C^sh%;*_(@^*m^a6HjS4<rUjA;<tUorLE8p0V8FrT)J!
z)&CO<{s)FH2U<hnyaEK7Njl&P1_Bgl0x4M#l)d==(5qy~|FLNJsbi9ooPmYYhvA^P
zrKzaH3_)(~rT^VY^1HzA{<MTlF8H@WSWr;Uaw;0J4i@j#!+QR(ErKPV|KssOGq<<4
zmJ+>4so5=FqugjDF{)nO3#v2X@|1hC|9%hz^m@+UR8@6G#{e7GlcNT}My@SmbaZ)p
zq-oF&wR`7p#~q<SlW!M@gQlptchmt;04}xGYWM$#JrB2D@9y?Nk5r5530yq+pS;EB
zQ=$CxpT++V?E>`w{o)_J2icuMK*gN&{7i^4Cdekv9y7(9gG0>!fvhJ0qScL#Px@sq
zk)ENTWdAHCer@~-P<H!IoF)?1ef+E6o|393PQly>G-v@?o{omV`u@ZAz(C!kK|!q0
zk7Buy2Bp?*zb=cA`2+vO!}m@$Xa*vl1p`67yniE3@-CkR<<#!KjrtekJE|WoM4^3q
zUFe%(FytT+F2ORqOhBoMH12S79s$_Dng0fKt;aJcF!ScgkcC~bvuuMM@PAyA^*>T<
zf(*cQ|E~f0Kewo-pl@qi1eD5PH&-%BB%3rzw8?^t>-OB~kE=UG`?ESwwAqPUX9}?l
z;gQbhgB5jjqxw(iWGqo&_<y!0Q0UXnci91`#NnQu(}H+P0lgv=6Ap_r=Su@Onb7~;
zai%4CnAq4HdecH3Ma#H)ophLL)9@ybE;}~!NA@~RfsGfD5|-KxbQ8n<17|yMbD%0!
z_43CjXmST)Fp6epp<rXrAukdpKH2g6|F9#}MmM`OWAxz=XPIUA#{Ow`P+K_AHIDfI
z`$F$%WgHG#b!k{Rb=R+%(Z`6LohM03-3Ip0Cu7$C9V~+EkimFVRB;L@@>!;KG@Qxa
zVjL#y9-n(4PonVnTTFiff$i73#A!^3`325NN=4b@gITo=h!lpgu!H|$aDZvn)g{J5
zaDS@|IE`Ic9gR0pj-%q0w=Qp#V|v}w5?^`eGyY#8%u_hbL{)$n`#yYgQA$ReEc62g
zWr-KACNtAh*hI59UyBNawDM052~c#Fd0@y;PfSSIIJy70Us<udJMwfx#Zc-h(|>H~
z`>)gF{=apaq{IVl7zuc|YnHBXT{>t%YxI^HXvJhc)SdQ;6p*Vq%>=yZqvU#GBzS3Q
zSas?G3u9OVaa5<8YI$P>WdMOR8eRgwE`!B+5*evPRrU)%9SID%k#GsXWc9BAjNJ61
z5Z`ApOSJDj&Pe2{Um$kkQ^7uS51h#dmbr?)Qr6sCRM<N58rQ^w%(idClgBYbW;BTD
zo8!2a^+BXD;3+?pk@i-Qh~!REk!72gCwh+a&=-{naxY5M46+BTW-eFqZ)#y5!8|$f
z&R@oAR>~b;lJYVNg@ejvds~dr`Q-(}S74`O8-dD|n9Ughqdx}he76anUyw+AFMJkr
zLik}%Yopx1iqQ!e&dEsfWs03#Nj2c3Fs)aMJNi;VhUk?xD|wviJ4U>i1p}$uXZ%9$
zm~F9mw0e|ZjJ7Dg#Y7+HS+X`imgtnPBjrKL%S>7?_i9(Yw~Pa0*=%fb+3)8slzn_@
zM<~5GNZ#_QLY3(J5#?IXC&@;AY~MO<AqDBhuVy3n9eZ68)U}-Hd^nLVm+`$NVp(SU
zYuR!hgSI5WcNsW*cs(s+vUoo&2T#ly`<EF<_r%$j8ZS*dZRBE#MXvM~pIuJ-d|81w
zR_S6i@F=()L)~w(A4#7b9Z0+@_<E6@Dq{k-$WYdCAE4KIyI)l96lm7+()zUNigOX_
z6Fj=9LO^BX!)3$$!)XEM8+WsUCaJ$EwEOBRdd2fP{mKP1`XZYsetT!z*r&^*>N}F7
zthG9RdTXNr&S`p+I;+O_Hf@In^PQe=kO&?my)?*2Wf}|8@7gwlmuLpUEWyULA?*h9
z3Fh@67RqtW8opoqd3NRLV{sg~BykBYoIWV%3A97TA<Fq2LOc}Fw6avm8iPZI!jk5w
zky7yVmNK2LjlXD4d6wC}P=*U6G%vjyPv3)zL-`jMcEow7g#znK1(Ei;v@NG2i4L`O
zu(t>`&1WP2S9{;}*3|Yzt0)~Q(z}2(14xrzgiwx@KtOu$AiZ}Gqy$2d-bI1}DqZQJ
zgGetTJt6cC3B7aUIS=={|G<6v<u%Fv_P6%hbB;OYTw^qSRe5$L`tYpK&_)HO_vrOV
z6T031Wf<)dBE7vxi0|tU!^xq6qij~aN`A^q8Lc%ow~^(1{d)eZ>mSLa-mVBk(QN$;
z!i=h%k#`fu+1Z(PPrFy<H?F9%4-B*~Cj8kZU^|+8v|Ob^i^_}C%r=2;0{UE0f~3T{
z&x~TcLaof*OiE;a{fOzacB&ev;#&lPRct4S02DB1UZ160QQnce8@ik-1cB}a#Q7gO
z&Kfh*;#+3?t;;W;1clXYvlW-;f({Kl(o!g}23j?m=?<0$o&n*Qcu~;!<+>sLwAe(D
zfQ)>Y!mXxKJa2^y=IrJ4!54Lp(3@DF0y#zz1J5)X-uOHPH9%^9oTCE$%_C|yH7*{d
z^)alpq0^!x?q>@f{w#LQl*JCD4Mbmj?9BLiGXD@vuxMGP*iNs;HT}7#*+bI8=naSG
z{q5hI>ILYz27;3+2{C5^NxTD^rugdifXrPG-}Z4W$vb>dDhAv37(F2m2P_|qoJ~l3
z-0q1xHAN?Ezlh>3JPHLKTD@l>Ua6svxsdpqeX*@MZjFC7b%?GHc1!Z^Aq0DdBSfcX
zxZIz%iPsM@{xSusyD%c2c5O8s_L*c8T2Zn8C@eE0NLxaKr6Ocix4yvD<Z_@Mp58>e
zvP1^}6N(bX&+v=5-1q=~RX&8_9IQlf%5v-xJNi`Mp_awZe8Vbt<#abi>)^L;g17!>
zKi^=F<I!;eDci7Z!Ro3m%!W^Qm;)L86Je>o5im=d?Qrx;c({TaSwU;$SU=Rq?GuLs
z>T*aNRl?|s-ZTnq^O}!?dfaVFHeZBOC^S38@Q@Wz(vp`PQL9X1+F6R%ObDPhOzlsc
zg(HKLIxoIdbsW8OppfyquMq$IjdRpOviu`j#O7*Z$}%yKFB9otQEU@(|F*$jw=LDW
zkLw*Ep$0l}czgK5Xpr6cpGs5JY`4_?=i&19g1<ig^43yQHJt2`xx-sXmSuBxSG0Y-
z8fNS9pe3p6WbL4LKq;yqk-nqjHqGPq#9-<6RLku{17DW<ghY$n&5MU;<4sUwhG%48
zyf#|o+m%r{GWndCF(;x@ZvyCHsDB}!1sT0FSfy42WRbeD6?9D4*!J>5N^uQ<B`&id
zJJ;Wyr!*~a4};JI8T~a!hf+SFr=D1W;G_)JJ?=NPI4#Lt7e*Mf8y>&ijBA~?g~eN5
z*Wmn0=!)%j|EH9=4Ex-nZBuW2dP-qlP?l)K;O$4zX=^h&1t+nnS<;7}*-WuVus%-p
zY5;Crf4O!Aq(x*nK^T@8xlAXYsakVQs(J#KX5_joQ`wB4h_nlSNhKp<*I)wnr2N$V
z#HlIAY_Y4l^~=W4#fvwgT&7a6VVRD-oeCsRE(8R;`QgO-`|(zvCOR>MkYkVhBJt;&
z%IJr%pEsmcHU@^ZbDugX7r*fgX5@N%k}e;JRbLT=#%66re6)}o;~QZpgX3>1RJ_04
zuVf2AQ^{!EsL74>A7T-8QS4ttt@VKR5!No$$Wkn43C4OA{ijN)m#jHp@0B?1nC8n#
zy8gVVMnXs)v~f#m<;7FQ!<fgxb<fTy=k=d<DTjF4JQn}RIB&hQjQ7-H_}5BLGPOL?
znE%&j4M12ooXvA3RU9!htc^TYN+d&|*5_K*9+@t{m0joA5ie;=UwFx~zX9dW@tP*~
z@={cGE%*EoErrq8TZIVIh<#421CHl%83oq~e(mWJ-Q$?hak6t&k>EEGu+z+JeD&K8
z4CQ_!9mPxif{}Q@Y2wp@e7*&jGc_%qs`XZ4LRxz5sRkUGDy~SqX7H_>JyaFO<z|&|
zSp56<aL!0#n@C{Natq}KXP1*%E)Ll%Iy|V})cbx9@Q8UT596~e<yH!HF;%`t()_%Y
zg0xHd)=JN|H{r@T5O3NISZa*PBu!jB*eg#$bxvR~Yd~qTc7ca-Ai2znvaWi(xkPUb
zv^6fw{wAAfaCxmIHIrd{jz$<2=w)GK?o-a_TJy_PW$V7Bf)E4Xo9CRID7$lj62HN&
zbV8`XvUk)_ST;#44{e}XymP{ZHUW^QE$xZyDkPS(hGbV>VE8n|pb(zvrp#a?oOr}6
zi@sf*Mqh6R20dvKsH#(nNx>3SWPjm3R!p8=zXA{O;9Z#jKvhrq#cL^>5Jqn;qc3ZQ
z$<nUsKSsH!t@fKt#c<X2rLU{nxt-&C0f87x4{^xcNUsqGERd66U+$SRH0wBKe*U*G
z$&vQI)Z5RFxRk-ghRyzIsc+qzJx?b^esAt?V&#~b)OUJAXRw_CWq-;x`}u+{_t}l^
zDDH{vP;5csvn#!}a}!fF>sN|Cm-{yD{wD}yumf5uCo2tTiZ|$i)$2|TENU86^-x@?
z6xW)SI#w~vct7m4aj-igGAbSw90L9=TClX+@bGZw3MS;qY=!;irt0LHSC_RI7Vmep
zg5bkk4fCyT=l1E-JE5D0fJ`#o53D6{B3YLU>Sq2?pMrpHtMm0@^yQ6ngX_~8_YN|P
zry7GDchks%XjQO)<Gr>Ic}+RqLet(NwB92w8$%)@4zE3Msk9Z8wZRG=<aXZE?~>jU
z!6KRJ?+Ls#q<ox7{)CNOk*4;b04a^w^5NbBl}fi(EnbIny0E3kd3=-zJ2(m<+p6^0
z(E9v@RWDqx(?k!tpGDJIXGxFO(+>39PvmHJsP6c(x<Qm5683{pF`0Ae*O=z++VC#N
zGV97etH{QjPz#Gf9Z?mNlDc2Mfbg(GT9o5p9gU>9q<+=3^tM-popw5YQ<$9)oomz7
zW2$K7q=xqP@X0mf1g0I$hFCPuXyS{*It*Rc;bOHMnW7mes^{|6FUbleA1%uW-F}P1
zr!m2LIxMyQza9vk;YlKoWkrpy4mEoZaJ{78+q7m)RV}dWXPf}~eS@DTW<mCuXe2VK
zJ18h9QfO+hH$H8ON{y3PUcMUnq)X5*De{i(X_`|H46I}$q*P4N(^E)sA@S@sLFs+7
zdhq(HIkhA!c%MRzi;|spO(~_QmDYOb(BlMcXj8+}WnB)mN#@~BT5$UETIb@@3r-kF
z2cXiguNma7Q7X2wYpShOj`=Aodi(lvBw3ul{=OtllN_aI;EY9idw^oOH|9(+L7Z!<
z`1*pZV!mjPLqIMmK6&l3{b==rf}~uNrYVv%)%s?DG3S@7__NG@`EKicuX$#M9fVX!
zHYo0d5eksME86pSd|qVg?-dMzo&fHW`h`@}U5#8QyKO+o=)DNYj|f~4XFC!nD`xnO
z;x}YMSQWmQF8-X4%5hML#~jwwX>M$)D7Mowrs6jdbQTX<^WgTMkn<D&%y}nZa4-OV
zt8m=NR4r|~x#I_GX&?*za9^V5oS#NyZhp>6n88xe1XVqY4a9<Utw-%YWcS@fr(XcP
z2@wL^Br3!jG=NLEIXEd&kTJ1(Q~KjHqt$zdXHblvRK9g<9yvqX+ns{6&bOtEzWjUW
z0ZKO}{Tk$ub?{jCOc79!?qz8O<=$b9VFNQWUUpAoOS6=fsEIO$by4<}J5=MbECOp%
z;?KiP7#NgaJukh4QMIJqnf*jNAJO};fbKhDoG{I>>d*ykUKoD<XutfHMcUXTZ=B;c
z>_lp>dX{-}e_O%dpEVLzE!kr@Y%hDvMJ#1(VzsqPwL(1~HJi}(()Qd8vN;{|-}2D{
zZGf^P>84SC#w#>n``%4U`};KQ@Ds;!0MIv-ICtBm_xT~sk2s5G!^0<NQe*+N&R9BE
z+v}8MZrBWF+iW?Jqiq6?INX-Xt}qky6~&(HAUyeV;`pTsXr@anHRo$RR6$38*eZ0z
zGqYy?AQ^^7^G%b=4jiNO%9-+WpNkl;1GoQ=tuf<ZLacANukR!4{9zc~*7(9q!dtlY
zT|xS*Zr9&S0iL|aDwO3gf`+>KkF{_dJ5C4eJU=H<$$h=LM~-jY6x4ytxnI92H66SR
zRmTsxMWGoH3OQ8eF*K_Md=anG7n3rL)1iAsh}E~6=|k(eUZQcX_4O()_|{jhZf=jA
zqP~xon%b{`c7z+27iQDSoP=On*A6|FHIO@UNlP(9)V?=V@p;(k@QX5c7vRcgbw@{6
zU<+Nii8`_Ajlb2+;}ovHv18f<rQ;zfrEKLGQQB@H$+v!Xf!aCiv})+E73K*}a9PeO
z24BOb@)E|jP6&|EtwuWG$&{|kv>px(stGcQV;ygKT=&W-am(fr_$_}v?bcQ2x>Rrb
zZVJ*_3C3p+L4F<_XN#Z%5wKm+ZqE8DmMltU6=HY<IUe3BeJV?h`LK1lijNf2<``p-
zVek3c2VhN7_qcRxmdLxebnf2j(o9JLSOOh9LIV3`q!j0<>Tbc>%p_I=(%gJ(H)8u9
z8x}r*WPR`ekwq=u^CkDSl4}jd_VyzNos^+G1tlQvpyoZn%{i=@uNBp2qy0c<+8w>B
zgO}~+^b3#f7pkVeV3sOyd%8mLkc0gl_+gLV!UhJ`@=f<b+P)!9r}TH+p2G8b`kI?~
zR}S)JW&uc8g(2#7R~lW+y8NT?s8zF^QBl&I<43{T6TEvP6bylWR$OU{&nghU`5=U$
z-`X`le~TZp^R3G)xZXnYARXc;%IERSDuRQZot@tr8$bhy@*O_1MrUw3erJd&Ou;YQ
zSNKBpSkD(?QTEzRqso5uEDO@-xkvgukOpPpMHUJF8j|%px(qHE&LtZ%wS-n=XNR?0
zW3NfC6(Mb45z!ugZGm1oty{*zTyuGsOppY#z1@B`{7tLON_B(52P3Y7W<dhzpQtu-
z@yjbykGLvYg7cJg+-D35?E#7M<SzvU-)cWi=tO-CAd~M}_C4I*W#%Hjyt!|iN*K_3
zvq^ElNQ&2U6*z`iQ$*8({6?d?(8B=~$T+Ph9LUmdgAu1wTy#BsSfcp2xn;@ktlQ4F
z^S8~r;z2yEySH=}<R`va+F)I>Lb|Nc6=m-e&L4~#*7*t;2HIxjuH_>g>!Ai<s14;Q
z>j;*1XI)ZY{W_qYabe^o+Z+_ML?bWV9)7Q_%?<ONO8G#*j4KiX+4QsdcNI;+C%D(c
zQQ;l&n%{bgNk|f<sHkZ;9Pa$`W%VL6X_%9kk<jZE+%jkJkDu#E@x5z3E&E7U_hutP
zF9Ls!_P;~?fx4MV6JbrE!&k|Z)<Tj+sI#<<jgq>$I3)aR<qy4&QZfq2TCsh--w~0z
zr8Q?LD+xY+9svODK@+2<l<cyTq`T{8u8s{tD1$I&Ox_6(9-d7gVdhxjs-!T&a{WG-
zDzK?fnY0*X`yy9uXG}Yc<|4NDoOq<$))!X(l|(+QotSe?4|^<3rMF+vl;`=+lt@LF
z*(M<0pyF(kx7z(y=C95>7~N9^u(>QG2H*44M=oh^F)kn2G~-)+k9(As&41B+^%~7g
z1l8(dY?e-&jDtYj#Ifl%p|m4oGGj#?E82h75K<(wFU$xw)8ikQl1u;4a<B9|zAyC#
z__Y_yp1t%?i5S>T&0`sLKVRBchpI}4X;3=GzJRbK*EnCo{3+2q_^;1a>EKt7qFNkI
z&S;51K3e6{c(8T|Ma&53+?3R`(J%=%A$%T+aNHIASbNUo;#Z?VMdR;IhI60wr_>+Q
z*$3jjq?dORxb%VVZf>8rT<WJA=q=?3EY=<piHg#pXe?UvW&BSA#F9Sn0{yF4ksbFK
zz5%p3)e8T(yleYHC}k$1rZ&p9F$2yQkYJxu=Dl?PeNz91ks&2ikk-w=>acMd5tn<^
z*V`=3Kcz)~2wJr~s5F!C6~))A&?Hbk7@<#5Qc`MQB+gg+X@a_Sn{dbMufM=5=ki5b
zdXR^PVr^Gr1?-<y)yhfmxYHG=NM&g6KYViF_@t`xd3y|eB_g~d`E4nyd9qg1VVfyS
z+|QT;7IM8x$n&Zod7gnBQ-M*^4DWUUi}z;ct!5wSc@933Q;*`~Js6<g=!4^fcs;%^
z-5m7)Gs^_58njJ6OS6zq(coQFl}dZP{_#<ODXj6)Gw;P!8PP!eSS6XFeDD@4nvE`=
zX9XH}!baJgI4#s-iZb12S*wu|WhBI>fO4nA<0-!q`#8U*zfbahc}bU@{SwfHQ<`eR
z>oJ|$K+PbTA<v<v|JwZE6_t>rJP7$=(|)-|kiEva?>(3Z7Gm}?z0^{WCmu||25y^Z
z2>6nmg1c`_Av9Ge&&?Ly`SG%7;5|>q(!7Ui#NRJ~Yo|ek;8nZ__wCH{6X0zKLnuEM
z%VqveB>Kdr?So0J(sv2egIOr8Z&NTBSRVecOwQnK@?tptU?zWeY6G%o`(&|mxv8xO
z_wvfa_5c)u9`WL{z=*Yt%Hg=bOiy}`KRYjus_1oxY#5+g&yd~t2d#<81{J`TUdiii
z3;Q294&rrIJ3p&1BZr>@?pCzG+By+45Lh<o=a`{U)QiH3*KMUQcEmm^IIx&Y^;Eid
zth=}OOmMoRR<x#p4sCTcNJEscBdvUF-8X&f{#3gexCkTSL&sREEqSb;OXs|L7NoFG
z7+z<~>$fYP6reLdErgBM43GZq7z@<xmRbaqw6W&2_;dE@s>r#^Fs-4eyO{lm(OW!V
zL#>SSo^-%2h8sOgYhiU`u=D=px10oC<)ZT>!l@^-YT9PSKMy?{t1g7O#jg(Qvs%-3
z_Ph-Xxmepcznpi+Y$Wao+I5957i~R<^=>nSojeyYj&LsH`<dlDy)>F9zBGLCT?kX-
z!~>u4Kp?*<O(y?V4eQyk2!#$?%ZRXq(~XW=;Dj0!)-KE$$MseXb>$n-Saz2r&Y<`F
zer!r-*tJh)NP5Tuy-_5-8<_3gQgjzw+3>FSjm$-lZ3x^AaQRN?$wXq7!*GZ0=xFa{
zRePtwPP>ZRQsACNel`T+NQKQbScjkeR{lajGNbyT;8sd(HRlx%o-(i3rod9umt@r7
zo+N?F<C#V;IppoJ_j#n%+NG0_q?U7!@{skoApApE4<&C@s2^X>jl_o_C!yVlbm3_}
zDpEi!5r5+60KYlga>_LUcDXbC1btNGyRc)jhw1A1jXrh(sI$9-(T081<=p)=5ckqq
zpb%XWdqD!nLFvhP!{TCcmzwMZ8`)HAJApT?fNEZ7ndLxt4o0Zl;6)a(saBPNO#DiV
zR+i<!4+m|ewKCsh#gWP?^jLaM<Cx_`yo&6TE~ecffPzK{qVf6?V{&zgjT8RF*ry)$
zDk3<1XUwRqH?~#~v(%^kx>%Rxfff9_CD(d;E1vAl{c^Kg;q}%wDq6r-OMlWm1%^a;
zD7fQ5)%iq{FDQ^y-+d<fpTkR7!_`i*;7T;EW8H!Ttqa^u3?DSobaZ-xS{P@=42gW#
z);11a>xpw#?q-vyz;n6Swt=JPyk=UhX6Bv=Ud`qhez(G!Bg#fp%-3ooV5~<uHR9e)
z9sN5UaS<!U%HM@nJ}Yn1%RNSbLy5>V1MamDKcnz#uo@}fGCUdfTeCkkmw(QysHAiz
zfK3Vu18kEc>(Fc=J9hKXBiVeww~q0f7Qw)-aI5_Zt+9<GtKWslUJgob)Oa7u&q?}G
zt9hi%!xav)jnCR9enfXybAW*3&baKe^;ki_{#H$c6XP8r=eeilNH|%IGegD#FzfZY
zza6<&!VSp~nAo%{7APMYYha!qO-QEEvypfDBmnV>8i;4g74rQOC?o4j#3hRn^@0lU
zj!tK-uhhgI^c`b89=G)hQGaMZ^nUsx;&JR!S8K}93{}MA1snDS86Iu3NF)cOD~_B#
z_gD-)vqEGduworO%^8E}tMD6Uzrym!K4emFm0T=7YY=&|+$Di|b_1Qmv)oE1ypd07
zK!?%zWZmTrSz}2~cJ>LPe;4Hy$)TY2cnYhK!@AE<t_Uq_7@ERfGn@n~WXynkNq_~f
zt`+=cUwL}D0p{JT+;TC+cEbbCRRbMX<4YZFvW5-oy721>=uD#x>*YHG;@Ok}XCb?7
zjr13}F@+Qs(n1hQRc~;>Hi>}Q*BCdZqh%F-k1qra0vXGttbV98GJVt^gY}h09t)0O
z{hkAb{;idnwm=SKNGMAt{E9FE#LA$4i0NRxWd`WGM$Yf4I5=~zkK{*XWrfDGgukY0
z2jvefCNF!h@w6C5Acf4i-Bw?b+_C_~%7d^ohv7I-q;U+{VjwXY@{F7`|LaR(mUjqi
zMO|Hv5t>!&k+fvX^@ZN*pswXSP*LkG4(U28&}d6pRJ8s{CyuI;62s5`(n`F~W6(E3
ze%Bzn`5mFVrZ49qgZHDbYGc7R6fF53@>5}j^4CL&k1;%9=i3|_`PZT&;zsEk!V2O@
zb3w+V%rKmWgKf4>4R#1jw-2*&Hvc}9hgD#-!<U<>tZA0*^{ah0=)+dS>xtL!<0&<g
zD3x|92;AP(=E6xM*axSUv>>|Zl#fgPn4q>+>ruE0l|@@S`EQFbVy-OKPNZADtS7;I
zgG+Z!m(F>lO^g1*FC6aPE``lGW2^7}MQD_tj8Ldp{MWgdEOXz0LGJ8x)KgOz&%yiM
zlR9y&_^0g7eWa5O4DZ)9_2MA^bYro;@CO|K`gQi()1~m9c+EoI<TaK?^9II<&L>?F
z_pgr;cS~`l4n^giZ#9H*^8OGd``=?}c+k@8%q4TobEwAHyAd>QxCk+KzxN<iwt8-t
zKy?KzHGKYixhY$8MR}66u>VatZ&zBfX3u4TDtUXoJLFIZwf8dxID5XIm&n5-^C0WF
z99-Lsi;rj_eFJrqtooh?7qoBteSXNJIVc@U#Fz^}@22CU*9RV<@r$eJeI3OOvF2x1
zB0J*;tV*WoWh=8L7}SF^tFv)0C0TvGz(6i@^JBSV5E;qI=YXZHe#4qe>2r3c@xqDC
z+IkzUDK3{;j4UYqbyDL#V)M;5WA#SI5&%~~RN~_Tr5J-&hn?Hc<)%?oB3awp;3ts^
z7OYaP1$1b9OYw#!MD*xNztNG^F3W54JV*@K#1Ah|EEHPKN?KfpD3j4rQu?I)w^UhV
zX(YO~KRiGq*NeVu7r$e1xw_Ql3vp#J54IC1k$*uMoRs+_XXMHLxXqtF^&0evvZ0_>
zdhM$;%tc8dxq8W1z%9XtT(JjD%5{zcveCW78&>^?)Y<a>G$pbpB&W>M!FEYAUw}r~
z2*oR5g#0Aamf7d3>Z&O#KvkgPiNOuHwrNRx%|#XIe#sPY=Rh=ZDqyP=edTnNW!Q*%
z!DrD%^4(rTcRl$99TOzF_1tz=hA+tBkyHX#NSzl2GT?}x&+J;NL{<)$weo_-t$iUc
zQ$-KVvMwXSJUSe9|GT|hbQ5tFOn*AiZuFxvRp(`{TE0~1W6rE?3dU}DYjX^jEo*ZS
zfFJl9H>5g5h=wnO`FmlY4%JWUvb}1+;I^8UWk2j9U?ou;y?i9n+Z;mL<nXmJ{{k?2
z?)t4tK~GN-t6NqiZq|O50)hOa{@*6u*xdSA50`D65f$~cU{RTjOZGn)=t>SgEqdhu
z9>_}vDUAhe;e^fPM4QR)ssw6MvSW(6CUyi@&TA+IeFMo)gTX=T4{PgPdyx+$9Yy9U
z^HA=Nl`3w?SB<UWBlPM|SNDo_1{SKcCB8D<GEsu_t@}W1L4vF~ogWX=2kl?pF5S#v
z-FXj*LEW=Ex*xQ-IU0S6=r#tvX0$MD<~_F>O>U{S**N2=DC@Lb-DcBolH+66oB?DW
z$fuLF40;b+AxL23*<KUMqK|b1j)Z8u+)ZLTqtNJzfv)>xYFey)_53C&{>!4Kp}>{&
z$To8-S{CK0DgIw_0S~3pZki=S4rA^Pbp-ltb(&U`p2=EAvSM**3>KH#%HV=hk4jW%
zIE_f$^s%Hv)*<rqwy@flf0Dh7KV2K!2-vT%EqeD{4Rq&wG0C6(i5X#Uy}(tRfc-*@
zT-b?++%01?`y}BBNAuWn)4UHG1Ti!c*!mqN{g=(-^T6VSf4BAjt?CJhnXn9}69pDL
z7@{E9X9WFA8vKo+O2$1nrH}vp`vm*{Lxo1+CSia11M<I1{tXfTTT9*lZKD5QZ_k-X
z3a$W4GMfmz>ywXEqQ?511NK#fgh|c<Y}*@+D(P-zXc`OqwIiS$1!`S?{t&hzBbB%k
zZH4b+`N7juKOY~T|3*v`08#~@Eee4w_2c+YIzu{NCQm3v?UXh)YqKqX__1aF!`_W^
zc7zFPwZ<(GLV2<WPy6l4dN9=D<6no_Iyl&@4P+R8w}15S4CYW{ZP3Y^&#Fu^0pt-c
zU(R-l)pmSdyWj4EvxXZulYb(cV8*g`WQYpm!d7#skeCN$eEbTYuU_a__bPKxq-SLT
z0J7rZS^rL8+MD+G_k)9!^z^7<<7GNSZhRiF&d<w^O+FN*>H{cDZ2G88#8u8O99n4a
zDw~7dbV)v$f1r4&jCn=5DMskO`w8F(?peEVpQdTpVGmN}W1(e*?iYoa6Wx(%oj&l_
T_-+HdhyA=#1}Rl4T1NgKSVKH3

literal 0
HcmV?d00001

diff --git a/windows/deployment/windows-autopatch/media/windows-autopatch-ineligible-devices-historical-report.png b/windows/deployment/windows-autopatch/media/windows-autopatch-ineligible-devices-historical-report.png
new file mode 100644
index 0000000000000000000000000000000000000000..2aeacfd0d51eacde83709d6ab6e56755c5be01d2
GIT binary patch
literal 39892
zcmYJaWmp?s7cSgF3lyhVa4TNi-GfW8;w3<F3GVJ*+}$0DTXA=HcXzjsKJPi-`H?Hv
z%p}>_d(T?ymNmf&a^gtvxbPo7d_a<v5LNu}0SfZr!$)U0nD;Y8*Vwo3Zy#+H#f3kV
zkK!M^AAB+rk`?;!p(+yL8T|SE_zOfr-S)!=<gS0Ok9}5!1|L48m`I8WDLd&LzrebE
z`;oj7d^vDz`okr8X0UX4%Cx2#_av-Wie*w_O5dd^W#!oNPwSmQjO>)1?2m7u2AD&x
zXMFIV&sy(Rp_76?O}d`3M1ApGbtGc}31ZTKdY~kTA6||eX_!eZmm93R*1N;a2(7u(
zbbEGe8rLtJa*GljIq@OQD~V}opSu_lyBLQJy^*wpJ8Qml8M5MnnUi$umjoQ3>nq`g
z>Ao5ALxt9~=5{~ZVD*Fq3YzotWN=3WF8}X~cVF-t{QSJ}@bE;Gl+XhL1Ie!_;tQA|
zRSTc}a;}1gzY_~i!GghHA;sv=HdZi>h<y2gmMOF5hR-(AQ`@(G2hv~R<+{*P#q10T
zy#dtB2yKaSBONCh9ciz$zzxyGxl3(Q3yLvT7g;4p&nYs)t~SXc_KA_HB^t|+1FLx3
z%LJES0X0FaxKhp7&hX?VF|~6yOU=urep3w3RX7+B0Ok*`^d=)0NJ2(L%&e=!A|oS{
zK2pTtq)kdTY$ReUMm1IWsOCO3?rgMyI3|3S9?*&9JIDu3goB4Pk^)sNO<_v&)qCuy
zXL&i5Re*&j&>@eg9>#5dG5~xzB6ybO9lkj|<)IbD1!$dOd^FrZ7z2-E2vMJCg2Ow7
z^TXXRkK<8+CeA@&n)Uo)SV?%FMRcysOd9!xm&ODSf;zC0eK|ON(}O=W*`XPm{KOqY
z<gG#B=-J7?@2N62X=Accl9NZYunTkVh0`!L%{yngLO7qaPI|5eILhXLCsFd~!fppX
z9M+<Jq8379Hl$yi^WqBo;)-FT={HH>6Lr~*lj<9JJ14%uV-Gf_vY_~hQMUC_W>G&j
z(r&qih($InmhcO68R=R}tku;OieVy702n}#rVE|$o6%ae1QQ({U7<*Ml2W;fH_n@-
zL62(xhS;n-@W>rGHqr^izA3&@i2b7}wPA5ra3d2hj*QSv0o)ZXB#{4gO~T)rB}L|3
z;o0Y4!C4u((Ymb5zX^<j%+3XASqM)4$T2ujxO3A0626$7JS!$ap&$2%RGR;)k-@d?
z8x<DaM;Ne-FJ$NN(IUqZ<BrEVYak*3g!0(0t8;d>shR*ilf$o!`~(``>a4ZokfL76
z)7ODN6IPFeZhRp$P<&*tYs{p~$*cQ)F)1&ZXN=@dKYho=BxhJAy3tqbKp9cPd62kL
zh-<&06^K4Jz*;xiWND8I6i8wff$NGb2b-b#L(@-RKPiYj(GuKFS~n`tU2WMEAOvcZ
z_8&TA$KJLT3<e-z%pqy~l+0&R-=!G!?=cSu9Yy*VOl}%r=z5vX?qDEdXHD=!?P2=@
zG>d|I&bg@Jcs}VAGn!xpcbJPk+{q#_YdmULJn>?z$9A+cUZp5g$~`|PA0HA6PLwV&
z@yOWd$W-0O>8K==C}$8cO13qxS1*_Ymkon5sgzw76}pMBNm=NcOK*QRkWmjV8_fJ6
z#|jzQ7NDOWbZz1&Ll$P>6&8y^XRsPpQ*OtbPLanSbXY~q-RDk4&N3$lBMJVJlh(;T
z{z}uYRvYtRn(JhruI}{AvY-D_H{nt3x>86<w!pg~&W<w&&m1GxWzfGr&qLvEJmWtu
zVp4eOsMI8!*hfl1eG1fA6EQLV4RYz<c2Io2ftP}&t5AaZ&9_cQcHHrso+=Iz3*=!B
z(i*9ew|*Xo9#Uh4r`<_eJBwt{eUHyXc@pz=MPoW>%0n|**)cMTe3mOn^aQBMa9z@k
zKMcNSmx-nNL#+{zhFsH9G&}cOwwz{I=g0_MJ3)FJzge-l(mtuuj9EB|)DvSvL7seC
zHimp6D}%oh&sK&>k4q$(&lfY%VqbQVBkicqMFwNy2TA!g4P;k|Qn`JH8U8*pnS~ko
z`K(9K)oR~taWWY_qIpD3GTlF;-&}|i)H^U25Cl*I_BkoFnbeGnvtRJ2=|OLFfD~T_
zZj>^*kh%e43bzZll>8TJ<0Lv>SfsoP5SE{-srM~gptY3myiT$rF0Y-8-WoTzM-(jg
z80&W-F!UGDS>&a;si{;*!had6ESD7$p%U+&d~IDX+={@gTy4;OijAfUXqIncD>QB(
zK71*QM+Cd<Db*_eTQY#5tSTF%v!PK-&hMG<Q_HD*S=3WE68`^EInDB~bwBm1CT)Xd
zEyhH;%Ee>2M_$@aH;rzXh=0Q+j`VB8jP6;3xwnN9v?BM)uk}4I05~{2*+LaHI?C6M
zF&*ei*s`ts47`N(26iokk>98hWyKJNc(&H0^q~9xS1%0wy{{V5AkC?T1PUACdjaQt
z%_{ey?(oO`MBa)<K5IwuO^c`ja&}v~)$@7u1mAK*@?~XCYDP~kI>~{|5bkd=^=?F(
zl1C=%SlC#op|bi8hPd8>AF7g?w^CDrC6Dq=JgW{4FztH`jf@!i_-udPEOqne>znyw
zB0=RFduBCr->(c0kByK@JtPh%_xN-9`3U(HSaQHQqwek*=3<p)SBcZ?8n;!cg&mzS
zy_dKYA50iIH}<q|Ik!h);O7ZKHhxEXuQ!ij?>0{2t{s@qq+o#>8uH}B63|cW$cRTm
zySloZ<^rOX6N18$5^-5~vH)@5#M)H&>R&Xqlg>{Tvgq~k-l3mg0Efo`Hj{~JHddtk
zJn*5HOzi9-b+_#M7U|u|OZREOn)+I>o7*R6F|o=3OAcMYp(W5+oj~|*L&-opoQm4)
zTTaZPlZIW4vH3wPQ20JKiSp|3E^v-94Pl(dB}zp(z<_;N=3!!LA%vunrs~@$6pl`t
zz_;2%*`DE86xrI^$_CP4@{*irlq{+?0G81q<bAS;SJsuC?anK5^T+I3#!Ook@(brP
z(yDH^VFUsVmSWArVFyLTv47Aowhf4%4B0Ky`oAfG{GU5Xmw6pAlYX#R9{~wN{#b6F
z2kSQ^gFck4lDeyE|IH}Nu0>28E9@w`b0jOsjM~LQBNZ`nY(SNbEvFlmm3EK!*JlZ8
zxV~S1saIH={g@>D(UEu+GhoWlduk_2YT3sFo1zyJaBR_DcXF0(Km8%0kJ7(nur<ux
zRi1=VB%ch|XF)FtD55sn`Tb<f6gav-HsAUNMLMB=keWot9+X)<Rplg!-k6)DhC$&A
z)0G21{M$q$HN$^F;^_(|ufc~OJIQKJ5w=Mufq){!$dDd<i-pZ7Ywg5G|B2L~0Bdhw
zO%@KQH+iVeP1rUkG8f}+f;h8qK!xbS=d<CI*!aNp3EHDU+wyu^WwW~|RKZwgvS}u%
zPgfdEXX!7rR4AS|>duB6qSOPN9Yr%I94D0k0Y*l4Jwab&25_!YagiAdxm}l$lpRlA
z`nyy>)TCv75)&&U+?(=q!!k1McXrscD=u!slvqcf)qI=d`BxH*#ruc<a$umC-66wY
z^N<QFsFV?hwU^X#M#$!s3G2G>su#iALn88zC0VDUb}t5P)^=lCFvW3KuIbktvMz&d
zjQvt`VS5$w!4k6xwHd$Dc+2aW+sxL#SU<{jfY!hGhOhe|CA0pTL+#E;rm0R=440wB
z6LU)PFx#whX}rPDf4J{`K3><&Y%L$e^wSh~<|+oD_n~B0m0^<a?2M;a01iw#2e$gG
zUxy{N{@Ng*$7~fA(TiC9<XLroLc-^BC)^uN7i%+z3Xl8T;Pgr%ql$;Se;2&fr=YVG
zCfJEMBKM$>?ufoOn$Z_g@8O%XXA5S+0crg955;E4ite2K5trSRhYij^j}zmfqM`!o
zi@>&cpd3ouLUi9icGuw@nJJ>+Tl-XQcjQ)IX2ctZ_02{WDykBH4$vn~**W3f9du6H
z2i&Fr;KYiC$P<6)awoHK4KBvdwvekm`pw}3r9$IlufSo2UtspzGaj!Jj;n(vNKW2g
zL~;34Q5AbK`qQTm@@_9n{Y9p-Ojw6d+pTO)2Qzb!%VROE1~&rJa4hYUaN~mm@gHUc
za%o(Fx9R*C+T8w>e=k*1hl;!=GR00u%s5@{i7h7@A>0GoI?Z9W3G_Ktjf6c9zZe^R
zf8W)w&v*Dz6&AjSwWzDg7YkdAZ~|XDH+xQxeJTpXBCGFAawYfEG>`Y_U)!(+4m`B~
z<!IU9`xJ1MS}qB1A5femVF(T0|Erl&b!U69i^a!CbT)m}77c@TufdRELiAM{HbE<E
zi43(91JhKw1ZC4ryZNj+6J5q+-D;lo$|Z1pl(8vWQoqXL`uouFC;GGp9#ZS0C;TCk
ze`pM}1iT5vM>DfXVPR2-gmiR1I(XibAQLVI&i!<SRd4j?bl&AW#51jYYUfv;RgO`g
z4<6igs8L?&#H(lx-Hms_pT8qHOvbx-eLBm^H^cbM#bKQo29{H$u(34ES~sNNpMNF1
zJ#`_nvRsPD>fT$5ikCW`ZzPgE;cKwJWt2-B6V>Szd)_T`glz7UnCDb-u&`JkZ#&yL
z)~*j1p<}Gcre?Dy#A9uYZ*&<S;Q6iOcI0h6ov%I-ZFZro_Dtv-LA-}IHLa|~Rg@y9
zt*eN)*|)-fr1y?Y!XVz&t(VRH?DgP2y<1(1FsuIqIX|hlzEQ<Iq?OuFyxp8G%Hec9
z`1<(xnCot|jj_?6rG0<iZz8iVV?5aGU0-+B^II`tU%(O#_u&J*c8kw$op;`^oHR_Q
zUrVrsX5X${A=oFhupE|Joq5CNS^}Pk6>ZJvHf1;>_Lxq0Y1;dMw9GBuNEU<NPcV-V
z<1@=`%<ZkTA3DN76SCgEz{=3g5|h*R;8vdB+7nP^6Hv`FL6^reEw7VTPL6Xzv9TCi
z&%sj)he`?U!DeDwESrR=bCG}r-~Z}-Oh`lovR13jXW-VN%Ae>`Mu>2yd9aI_Mm03B
z1e%-KlAEQ>wtKE|KQiVXI?mkW@D5gj->H@GATmx|MpCa4Q2H`@Umrco3?Xc#@?HvD
zZux3pq}^Wj2gc8w8DGHqQ(r`MlG6#D7NsvpRm(rV*X3BC26m=ag%fhk7!q=I@p@|k
z;AqMsGNDkaLnu4B;gkWJ9+q6}@+>i#!e_UYCD-u;;mwtkTpik{3OHc2Ia}b_AcTOl
zw4hq~_~T8@Htbufk3M~;7oaK6=-${$fZXm|^4_I5DyZs+QB>n|w;~&%oVFiXoe5f)
zQNr*fL!R5Mwc1?Jno%+WSRtJ?uupZZVHO7YQbU6ZDk~p$oLW9X##W&XDmSrz^#A(i
zTaVO*%M+$=;dD8WvEiahQfykRu%r;0!^1CX@x)nkNpiea3w>tkiC|P=1a|QF$i+dw
zKJ8D-Df|$t31aBsQ2iNzf|BYzL%;yUYOnw{6*e;#$?1$E0F3E7U18;kQNLsnZy`pc
zwg%Du7~OL5_>8a0!c3pu*=WXPTvFT_9FvgAz69BsCe#`&i^2^|rI>PjShPRR<pr=g
zp<ZfM-mRc0D5{6w>3Bl(X@ENGyz>9>rZz$d9@KwSy}S@Kc)Y;K5%EV@mvN-Wx)QJE
zcQcv{OmbYL{6lc6BF`g?NivFGQe`N*=H~%!f1gT<Z4<oFFB?+fT(l>r_k!R4{-91~
z<U(e4ETL<&T~M9UfEl%#-CB&QE-Wk+b5_TaGS%E*kJxzb2{k^z72FspnQzpm3@O&o
zotE3&?3pq)HTk9wL53#NFC1?6?h=pKm@Fcje?8^DzO`TP^q<;4KIshPsf(E)BXhV%
z#icHveS|ky`R-+I0N9H->xx)`ofw}C+#gPj#mZ0#R|>q_+Fn55tT}?#8m97gYd{IS
zJL&W$qXez7z<(djq`!mmxY=|7^iX#F#nR%;5P~uJIyXkpck13Z&cYdz9?y-x+=?D3
zpW0U_j8v-!NRT7y<vBYG(6WfS#lF?BzP$H9l*L88T(sU9Mmt`vh5dCyH@?rt+4N%3
z(q>B(LC6)h{71t$HmAYm_S5ajQs5MJg`S&YcxvepRjH+4VZ31mez)t=s-TWNUjE*x
ziXIz^vpijdb_0ync<ALbUPF9Z;B(9OgX#kFTol(;PuRZEwa#2UL`sz7&Tt=iM1{ZU
z{LUDG$b{|wM+*wFVH?LA=zy6;)N=sD<_&}>3sBJf?Tz9{Bxv#rsW|ki(sfKHmD3)o
zU@TqS8iZD^)T9C=^o@JpT6Ln`y}djJ_5p54c0!~sqYkz^-8<A5&bS5F_`L_KEz1;S
z0slOB5}1Lf<B3{5r8H@@J3q`zDn!(aX|qq~AS2(`|A}Y6`%`YYs$Pvn|5<=}15pxo
z#MTK)M7!igkb3|bTB0mWSY)I~(PVU%y5P6%z@eQu{=P;6Lz_dJdHhw(n;tDyGK`vV
z)q=pOt%6Df$T)MO@JGB61k#TvH7+sJ_Wc+=2atxmu^9e>&s`#2mE5g%LL(h|<BD47
zZ~^)2whLLAoWtytyI+wgMepz&Qa*1Ow;-o8J`7qnV)T|OZHzacZJNq`jzy1w`-aQj
zP)dP_gxqOtFLjmu(QgU+_iY=e0JN{_=hlVvKP3^yoPvEPo!|37*XsM1PU|-=8+ja9
zDR!k>7zKp_l^;q#l<vrBXmO&l+=wVBU8h+o2G+>PDM(TChy;DC$5<%_xCI4J3Sr^G
zd2CYJF#tPU8JXgJw~0{1o->;!)RYK3!*@Ov;H;)vqG#JSW2wsEog<)3_(SWo+iGHL
z$rL=LZidqksE?e}I?@2SWko&~2wJ?&66LEXi;Njw^C#;Y=W=;lyZk4d1T=cS?^X8o
z$gW*G5C#}a5nR+2r^XPLM#=x^17NU!aJYE1z8EX(y#M~QzG*X@MAW@$X3q1^q5`xy
zvZkF<*6*P#4vmDSMG4qlL&N^-X0%|N7lwa7yZ{%En0n8<O<qk}53mN!2FB#9G!)?j
zUvm+$4WOyg0lslEX>&VXz_Mumsm4~FqL04DE$dg0>vn2+W3rvU)y-9%j9d4GMG@<F
zZbGu^S`@ors9VOwuP$a?vM0LJ3?VGW`qJzFsO7t0hD-Yn@^^ssI=(AiX`DIu-9;B3
z_|Z3;#0Md6A5<d|*foBts0LkLnuZNv{ElJ8<)fg81sF4ksaWte!TzEur|%m-M=dpg
z>jMTd@fZ2J2)`47FSV+^1J<8=ADa~x=0niRkc60>Qp#2d@Hqb)lbuW&MsC{vs!3~~
z+}9yucrkncgpYsF8PTD-eHdFfE8Bi-Ey%(Yv6`-PZSR<sRSdQ8S&XWTN{AY#zIRZw
ze`usTyhSm!(Saa*My#;3TtrNgTtg#yd|E4VxrKN6JB_&gFPuY~P>_Opphp}gxGnJi
zvSoM3QhSv1Rh0U{L~&(($ro3b<jS0CLaW-@^>abI%bl)Dmz8l@Dh0*gk;#L&%5hkF
zecsRwHb)f9f3AMp9+57(E-6UmA5T9>Q!xwzg{*Ndt8GB)QGr7Vqk3ymF%8OEp|kn8
z7<&d1+A@fy=5STs`u{C+BSXBqFy>2JV<uCILIFS|&g~Oh2uOJls6dYgtapKuV`f1P
z#c|gr0000!Qf$HLul!*Hy^PGvAyrXefDDW=tH$-sZMLT_0Qcq_4D1slO#;}ikjT9z
zO}NZgvY_)f9Lsm#fxldujeq_(q9My4gZ1bTPbvE~a`0)Y+{C=sY$yy|_8DCT?8mmB
zrisM6Vj?gT#mcOTsJ>Mpzp{IZYtr-ecqaBcC^agjUK}T^LPS_~=fhq`|IZu@S!~{G
z&R2>P`m#SBwUv&6>Ww;+G#BQ;|Nr`*VsHJPp8sEV;6q&ArNeyU{C{V(VdSo1_pDvX
zxBh4i3D{Ez_=Y@MTGsFV#U=j!X4j<h|0D}|XiAy*9?R}r@F$HlT#axn+;Cv@fPs{s
ztz^DzST=E3N~lb#u^(}M_Jj`)Q$vGs|L@eM?sE+c)x@kk`)^E`Ic(;=Ab=m?bbD||
z<#Uy@sNwDw!vF4gb}w>hY$B;4*ji`A8Iig1nWcdAQyn{d`>dR5Xq!fShh`B|P_ar;
z=4=YFQvdkEObDo!&|z^^udX|=H@nDKg+?Z0#?*Jn(p#q_VAa6CL)UKv2sUS*rz(Xb
z>($iO>8w}321%{E3@ar<*7#tIzvBuqV)P2@@na$&V1z8Mw<MN#9AAIm-8-dJ{VyIS
z{eO`|F60YvtMO%X9ssxpef#570RaJwoUB1#^1jMxoY|^_w4*~)|F|em&k)n@(cl6p
zvSy9PC+7YBrdzU3vt>8^{fvo;xqo`t+b_tms97>Gy%0JYfm~BpH~z?7Q^%TBQjJ0p
zimnHF-q|%_*%v}g1%!H-I(+2Irw-%NOH^m#d?Cf?dI11%z5C9@?M$V(bpog4dg<ZY
z5-wM<ft(n`Ip2NFg~O8$5?Of{a)E&m#t)w3kqVrCy6q?hE5VFC8#hTLM?~W7EOGNF
z|4CCBFsC%$N=ZNvn-eA<bQ)kEPuR+e!NtWT6F`}RiYUy+?>Dq3zdqea+YpuJd+Z}q
zGr$T+7y?CG6C`nzulHZD%zGZ<N(~N;YbgbkcJju?8LYd=Q7>xXS>H^m<MVsqFC@)@
zR5d=wjlyS)y#u1h+#6yTdiMGt5=}%LUk{7{-%7vT%7*QY-3ci}M_mZuGK$dd4mrCh
z2T7z=7JyGEBrnd8w8L*_e@)z0iHKxiLl%XKn}VmH0`i?8Wd3_nW^8IDDlLtTTcSC>
zHX%l#`F!fPge7qt_%CrL%0s_r&b}Sr-crFW3FJqZW~Olgzt>lf>zf-PE~bweeZi7D
zREs=3?{`o*JkzU*8Tz&c3!(-c?x3^+d9V1$fVjF6tO5F#0^(g}Z5|R?*Gi$4xrnVa
zOH%Y#jJVj$*0RrRGcyV%;pa~+nl4mj{{CWNi~93xo4s)#1yZ9LyKy_97V!?pS7t&_
z>tK{QYO*u`K((IO8<UXDYORHI{52db_&9iFJ;=e8uQ&C305~oTri20Z7shP?XJwh~
zMF7WfS<P861O(y67KC1XI8y&_Vz^8}V}%ZZn1(56swMXR=InT7juIPC9jMgAFIaTa
z{tvd%3sJb7-*746wze>C7Dc6JM4@4@Ef_YxwsCAxPVv0&gj{UhfjbM8s-HqdFfl+=
zongd~y*-noT`&JRx24q5)K8||tMABLh~uMg4^$f^Rh$pEmc#JyNDSCPsDg#$E283G
z97cX7$pf?u5ZSpi!MHJoLP>aHx{f8*fAv?=@stq~9L>p$MmWI-m-M|TkBWMsU(nP(
z84m9!b_VuQOs}j4Jt7{R?Syh7cU2l(^Yo)KJZ<Mhlc-yYEQ&IeILs&u8;Y$iR{T1C
zCrc3?R#4M_YFZZ~k$*EH{!txacl$pr@m=KCDm7i-%n&=9{XY<)r$=mfY^+-CJ633q
zURkr>SOc~r4rj&E7lDBz8;Q$i0yr1^^NBw^UHQ%baGb4eVsf%x)qfw?aQu>C&G25~
z0Z1LPQ)p=fdHTrHR4c}*c3B>i;WkOoz8cL2`=YINg2WP+(rsx&K#;_&Z%jO8yv47w
zU+bcQ&7`*K|BYKUtEt%cdZ#<k?!0W!-e0L4sbOtDAE~;;T6_aaJw@J%`^r%6&^;2i
z1n$^BCkF0pL7d&rpWLOxzxsV)RUcO5WHN}KlO8gm0a`(t>(h(2xc@hQbD%1Ka{^NW
z38z6(<x>D)d@r%fbq4Hq5QhC!yaI80uH26+q-GEjb0&ug1Trx*`c!Rz0b#%}TIKzd
zqn>^Rfk&7C;us{bfgPZ$O9T*4JFvcD+0leq^DdzRb1Hv>*(R$}Mkr>vB@rtqE>*TG
z1gD`<_qq%=-E@9{_(ORy^A3s*)!!GMF(q>8UB?wBSBdiGnLH4Qu)$3TAiZ~vhxPR6
z4!#@GhPb$m%MFfC&G-s2n{u$wZ%igtQ_<0hsEd&o<Kjl8SmW5U-Rzs52#${6HN>R^
z5BtEg*4<Gyp*Jp3S*YeQL-dkl4~fP?GOs1MymYC8bQyzCWeYmNe*5)mf3-TcV>|tX
zv*kG+2@oZgf-KGu89F77;zug5=vTg7{!HWq`5j+5CxivuyJZaPN4231?lJC2+B6$@
z(DjHp<DoEI(xuNyA4xdUOYhp+tXy7^j!d0lZp5@D&@D-QCEo|;qz^Nr^z||#R>w7H
z!$y2VOx3ayUkHM(wV||uO}n3EqkX-RWAR8c@?F96lB5#{$+6SW7K1?1kvV}VIfX6p
zGFnW<DJdXOqIYzsoAM8p&B+C&20J?RdK>uPKh>mR##{6F^YY&vS~VG(4!FQG!p}mn
zhQm^2;$IO?KV!Qrqery?eT4>HLCnXHd2};XW=f62Ai4YKWit6jzk^jkcz{ZU{(F%!
zy!wYHzEX^Ch1K)2so`@j822bG7^Yg(b?P~G9aZXSvBT`#e=0RZr=X<Fno7}S-Ul-#
zfte4oRAqIA^L#>Pi<C8tXG|Z<v?tcVwC@IxQPvhVIqO%1t8u(xh#C^3#x>OmzE{r)
zIxVAsK<NH4e$Ngu`ccQS7KTgDr`R0acW2V1T8Nz$zIh3uZOON2|2r1--^?+jJaY^i
ze<=E&sDug7TbCeXI~V4l3#V3k4xbLjXF`U&UsAZy!&@l2U<3eGR7H0A_V92RD}z*%
z8-IpD-8X0>Rw;1q*r^?TbdZHIE*lgf?V&3yQz5&=P#2gomJB{|#^JuzLzGOZrVJ0c
z8du}xo4MVKdMUDuSf`z;7wS&Rlx5UtwE(K1xeG2mH<8jrA**?6kAauD-KTUxxKP__
z#w0pBltgMd+O)_I`TC$HIea(;Ucv%|EQp<wi%nEUc8zSTGJO64r&!vI!QaqHS@wTH
zs2SS)&H?nP`3pi$MRNm?9LpUWa|JT>ls``hcAVWYu<4=ZFa-S~WJcGE{ai7Y0Vmxi
zIkdF^?}7@A{pAs)uHiEqK!ZqY(4aVjSQb9)^F!WQPbg5>e=#1|AK1*q$sRGf$bQX!
zC-}}QMD)?&ZAvEi#zX6Rfy}KGe$a$rC@7g_MIW`bEflEijVsKARb<JV9=YFL*1|;m
z_Vw`(z1uc+HLUuT1+Zxb#uVYVbl`Q-Bisw9Ok!VCrW7VlPPk@1ok=V*^x9-^^j?RC
zdc2-S^;mgkgSq-_vHVVa9MqX^IE|D=g`cxtr**2=ch^~Y761ZS%>82%L05SJgBNW8
zsS<lRKpbyJ#X_IXlsa;$X^ClmDP*@?j&;((qKvLao8{2Bb?C^uOHWKmpAyD}I(?Lz
zwFW7(z!eaZrE`splvSMrjhrAZwPn~X$MA)$tBX;If9Sv^DKYW46vJope+;OO&=IF0
zHyU~<^mPqt^`5oS^2AbjvJEe435NbPaIBC>+}fIOFccoNv>Z0vOAnwTdakp+uHjhM
z5M%ihBF#9y;@3NCIgLG&UEPE%_NyMUp~_!e%rl|zGaz(tEXPXOUu{0HJiv5XRYlLZ
z5|*6nSAz{ZG?D?vBkWSY+H_XPu$Z(N-ym(M^+6|>^4xS*emNRlT32HF0`68$h+<~d
z1c>|Ah50K*QHPHptFGEeyT30#>uh`$qX1F3{Y<~fp<sbxs7XD72%m+qv9ZwY4&w4~
zgOsyIXviOj=^q%GIn9JK23}7~nv9&xA-%nZtam7xjTNwE&@aX(mSWboVp=WM=;U@D
zFfIYaXZV6<R<Nx>oM4Wn@l|HO^mtM`M91uAtFQKA_WS1LqM9f;QrveoaadO=(;T5q
zeiVc9QDgf0`ja;)e*Y-e@a$GP%;{)!y?oATU%P)7*n}SdPfScR>$*~@MmNsGmzbQ?
zb8H7#9FV+5q*Yj&^plK3=FfmN&HGBx`cWedo+f#bz~E~s(0E$INkmC4F^yzO*K5Hv
zpv$svy8+&`mJqoJnPf!XG;`uG&r-7#E9W{%qnkwPPbt>ipbIz!AG|5bPhU|$;VvvY
z?X79Ko^O=DaiO>xy#Y~J-6ybgqH3$;giR3>ch2>m(e;ZO&b*&qn;nO~$;Il(#5QE6
z!3{@~^F?NU;57gHq2;6E@9n#ZTNe}8f{ampV!xm{l;)ub30C1fYZx6zRGkF>(MY0=
zan@2AB;4Y`{pARuvKa-fl%-F>&zKKxdpE=XsF2}NRk3#rQ2#udx1QXd<&V_7ohr?{
z`;8VX;Fdi)dx?C9wY!(F8}k+BSBQ)k&$>7(d-%fxSBNbz<ZiU`%66zevI2V}J}_?A
zpG&LGjlarLZg`BMehv3)o+as7H*2E|AbbZ#uI9d##mz=1I<}x%Q78097(AgjgPr}W
z`l2E4ruv+d&cLrVv5_nz`U!i_$b`#+rCG`&<oPy)A5FY(ogycJ7bQh~z)hOaND;=@
z<3P;sp9+EdE;H+Wg9+>kmdru7NkiCjNnpjC)Z9eE7v;S8!nR{HE#D!5n9V9;r%*a$
znl*PsUTrOp6CS;Q?rs%~<vH-{;%49gR|CGy{B`t~V}GTXon!J%YytP+&k4A1Iz)2Y
z89D`;Xbz2=7p227OU{44XNbN|wNN_~5&|(I7YyR1ZsX7NAF3=U=;U49k_freupF9Y
znQh*a<M1qapgow|D!V*oVYhRG8%1Z}YBNobL5Jadv(}9v<Z(IZo~o45YShV*cpv~#
zIvgO8t&*qqcNxw?<-O!Xfj15F3&?$$2tup)v%B{u)xOj0=wH@TZD>VMg=5@oZXTV<
zlSUjIxY89|IrLq^#s%pc?ta|*+E*$0?NUi1cJLo6)C|QWhkT4=gvcFNIBY)PQ?63k
zMMv3g=4nx0x~2u)YoELFDGc^9(qwqWAx5Z{_)M4wNLKg)jl6oyz0+3@%h;dbS!ytA
z<GuCSVZdQ|V-qG6|Ja~9gKBKMe~VmVsljrH`TZ;=t%t`{2$5F(X7gNW!z{Q<=G%wJ
z8Lvy9l>UBNaS>NaQ`$>~HHGj=AE{XEAK8t0$U8UT<0;=2>q&=@CjOIx@zTT#NJ1zq
zK9xNd)hLG2m(R?W72r~z!IUzI8g3#1x(j%jE`9Dr&vYoARn_CA2tiFUdoM!u(&S7~
zlI>?kWdFJVN)g@>ZqAH1_NB~yCl}ve`<b8$E#~#AP#7)aS|}DFnSL0^&ZJ3d8w6*M
z<qt?TH9R^R|6Sb;?JOl#{t>q>W%-4I^^tDjZpr2y#{TJpy1#o;zE9wZyXSDFV3%{H
zJg;z+U(YxL^a;3o;=hG>RNz`-z6_zn-6u3#7M%Tzd5z?WFU$7?f?s>eXXeTZUVC7r
zo)5ktHOXFB%lkVsCm~iYl^)SdME@x6I;gDB`g?qL`Ae?(q<ja3EM<n&-hoa=D|%j8
z)KnWUy=f({kFsO<cvvw5a;Il){c$6c=vB0ytD1$$&*$T(F0|opy>sUkIMHs1R%nnI
z8H9@f&cA?anYBeH<N84jV2kEKgYVb3)pe}3JRI`(1&SY~<yEv`zMFT&wu<V648uzR
zu(r4P{M{!u;9!AEG<RcCSbC){NOeGo=|YkR2qsm_tR!`>N}BHLc?W+g>frTGodkn*
zkJO^R41ARht5K8lJ<6H;3d(8DRf7(<`7hy8-rxlQMXZ#;?hY9(2a5K}NrOE(-c0QX
z01po+>&~LAL6$@`7JnLHKnLxZJryeMLDoga5I$*Vu78btFw^jQzytrxj?>UayZaLm
zd?ZG)_*Q{_rAISKCOY(nZ1LvkDbf}LrXGFULBe?zs0g_sHP^!<VPfcE30ZUb8SGi3
z?Jcg81#!$b;S+m$T3f{vkE0>oDM|~AV6?8<$H+E-%!(^b5;+YR1fgN;fre#5A01gS
zZ%%R_9hD}P0WlKe;`v>^a5&L3Tds`ckv-sQ$vcr$F2tHyy{DzK%+m6x;cz1Q1c{7{
zaz5<*?5Xpq+C3X*v~a&X5GRbQYvyz^iJLs@J3=%Sr+V+v+w$p?-VM=7#HW9E<=`2T
zREP*lg5>QYzDr^BBo;t-=`*TZKwOs%Dmx)OHHD>CJ|ibxo6CsDSS1EtogazJ9ST^5
z#r(pimHT~L!p!>n>HHQ912ve!nwoG866P}NOQ08$IL0|lI%DS|yjSUCF?X^WaxuzA
z!W&#pU>03r6@IFRWl!4l!!$!)dS$~DoHp8ajS41Kw0uiAn00O5J;tFYZUuGKz~~lp
zt>z@8*6?&$)6ejsSL6JgeuL4xT1`>VDU_C{rkBhLQ?sEHS^Qdm?GU#9kZ83*pqSm6
z+uk|uWGJTndN&-R12bJ2JS|NCT_H|wwrMx1iKu=8_Z4OU&@PPx=0;UUM$m|Pl8Bsk
zyGx4mgx<s;z-x{21x<(WPIX!X=2R;Z#q-UAnX4iuc!^?-6ZHIc`Wt>sh4b7r3e(d;
z##ey1xR>a6)oTok#&ZV~+v|%E=IeDXj3-1Z{LN0({|%xRE|3pd8>rjF<3PG+C}6!`
z@r}7JIFns(=2CUz81i~c*nD2mr+NNT_T(ONHbzzcCINn}@WnMRvEE`BJKCf$t7R=q
zpnCPJHG{f2Z16^>5RZ)&>xcM@bOa_~L=wTI!FRo5vqV`t9gFCqD)kXY&0)KUgQj}*
zeez!9lAcesrugVIY*1NFCKJUM{9e(0q*9yRd&<H702-U}^{2H5dbv~{->bb*{kc=<
z{#JYF_XY%U3Y<JV?9q*9e>1AV0bxr^dL8Fi_0%SijJ5x`R#YfoVC2@}h)gPf0|Mok
zPFI|*k@e}O$@cbg=c=|V<e?V{0~0$ct1$?@4_SBb)qVc9Bk<k#heJMH5vQPm-itiz
z!Q(*|HnJDtm<`_wMBdmP(b_iB>WSJiQczrgD@!_cPe9{Yb%$nXduF#m7#v@i4IyNX
z?W-^#Zfii@lP46nuoZxLS{$FA@V?F0(BgE)Fp^8}tkMsJuoZm5d{}6(W<enHUEy>;
z#ApJ}T$Cneh*_BtL=f=#)ZOye%&F?GjdEP9y23&rd&tj^c|U%G)Q}(MQJMcR|CW5>
zu{LM$cw8<4Bs1z#Y<H*6Wpug1Mnn$`cj1ja<BH2?bV;{8qPfIrm=L{JvV-1txwQ!u
zjr>!U7lJJbwxJLG@T4-;w!P$0LSW?FNiZH;{ZMP3^pfgSJ|o0RaoMW>JnlQfEqmjI
za4=GVNgH{NhZb2H&c&8Q3ek@MD5`i^NcC9Y%Z`J&86?M!F{tI0n0~UxiPR68jr}=r
zg{Ea{TO?vQ5E^5x%7NkX*GH`r2$>P5mzg`E*6DS&GFIoB7AZ8P)RU_8oQsJs(z5b5
zAFrj5tSq5IdkQCBImA21tj1ab0t412SMKqpwa|?Ta99{(W>yi}NgBa#T1r$n%T#a8
z#PICKVnE;>QG56i_W9wF)p}lnPFGgi*+wf0fBO^BY40l^Pvu>^$AGyC+fC+ruh{mF
zTH^I8vb{~}mdjrDmg_~c`P)fbC(khuK9>{5TseN%?McN}k<ri2D6+uZua}xQa~FfO
zV_PRLfsn^b@|L$<c4l7&@LmML{LO3gyz}*Ub9$o1lB-JnzNh(SE27bKPVZ`?(XGWY
zMZhs(w=lmJe-kVN?;D<0V`{KB6OxY*2fUdnXl*ti456UP^NcBWZd!<oq%XV#+j>U>
zMrxoYjn^J(j@fc^{O=0YJ1Y~jgh3|c@|DcN$&$c$Z>#w+ir@Kg#5EpPGOm^!h_bp8
zkRvX?F+K4T%VCw(REDC%(W>RZnp4yaJ2ytucU95q`=uH$Im__)6#~1uazQwn)({Zt
zdaLMx-x<}#lQoW)_iP9VkmOJWG%WRs#dh};M5}%wt7&0qh<)j_09n98-(mI0Uc9|h
z6X+D#Z79@Za|8_J&MaO?g+mL_)~*kbV$0b*oeTLAR3t2(Pa&e~6x(l@Hp4DS;XCE@
zhC^HEJm2RNzHRe;{+nvj0UM6|{2Y%XzcYVOk6wY5bdJXy=&F&*x%9qMK#te_T<+H|
zj<t4W3GDOjV($_Sw53egP!=G=Yc;cDU66r$;1eQJq^^zIC-;|^-_#fiG`-_If^ENY
z6wGSyOxNH01a+&`GF416@d*UcaRygsf!kWmUbIP#2E>#TQxibLKX`-I<SiXk$B))w
zgK<H<orV2PUVA!Dm=80ufa8<)_CkEAJb0ilZkO+iv6WSz7JW=FzlwZVPE}IpKpzPn
zo)8C4c|^KSKPIzXEo*jBHPOaAVv7Tr>A-KK@G#+$35l`+SXgmg5?c-)0^iij{MJ_V
zmsUPVpi$mv5vAR`$zw{5Br7}eTh@5pS_AY$JEC`#-<YCze10-Sh<P0Im;e4L`qs;A
zPE8BU%gf4dli|s8<66wmg;tinKnuSf<0vVaJ|M8)2_@4?_mg3X$Rn>g<Ah5y0hzDw
zJ`qmW@G~hQ4OcIQo%yAZo#TxN)At-+K<*Y^fU9~d_q(8Nr>6o<3Dkpo5-nOfgkJR2
zc$e#VWb+TsT5vc>6eSmcl7McG?fW*A;tQj`nfrPJr`NOAnEU!>%5w&O<;|Z_uXH1C
zqu!E_d=Z|1m4e^wl*0x1S%cqVI)lct+gv65JtdC_o!t@N+!DTeN?kk?okebWdj1T4
z6Fd^de-oH&%WCj^3o5)T?68Vjh`DXmNS>9h2$MP}lb!V@iy`B03+2{ViaKwi!c7yV
zLVb5|EbBXgPpAwOdIBCG=hdwM-}q2PgZd$Qq?w(&2h`wFdEDr}&B~=*>@-&<A|#Ol
zP{+YfGqn=+ewZbY>Wr7}_X$+pi__V%&?DB=#m-IAo{U7a<;IFQT6Co<?ae-Bte7$g
zbp$cr&(y!;lURD%#i~uD1d^u&Az;AnRL7uv;kSX7hn{`}OBsMDHX<$TA8e_<$-0?;
z%Qmw^b_JvmWhIqhWt~U;;!A~#E`fv?jf8Bh!z%b2mub1myf)yAFazZz^=zn9G&rvp
zvBt6pO+<JA2GKF!=pAA`l->1$s)yUZ1iQp~WH_#T)A$ymSh>wAGo>&t-#g0iqLW-;
z@;g3w$6ICdfl7)n6u{$Hg#2GuFz=^#XM)knB@_XBiSGUt3ECs=NLVNm8~)`IT(cPt
z5G`Q`Tl#hHBW8zwsOXcvB2;X#Oby)CuF)|k>kN*<ZK)}vx<IuK2H{0p2c6R|s`{b1
z8`5Q9KcSP8Zbq*4ammbSz?9En^i+hD-b+T{wDs3pmcnm7K8VoZ%uPQ3S#y+H+)F!9
zGkT#~^5LK*7<bup{!X*6NvG#T6Jy{stAbI{^T#b&Z{_l2Rw(;=%(O}{%&YyM+>0_4
z?HzMS@StT(;JD#<E4vw$@asON3;CIqENt0>2#TNCNvD3=Mt-^qM5R)ry&U_{s#9ps
zEfX!;rrO!<Y?8EM=-XxLzhE8}mdYr~4Nqo&d2}OjmF-DSd7^1fHc6rZ8=~rcLDHl(
zNhC0{{mIV7*C4+I<5b7~a#qs}hx0;+lC}DSr#YebJk$|czqm68Tl1xFB4CwT6ex#S
zna&SS!rp4*#Q2Y>JrtI*LOigOcjTV?UT~j1*OJ=bY}>uwT!w>a%M6S1)Hw0|q^L!}
zmh6X`ixaaGA*1D%g}s<m-z$KU_FNiEDHBs1a6R*I8k$SvOB0datAsTi_1Q&P$e;b4
zjZc5HgJ-8MJ;K8J$JeF;qrhANPt6l6Q_yj%VUiD=j~XfC6HDQwi@S!Z9|Ne5b8YYq
zCo*RH6u!Q9DgV!Me)y(#@kNDILm?&gT`$LcJLltjEwIROvipgYRIOo55f>y%_B#?O
zo0t~w^DoSPYAWG}vhT4fDjQNB)RtO2k(znG6f;!Flhg|>O?yWWaHs}GMI3-kAy+Kc
zWLLPju#{kx$Sh6{l(`C{jpYIK24`A4l^c6wQ%j(&I0JmSQO@}wn=%K-rpqjnR>3_@
z35|lz98^qCK%{>A^Lt-$A%sul=-bHuJQ2OJ$b2KCexqeq)};5o?by!GE%ei2+~)<9
z!}lCZu#j^_<iRV;?A9FU4u}M9a8`EVhljiwW7DG!2{TyS!$U|6qL$DsX6o3m5J(*f
zx8Gc4dM3Lj6F+>${@vOV^|a!_JuDgLVgC}U6F#^JW$<gY^9FBDK@k)j5a7bfUYnWf
zvDRXTUZ#Qs0N{wq+VUkgbAxm=d>&^B=hL!1Rw#c${g|5av1)yh=6!t}I}f*LGx$Gl
z4lJL4Ma#82278>owV3qV(z|G)NUMwz9Hw=Xh=4;taeaN8U6zL?m8XcS(|=IekvS)6
zKlxpisW%rID+Z0b40(%;uaHEElHYsr1gprCs=5chWCo^W1o_<`QQ5^B>UMzfB?S6@
zgo%;VFq{OnaPvtb(DfMQ{mK^09<eNFpcr4A_LHnt#f6bzwNp#K4Ih7p{06U>yqDr{
zpCX@6-@azNPQ3O0&wRRpJa(;hlD(ax9k<v4uI~1AO#Hp2rR)euAH5NtwsL6I#P*5}
z47$0CFpJkv+J4qh+(^(#_UO)Z=zg$FfL0Ae(8=IfwTbNvo-I=J{bZGmN#l>1As|M;
z&h(lCN9LcynC)+B)BK@_vJU+Tb0gJ(7KcC0fLS2o(MtHeu?B&h<3hl5xBjBv^CjWl
zmG#9n<H7NNR+bt{UfUD)8ztd`uV)xEhuliF=dcP=>hJqhnkGy%7>d<eanq@9!x8(N
z`YXMHm>1+8(jrd54QFHoM@6-W%RSLD&tslA91zb8#O1XD8KeL0jtk(W)z5qBE%W`J
zYAVa0>CCU5ef4v}jC{U$ixBrX^Xwt>6rK`zrTo8tg7O0Ark<!H9rnSGhCd@@qk35m
zHmR<m+p35)V%A;Dz0v~aUA(|>!KBA9S{I!a!yjs@l-Wx-fQm4RQ7x4ZXtZ6hq5Ij!
z`}bxpIF*(&##Je~H(@0yA~&9>Z*Yg!lL4jr`3{;U<&urk*Dic_>msN{i|@4CB`c4S
zw)PVL+ui$RcbYxY2<)}?s?Mc@rUX^_v&&zSD`pSAL3JZ}tUD{YEzKAiZGor!k&g75
z7ENw1X+x*emp23FcNJTW36MY6%n^H2*2@}%XDdxCD~?3smyR~CqdNm@^|dbe0}oGg
z7pVxGKkdXO59fX{9}liMW@H#7-Zw2Bogs=Jsq$K>TDCo2K1~IuN^{0Z?};uakd|XU
zH7b?#b?8-{{tPTn6U=afoB$EC{bT{Gc@y5d);!!4soxTEvGUNhV;mAoJNp}RU99xJ
z1?(6a9ZXTk#^l-SB{2$4GKaW2-<M_9B5K)j!~Eo=V!KPzOia+a<o#6xsI~@2d4xJk
z>S^n>Vi=O3QIs!%H;*hUu&3^=s^pIK^)b4ZTQXSFB>GNjzD@m>**acMz2-?OUpkP%
z9|}3QUcu=*G*Oea%_TOGT9jLK;Q#w((Bk-tb(GK<^lRvjr)|($aw_t7n>Xq%>BN#X
z{nAfnqV6VjDQRY__{kJFN{_y&D)SZ7Cl}O_sm9bRipkpV7L$LYpU@6MDq<$3l+ZjL
zs=B8z=T2&R>m%hQgDY)=52E9(5~eR%S0nYlp_qi!#HymnyCpvp2&`Qxx@<nR5qOxS
z{F1W7`?1N{&AoU!`mC|Y&((IFa(nRs-hU4bu6N3rXZ8MXLSHK{-B6^nSVK2=)ZRc1
zc~{UC$)(70&VcQo8cX#SX{p?^zqM|f(G7Jymj=(#xi1u*)oP`I(N1!qPe(f6aX3MT
zyLQ~;#MLC?Xrl3^@cvsQ*IY&lnW3AHnFwU2DbqhvCyc$+4?{<2Yh^I)r@F0}l7*ig
z-E>OPyG(=Eh{W40j>_IQ#X+0t@AY8h`1l(ANT3@@ced^1**7H;24ElzW7aI#&=3ZE
z5$MUUgHJ<PX^U}p{GD&z<UyG@s0b29=re#0oWh{AY8}@YRG7a9T-QmN@PGY=&e#lb
zUBCFGcWzw^3@kEs6aDC-(>GP`HhtOSEV|G6yn0W(Go=J}YVp2*?<E^WOw52<e#%?O
z9P=HJ#Ow^_#d1y<F8MtMo8YU%yuXN_q0q5={W~gH(Ib#a+E5S?!)hEC6;3Q+r-C!U
z`H_LiwrxCA<{q1Y^mYS{yB&wyvBs)CauT%ze`E|nMBc<!^X50LN@B8{4ti)J$rM9*
zjPoN|bE;Sq=*5E}dqPcbKwLL!RQio1b9*V4gnO_6$7KDLu?HuOgiO*TxxmcIkmggF
z=~v_gM-v67iWR7w9-%n{Hysz_AU8=ZPd(jdF%6uQ5OOR!z4wPmmuP_|7gM2W*z8R|
zwJZbe(h#yq2GQYT!mfnQ**KZb8(}ytag8mJ9YU6Nzl^sshx<1=4>}AAa63B05OVwC
zOsKhKuqX-bv*8{%k#~zpeTkp^jx70{ub&kBB?nJ_9>3?{>PbS#iAsJM8SlFT-m}5@
z=W07%50`jZProSE<8nZ{N8?9^))^nhq=^M}Zfqr`SUYZ%0oJcWXSM3wFloSMyEKO3
zzOj$m4T<@7M+eI|NI+34LL%)oz2xq#%6AI!L8?i<r#4;`pGE8gde6}X%oYL>YPf1(
ze!K&9hM@>a*fmm@v4hkDCl7jCosZqw+QYIgz))WeyzU1s!mG}j#1c{0#Yza|?N{Km
zwx9OyM8h@!qG%biNrfVSR_5U``KV?z=&oImF#a&@BT*E_*~p9&DO?2BR21ONu+0E|
zP`y{Vx4JUr1WP*T`nyNT=d`yAE9+L8j92*KtlB2D@VL1BV{>6mBg$<W0`B4v$i}v_
z)(E|b{7;TWZti!<#j7cRTUnVsGb<nPLc<aO6wlf}7E+QW<8E#mpI8lwIMu0{aFbRd
zL%bF@&Dkds2!`f(B@9r(X2eeN)iaLHZC7xl<#utMSY?vvl??aJ;@_7wq}uV_KRp#S
z6GLiRG##Jj@vEz&cyF-EtZzg4CAQN)R^g|?=I6jYOFI`ju`ns-xvU*jo*q|%uB5B;
z+U#{9o){qmN~Rd+V+KBe!X=$Kl9PF|04hQis+)#7B*`W}rQ*KcXuB5{QVE%f;0)Rf
zQMHNd&Y3Vu0GkSOP+qk8jLpsj-IZ7#UH9)biu1~?PZJuyuxYj38Ns>TVQ)K7Yj;^t
zl@$rAd+;@-Br7Os`<|AAWFl&(_+3FDRqxIa4Ldv5?1EMT%muc66N{cotq7gL=B7!-
zX||c1{G#|%60jOSDGN#F=3aZSr*uTvZAEn^)ftSbrl!Kmtbgw!^Yk5}zCym2VGTi<
z-RLFlViu)-i7H}d+9dPDT%_dAhh*->iPdr8x%Ce&uH1~Af^!BIWX13_Adq56Z-7he
zTwRW1CQ3{WK|jNHK{;#8LF%>UWSVgS)}Z7|US*XZO8ENcuwB85$$mKM(9!`gn2}ok
zhJ64-EWX0bz5b+B_>hwD({QZV*;#!(H&iL+>zVMA!hHQ0T4lz=8sm~Oe?5b*HY1!a
zF3A&1E8gXghSw8pOB1WXqmQc73A5Sxe-LLzMvRNgh0WvzT!0vbnOju-e}fkX@mVJu
zO%DiwKdgB8u52bW);^SV_~S5t-&8x@lc2cqc;4`A3ut>4#%kHXk)a8gm=%1Gcu4q}
zh=h~p2{8b;yAv1}nPflZApmDSxo~STadJnLN6_1`|H!g3h)t)|Fdj&}sjtf_qe1uI
zQK2d{eSc2;V>0g1I8T0W!>Wu4mb;;0PD$G4(TRwP#pj+Wcv`+KP18l{F~p0n0?ZnB
z#rUnbtuG=C9<<`PUyNpt#5uJ0Ze+`hEoek!ZOPJ}G`8cENdXbx>fS?;Ons(3&ZNuu
z%Sa9oTX3QhbK!-38-<$*eAQKo+chJd@Z0`~qL>C=K^YW$yr~yE)m2#c=M%Y#ePOPE
z;fxA-gStY%5eI!%es<z(d;QeXe&15aHTd1B;z@MIdfTsl`^aGyB3O}OTwW~B$0t*A
z6cQDe5W1}R*rfoH+s%tagn6+pp%<~nNeb~Xf7Jis*V$sqIv1y}rr$9y$WSa*LR~>~
z5GjUrd0DYOoR`wzbkF-j?<Hp>b8P>Dlgt@Pmh=Y5Nv2gxOctYk$)X>i7E;n?yM#xG
zO49V1ux2wLyB3f5|7d&bpg7a5(RT<55S-v{!QBZOJV@~165PFk4jLdxqrrk}Lx2!0
zKya7Foj`DRYuq_6GqdO0d!JKv>)unhD*uG)YI&Yz?~>mFzF6FHQTD2B&!B{%JOA-4
z(&t1s47y<5LK-t;-QQu~2kb#VwQ?ixk1R(kHjRec!_+faN9x2)6$V%yo^swjsnk&8
zc6Q|*p<Md*!)GFKQPRPUvirtjYj>x!>y|sR7?zz%CS~J`#$2qZrsjiI!)~E^$uDSc
z2?Fsib^j)193JW_xivLtR+zGUweC5JvBet?$tWF6S3sPi^g{}uyhqIz*W&LN6sk{k
zxl>^8J3&>|Q<JkHfu8b1b#F~r*js;-rqsHhknJ$refF+Hnd}0UX=+n3q#a+V)33V_
zFq7E6uh7BuzCsy@3n;#)b3U)B*rEvNC4Q}~_)LKr)diYOln8R*$BH&n%4u~Dy<F9g
zNT>0_N#m6)Batz2VNxhF&T~tPh)7A0v*K9RQe#t4I8ig!4hZ4)s-vO>-L>1SSz3<W
z8HQFsT)0P|z&zgTXDQzrb45VEETDntHnQFC@Wzi<#w@LSz_l_{Qhws|%ohi`B9OB$
znC~8_5NGDO2WS;6Es2s`!(;W6Ls9!`j_ZZCs!$^_v7qJOGnEYJLXhz|chL*kdUD+K
z0=|#Y%=I-%PFY|&W;A~aKQ>)k!^{0z{=_%qj*+D?xL>!9G0)6~0m?6wBjM&ihZ>>4
z6dh6MU?&mHS>m4GGn~I^D8XLu4Kv}LT|Q~x^re)Eu$B75|5||fa<*)(U7RlzGU~@W
zrl@P7fswL{##r=SR$2Ge^|kP4U;dymL&V|?B^@dJA5NCkSwr$F8VIPpB0uAqs>dQ+
zNXfm;J`kWXIhBnyx$~UR95XrW(|S$cYJ46=8+`A{R=+)G%);1q#bUKB6Jg}Vdg^K<
z!|~z{nv8n2bbh&&ve)FKA<D@cnD*)_E}&zAS5q{ju<)C#ue(?uQ`4r3F>G=`^67Ry
zkYbCn0t(l_!w{maaG$JU4|T`6X(?F)i)P{HQPQJAa)KHa=KaDvWHXlowsfHnC=471
z?ZLZKs^EzGkDFFYTJree3aF~;Mq%Gd)wtcC6*5zI#ATsD2Yt2Y>ju9A&p|o*n@2I?
z7nCki39UFQ<8MIBk=FL8ZSS!uvM4o9k^L+!DKsjQdB50G;Yq)I5xY@9qh^zq^83|*
z3T%lmOV#G)z3M4cZZo%rFvCy^<t;?Wmh?i`)Ov+1df}QavXEWjB<CX~MN(R0FJ69V
zG!sc%`lUU7M%?up+S5CfV4AS-)nrs^vWzcCb}?gKT+R)bWUNTgtZ-R*u1gWjqEEjz
zP8H#c0&xL1!#bR|WGmy}FMVEK<3y^~x99w^eo}Rs@@B0-fauE(dM9H^ZkA-lVi8Jy
zm&z4+X0Dr{)bbM|O11Xy0*W8Vvsdv@HS{*O$mTeJH-okWJ|GXjk6pp>|HI1a>vm%>
zHu_WS9A6lt1J?}Dz-*WL>w_<QB#SIgo-gDSymhUv%$&oevsG(}ox4l-W-6qx<un!t
zsdU3;X}}3F+HYWVah-UkCIKtqCyJqd#kOu=CGk^Vv26pH?K#M>@pwhyL=tpyH}H31
zd*RH}!7wuVP&ozdu%9t9R@l&8iM)56+XanLV?S5iTwY4MXprIPiM`#VV*NEPCY>%;
zPmv2^>ttjb=iwQ%8mKO}+*ZA7S@`5N6~-$rcSR$HkHpy00cxhj%c`ZPP2h*itIVnJ
zBz#G+sVCUJ#=Coy>fq5szgDi#MnsvJaJ+DcHX<rNg_ut(J!PMKFpM3HHQpr15>l4q
zt!;3EQ{Vix6Fw3V6sAZf_qj9?Wj+G#+jY=?iGp}x<(~!__M;<JcEUqD;lUH1zrefD
ze934S>Zg!YD=U2#PLvS?G@{HTk(x<Km8;&XL~K4McMB`Mc~u{cX#T0InjimpEH&mE
z81=Dd$gz}We{v3|TS7C@e41%f)|i;oP1;vGgE^L!=9Da`8&j#;*c}bJfu$pY5<vv;
zLqD)(y3r`dB4H7?Q;8B%tdU2VB*zTJ0m+DjPMKTB2`r@*tVPyt6%~OtOV5!Y!(<Mx
z+VR2SN$Z?kfy0ALc69WZ+;2Zn@Ga;*vvhM!PXz@8_$hs(&&MIgJKYeOUW^H7Lnw-0
zESX4NZpJXMm}?b9FTQ8X4!(d3tmMd()Gqhd2FwzPwFk_ZEb*gxlGMfwcxBBAqt9t=
zC?nPc#;ktTVfaES7`lm|_?7>+3p=r(+gxkDX^Bdu{uUnhz}Izlpg^_!38JwxU`?h8
zRs5QW6mvl*v;`Dpfr$z_YCo?ATslmW!I#9sZa(JEycF@FOkf#WB%uEovTpiYYgh3A
zN>qFG+Xl$*a|*tcvbH5atK^Er1krK`1I?SqT;C>4JaldJJ}unq?=pW*Nr9YaQg>R4
z`$2!C2BZ~$ur8`;c~+5_cW0L{e4d=?Y4JFtxvBOe$NKIfh4<UN_Zm@ea$hn+8gdxT
z`5{PI^TUlQjhB@V`*ONAGyu(O&-y!iS5#Wc7V#HF_ga48Vq!rTrzi{$>XUAF%?aL)
zbu5No_C{I)&JpF?3~J0``<9z#l2$V>^0k0hs+ks%k#_dfl8jfPB}XBR&Mv%sSJBJD
z+LhN9Zs8CD)GkzY)j#U%))8qHRy<>u3He<GKq`RdQTDwHs--Bbf@(b?wXC;0exH=0
ztpn<->}5o2E^oEI-F%t2^Ot1%ys=Nu_oFnuU7-2))$L9`mWjt(T5FA!yBgz;3;!cg
z5%@Ipa;L`c<MD>r_DMgeGl=J=W))uMhrf7xy?S}9oz)t=hdSbRWVWu1$Z)Uv#VVuA
zvl%Yf3?Fn_8RZZQ$HL4EWw^v<dnu0Ek3n_^!7Z8fA`OR+ANpY|-u@DRTPRGOIPHDx
zzQ@t8^OFWnmf#F!!RKDy=g!W!V~X;DyZJ0A3u^P4spMu_r>pf@1`^r*lECGTHU-pf
zkL9v&by3>m15cB*y<@*~K>%*nt?dcNYQv(>lf}zlHAh`?EgwBE(m!=jIx*Gj>JGMU
zTZn?!wZ+?TW5lBwnr~%%E*OThy_G7r-_Gr;6l!e;D+q7}M!+tXD~2EF7KFgh@3)??
zt~!AC^EZz=4*ju=uWvVx?y~MsGiXU{ylX6;P&S^k)FWlJ;u_y^H^b+%a(`H;>cKb%
zg4|RP8P@0>s?{scChkaT)A+i^eALeAMDEs9j;6A%oWR#z8JrCTT;#{E^Cvq9(K|{>
zyQjo1Ho?d1<R~(xTi*s+H}9{@oS{E(*&FbY7yU4eFZ*h^^4t{Rz6NtPOA}ITm)%KX
zp`MuOLBd25qlq1t#lyFJsH8|*jc=U<S<uPu5IF7N?J+HotmY$3g8&pE=1O>Q%QZTt
z;lP8AVgt~2E>sqQRw;P4Tns*iA41(UF+wFE#y&S(x2Ihf%PJrzct!bKYh4JV;R$1t
z$J4Bvc4$x0woIp4w=l;oit*L`_~&i$1-m_oy7AWSZXx(QjIzr~Oc3=Duj##cX0F|F
z*=OBRI6Mg?_D4TP`YeaSnv`I9l+u8wUkF7V!IxeHpF?;{m)jv(h`=eA5esENUO?qE
z8K^|Yd4B*w<m`lUmE-<4=IB>WL|g#cINw*U<ox>J@MhcFN&g!T@XgY@fkElm53b1f
z=V-<<yC~!}TG5;Sr+hvSz1mACCHFoSMD%<Yyv}0ko$IgP@H%EMW_`sWimNw9Op0X;
zsMH(aOskrflif=iZo<fLu*gWt9{y;2x7GmmT>S7<k~)3v3bpyT$!a+T^6;F*W&lRm
za`eG~$tHe7oE?}b*ooscmh?YuIZAZO=2Ht?)52N~RS^llh&GY}Uz^>!rEoe&bTimk
z;smi-fYT$_tK%GP+<R<VcU64RRGO>E4^m==b=d`+QB<hcxR#0zeQ?SS8^WA(G1{YO
zXW?{x9VSqL=A~6&;NZ@?l>w$X5_Dm7N$hufTI@`>^KFX2u+8e>T#?an3&Js-$4Xo~
zZ#L%h?iaBSyx&;L!h3F{?#%3RyQVqJ0mSi4e8}z?0YX}vX1?UQ6r)=2PJ6kmEgpjv
zZ74NXO1^j|L~+wS%voAV_r+d04rz#0VToWPuQYeSi_Yj~eHH9G{2WYEQ|!;m&fc20
z54&hSb0=$2Luly_oXWgr&-8M0qUn5s%D$I0WV4#hUlD1NjJ*74vgf4HUd4|GW2O;G
zd8jl7+j67dEqu$8rqrY?!a=;lnZNlp4nF?v0L&+fO@vey#4Oh__=gwx-_dttI1Z?U
z9u1v{x5fBZ>VFfa8Nr%dfy+^L#iGGqGzDM1DsnHd&iCSwj;IbT!A|FOrrqfuyA4Kk
zT22%9c|rT_k}|<2jYQ>PNgsTEM|<>XHA~G*BbRQeNxX=iHH^RoE2TUyfJan@r?RlW
zB@#w)C-N<H#qe9_6OX-|#{0H-4yoO+hga#*viZL%FC-HbAVxcsA^1q_FM=WH2Q}gk
z+JdQSKTqZARyHJj)+=Bm(}agpZ$Sj4sF3E7yx$GjY&<fD=U82?h=fF;u+ol7@oUUX
z|5eU7F3%}~RTlpnT?4kF_zlACYaF%^4PSNN!Y>t+v3UXGd$IB-Q_(G<W&SszTd}aR
z-a^IDBtN*QNR0yrS-_>$1fyYmuku%IsW}xa-?w5^ibw~=btt3zxfG7A+F}<n>2<n^
zC<x~1(@`ApvD+zO7cz{ciByIx7s^bAELp9ubW1Sj40=Me0V<KvtnZTrCKqG2?6MLh
z80H~NL;Q-`$k&rH{Zwm}J7(2t@dLWBvU#__OA<Hs)e~dCC$FO5!*{ue_C+$_a67ds
z5lbTaAz;cdq47gct-+-C5#bL`zq}*p?4I=WI+c`^?9h71>}p6vWE7EM+a^AgHB1(x
zM$RNmz%*<MGTV3kCW<K6Z_jTP=)_wHS)h367}H9M*vz_m)qLKm4Ue!gl7t<-G^G~!
zDS9F$Qthx97r+zwYZ=1fha)$HKRQRlyDHUF>xVCc&sR<-%Y!}t^koX<GG{zI7AH43
zQyFAezP2H)a>#?%KjU8>hvdj>vZQ<fxUFkA&u1IMvD-+)2;*2Bu;mRkxVJS}R4akN
zd{s+}0&fS5+%Xo0^xU$b;QfT%5~g(C0m%Vxb}rE0X?K(Q5}oW*fPT7!#fGlWwv%{_
z-iKSP9?%G+$w@qd^7fW)YrZlW(|c4^J*-%}6l$fE!b!)Xe>@Y(tTSg+G#j$r`QfdH
z9rc)(xTOW~aN@W0)pR80V#N+9(FnR1qxO~*|M(Pe^Md5&?HFao&<2S?lNb40ho-Qh
zu*Me|g$v5b{g%K8WEXmh;OOeZu?ABl3_aidx5@WtPUlJUB_O0jQ*O0L>C{+!Kr))~
zV8;1ltC*#2)qJTGZ%W|=mv+9V)`dKH{cP;&1*?iS>t36nq1j4(#Hc&H);tir^2u)N
z@t9x@IUq75ZE%o#Auhf|6v$RGh-XLiJ6XGc@1->?p)1ku@sIO;Koh9^K|MuZ);l|u
zTsUPjp_VzqH8lF+i>xbEoIIgn@!S;O)knZhCEO)~F#Mkr{@BH({`g(Pds~khQGf}3
zj<r6u*k%73gSYC!RPWn5M@Vm6;ERZ(`tKvD_G55}<LgeYmu1VB)jzm49QhCl&r;yW
z!!6QC2QM4dVncK_*9^aimH1_3dU7<LizOfle-|S5I~|m(xKMKRk;<jJKoxtK#_h4i
zMsh?jLnN<tIYVW(on1nMWo7g?q(iO^N4Awf{sUC6Oy!TsA_!yGP^i#PY)pcI074#-
zok5f;eVVCqIaUGDudMAONeTHl1y^a&7H!|t3_WCM+iUJNYwmFmOq~*b8*eVYG^O(7
zL6(6Lt%(kj+Vw2et`T{$B;v#7BPpMYqNJQj(u#*DtD}9Z1zA>jr22){Qh$tSINH_V
zsYpalJtHzKI<q|=jnElB!!{u>xq2OiKEcm#X7DOHqz`p%V-4ESM0|#Uv9*0DWunag
z?VFvdtnAnP%EM+M(x%F%2iKz)M_o=Ml>N`+c_}NDmIxO=kj-Kmyasz=#!C$ff^La^
zI2yDyn-z@A8ARyUIA+J4vyjH;RF*uS;&IHbD<L1`tKQn)mvVSV93I}Ms;wK0%AHqw
zLp)?v7eH$_p`IGR;d@`n=$Q6dOYV-p@nR(gUTL)$=#(1R>*aE=L~S7AO;IpxC~af&
zJRI#rO;t7WzD+F>9gCXdhPltyE+6N~j2H6As3v5u(TA5$AUnG@VJJl|To}JbajB<O
zCbyi_;&K7%51HRQPEuF`oJgA)U}}Q8|7bT6SI!a&K+|?w8Gs=6urteiaKStd4<8v7
zMp^G<4F6HdRKjO%=OkgK$TLG?_c_b>lh(DNy1_@a{E++3`FpdU%>5V!uO%*i5Odt0
z&R(wf3&*muIF$9ZL9_0j9NTstIYsmgH-;%r0b-VO*VD@)Vex^<wdd(1Z<U#Pk+iQo
zK`DM>c1-~;A72#F)~=L<AHPDet*U`~;Q2u;hK)Sf>bb%BZ$t1N+(|KG5|xG@Kl5f3
z7rfsQKgKWtKVVK5^m{tRkp&waPa2uik%PIQ$<VD6QD|kCRbmM6a6p@zfQkBQV2W7I
z*O%@GV+>0%vzne7R)Oc8z8;5wb8hwsm0ibb){Q<{-3ty2LIbf|G4fd~s;OA6RL|9c
zqK=;0L`aACMRsF74&Ad?J%cQ-?JoXEfCe!RGzZ-72%UmPDtN2M?-mty-PGhSQnx<o
z@ZV!YKjcwW2k2itcXxCoAUGq+yj#{jy8RiX`j!#C7t<Uvb)Kd2DO>SugGuB(kwH~B
zJKs(qEPX&x(DR;EIa4Gmt?mPejbOAXCFsj9OeIGALUy*V-nn>e81B}EPLGXYu8tNt
zIXTbqgM+syh;(-`O_HmCPNz+(aaV)w*3GojOZg<6x3UbT6ar7EIo4=tx9s*i@+70b
z)?4ycLz<V6Mn=ZMht9pK#;bl75&L#PArgBv2L->*7z1$0Z@S~0LQcj7kAB5pl8Jt=
zMnb!bU5seC-b)%SbBi-clRDqVf<N=3-A{G?V;mu2V_wq4g{^+a?x?SFcsXS=tE0c=
z1Fo?6<sVMXO&Fo)lx;bp-bV-eWy^Y&^wE?HF<JMggqO~+o69q_;rAC6Xh-v~>321|
ztzD#CRY?|0W%tKU&efbo3M2aQZ~adnkccfD)Hlna8Se!Bd5~9W=fS&CQ%AQvDl1po
zenFx)p3CG4Q_<uAO{s~}^ya+A<$UY8`C?;8L8c$7lhbSfmXSYxS#t%3+0M-+ZDlSd
zSvK)@r$F=R6!_vO>hjhZt@&<x^QbMhc<ff%leRRoF6=&&!a&FkrR8$D2HqY~W_l6o
zU4FMO0B<X$74+Lf1W-@fN9WN&V@E1ZjhBjzmm3~Fm&>!@YwZ?Uv*8&wxlK(yZfAe;
zhfgHo?}c_c>{NW?Bd>PLFU@q)F->O6{5~Cuo{{+Q<Z5UME2lSoEH!zB%DxZNP`P{3
z0^ZS{miub68NEN<eBw(s=ZoF2=tp?CH_t%)jl4`ebko=`V`v*e<n6Lk!mn837A(Xh
z`_3ieL<Py1mIpf@c=2L)wh^d?J4nOZh}P{M_mrippoe&_(U0P-d3mv0smYC9*%D0L
z8}+dHga9&j{A*Sa<c#%m|N4&xkAu$jw7ObnYr@RiD~@urDMyj32;=3RB6Ml~?E7V)
zJPsZ6QE}iGyAbdX(jc}NyM3=g-F#Ws($>`|w0&~)UP`Rg%F-;a2DiauueB`e?v)XE
z`<>6xy)bxlu;ys_08!9+%h2BY!H{ghA3eCnaiwn452C#Q#&T-BeqrS2F5FE|VTu>&
z4e%`1TXFSXcNW9k79Y6%&Ug2n-wvAa+r!HI@890uCT2KaZwGUjcNbMMaB-Kmo~?Sr
zcN9668N?sxJPzif1s3N*E^3@$_Z{AF0&>_rVyFuX1EKe#5Am?rjh)X?8|Lk))i6z2
zRq(+5b^KWC{wpS8!BGU)ALH=C#po%&^LIX*gk^2Avt;01Vv+NC<97VauDt|8%KHs@
zpWRTEj;)MtpOKJ(NET~r2dQUGwPH5|97huz{_+>w$e_JLGtzldSPVtSkY~+mNs{qb
z!U`X<=@SaS`w2I}*B2Ko!(vgm+K#5F<YXsIrhqS`bMjOF(hVuY^sX?(ZRhFxBa_%o
z!p7Z{{sk4Hz$X$fTEbN~f{mmRQuXJhMh$^du;|t9b*aK{`2vgWG+t8nff*}v3bY(^
zk4+<?+R-bq568pKIhU5E&p+^baW>uUdBQU&Tb{;yQ$P*fr(3KTFeydDv1(ePIsCUH
zrakH7mFCIzb`WllZ(>$MRqj*oUpL1b`kmNKyYDfZp5E%G$K*gFmv2s6>%nlL<CA0O
z>ou3PFB7@>rKpr~F2z7j`U3)+xF5=u%+(m;(b94}WB!TT^|T*Z9T>5>s2andY=zOo
z*!St(DlGr%V}BTy(Far&pOc$uw<Rh+W!bH|DbEr3X9+4^sNu96474}>e6EkZbKQ->
z1uo0)6?*NmH)53Dk{)oKYML(M{-UOI;Wd*XmfY4g(BLIEG+AkWdTyfWMky84WuBaL
z=gn%}LN}<a^2`N3;^DJhQD!P|2ls-fWUa`xfGL7-;VPD2db!f)8_*iI0x}IXKNS-W
zJ+cys$cSmpJc$a*@St_<lm$cNUGQ;2RW-w?N`@FJ+8Uy+E8^*^b8qVd%{MOjrph^i
zCp8b)V%#ec_h5Nb#oup5?xzXiWBRjsC$~{${%9Yn;UP~(!w3n7$)Ii?*u(%xOk5c8
z28&!yPDR`n)#<(Xy4l;eXg{R4JMtBKhK4)3aOIq@yy!{niYrd;E@IV2Bbk;nHMkUQ
znC=jqFSGtQzih^D!nlOjP{LIFuI#R*F4&vl)eO$Jwqi76+CPak@r+=lq76N~2C^15
z)X@||k?q{|-QOb0SLZKACVq!UOtG(wbw%_rGfE(&z*ps>73thV&kta~`(L5Zkt}~_
z*s!xr5OaNwJByTel?@9NbrK7OWnJ<UC)0v=7#6!YjQt2nyc;_~uI0p`9xb6#q0uxg
zwIov<>8-*20-PhW!K=vUBWJpSAv;Rxf}R9P9P_VbY@REp3r6doqBnflMnCtdrTifc
zIq~AoIa~F-Ke4#oHZ};Ir|py2REzhHEluQDUY}a*x^cQCF@E^vsrHK>yR1NPy>q=%
zuKaLG!k{@dVC+_35PT%qL{*cswjr}O>y1*<<N(6R>P)l~P}S56u`|CM%4&!_UXk1b
zI{`4T*@`by4~(a$7)yOo`Xi)Ho8t*nVFk@sn_y+lvSdAJeG7U~Qn5}huZ5<Qos-Ms
zq?T}&t7;vCbeO8!^X9X4IryH_Lif$AQODFaMO_?aS;Q;K6X?rL)Rd9^S`Z)FE8Ub+
zpI71EzOYYd;xFB0+>DG)eAL%2UAeqR98<L+o?@5JFG*Zq7j$uEV7FKYurgxr9@|^4
z362F#=*ExZ`7!QImY?1?Dn~pNs7Lv~%kAV#d5(7KVZpyMqWUf{ypQ?x{4D3^PXw7~
z&wBcLB{Y1Ao4S;<tE-7Es@clv&_`S~suF?bTo#Aot{Bh8u#L9T&KK`Z=mP^uH=WPh
z*}^!ug=9F+4}A!S#UIFweD^WtSPMT16O}DetD<`>1=SeC&|3U(2)U1!lr(z?z+{$H
zHM}PFA`3Bbx@Cd(2G3d+Io#9tF1&EE7ug$dIy!<l$Mj1j>0x>5&#tyO@8F!@3x`1*
zpkI0k)eld-^lwd=%SjUiKWs_e?r5u+9gbG2rmVWhJgs<xE#;fBwRa$wa1Rb`^q6_z
zY;0o^{7$d44`O@fn-Gf0eG4?TpN{PEer8HYCQFi{*QVlir<A%JNUeD9hZs>h&WkG^
z{TUXXMi{-Ut1#tp4V~rCmhXS&HqP}p*<DnJk*SK#Gm0I8gtUD6Y{^x}#Pe$D0y308
zPn3iumGi63bmG0z*N?KIkmWXNuryN-$$&mNO7j&34a2aR3$tG{fn~vnPG-=Q(FX*M
z=4&K{-5F|tu1P?+k)5WQT~UW`S)g)ToqNLbw4|3kN}ef%{`gAj$h(o#mVt{tNupr%
zy^jIYqzf4ZNeCpeFV!k;rR(Tf_J&L=Ws9Y>zhTh6JNV)(3BGs2vFznY?6YjXz|ro&
zlbu+~RmW^ZW2+uBe)d&Hkm#dCf!xa%fgP(M^OoI9OPm9sJ%9k9G~&x1A0?5`<J4ot
zV%&f$C7x~d#_u-1sMSJ!b#Al?ys>R;deIiI%5GOp3{C3KS?~aX&ZvbN!or4SHr=qB
z-#_KAgk(C2J-uVE6=Cn`mgOq?)nPtjnlRL)PMuU5pbEO%RsC&%)7S(}9PmcI%>g$L
zkGku=bH*)eyd*R7b0B3-^WscvR3Y5V*6tlunhNiwE=?q6l#|Q;HH&@h{hpTy2NJTJ
zw;3l<kb4@_Va_il#vjt#D<3)1A3j;f#g<hqgg7Hqzx;KVw^yk%sJOtB7FtfSV(3!U
zfCP|OF*q8JL>A_LlGC|6puk?ZA8(j$edlP~<q!`|GV&$A!hajan(`ns{g$NavwYe}
z#EWK`LYQ23?xI8s7E-(}$;$BNS)0;uTuvL8m)I<q0<2`rnwpe2aG|PBAI?4CRhj#A
z=+L8W#d$@w3{|`+ae3S8nV%X9j0XcXfjJ6goKj2;OBs|zJ?UFHYr^o#hICZuU3jQc
z%%COh=&^;1lMK)z**Oh~-I^e0YbVHu6UoS&uIWHbZzZ{+SDN&CATDTKm(f{xCuo%*
zRvd0`Pm0Y(Ud#<ypXfSq>tQtW&jg1<HJ^DMw-^$B1V8JoWm8yvQ(DDgS3NYZ!^n1$
z@Kv||3xW2=;2sDs=V)dFR9P-q6L!@@)`UI(A(}7`E^xToWUfJ#iJ&p6E8W{U_X^3L
z_eJ*v?6=C2)DO-UD!v|FgUl;X1_ViSJeNz+G?pk!5F3S+53dfF%LvZk8N;b`4e*rd
zEa)}9)=a;rf)tI~CMk@+jNfo=+r{lLyLwTg(xiAil9pnfPm*<Ef2I6!iu)1T0Q}2(
z>ItA3G+JPEi9dryU#5mwGw;CYru_d6$Ni1YxxH|{XtF)OVfrt=OeHbUumMrYGSO~4
zF~WLl*n91e#r+Rf>k+#pWeGVDuirPS`rUZsWe|345ErW$g5$m@t=LmCC)0Bm_BY@x
zE%vc}y75_WA%;%+<=24-m|T<KjGcs5!E@$#L@{nRqcSXlAWSo;8K;he`PvipAfzI-
zAb>d@GD9;SZ$MAN8@BxOr)dz<pAZW44tv=HZf6Zg!s|gypPz#thk5PbTWlEju;=(Q
zu#)76&mVYpMix{<cXqtc(J`gi<IS9{{}2_uOHLnYx8#4Vf~0b)_-k<yZT(X4Iz;w;
z#qZ?>Qz&=&KZvsS)++;ZJ!>zm{q|v)2v}mH+n?#jk|$=d%lFYwzspI(N5wP+e&&``
zqpcG^V`O2?y+X3_8Tt{a-s7!5GBf#cAeW|U0x!3`icAK7kTX62H)xS#anX|S-#K%(
zwM#BJ!|ywwgL=2}85CJIqpORA#qdRrV(07`l&oPis6xPx;}>{qgwQ2Pgc%Y&RekNK
z#&*{Pt9AJxGb@74)ze8kMwT8~HJj(`27TS1x=}bBTIQ%6JpQ?%AHeUJSB@lhm|iUI
zPIJHoL*GI&44EgG202ri()-^olc_S{6Ooe#*-9b;&E3^rFI<0veQIA`F<#5bs;U}=
z;GjasZK;!3Oe$t-=33AHBvSwr_>tc)KQZ@8SVl)i5WP_3<}{yvLP2<&+3Ce?LQx}U
z3t=W<LkXgNDHc<2V-z_?)!jO=<L*3qyvB$z7Zw0aC;;>U-`f7x=g@V!_zgE0onOP@
z7P4|e9vjD7eKC%&xfOw&;NJCKcm22jeBzwplNu!~o+lkztS${2|MTbZRtTnVQ{G3|
z^DJRe^xr|@{|Fq=rOoMt!0q4|ii;E>rALocOGxLM3pFY-N`tvgc@*1J4;PGCX>rQ}
z?aHVPdl%vB{h+e--J%;V=gM)lr-%});VE6u0G@lNrPlKn!I+PWF)6>VIs?zl{5&2R
z@osLrlmdV1R$2_eL<uzq)vN7dEa(1;(e6JL{Pq6hjCqn$`n+T4prvAR8rTepODKp)
ztDkN#0tv%3MLQK00uKIt9A<&Xt}Cvrls`%WXyk8*EEY|qw~cROz$YD!_V7jZ^xO(*
z8l@jOpY-=G5F*#_06+~P#+9meTqxRRnPkqGQ~^obRV7RffNrbWv*R#F_rHXtKw;F{
zx?hOdde7xqSy|tVJC7h&%Lb`}2qGdP6#J8S#Kq<Mot%WZrUS<}huiJl=)XLg2=w?N
zpd8xy$GH^0KxQ%uFuX`<RK&kzm!v5;YTvFof)=C~5dMRkw+bX_#XH9DL4+ZctVEzQ
zV3|BX&keRDIu)|kjNhUp`q;HWwQ3bSY8@ES&LRinoCbL2!Bg8+oJ8m&-`<T_ZwqwU
zj1+MdK^`)Rw6mR@iS+cWa%!XKaZjuKvRf$4P+tY-+<jiI7!!-ci^)7+_9#>7ozp{7
z=AVxCH1d8vyZC_JaIxPu%46lcwM4PE;D(*y%RMkKWMV0VRIMJp7wHCG1vnw%yaD$I
zj-b<169X}%--6^xYC#n)_*ZqWKvQcgiP}ao@7%=eh4r{t>rK^EvP(;G6cP#a63N{8
z@U6FrKK8GMD&(|w;oiVEZiL^L3%y|ab9#k71DJ@H7OnXVgD9sVFOqt!ybH#y_9D#e
z{k0-MCj=HTx+M3Sz)PY%v_xRGD^~kG9Tt~s03<1MYKk%Vs;djBg4ER2KmAyFVlZ5*
z+})0u=!(9cA8c)ZC@rH*9d2`Te5_!;*e9uGLQKM<H=^W%pGc7X^BekPi9?~CjVxD}
z8~mCrfsg=N)<VjcSk1`R1FMd-EBsz0t?x@`yGt@+F!d??iGqd{Z6yEbWN$}WEilqD
zm?tq*T{(TX><!-8&WeW!g@jzo0^{6BHI8f9#g&vLXZV8Uhkp<^G=c4AL#=J>J1P(<
zR~W>-Uu+H=wzf$jJ8!IUt!Y&~L94W8uM044ITCR+-&mfnS<JJc$J_%W8eh#^IIm4V
zClmicIJ@`(P1u97vyP|0`SwzN?`{c57x*Wg*8Ry0PCm5?4nV6-ADJctd$vbqF(QJE
z@LN~k@{6QEW$p@}nY0ihw2&jR0Stk28s#kUs8wyJ?Cd;j_ena&q5jtGN-LKgJtSt9
zel@jsfj`1uOq27UR!y#KEjJ1JvQc)`gsY_j$UgfS`U0Xl?UT>m%%pX7SB&2oW!=^2
z9q|aMD+}>-^U`U;8H!PS=QC=-r)2DzEdejMKgd+I+!iOPj?aYeDNZpCiSYj9H`Q^7
zM_MrUv!|2+W<;*)Y<j#&UEUvt3i@q`lo~aELiF}nx-2>=EVGkkNvWP0W8IsnBurw@
zfFU3Hh7~gmFYgN&!(#l8XcOXW8fq^vMDC9H86zo}hI(T?_I|_p*%y1dV>Jpmd8b1W
z4;#ZMZ;vhTHY`>zmqmNndSqm~pEceLrA_-^vJR06fAsV`2wbp_U-@(K27Qw*x3l_o
z+APE<2xHN1a_J<B<o0b7s<E9aRK^18ZXRaf2%h6FTvGt?)nr$F2YBllpL;D-qcL)G
z>hXfREUb5S0@SI4>_J2s=Jk=5xFPjvz1izIIn{{O`0Lg-wjE1LMCJhK-W@Z$pcz-R
z36Us1N|I|L;-C$Im!A(>TJ-E~$^O>v7EG{9J2@jJwVnWU;Q<BOL?cZ^ZAo`V=NAyW
zj!@_);#G<FDHWd^@b1Y;$sjnc<F{`_wB{x*uhgv;+U|EL{Rp3tM0aqv08*xrymLA#
zZY-{DuBxB2RA52@b};eQ(s*rbMNM}!Fe@Vm4UfJ-@XrH^r;;X&*E64GHZ)(AcD^<i
zkTs{>I^30bSfaB1#^QXiM~wGHo0cduT(14ms43|^(&{n6?)<{U{J7t`F$y)eMvM5`
z<h$9IqG}}ZO=M^hvlfwCfT^NkLZ|msUp}n%`#?fa)PoS?re%Hn@Y(2mjVhFQWozeq
zBy1CwaB2BFH|HVlM(|!OUZpqe3_R;ts<#kdg(!l~X2yBbr(xzqQ{?1W{+d9rNkP!`
zgVJg^qrI>@PUp|BgI>uG#9>FDuOL@FRhRS0C*FCB6x?t6h0hZ8{1<Y}rzndD6=&Jf
zROoOHj7+**O@3+VCnb!hOfL#qLop0qZqd1sJ%IZDG}mq|fVqCT>Kdwrc49Lk`*&=S
z9Mk>{N%;+EBaO^gLTNQ$-!oLv>Ys=pZmboOQ`O0!$W?gf<(E3g{6CviCWV|a)srTJ
za6;usQgYrF!9M?Dt=_|fay$)^c>1JSx`~HN@5x)-*@n3VFfAgtSguK6GAi!NlK7D2
zWBKr5hMf`!Q`d4%ZN3`$izu8gI}M|U-id#NuhZE3_=@<rirss!b61qDslM;!T~z$X
zfdgY{?TwJQ8rgVKr@~vo(hI1+dd!>{9iA*ppb-{23BHi9Fqa^+Vlp+iRaFMBGyySf
z!5|7>aK-dIXCW_VO34_fwx9o8RS}=<mb+dm)*Ga^L@!5a-c^ygPqT3npK=ntEsrOT
zsF9AsN}+3q?9(9<qbQW<=F4L69=?RqDP>-=wMP`CMdoRvcgdX47_u{@aLvR_57~3S
zfl7XV_YEwLq>S#_1&pbs8D5+;ngZM;AOwGYLO)@1wnCRr=s#}L){DSqPrxE+KJkf*
zdpCiRjaAyj?^S)n&B*wCz<IPXV>d&Nz^iOBYgrq4f^TW{YT7yx_sxDb)5Wo)T<GYh
z09xzCvnyhv#3-}c7UX$RU)3ISJQYHc-EY8#im0ENMxZkfXnqL>Y8{y&fb-uWO(4;n
zE)lA#@fbOePoO}i$M4uWAPZC|4e84JdWW7<QjHTN1?a><{$hsuqAPhqckD8CPv{N6
z2_|5+BYp3Na#HK6dbh6E-#R!vY-VY>(M-3JlJQpA$*#H_7&xoW43~w5b(t2IDk_MK
zKLVHL&YttV4w1E}T1i}yxD6%sz4S^W*!L3tDsA(nA1w<Ox$uPmZ-G@BC#5!b4s{}l
zFpm10q|_|-4r(c__#qN%pPkF<)`vB7tEIKN{+=PG*J|=OuHk4vPZ)Qf!m*m3M(A9i
zdcxXTZca6MT}>&C_=$)@ali8`4y@oB0Ap<M>9)@cFHyVQmaF5t_R>!NZlS|oFw8;D
zUykp`55-XfgP8kFg*Ci&Xe|}uWMWs(!1veplS&C|R=Gcl5b+a!h95sM-@woPS-O#f
zkq$P)$7;M8C$m8~L8}@JB#IPk7U^AiQqo{Y3P3aUD1#-bdpk>hvKI*}E{phaAU*cM
zQA4*G_b9AP2WJMxdDwdcHQSStfgsjUhub+9q=+uQPS@dDX#Ypn?|0F~C8&+F&@S9{
zTI)1k)4t81DYGtXW6G4DvY?-*xnHZu*4MiV?F!`_9dW|lxO+G)Xn_QrMO{84$52NR
z&nDp4B5u>k*0d(F8;bGg+0Gc5IHV*@o_|w}=&5>_ldAOI>@7myxBgh|#mLMMOwca@
zs^Y?@Q;wEW1p=*`?(fa5@ob}F(bLfo4d2$LBnJ1j`>d^5EO`yRH8&CuP2Ev2sQU~_
z({{}H8K*=;-1lw80CeG=Q(Zv1zt6_0OFm{bv;Nhg?pHPD+{zPHOWFZhHgi`x(2hJ~
zLcF=q4OJ2oHi{fB0>FUzl~q*4q@<$4uyGJ`+wFS0aB+|Nu#M~=w0Lu1<y^svmYgQV
z`$ER_C|OwNQ-@=yY*|3>fetDU55D599+D{Tvx;dvNk8Ov3Ci4E_;-tBmFFzGt+CXu
zLg|eADXmci#JNTSz#f<ME%n?F?H{vYY?E}Ax~!aOtmV4<oFu%ecJ7=hgCm9SMz%pC
zHWRAF)tvg@<7`I98g<HmW=x*s_m#RPHF`PYws}XEsL-ztQFz_f6H-o`t<tkX`^rST
z@r)eI(l!>N#O%U8V__Jkc}Sy-ZO<cmpJH^Gaqe*Ds6!iS5Dg6n)kPaNb}S<!BNfdm
zY^^g!-+#)WV782yR=KU2C^yliV4b=KB87y3G`-P?g99~m53Kj*1_9AuEH&S0n%Ns9
zq5zDlN`wJ%FwS)EZ83Pw^8tb4O6371=62}e6Zup$;wTd^OI1`K9%v-X@D7(#e-LF%
zvG8q~lp$TyN5Vw2H)05(@32aS{wN-m9yX-Ki;quES2fEkqii~*DH$VO#sI$`#b`Ct
zfI1}@Ibxjp5cuP69fm9OVCJXZcP9^gR#9pvL}yU%<{U80QVni2Ukely@G&=%CZrML
zR>;kH?b^i2XL`vpDkxz)nqvKmSublrYtH&PWV!mwukl7}9jcc<ahIiO5i1NxxLGQq
ztRt!PDrW5Idt|$_$0Mkl;!1R#(%5ZKIMlcq_s3Pf4j?s*(-VtCSifFY{>nm8mf$fX
zyJe!E!wx)$I8|M+aI6;%=7j(`JcXjp&O8M#eR6F^D$1<a0A23Yj5aSp*HIo>hS^<t
z?Ou63Id65_hKs3A{_B2cfeA}ddq?i_s<|DP5k%#fuK~)8r}1Nrd=(jOj<GA-@6Z)Z
zR^eS!5Ea^z4pDWYinl&@J1>@_FeC7c^7cJMJd!iCnC_!T#jf9)bP3IL%g#oQA=Z8<
zL?eliQ1Itw$H+Hkr5tC>UspG%%IGzbfxRii%L04@{S@TxC%Svb>uv0Q83P)u?lWdy
zEDwpCG=mDPrg_$UPwT+32D}(SiW_yWq;rXWX#>}AsWoUq3q%A*1Ao1&=K`l%@;dV6
z3WTyC<G99&sc9v-i{F%zcEv!g{uG3<s9c7KD~pk@oz60;4z9p*p_mEr9u*h+k??ix
ziV$8CbFK)(6K{c=krkZGOS{;xUgO`4=wT>s_GLCIcX}1PIsBvE9FY^^M(2RL2rE}$
zcYx-LSM}C*YR1?8>}>w>MT26?!IBB<hS6c{6(0PvwAeY5tTlQ5lmaZXN3LSORwAl9
z0JBeJ{)ew1Q<LoWT=*&diS&0uo4t4F@;1#GM)fco(%6=gUT>4%V$w#P<Hd0+(FO8r
zWyFSfDltCROeJG{5;lYvlBDDfpwbsEkX7u>H*1G4n|#<7Lj}(-tLdN?G^OC?v~3Hu
z`kz~=<u4DOF*Q}iTsC2=lqDyv<O=eEN;}V}pxzRlZ26F{D_%Q!B6x7Nd2NWhR6KXp
z*d1-O4O0`|X04I$jZyX~!?+ztZ)9XP1fl-tz}OG40gVxke~i8AbtCgPSJq8)3gX%a
zZK7KLH%JGEt3h@QABz}eLy$(M^@27+UL<T7N?90^&j{C#>b#4&{-&onRRhgH*Ry-~
zyxt3$b7UdBJrF&;(G>&ZOw^j`n~bgpm+U)|%Ug=b(+LT&nF#fn=Ehp=6oInUf!`6<
zx%<09Le6XqSg>Kk_D>6`Z-_fMi%A64UNEdVf7Z?YV6t*Rro6kFu;nKW;-b;ZDE;YI
zw=$plQtvyx!nSnLO2+bm9DsJH5Fx`{tf7fTY0u$&f*>B4L-oYmp7xXzuU}@0l?Fh;
zp?^P>TPhMQTW%3Odq>tMqKGxhBADuqW3`QN+2onkL3w}aHtk`FHH0_U8v7khFwq~Q
zENdos@oK^9XkuY1|H|xD5}*Rc!jKm5h8_5Hol>2Q&{^b$MtRMM+OQkf>Gp~LaV3Z8
z)Ff`z;5(*LZ+Vd(Pb0BF@vH5mN1{NdOStiiE;qql5wVAr3%IzocqsSq@>4c(*_&5V
z+m~%O97~=p4^!ZqJ)?A%f!1YxLg)G=p#{NeQvcU5_$oQa3g|vj+9%27XyeuGEAk6M
z<13tCQI0N-FIiN+yZgYh#8=)<>5-d|Y2>c6y|x-SviP;WNYf!kI$Pvsug%QGP`?~g
zlX1cr%dr$$<(nkI`{9;T-`n5u#@!OJMiuG5A_V;_Zr<H4V2LYUUFG1_yeaFkif!>f
zjptZGK5U}u0wO#RWZU0&hvjnC*k4YeEKF)oifs5|+u&|ArsX4fQuGqu`eH?T#Mn;`
zGB3gh$T@uAULfB$>@<8kbC+S;M<g6(bXS2F6GofjSfONq)lf!WP`h%2?IKpUDF8ps
zyj4w2TIp+v-rvMpy70ez<+GV#%(e~*)5wE!WZfX$Utc-N!~DYUFT;KCX8krZtd0Pd
zAl_lRDAl0iP4@0eR6NMRcasMka;$BjPs7eN?|w#ff14Du8Ub>EIMXz(%thS#?g@zJ
zoQg%0gD~S}({n(#J4^hxL!RP6+A;pGZ^E*qD$4c=G1ZKGDHgxF`F!QfWH7yIOS3wv
z;qW8O`fyGv_`0Rbo$(jMZu@4otLf;2y>OFU-xMt<Cd^?W&wJIg`6TJmV#Nsi1{=nH
ztlUXkI=S}h#Rrx#_$8@0%>TYCseDy|rU|srC6<Z5eYaq|(nWhHzsZ=nzydM=aop}H
zUS8{~$WK|iQquTS`T{j{4iW141{yz?MTi^KJR0b(S!P>Q8?S}1vw0!+^!`3ZEFx>q
zM=e~cp3u7Cj@ar*Jku}m_yT#1E20s<UnbdU%<o|dIjhUD-g6a3A$~YK-gI;$p66|H
zNIK?DsxtLXNE-%+f$qXjDF(l8ehgDIXgR%cOK6E{x~3KEIWjS^U^3)Nsd|8~X&<E+
ziv>I=U&X6wykxFvbF7S$$R}j#e~L%zOZ1MBYh)?{z?gjJSECCxYTnl>>?P~NkLR?l
zeuR(|$3&L=ewMU=S)$Zv@3oym802bCL~G`1&6I9hNJ;KMzICwOrsIjWLz+4|HyJu~
zF9Cj%Bi#qkGACQ-i&Q)WOTglec8OmcJ{=U`1Th9T7<Z-ZFz_pvm+u9npyNW3QyDQB
z9ZN#SvfJ|HBc7+)4j>hoQ@0cuFmqu$9h=rM4sK~j(=?RoFrQ(c^saO7KULVGHkh1z
z$(Dx4ZA&+K_LHWiLJ}3Ku(xXT!UlW!IE{H^dXXXqh8-g(?{t@#5yj|O3@J$Z0&$SO
zmM&6o^i9z;rBaxuN4G7sW@eVz<WCsCra&#wS4d)%V6-igbl0Zs#`u<BrA)$Soqe~#
zpCD11rqhR8fu)w3AlENrBjZB}F`Ht{Z?xUAgGtk5URGGE%EKe>!qiFLnbu9qCNQo~
zB&l9A`se#-D&AmUrA_HXe{Czx_eolzg^0T*W?&>>;c3$tnq~-Ue*i`1CUDgm$iSEt
zKDv@9<bxs_vHQE4*AiNS2NMgoZN9X_#)}ij7>0~p6frV_EL=u46H3EtrTyrWB2FP=
zye^KUH^N_zrPos8jw`B~FfGW>)bAIXwW`#6btoKoM2c#g(#M1g$)I+{Yo&IIWZEu@
z)d~Eu_iJaI@-4*;X-xihoZkqxqnv2l!^{Y#iWn{MTo_hKa!$h=Uu+6y9>RGcyAo?9
zZz>s^6e*yB^lIGnKXJD8o1+9hbwQXi3v<dG#3+ML`)2IaMkldVtZ15Ol-TCco+VsB
z$LhkJXwRwhla93$)FJ8z<_0U%CuuBsr`^LEK6P=&RqE+1^`2cnW-m&On28m?3iv5^
z!ng9&VRP3&L!C-zY$KsGQ);beS2Z)>3fF0rUEW6688x#u(fH2)kl3cc*;IHt9AQo(
z-FsZJBRK)$<CurSL9jzZmzKeyLAp%on&)z~>b>Q$FBNVAmumy!GA&F|y?)Y>ydD@(
zQgoT~%Y|%0b;KG@(eX@hi??d5C-6DoY5APvFN?ScySRi|NW2Cmib;~1m6f^x6f5<Y
zt|87WkAwbJU%l#P_eVmt*sG0RJO{o99$|rqy1Z>OB1?c=t^Q}hXIqk$WZjCmBM;}F
zzXTTAv5;tRp~q8{2PjfMR&nysfFuBY6R_o3@-Z7APY4v9l)T!I*n=OdPx0(PH75Bq
z5W@iVF?m66_#RmKy8Vo_7H<Xxv8J|`s!KpzToG%W_?qonSkG5e0vKXE3j~t?d4!L9
zd}+~voKsh_<nt1*7k%>hNXQ|a0J58tHxZ=`2*>aLd2feL0canT3cuUDma{_+F?X$+
zn1be3J%OT93}gaRk!H5Gz!M7(<P`wq7J7VNU_Y>!Z#eQw5aU(_w5A3N0JBZ#k<YO+
z(09WC;u`>4KXU-KDeRi8U)%u8615DI5{O<zm?W1V0N)&V;D)TP1Tel7Q<;ki4EW;~
zfy>z!MXZc4w)6D`g3a%p*>WA$Umd_hcjHP*WuFi=oJ?=H3<Icku>zmH<tLWYja;~i
z@P#<!_Z&+6mv5M4;=ug5-Q$t*11)g?f0&_74`4edmpq=+V`fLGz7_cY7#hDb)8h`C
zWKh7rPUx?DdIBVk<T<8W^RXYZM`O=`dx<ytf4(68_ExrmL7JrtYBJ3B_4C$EEGm*H
ziPP53CQdH&O0|DK-H502TYIG4wUP*3d8mfu89;sD(-fuBCm@fh>;KP<18;bhft2uW
zBB!{Cw1fK<(v7#Ot`THtL4qB)e9Mldwmss%L<I<#xRRT|Q2cr~)h%x(veWi#o>o)-
zHrq;CqN5JmpRLlV8*O{KtiO=t(JeW;g$*4H)mKu0r=MRR0a1D^0K39p`(Vq^XaE_G
z<Zxwqr%nwGH5)OKs8W(lAk9OewQ^Df{z`{j*`l3%c01F`Indn>95Apg!}Q1s-hKT(
z9Lp~&LFebK0I*@h;nOF1Tw}Dy932=F`00F)(oCv`4Dhu#;y>>Gr$9TiX#RgW?ElgR
zhsc0c%WGiu$L+r#b6Q4b;QYaBswFupB56*dc2Fecx4-1(ZxtgoS^7$g5Q!P{nxC5{
zDtKmcG@!ZJuU6z<8s$-Q9v4ylOLOMh=U7D?2|@9;kv%Z3iK(ESKHF2wNP0;i>-b%K
zE|%l(R|2{al8NI~CE1VsNjV=yR63}Q>Xw25oj!uMwW`ZJWZ}J}ed5t$LWx3wFWL8)
zm_E}6_)ZvrxB)CEWmc?U$+$0As2K_?JRxA*=x)>GoY1eli4?ix#UTJE>3e7*_@LH+
z9V|kzeUY&nKV1Hw*U>AnMJe5n9Nnx@9Q^mon^9H?poHDknSB5H9NCG-n(o!hC18Wd
zzf1NUYU2M7YSG!sHbjekM2&~qx_d^Ajox)*`J#A*8Zef>$p58UIZ>R>)G^QY_eGOG
z$Cw%9OL|%fAR&h?Gd#kq|5JBPgfR+BZ6!Rt1wzcZ(N8^ca=()qHU$|x0cPex+Q_fC
z|1y_=Xr7#$jMXELYQ97XT0jAE7!iXZ?^}^0em{lwDq&4c)&M(PzlXk~!qy=<JT-dJ
zVgD~t1+)pypGG!t?}r~PjU6SMUt=PFDojE<dU(XV3@mfmHKB`41Am3I?ZpR8l@V+h
z4Ffzze#*ZsA(EdmrnLWqUV>O6J#zGyjU>M^f<JZ0s687Z<Xl_=<PSq1^M`;%$%!fi
z>=F8jd@JBQ{@v==;xqpxPybgI>A#f(7(7YF&3Hh<iIT-eLBc_m%flf8u7Ur>zh6Ua
zHZrZ0*@&{zdrhwBp&?*)7rkv2<K<s+{*QA4G$&U=U?x?VYfj*4ojRng*-=wl6YA;A
zixUXs0Pk?fuUy@+L*yy{mTSQ5ELaCiV{KkQtp)!`R6q<;X25t)dE{*}MhXl#a5gD`
zAM=b@S9g9kf+dr`=;;1aEeNqXk=3Npt)ynVqKwf;t(8&<v4$txft^0Tyxxe6#|8af
zR5Xx;aq1%jRvqXXTSeFc%$-&&r*(yn{iM4*{QWt4rTc#vBIHV|e|M!zT800i4FCMp
z|5twazx+#;8j_=lBSl3KN}~~FU=HV3vvKtY#W_UW4o=c%|8g@UvP8APb-G&<B-Y*Q
zKx!(xp#fQ{1Nz8S!3K&oyIBAJ!jJvo*Qr841?&AAdO3d;!al|R(ci+Kp0Ni4E+J?s
z+UMU~!fB+=1r_S$T(Tx}&Xn!@A2ZnKmnQtF?|D=6xzx00Lmn-=EU@kf<>?c3ru54u
zJtAtj67V*5t$*A04~%$TRKc_+UbxXT3Qipw8aUe}f+SH2<A0reheBi!bEZ{q+nzQW
zEvU?j9M}Ma_1F2|Fb4fDBV+aAS^!h${C!Vh|D3pkG&$f|lU1IS{wsd@``k)Y|Ni>_
zH;4XTP8|q)=H`^pjbaFwKU1>TAbT_*ie+KBxt;tUPS?68qB)a265|w*WFkI%{KBGd
z!N08K|98hc*xmlQ-$FGqS|Wd30-E|-+lo-uqVF%aAqQIPpOhe?_k9$%N7sBBx%K;2
z0`K{?Ni~G)xglN)?syd|HhSy2t76OF*P!LsVoaiJSM4r8IPCTgGvqh(qj><z)H<1D
zM0!4%wZ;%Q3N%m06x*ANqe@TbPi28vr4kMJRl7^B=yubA{+92@4?L;_^7)UkfTn^Y
zPYb}X>jrReI#@LDT;lws?#W-zAy(K}mcxH*3(jAW>vJ%t_kXxzcuInP4!6?vqcr@N
zDfzGH^S`A2zb@dvY}li?*QGFa?aQ`q2Fz2RFH2Hkx3=F((mVxXwd;<5g=SSaNRIR*
zAqM=IS0gA$va)LWx&bpgLR*o){&(kW(6jscp%sPR9F>v&ovMm*c5xHHly`L|2Esqm
zXP#^Qe+9{pq2~W;@4CX8>b7kF1yL{*fgnvmdJQ5PsZxS;Py|GZfYM7MO@a`LN)IB^
zrAku*7!fJb1Og}lLI(*of^?(_Qtys`JNLV<_k7=ZIC<I+StWDL%rVwnbFVSwI6FJb
zdwnV!j0&SNNM@C))ItfI-Z?<{E2i8QRHO)mg@=C1zBm1wz7+fmCg3a;&pc_l61JU>
zFh@m1b#vP0ARf;?DKG_h1IAs<{<h%;EFY4dr`e6?uc!wcTAZ-hueTAbybpj)obGf!
zls&qn#-sZG06;9{e*wVXB=G;)@V`<aY9Sycy=Fvp9b%a0$KHMl8K99*M^yhF5ulx&
z`u;g4U!X$is;iSSF5=?GW;ek~6o(<uHvPRm&@3azNd&CDWj?##DLWOS<rp9gzfX?b
zqQtB?NNHSg7*Lw`S136l2?dIBozLFv5!qJ;yZO=;IHy7g<5S)xEJ;8d8q^9xbv<sL
zx-}$-4;#5i7!3IrVk(2DD~)T-jd&g(P4t8+=MWcu!|>Dv;L=COw4uespb2q?WFqvR
zR*l^N_=B<4)zzaL9cT(l(2AZpsVyA~z;6^K43*GOHcctNCDiy-a=+O;5&~ZKR{Ce(
z_3uI8ypZ(BCsT-;DPR9Q138YWBS8Runf`%a;N+}aukc#<c*yyF6O-K14^*_}O1LBn
zqT2oyDr@*?gbBkmuC`RC!+2%$SrT-PU;X+OswkAKGiA!y5V;v2_lvdHRJV+1s<UCL
zQ%s~hqVi$RlYmQ~0i;m=gh<v7fSOW=G}3f9SE?2F>DseeNIJ|h!gtK*+ji%6i@wh$
z^k&SD5#}d!oY}s*%(Gc!wubAM4Uc<NHqSg5yC{WwspWF_4@*+!v``iarR6iRMRBpK
zk49A5LD?)MNe&6^91Rl<3pJfW@s-oyB$>~}B@=Ee^K8y+LoZW~iiQT;&d1BI(b-sn
zm9so=7Tyv`RgSOZHLM+<&#;wG*EoycI#)VH85T&RBA1FwI9P0N1iAy)W_kVI;VrR>
zIbSk8RXK8DoXEk>ZfXTQF@2YUUEg*{zU$#(pyTyuWVT+Y#phfpU3^36K$Dw%WG$P2
z?bn*lqQs%*X6=@W!8%|&^V{FtO$2BucLm#~gj3uvFpZJ4|0p-l&Xx+0%;3LiOz2x3
zNp&U|1rdlQ-=d4oC@BaOT+A{z6UjBXrXzk}osyN%E2_h)fnsN8&zI{WbZO^nmX}{l
zNh(;g-?`9R`&K5aszBp)yM*0~`s(V3pCinLW<>M7l6pmZ71e)<&s@@1N!{%AFFc6e
z>@=>igX(b2RJMD?TZ?AgNFxu0R4G4q<`@lPx&B=R$#X$4CClbnDF@Eum)vdHE$w*H
z_PX2!v|wLD+KPtd(M4~}+`BkF4l6TiBx%|@GZmx#U79^TX(cRmzQ{W>7m7qr@bCe6
z%>m%`=KLkZDVehsMsK!$1k@3W+j3HjJ}qxGJM^o+G6l4_kH^BbrZ#1qVu`PBoq(&P
zK6+ptoAT16iQ^<7-O^}>Y$U&Jp8DBDrf<ZiKJLm6zX7AlfHPK@f}=xvu><_vtU}+&
zc-^5yJB<({krUx#C)s9RCH0bj0(v1&b8fkcs0ioWaL&$5d2Frq%MGViGH4rh_#>!R
zf`6{UUITi5z{e|Pi|FEG^roL!Bm`xnZ`N?m%3D-d_gB#FsCeNKjXxGU7<|`BjJdl_
z_uZkr1pA#gHe!VQ3BG3wiIJ$6)^S>I+P-h?=Gn8_s?a}XX5V9fs;lVwxJCB7t;`b`
zyMrzyfLY38!R&Io)JIN0hvn@s>1~=m(M9h^&sv&3dyO!++%0t}v%7id6J#;Av7za!
zH+z0@g%2Hl=2ijZCmH`VVc(|KT_&H-3?io_qK{84eBh*lwl3WLeFKjYjXi|(MZD<q
z9=>C+R(Sa2>A-z7NFz1G<H0d~{R$(O&bJEK6q6#E;l9|F5L+i7b|>LhnKzJ6s;lQ(
zpVC6*#M)Y_Sl&U8@5jgOk))b5X0i3y(^u=LXzSS5Khwv=SD&G6pLuJmrcC9J20zuh
z4}owu4G)XFxc3YmuEm@dB{cmj#r$P>bGE9#I+sb4xyvP^_BP@`Pb8)Q4v}z>^%mP?
zIBkE=n?bh51HOk6SvvOgKI^@cYLOAj${L?v6k*Fuiv{h4R_>RNNF1=wb~==6cPz=V
zZTqbUalls-R3R5BmW)oe19E?Iw$smBB}axu0iw8}-B-!|$|9sU^v0$)_|siERe6nV
zXHUMfi;L$AUG)@Tm~o&QaiH?9(_6mSF#$-Pt6N?JpRd^!=2JkRqWaUYUNQ+dNOq-n
zVViiMGMgZBIxg#489yL7O^<RNB94B%aX$P}D1k{|9cL(%r6@0u`k88uU_g+RI`?hu
znkbiMH&H~wRM^`^(Bz(?39Cy{`=j>HwXrwT5_Q;e`}q9mxl>OSCa(K}*wfkMqa)W1
zk8^PHWDOk$TY08wv-Q7dvygo#TTM;g3^&u<IQe9nRWxMdqr|3G5Cd%(y=k<uPPoGZ
zmRCU0zXFd8P{bc=_{>&D4Q4Q(Uz=qlCR1P}aON<D(UIDiT6o2_=bbFm4_zy#odf09
zEuAwD_#r2*Z-0<Mc~t6(m9WC+6VBbH7G_A7$;vg+7rA{hS<XjWpwiMW3CIL_m+sPL
zrx5K?zPz?&bP2CELvK!KNMD3Qgc2d#1p&cb87^v=()w!*3AA){Q_%=|?q)YZ3K1!+
zV{Ya@xO2UBO8Pl8Eo1NA!o@LZ{*n&YwTP=KUg=jlz5FcAqBl0__Ao4ooh=#jY^fPo
z`-<DQJrFB$3U@*V7OKa<Yc)ZUoNA<wtikV)<~(sq>aEX%lJNwX%u5ParGp~sjX=OL
zvr+n1q#&ho7T{hKlm$c%hpv)hj~2O(82Ky}`8z)@^A79zJ`N4i;I{=7WY5nb@4l_1
zvr<w=1O)!5BG=_cZ}G+@&pM+IL2go)xgAbfvI{psd-_#`D$E&(HLoKe-7?l@e*|hn
zVaiOdF<82LiXVQmIaH`c*%iu74D>(QUmPM5O`fc;^S@`rWaIKcW(M4CbbC_Sc{S8*
z0|P};;@5n9I6Y>Pa`>fL^~3Dv_>ywUb2wx36N}ujn(q3{U*5PH$J=0fL;2ei#Uu!x
zb-Rkce-#$|=a6Joy2Fv=AU@BGG2u?b_FHo<Soj@B0iBMM#^b|LgS!qf;JDn<YQ9d%
zts-|1HFY1@7jYe<+oK^X1+)xB?`1d{fa?q4egSlEIyQ`NJdcc7QnZ8xGLEFeAgr{Q
z11`XX8%Lh2;{kbZR<B_87~Fb=dkO-n^(`(%oQMjI$nFtwd8LitT*)_KM&hm=&*u-#
zEs4r)6f+(DDt4XOSW4_+*ppkvh->$x2~8_qOG}krU8T6^>jHQ5Hgtb(@n=1QIhsHJ
zwU_}bcZA@MS=u!-R;^|pH18}Q_`QfL9+;Mz8<?9Ht;bJZ_xARM`)&8E_c|g=t7uS;
zW@g;(FQq-)i9=URiwAQHs}fb~*sU^njOUeE!lN6+t$M!Jh<|WDI(NFl4{nI0uh_Q%
z1;<}+6!ev)^5e&wjdL5WZRxa~jX;sXpx|KLm2WhqDjz&8I1H65#C|ThO2=(_2Qs7m
zXK__Nt*dq``*e1rU4~!CPgZ`?;MODaq2yUEa^`VxYdGIB&s7@Gk4sd^!#`+N=#b4#
z1?y{>Ny|`lmn3wBz=t2EH)~N)Q1Rq0!N1z>#B2y#GF|kjz9f|;3zhmf`@IL1t+0y{
zTO*Pt+IHv@><6)_$oX$;$Qhr@EyC^@Gu<?xov2{lrF+yX%a;dRt-Owy`lMhgUFmX?
z<DTx(G#@7-wC%O<%cn9Ueqy>Fx^`ZKE^PKqPu+608w%i>t~D;ilfu(G?nKwFld{N!
zJ~Vf<S>268MNn|riK-TZSr!++8H6`)Y0ElZA38H#Jl#Czj;r_Aj^R-fI^0?*obhrQ
zb4M=s(<8~)fL#BPT!_!gx8a&SRsYh!RZNx3!cJAtVADDj)My5*;6$r56l>mlhQq-9
zn5F9-tOd$1hSSg3?I^EAap>lJM0%kW%h0|ZoYd!iN3Uur&53gtYuR>ag*=!^ATKPg
z#(c8zgY4|i)~VY(WCX?NQA^=G1tycEGkG`+M5#T{Sf^v8+p)o;9}0IANp~B^yzzMC
zvNRXf<p2jg37Qon|5AIju3p1*)6RU^Y*Hn|$k02<!`*2woJaHQ@Vl*yEBymj%3u)0
zpE6gAMk~3J+Q&7%_%JAHGsS#kC3BtB(`86r5M?DNDR5|P*rQ{N$wF;OR$;4MJUdPS
zmN1`3q=!QSGh`)&5BR7yz9@Y3(V0d0de#98v_JPB{WjBAC0{O!yQzhi4yv2{nIjOE
zY3UuHS2fu?JpNAl^wKcX_pCrT>BHpO+!YcJm-R!5))-E%?)qKd_Z|V4x?p5s<aV#)
zE7Qf;25GcRD+Z=uTK_J8A6DVwS-Z8HX8z!)4)-JeK5pw^tRBn;f{OsI_jWvFbl>99
zckF7LCp&@ns_fir&2szcybimKy)4cC;<cTo0tk8qwpKphXa6NH64}SI4R^Fr+6@rL
zd5@PseMvhh$_F*;BtmucG-7p9crt1<<`M8_{=?;gWPAL=cXH>puN>y&6%Ztn@<*kw
zic>j~Te0{cVm<yoXs$hb`$K7*qbU|sXXBk1R~*Z9XS;Wy%JZ<+{MWuNa_&dZ`oo+Z
zJ(7xzIp@Y~XWRh#4r|6(ow_4!Lq<+v;boVB`XUoC<oim`IR=nSFW{I@SrPadf(2S~
zH}2Omak>)FklTx^Cc&5j>*|b;JUz1+`(KsqD4TeeQi0mePqJ_sG*W@~8-SL_xIxbZ
zsFG8HX+RGyOtP>dK&lvE%G9Sp?eW37dcfCUEQm<@E1+{))KX9?I?y*DEC@}4g1PDc
z+xWi*`;TxEVRL3gU|=0oW;2wHc3}$w+36MlfsQ`riZ7@KuEk!$4A3p8ce_APnZXL5
zXlY8N7Y+_^=n2Q3cZ=jAdF%GWLyPwn75J_Ug;)9ccmjdoW-fj<*Bps2Yv|$BOkqQ#
z?KS%c-r!crgHB`R(z`AdvJ1yZ^gm~kZRD*RQQo{Hj*cWLjBrxJ8BIDrAK%t@_dD!n
z38_%WE^gr9wcNJk_3PJ55rtVnS8Hl&zFZ#0Fjk?EpUSLb8KvdhXmojFtpdPF-3s}2
zbxKP+i*AoCavD%_<CYEbgV<5oohsu-uFD=0Hk-4v4!^r|A9!=?zLwk9_pf6rUV!Br
zc#q6Kp1+FOOpG%eX+Wd#n1(Pquqi4aKzwUgHUI07*}U?Dyc;D0VzC@GH%d&!m6Vib
z{3$(6VVxrEG!4&K8Dj^XVmz@8J>0PyS{PpE{q%aBz&U@s0;13Y#f)zPY$6ece|<zt
XE#wAgyOKx%0UvEm1C3I(yP^LB$W*bA

literal 0
HcmV?d00001

diff --git a/windows/deployment/windows-autopatch/media/windows-autopatch-summary-dashboard.png b/windows/deployment/windows-autopatch/media/windows-autopatch-summary-dashboard.png
new file mode 100644
index 0000000000000000000000000000000000000000..82cb1b1fcd61c81769bede80cefb2f53bc4f4521
GIT binary patch
literal 52748
zcmYIvWmH>Tuy%2GcbDSsMS>QByB2qsKyeGM#odY%+^x8~Q{3H3p%hB{rG4+c-;b=U
zbJikfGka$CBXgqFROB&GNm1Xtd4us@K}O@v8(7yjZ(zKU5utY&euE;QUoajT@_;wB
zGvsH`3wRqTWvMrB8WPcdnIS;0QCt=DJ>I;*9Q^x%8Fi_!eDh|y=)H`TmXFEhE0Pbx
zYT5~k&dufOV$+A4_WWxXYd>F`vT2ZuY7V5TlB4>Q;<g5^Y|J-?8wSN<g=iCeh;0h6
zY*vPL4|m&d7sjXW-e+5M_v1|u-0hAZtWTB#68*R(Px8m05BYIXelD9)M4XiSRI9o7
z@(p_Eo2~4WiFD+cboi(!8}qjK(K4_Pz7*t`k%N1#LT#u<eOJUN{5jKz(EB|moKbDo
z&n@sq0TyV>BaCYjW<Pb-HaCY>R#s*RH>|7sjVKailq-Jt76u6Y`-RPqt}vr<2HUok
zS}fec!f%n=t-qSUa%4g*h7E`8>(SG`#A#W<jV~agwkQw9k|7_FD%4wb^n&4)W*dK%
zS+k}ojvcwLt*v3Vvc|Jdb;g`7*%V>vCb76s4?n(dVp!I$bwTyg^o@qpF<d0QOx#+N
zjp??@(*Ij~t|%PGE+`H@XZ9ql-!ypHUX~sgXW<8~>x?Bvxz3{PqV;^yr1_FbUm-){
zTX{-IHhRK@=BdCT*Z4w#NmR*BDqc9Ldi65)?Mw3ea<CKb$FO7anJQl5#>3lAzGynf
zKY{52_LCODSE5tr`KDg+8~U#`n`DjnGraw)HWReDF31nA|Dw?Gx(Dl=k*r7O(As+?
zh&WSFDMe9(%<iNK)KeBg)iYu>ThR|5GY($(Kxi<IIQ=nKt&HYAjl(nXQ}8`+f2K-l
zxDzf&)A5h9bUI4An8<@Ldi|^IhdW;sV<0t0eP_lySzyDnR}m`x_9xSl6|v3AY&ER^
zBCtWlvHMv63UAcV8trKZm-d`Kw`HfQWfrA{&FbtO@QFbQgMNJh7eYH0ZqkI-(!B`&
zN{-alpRTXNp}XGa+c|PxB}G+>3USt8T&TEMnmVr^ssiXb7ImTowaz5yf|E;aSi7;(
z{$@(9DEJ+M(RUU*?@v9eO={H`xDh%2jj;c%L#e$iIF@&^3|E2az`G{tz***h(j&%*
zW>=wxVSi(voiLV~B$0M-rDR@datmbyf&9NeHB4rOH=@On=Pw9fzZyMwXONrSLYop-
zl=L2zHUaVJMgUi+Yc*$M`snC^iv9pL;qO|=XCPw?un7j+3(>?{I#_`VRf9o+6LDC-
z`lIMH8K1&vK7T@y88DN|WJq~$M&;fnMaz_?h+@~QGPxl&v^5Uhti(OT?5&w3;lD}T
zq1jHoyT9Z#0iQidHpD5K>EkyNkw~t5!1*D1*TrORZ!?r&*a-2$IRhJFYGs8`U0oe|
zZ<wdTL|mGzE(2FGkDM}2kK7%`vcHW1L-eE0BG4Dr!UB)$>z1vN%@X*PIfHc-pZCZ;
zBtXJCb>h(867EcoxYtx`Y_jY?@57J65fHoO;%#lm?!!wmJ3jcAgPCB}E(*h~%4~1$
zY+r@CxtSDv&w9wYmr<g*z+gh1v=AY|H3U!@7a#wepYqPU$ZKdV79p*YfamrFu7a;M
zkNHEq!CRzQbu1V9u9O8!v=)Orip1IHqrZXk8)bmyNQ)b!LO*!W=luQXN=zk8IP$U`
zwY$9tGiBdXf$zbUqkMXKiC<Gv0@u{kL`*?Jurl7+)x|9&6otp6QrOm}>zc6P2obe?
zRDm}V?uvHwfy2;{>&m<kj~vbSg`v2D`21?vk#<5uJxkNTNqd%+YUr4kj7CY>N{vC#
za_Ay|bapD%sHE+6mfu*%)Y}rL>Cj=P(PidpXbiXnGS2ko(0pE`pAguy+^=r(24a7h
zD0LHi_&ynRTvboXe|kd|GTjm=)wf(lkjhFFFg5@2h=&9nL>W1>OSn*VR7_p`SYp6Y
zq{e1!yH!n~kx6nUt?P}|m1w<YBZSrfNc^fDu3cgx-J3*2tMYj;Fz%tb|I`zO{YzjX
z9_zmT<4-uz(l#2Y4g8i#JSRPCPBLvBFZ->~kRtV=Zv-@nMx93ANXWe4S89k)uR=HR
z`{a6J{Ck;=>I~k-|I8B3WaB8hL=@$G1}c-bprT%W<$qc-``c<S;bbjvNom)3bEtb{
zI7VtCl{(el52f*<e6KEfT3qe+vDi+$@p`!(*A#yOxGlwytX*O<<D=TP7)(t~nVOr!
zT3A>BkXah^;*O52fU2qoYYi5}q@=j8gFDf%GhFHePaY)n0U6h#{>Q}mekBNq2P~9+
zyEIW+0zSEfo-HlKE<ONT65QFuk|QJ0nS9}Rw`BBXUpT}g+=TAmq$({S^Sl5el@!vG
znf#&KLvqFq)jhO=pKO?UR}lt1G1mzo^u(EBwJk!1b;r=?GdIS=R+psu(TJH=kPjUS
z8+zNp9@C#UP17i6G01qD9`(YTt{;2Us&%;d`6Kds&4hZ)82i2@MU`cakqs1O6htl@
zTX=PFi7d^+&vSXop>2YAje41BDOm}L7!*o*>vJCFY&|n6$wFmHrJ}X)2fJB@v(g3D
z#H1V@o%?J)6+xPia2ry4nAgCr79wEuA|KR-T~ceth=%s!;L(G@{UPi)0nwE_ff}~B
zy{vM|;k%~1r12vKOQkWnm7*2Wq_@r=!hZJSVZWyj4OVK$xa7s?KLbg33nk9qxuGY<
z(PB?h=OLSc%+V>F*oEA_p#u}@Z}lVAdujx}?zW!Y4M}6|TfSg_s-)LiutKjVB4owu
ziPj5_?m_|1uv6#Pp^o+t;-h6;SId>qu#Nk8b3qeeQ$H!VB!a`9+@s0n)4HYk?D>?+
z^|p}+VuHRn!C-|zxC^LO+6-%dsgX+J^1<{Sv8*_SypTWlkd_d6#Flg9<Pm@x8+*ur
zix_|9Or{$MpVZjB)umRMHeCmyu{AXhc^9_cM3TLS`WYgdx{%SzI1Osu{rwUY&s5+8
z&m<awgX(+xjFxzCc49K5sVW|Ez@)lYdXnGA>ykT2j`x<c=Nk{+hb<xZCw_Dl_WjFf
z3!&we*cHvlyBv9{;o^li8xw4SKkt#ad+6my8!}w~a8j88<YPw?sHtIAR|Vaq`n2y+
zYNAHw1;rE7vebdoK(o~7+r9bsdhv1<X*_HSN2iyzX0*WYtmMF{sfI>YC1R3-P=gZr
z(KA6B9f-ND>zf5_3LS05?*%t~w`+WOkF?A(VLo@$yx4Wj4LpJ|ze6a=g#%-vTi#^%
zd|te4KN%%bw{6vM<|-2Q$q#7dB_=Dt8;HYb$pg=y$=Ys3v@Xiuo>$kI=@f$<%_30v
z*watSXwukr{pDHH4_Sb5@r|DEQrVmgnnN|5UY<GQa{Iqkp?+7k4iMODvd<I}^C&|w
zcpOx(ohmBvhK<#{^qu0AYG{mlTmdoehTg90xE;<>-9C@&*nT(2l~|4VNx=VENmB^4
zkFP@UF0QrKd1_X9_dzhxT;Hl4o9D_vt6F=HvV@A|Rs578a^dgk=wTy8n-Ec!_s);d
zB+-V+D~JQf)sio{pD1Raoe)PRXPPX;?%lx96bQ{&EYPj&t=9*uCjC7cnTxLY>^F;-
zF#aE3k;ZFv`v^31GJOPMD~UYTOwB(hA+C7kR2X0CclG&Py#00Ep*ueqzFB0!4t!F$
zi>3PgZd+^%Jbp)mj`6U2L{uQR8b>-Djx~z;F19@A2XTJTnKpeU;XJ$Y!8*~0(LF(|
zJx@cVg*5im9zwC#my8BNOLO7f5d~GUZJ&GM-2N+}>JG<mxG<5^7<$V}K9A$0S;QLs
zU#y2OW+kE*PvnzS$_mps%;nhn$805Nld%ULwSlUbMLpGUvG!eR!-swPQ&GpRjV*A(
z=gV7c7R?z)yk@*p2|Meep$+}cx#Av(JP?9A8GP3J#mww{d7*|aF-HUA{_%7HpOTG(
zDOweFMEOxJfw{;#JDhJn#Smv(C2KWILCz|~F6%piggwCTkSSF_sXkbb53a`q17`#C
zvr?2V#p#v3wBL_6E3alnCIB%IW(h5K#k&M?)!8{>paDN#oJHZh<9Y>NUC&3-9te9q
z(x(dEWYMpF`6w$0%)_y2W9e%)PGF7lFrPpKhYOmh5mDEw5?$MPohq$MAF0!3mbmzY
zfuq<PVezEE`eAdNG(}lkJGP8TfWtq`b4^}x0w(>kWY3T94(9USb@D0_U{8zU#=({U
zgd*Th17LSKT>D{fRcA#XSeqW0bm<Fk#P9{&vMl1*#P36oQ6WE>RKQu{L?1k;BoNM%
zQPn>0QSMe_fuH3_dNqo<cRSu>`_2tHQQ}TCx7_(%28O(eA0pPfpJEBUcccjgPLW&A
zQlpi0PlHOF2S>Ueto9Yb$-gmk#aAO_iXwbPqE0CPuqU*5OLJ%z9!(S7^|?@j*YSuF
zvU-gAxM4vQ`2mM8K$c5eOMuX?O$%GH{E=hpcoagMV+MDiY9cK;W}k!g#k~j6k!5au
zKBPaHn_T=m(il2OL00qh`bt&;&$tN<7jz@Tz3D}I@=Um^7MnHa4`&^OsGf+HSDv`P
zbcX2zVnkeu(Jx~CPX0okmq+1qemBa+Qy#u!AwSxYa!N)%u$O@;1z9aV`6b-k;$2w%
zz$SNc2t8hk7`cbjIoc@j2DeTriHZznie9I3gg(|H9T{7oT9~kY%@Pt_TnN=+L?u8(
z+ovR($rYLz+QjzloRzL>k!1bQC(Ib<*VU!hp#xN9H{Ufv6PfkiwKQakoAF|c!!S2>
z#m&~XFBOZNxfa*Ur5vJ#0ji?!#|v%;Z{uug_PPBnYiZ8wC5QJtTztYD*tbnK51@m|
zKqKwGtJXG_O=qSJ)xKrL96gcz;Xb<eHET+G$QfKu0K^n5o4eRS(qGH>DRaJ`pa3K~
zGLsrr4!l-gX^RbFL}va9mMaZkzm}sv9L}lxMHwWtFoEBJ`1=%8|6)0mm?n#}goroM
zf{3Sx<Fig=T%!KEhCecY2DDy-2r#Fy2(9XGCj^gM;+~$7bjkG155di5qeVL=Uzy1F
zT}aWZjD7_~7^w4-Jg!?*EYL^zBQ{u~E-MmTV6ry*(vhn$p{9wjfZ5P}<CD^7cpExf
zLWp1D=6y)h%qhhSsI)<p(e)oPE6I^Z)re+3l4TQHaGz19D9-I{C2a4#AM$XNNW>Ef
z!%-<GD^&y=w_Uy3jX3h;5#=f^8Y;&8BGhph;HGde(Ng*t_fQb2P}K>PbfOuP`3&qt
z4;v1#ha`k6B_`C~>uFS)wRWiOteF=yylHwro8W|PbTW4cezP&#*Sh*kDs`<zbu{$y
zzAKqCb?<|>RP}PhMT%5H&uJzQv3*TAUH|nTVZB6X=~GVxra&Odj?N~V+p*QCLZoP`
ze7LUDN6Qo2Gpz-|)v0aun;E12WO$AxIGf7{qu&$}9VTD{7mJ2JybCA|-bnOh3oeN?
zk({luXFAH0w%A2PEXxeu*x(=YQ!ddVto_l-96;u{L~Wcc_h$^>Jfp?mBtFVGHn~#Y
z@`o$a!2b{!0@#FbgBV0@UI)}R`t{mq<fSEftgl-y$yfRHt}VZ+*RKPd`8Ra?_=9mQ
zFpR5Ed)J9ZB4?lO4l7U+F)D6TJW%})e+t|7Y_Qv|DwXKSGM`Gb<?X!xc)~~O^(d_2
z_|Xq7ZCVZ^umEXK?^|al=S3;)r%Jwd|AW6YK<Xeg7%$vF490IPk)xW>23Sq(n#pzC
zT0B@a$Y=QJKnvHM@2F+nMhTBV;c#vUp@=eFb%Q>T8ImP$<!#6dd7GMj;>Nlj2wQ8k
z1E{Wwkyc{xccG4(^@6{PPjUBuE+z4Q`HW8$V1`LLYl!FiFZ8ZLFAYk4!^vi_DtlfB
zcGIYs`Z{+aO}aouF_)wRdOS}WM(a=$&XLhkZhn4*$U&I$MU*c)i7hSsP>rA;D|g*7
zLV-RM+D~b@)hrPcN9o!LX)@@v@>lFy5tQ?cKYaK?{l<miZ-oiMK)%34cSXQxQszaF
zBQC>uDr}x=KF`sD=u+2r`q}?6Px2YVJt+F)g2^y1``+%hP%PIq8BT=3^Gk(&<R?Gc
z$g1P*=z;6TRj3+WPEO9?*jN;He8|dpmJ2Vgw1Y!6^*2HyA_SW+^p|51k&y_aUk>3j
zzr9VAq3EDpXU}&=fUX1Qa51i!Wm&KdzGP0%D}9ddI_DpiCZCBvE)KTXXPX|1@t=++
z!dLP!VHmlwynniy;4@hr=d$Ie&WszhYeFe%ssP7_uf=lqGKbHdpPk_hkqrY%2|G2*
zRZxE7$A`dEptPi?6Lvp-bvV7b866l1O;Vw~rbZL`Pu<DQnP#xqwfz>lbu(Bm6(;`5
zg81FORjWw1eBjeoD6v=3GaR5g8^{>8Y)>#?lME-~-l*7rRau={%&X==*0P{Z0+n@y
zL`$7;eNyF$;}`6xVooIic5ObL1abfSj5b;#c%wzz<G0FMwlgxy!+4=6O={lo)7N8Y
z_|YMZJbdxr-sVlr2|#X4G(H-Xqo7ZJ4--NAFAkU|J-etd@^V|1x@)z+wrVA^FS-`D
zRk94{+k^k6DHJ5Jx@*IXI&J*_>j8vKO3*u4XAcie<gotuuED>w7W2f~4IE4t<XQ<o
z+z&J|*S$FZ-0W~<?A+$Ad)DG80i#<)oL2*+$F;ViyZq`z2HCNbTcyq!M-EN@PfzHY
zgwkS4Rcd^czN@yr17jlV)K4kKJTcvKY^!l)lKT<q^fP0&0N7G~rnh`;IX`tLOO7Bc
z*N?ca@p5p<uE>D}x|y3ei7u+Y6&P*5A<3q%wZd<dafeS|Rg)R}i5xF~!;An+(>$%c
z0$`5+sSbPHU6;77^x_MyNWjeH7U>3-5RIbF-R3qD?GWpPPlYA6sD~Wko55;Y2)Jf6
zkJ#lrhlG|t1eR|ee8Em%6T@*xN>jK#KNzYHT`}xV9Pz*gQpF61*7tNE$i(Cz;|r*7
zEF;UhDO9(-j?T^hM#_Rf*oz1fYB%`zOyd8OJ!p&=cQt^0Su_hj0417$@?~kLlp(iQ
zuP~){K_a|UdWv=!*VfiXB$B6s?WG*#a(EFRSInD~C=}LDeOReQgh2B%v4jCd5*MWP
zW7wmE-;onWeyhAcnCj;*P^>1iVdPr_aB|i=bvzj(NN(ifo+MW`phZKjQVRevuqv(#
zcdv}{FNy+i#L7%zl?+E%iUgVRW5$Qj!N^16yNW#fz0kW{>@TzbovMQ$PmHi#H!OA*
zT%Y1ImvX@X_7H<o9P;m<lJAYrDNA(Ppwa}g+&t0q^Rp=*DVR_sW@v7GJ$f(_>)`3`
z05F7z>kF+HfU~;3JFNfl6iN5p2-)fRIc~9l+6B2+={2EhTc~kjFzY3<ko0F*?Lu_#
zDn#S<7<V{k8}m6{HznhFohBUnJeUh-K|Xtm@73;7&Ffc~HFa6s+`L$&BT<gOO-EFE
z(t{^Y?&mHZ0Gk^Cv#yp;|0S2`0WM5NT=_0)CU^NoxCVO{^)5atcn($`;zECzo}L~~
z*lb;+c@8KweWV{@_9q0dWasA-%22e7sgu~-l@JPl&DbyclvzS3#v%{#UgGaE6x%|D
z)<CTm8@1;8(7pi<tvAlG9>MtjW89Q)DRQg{QoP1M?J_;%$#7CFTS<^9Hd+&2y-@BP
zG9&{uwq$)8Zw;Dy*GcVSR?Dzkv7CI3)u_?Xp7Ok6yHs5v=sd%wn;ow1!u2ry@2Fy*
zDor8Ij6#zSyG1m<<#hubERXq%7tBq+4~>W`W>ae;j`wm%a4TU*vqPogAzf|t%bU<N
zZdN|B%>fDtOqL%(EIspA@m-I203pHDiUY&!Yj|FktcDfW3nXL@q~?3rT^yI$zVB|4
z=z!mUnzo3pJ)jn;vC!cba|Z*TEMov@HV?rd-cPsDjefy^Mq^Cnr@{-_$+n>tM%oJ<
zHlFz#w9$2Lf%@?U0RhqqZC2(q){13&HYc<P1A-&>=m1@eJ)tG#p8gp-kFWsFpR`IP
zoYr{p@el`)=4zH&Gbw-4dwgX1wI4GH>K0!7_GxI4$WlN8g?CpPA4x3N-Ic||N%-~c
zGh#u=<X;^$XAmkq##tAarQl!Ni%w}TRy@Ridq0=7M(c1qFH$PlR>>bfp-HOm(UY~x
zw%Tl{-kl7sPzBq0dPI>wEO<y{Q>~fx)NWF+p>YPKwyu9#)@U=x*n%`O`|IDPG9)i-
z{-M@Si>9zo?(Rmorf6sh;m?CNK6xozSl{K!!A9|^uQC|^HXvqwESog(dCoywPv4+#
z={q^$5N?s|s=0t^+Wvi2CbeeGfMaW)Ge2Dxr?F;VnvyUu-t)lUP!K4WG8gK&aA78R
zVb=V${<;~(PA3PW)=M;9CYG2iA8b+*GI%B3;C>YFA5Q7&CxCU{Xf+(W_S{hFQ;)@q
z7EH9EC<<1!jYoTW%^+1m(|EQ5(OiAv*|-?^_RSYFSRKuRi`W!U+vx#zhBs7z-^wJu
zlrprD_&Sq2qVR!8CC^UQdsI00=8AxE{(J7b&_|CG*H$O&E2pbW^0T4w1DD<5oiD-Z
zD>Q55pebea29XHtStCDklS-{%Jw6Ukmssl&w@Z9c6<sDg`$avYWNE&YN%-Qpby#a1
z!g|_eDG^Svr5R}ouSXPP2O7cOgK(3)mS(s8?=B$Yx`6?d>yC&Wj*kia=PFEH4g2wH
z0Jh68OFK#)Fe&aGt+lmvq26+zSzBLAD<iOq8=`0?kY(2LVk($Zq#MJ<EgpK-KvLla
zS`w_vB)J}W>V{8yZs`)fcp$}Fyof>&<2rBF(@T=1F}5srhSh*zP_}7isyp$J)Dt4p
z=8p|@9fzz}geXGfM1DMuJpJo!_c|SbzEWK7Lrrc=Jax-8Uk(!K5U28W9$)?SjjcyK
z*IaKZ(hD7CeDL)VBA(u`hFzCK_DCClypv0vCeimYwS>(UzH<z-E~BY|!e#1w#hWEx
zuL_5j^&@5DeKL$z7Y?wRDaM(3+W7nIZVkfoZH`ukO|m0JS-tCJ<C%XY9)B1bT%z!X
zFL3-Y+H`@uKbJj1R-PPfstlrjx=N?ez{6(}&&WNe*E%^`%Rf4Br6M{ug0Sf{Acv6?
z-}XY`u0Ha&G7J;ZU^%i(VH4QP<7t{t7xmD!xjIY+)U9B?P^#|b#!b+N>lIix>7RBM
zkE75Z+p-a(P~f^Mmv?8V>e#A;3MoK;(+{ns!fri4$bQCb=+kJ$gHtvnnA;GCcLsJ}
zl*8mNBp4JPGosyPE<3@;a}7&?-L#UVwA;NKhZT3@izi~li(=%t^)n(SqZ&Ot{Jfi+
zmix5u32|36Po@8cEFQ1;6n%iLH;<<|aL(YQR=zKp49$H>De#uLoA6|0-W1k3W-FGH
zlkxVGP;`dwc5hE}Y9IGU)NOR4gMUwcGMa}Kti;+&5(|^k#eh8H_6CT@fAMFCU>eOV
zd~exsTo0(!Kmo+lzJ(s!?z<c45ZQT><C7Ecoc>`=MjS1767O!<3Tj(Ha0xS<vivB%
zNL((yro(}A)lYQ59&^=0Pe9?k9)#58tPB3UdrDU@nOPvysax8CTKlVHK$v&5`(LcH
z>*0n@-ef6;IOvNH_mz1B=;jF-alKi`{@qp{*8W8zT#p4UaWTe(ae_G%R#waB=TQdu
z6b)Y>7JhSgw=hZN=V$_jw31RR^*M7YVRTX05^7sUFkL?sNQI}%;g<EAsztphx>>wU
ztT=3{&tX%mPMtF(k7~NmWhcPKLc+Oix*$Or*mFl~A{unuBD$rSIY)sX2-W-$LzQhl
z=^iE;^$(IodL*O4*4okUYuqt^8)x?KM>fgF*jGA%6{1I_A+~~LBgHj0To4jE7btCT
zT>>k}aVw8AUlNw4^x2Vm)tLm=7;Zt~)gez<XUv($V!K4fB!j=ReY8XR2M-a`<_>W1
zk5~^41^s*=!|2iybGo%neLFMQQXc~XfN9VOE44}&U>X=oCFa#c%PhzWH>i`&x)A&i
z7I(D+`sN+Aq=pz;Ga61?lcMJ|#>$b=-xn=M*9c36#0{x<<kbi#hpgCr{Mq2_1?_vu
zlgOxOj2V*%cXH+looaSd9~Sdu(oxJxH87)PFk{zITKq{^tE-90Pe=N0skId8#6Vb|
z9VIHqF|!;oU$?f1bM?Y4WfR6LNo>Dc-;U+}$A>^3;9v)X#S^ml_(}RU1Y_Prnav{(
z8IU1wkatJV#7<S~4zbWVODUm{y%%1zOsG%SXEr?dbs%cLB=NGnaps{UO?%8wa-NRv
z`rdi!9cx*9R{m60hC?0_np(!A`9>qVXY&7G^x*n&Hf+MiZ`cHE@~P_~xT6H4oq$tZ
z!TA52y|il7c2C*}N0tb5S<5wU`;dcVVxb#`-;Tz&N9onhw5cx0O8-K4Edv!P`F^vL
z#`o{V4(>+}o?DHiH(z6De2%d0=;=~(Av%D)UMXsA0Gn7~s!lazM1Mn!OGX{ar&Vlm
z!jUg(i5aGiIhp{kp-gibk!5sX7S-M;cEreqi9Y<znVJ4WTo`$at<XJUlN{y!kl*-}
zRPXoq`tbvKGl$0PVTbuxM`esO`;yy>#!;q^uA|YrF5Xo@y9Pv>ey6XdI#?sXFpeP8
z)zFBOho+4}@=LBVpn*2j$VQSjMV2umOp0#w`x4*g1q_Y30&TJ!M~d|%@e(dSkd#$1
zExTUgA1y?RR)RNz`mk^CTxV5AZo_JY0+*>qRsHs#+`P$qVu%&9h@rZ_qd?a#BRy_(
z-xX-^<_B8X&(+mcgdp2ym5*H);!*!r#AP^2j_0a8#-G2bO9*hn$*QL+j+O$lbC{di
zp)3~Lu|=J5^L|aVs)XM!wE`-0nt^;N5le9I4`_kt%KdvLgM^9R6Mx$(+z0}U{K1BM
zCGoE!VoFNPgWe_@|8m~Ax;F6bvWHo2ikuo}8FoTAf=v$`92}q-!F^2$)1QfvG5i7Q
z717|rb*xd}H5p=4@crE!8hv}@gPqMv(qb@%5H9~z7uqeinLIwOI&llBf{ym-jkC13
z3sIZ^85^mvqY9af$KvTF$;f3l^5iEw1zmKmGpEba!RTpr@$`RIEK)2qT=^(MRCulu
zmv;v@3BGq7yyE`9J`+*ByB=&P#a5f{cjVdoezq9e($<CsNB~&niF&K(G115;6EO>%
zN_~HAg|fRYuR{Iui?eKOGOrcwA#z?n|E`zR3SCy)CHt{7RJ{)#15~#(Ih^$wpWsoC
z8nGE?F0krf#85x<#rlYa`PT-!cMREJdHijTeQwdgte@=~0r)$o-*;6%c<hCZuHNdp
zbl#n~wBJ1g-oyiNXYy{<@uQ2reEAUNr8wjGmV>3GJ6YP$K*Rf7iVAHMnoshrjUj5a
z3FwA@8*ZdWx%)VAyQNryD}4llCh=f4HKV6goLv~PRhgSCye=)hZR2_k_E;W3K3T2g
z&iQaifE*KTo@mTDQorg2rCqTDxqO;_h?jkp0}r1JBXy0xO7Ps)(P&*(ehWmFlcU@G
z8`({Z(*gUdtr1CV$b^%l$-2ADS*a0WC6JJ;+ac*+m2P}ef+z35E-HL%aU{<H3kiJN
zP~x%A!~5nPP7<AS3|!h$n&_e!B7=%DGZ)6Al0i(zM91~r-J#lNv@%MQ^|e3EbS8_8
zOoF#fgQxc*)FI|agg8nkNr?#5DN*37Wo>r6UK(31o|=i&BuGu)z9${=cWK77escly
zv@3_Di=s~uQ~fH_4R^NK6Ka!mZX73q1qNJ_W<?MXjLUm~N1Uf`Ui_(z{J)5ax<?0h
zF&mi!E*Hz@AD45VKB;XuWt>oXLUj@0l@)G&iNT>XTz2`LzGP|611)($Uq9bDw?}lu
zm(ID7Rst4+P8EvL*t%{QT`trwfe0sts(VICXo!9<+`^)XDK5RCf(1c1aPPKG3o`rq
z*5FN^2N#8Qwqowi-Zztr51j{L$j^d`Uj0QyI#u@l{g`|=W_FjQBVEte-lMm+75?$(
z#H13PJjX7YK-g5a@UXDxdhm?wiC8wyA0FNPi^@(QP~kxy)6Y)Mo}-5XEzSRnF=X?~
z8M>Q3VyN?%^g7F=dee*wr947g7hGpLG#TS&ZTf{tlV%O;4J;{uGBr9~7CHjge(R+{
zyOutuCIDNqSweL4QI@{X%I4guS0*mI8ORxSzk|jT<W*Exj)kgIuILgHeP!X11rCU}
zXCO@1EnGa^Z6w~SU!&HxFXS~)gHYXaJsIYV+3YJEj*+-f44c2lmUu8gNmd~4l~g;G
z+jis&Uu!tbY%>}I)R};%duPP|AhH@F7$U<~XQB)q*VBHQKwDn5-{4SCbfkiehdTy}
z_876%2MDZ-d!>TT33C6WH@dE|BadjTnZAtB!uW^<KCKvY8RTAeL5g%HXrS7@eM7w!
zdSG477M}QLTpVbiWB@en<O1*|;}kS)(Ry=e)yoN<we+747v96e!ssM0T7;{y=q5!y
z;l#-78h;3L*h(bznsjlZKD?(+W=B5R$B0m8J>CV?6m=i$X8uj|Hl_?v5swmggWOhW
zud7kinB>8>#<&uAI?o&$eW;@Oo^hWCXo`KLfkS|*HcR=~Vy}&jf$>;4Yv~T4_QRzf
zXm5*0#KQvWE!o@Fcg6y_ESrS2*26mcWpvZ7axBb4LpLK=*fTS8Lno=s&Ir<V0C_0s
zzC9z4b!Y>{Ml6Lx;WT+R@ukapCL9@G&eyuahK}VhIGXScKvXOCR;T<dwhz9HNz0jr
zxr4V$xvms>K(@D;$O2?uNl~)4qKl#V_ZGmhvmy&v-8yXxZHG`hFO*lfE8;Bui1Eu{
zgUVnqieQ#ebQ6#oDNAxf?iG;H0@6lX{)U_W85rdUd-*j3$9hLLXjOPBD$P-X^*bt#
zTqG0sJMM_yd42dyW{+%)df_duiga#1vG|Vn-{jlg+;<|ejKg}0F!t#(B(dsvi!)$9
z2<vyC5MNS$#*>;-#waX>kkP?~5tEQb&i5ihd`JhS4~R)f`XyaBL(g#W@=1VLtrqHb
zR{KGuS6lDY#_4T^w-S87ZRgNRn7NvQ9zSNy8qq>xA;c<CVeNIxu?3GKbJYrijVgHL
z*+=`Kx_;SaozRAD6v0=*!?*ZX#mlzJ_Tq<hY)#RXcr{vYbxm%gLo0s^U12vZi@6(*
zYBVRFB`yX9oukrJgVpudL&m)OBioF3?x;Saj-0hD@Rv1>v8j3Vf(rRSbh-}IP_wA;
z!&kyf5qdqY7V<cz_kE6>Uw4OnmCie*AReja{1Uxt;)}ACXEVRRAGNpz>;n(n64Rej
zl1q-B34G5L1K&Fa$k0oLpqyCtf$wb+4;<yOj)zcXeu3C#*rn(V`XyDd(ivFQDs{}-
zpqh?&X!73MxJN8gUuSZQCbUdaDw|^U=<z)%=FGy+H(pITL+9Vf5!Zz^GrCo{69u6L
zTV3x*Qi{u_*47qjyXHX}JnkZ)(IG=Ds2hx^Di+2cn;qSvd1`vHv%?+Snr<QF-;7{0
zlP@3I_SZF<ahit4c&iKyBsX_J|8xBj>39Dt<F9d69RCvb#O>u~>^bo~MdW0{CHodG
zxU?Y*6k%LlKC-kpc*4@;<Tu4xmCdS}nIC&hiu_L9iRhHg<X$do!ydgv@<J_kt)H)7
zx0Rv6pI>9Jhw&4HyxnvjY1n4>+fXAa8bwdmLu~=FG<&`!a38Z$9MdM%yTUw-MF{Vf
zsxhodQX-@=T<#wXPnx!rUpfgfx5ClLf<+9YoQ%D%Uz@HMHP$1nGj#?LGN!<=YM>nJ
z=lwKCIjg{8#YGWKK;&pbu|7v!Jx!h=P_r;s@2cvHv!!%zK`B*4DKbR{#lo?G(arB*
z(H*zitVh}KKpghbixq_n^YHj2>FJ;AiTOeg9D0^v5+&l|H886$$uscnTPbAv+7NSO
zv3lm|J-;|$F#5dG3<WqpcA=m`5>eAsqJEO<we?>=_Bk&|7jgC3F8~I_tB0@UlAr&H
zo*o<S@6n8sQQBoa@c%p_2>!ks1pTTe@_*v2`#DdGNn2nI%UKYXh9dawm60&Ep|O$n
zDY(f1LQF<BxU`g-RI5=56&Kgx9Nz0O^~;~pCM(=hlxwjdn60q2b#}6}(-b+8_{}9_
zH|wzhUQxjSSNzSbE%v9(5;vJ5Y`?;-@bvaqc=FN|Q3B^xfpd{SCS;2p)D7dI<vfm)
z?0QFJ<2f=i;Nd3)OIU9U3pg*c?yrcXp%(;<zWRZA6Dtk_fm#uc4i1{k(gW=i;l%O0
zbhcen;pEHGFPbFhgykZqLWhK9YGX7h?1c>t>{WKZC|b&n-0cogt@eaGdz(4E?sTg7
zm#VeXb#Td%bXlzMV`QzZie^}pN)9q6w4aGL>hDXgUC-T#I=`;Foq3>K;O7>+mNe%L
z41^Or8|CC+I5sMBEd4JS8R=7}N6e6jZ~;Z!CKlZ8fB6l;q4EnveJ#;+-GDGRMq;9H
z#57BWI{EnMVe9hp@(%dQ%SR@u6tyZ;sOv#yW>kvMW$g;T-=EA%S1+S-YuSlm3BM5s
zU1qAC?C%#-e^nTIczi^K+78T#G6$EJHPo=)ZKpjsP=~H0QV<2zS1m<d*g1nV8udR`
zCzuY!M_wh?nr>6X=FpKUxTllE>br$3=eQr<0NP~gj7b!BQ~ELJ!`Za#l}pCZ=+_i%
zlcP#p4Lm$NGIMkBCz4N#8<z~^Y2yqQn0Mbri{tv(%;xvhW2Kb_F!K?4@vAQ(DbktA
zpLtRabZo=^&nV(w4+BbC7^g(61Z?6;Gzo(Nl>^_3kp&nxZEMJ)Nx$rH##xlyIW;S@
zoAb%V8=O=;#I3v)fs5ulzy9pryhV;BZ`XA}Q^NPPEWj?8T;D^2MTs4>grPK<!;k4K
z0h2L(M5ANJ#m5u@aFA?q=N345xJ?*|yxNyr{<{-Uq+;p{wLVJH+x=M*{6%PLBD13G
z6NI6{yfCghz4MrD-hhp|cr@i##;$IoCN}n*2R=xL>S9Ijv3RPgd4i1bJ$d%Yv-4Ld
zY9vzL9siB6xz!j<G^zvt$GD5;gIRJR5l13c+PRgNqf@aOi@7v$o##<71I<-q_vC7I
z78@-MsK-Ot5z2>HIIo+!#Qt%p+>J=6t@;f~egH!9k_x~45XHzMeN>n3O&53GtG^!)
zHDrhsKHr_DQWlW8?So}wcST*ieHM(y;7S1zX=zrO?1U8rs1;g>Pp~xM0S>^VPWS>d
zfk-^WR~8*FM6GiSd>-yhWjUc5M!h(>HDi_2Wga%pD6^%UUH9yUs#Sn6=U^283riSL
zz}Ac_TVI%Bi3Q`A2^G*6jn!c^#t0S*&-XtD?u=E7?TU|<HblnGxi<57WaZ+$(T2d0
zKfvib{B+k&vREsm^J+JQ+LC8PedNXKMgZVB9a{KBj9K6~yxT{Q&uXraZqq=UH!@U%
z>de^KsZt<yGe%!r$+ziDrbUXOqs?>5@6I-6c}jIPI`9iV{TQ*KStvr7ae>iKo?D{l
zO@}+?{a_FADOKNLJG}WkuFi2pA^%!^r&vhJ$qc~RGt|5JKRE3N-D8KCHex(Z0B{MJ
zy#zpdWNh*q)CwK_70VhRJ3+cLx?z*Kcxy|CKp#tlU?fZsq5=u^U4Ap0jpq)ARZ&I8
z%s~+7LUFhtWKJW^gy_^v9CGRBGV7irKdlt0JAmIj;s;2&cn|D14iM>u1u4V*oPd`j
z{H!+aS;IlZCMRqed!JOTRj&t!{4DKipwmz#&}YprS@wx8RpBO=;J;lDn?ZnC#kUps
zfFHZUO#etspCDv813&aA^f>|fS5XBvgeJLLC;_rw+TpiuRL+x;A*ui^=8dmwk{o%V
zg1C{a+MyD<Qg&@{%MfKtjrW!wvi*X(9huS%Mg#yOCugS@+UnJbu_H7<1*3rmQ4O|9
zEF|R*_qPxoNb(n+uaQ>H>3cuAOdsLZYn)f5dcUB8#j3m5h7cLXY>0nevFcVcTP`|&
zRM-0#(Lv!gsG$Uyd)C9hAHkk6bU$@XpR<^eB7_usL&BTRg}&F;@3PKZJQzonNy6Iv
zI1DSZb*L4Tox5V*<v6icA!*MV-TzyDksc0E#!1)DV}ovy9o>3o1a}hmHn(kf-a5v7
z3_Ef?LuTj;qtFq<j^p8ig_DyqSIlQgXKCi4^ety1>o^Td1ov-B$)saJo6c^Y*q0F0
z|FdrUOW9q4^;0}Bg55fOw0N$X4*K660H+$@`I3ZwN=1t;J1MA!hpiq$ey72Q;C`v3
zPB=!wNg{m9P}01zq7#>xh=xOODuh(Ykbu@61`BTXjl`j9Wkx3g@Ax`&9~}G(!@WSe
z5F$tKJ4BU>1k(Y0`8LMT8*k#<r3wn(75Xw|obY{MUk7<8HQhYua119`#7i-%SF)&9
zp*}t#0aebb0wJN8m2WbIQxI3COLhU`Xw=u!rbb-rI+utJ_A$Jt#zjTL6Wc!<cwFnV
zr--*lxd8F{i*rt-@hI|PCINC9ZffQWGe6@8HN%=c6>@QKaeh`OSFbAQ-Ei*+)*3<x
zTjn4iq(VmFRu<G3UzR-z7s(=sy<8jqggwYdbU$d#O_MiWXi!Z{VDrOUBvG+tVg|x8
z6jJI__OHA*Z8?zJ%hZ*OxKoC5zlKQszQXSHvc%a_&_ZsIHIIObv_F`=3N(n>q3=C-
zrf5+6or{<DeV^7VUn;d1$N@W{M$3ktg6u=88@?;BVY*O95wreq9)0b`N%#ovyK%u2
z`91B4+1)RbZo)Haf*#?vf2xkItYYTtgYA)`gsrS>AypRc_z~sRshnG!7b98=@hm2M
zE2CNuKe|v|iR+zUBEnr2^=0S<D7`oMF8RHlr@`75$kquorK)Nk7}FDsj%8+VNi470
zX5p(2TfH8EjpuP!NQ7BUS<T2>R&GtBuOB`#wu02fy|y!YeWlIDHnr#f!W}omZtCny
zs>yqwnN1AdK87F8Klyh~$hm`|;|?LR)*r9{H8!-<mmw0wIMxNIn1NYpMJTBF6d~p%
z$M+v=>gv#F>Ugr^lG3NG!Tu~tcFoG5e>$jYAA$u+_liUqRX+JZgE|iC`jpCyY}FC2
z#u@rKnac+ur}_h%6uTvR7bix$QXMI;)eg;A{1$X$4BUbjyCy`@-`Wx*$B3jiF+N*>
zO_%;;x^k|i_0Y#&DaJm+`G7`>18F$htDE5*CIhbd#n9{CK=kkErXWxFD~fkM4{5q{
z^KO_uKvS>B1iE~nBvTfVLG*{9BjkuqQ7%62@PzsIxgzewdF-QlCY%v3NL*ZE{o!Ak
zJAET|QDpW6tGRgALNtxxgh1T{2PIoVqFmv%9+zu_0h#&4{pvdMh8Ns%s_}cLIr8%h
zE747(iRR{J2&LY)TYpuhNDqGKL7`07uQOAoroi;WYhQ`>gnEW&YZhwH1jY<;RSq*D
zIr&(xP+v9~!lh;Tco@VbP3Yo8$z+XffmU%b<+JA43pHv=3?{hx$<1kn!xg=xU72vv
zpEDJ#VY5&M6!=2D+OQ%BDE5<u@WN1vWK)e2Qe&)&47mtOGn;{?yf_q=R^Na!k+6X^
z25j|RPRtGWx9xdqRoci+H*fP)XvmT418B#HG7C2<pi<euxo3k1dXvRx@b!10$se^Z
zYu-8L`wihfw9)XQ35g49JRg{$;}5i#_X7uLsMqSwd}-!{2BokLmkd(n^R!bl<Da<)
zZXW7qk3+Q>Bjsqo%hr)P)nSW!ma7gJ2GcC))~uT<NS?mDjbK__GtP9PvdqGqaE(sb
z;VN8K7XCwbVK!0%Hh~zUz2LB7-6+}2%xr0JK+#V<Z2KeBGHd8tD$9{pS@<(vSWB1f
z2K}=Iio_hIP)D+1t#FZ~;rec%Y<1Aqt8gG^_h0bCI?93%KmoAVA!Y=<!h4eC+gQ@n
z(QJ5T$}3rYb4k1=rI;*Pu$l)-dbvbW9XwcI4LH$_(b|I1fd%@J<6*sf_)JqYGiz&N
zmY+N_v?P|Su}O-bGcRzYSUyQlpKI3D0xDCvarTHt0@!EKi%M+pQ%ZRC46<>;4L+z6
zsU*w*s<5T&_)VSd$+x6m_0sF=J@n1IY%>+I!upS;7&1nxG@_$_+9_n5P^Z7=8eL&R
z@|$<-q==1W<;q^Fi6cCC9Xz!ajw~IPWsA;O@8GESP?xS-E!1PV^8c12sfp+0RIIa;
z?@t}4xj``*r(Uh2=3?|q#eJNs#sSEtTji*$lm2M)a#g0oZZ>TtPmRC+zUcZu`A~zT
zMtD=f>K;HE-?U-r<>>6}+$Pz0-a0zHy#7N2=dy9}KYSSBstl81rlTmM9>t4;XJdZc
z_)D}Onzuzhuvl&A`~BAlY(5%l@E%czoFH|^%9b(52>(EYZ&nCEd!+9y42HF)+9hDi
z_b^#L#G3b-nMU&iM96()w`S(P@Q9F4(cB2lEF_*H>^dX#NnFY0+y;AI1`XZJp&L}P
z9jRa+Gjs~LMKuNVD4$epRt92HGASfHf9qIER;5_3btg54BRvCs(|uP2P#cm+Jh^W*
z#*ri9S8a+2n=%@kpNc(%h_Qr?!z5GF90R6vlBG%g?e=|7eL{?k<z}tf)FwuKzc$%K
zBQOY?Oo%sU|NDQpPM|YI#{O@uxAkD}_wZAbQ@I#9`WF<2_`4KcMmZKIouKnTm8nI%
zq%;Qn0D`H$d^WldTU*&pU@dy|@=36zNSI<}jK4^NS0YuGk;!Q*`ZI-E%|v)Z#6vv$
zlQaxl4O_!OS@QJI-rdLK8Nwtb%k^Hna5^cWOU6@l0UdehPy-L_Z+;p@ISxaal5~q5
zO=QYCEGZrNv5WA2N10YNxlaK$ZqTVoJ@|_Y%5Z>GYhI}oXdpagzC)N8$hfz8Ub78g
z1e>zG^*kbM)W^SP0AcFG!<rr5%hC);Gp5Mo2FTS3hWmyI3jS3pBRzPbepcyto&sM4
z-o^W0Su}~928~Hi2h5G06HHRla<B>MeELPgl|>}+G}GaTP9IEuNHx8}Z#tv4VBlx*
zOY0j;<S?hkR9vA`u|l)W?<T#*oI4RH9%Q`bk!CK1eAGg9_)MFn!j1FsUGE&nJJ%8&
zo7Gdui`swQ(*0w*OrJWMVFXGGe$x)w;8V%G*RPijuc;bYH3mW2ad?069Rwm8Wx7Ak
zhbH0hs?7Mf6G`)rQqGlrtpCTMtlgk$t3{Vd<M3^z6;*F3vgrtsyfBHpKuQSomBn9Q
z)O~8!*Y(*rIiWL3re<a^<_&slWn6}bKjP01VH55_>ua0AGIcVO3QPt}zH=h$lksGN
z&YR9sqWsITz4PMqqAwwp9DSRxdYSXz<g)JY4MA_-Zp>)z&m2R!8@tOA`0IJhUP(4Q
zCFtmmLWwY_F0r3Ht~h-bm0NXmWQ0pXf-`)+7#Y1>wP0kD^Gh7B%?vW2mPDueZ7_)H
zfSQEJ^@csofMCb(Soi7X&tbuSkk8Jagg<+)e?I+PNBdUj<4)l1hkc1Z89^8i60d*W
zP(25kU8Mb?^vNS(cM0#AxCH-6hy3x74DvjA>t^F2)u(=8NJAnY6`fuewe=MAXn6Ob
z%=k&y0`nKAv`%xT|Jqb34l;cBtsZ_rh{1Nna(pqDn$c2eDFcmdj}{B`jjfIwryba~
z78FMTW|c)1*b_N*YuM}R#8>2??=HV-exD}(k^ePc@LP4W-R)rHN~c-krQnwH_p3zM
zH>%&9YtQ$8kXrL!=yqkTo4eH?@!9|26n=F2w=}4L!iXc!g*$B4LMD;lwwr;b^9yL%
zUq=YZY<x+wflY+Ri2qp9;H;dym^(M;=v2bjxaCD90~Mec7D&*ebX<K*QSl~GQ)9t-
zxeg69Pvl)<`~9M*s<L|!kj~EA!!I=^5My!qy?0>-yS?{QoOf8ip9*&W{1*H}_Iq#V
zH`RX&CTx~??)wuG^kDM`_dMvEOZ`KCPy|HxH_WXFo>AQ<wO`gcTJ!InJHmDfsAZ{4
zr~0SgRi^$;6LypBcXRP+uF|YBdgp9j)tn}^_f!0fpw*Aq(6(?A%W$`r1YcmEa&X2i
z%mduLj-Vwy)KCY#lfISLjEV?QuxScCSXah%n$oDG$D5|%JI60OU(o4>V8p!ZY-)fT
z=a1=U5h}8}xC_R*^Tcen;h&V@?fMPaf)#C0$|8snra_g?Ls4)SV@3Xg=H*hSHDQI1
zraKc1A-a!Z)Tp?0kMiR!By8uDc!v8m|K+*vR{qb=FB{I_gOR@p-Io7)_9yDkk1wxG
zYQJ><;6F75g+pwz)}G;b4YrX>2-}(LUcbQb)j3MgU%S?34oOaW(k75A8?0F!O4nos
zm9Ifbe!<jkvK?KoSVuyMyP#2#5S}oRtR7E2W{F8+@|_#oB!e1jdVQ6qbTb!1mIh45
zR>V5kDoXZ#u2Ngg9)l~}vp(ygJ{v<X8*k9olc!%>ig8%RlpZq=7&bgCTft6v+G4;q
zJ%ch&LP&VbEh-#!H~yY&X4cf#6A>2-U(HB%zRc21h?h>pkffMSvr0yjTwMq~Lb&;m
z?>@m_m`O|#GI?seJ03;iX3vh8F$c?81Wy-6DppG~wtYZ5h%fzGad5U+x6k?IS?bqt
zn|R2VUo+*kgW>^c&0*FBBOd~OaJ15Q`TkyBbcrwyG-(@q_`Pj&o3T@V?^}N2!7Gj>
zI^r!cnSPmDmmQ=Qw^csyU~kft<95})RrScU^MWt_XIXXdIixH2CJ5Q~g;SE~Z(JR0
zR=$-xzTUi%pZ(V{s@PqX9Y!R37Q+n}9|>F==mWO}zy;_m+->RMEJ;#v=CRlH`jZxR
zb}$D(dSzv0K)L?N<^=8WFs<$9*rcjdY;GxmtpG}2#wsmR{$u$_E&-7^a2kO^se46Q
zHFL)Ot>2WMP8IjID8leJ9zuL~;0%XklTaeTI_k3=BDWZKj4-IX_c!H~%B*COj)h8V
z44??P+z4s?7pfL6H=$PbDIP?!kt;f+*SV(tfUSD%j$UKRJF%p$1kYoE02r-j-1Dji
zff`D-N#kYS;_K5P23Wj5*+TEQU_)isp0(NB;++hxYZiNv#zXHaOb4E8XWhn6zUF~2
zy1KW$ojp}VPh`_gPdYp(i55U)M@>hiUfpOT33O2X<of>W4+CRX7u{!u(M}xDc!!DD
z%wvc1ho;z#uDDWTjafg(uGy1;p8^?er@|h7-czG&<gtZvG{^@u)Hg_|Q??%mp|_Bi
zT%0WiAQRdM<S1>9ViDvo(#pJ=;J)LGjOcp>^mQY`cL$3?!oA^EE~L-4D3uycOx|R5
z8w@gHuASWqqyD$>-N@l#WAx^?KATC^53a&B_4??pHGVj;5qqwk*vL=y)@}XH&}vbZ
zfpgH)c4!dmhhM8fzBYZs(M7@-k7!+upvd?;*90r~!l6Dhu3pax>OTWq+#2rdXpX(i
ztW8N{J?`s$;VxkSA!n~#TzjYYNZ8gFfscb|bw5p)&h||1sdt$Qf>hw)0yC!`FWiy+
z>FgZ&xM=hH&l>KTwQ4zmx^D|cM{0HE!rl`I%nJJe1|44~W;J>h1%FJ3ykf@mT*9Ar
z6B|mFYHgbY)g@Qddo>d%xQtc?bfuyp@SWd$drjen>C|0c=uW9eB8m{+^wm-%Xg78s
z0-O>okfgG1770drG(k}TLl(H0I|}d~h@^=;iU;tv&y5zEa8c1K<aTKe?BKuX(0P_>
zgi6va*y{D)*<RoXp`3+vMSZLNd*T<aZJ^$QUbAxR>@k?z9{;J^0Mc-!yyUQa6?~e?
z5vRH_gedB4VY5k+23b8<kjDl3FoXvPWc5`xG(%r|%%!8S2n(&`E#X7GR<YQQvTup=
z>WYoNgAVT9ledLGx6Qi6E_dW9zBtXff$vQV8jJw>(QUCWTjYvqJl7u&{hn5T{N}$D
z7gU@_7ZYIJ#N=nYrpD{yep+#wJ5@%OrHu-QP2w1**0$9rK|`0L(9z%S9QB^Qxz(Z9
z)f+wA`y#pXi%1Ppj>F|=#!ZZ)_<7gTJV=EvOuGY7B^Hi@v00i%VrBEf)zH{=?X44r
zb2%Pm5O&%#26>wvmg(XhjAN$+og?C_LuS?`*r+sY@ydoX07XVx9Mm)3--adLM!+)7
zvU0Ft!MCIQ?aS*s^FJ3sLlON0LxH3oi<3$98FZXoE>qULes8%OcRYwWa;S8wF)<^v
zwj^-c*U-{c{vT6U6&1%8Y=gVIySqCC*I*&I6Wrb19YV0+79hC0yK8V8Ji#Hr;IDJ<
zUGKdQK87`G_4Mh}b#_(lz02`E`{1ig_)@_~Hp#jlSi4V*+`6EHD8tXko<0M!T?n0b
ziSKUYsbf&^ku6qM?++~5)DJ(QaAR^*p87WNFXii~y&pKY%<LOKzxf1)5?^#US6#H-
z{d}+U^dPFex}C~$*CI!uYr&Roy0RKus#z1UX%jYP6~vX)mg-I)>1x~tKsF}5U<4j}
z_6QY%FW@BJXv@#y*}8xFe#et%nL;KawA|jhAK&^=JW9B7Lg~0-O1k>ryWBgY#+=as
z1u)Gws@nvMj&8WGnf$NMj@_YeFXuf$Dbe9^Y;gzC&T;p7GL~=DnyaB7YOp|dwsg2@
zY2p0Uid^b(%F`yDHz<uBxqYrRc~XIvc!+J2%2h3*)H}+kuN*#y7ZUzlNSnu$5gn1_
z7N&Bvdi{$V^bvxx9CHG3-B%3AiS8z?p6^I%noaVHP%MSk<`$M>t}<zgUHMeKl7bp~
z5)oQe5VMp^2||w&&Ai;8=@LDSE1RHFsJf0twqu*8J=~hJhab8F@FlG~*S}G{?OdS0
z<h_aT##vz75_pgdJN;Q<=(99GdJtDaPT(^6H9S9v2`d{hx4BFcH8B*f<B@C0AyyNn
zLl>#p06(_@sk>t7{V)o2@ks$18a`(xk=L6Q8dS~m_PcfYu=-DNcl9?}S>m!M9K?Zl
z(r%p(w2zS^&b!a>$|PbD1-TT&HfMb&vUvmW9ZPlnRRuf54t&$@x9oMcc+FE4xX7L!
zW~P47XZErj8?K15iP^!6*qGM>fPmy62Deq6GvViZWU>^ms{&~>(UrQ0w?8phT*K(R
zF$7+nh7|LV(k9vl1~_5FEI5cTcDz|TbP4^o<v(pGOrZo`OZ;3!TxNB5w|)feZD`B&
zZa$5oUDjMY*z!N0SZPeu{&q`ZQ#LcvK~|xUP!dFLvcW-3Cz|uZ)=Yt+jm2VZK$M9!
z>2M!C7dB>bBF!d!?U@yN6VM=Hpk9*DcJ)G!ia?JEOJez)3_k*D5-i~O#xBGY6#UA8
zkIn0~sSMQYGf;HzeBBDQJA?B&NC&^~g(~%K(%2m$!VLC{Li?X+fBI37GG@$iVq($b
z-LQ#@^t5iwo{7Px5q5n+`>-t<ztRI%DLeU4W`>pg9-G#~k5D<EOM6G>9<d8nxd;O@
z6_yLh6+VJ8N+x8Mi^9@mnU4Ui!FLF{Vh9=P!_HiTTLZ4cUB7O{<|u9})jEsQ_dWWh
zmRbv=P`aJSp|S{_s>p@nffz5;5ury4ljX(X>H>YoV9grL*Vip|7N<>rcD)uDecI&U
zcmpG*bzTDQ(*p&VsUH}i!6_1-KF|ikUy5p+COhGP;vIgsjogmxF!bwZ`l!JBZ%Ax2
z531vqD`+3-r1Z!wyRgH9iNRmYjOt%s14dWKh`-USE-ZwOjmc9mLUqBUY`2CkVFHvS
z-wA1md#zd@eW7wKvk?QtDum5NxQ+pfmLMiAEZ~2UqK+jRQmlawt*x=k`w@U3TMh5`
z?N9%PZY1&Eml~yB>v$oCWwe~V@F&X~gI0%hNyu|_ET_d(9~9o-IM@>x-IxA!KuH{z
zbSY}Un+>qUD0^zmh>|=&*`uQ5d-WQQ@4=`7Z6ga@dRDP^@}6L|tN7cpif5pppqLmN
zzjJBRM|a!X+Y3o{qEhob-w+UQRr?x|kbqjSp1Kv}iBzn&S*_ArCw6yA!N@GY_th4m
zmC`r)@~N|bKi2PR4NbtN4hiP@5+<awS`ki5OTio5MG75aqTz|6Tk{nW9<Ch6o5c1M
z;=uCZU~P&d!=DABMXdrpZ{!3iU&9;CkP#3v@DfEyOI&*SpKfet$)hY|I{oB~Uf-qZ
znbr_StXYoLplwNUNogbBS#iO0zk9K8eaPXc*BiB5=m!hs&CHzNOjI*HWnm>ogk44a
zIu*)lz4B=L7F5x&txt`O?PG#jeyaTYCj+j_X+T@OyF-y07VY$0F$2hVeeFGO4tBuJ
zpN?WndFJHRHf7@J96(N#@Z6*Gj6wXV<0^YH*s>V4v-@|53rm=`o23LK(~(PCnDN~o
zNy=nN#g0u>ph?IK7^I-v#EyggxKrl*$p>tJIID2LS*eVtAxQOPb|~KEeA2SWL-(l@
zt1LW(R;_a#*kYXyg6tv6RECc)1K{f}&pocZ7iLoLM;w0tx*QQ!^>LXwpM5m&n!i!+
zrco<i4Y5F^l*bcAM*Nc#cxW4>SefwD{pS<0Es;br^p+;cjif#Jxl}A-#_!w}yhtY+
zbFuY?-gu(5^yc8g1EIxGJnMe_$#0M89x?CeL9!HmW@Ep)yaK+}rztEm7}f8{_8!!b
z_ry%<ca2u-T_~|N1+dD^dZY`J6eXFA`jJ##VQWZ45(zsDS~6xeSd@2;w%>gHUR^yw
zbUi-!h$&B)&YmAzm3rqCL#N7yD%hS$6W>7a^GdCYh|bwwXZPTzng9aNz}Fk_)P-S?
zy9nji?az?1f<jSb{!bNP;wO}ix1E&PHIcs;E(}^fm#8|#JQnfA-hMjNy2|Vj4R?IG
z449O2TUlXgT-lDd6GSbyLQWLBCRe_XJNv9J)x{pi7I4nRzsMQKc&3ZIdq5W$o#=mB
z1Z1cq=j|t~oul0g6Gr2J6HYwSaBuSa30l+9vt|ushGy*ROn6%vQ!8cNe43Kvl>#?~
zqB^H3xB5`ptx=%Rwy%9Zc5c1l?*`3=JV`aOg~?W$F;mwf?~xOtreWg_s=B&{gB4i&
zFygwhVs$usx`Y{1!a07x_$v+RtIn#IU^u4UxkXC!h(2xT@9D~)f>>gIczcL29ZO7;
zU&J>%zb6&BmUFDHNgjV<GN+jQd0<x$N1d~Le&bJfitEJtCV0yv&M}u*8t}&K^Z4X^
z+H`a|*Ym<844yPGVOC3FxeGe+y0P{<#mXBlFteO<*@yAFd<l##I<lO#(r|uWg}WN-
zI2X6I#M|=w<=px95*V4w0K;o5-AL+_jWEzLyT%ojd(Ij+HA&%;5<Xu7nXvis^ofxF
z22=F0PGx5{dcjKQMNsrQ_#QNr@?ynZin@&qq~ypRhF`{RT2IW#`UX^bBDSVKf;UFq
zP{n*tX{Z(X?#;h5?C{2Eg6?@%oRN)Q`z<f?US|R$jYPyHtdT@xk&W6<_P}GIDg`wa
zDBJD#3#}I&Jt0RHiF1^oyR|?Rd}a77#f1Uz7GHPN+vVF!OY4zuk2vMW_o4(cfu2GU
z5s`Bqzu85v`g(?ENCS1yB~jzy?>BBaHr_@XPF=GHv_#*W{Q#N}Wkz?KLG=d+%T)p>
zy!x`MYuA~b!A#uj3!9;qZm_lA?_9@T%vOGgVtu*%y?sUSr0g5&8%XSxBUfOpEv4ZD
z4c4HU*emDj>f7_o)#Ax!NKggr6nIYSd^j=S7Q6lFadv$js(j6D!E(rzzlBf>p1*$3
zT&D2c=AhdAgPLbkXXs~u^!A=Il<ttZ)ptG=Z-}?=Wqi0A&W0i-Ot~mTp(<3S*f{XA
z)2V$K9T6^><!kZ`PEuT?am(-8c2nshby-f_5S^NE1wkZ$=##3%)*7X4WF(oL6FX)z
zfZdinYl}|D2k+s6hY>Pi*ZV^voEgi1$PQMp3W6~nlQkXXjt7r2npsFw0$h|86|r;U
zwR8KpT6gAD=L$$+#;Nf`Y?V!Z_xMl6yB`TYpHybgAjNJ%wy*{1v&Ql?JJJ&et()SA
zVl_<<Yv%;?AlankL?;m4Tz2as=|@M;6Y`X@^C}_;yT55U-D?Gg-3|^VZ_3vYY<C~+
zfo~gRRk6Pyd4WrfMzjK+@jIG1H$0c=E}yR)3hcVFdlP$}<)8l~r>im+0~7+I-B+VG
z!i$5B7Y7I}Yj(BV=v~=+e@HR^(@*>1b$_zF4wttFN_)VPQuTaubQ|W7)rLyDnQ+~)
zzALwAhb<RR34Ej@k)pRS%+{;-?pW4{tr2~UlU_NQ_!1Yr<N@HOncWtZJma1!N}q&h
zRI-;z|Jh1Mq?nSvkKo=X(V%XD@LK-`Aa+$Tvlv^I;q^R@Enog56N_Pgsxp-5iW&)U
zBkTSXx(zTW3eHj^uYR%l!5og>d5X<l!HQl6Cz{!bQ`v1ZvpNPB)nyFL58-vRoiAU#
z_PpB0F)ewhA3K_U_2&ycrP=51_P!7SZ)Tkd37l3}r*o_X5a0WQSf9_H#DdZjZ}a;D
zemi#{Zom9apB3<T6(fsut#JJWvCJLQJKI=suze2n+i!-{TYD@Cwn=zQS8yX}lO*c>
zuI4U0R`R)Y)R?tECX@~i9tf@}4M~be`J9|}MYE>XZpah$(sFq5{az#`Ua)kDIlW+2
zJPX{kTK2ZE%qxn<=DbiVY1D(?jI@VGwd}kxt8*0DqU*uaxz16vIwG-5^w`%<y7Bl~
z>Bct2SUDu6vmE@BzjY&|C`NWBsWnrXR2gybNsmXOQw;FU72DLKT?F9rCW69oIEIHN
z@K28i=E2n8X(OHL&zNCL@m2&BIXHXZ=bqtpmFxM=w&deb5|Q>uN;qK_6}YfU`Myh=
z^~fVbtTT2y-^*StM7{-0R>O)nm=fl_?#Mb7`g+j8@W1vKwcayrOP>5H0zc!O_a({E
z6g$?#JyoE+;om>+h*Q_g69=4@f-fUQBZ@57!{zYi_P6%Dwop8fTGwQ7DY6JXUpAjE
zEk?jFfi?y;VzG(-e;TxJi#^mGAn~9#?wA)p_a>0}y^ubGuO$0<>-d*q(EN{6j<eFv
ziUBnmFKo5i7^v@JJ9PW`wRkr6a-*g@zUJi;V$kCpC)Nh_-tXC;-|c+dq0=*UqFuG6
zd>2jS75?7;jUp^%-Rwr4L+nXJes0+rR_uApbC!=vQj}z<NbHfY`z2+&@PSDWC%*3K
zC6vD}AeJwsB0ku*{u9&A&ym2G#BFyr<Zh;mIq)|aF#s@l?cTZyF$B5&77lp4F#@@r
z2s~eA84WJfG#2)6A$1O$Z`@>}?dpm7qgx93tV~o89C)s;az?to1MJ=uhYLpsi|C76
z%nHsO!l_IeI!@1QfLLY48IC6yaiwt~jN4^h8F3SZ!^RjbA&3y#_b%lpLdzIz*EDpM
z0!ripWR)gbxfDc|25P80T*X|dOC5Z?dIAmY1~IP4lCY>Yk1jp6DKo2L{t}^avyRCX
zG`eT?K;<Vh^G{GsTk!FIFg|yeKQtIGy_d<=h-$~f3e+irhYrIwKL@Ry2F;m7jFsU~
z@>p@(j4sM(#}Q`OSzyP&NcrLZm0hqbyss|~$|D&$V;8U1>^r*e>kTXW=1*Fr7K~F4
zsku(*J6g8ltifLUcm`WB+wMiRqSzb0Df9doX*5D7djBcPeL82+eo@gMJPIco-3&_2
z!QR=JP}x;9dW6k=8*l~pcNz7^eO^ZrMQANj5e`axd6~gbpy3!JO%ns(d0urn211d&
zcA)JXB?==s+C2s9R(v%!+fG%g{=EJ2b07w%!J2kuJ98pB7V`Y2%<*t%iFr3P@QI=k
zIm$!fU8t<#;E33>HM2l-j^NV<FKvG6C2Y%xyn%9)t~Bo(>c9*<<oN|aeTb4w?0K6%
zx~xc_fnOiI*5DI;4pzx`RbsX)?T4V>N5nrnujuGmu_4b1I1*i|rroh3-e>D^<qLTF
zV_m$u-5}d@|H<$ERdzPJeP@<scOuW5%utY*-p+D?qikROI3D-wZ!O2r4-FSDBxo3|
zKY}K9S7o~sp8_t?Da+3;<au35w_nFCFZlwmj=;a~1Hx~;Fjia1#2yaQFJFwrJjEx8
za4j#rX?G0I2yvPl%ITkoUHbgTo5GX@lYK_a-T+Ad<AHiDQ8W?F|8jtTLo{ai6DoG&
z$>k>7R{S=}mP7E(y4KY!TR@B})x;>BFnEsdeArdiC%m(DIqWF!nI{1JasjF^dKMOa
zu2TVN%rO5JGAPUZ9QLyLRot<;K(%Z9L$jJJZ<a|<Nsc}05ijVQL0Ov=@thnsuL^XZ
zQ{0Q3+-$8d?O$;R`x3CZ4IQ+Io;;dZH5Jwk(h^*o{(M&>Ol{NMiU&$)`k^HYN-|Vf
z0%_V1xk@lY6S?YbN|1(mWNrEc0M(f?ncb!28+!#~u0jKxt$fC<HoZoe6%v9+4%X>f
zTCBMy?ZBNPc|Ym+suF35M6N#`#%Dwt3VrN&*CKcVZ`#f>B(BV9L^M21!eC=ntA_~=
z2<3)IhFys|eZ2mUsV)Sd26I<|=0I$W_O$Y|NGkz?2yv#!`CTcSQr`rNkvZl8Mj^uz
zb)3%mg|K)H${06Rw#sGOQ!b9HU8G30b%Mxy<+ijS*JEn%+_G5W%;x=lMv8%-G2a{u
z+FsGc8#|V8tPn%*FFdjlf1_8{1mXakysjtGxY%2XN7|0pNU|pZ(VO@@ifjgeKVN@A
z9-ZWfa<t_~8u-E&7)o_i8eUJDg;3KCrVO}Wyl@UM);>mEw&9s&haibAUA>?U8;V9a
zM&VtlqAl=U?KuzAEec(*j-2~!y1n_jd*=di#G!DR+~ZG{a6e_}b$r+T04aJm*O8BQ
zpvGD{>vD=C{PG+NIBy|OCb-{8<cCH?XBtyaO97guG0L=0uoRu&rVc|aH&Lp#-lYSK
z;h1am_=~sqJxaYpOG@A+|Ga^jJONretlcqGzst}(iS0!Xqzw&EqTIk&@6OA4io1H_
zh$*|zY?SM4bOauGSu3$4Azm;LZ|yr#0{E!?WqRR1P4J%U+PY3NBtH1M0*TV3ln3+%
z1IYZ(7@0rL_Vblv(psB{Jt4;V%iz<c&w6WZ7q>_ZT^^Xk(C3VYc~mR>LTSoSpIMoW
zGZTA5ljZv`?uuh>PDQdogDO03Xj)hPs!0PrNc#rV9${|qq1WF0@^oN(9oK2>tghl}
zN6<I=+kmPgT)<VRBPf{8D17;3SW*lu*zNk3V%5!Plm7iuhju67qOmvHLiTd9;q==Z
z$eg);24s9+rCbWAy>VV0eD!6N5@L4H9#>;C#50m@=Nr-mBaxKvC@np!jFwl%D-c@s
zIm0A-0@2A{jz_MBS0S)HB82pnXTJ}5W(4`Zer98AqYii)sM!h4dxm_Z#bsYz4(SlP
zHF@5_OO*W1gV2TeO9N8=u4URnV=wq(D-zBBdcsLMbJjfY@^gc~*J1gH^KtwDKAt?t
zGLY%Gqz`mWJ_OyeS&KL~FI;(Q*ut*HB-LqrU(jcV^ZZqCQ*^PleUJD(kVY(yr<pqb
zu$_bU`9jlqJiaUBf8u3235A5^^57-`aMc==t%t3F3Z^$h>Fs6;E`9v9RnBi(ip33w
z7(U$|edPIojvIy=>y8%B<#plL^FKr;z!|o=xJuUf2>Xz<CeL4H=TJNI<RKem-@VuJ
zxS166v|A)L*wc1j(=yV_@r;TR@VZ$8lI`(<JfAhMGS*uU4D$#4IUm5=yV1+vHn~uQ
zUt=9XL}LDs3Rl#kFVTs+@zpu!-*sVoz{3XMzR;OMr`2WR#_`KBv^SPqKUd%UCI@qv
zQeD^r^$F+Q%UG{tt)AhcM6rmG70I{D<UM}ZbL1_ra~<M<Tk}pAFue@j@YOh1;x33T
zcUTd~nN^<88LSM%3#z-wAv`Tgk($;<Damw4(#0M`h5tl;#H+rD1wc;T!!=s+XG)Pg
zi;#;+d8;Yh#_mVo=fjr7y<}O^VI(%;#N}<_h_sKgm%EB=J42F=J1cX0$7dHKAiTgt
zII=*<k;LrYA~eykxrfvjJ$h(}dkWeeQ6{@IP6}ag7aOSC@r`h*xoc~$XGB)ipDoS(
z#I7Rv{9`HkrwWd>zJ#0EP_LbW?cMtxv*o>1Nh<+=LbkV8ozA=86{nqB?=2kxw*caS
zn!pF7&VYS%QvYlD>~lhy1Hmo0Yc#P?p!7GR1>XvE`;dTAfJ(ml<nCa@{T^1{o1lL5
z85$#j<3Qy08^s?)vk_j7#ntd&c?7Hvd*IChw7mkjz)-qeKS&j^CrsrWf$)JyLzC^J
z3VxSocICVa*}!E2;p?56%jb!j-OLfv-V@7qwN726*@NQ*$eK64^$A*~UXlCJ`>PVN
zS6I+s>iLJqRri;Lo@aRO1b5<xO}5L`r*4$D>C2H{xqIN9NYQ9DP|0VcE|HuJeKj-h
zb~qK`>v!ipZ|Pol52aVv1<R{P{P9#ZJt66N0XQQnBqMc8%8hvep_>yu{kEru-VgVQ
zyQyYXqlP2Y*qBZvB1*kyN~UEvU-%#Usr~}k{$lX>l}*;^5YUKm!A5Ak*z!a(6cvhU
zoQb&zykhNq3nd#`?tbO*JFiyRVFPl|OUuAlJn+v8!}eLq)#9h)1#oQ7D|_P>cQfzr
z3=;m(f@lHybc@SgsGi{)6|soOfE)H)Gd9#x<>vbI=H;v3AiT@p1<SME-;rL9)^%Pb
zPs5LBgzt{2yl$lU=7qQx1+qg2aaf$frLfmjiOIN1t}s48s<1pdUl7pcW?fO_eK46i
z8@&9-N@*i{R<CRTgf2zWH8%G}KQc)OBSyTnvy)lMgd8M$V4YLQokV4P-5^~pldW8;
z3U{#ZC2oH7B}%z8REiR#P*`>ItIShnZDe_J7tBWzH{x%%3Qwve)a|Tq`i>)8F+f$@
ziyrqkUBCm+a|1wj(DpxBDZ_OJj{#hQXSBeO0hX5}W;O&-gabmVA5Dy!L$3H)x)OC6
zeMCLLX?B<CJG&${JvgA|_qazk6#Xio5o;~{u+TGNaPN<_x3It;`1_OJJ{6hdb|+z~
z0_m3_Yo!k}CJq*uiCb^>e*0K?BVRWtvlGof1s~=4!i*^AN<6LZdHq@L>EBZkjqL6Y
z5Pmoz+q;icDSDaGS{-<U5Wbox!Y3i>H$!_tX6tdrc6<g|KOdLgn<;msOYYj&d-Emy
zd4+RR@`pUo4Iy3w9XFuCAI;ARg^dNff|;=j*jkVq@FG~S)eSqZe!KFot|feQB<*)q
z5eqkZe#E#FBI)O#Jq~y|fpa>wgUfx`H1j$S*8-{!@s_KhFXcyuQl7Fx0e7JnAf-2I
z50vdrL3c4;`?vI2M7mm?5vP+A@a48YI$IupV&<5r-^;nm?sAVW4g&?G6p9F4!tQ9D
z8Nc`LhtB886!0n=*=Nd(=!g{AO8`5-Th26s&{V{tEi>HFkawrjb4S=#+gd!c`$A72
zUqOH|f@i#ACvMvlnfN~0+eKNqn-GIiZ;2$hFI_Z-Ozcn0rKzblX&;^F9|+;QevC=w
z#9h4YZZxB(zR=4dd2&0`;w*!rBQ%h(Z!eie$bE3$OLp|Pg<}VAEV0*z7k-aN;)FWe
zJNk}<QeT-_pHp*MXwpG>TB$t09ZRpMpIOX?viA>+LV0+v@TxuSDZMKSdv!*BFnO<!
zFYrTLQ9kzg1X;abGB)>$Ucl#CqLIEmH}7`aFg097z$=krQQKWUgj_(K3AEf3bn(0^
z5B-r^qM3bhJ2>4?EG7Z4Wjsbx0gZ^g5}@V?N7lV+KL05d>ziA!=YQNFyWHpM8Ax_L
zaz4fJNPPZH(dd~w(tyU5{PLuQK7Pt(b$aS}_N!SL|AVH99?xdD*b~~DrWb*(VKN}N
zBD{&6h@zd3@~W(S6@}hiH&b}A!0G-ombja&HG^1f1=v^)D#mK->%TWz$ME~}5|~iK
z#lf_YvBOTp&czYk*5(~|*R+?b5{SLs`Gx?}b*%GsN<e5$H}pd|5^BHPjb+<wLEB7}
zlvOEcIDikhx-n`<4^H9t|1I$RCA!_?&U>cL_aZowba)P{^lC8ley_aLNS6AQ^Z|O`
zX$vA9p1<IPn_$3{Kim-?%WEZbFkdLR$I%niQgk9$no_9*y}-qFe148gd_NEMmH1Je
z8Wz*MQAAKM27~r`w7^kID}4tlK?+aWoV>J$d#8(_0QCHD(=YfCpOu$~M+~i^qy&GW
zk@ovHU{n2Dy<8*2%vg~0r_dB>Z)2V|GwxD3sUR9=ET6=nGsOLt1nbA{iLePHzo(Dd
ziO_0OmY3s>0TK6a2TzwJHGVMnn@=!)yD53Sj=BC&;(1szV%M(EyU~*U%u+t@L~pb5
z_HKZh_IcOEgx9YrO=_2QG@2Ue=<Vmzj@BonyaBE5N1o1A!7xfJwgY|a$h<d}^&^K3
z-x<8ipN@Wbn^csvcFpTuR_`8GjM=crNow2tFROG`UqnOS^CNElfEFAPT&l#?j^j2l
zM`Uur(JV2&V^5KwN-t^&giqMnO2&!un~R+uQ!#UU=r|>`>-Zl1kmGeXXSAEk=7($a
zyqkVG$wY@P?}%pRxQM8oOEi?(V6XbyJ_=SO!@LJ8Ya(&>8;p7;G^^t~+y(^oyCi*6
zv`+-S47!*#y*3;sZdT}s&D-59PVwx#n|ULLkIO5=(>(Ih&cA25!2L((rbixVq&~Ya
zE1gr$URkx)`&J^Zh$%>zQmfm+2jK#vZXSb>q|B3Sy%#qFcHHkvbxi`bz8B1$u+Ibx
z_;leGmUB$9l{<;V>xNqzitoPNLoCLxn}*OIm`Y5XV6kPx-oiU9#^BrdVi~pHyS6@^
zv+dCJfLXAIWB2GbJ)m?m_{lP{>$U^28Gm8oYH378cAX082d@tpD(Sq)<X~bgaLrot
zXn)HK*0k(}eA&d3S8dO&=3gM#8SH_aWD!D;LXFIQ!Rfx=;fg9n(q3TOi`;(V?Y>TB
z11a8b#^#A$!tV<m>9Uy5O&JPzd)*s=`|-|)XUO~@2~VWOoNQ5{u!c)H21RA5F+)tH
z!(hsBS3hf`%R6|mtsv88d>~X({_vhP-NeKJ*QX(MQ`QwfSLgk?;5U)wPSHOo@%^CU
zB~9bzQkXoix9wflyQhci^z(ruu_pq*gLS~7rF=-~h+^YrD$kUqdGi~t2jSJkMF6lU
zrx?wiDM&ib0Lv?3plaP<owW&H>}6^BD!fB%=G5VNw}7s|^)XDi9ZdvPL{L}R)XS8#
zK#rI&93L|ib51p>YhT{DxqatWn_O#rRfLx<%!Asba`AXYgf}5mfWyU?ANt72;S(!7
zf8QHXJclt_QC^l=>++yfHcdF%49wL{fx8?F1vV!_vAVUmoLX@>-<B5?3kyp~5*3BC
zMC`n-o*pnN!IZkUEHz<p1&OUQsJWS!LKiB0ld@0x0sBjAA<r!DndEL_7@%`ZHZHP{
zdAxi)so9&%<m%^O$VrgjjlU~>DH}@E-E{~f!eZUo(i_#v8MBX^ES4$P?XxI?s2PA|
zcuM&7!9UpadU{gAzP67(ZzQqj#y$I25C08!RunudVeu)1db=I7GUfizJmiyEH5Y=i
zVf0kIpx>!iY@q-%Gi%?$YEQ?F4|>1vS)~zLd^}=50*$FPR0k~HMVFu8u;>#c_4TLy
zdwbTRla@EN?Js6WRg52{b?s778tZa~%hGSOafa*VYbM$*Z^M4rcr+QXp|rs9lw)Rv
z$8Os1&uv?C^)->ALudC|pwL!fQr^8h_CLk`Iw8QiO3N|BTk$_I+AuT>+FW-an&e(B
zstfihd6!}cHTO)MM&lx-p5BaZ|8ruth7;68FT?I}i@?*-mTUW}DJEO4FCO-iLmikZ
z#Yq^VOA+aH)FLmT&zy|dMLYBI=nFn;h*aAYkZSrGIrX{UXJ=fVZ*kL}<5%6e85^=)
zhvsBonOgm$1&m4Bq~VN6^PA=Be!xCIT(%<2hBAGXBWuScK{8fehUX3wk~00$0R4iJ
zhDrZ>eXzI<HzCC#155e(mv*J{ij*)ycVBhjZ(gt|YObE(U7i#!OZlgScExg}ufGde
z)z-etp?;O=yBsT<NWDJB*MNhWE+v1|pgWUg32glEFm>h4XX*ll=L83rt`nNZ#p0xI
z^#YKyTOdEtjtWj^hiQ8sgi)bJ-rTh{BJq%hieZLNV+Hk}MQ$8KuHs2C$~UO);XU^y
z^A|=#b<nXT%@)W*PXPkSKNgDk_6uR*7P<@H4m_3{gaSPU34W@KSRe8v{!}WuCF0>q
z1+-33Q%O^Ji0S<5hfe$#BG?5qDyXeQokOt$ZOQr^(ZSzs($x_(<|kL`Gh(PPI_S5)
z$x#0CsnY3YsQxz5Vy3lzf8Drw^q~CzEG~h*jCiZQg%*=5-O4ROYgLP|;Xjf$Kz*6x
z1TdFn%yvgvD@SUWT|3qTAQLuzSZU#0`bYwkAIcV+4d5%+tJrmOMpI+TG+GwMOCW7-
zIYauAb~3)ezO(#@!M`k0W^af18W)3Y)vYF*`cpF02?;1UVWsSY4rM|~is)MvowX+~
zeL7FQP$-Ut1>OPo^_Ta31YCL<+fm*Ep+N78?k;P@OndU?*Oq#qbG)=fd@Q&P(WQwt
z^aZ|<hQke(YWNX$PE0s~W(-n8y>7=lz*(Ns%Uw$Wm%<=-AkGS5!3^p+@0)b9M#w-}
zu)1xKI_<#tHD@ECre=B2W<jL=6xE=V{ulYW&cfc$j&wd9z6GjfCiU$}M;~|owUaDr
z{f*zM%AAn-9&=s})0x)PLdk*NK(yF%_!|!$Cih5o@~HK>%1H+u$85b$LZtu$=-MAJ
zSQ72HvFh-S+dN5k<hw6AIKSPro^o9=82Jf^M33AuobU9JG;#6B34e>L+<Oz-TFV}-
zI{e|p@a%4Z!V<BZU0R*7gD#SM!57{RDJW1zMoug|_(Kq<{?3PXM>Cz)x$uD5&<8|A
z?0-WK`{+xdYZ&b3jeVw6*_2~D6lFzPD9u3I(ZS9m8h_qUm7({gz$@N~=O6KylY<IS
zUZCC@&Aez73w|Qe5#CcaTdhwpi6=Rsh#ASm^{Y&7(04fyNA;0M=SioIDT__q2%7z}
z5vJ+}Ti}o;dobDr-}Xd~Aq^QFcUMAlCdsNWiUTigm;WO7o@aumB@437duwWsFTOd;
zd&<8|biBwtX6wC-_t)l*Q->lm^#_0=;l>D?X-D9bgDRR%!kSLR7{ggdIWQiB?f-J7
zjmd_%tW==de^`qk{+mRZN#B+fA4P@&`9ryS_>4V9Nb!U@XTi|)S#5(4N-a=u)YZk_
zwe|^t02K4BE4S{MZumr}k@Ne5>nMIh{|YCJ0ne5qhXrgb=ihRWJ={Z=mPm%eJ?#n5
zSW*uf67bg_LgFatlgtdRk7T-cMv-Bmgh><0Pe&hEA8e`Ux;Sa&%7_KtXaeo`%hIzi
zcn7S3V*{akqYU|{A_nPb9<lvL65T3IdP(aK$+F5JV;4lxOuFhi*F>`YiO&;iqJWvG
z8(=RxQs`RDJx)hA=tinR7TveGY}^9u=TQM#n8wnT0&d*+X1;LkLihc8Ymcg>Bpl+{
zdYAb29r~2v<~f&-^c~Uhu<Pkde7v=Nm6@{E8fY*DHOscljvcROW_E=c3H`rZDE&$L
z=Kk5TpbbO)x$tivXiVH5E{j+RUiY&x^K^6vf<&T}LZXFeEy{*sqzDoCG4-eDk+FAU
zq|~`=Af;vb{U00A8BdPqijL3DaQaQu8lf2_71t8y=^3GhcxgbgCmMLtw)w)C!5Vlh
z@}0?YMOLWP)5rR9D{B54c;SnMFTcRp^RWr?x2j!VWs^zia|Vf``@g^McqZfqIOr{8
z7e8d{Nhn7CeJIm^%|n%GlavOpCTkHd0s}Bp2;mGDD)$zs1Sj>n%08=ySQReuVoEK#
z06x0Zt#Yc#PLw7x{RvW-2g$XCv%1vha!GT%O;KvL_^A{{y<iQvXhz*qO|Bn#<7!}L
zOyflx*{VS9yM%Tf24Ot+3H1q51pc+WL87XU+AJ~fb6Z;gRuJSx;Io-4axFFcIAPq7
z@ZUoz8>-Z;0w%e@Ph{CQ>7M=g)e<x3?%lDQ{*N$yx(Of|&c%JaermSU9m$>!SKx&R
z<PR}yW_5i``d~=RCIh(Ya&N^Ar_b>s6dnQw!K{ih-cv7f@ak=cUObFF9mFNct(0>z
zyRm~LsioYQpQh?;HJWwU!cQrKWn^xX!Blm!o5fR)o)@wcU2)?VG&_Xx5j&4Xs`T)R
zfG>an9;WkuZ!)u%TfrCe6a<sWtR00ggj~pV<+CWEaXO4eZcP3U;y?Abb7W)+Pp<3J
z9WM;e4e3DADHL+q231XV_oAOW7UYW!a<@0WADsJCTRb7~PjAh7iTvj|kPA4cO_1Er
z3znR*x;DgxEgdu{-*Yl<V_SACZzlj7*9uv;N>{u|L!wL9-*cq%AHfbV4F-tZfU7aU
z4Jo(7O;M-OrNg68w^3tA_i*{9&-km^GWpz2AC6n{R>IDs*{n&u8-29^!F|t=D?muG
zXX$Ds^R&`nx@rEuUCihN(Gm$<%dd`_lt{O)bj{q$K_Wq)u?`?0G$n<z;Y*aL$qEvR
z_mYX%X^Yn-N!DpdlxyHh*c~8AgYW_3T9Xe-xF0EjX1WYR_?oeFv%YwdZqRC3_^_2^
z?wOXQdm57bF}E&Ql4H?kf4Vrrk2O-)4C=sz^p!`9^Gf)KUEnxVotXoBlU7A4My#w_
zkvx7X=JiA6POZQW8db`aS<0Ca(?OEyQSua?P9`H(NR|Z25M_l~=uE&rPJu^VVMwha
zf8)IhU<we2V3c{c+u9GKLY-i<SJ*lR-pI(!3k57vR_B>5zT-Hp5VL3fsnwZMWxQp#
z;-0m24{0!JnvUXWfr1Ui&^_RU^_>RkZ^I+oDnTEbv9H^)>oTjBV<-J^n;o-Y=jV=U
z8^XcAmC>w$VT#4XcZcOCfn}bKp~y**EK=<^<(8<bE1V27oVD#+{KGxzAU5d(qnUQZ
zA;twWR~bUG4Bs*Ulc$H4X&7r>hiOa87qg14Z;M)n<Fns-A@I+p*!tKSv_5cW9~?`2
zxwj<$oUan?EQ@UFhzRN*(n){FPe&kS7%u%zp2}wGArUi_X)U)%n1SLWm*$of{dsmY
zo#K-M2PY@W!!_kTAr$u)0qrWEN~;gGUR3nv60=!KP7h1$LLz_*YqLp!4L)HJs(<Ld
zXbBuw1EyTMJ37j(nfs@R0~mxg<s3;ZS)oIVL+x*Pw>B8#2Rd%<?q+^6&{y^F6)qgu
zOo~a&KPU*Y2L4PkFWO*4NKr<mrPeBF%$8f$Qm6kFY|MT3IKui@Ebq;>1L=SUNO;Wa
z3Ebk8c4qV8KTbnyfP}vs#F{Pscp%1{BR}P3>Iac8ZHjy8qvE>}wr-G0g;-ave+Xf}
zf$;<AoF+Va`O5?#JijfP+QS<v?D!(JG4Tpb3Hy2q{LA;ODg8Ee<e3V6`9I%x{}^tk
zi?iYn&7VQZl18c;h7VPUH!qJncvxw}R;$4Q-L`|S9*tesfSw3>R#ZRGG8#CKm^lj{
zu#u$R4^AZ!>a7<4ya_wRD3m*a60aUEMcZ?O@bAmgiTB^j0?kV}iaQa7{UgL{eKXwW
z18bI!(@<k@3+F=czu}7n4$sMV#U0^)1^LLpXMDW>yzCvM|32l`AR+C`QMA8drtRb3
zB?27wG)<Apwb2<%FuPSh)16TgH4$&vDtm=uGqOaO{#vV6W<Bn#`rwtVEcJ1{!KURm
z4fPiWJ9xd0l@g%EhpmoB>%5q(K%-W9{S@lzT9)csoAGCs(4PJ)Th9fr+UUn;lK?Rn
zeoshXY~SBbg?bxu#R5#~*1MxMK|G%e%5Xcx`XO(*&zzG}Q)W6pq(_f}w~s=%@<*<B
zsbz*oIQY54`}$awCMWw3oG7pnsYnw{HoIVJ)=_SMkbXI!>C4NNDd~T3HBco~njIa|
zHvBd;t4fBOo_dPkp#4QIU&B_l+`hNRAyS{U54=x(IHZt)EGVb*u+^<RSrr8`yN@w+
z9R4B)UCI}RvV}j|2C}0hXf$(jLtnUw)lQC~(ADi<TtuFv<vR7C8jPi+FIHHY)GYhN
z8MV^v<xSucj<~vekZcMVB8f-*8xip0=&m9`(tZ{8sIs(xk%PLBz`7le4Ll4Ke1rtO
z0WRc;LUZk08D%4`6la=6;17WgdFg=+LIR7B)#$pufKKmyW{cs7l>u8sgQJ<E129En
z?#bY4ga7gQN$>nTe*`QX#e&W%kGrXb8$Q*`OXVcFo<~7N4;D++=CR0f@Z1<fwvadW
z(R6b`#}lz~Hh;94<#a(y<j<d*v8s${6^7x{H)oaS0kpeP000f&bL@=1OK=6;J_f+2
z$kVw*?`0<#CM&Jf%5NN#T#HuUZ&(h8S)p>KVj7TGUd~s@&Mx?p`uiIkpPu)rj_9~G
zd%Pbrbn{u)b1FRG?y!WLn_ELrIi8o}`0MgA02tr@rSFU^c)3Z$s-WmzZFFMPdHK;<
zW~nm=nO|`>3gRq5256H2x)Z}np(S*L$Z#i3kQ}77M_kZ0RLcUSS`EBl8$u_`g*xFa
z<C49MlFA3u&vuaN<;aSE$UidHwbDn}d1D~9VcNvQXl4;ugocQ$_?YP36d1CYeX1WE
zXDKL6L1>-BD2w-@*LgUA;n;U!kaDH8YO=t0tI#&o305x(owAEiqLijIl3MA2ZBvJc
zU4>3nPiR{ekfUM5zx4q<8R(;nHx`GfQ$|d;N37kprhuHbF!kt*CAGCPLO=f`m$Fx@
z-3|u!WJUPqOodIWon~eI)2dXm*2>F|B^#Yw0?aE!$_)rW-=fzCEC}F&ex5F=@a!}k
zt)_=v@k;%rB-Xsa5Ds?;d(DP`@)zfDx@K)7cRZ*&K(3f6BMZ;O#)8x)lNiZt0iO(i
z*lUDaLs9p1+0c`&zDZ41c(^-7gAf>o5H2AeMW)A$t5&W7Oo&|Z{AsKy8HB)EG!|oO
zEyO9)rh&aXBN(q)>HQ+nx#H6lqM!RyjTOOt@dTTwnR!vCptZ5-2fCPttF0ovqQRlN
z2Xc&g*3^M&6_2Xfk@(ZcXWj8qpC3(+sogL9*+jjE7Er57gl+vEo>oPg80Q01C>~-B
zJs-19hb!uQn^cW^5Soj(5$qTIH+DGU1hUr={~P*9jXRQ3+J0HF<czFihW=C^h5JLO
z?Y$^*5F56%Xd7y|2M%H^iN!7FBb-eB0#R6tWw{1qydO>|iAV-uAgNy*VQ?X3R*E{k
zZsuAP42xx*E{P`i&k=?y_+NODDFQ4nk%2nOUseOM?~S?Rzz1HU(<yDMnAP{0T`*cU
z?u$$`pX<HvEcCH-eHlL=AkLR#U!PXB=~w1!g3cWO1z^=Ee?w^iqyyjLRCC`Vp{KNm
z*(xwrba)u{uR7Lwj~4&_q3xe9>0tnN*OBq@5$xx2!%cuR^{?(RE6a}_`S0WYYpnXN
z$;Qxcz3}!s&uWeb%Q}OX$;<V#g`o4Tu!WZV(LdkkTjpQ?8|IxMJWrge$XMPu{;>vC
z{tGkWkXrSi2;tI|Xfcps+2DC~=RL8b?IM2`u9oc62B&e$6#ill9-m`vvx5z%3@7-3
z2&y5BS3G)f_!9d?4nEn-#&Q>-hyj(4Pn9KIt%@(qb(Mv%g>@ZB$+J&NG`FQn>R#?c
zm&W`*-&~-1`xktAypd2;aFp?~{%!!NX!VFzdbKj-V%8yQ;qDRls66yX>};lJh}iGn
z(*&?Vy%1+M?0<Z0-??Dfxo@!N=m*s%<wZXg@DLR&6NIr#uqKjW+`SAHVL(GtFe~D+
z^KeBak6Hh@%?+Ki!@T~uO3Z0(kqJ#Z92sVYU+F-52<g<Z8AaO=^(azH(5QU_-noav
zKnxE<H!KKBEb&g>zT)|tXe>|QVrihNkj9=vVm>h9PFeGR;c3PE1pNgEU(y`f1qGUu
zr?O;ayVDJ2+6$&m38&f$<`<{0jyYnL=KALol**y;S?Td8Ji^)sMQw{)@0IQ)CxQk$
z0}N)0uhsoom8Lm5<Rf{ua3sLaWoO-SVA;Lm*VIg-NEusk2}fw?RYsk-(V6|Z5V1g~
zH@mu(kYWi~day&cxgiYr`&*ry$j&(7t#x$Fy1pVm`uec*3PfMcsby@4hwZ7wO(~mg
znoH?T$Rq!8D{QJj>k6gHARy`WdLxI8947x*M)562VxpW2|Myvc?+P;H)#S7eP(GQy
z6^ER5P$@7X8Odf1rfAOgICM6|7^!8BkavY`NMMdYw$8?qrSL4S>up}wDzwsx9w4r%
z!<!-WQ#w{_LzPBWtj2C{LWnEZ(a|jZEE3yr&5z0^&2FJkAe-77MH>#Gd2f@^<3;NB
z_rY$J2Nj+3Ovi_JCz{u3A1iNuU_6b`C<&6O3ia}U98t;cBgZn>3l*_4H?6Sr1C+A(
zDJgpyM%kfu*5dHbn@ejk?|($O(MIRyqK+0bCB;Z9K?4J%Mv>DFEjW0EAxorU#Ay$U
zU1+{%<_oz#5=*&$JpM%zw1BlKfb<uch|2X!55UkH=qTBIVSl<lwwOq_=+9XAUYpA-
zX{xw4>jzDjR;XQ9%>F|Kgp6fY!#ZRl$F0h;Ou=jJq?{@>;R4;TL`^$s9mfelH(%Fd
ztu)!yiawB^fFP*3e3gp-81EgYy~1Jeki!Kc*7yhf;yLNb(NV%j3;?5jrP?$k;!|ms
z@qYRd8m42_X`m7*jpDdiOBHeqVlhxWt6S48eyEx@W8Hw~CFIet;W4q(t5V06FgVC4
zNs*^cVff5&s@X<vXQ}N|uKnI>Dhy|c@%kr<$*DdyK6*D5A>kKGbNat|^|-~2)#8tS
z{&p$KXggY_MU@E+#`rbXqbVQ=xppm{WR)%Ps{OFfSKpTSvGSf-OSY~)_;L7-znOo1
zI*oAF`x>98{z#!dMkzBD54Mg2WAyrk`Gd(!FJVRg;O_!K)3yjzBjN4$2|v?oYR#>o
z2%41*s(&Fm8uK6j2Pt`f=qRCif<F6->3c8@x-Mw{)Y+-cVi)6$O5PHUqGnvtXPr#A
z-_!Rb17LZ<M}~q=))c8R1<kEt5T)5!Dxz5u-P&8LfU8ut-q$J?FLj<u^O~1>Z4-&4
znbP)#e-OA{uRR6Eb$(43&e56>$NYBe+)d6g(KjiTKs3WZ5P@5ZyP1U__RByKU}*P#
z`x1Y;C0jgDi*6s0WjLaJj<36StGD%IzipjJ?4Qj#TCIt{@wG*7?3+GIVqC7gmSPV{
ze8WF+cni`2E7}YH<U~~J`6Ou~^^!k_9e+w2J+@9*46b7}?$avdu;mbZM1O5YylTx4
zlX+_sZXJ`R<NP^2ofrLHgV-}wU6ei^_<!Pi$3j(~^akqRL&X=7-v?`jN8Y5U&*4W-
zwJPFmok(*PMB+L^A{!(4vV6HB#E5jQC1ZvnZ>GUMfa-kcjtI{k#p&OJ;PZ2v{6C8=
z7X2?uM?E_H4;K}ki;S;NSZPwP{=7biE~334nz-%uwnuD`QA}N%=8bf{T-~tB*I-2C
z!j6^+eVHaCl5l+AB@<ZMtjau(>>02P@b88GJ@)t&=(MmFaTNZoBDf4VQ+?|=DdEH{
zz;`J@oR8+`ET?`-P?s>|#0}f*N^oNC>#q5VE>khu&6lG9)72N@CK$?$<y!atokxeB
z6PrY}IIs6T&ry(C)z_U`-5s}w)$KgOC1O<VDpv5)vI);B$XU05ivWEJ+v9ErD3UY%
z{S}TSFx7QtQ}zz)9!0u4F;~#c3Q)U4h?THBUomm8F{^eGr;h4OocxGg;xS-TaDM6I
zs%7DcM#8bi;=&eT5XKW1Mtdv8vAi!)f8Smy^+gQm0>o8Kp?GC#bA8j7Yrvx}l7Yza
zf;0`sWb7g#yyC_kGOdI$6Y>Q%-#X6UC@l&L7`cy2Wy(+v$7mvzs7H*w0!-^E3gQps
znQ_K`rqC%3NZO|TteCNsHU^=}1>tjL5&F$hcdm4E3qtWY$=FcXE)`91!CoGv9sqhx
zl9#D#Y<yQ_7QgxAJUU1zCvBEtq%#cJvE9T-aQOWYC?$LT-`zhUwX#&wAmZ0b&6>lT
z4X3^@1mBJ1s>T|Az#qAu&QI%Iw@*WD5|$b;%sA7mtnsbmZi8-Gi&2R0AHxRSSM@n~
z_8wdp=vNhelSgvU&n6XHpFs;%M!NTT2Qo%?=z#I5z%nNl4|eSx{r-jhH}|DiMi7$h
zj$2jV0TSi@J<>^^95m}aA?B}*X;J`sdxZa+jA$|9I-4rT*Lc?KmSXYx1+GAsvvs9R
zglPyQ^0XlJSz%@gg(gJH2tYXs$FEg$hdi%;^`L}WJV7a*XTVmVF?quDI7>qfV{?N!
ztk<DlB?C)zJ3T2kS>%;#R#0Hb7Y4LJeNJn6;&L<!%|QV!8@#y~uM6|j<^%pk8&Uh_
zszFazAIQnU_MZ@o<;1P}*2F*)AmSiZ!5WvBsK<Vye7X<$kWWOJ3=f+Ep-=+NnM$hM
zLL}3M|AM5ztdMTPK>%`TE6`*Bx$zsTeXDC{4%e;^0gW*npRp45p*1L@Mr%VH#1K~q
zLM`cQ(tqY;PMkFTWc!|-cyI-b9U)r^s$bdBZRj`Ukf78H7ee0_0D3roljRnu|L~$h
zUDR@^1~|)X0^EU%Bf3yMTyN=XL7jXhK(32D&^x#sV;KJ6O(O$mVXUb*E7}%Rkja4m
zGd3f`Fj&1a?$Z#YjL;!P9<KQJ<a}2@(vv>)A8puDdqw=dVBs{GLu2+DiO$BT8~Yc0
z5h2)e4U};G82LHKLyIBpoUCxU>cRG9xT|NxMZyyrmXB}<zcsfuHg^62gd5NuEWYVm
zu>bu`-SVhCSDWWwM2cX~nwp)DM~g{MTtaQ!m!i{BnUFs5gj*Vz$*PE`@yXH6pOhvR
zkBP`4e%cH_ej{4@gtKwtu)?hzCL&(E(hZx1rRMQ$$_j;3AzPm>vx4)Ul`L{P-;7cj
zqGAm-eGWcz>75Zhe8*6Pdn^gif%oVj(aixSAzt))(9EOV+K3td1Ajd%3Gtl%L9BmE
z-QM5nGDj+zf*C9!fvQpTe6>8XURK%H33@Ku+WHWD>&5Uo*Jw9f<rzYSgBbSrJsOM%
zr~-VM_I7sZI2&KM3Hwp>s=umLE!8pX+ZXCq)HfnBH3VmDM;h}d0D#-(CnI4cDj}65
zs+eNsq=z=!e~%F9zqRokkN1gOAqR~>?~)({V*T~_nI?h%i{Cp~cKDak!qFM=Vpq`H
zHCl!k+t8d>&MsjoB?y~z9pG8g)*IBatnutS6gAn?JV#;-r-RLl45e3&B>BH>$OHSt
zlkx9G^m{i27h_>6g-%uVSX3*tlE>1MCg{jD%h_AX!ZfS<zO6%q_Q9vG!_`bcR186O
zO~GVMQHGJZ2rcax|6)zYQclB*EAB0_c18u(B}z6_bu6vG?B2V2*wGO6NcnH!;4j9H
zjF%vlsUnn&jZK=aAwP~M&x|ovVjlh~hx+gp-liPVA`7Zv0yFB!(u9kCPHbf9Ks^ra
z*3{)QHWDXI+5zGy9-gr)xGiXp7@wXwXZ<8xohD-7yCi*}S^uIle|9Lszr~;yRH9VO
z&JzdvGi9*-$><>G=;4=HL4!+}y{MW8ko#)BI#a<sK`o=f;N(6%EjBE8K(uo5gQ<xQ
zVvaIWofN{*IHntIB)du2fB@i5$uWAo#na%M-s1<X759H@r3-Ji?6H)k-`*7sq+?S)
zIEIlh>gB{&c7~%E!<}_6)*D38ye5KzC^36ZsMy@ou23k|TYyNB^k1xvN)I^3fB!go
z7%N<c{`YNlQ2Z}`tXB!(jTERN&D~Dh*{N<UxIBdP=If+6c1c?yr7GMula9EXEFJ4L
zdA5uFdy1RK17~e6P=hEkzTu5TLD1yQQ83v&3o^8nqSeAAKErh(0NmjBZ(#OUeQ2{r
zU_a_L*$@zR!J4)~0{QKj6tV6tqhB)q`gH!F)GBZ<rWA>O1wp3eQFgpjcQfQ!%2YW@
zlvxv0L^l$ht&p(;kv4##BUKE5;#{nsz?mB!PEQIY{qrdjU2yUC$s6clod2PVczx-s
zx(Voilgw$nKLw7pNGSu7_(X(5au?oi&CTMC^r1>LL-Wtj5sz>jqP^Eo9UN`sG7$)z
zv4-&tIl!=3;vn7npuTR1Y`b4!Zl7Y?#u(%dd^BPim}9@sE^!4B%yDwp(<sHEnHpPR
z#(uoXASAN5_1GmAGJJZVh_X1UB{%H1dV7~<Sz5sLgM*zba&=XnnT4gG<3xB-=43jP
zjJf*mZs;FVs&l11yZ<l?lC&f~;aT70B7cM|Ejy23#6vX4pX>{1Ullr9I$3tEjv&{_
z#NA6pwtP=N)Kx#&@l@%?Ta=>G4icy%<-(E@60?QajJ&Loy5&SuJBc_MhR{_IX{XCE
z^y8BZJI`#WnXI9N>^3!aEYq=_Kte;QiUc*LnU^1=z2%ItsROFyW*5GVqx7~a+FB&t
zoM$(R{h7VjSt=j-GMN&@f9)sr|29jB3&Lv<+?*VIurYK%9$Ib_PX;pVF^dKCfVdQ;
z8d%s+n}ya35`%))hLbQ%vnDdLB-35Db;Gujlr0XHira<-vLFMUi)VOVpB1lS9W8PS
zw#$%7iiEy+LEBRZ<kprPN4M(SFF}B4e1R4L(sM=VJI^^WT&dFZ@-qY|UB&-H*IP$L
z`9)p8(hWn0)G&y2gLDijB8Va&-Q6JFHFO9FNQ0D=bayw1lyr=MbT@nt`g`B+UF%!l
zAN<1_X7SwT-gEcaXP<qJ;psf$e%3a0Nv|OpgW4C}L56t&*QhZ_Lk&^-ZGljJ7&N;w
zzJ1kx|6c|IOwCG_%he26%nDJ=^%n-o@{-784<l=qhQAey(4Y%Z<d0Al3ey&Y`OV-}
zXu_n~>)s*3oZ9DpLB-;OBuj(l{zxY_5ddFj{@(&LbKL(1#A8`;tokxcK)YMO(UC#u
zM-qVSo{gknWg*tk)ebTDAUgT<Y`Bb(i?b?JKA<mhV}aV*)>?n03OCpbpQH+P6)~o}
zeRW~rzl4FYMS~SnjXAMi$JANJ++{Z^OB0yfpy59N50Dj#sdd`q1gjaotbP)#h*=>W
zuzC;1K6f^>w#9uH!5tYvFaMQCn9p7S?dcbH(r{#2-7kSl=F(+@W@`=tuH65kxxg1-
zy^~NN>QoEte2wfczTGrztK|VR<rG<;)Ok`(xDn`<<Kdr+_T=Cr2O=OR_gH9Wjm3Pl
z15F9hAoVqP&lV=(AKrkXPe=)Y&<cADtug-pY~P$%{!Zd-L1foimd@$z%l)fK=xPxB
z@7XF9>j&PM40mHD$B@vzPK<3<?1xubY+&`Im)7Co=r1kQpY%2#%47et^UC47MDC>e
zyVL~sI4(#QJjACcPRWr;oT;ovw8_B&D$StO>MySz+btBcCFv>UL`dYADf}c0WJ3R#
z&7bv#a4HpR7v(6ZjY9AvXcJ94IZ~ml8Bn3PfSEr5YBmy;Z=me>QUU}rMQT!ki{n#{
z9|UH!D?+8YqqQ4c=8+wi&zoBssy6<j1=m^|aXbNF1uZ-=>V=y8)h11vYcqP0GUzfe
z)ei%NgSX}H1KbpDrdKeKSG2021uvjXNd^uUxRX5b0r87)L5$lDfgcmJ*qX!}%+C~Y
z@wC*9EDQ*KO%cl{QiPJ4B-4E8J_XF$DFlgxu&NbMw3P_yQm`X6pH^!kVXG1T2HdtZ
zcLTovx6YoA>s*`Um#fCF)f%uY^yzZ!Gosj5*&1vbnLaFHF)zjMDRbUikk+5~<fG}r
z(dXHcp(aBb_-w0(G)fY7C%MTHMz)5?x$k(Ab=0yhyq=C`h@$4cM3`73P)alJxC|x2
zWmr1(z`uT;^qspc^!*j$@6SnG&kYgnWP`G^@hOFYb`H4ZPrKZGHIMn652aDPc{~b5
zg6XD>$L+m;D<6}8Q&T%^?ZmLJDaI(v$L|kYByf-_xR09_)Of$4fJ>%+HPWOw6Ij_k
z^;+dLJQBF2=3q5N<G$kN2TU7+G(1?N-9#9I1~gAfvgH?x2Iv>qU*uF^Gxt!2_wb55
zdL)AB<GJb=ZNZW1oFM2pjd7nnIAwIzC7$=xU0wZsfIg&u3=oM2_O0V1>oTSKb=ext
zFoh^G#3+{ax7MLL4ls(`KT!b4$vAXiegU)tgbDuy!i*|=*P>=R^D~NdzCex1&a-~G
z#Aw98-~45O1bv8QX$at1WY5^n%6wUuyKk4H%~VloYL3Iez-whMXl?(CO5St;kGknO
z<}=mVif=@GIT}Qxb!w$qYQ<Qa8tldf+VAykZ4s!?Mb)-RzLBhcpNlii41TGx!Oc`Z
zvv62>!<0B$IW{($NR`<uOM-<$<j6$-_JdlTy#kPNkeFFHVO@FQ^jwqh&*9a*Su}35
zIM*uw{%ojt>O~xj9j&_2{ArV^$zX|MNM7RXGUN5U%+Be>x50Ck3Xe+bWt@Atm1zHe
zS&Q8FW$d-xJ}EUDT%UQAvzf`5laR{d);%r+;iq+6KM@ONcCz2}2OmfmPoS5kzLx7K
z@*}pfG2`Uq4~C;Kk;n|avEoan-jiD1pd@@jo@~PMy%7={`b;B%-S8zZPSa3?7k_m2
z{)vWm0<^LEN#MX}kRx@mf*?bFzsh%H%ygW__ZZinfW$@+X$})`yrUaK{$M|Xadi3w
zH&X~HMLT44l!uHWBS_QC&*S~T=(`AbkNXx5MTz`Z4g6Qx2`u{Db6F;xuZNEtM>9H(
zj9{Fd(%O~XVliVO{$>3AH4Nb1Qnga(&6N`CXe9ba_6i}u{V-v7!8AX=;@dPdZvrC+
zm{YZIZEbDcdB8&Zwy<l==hV;>_ngs_>x_hRf7oF3OUUr2&aZ+vdbR$BMbR=w6fIwf
zq{~DU@9B&)5Y;q36p04DuN52nqoF)wm&!Gs*0Kr|`kJT_`WoDSTJkY?M3RwH`-cEs
zLn_pt3`p~T_l{322F~b-1eBfY4v&szrG{ll#$l&G5v~&jBgaCy#KdC!SE(6dm5fwa
z<+5Y@hPP-@J#HpumO7AE2tGBieqBR}jO37LrR!~o7NZouLT&UA=Hlayd;y5F3p6yD
z<Ab$^y5pTuH&M~-Pq$LH_QWHWPDBNkh5h0xUiNomDn>^_8%2O|<ATn0wYg1ql$ye*
zoT6fpaoLjCl_$Eols%D(QEnMwQ}4M5o%>SAtmXQyB)5if85sJ$b1sBrl;Ku?RMxi+
zO+S#J@n}Swb)?`<#3pu$0uq5zJa=OIrm9%?S6lD<j($KDK~~Q{LoTBj!<Akmy2xR^
zVjW2-p^IfR(k1Ns${v<7h0I{$5ITdk^|_b!2LorW@`_;Xvch+d`LlNWGTi?lG&TL2
zIsXA1+=w}c95BI2$xiz7v6q`zmFUuE1R=L4+N)w%dP&ICG(U?=2(S?fjhpbP7Xh!{
zeEcvnUQ`qNN=^Txdqu+s*i>Q9&l0kohlleedf8}tmC2n5XF^UtWO+25kCQ5B2tqIY
zo=Bn@WOY$~ZP?C2a3+%=lXr8A<t3$(Jy^B5YrJ`{t{x{t5~0N~u)qW1Irm<^2#xd}
zn7t4^PD(K|jq5QLEN=W3A=&%jFAnKkTv!0o+=a!3U2e3tnJ}zC>Q!^}BYWxo&(s-j
zv<27R%gZL_8mvkqie;)>OJS?1FyJe9Lh?PE@rfK!R29fIx@&_W_?Oy-Prbozi|pWB
zgaphaLx4Ka_(P!XNFVkVKhF@~LZxoXQc~bE$uWhDytN!F0bt}M$4MzG6c1&k2plm6
zkWKfeJp_y^f%;b27A}8w(SUWwC#Cf`>ayd~O#%vd_(f4%TZ$?>!{Zqx<EiW_-(plO
z6;)cl(7vbaauf{Ek=L#fmC^nAk%%UXcV*en#vieO0CS-)(2@CS|6KE&s;={`V7gmr
zHDUZD+?&bI@fvP|nJ#%SKRJI4MQ@O6PVgRG%)m_g*zaO#b>!AUau(L7(9pENE}W{w
z6>CFoHv@re4r$Gq#c5}<GSduU0X4%)u@ArV^>R}uGhW2l{b`-k9oP}tA7nlY_fV^Y
zm&xdy%pu=RoVt)h`}_QEzl^D`-LT&GGQPHx`CNCAD2{M^{##a3>0SQvk{;vGk{C(c
z&{E>FOfe#X#5XHqI=WZ{;2_ZPk);1S43zz@TuOttLbkUJPEKEU7f;AS43bB1T-%@h
z`>@DhkpkQq(#470wZIn!{`*UG;IAvg-mIwRu-jX4c}GvUg&&!RZaW98>W2<&G~o=G
zY&Mmu$t8H}J!sD)hY9uOv<e%qI}5(%x4siIP8m40-JRt7GsVLCdzq@j4+KRA=nUYC
z3o#eY5NjN9WdrelO-gBRMRAht+BXLF=dbr0vnQ$$Q<6}Pj#kU}uGgzJek#m)%ap58
zy2hO@A(YzVR@?2t72H+Q6XDG!l#c7sLhTrae)@$+dX0SJ#63a5#KagjY=SW2g4JV)
z59kC*Wzjwru`*9lo@ccBb?r+Y5H`^{wCG|=?i=yztz3H)Y1`C*F7j4zVNx=V>T7%@
zpO4LJe{Ds~l&6h>lQ;~3p~oiD&(_4<WwuAAiYkAgpq8>T@K75(qe0t&Bksu}?L|{&
z2ZAa`fJHiPeOH+1g*n!CO(k~Il>~I-wRJ8HAvJqd#Ps2{_O|$5Q|az{Mahk2t`05V
zk)V~ke6Om4wLFhGoKn9yOyy|nQ1`t=#B1{jb#4fhEQs#Y^Nw!2fi17Y_r;ve3IyEl
zi83Gd@!XELFmR)B4=<0LL_F>Bnm8^ToV@}#9uCoN?_acaw7`@P&vJF@y=+B1FUi{O
zM$GI{a>7fzn1_3j+)5ab*D=7o#9y)ah}b9XJw-VMMUyd8is8VRSdmZ}$oTfy(dh(4
z#Qhx6-yU6tscjn@v(k<aJVJbQ|Jf<&I~7IG-RPbs`kc0LQ>IHUZp>nUK4ZW{z@0b#
zza<d!e_Hd6(<0iz%OGgU*stq%z`SW-7qK7w7Mb*my1<Js_O)$j5pz$90pZX{P*)(N
z+07ljco8XgAF&9EG-64O+k}(tM=GrBYVTN$*P_Jn$63NPJ9rV^z1;zJp%LwF7=02Y
z3o$+-jwBUQsUtU|pfVgl7TE`}8m6m&g<S6<yfKGSMK9S<$=GDI$(#kaH1N;A9NlhV
z7nqX%uHvFw0&$1E0$UnT?l^PKryUBE2+Vr>o5f_V8ef2vU?{>I8Ttpelx77aTdv9~
zh5WWN(Ei_*n&q)^!c;CtIx!w9<X%F{cF_J97-GSv3*Bzo`z%}-<P;5Qn8C=wHz2NF
zoD7?bGKzESW5Q&{-M##-;LNyr4VPa3JAb6O48~=-Qq3-7esv|3(FD;yR@G&eg{lf$
z&Yn4C2o#3GWnb75cpU13yXjB(PGuI)t`i-<eV??*WjY@on)=3l*--MZSL;S29C3tx
zW{42%r53t}V$F_+D27IP4}yjzxb2ZJnofS-szyick|!NxOd2XoJRVQqUGLdPXr2ZQ
z24kO}XGodVbXwMSIa*4zOtt7>fm2^sy$|g98YoWL7xY>OW6qM%p4q*;{jO7+gY;<?
zTO04p4&P^}4}1%W5Zsz8sn`614Zao^7Hc*KxpL%^Y0;D{=6Mq>#{S#s$b*e51+$1a
zM>KU9d;_9Dch49#U8^m{9;&$vidOxkoOVV4%y?V`rhCyE&u6z6Z78j59Lfbf28L8b
zlzq`S#1|=w-?jU51zkUc_F*aZLY#%Ep0%)_xHQro^Hz9`Z0wv}pT)=6MTgvh1Pl>@
zVC58_s^W}}vfpA6TCMfkdEPERPr6pP`2FCEB5vOV1&k<<v#6Qf-)B1utr>6Emik7X
z91Pi^Ihp~{uU7CC<^mg0Jq?J-vh?6(!87FYIZz$WsfYU3$L_oNzVzRTpU!O(EPO3}
z%tZ%pUkoj<K^*IJ4#HVaS{omN`aibaec>y&9NaS$Yq}%z5igHvU5wHh1OlkF-K_U0
z74XfmpJQW%-93cU&xx<^Qn~Yf5?i8x*$uy>xw>{2%~)hFH;7)-cf<FDHcsmbTBtsl
z&K?+y+hB2d7-f_koQHlU8Yt5kOBWdE&(#rau+1CZ*&Y;W5UngJlv;WK&mTES52iLJ
zl9E3z;6|U6{|&;GnE#GT*?6ILb{Yvh97kKIkx?!f{cIzy0rgJ}v!=R9T)3lT5M@L5
zTQ(yBN_`O!_w)|)S;7!XB+Q$uG{T@f*IAryGpf7VppC8jTd-+MfHiYCw8GD}jwR@O
zUVoZ3Y{u?$>;Qcn$Huq?f6r+dclokK=tp&jXSKOZw)0dfKJ?`)2|N2)x{P7&e2NS?
zxL~(q^mOe_x7l}t{Wca@A5;lv#h>|pX>W1wzf~6ZYSlg(7rqK@Xzlgl?@H@}<5!-&
zS@Drrdd7Lom?{EKKH~)m{%J3_faWsMWw2*2+c3%v5v)E5uzku)YR1`*>oY=%9(;RP
zUxFS4?aw3N{PU4B^(^#K)KHVGXo$!$g{X2s0FnL0r=x_}4rZv&(`Y3;hx{p85*&0v
zq930}XhDaN-Jc!id>ytkYvyL8)a5iiZxMQ+_(>JC&9zV1c?`5Q77Z6&y1PBr!8Fz7
zN-GYH_z|Huas`}Qr=hZe=<eR=s4bz-3C;N_wptye4>tQV>FiIo<(o4kiJ0F<%IRp=
zcrs!jq=(Z~4!8y6$By|F1S*xX7{6bjIqeY&N^tQQyi@HDjO{~cT8@yfEp(>(Vav-!
z`8x5Uf?1cPZ9eAQ-mys*${!Opn~miu8rsdRzxg7_`o-hsa>Ym!vC({`w+fG^@VTfC
z;b<LR<?z{T&*q4>P>$}IlMyBD88`y(d*2JXxKgj*I+K>;UL2kdAW^n@gkbFn>Qbi}
zZZ0Kpn%4+Sq^-dx%PZ<mkmck&-HyCSL!2OkR{|xyJjm}*1WL>VggwxG$D<%E7<!Ao
zev3DmtHFh?2UFf6O&6eozD)t~N!pZATBgC2F)Dc(?fQ#D6eT>}m6cnv7@ED++ieze
zT)nl`T=5l}ha-dxaZi63aJR`_?5|%fy`p>?2_>>3bJp@bz4cYNC-P6l@w6u&HK^8F
zA*C~OLBq$WS23@iu&&Xc$PAr<Bj-y!9VXSR4-$a|6YZ4nrzKO_Z|Qaz{#@xc4(iwr
z9{3vkp;%54-BGpm^BSLLjZ^e!LczxYQ@W@2n-M5(qH6R;2tPwq1)#O$m<xFQO~|%C
zo1k3F-4Auk?QQj$y$`2WSoiQ{bNiK0qv^H=g_`9uXt7|x{Vj3<tl&`a<2W#Y2i+Zg
zHfnr_Bgid%&3KdP6#DxV%B~14!#&pxbBA&|lR{Uj3)Nnsdr;L2ke;=H0xsV6XT`P@
z+(5fC_Ms4(9bQhdX#J@_`ow3{)HJzt8^sB)S8fmA{LJe)8bvsF&0Jk5>|2U}q#d+&
zULCy>@w_79xZoQP|G0P12AZdvw&Gnm?F7dBeoc$^zPWlxxP6KEVhaN4W+OT^d{}w%
z9ICr#3NGqlrWoPR0n>b%5TLyA@H(3xJG`~0;c%s1JJ=WRo*`9B;HE}SW1z%r5T4em
zI5|aV1sRqSmY+-(TpTLnxn>F0WQ&@j6&dry;nYXKMXE{r4li4_M&~H~Vr@bYFOZH$
zA@-##s#Z8@K@^vrn%!o<K>Jom=y{k>w+-UtN^PXP&S#c2mGx{nDol)fi_F9hZEBKC
znKHZ-l10f<4CEaq`)@6Z)!2#N5c(FvnWhzmqB1~*rlmo#Gq`m_{?a1R35v|YZgkPN
zCYbQIy4$t6X|LKXTK$G--u!C*n98T(O2(xkW?tK2$eXJ{JnxhuO-CXHPL*ZGml5-2
zs$C~YQGJ`BOq(7FNgc?UizR*Ib@{H)YVKgkJm|<R=$ltr%{RBD57@ngd7`nq#db9s
z20#DMCJltrG;(7$@DhADYSz>l&X=m*;e)%IIzG#Ly#_Z?YHs7xHvQC3vQdpHJ9(i;
z{;D4ajlR+X`92@4IafBvP(Z&T%4)y!^U{Ode~x|11hLC!%dbg&`)0$4Nt_LisqFr2
zOXtCi`<M=GuD0a)=789brR3-3nu$N?hx$zt&jya`P7=8Xr}A>rnmbjQI0}|o)mgA4
zi2@v}7WVi<kE1N#r?4lf)NY>FKK~pyG$54lamnQcUBP1iw2hAVJI$ys^@)q2x7Cx0
zJ7+Ps81X%DlP%_<fn3TUYu+`;U<?yD2zYglGh_4faRHO0<mecU5k!>-pBobS;O8}d
zi?8G1b{l)Lo%{LA8)wz2`x2UUj;=2r7F7nr=2PKIg$HQt<>;$64NXEmqw-<#b&k@g
zz~vKk>&9q*5XPM_?S?(Ky_<IR0fJWOOG6pvZ$K8}P8Hp4kA|Z3jB@zC3({7&bEbeV
z7-B$XI$xF3z6kYyH;~>w(6NI7BpXnE6wEXQM*GxY5wBJapSlB<2Dx)@VWY}sk=HjZ
zo>q174IFY}vbNDmPTKO&TH=2n?(%4O)2I_>;z;&7KUqnZ47*7_sn{HkL1UOfffRC#
z_)c*8$b(B#C`Fn%QL09Rcqo$dvrbe=Sw-6G#L=+gJQ9YSGTSy-iiVF+Y6MMBO`%yN
z+%gL8<!|81IL)Wl$V49VJb7f(kc!2*+|s;OC^?k-WDZoSCdDfLj(r#~Fzh2ZM*6_9
z`9eMaqR;&OP(K{gupop$uAl$$;a~&;8A}gFzjG0w>@1P|gxE^rPz3QDd_3GeTemd}
zqE7}vPz000Qd28GgL2%ceQb{CQG>}}_+ighPtX!+npNpS%*VrW)lsECedsn)LJnk~
zZNWF@PC|FrVbmF5ak!C3Aux{^lN2Ef99olAl{XMd4c2i5CUgPQiZEhcMsx)tAw#$>
z1F2QN*tEhn#yTB;$nmcDae<_0$$|#{NEf|rN`Hku$M6XI+S+w;=NqAU%s0HL*)x0k
zoS)>}ZOcBVC>cMm;(_-MTRyw^RGw%7nFE*BC-!%2!Bx@|XRD~Ao|ECh7)cx%XUaKK
zloBA~5pV(?2VegACEFMIf$So`v6A-~w3ACYXGQEa_-6T%zdO0mArHgcgmB^qf~509
zuj+&EP6$PoMg4ackV~flW@pq?sH33^W=-eE;d6toS^N~Y>)lqm>DFtXU2$QVaT^JN
zL}=BrRR6vNH--OIC-!0y2}2VO8jM0?EV$jhc|0v+WqT7ZOL#`Y(<1~8kES!eU(&q^
z<Er7qYn3rrHese{ggCv6=>j7WcO4G~cpe$pp9h5XXNKsLb7ItOjS@9){d(-90fW9g
zZQLShMAIq+u^1$hDwL!iA+;)mG&Pn{rBQv}`EF`wB7|}*-6Pnn73o_;PAn$$uq&9`
zrJ)@8$Bu)u_Vtsl{p#Fl^QAKPn`GsXdc__UtC}~XdHQv8u}XcbFHKi4&_GxyAdKJ@
z$EG*m`267L>}_Zyxuhxj1V<V~N=Fn71S&@vZV4)kl&CMf)@ouxO8TdZ854gUTD%qz
zUGV22>+q_PVBYnA-~0jrMoQYZ`Tf%PidI{V2kK8d%D2gx@f1I-|KdkjS1u2cW$An=
z!-kn@OM8}Quxeh&_gM=E53em{0S|QWJUXxhe-K@xWVZ>F_r0TG${CWyqJ71SIwH5f
zQIz!d)^_BS4~<>X<T%=T#c%hPyEej%ezC3FU!YJgJ)n;1QLfP3-(#gw?-`i6(%`jS
z5_pceIy`h>?e0>o9^E@NdtH+~_vAR7dJ%JYy9LS}xO7?68a?Avvuk-ivqSvrjNmv}
zr1vD%R&RRf+4M3sW>c@@N1i)P#Wq1YkE#W$vWcR^mG5&Zg+J}`waY6A$oVxHbv|>p
z+St+G03RrQI+pxNFKynI7<d$nzmHNUo2w?vNhT{q-7zqMuQXPDcoWEJHI_AzivOx0
zPWjrwBd5b8FYK%&#+lXMjW<l18>wj#sbB=~><o2dr2P}tWq1Mxh0~IqcbL?LU*QVe
zfxkLhluYl&C`G{?{jb&vnq_B_qhVXlH-kN(W&aRabg*$?7LeC?%dISJXj)vjRJ|y1
zw#i=b1d;<#OR7y<&QV!$5DmeH^S%UM^?i1+Sh=NE9%Zrnu#Y_0U7X^g8>m1?TLOl;
zUpYbAN+=Z~fcV)kbaB4dVDiW?i229UeBE{)EDSn+1wj7IAVgQBzZ+LTP{#$M)64g3
zH~wQTuo?WAonkELq_W70ilaHom%z0S0(U*jHJP)gwwINzEK1Z_s(Ws{r>u>xqL=o}
zs<=WX1!oZhy%;y%PcE8bEiP@jV1kXc9+Nb*I{)~#EpCx-H)ckH)VXi_AzJL<bR`4c
z6e9uauKlC-HFUc8{_u;ENN0vX&6Y6JmT+yc7_Yn#g@#Cvya3r!f6E%yw=#escN355
zuUQ-zlHw*7aH|4sAD2>+vm-7<uXKicc_Kroz~LW)q-+JcxDqJDV>k(p*Xw257X6k@
z<QUW1Pn)_B38A&vkL%-!`B7BH0wh~fBvoA`S4P!tEY_U<%17xlw6fC&@BCDVjMoFK
z|FK$#kMfJ+tT<m+eYt<%ZwW>UnC^mRq)>OT{oal>rv{sV@Dgl)0~@sf%cbrqFrazP
z`aL<*`Z0Husa>dK0a9ikE^IRL1VZH%&HA>3thx4GH-sz5OLoEYnrO)w?oy0?1&_6{
z<+-9vQ-Z8<(J&)XP=e>N|3#Af=4jHZwr;)P2di77-OP2`lY?;zHM`Al@%k!!0(|j+
zRe{Dugx=gZ$7-{h)?Uq@f+>U4KWCO}3AIK@2PO7C>DEO!<^}zF|85u<_v$X1Fs+#I
zVR&;8q;+SD1~()RhT@-@BCT(awC^12uXuc{!garPpo3jrhc?lFi0ZK-k62k)m+B;x
z%w3RZdIuYzkr2p`8l{mDS%G!!1&#jko3h7^KSv%rQ|f-}kk;%K9@s^gyyud(t;m^{
z*}fjbQod@=t9l)i8tHK;FwD8-d??WJJ%v(0R4hR01k<)6ZN{qWq)Tcx(1KN6WI@5_
zgRxVPM+?1Jrr9AXl#Jt&oZdL~arby5&Sa1r@m~3^(I7rR?gvknS0xX9<(%F$rn4ZI
zr^#_A%CZvp4Z)?DKg%!^NGafkW+-*6;?R+tbp8Q-iffkUrj}x)kkMo%Jo3z*%Isk5
z2FFKZxWCMqBO#bAjc{Z#u5$10;+n-qrEC-G>bM7|`Mh}RkW@Gpu1_D~%o;7v7^=_f
z|FvFR$EVqIw{kCrQqF~T<0E?|QD+TNfDl1IBhi=@pO!wuM$Mva_VNLk{8%z~f>x&}
z;=(Rkw>ZqDE~X<ZMy)9#nsH_auP0`04->f<j@Y84HN0aeK!(1(pEc18t((E0{IZ2!
zw10lHg(ItwX&-d^qa?{GFWt0mjNd-US{R@`o0V5IbLsY*?s4wR*B?+HOb^=H%|1W8
zM%TV_DFZcYW5#J9&ba~JB;?nkNV-d&;fr<|5-dUc^2MZ|jtD&TKxXC6<K)ihuwXYz
ztE|cNcKx~)MbFTx_@qNLI;bwm){GNp1YB1nNy<^QePWd>Qu8@r!pN$IgZ-s%{K`vU
z{>A#*2Bl;S`Ew5lJA3p5wat+J<&62XRpIng4V7vD#d!t%3o<*AJD0<U<wtD`4`YYr
z)VG_LKW<64BFk(y5hrbt#Oeqi(_}{!CRgNZ2o5Fg3q=1XF1pmr1-A<62#%}Ri0q_v
z6NTJ|jeR@Pbm_8;6tV&vQtdR*D&cnPaoPR@{~=5N4r>|SjCK>|2x)GxF;}GVa1^vD
z0$TDUMh1OlTdd@sR-0P5aeWV8;C%Wu5YXO*{G;2xf5{yWhp2MWY4hg(R5EPvk@{3N
zGicE^V4R=ksKxd<`E`MUXR)&Ya={R+!#pRl$-PC>h%42AnNE&6Hfjg%Ve+&zFZ2gf
znFtE=pR}<}g(Ql~47lY-Vbm?{gd_+Ft6hi}feFt9h*F6rq!K4x<F}E>-bDcbV5=6I
zHo1TpO=Hz<N9j6F{0Nsa+wX|J&W=1_pS2EHyFemnc<e5i`W^`&*M1z}jo%8QME~Vx
zl!15*R1!iQJg+aygcHs@dWt0nrYkfD8Bj!mrTc589tnC|r`W|%UKSa*Me46r?g>B%
zG*_3No2eS+G)%%1*=M9!U=%59#45ffc7T2*X1b0*kp1M-cEAsp&!Ebd#}_AsV$0wX
zQXFCBJln97i8E(VF|#gJIst9B=oy{4$QJd*80o=qcA*(&e__qfmgXY*DT#P^?xpBe
zcdT4mL|y<lffW5(-&C^PD*Bu$@O)R<h!;76T@RrB_2u8Pj4fOe*_4zzx{}Nv*x-qA
zF9MzmXSBQ%b$>sy_(8(mB&wOCV4zsGFFuT0$Ayz6hJ65wV5ynTsf7TZNRTPkqD0CL
zBb?JlK!_ooK9Q<#0r0Fr@-F-Bd7W>2m7Q2%$5+YHuGQiGf<A>??|uw_p42gX62zIT
zcKphzf7?<EU3~~g{c=bi=^?Sg&v(0IW$n*LyzQ=H<}wPl;qDA4Cf_i_nrO-LK(BMt
z-Pd!`c`8iVs%5#VOl#b(VY+o3gCr|qva2{ZoS7qW;UU=#^%6pvay4&d8#JWBNpiV!
zi(jHG;Y>dr#jsKrqqJKif4|2cP$k;)!NYM^9o><k-;k<N>vg+#&~ty)f5DY{3c^5*
z9c-bli~&`q|N9qT)lOf!o{Qb9zovLt<Mi|0=?5>h2wF14LAZ?BPeS!fSB^AS?A@~_
z=U1zAX=8_(yqm6UNZlOWg39rf4Q4)o&fT*F7yDY)v9?N3=?xvour-@SL<2gUQHy(m
zq<IljU&p+mW1)A{ithM((c?Z|htKV6kFg(4Y^fgZW-M;SuU{E23w?Z1LcHQ4kX<*s
z;;gxHf?~iWsQ<G$0P?BBZJ}>&^_^Gi4FOs-?VkzO1yi<G4=+4C4r_a~J9PAHENMFQ
zprBiF4t@UZIQjhGc5?lbYtD?~%%x{Qg4SQ~n8^W1S<y3kSwQ$QDi>zH9-}<3!(mpa
zUTm(-_oi5NeEWQyb<@GeE66-Q2yPkX@~)(KO4d%K!;!lyYhL#5TgbG2P_ZS#wligV
z2bp(838i$)ylt3})u786YM@=y&r8*~J;cO)XoA+?G_h;c%kB|X!F0P1jmWB>GLj4?
z-}$*{Rt<m_?^n(zT<F>gT}f?#bH|B|vj2#n?kN%F9*bAU?|>^P2(ga5zooQkUt>vD
zX>*AT929F4`1d@T(xSX>B@L5?T0GFktpO8$RhSbKu7EbZyH!vXVDBt9+($(e?#??e
zTCs~cG({0VfLvopk>`OF0n~m>QPPjJhuc2bijmXCM?yY+=w1w!DVJl{%$XtFNf}LO
z+~9T{0VU<IH+UDrDc2{^(@m*fR*c*o?dJP!ctovc!CZ=?8Y)Z6Z*aVv+`cw#($-zs
zdNj>}#*Th7Z(do4+X7;nrYI#>+HX3(EDbYtQqfT%<xSP#AZxNU7P0hF&ZfPW5-zWv
z9VjKuC_H2w+qG*iWCFv*+6a!vGSgfx+#2h*u~cPiVXegx)@c7OpbfkWd9Q3^7QU-@
zf&?*}w}^KifVoEBHQCT%QsI6*>ki2yrqzH8luzA<fG(53sclI{GHAB8By*zwvU_w(
zm#Bb_t+WwWJ(8ru)8OsHr@I+xK<8|`tyo8csGm7+NVJA>K}OH^71QV$gWDYfJvTY>
zt<Q#&`^E{A0F_dZ6uvRf2jd@rxC28v2Ontml}V$hq0`1?aTbCEbkMS&pb%NIB}mVy
zax?rUcX0IZ)2D;gYbZ_QV<YQxX@SsX;|SsJ!UPD8$eLS0U(#FMLU_!haSdv2f^Yfo
ziBFshgvT{X4n2|j84S^bbLHi7*DBEN^~qM{iS{O*9?PT8kr~VFP7Q)e2QU{`5m(p9
z;QN#*#Y`eo7`Ino#3XMGN2#B^P{3K|vI;5f`Sqb{K4YyZdSYLwnzVuxz2!S(1tVVB
zq0;RY@4w{>Z^R_xcp3~RPe$9eU7hs@`^fK^9*cMjBR+9Lc9g8wx&roRICnlYfYRB_
z%<TJz(&fR_uilAW`};F)_75z(qQ23~%btF1cTHo5yQ$(U6EE-%Z&PpFs+|J*I9%-A
zs$q*`4+we(VtxDZeQsyB)c4D6kItksZF0PcQdJ~<_gCbsE>Ed_&d_epmhW+uGetU2
z%#;tk%t*^yuP~LVMS~|TyQ*M%p&z~dVap=KlNs4ld*IBlwbNaqF&E`GMXD>rhF6zx
zE?uuPKHWW$-rPRDFb`_|%|k?CVMDF%b5XBL9BR=^ROO7;cJaG&r`z+Hw%$9mi;9yq
z?2&WOls4Ig*bR=@Ll@Gn*s}i|Jox?;!$q0T?MOmolXUFJ@BuyM{(i>oXqQQMx5aOI
zUpnVklXoys?g_eW%20A$Emv|NGG9G#{+K4ybU8TPuJ>o>a?k-qxiAb#4=e09HhhT)
z&G45|ocbtg^e)a;@VID&?rQh@zPR$RwjX*OZ!-eg$mS9Lr9d|Xm+CcEw@x!e5AY%O
z`<CVDqok#og3@25xE>=ygL!nAH7wQLcR+{gl6}BHVN3!?xMrz;@msQN4b^RSW5LWY
znmZwqVib=S{=r04g%mmpII7Sdf8%0@8lK@I4K@ffIALb(wd@_kE-u8Hge5?i16Nt;
zXk;=8dW!vB6Pt5;%-+pDWUTcT(TsHSd&b`S=^D023%+g)%9yL3A&?YLO+UF)!bj`7
z;S>--cUyD=2Mzo_?=;|%vf~7=I76S)|2R03fDG<srnS>edp7%qhfuzRBn9;R_8+02
zu?g;5?;UCpO$$HMI^7)KVqb9qra;YQiOz&OGSqK0dVy8=L*oObc11jKOC@98&=>8x
zKR3chzSD&>E*{;t&QgmL;Nz9xJ|EU(W0j@i)kL!Xf)x~qKo+TK9!ZiQygsiU3aWgm
z9U;EaGl*Ug29EC15jp;7FoJy;RTVaNtCQ^HUA+S_wlY$MVe$4l(H~3Ehtnl_yRC_W
z?WN4SD~o=BRy&{QH3|btP!YtsXa8<Q9-Q){WlPv4p08)H@52n=?Vlmk`-9mXi2b4^
zg1^L*a^04IDO>+(Ynj;tS=PjmIon{{3y_)FW@u3L_=iaQP#XKpWSSVc6+BrG#x)4X
z-M-!vbv+oV!u-kHZr%^2058%xHEZs4eW4W0)fA>&ZEP6CfhB)nm?6}SQb4FhqGh7j
zSwy;NQCcq{?x0+RO&D|mw`$U553<HuCE;e6uYdhqO3~CQZ!tx?&#|G`P2i2v4z8S(
zN!qUgw;&&1Ke%OHwL`HEUyy2T;#h1+-K1^Uv3F#Mlu48E(+2<83Eeu#pELvTpG>9?
z`V4j6w9`zr7VNdJYlGuV=!@ZROPXM6O}Rgx?Ief8H_oetso)K)znv;tae<jOpXaS_
zf~*BjdMM612m<FY@8&4tuP7EL2t?iWhU4Y7Kd;4nx}_d6AS7M0i_tc1Xzo>9;19{!
zb<V5yjn6%He$JwDUh8-~0KmtA8|3}$*qVox%s+smZTVrbC(iAkDxv$%i)-|SGs7n>
zN)cUmqUK7`4kdi;2CblD)2@ylLEw<O9iI`-4x<4@YJq7od$(q^^1kSJBP#4K@7$<7
zL~hrZaCOb~0jO?VqtDvfywL}FW+vcqLiFPCc6E5<H$73<1v`ANOQIg!3Zfo1UJ^b`
zkg8wqthkon#s|*o@%`!F95m;%tXF&%%kue+m2S3H8}x|#dA<yOOi$cMk_t0C?qz{W
zscPKo{5OoMZw3?XQ(C2&spQJu_|1Npr`VV%$YgPCwxR|u_miU_U{jrl`CE;Y<8PI%
zSaGacv8`CJzM*OJzP)au;hl>(y)MPeY^JcNNoaYsETS8J^C{IpDxt|RgVE_iKjKXz
zT!YOwzn@)ji7y?XR<1Ol{!M_&2jEI5uT0!L#~%5Xxuw{r0Q${te?(Zug#Qr4hyDrF
zR#L(1cIQY*U%w+aN2f2E($Ud}WumpIqJr+5rW>dqUR>-vs&q=qrdcB8j1(E(m2{hF
z`~05Mp$E^S05OWFe#Ag9JxiB8mvt#dAurU{&hJY-6}GL=x6*`40go&6i-Sej+?rJR
ze9!xq$RTa=^!(k?+#F|QZMIOMaKTv}_Mg9`A~oGrQ*}<u{uG8^H0c&)PuXUx6&v#Y
ziSUTnaz@>%{bJ55<onYnE>`ao+&NT{E?naXvqu}XRUb5<N@1Hy2=|B(1|S4JfCt{J
z@WbHde&+2lka&#WCs_4qw#lMO8}HbO%9+1=qzedpMo-2gCG(lOiHOl-S|C#zXvCb2
zKOM8T{l0SBkKA+*x}m^19ud<-;pl8&{#F#kz3_Qvzr%zdq2-*+14cs~h@=}qZg%ao
zg`?zrvrCrbB~Z4B^wk(`G>m{E5qq>}^LXL6B%QGgb7o%<s$BoH#J@C1BMKH85-32j
z_SpqxwPLoy)d98mNIo<Xfz$=<lLg+VFi^9sFgrW;VQ<&rmpg&GYx36XYq4|Xs6(N*
zp%FB~@m(Q~o_;<j1f<YiYc&{PFL!nSDlL6~btx%xJ+T*Y-Jc{R*W2srP%LB50(c&~
zy3km>cFS;CK^$eFn378`D_%{LVcp_w%5CV?yyPeb_&-GzKWt};plkKX$o-S54v?rj
z^ZRCT^)m{`6iUk|5{5~C$6r;;G&$Z=5)InYRTGkRQ_v!9+2X}6bIu+&kvFoMWUn_B
zF4%gsajz8K3sPyZ05ds>RG2@%VcpE0u>^V{dpy1szL>xDr>FV6!$)$0;gJirT;tIy
z*2|u;V7`;VeZJ5@Yn%!|VF1!DVteAye{yh^ot$TS#O0>{7Vq5~cG8xHo2nC|otAl$
zkgGQ;>pF1q-|w*EfRh9Dzd2lpl&vrX)DL9Oc84z>u`;7QO-AbdFJnEMNBj(t@{j-f
zNyy`uG5`l0P>!ujQR`+Z<!d;hMS10vs2}qZh_C$PG#<Cmloyb4!Sd?GpT<mBx`O3!
zKfxx|hn|)7;Qdl)R?f3Vt#HFkx5c}&Rd056iVUgrjAQy;#pDqfcZ?)J6_p4t$OZqI
zBEY<2{gTcv8&Q+oCfhbAA?6#VnH!dOS*l&SAv7C?e)XM|L2Ba@#s=nlemH~i(7#hD
zsOYIf#7&MJED!&of($hPM8n1eV0uFg=NpLj`yq7X&ce`(vNyvW>v$0Ii_V?O_PvPq
z1Kjp)N7{_YuDx?Qg4bY(54IFLn^KG`kQm}Ckh~coU765waB0K~?1_YCM*`C4fyhjx
z<JDNwQ`JG4dP;^MDWB?m%G-p;D(GWY|C@8~BgpyJYB;?CzZL#rQ?~Hbn)xQzIi9lp
z2b(P2(T@G|Tx|{r+0nX&U0=_D5!VQM;6!j>!6v#V$9Lar#D~k98@I+PwA96rp|7MQ
zUEpDUQT9l+<gpq~s#F7_or?KL`!BCU=_`|mq#T00Xur0bU<oEGQUrDBYDX~w<Py(+
zXL-siK$W+U@?}I&p!_q!!o;CaIl9o^Pv#f08Y8lys7UC2x&5Y-hiIMh&jQTPv<ef-
zVxu-V|0KqaN@vfcfL`UthRVc_ZN|Qoj%`r{rZa)bU*%?$uW=_4523A`xy2Sc+tvle
z;`P~&OSW%HioDYoR)*G6{@p^UJ(ew<Z<|Sh^AV9}jdOuoCvLhkh3J$wj9Co7S$;9+
zV_TukWV5v-Q#UVBrrP1$q4%niyr2Ke8V&frmnrudiVS${HA?_Nx9aa6zgUf<;%{BV
zy5JypPb|JXNdK!@)Dzq7|DTOZJ!kLvOc}-v?A%B|1oUq^r~2QPwcdHRq`JJg+v{6~
zz5P9MWB0kudzdpdO?Zhf#-JAbmu3f+4j^adr2ocx8<L1^^s6COp}V6!B0*>;=E>FV
z`2<d-cBy8Ev5-{V$6(cSg1`aFsw?Pji_W@-Ak=rf?~jYREjLA00*7JkMxM8ERh+th
z-Hy7sYe?NYpa_BaU&!Z=ziXFSJ-Gs52dNZRe<#Ty!FF>naL{MoDE?4Pn=(jCWWTa;
zDoswuk~9SL>~ua2r%f5k)ffgpb!y+Kp?hD5Igm<6c-FZWlciZow~Lkg)-FqzCHoC)
z=$It&wj#w<XPz4?eT@3oPk6zzt6Tg#hqG*lXt`u3x$^yL|1nEj)mrxTB4ju>=x$yD
z!ra-PUrAc=c5UDph&`nRMYaFI?pWvTB6TtP!L|l8hm>lDOzm}KsG-4TkdkyFHi3rv
zmgm6@pvt%WxWyyvYa#dj;aQC94o{EP;8@8z4%!TB0zNe`b+m%|KhBTQRFA~HS}=aB
z3(gNFzR2dz>i8!Qg!<1@n#OZMbx9*lpL#8!FRZD#=KIe9NoIPd@q*m!W=~HrafLKd
zq6hWN32vt(*Xwea@E1QG%7A$j^<IG~?cFY8JVODU9JPLla?y^CY*da`!GIZ~z~APi
z%OZ=x6Mur2_qvNWm4n*Tvqf+Bw>6<YOdA*vrd5c6``8&0$nS7_B>rbjs*=a@&1-~{
z6*t%Jv0HR$2pw4F+e>?5=DfH&>;<~L8bC2{d7K%bplt5ilsuB8QT91m={Z?c$l8&j
z{4#R!6d%c&PusE#e;kxIw!>Mh$C$TMV>q*4DDehTv74YS5r;Q;<`Eos85zTHoBF>b
zUy}w~&<2|u7zv;uMgS2Z5I{_`v;{p<=P{O-e4UmSJ1Q=eJdKt{0KJ&2SKUHWKG!g8
zXz%$ku=`D)LT&%&WI(uBlZN!@U0b}`{$isl^6c)#e|G?no9Ds*FOU)JZ(%n9t*6Qj
zKDcU^+p&wpsu#I5>I^3x{GoZJYr|Zw_};8So4LRSV@|&NLZ3fHpMQNB@NuX5ch0-K
zgn)XQ%**EIxhi<2OX%rpugIyuDFcQTnz;$eUDjL>Ek+idU~D;~II!jj>KApBuem7N
z@5{#joO6B|{hl_)MHMrCaNdKrMmgevldXZBd$g0?h(1Tp5J;VaKtnJ<`B@}h`hVV$
zQ*sy$`%Moywj)_~EDeMD6Z|%+awR^2A0IeVIDjApNqr63aDuuzpvO<5v@D`FT_Nfg
z;KMu_X4%w`J0;z2@r{3wYeWidjgI0Ux*IrL+viVaPi`-iCB}{zv}l6$hPw=2&=Q<y
zi>=9H|G$Cs>U+$P269I%DVm&|0M7^fb1etM$`1Tcg9=SL{6xdwGSUg|H7CRwEx)>|
zfX>R%^OcI7BSUqpzzM%tkVNM5CsiXrIYm^Y-W5-?6qTZw6t(IDIwfp~E)^zHqgP0z
z&zlY*JJ01=E%JGkA^lZ61d1#Q?w)Z{;>L~vIG89_saK^;O$Gm8(z-%AS2IX_MY3f|
zwjo)HE+t^nBxJ-;qC%tdeV)HHoxkEa0iVkB`dPLL2Ud1O*4tt*)9;?Q<il4!@i-=2
zRJ7zV>y>UFg@ZwrrT;L%<@SXzv_HQtMt9QU=fwWGEzKj+r6K)$jfm;E<pCm**qDF+
z7Y#L&=FZul^UsgKc)w&e<$&$q$3$H9X2tIb9?O>Vq?ij-e}DVGf^n$-|G^KoP8#fH
z=0B~-A{hqnwvQ=J<|u&yXi;i}$De|(zLuY&Bn>20G@_~%Kbu}V_h^CEXh`$xU5|2V
zMO;y`e2}2s`P6TL1(;7`?#bemy1XKX8?ez8Y4h1n?HGtqM3~5K;h=5R%6$3g+((#)
z^{IyP&yGiwX>qVx9b_=frd8)Y8jxyFHr#5Ls+1GO4sUR#vvoUJ<N^j5i$s}i3gnAE
zdgM!1biW7Kbi&~KwJFv#LvutuyU)T+Tp-Z@<>r&4uI(wR?NJdK6P?hXvBwcrnts=G
zF!-o1L@aJyL{FEEPEdp{VoPI9LaLC+%n-<~&5xBc$NJ?Xla`HYB{06%C#dTsJrWoh
zg8%g`xpbi9R}L)s0-$|M3^r;m!5i0OLI+HJ^MjP)cUV)eD^YDrV{dATmXtk#+VUVC
zk!gzoH5Eq8D-mpxrwg{ih7;&?6-15=*x`mAU_A*9kr=}wW@%gOq{(oe2)r6cj7?b{
zR$Xx~1}Z>@N0$&um-rIGSj)xYQ@^;@5R&^6{BbwfcRtqWUUzEnP+$aI4!SkUc>I4(
zKo%@?61BK1vTO1k<<pW-6q{MmDd^6jK|?a_8V()45^d(us=Z#sq!HHI5o3P5n4tmK
zSqV#Inlnx9`LJ0VY+yg=Trr|5T~y%Kw%Nl05he*FmSOJ#QMqQAMxD*-AGWvvz6mz4
z-CM<j1cjcKCA}j%m8IMl>#C4NidZG{B-Nzci9ECzHTd3SZ(1!?bs;aWL#7siLV6=C
zASM8MYaXQ5UpT+s>Ba9iW!vdL%IuTSH9JYsErO(YBR8Je8qibJwb~FXTOe7YEWg-_
z;sT?ZyxKia1kVRpx2KQlby_z_(C<oq>@TzbSMA7dx516rMjp{5uF*uXg%RKDgM7f6
z9d3wWiX@Y80(CfI3DgI=3aTt3VCQ-E^QpSVXrFvvfW43?I+_$`GR}7$uP8#WuTm;0
zDF<%WM|TjW>`KL4LayT+lp@`OBs&(*Y?IW!elb)IBGAMM(fY<TpAd=+is)IrKzq}S
z-IXd&_jw>Uu~C|nC}7D@ZhVsnx+Nn(B*jdE|KqouNF3<n)hZ6^cWpLlDg-c$x*MVb
zb|ty&=GT=a3=Q2RRSx%%xwC~4#>pej858#yQb#-!kDu?)n(>>ol@!S62)LL1->4d!
z6g30^9lLO4GTBV^u5*2c8gJZGkxZ7)yowA#Qq1RZ&`Z!8*q7@*-QhExWXhiu{2f6q
zyN>U1#(P}Df{kXBKtS#cGs+uTFy`*Ct|b~ON$5M7Qxp^x)?-avZI<nts4L(|ifH&z
zYr~#j-qT2G=>3Z8KvOY(UVtJh(Iz!?FKxtRo=-(>8e;rzG&8*M+3~$}nH1olEc?Pl
zM$|DiuaK?VLv}r^o_I{|XA8m3>Od8njMwLaH6EdK4!h@||B-%Wa+ed!*Rs(8Ku+vY
zz?9wY?Y4nmC$5|@n0Vv6boN*h5O)QHEqp}vcrhY2%*rN%lOd0Jj?~}0p8%8cuj&l{
zZw&swa1eJe@oN>inxiz5gC4GImUdi&wjqBeQxbj243@Jd&gpemQ*dhw6&~8wDe5wL
zk3{si{e^tSx0a?B7VgZ~i7bkG90+jBi8;eE?XbpHU4sVAurXLDBTG5d`(*rHkySW#
zB(d1wVJoyPnYLVk*fqgs$K__(Huct5jLJYHg;~9U{r5XXIC0^icI8y)*lwYCyFG79
zx&->1+CRLCTXh6Ns6z@HdgUyHL$qU~`bx&+CsKiUXbPyo^ch}VR|wFz`L-xhn*o*)
zTifFnlr<mqhAv7{Pkzoh+TbEzyvDLL%%wCsfN}ZYLWShxw3aA1;Jw?hrkj_KYPqI4
zpXM5@3a@G?!mT1mvMCHG*Z997TQw)y4#i8U)G!0XH19A0CBl*f`XgX7L`c*`3RI!#
z@*jRu^A;mYR&Mqe<*Fay4F$vz&OZ&kzFrsOb|77tAY*^U*NwR5o+O;y#^!Ha94n0G
zeKdC=XoDWIo;(0vMh9zQ{SR*5>ah6<wd3nt`@Yt>COvD_GkQcG{aR_*%&5B=yfG=0
zfMr0rn{Mzhg#vWZG6dox>XHTwaDM6#S<7Y=$(Q4t+Z(rv;@qX_+W)w=tBMAjc+xh8
zmVQJzJ-I0`ou>aFkF>bWlxBF%qr#9pXehefX<D%gpDYk)81FI_3GTJ-j@v!GfMON&
z#qhMeXRX7kd-0@r3U{)HYgkCM#09O|gAFj3`8>q68;#|4<%P$u^8_wU=KmE>Z4x0G
z+rxYWm+KBa&MO|V4&L88KiB!}e^esW@z4HhBY-SkkX05bft%^;C$6-#3<*0Y+O3)n
zeb=t1(JX=eW`qv2*s?)^w)MLPmn{w(Sc0s-Atv;wfgn2AR8&L+)>e!UUeqXZZvXa4
z5@)^6czWszC)vu$^$KRaLn2<sZ_d?@+&%#j5kDzKUw2ChkyQ2C0gJj$1FlYUUb+n)
zsdf9#-w|0W=N)U#>p%5_uMBC}!A`byTK%hnqhn*M_JXU9TKX09oSDk2c(WBwg~95Z
zK{~zxJgEq{O|l|#U_Vn9Kp;-fLdD8tuN5VNsNTZdWi9~YAnVol5eAx~0D=ji9Ofyf
zi=UbD%-vi2>+WEtKiVg~6x^HJx!}|*<;skV9Ws4W^nxqBUj=6a9la9g7vf0qH#c#u
zEoUvpgya4`8~Yn5BdHbouZ7UfS7g{|g`bD&Ezf%zdvl_}ze*YY)Cm1*K|oEfEfk0C
z+viwM0tH4p0okU-4(kQNNx8Kn^oS!xYdyjSFN8%~()ShVBc`P51IVSe%7Veac6jZd
zWdweOWGGi?_vnwy6s5^kxa2L+#Do|&l?Mfpa3vqkd<i}1a17DR3-H*fO@9tHw))FF
zTx>hGr0F|&N?Y+a;&VSru8jUQ3!2g@Q{63GL6%eiiX~*O`9CVr+f9G~>5;({dZhsL
zocwLi6FH9fb~@7g7^CQj>i<8K<HeDa)7c;G-HJt}OR+K_4>7B|&?EJk$yoAYD7R17
z7t>o(x)Li(tgM<F*)*%sWK_=qEDvKLu_bdTlwd8q|4xx;X7;>o?sMeAc^km&2r!^F
zY>eFlq#mzBfaGV;UTyM-EH^Bc3#^zoM4uBU5VHQ%f#L$qoKH(3({j-TtL2_-=9LP2
zYRK}Y9REA%XIiqp<8r)CVUD@}bMn(KdLA<+kxmnSjH-@M^KpMw_Lx=U=%eou*|CiS
z@;{gNnb%%WoPsbfRV<u)@>ydeWLF$-R7z{Qo5ijN4?na!GQs2s=6^iZAD}VK>Gb+3
z$4nr}{O)=bWET{>_peC%`#U90Tx5{JsfT`DvH=%G)>LM$24Uy>F$k!-!`iizFtXF4
z3PLhwC`Ls`joH3)P8&CnqcPlR>D>9XikAAEj^tI&6nW@HL%0NExMLCWWD#YGWQ4v@
z7-1j^e*rPRFS1ZPA-nREs%^!eP8dmdh>|x5qoaKGL)q2b78TT3%}Pka{LjCob9pS{
zvYJvELNT8Qa{Y+rRJeK-)S}c498w#8WWo=|lS~3>F4`pF8gEwmFKD0ICn?Clok${3
z9r$z?M*+qa^7pL+beX+h)>xEIAii!36>b$V>O6`fi70Ng9@I!Em?xogU=-iyZpJt8
zT{`hQ_n$1}!II^{qicSPCjPocfg>CKM;lDoYR}7lIo?hZlt3GECK8fu16(dZ&()sl
zrdv8({&^|_{M_!ZzS3xsG|{3M5qhig^aofJS`k|~A7S?Y%zxg)d+-0VRUH<*b5KF(
zCvXp@-W)O69H&3WoJ5+V*cUn7*`sItjj!zE&F0@0hL#VCtqay&b;{nj*!pRq=%>7t
z$GMi**2R@G?Z4mrtYw@32{Y&bLxldb43l*e)?U51e*480*Cyyc7wA@f@UddT`Y9JA
z{Q|w8Kip<LQ8P@j{@yw*R+r?!AA9{=E@@s_ty?n7_R6X0PB)S=wp5)8-0GvnH{ZS|
zXk(w-&ZZQjP6vZFAFIv)gO-F(LTlsVZ%(_I(Q$2RMEvHKgDE{;JNfpX=AD1MFKTa3
zUVX#8guYIjyP~`c19B5g=PS#1D=S=!6g;me#(hZmgMvh-l91oRm=nMQQxZz9?>10;
zpJ4P(S&UP8?*5-Oz=eh4;3k0dnXkUzl{WpoQKWhM;9bA^?x#hHMy^|91cFR|`R!iV
zI$_n*SI<nQyot`Rnq6yMulp)S?_T-DL%K;%uWt(d8GTz}d%j(L?DCl7F>8WvhJBnb
z)39GHW#d(`+gtZl+O_QAuhc5tS@rs`8^=v6NOQ%?<Kl0-lfMH_aLX=H`LuinaL~0M
zvRJ6yU2baB`ta@B>#NMRIzRBes|VV!+jB?qdEWXK@VG(ybGL%JT?as`lIA;U6qKWn
z+k)2~%?2&&6|n#oQ7t)2csgmLijljlLpL-|tOxFko>9L1Zr<YSukY>)0X1qBXE)j~
znJ3+wTea6N%WU@IpEY*7_U%gp%>uOD?D(_l_S=8PZnjP(k|2RZGnF6d|Lrfw=59Ky
SW4w?72s~Z=T-G@yGywo=u<@z@

literal 0
HcmV?d00001

diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-all-devices-historical-report.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-all-devices-historical-report.md
new file mode 100644
index 0000000000..1ff0c69942
--- /dev/null
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-all-devices-historical-report.md
@@ -0,0 +1,40 @@
+---
+title: All devices report—historical
+description: Provides a visual representation of the update status trend for all devices over the last 90 days. 
+ms.date: 12/01/2022
+ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: how-to
+ms.localizationpriority: medium
+author: tiaraquan
+ms.author: tiaraquan
+manager: dougeby
+msreviewer: adnich
+---
+
+# All devices report—historical
+
+The historical All devices report provides a visual representation of the update status trend for all devices over the last 90 days.
+
+**To view the historical All devices report:**
+
+1. Sign into the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+1. Navigate to **Reports** > **Windows Autopatch** > **Windows Quality Updates**.
+1. Select the **Reports** tab.
+1. Select **All devices report—historical**.
+
+:::image type="content" source="../media/windows-autopatch-all-devices-historical-report.png" alt-text="Overview of the device registration process" lightbox="../media/windows-autopatch-all-devices-historical-report.png":::
+
+> [!TIP]
+> This report provides a time stamp of when the report trend was last generated and can be seen at the top of the page.
+
+## Report options
+
+The following options are available:
+
+| Option | Description |
+| ----- | ----- |
+| Export | Select **Export devices** at the top of the page to export data from this report into a CSV file. |
+| Filter | Select either the **Update status** or **Deployment rings** filters at the top of the report to filter the results. Then, select **Generate trend**. |
+
+For a description of the displayed device status trends, see [Windows quality update statuses](windows-autopatch-wqu-reports-overview.md#windows-quality-update-statuses).
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-all-devices-report.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-all-devices-report.md
new file mode 100644
index 0000000000..dd3286efc7
--- /dev/null
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-all-devices-report.md
@@ -0,0 +1,56 @@
+---
+title: All devices report
+description: Provides a per device view of the current update status for all Windows Autopatch enrolled devices.  
+ms.date: 12/01/2022
+ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: how-to
+ms.localizationpriority: medium
+author: tiaraquan
+ms.author: tiaraquan
+manager: dougeby
+msreviewer: adnich
+---
+
+# All devices report
+
+The All devices report provides a per device view of the current update status for all Windows Autopatch enrolled devices.
+
+**To view the All devices report:**
+
+1. Sign into the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+1. Navigate to **Reports** > **Windows Autopatch** > **Windows Quality Updates**.
+1. Select the **Reports** tab.
+1. Select **All devices report**.
+
+:::image type="content" source="../media/windows-autopatch-all-devices-report.png" alt-text="Overview of the device registration process" lightbox="../media/windows-autopatch-all-devices-report.png":::
+
+> [!NOTE]
+> The data in this report is refreshed every 24 hours. The last refreshed on date/time can be seen at the top of the page.
+
+## Report information
+
+The following information is available in the All devices report:
+
+| Column name | Description |
+| ----- | ----- |
+| Device name | The name of the device. |
+| Azure Active Directory (AD) device ID | The current Azure AD recorded device ID for the device. |
+| Serial number | The current Intune recorded serial number for the device. |
+| Deployment ring | The currently assigned Windows Autopatch deployment ring for the device. |
+| Update status | The current update status for the device (see [Windows quality update statuses](windows-autopatch-wqu-reports-overview.md#windows-quality-update-statuses)). |
+| Update sub status | The current update sub status for the device (see [Windows quality update statuses](windows-autopatch-wqu-reports-overview.md#windows-quality-update-statuses)) |
+| OS version | The current version of Windows installed on the device. |
+| OS revision | The current revision of Windows installed on the device. |
+| Intune last check in time | The last time the device checked in to Intune. |
+
+## Report options
+
+The following options are available:
+
+| Option | Description |
+| ----- | ----- |
+| Search | Use to search by device name, Azure AD device ID or serial number |
+| Sort | Select the **column headings** to sort the report data in ascending and descending order. |
+| Export | Select **Export devices** at the top of the page to export data from this report into a CSV file. |
+| Filter | Select either the **Update status** or **Deployment rings** filters at the top of the report to filter the results. Then, select **Generate report**. |
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-eligible-devices-historical-report.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-eligible-devices-historical-report.md
new file mode 100644
index 0000000000..31970aad9f
--- /dev/null
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-eligible-devices-historical-report.md
@@ -0,0 +1,40 @@
+---
+title: Eligible devices report—historical
+description: Provides a visual representation of the update status trend for all eligible devices to receive quality updates over the last 90 days. 
+ms.date: 12/01/2022
+ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: how-to
+ms.localizationpriority: medium
+author: tiaraquan
+ms.author: tiaraquan
+manager: dougeby
+msreviewer: adnich
+---
+
+# Eligible devices report—historical
+
+The historical Eligible devices report provides a visual representation of the update status trend for all eligible devices to receive quality updates over the last 90 days.
+
+**To view the historical Eligible devices report:**
+
+1. Sign into the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+1. Navigate to **Reports** > **Windows Autopatch** > **Windows Quality Updates**.
+1. Select the **Reports** tab.
+1. Select **Eligible devices report—historical**.
+
+:::image type="content" source="../media/windows-autopatch-eligible-devices-historical-report.png" alt-text="Overview of the device registration process" lightbox="../media/windows-autopatch-eligible-devices-historical-report.png":::
+
+> [!NOTE]
+> This report provides a time stamp of when the report trend was last generated and can be seen at the top of the page.
+
+## Report options
+
+The following options are available:
+
+| Option | Description |
+| ----- | ----- |
+| Export | Select **Export devices** at the top of the page to export data from this report into a CSV file. |
+| Filter | Select either the **Update status** or **Deployment rings** filters at the top of the report to filter the results. Then, select **Generate trend**. |
+
+For a description of the displayed device status trends, see [Windows quality update statuses](windows-autopatch-wqu-reports-overview.md#windows-quality-update-statuses).
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-ineligible-devices-historical-report.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-ineligible-devices-historical-report.md
new file mode 100644
index 0000000000..a0d5691f1c
--- /dev/null
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-ineligible-devices-historical-report.md
@@ -0,0 +1,43 @@
+---
+title: Ineligible devices report—historical
+description: Provides a visual representation of why devices have been ineligible to receive quality updates over the last 90 days.  
+ms.date: 12/01/2022
+ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: how-to
+ms.localizationpriority: medium
+author: tiaraquan
+ms.author: tiaraquan
+manager: dougeby
+msreviewer: adnich
+---
+
+# Ineligible devices report—historical
+
+The historical Ineligible devices report provides a visual representation of why devices have been ineligible to receive quality updates over the last 90 days.
+
+> [!NOTE]
+> Devices must have at least six hours of usage, with at least two hours being continuous. You may see an increase in the number of ineligible devices when the widget refreshes every second Tuesday of each month.
+
+**To view the historical Ineligible devices report:**
+
+1. Sign into the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+1. Navigate to **Reports** > **Windows Autopatch** > **Windows Quality Updates**.
+1. Select the **Reports** tab.
+1. Select **Ineligible devices report—historical**.
+
+:::image type="content" source="../media/windows-autopatch-ineligible-devices-historical-report.png" alt-text="Overview of the device registration process" lightbox="../media/windows-autopatch-ineligible-devices-historical-report.png":::
+
+> [!NOTE]
+> This report provides a time stamp of when the report trend was last generated and can be seen at the top of the page.
+
+## Report options
+
+The following options are available:
+
+| Option | Description |
+| ----- | ----- |
+| Export | Select **Export devices** at the top of the page to export data from this report into a CSV file. |
+| Filter | Select either the **Update status** or **Deployment rings** filters at the top of the report to filter the results. Then, select **Generate trend**. |
+
+For a description of the displayed device status trends, see [Windows quality update statuses](windows-autopatch-wqu-reports-overview.md#windows-quality-update-statuses).
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-reports-overview.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-reports-overview.md
new file mode 100644
index 0000000000..91b8c2d547
--- /dev/null
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-reports-overview.md
@@ -0,0 +1,110 @@
+---
+title: Windows quality update reports
+description: This article details the types of reports available and info about update device eligibility, device update health, device update trends in Windows Autopatch 
+ms.date: 12/01/2022
+ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: how-to
+ms.localizationpriority: medium
+author: tiaraquan
+ms.author: tiaraquan
+manager: dougeby
+msreviewer: adnich
+---
+
+# Windows quality update reports
+
+The Windows quality update reports provide you information about:
+
+- Quality update device eligibility
+- Device update health
+- Device update trends  
+
+Together, these reports provide insight into the quality update state and compliance of Windows devices that are enrolled into Windows Autopatch.  
+
+The report types are organized into the following focus areas:
+
+| Focus area | Description |
+| ----- | ----- |
+| Operational detail | <ul><li>[Summary dashboard](windows-autopatch-wqu-summary-dashboard.md): Provides the current update status summary for all devices.</li><li>[All devices report](windows-autopatch-wqu-all-devices-report.md): Provides the current update status of all devices at the device level.</li></ul> |
+| Device trends | <ul><li>[All devices report – historical](windows-autopatch-wqu-all-devices-historical-report.md): Provides the update status trend of all devices over the last 90 days.</li><li>[Eligible devices report – historical](windows-autopatch-wqu-eligible-devices-historical-report.md): Provides the update status trend of all eligible devices to receive quality updates over the last 90 days.</li><li>[Ineligible devices report – historical](windows-autopatch-wqu-ineligible-devices-historical-report.md): Provides a trending view of why ineligible devices haven’t received quality updates over the last 90 days.</li></ul> |
+
+## Who can access the reports?
+
+Users with the following permissions can access the reports:
+
+- Global Administrator
+- Intune Service Administrator
+- Administrators assigned to an Intune role with read permissions
+
+## About data latency
+
+The data source for these reports is the [Windows diagnostic data](../references/windows-autopatch-privacy.md#microsoft-windows-1011-diagnostic-data). The data typically uploads from enrolled devices once per day. Then, the data is processed in batches before being made available in Windows Autopatch. The maximum end-to-end latency is approximately 24 hours.
+
+## Windows quality update statuses
+
+The following statuses are used throughout the Windows Autopatch reporting suite to describe the quality update status for devices:  
+
+- [Healthy devices](#healthy-devices)
+- [Not Up to Date (Microsoft Action)](#not-up-to-date-microsoft-action)
+- [Ineligible Devices (Customer Action)](#ineligible-devices-customer-action)
+
+Each status has its own set of sub statuses to further describe the status.
+
+### Healthy devices
+
+Healthy Devices are devices that meet all of the following prerequisites:
+
+- [Prerequisites](../prepare/windows-autopatch-prerequisites.md)
+- [Prerequisites for device registration](../deploy/windows-autopatch-register-devices.md#prerequisites-for-device-registration)
+- [Windows quality update device eligibility](../operate/windows-autopatch-wqu-overview.md#device-eligibility)
+
+> [!NOTE]
+> Healthy devices will remain with the **In Progress** status for the 21-day service level objective period. Devices which are **Paused** are also considered healthy.
+
+| Sub status | Description |
+| ----- | ----- |
+| Up to Date | Devices are up to date with the latest quality update deployed through the [Windows Autopatch release schedule](../operate/windows-autopatch-wqu-overview.md#windows-quality-update-releases) |
+| In Progress | Devices are currently installing the latest quality update deployed through the [Windows Autopatch release schedule](../operate/windows-autopatch-wqu-overview.md#windows-quality-update-releases) |
+| Paused | Devices that are currently paused due to a Windows Autopatch or customer-initiated Release Management pause. For more information, see [Pausing and resuming a release](../operate/windows-autopatch-wqu-overview.md#pausing-and-resuming-a-release). |
+
+### Not Up to Date (Microsoft Action)
+
+Not Up to Date means a device isn’t up to date when the:
+
+- Quality update is more than a month out of date, or the device is on last month’s quality update  
+- Device is more than 21 days overdue from the last release.
+
+> [!NOTE]
+> Microsoft Action refers to the responsibility of the Windows Autopatch Service Engineering Team to carry out the appropriate action to resolve the reported device state. Windows Autopatch aims to keep at least [95% of eligible devices on the latest Windows quality update 21 days after release](../operate/windows-autopatch-wqu-overview.md#service-level-objective).
+
+| Sub status | Description |
+| ----- | ----- |
+| No Heartbeat | The Windows Update service hasn’t been able to connect to this device. The service can’t offer the update to that device. |
+| Not Offered | The Windows Update service hasn’t offered the update to that device. |
+| Policy Blocking Update | This device has a policy that is blocking the update, such as a deferral or pause policy. Devices are only in this state after the 21-day threshold. |
+| In Progress—Stuck | This device has downloaded the update but is getting stuck in a loop during the install process. The update isn’t complete. |
+| Other | This device isn't up to date and isn’t reporting back data from the client. |
+
+### Ineligible Devices (Customer Action)
+
+Customer Action refers to the responsibility of the designated customer IT administrator to carry out the appropriate action to resolve the reported device sub status.  
+
+Within each 24-hour reporting period, devices that are ineligible are updated with one of the following sub statuses.
+
+| Sub status | Description |
+| ----- | ----- |
+| Insufficient Usage | Devices must have at least six hours of usage, with at least two hours being continuous. |
+| Low Connectivity | Devices must have a steady internet connection, and access to [Windows update endpoints](../prepare/windows-autopatch-configure-network.md). |
+| Out of Disk Space | Devices must have more than one GB (GigaBytes) of free storage space. |
+| Not Deployed | Windows Autopatch doesn't update devices that haven't yet been deployed. |
+| Not On Supported on Windows Edition | Devices must be on a Windows edition supported by Windows Autopatch. For more information, see [Prerequisites](../prepare/windows-autopatch-prerequisites.md). |
+| Not On Supported Windows Build | Devices must be on a Windows build supported by Windows Autopatch. For more information, see [Prerequisites](../prepare/windows-autopatch-prerequisites.md). |
+| Intune Sync Older Than 5 Days | Devices must have checked with Intune within the last five days. |
+
+## Data export
+
+Select **Export devices** to export data for each report type.  
+
+> [!NOTE]
+> Note You can’t export Windows Autopatch report data using Microsoft Graph RESTful web API.
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-summary-dashboard.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-summary-dashboard.md
new file mode 100644
index 0000000000..646fe1f3c3
--- /dev/null
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-summary-dashboard.md
@@ -0,0 +1,44 @@
+---
+title: Summary dashboard
+description: Provides a summary view of the current update status for all devices enrolled into Windows Autopatch. 
+ms.date: 12/01/2022
+ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: how-to
+ms.localizationpriority: medium
+author: tiaraquan
+ms.author: tiaraquan
+manager: dougeby
+msreviewer: adnich
+---
+
+# Summary dashboard
+
+The Summary dashboard provides a summary view of the current update status for all devices enrolled into Windows Autopatch.
+
+**To view the current update status for all your enrolled devices:**
+
+1. Sign into the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+1. Navigate to **Reports** > **Windows Autopatch** > **Windows Quality Updates**.
+
+:::image type="content" source="../media/windows-autopatch-summary-dashboard.png" alt-text="Overview of the device registration process" lightbox="../media/windows-autopatch-summary-dashboard.png":::
+
+> [!NOTE]
+> The data in this report is refreshed every 24 hours. The last refreshed on date/time can be seen at the top of the page.
+
+## Report information
+
+The following information is available in the Summary dashboard:
+
+| Column name | Description |
+| ----- | ----- |
+| Windows quality update status | The device update state. For more information, see [Windows quality update status](windows-autopatch-wqu-reports-overview.md#windows-quality-update-statuses). |
+| Devices | The number of devices showing as applicable for the state. |
+
+## Report options
+
+The following option is available:
+
+| Option | Description |
+| ----- | ----- |
+| Refresh | The option to **Refresh** the Summary dashboard is available at the top of the page. This process will ensure that the Summary dashboard view is updated to the latest available dataset from within the last 24-hour period. |

From b2460f2b3da428111685e690d80dc18bb628cb33 Mon Sep 17 00:00:00 2001
From: Tiara Quan <95256667+tiaraquan@users.noreply.github.com>
Date: Wed, 30 Nov 2022 15:03:23 -0800
Subject: [PATCH 13/93] Update windows-autopatch-wqu-reports-overview.md

---
 .../operate/windows-autopatch-wqu-reports-overview.md     | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-reports-overview.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-reports-overview.md
index 91b8c2d547..24dad31605 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-reports-overview.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-reports-overview.md
@@ -53,7 +53,7 @@ Each status has its own set of sub statuses to further describe the status.
 
 ### Healthy devices
 
-Healthy Devices are devices that meet all of the following prerequisites:
+Healthy devices are devices that meet all of the following prerequisites:
 
 - [Prerequisites](../prepare/windows-autopatch-prerequisites.md)
 - [Prerequisites for device registration](../deploy/windows-autopatch-register-devices.md#prerequisites-for-device-registration)
@@ -98,8 +98,8 @@ Within each 24-hour reporting period, devices that are ineligible are updated wi
 | Low Connectivity | Devices must have a steady internet connection, and access to [Windows update endpoints](../prepare/windows-autopatch-configure-network.md). |
 | Out of Disk Space | Devices must have more than one GB (GigaBytes) of free storage space. |
 | Not Deployed | Windows Autopatch doesn't update devices that haven't yet been deployed. |
-| Not On Supported on Windows Edition | Devices must be on a Windows edition supported by Windows Autopatch. For more information, see [Prerequisites](../prepare/windows-autopatch-prerequisites.md). |
-| Not On Supported Windows Build | Devices must be on a Windows build supported by Windows Autopatch. For more information, see [Prerequisites](../prepare/windows-autopatch-prerequisites.md). |
+| Not On Supported on Windows Edition | Devices must be on a Windows edition supported by Windows Autopatch. For more information, see [prerequisites](../prepare/windows-autopatch-prerequisites.md). |
+| Not On Supported Windows Build | Devices must be on a Windows build supported by Windows Autopatch. For more information, see [prerequisites](../prepare/windows-autopatch-prerequisites.md). |
 | Intune Sync Older Than 5 Days | Devices must have checked with Intune within the last five days. |
 
 ## Data export
@@ -107,4 +107,4 @@ Within each 24-hour reporting period, devices that are ineligible are updated wi
 Select **Export devices** to export data for each report type.  
 
 > [!NOTE]
-> Note You can’t export Windows Autopatch report data using Microsoft Graph RESTful web API.
+> You can’t export Windows Autopatch report data using Microsoft Graph RESTful web API.

From 5b8300d4e898370cd2a1e6354d7875d5610a5a4f Mon Sep 17 00:00:00 2001
From: Tiara Quan <95256667+tiaraquan@users.noreply.github.com>
Date: Wed, 30 Nov 2022 15:04:04 -0800
Subject: [PATCH 14/93] Update
 windows-autopatch-wqu-all-devices-historical-report.md

---
 .../windows-autopatch-wqu-all-devices-historical-report.md      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-all-devices-historical-report.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-all-devices-historical-report.md
index 1ff0c69942..aba6d03509 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-all-devices-historical-report.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-all-devices-historical-report.md
@@ -23,7 +23,7 @@ The historical All devices report provides a visual representation of the update
 1. Select the **Reports** tab.
 1. Select **All devices report—historical**.
 
-:::image type="content" source="../media/windows-autopatch-all-devices-historical-report.png" alt-text="Overview of the device registration process" lightbox="../media/windows-autopatch-all-devices-historical-report.png":::
+:::image type="content" source="../media/windows-autopatch-all-devices-historical-report.png" alt-text="All devices—historical report" lightbox="../media/windows-autopatch-all-devices-historical-report.png":::
 
 > [!TIP]
 > This report provides a time stamp of when the report trend was last generated and can be seen at the top of the page.

From 3b198c327013bcb0fe6823c8cfc7c36bfaf712dc Mon Sep 17 00:00:00 2001
From: Tiara Quan <95256667+tiaraquan@users.noreply.github.com>
Date: Wed, 30 Nov 2022 15:04:24 -0800
Subject: [PATCH 15/93] Update windows-autopatch-wqu-all-devices-report.md

---
 .../operate/windows-autopatch-wqu-all-devices-report.md         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-all-devices-report.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-all-devices-report.md
index dd3286efc7..5536a42c04 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-all-devices-report.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-all-devices-report.md
@@ -23,7 +23,7 @@ The All devices report provides a per device view of the current update status f
 1. Select the **Reports** tab.
 1. Select **All devices report**.
 
-:::image type="content" source="../media/windows-autopatch-all-devices-report.png" alt-text="Overview of the device registration process" lightbox="../media/windows-autopatch-all-devices-report.png":::
+:::image type="content" source="../media/windows-autopatch-all-devices-report.png" alt-text="All devices report" lightbox="../media/windows-autopatch-all-devices-report.png":::
 
 > [!NOTE]
 > The data in this report is refreshed every 24 hours. The last refreshed on date/time can be seen at the top of the page.

From 3f73d2107aa13c538b5784d25750be131cf9c455 Mon Sep 17 00:00:00 2001
From: Tiara Quan <95256667+tiaraquan@users.noreply.github.com>
Date: Wed, 30 Nov 2022 15:04:46 -0800
Subject: [PATCH 16/93] Update
 windows-autopatch-wqu-eligible-devices-historical-report.md

---
 .../windows-autopatch-wqu-eligible-devices-historical-report.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-eligible-devices-historical-report.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-eligible-devices-historical-report.md
index 31970aad9f..4e4e383213 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-eligible-devices-historical-report.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-eligible-devices-historical-report.md
@@ -23,7 +23,7 @@ The historical Eligible devices report provides a visual representation of the u
 1. Select the **Reports** tab.
 1. Select **Eligible devices report—historical**.
 
-:::image type="content" source="../media/windows-autopatch-eligible-devices-historical-report.png" alt-text="Overview of the device registration process" lightbox="../media/windows-autopatch-eligible-devices-historical-report.png":::
+:::image type="content" source="../media/windows-autopatch-eligible-devices-historical-report.png" alt-text="Eligible devices—historical report" lightbox="../media/windows-autopatch-eligible-devices-historical-report.png":::
 
 > [!NOTE]
 > This report provides a time stamp of when the report trend was last generated and can be seen at the top of the page.

From 1f1e717b28925db5c0e1533a191aeeb26ab6b030 Mon Sep 17 00:00:00 2001
From: Tiara Quan <95256667+tiaraquan@users.noreply.github.com>
Date: Wed, 30 Nov 2022 15:05:23 -0800
Subject: [PATCH 17/93] Update
 windows-autopatch-wqu-ineligible-devices-historical-report.md

---
 ...indows-autopatch-wqu-ineligible-devices-historical-report.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-ineligible-devices-historical-report.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-ineligible-devices-historical-report.md
index a0d5691f1c..733ee98e88 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-ineligible-devices-historical-report.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-ineligible-devices-historical-report.md
@@ -26,7 +26,7 @@ The historical Ineligible devices report provides a visual representation of why
 1. Select the **Reports** tab.
 1. Select **Ineligible devices report—historical**.
 
-:::image type="content" source="../media/windows-autopatch-ineligible-devices-historical-report.png" alt-text="Overview of the device registration process" lightbox="../media/windows-autopatch-ineligible-devices-historical-report.png":::
+:::image type="content" source="../media/windows-autopatch-ineligible-devices-historical-report.png" alt-text="Ineligible devices—historical report" lightbox="../media/windows-autopatch-ineligible-devices-historical-report.png":::
 
 > [!NOTE]
 > This report provides a time stamp of when the report trend was last generated and can be seen at the top of the page.

From a2a8afbb15602aae3d6ac5678ec97cb727500840 Mon Sep 17 00:00:00 2001
From: Tiara Quan <95256667+tiaraquan@users.noreply.github.com>
Date: Wed, 30 Nov 2022 15:06:04 -0800
Subject: [PATCH 18/93] Update windows-autopatch-wqu-summary-dashboard.md

---
 .../operate/windows-autopatch-wqu-summary-dashboard.md          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-summary-dashboard.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-summary-dashboard.md
index 646fe1f3c3..735136be22 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-summary-dashboard.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-summary-dashboard.md
@@ -21,7 +21,7 @@ The Summary dashboard provides a summary view of the current update status for a
 1. Sign into the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 1. Navigate to **Reports** > **Windows Autopatch** > **Windows Quality Updates**.
 
-:::image type="content" source="../media/windows-autopatch-summary-dashboard.png" alt-text="Overview of the device registration process" lightbox="../media/windows-autopatch-summary-dashboard.png":::
+:::image type="content" source="../media/windows-autopatch-summary-dashboard.png" alt-text="Summary dashboard" lightbox="../media/windows-autopatch-summary-dashboard.png":::
 
 > [!NOTE]
 > The data in this report is refreshed every 24 hours. The last refreshed on date/time can be seen at the top of the page.

From b16794754b98c4b20776091acea0b022ddd4ef95 Mon Sep 17 00:00:00 2001
From: Amy Zhou <amyzhou@microsoft.com>
Date: Wed, 30 Nov 2022 16:20:40 -0800
Subject: [PATCH 19/93] added prerequisites

---
 windows/deployment/do/mcc-isp-signup.md | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/windows/deployment/do/mcc-isp-signup.md b/windows/deployment/do/mcc-isp-signup.md
index 352d4402b4..d411757f8e 100644
--- a/windows/deployment/do/mcc-isp-signup.md
+++ b/windows/deployment/do/mcc-isp-signup.md
@@ -22,9 +22,17 @@ ms.topic: article
 
 This article details the process of signing up for Microsoft Connected Cache for Internet Service Providers (public preview). 
 
+## Prerequisites
+
+Before you begin sign up, ensure you have the following components:
+1. **Azure Pay-As-You-Go subscription**: Microsoft Connected Cache is a completely free-of-charge service hosted in Azure. You will need to have a Pay-As-You-Go subscription in order to onboard to our service. To create a subscription, [visit this page](https://azure.microsoft.com/en-us/offers/ms-azr-0003p/).
+1. **Access to Azure portal**: Ensure you have the credentials needed to access your organization's Azure portal.
+1. **Peering DB**: Ensure your organization's [Peering DB](https://www.peeringdb.com/) page is up-to-date and active. Check that the NOC email listed is accurate, and that you have access to this email. 
+1. **Server**: Ensure the server you wish to install Microsoft Connected Cache on is ready, and that the server is installed Ubuntu 20.04 LTS.
+
 ## Resource creation and sign up process  
 
-1. Navigate to the [Azure portal](https://www.portal.azure.com). In the top search bar, search for **Microsoft Connected Cache**.
+1. Navigate to the [Azure portal](https://www.portal.azure.com). Select **Create a Resource**. Then, search for **Microsoft Connected Cache**.
 
    :::image type="content" source="./images/mcc-isp-search.png" alt-text="Screenshot of the Azure portal that shows the Microsoft Connected Cache resource in Azure marketplace.":::
 

From 7a5ef481ae0e7789c43b13c032ecd9ba8cca30a6 Mon Sep 17 00:00:00 2001
From: zwhitt-microsoft <101152161+zwhitt-microsoft@users.noreply.github.com>
Date: Wed, 30 Nov 2022 16:35:21 -0800
Subject: [PATCH 20/93] Addressed a few draft comments

- Moved "symptoms" above "affected devices"
- Added "when CG is running" explicitly to end of "symptoms" section
- Added security reasoning to "Why this is happening" section
- Explicitly specified that supplied credentials are allowed for MSCHAP, NTLMv1 and WDigest
- Added note about MDM management alongside GP management
---
 .../credential-guard-known-issues.md             | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
index d863d5b342..7d7195e1e0 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
@@ -24,6 +24,9 @@ Windows Defender Credential Guard has certain application requirements. Windows
 
 ## Known Issue: Single Sign-On (SSO) for Network services breaks after upgrading to **Windows 11, version 22H2**  
 
+### Symptoms of the issue:  
+Devices that use 802.1x wireless or wired network, RDP, or VPN connections that rely on insecure protocols with password-based authentication will be unable to use SSO to login and will be forced to manually re-authenticate in every new Windows session when Windows Defender Credential Guard is running.  
+
 ### Affected devices:  
 Any device that enables Windows Defender Credential Guard may encounter this issue. As part of the Windows 11, version 22H2 update, eligible devices which had not previously explicitly disabled Windows Defender Credential Guard had it enabled by default. This affected all devices on Enterprise (E3 and E5) and Education licenses, as well as some Pro licenses*, as long as they met the [minimum hardware requirements](credential-guard-requirements.md#hardware-and-software-requirements). 
   
@@ -33,16 +36,15 @@ Any device that enables Windows Defender Credential Guard may encounter this iss
 > To determine if your Pro device will receive default enablement when upgraded to **Windows 11, version 22H2**, do the following **before** upgrading:  
 > Check if the registry key `IsolatedCredentialsRootSecret` is present in `Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0`. If it is present, the device will have Windows Defender Credential Guard enabled after upgrading. Note that Windows Defender Credential Guard can be disabled after upgrade by following the [disablement instructions](credential-guard-manage#disable-windows-defender-credential-guard).
 
-### Symptoms of the issue:  
-Devices that use 802.1x wireless or wired network, RDP, or VPN connections that rely on insecure protocols with password-based authentication will be unable to use SSO to login and will be forced to manually re-authenticate in every new Windows session.  
-
 ### Why this is happening:  
-Applications and services are affected by this issue when they rely on insecure protocols that use password-based authentication. Windows Defender Credential Guard blocks the use of these insecure protocols by design. Affected procols include:
+Applications and services are affected by this issue when they rely on insecure protocols that use password-based authentication. Windows Defender Credential Guard blocks the use of these insecure protocols by design. These protocols are considered insecure because they can lead to password disclosure on the client and the server, which is in direct contradiction to the goals of Windows Defender Credential Guard. Affected procols include:
   - Kerberos unconstrained delegation (both SSO and supplied credentials are blocked)
   - Kerberos when PKINIT uses RSA encryption instead of Diffie-Hellman (both SSO and supplied credentials are blocked)
-  - WDigest (only SSO is blocked)
-  - NTLM v1 (only SSO is blocked)
   - MS-CHAP (only SSO is blocked)
+  - WDigest (only SSO is blocked)
+  - NTLM v1 (only SSO is blocked)  
+  
+Since only SSO is blocked for MS-CHAP, WDigest, and NTLM v1, these protocols can still be used by prompting the user to supply credentials.
 
 ### Options to fix the issue:  
 
@@ -51,7 +53,7 @@ Microsoft recommends that organizations move away from MSCHAPv2-based connection
 For a more immediate but less secure fix, simply [disable Windows Defender Credential Guard](credential-guard-manage#disable-windows-defender-credential-guard). Note that Windows Defender Credential Guard does not have per-protocol or per-application policies, and must either be completely on or off. Disabling Windows Defender Credential Guard will leave some stored domain credentials vulnerable to theft. Windows Defender Credential Guard can be disabled after it has already been enabled, or it can be explicitly disabled prior to updating to Windows 11, version 22H2, which will prevent default enablement from occurring.  
 
 > [!TIP]
-> To _prevent_ default enablement, [use Group Policy to explicitly disable Windows Defender Credential Guard](credential-guard-manage#disabling-windows-defender-credential-guard-using-group-policy) before updating to Windows 11, version 22H2. If the GPO value is not configured (it typically is not configured by default), the device will receive default enablement after updating, if eligible. If the GPO value is set to "disabled", it will not be enabled after updating.  
+> To _prevent_ default enablement, [use Group Policy to explicitly disable Windows Defender Credential Guard](credential-guard-manage#disabling-windows-defender-credential-guard-using-group-policy) before updating to Windows 11, version 22H2. If the GPO value is not configured (it typically is not configured by default), the device will receive default enablement after updating, if eligible. If the GPO value is set to "disabled", it will not be enabled after updating. This process can also be done via Mobile Device Management (MDM) policy rather than Group Policy if the devices are currently being managed by MDM.  
 
 > [!NOTE]
 > MS-CHAP and NTLMv1 are particularly relevant to the observed SSO breakage after the Windows 11, version 22H2 update. To confirm whether Windows Defender Credential Guard is blocking either of these protocols, check the NTLM event logs for the following warning and/or error:  

From bcdc8052bb8de80b1997aecc68e90224677f4b52 Mon Sep 17 00:00:00 2001
From: Amy Zhou <amyzhou@microsoft.com>
Date: Wed, 30 Nov 2022 16:38:55 -0800
Subject: [PATCH 21/93] Enterprise doc changes, added VMWare, endpoints

---
 .../do/delivery-optimization-endpoints.md     |  2 +-
 .../deployment/do/mcc-enterprise-appendix.md  | 44 +++++++++++--------
 .../do/mcc-enterprise-prerequisites.md        |  3 ++
 3 files changed, 29 insertions(+), 20 deletions(-)

diff --git a/windows/deployment/do/delivery-optimization-endpoints.md b/windows/deployment/do/delivery-optimization-endpoints.md
index 8de2e95ad4..43856f97ce 100644
--- a/windows/deployment/do/delivery-optimization-endpoints.md
+++ b/windows/deployment/do/delivery-optimization-endpoints.md
@@ -34,4 +34,4 @@ This article lists the endpoints that need to be allowed through the firewall to
 | *.assets1.xboxlive.com, *.assets2.xboxlive.com, *.dlassets.xboxlive.com, *.dlassets2.xboxlive.com, *.d1.xboxlive.com, *.d2.xboxlive.com, *.assets.xbox.com, *.xbl-dlassets-origin.xboxlive.com, *.assets-origin.xboxlive.com, *.xvcb1.xboxlive.com, *.xvcb2.xboxlive.com, *.xvcf1.xboxlive.com, *.xvcf2.xboxlive.com |  HTTP / 80 | Xbox | | Microsoft Configuration Manager Distribution Point |
 | *.tlu.dl.adu.microsoft.com, *.nlu.dl.adu.microsoft.com, *.dcsfe.prod.adu.microsoft.com |  HTTP / 80 | Device Update | [Complete list](/azure/iot-hub-device-update/) of endpoints for Device Update updates.  | Microsoft Configuration Manager Distribution Point |
 | *.do.dsp.mp.microsoft.com |  HTTP / 80 </br> HTTPs / 443 | Microsoft Connected Cache -> Delivery Optimization Services communication | [Complete list](../do/waas-delivery-optimization-faq.yml) of endpoints for Delivery Optimization only.  | Microsoft Connected Cache Managed in Azure |
-| *.azure-devices.net, *.global.azure-devices-provisioning.net, *.azurecr.io, *.blob.core.windows.net, *.mcr.microsoft.com |  AMQP / 5671 </br>  MQTT / 8883 </br> HTTPs / 443 | IoT Edge / IoT Hub communication| [Complete list](/azure/iot-hub/iot-hub-devguide-protocols) of Azure IoT Hub communication protocols and ports. [Azure IoT Guide](/azure/iot-hub/iot-hub-devguide-endpoints) to understanding Azure IoT Hub endpoints. | Microsoft Connected Cache Managed in Azure |
+| *.azure-devices.net, *.global.azure-devices-provisioning.net, *.azurecr.io, *.blob.core.windows.net, *.mcr.microsoft.com, *.github.com |  AMQP / 5671 </br>  MQTT / 8883 </br> HTTPs / 443 | IoT Edge / IoT Hub communication| [Complete list](/azure/iot-hub/iot-hub-devguide-protocols) of Azure IoT Hub communication protocols and ports. [Azure IoT Guide](/azure/iot-hub/iot-hub-devguide-endpoints) to understanding Azure IoT Hub endpoints. | Microsoft Connected Cache Managed in Azure |
diff --git a/windows/deployment/do/mcc-enterprise-appendix.md b/windows/deployment/do/mcc-enterprise-appendix.md
index 83d2df61da..400beb744f 100644
--- a/windows/deployment/do/mcc-enterprise-appendix.md
+++ b/windows/deployment/do/mcc-enterprise-appendix.md
@@ -12,6 +12,24 @@ ms.topic: article
 
 # Appendix
 
+## Steps to obtain an Azure Subscription ID
+
+<!--Using include file, get-azure-subscription.md, do/mcc-isp.md for shared content-->
+[!INCLUDE [Get Azure subscription](includes/get-azure-subscription.md)]
+
+### Troubleshooting
+
+If you're not able to sign up for a Microsoft Azure subscription with the error: **Account belongs to a directory that cannot be associated with an Azure subscription. Please sign in with a different account.** See [Can't sign up for a Microsoft Azure subscription](/troubleshoot/azure/general/cannot-sign-up-subscription). 
+
+Also see [Troubleshoot issues when you sign up for a new account in the Azure portal](/azure/cost-management-billing/manage/troubleshoot-azure-sign-up).
+
+## Installing on VMWare
+
+We have seen that Microsoft Connected Cache for Enterprise and Education can be successfully installed on VMWare. To do so, there are a couple of additional configurations to be made:
+
+1. Ensure that you are using ESX. In the VM settings, turn on the option **"Expose hardware assisted virtualization to the guest OS".**
+1. Using the HyperV Manager, create an external switch. For the external switch to have internet connection, ensure **"Allow promiscuous mode"**, **"Allow forged transmits"**, and **"Allow MAC changes"** are all switched to "Yes". 
+
 ## Diagnostics Script
 
 If you're having issues with your MCC, we included a diagnostics script. The script collects all your logs and zips them into a single file. You can then send us these logs via email for the MCC team to debug.
@@ -33,17 +51,6 @@ To run this script:
 
 1. [Email the MCC team](mailto:mccforenterprise@microsoft.com?subject=Debugging%20Help%20Needed%20for%20MCC%20for%20Enterprise) and attach this file asking for debugging support. Screenshots of the error along with any other warnings you saw will be helpful during out debugging process.
 
-## Steps to obtain an Azure Subscription ID
-
-<!--Using include file, get-azure-subscription.md, do/mcc-isp.md for shared content-->
-[!INCLUDE [Get Azure subscription](includes/get-azure-subscription.md)]
-
-## Troubleshooting
-
-If you're not able to sign up for a Microsoft Azure subscription with the error: **Account belongs to a directory that cannot be associated with an Azure subscription. Please sign in with a different account.** See [Can't sign up for a Microsoft Azure subscription](/troubleshoot/azure/general/cannot-sign-up-subscription). 
-
-Also see [Troubleshoot issues when you sign up for a new account in the Azure portal](/azure/cost-management-billing/manage/troubleshoot-azure-sign-up).
-
 ## IoT Edge runtime
 
 The Azure IoT Edge runtime enables custom and cloud logic on IoT Edge devices.
@@ -58,14 +65,6 @@ communication operations. The runtime performs several functions:
 
 For more information on Azure IoT Edge, see the [Azure IoT Edge documentation](/azure/iot-edge/about-iot-edge).
 
-## EFLOW
-
-- [What is Azure IoT Edge for Linux on Windows](/azure/iot-edge/iot-edge-for-linux-on-windows)
-- [Install Azure IoT Edge for Linux on Windows](/azure/iot-edge/how-to-provision-single-device-linux-on-windows-symmetric#install-iot-edge)
-- [PowerShell functions for Azure IoT Edge for Linux on Windows](/azure/iot-edge/reference-iot-edge-for-linux-on-windows-functions)
-- EFLOW FAQ and Support: [Support · Azure/iotedge-eflow Wiki (github.com)](https://github.com/Azure/iotedge-eflow/wiki/Support#how-can-i-apply-updates-to-eflow)
-- [Now ready for Production: Linux IoT Edge Modules on Windows - YouTube](https://www.youtube.com/watch?v=pgqVCg6cxVU&ab_channel=MicrosoftIoTDevelopers)
-
 ## Routing local Windows Clients to an MCC
 
 ### Get the IP address of your MCC using ifconfig
@@ -115,3 +114,10 @@ To verify that the Delivery Optimization client can download content using MCC,
     
       :::image type="content" source="./images/ent-mcc-delivery-optimization-activity.png" alt-text="Screenshot of the Delivery Optimization Activity Monitor.":::
 
+## EFLOW
+
+- [What is Azure IoT Edge for Linux on Windows](/azure/iot-edge/iot-edge-for-linux-on-windows)
+- [Install Azure IoT Edge for Linux on Windows](/azure/iot-edge/how-to-provision-single-device-linux-on-windows-symmetric#install-iot-edge)
+- [PowerShell functions for Azure IoT Edge for Linux on Windows](/azure/iot-edge/reference-iot-edge-for-linux-on-windows-functions)
+- EFLOW FAQ and Support: [Support · Azure/iotedge-eflow Wiki (github.com)](https://github.com/Azure/iotedge-eflow/wiki/Support#how-can-i-apply-updates-to-eflow)
+- [Now ready for Production: Linux IoT Edge Modules on Windows - YouTube](https://www.youtube.com/watch?v=pgqVCg6cxVU&ab_channel=MicrosoftIoTDevelopers)
\ No newline at end of file
diff --git a/windows/deployment/do/mcc-enterprise-prerequisites.md b/windows/deployment/do/mcc-enterprise-prerequisites.md
index 705448742b..84faf8d670 100644
--- a/windows/deployment/do/mcc-enterprise-prerequisites.md
+++ b/windows/deployment/do/mcc-enterprise-prerequisites.md
@@ -26,6 +26,9 @@ ms.topic: article
     The resources used for the preview and in the future when this product is ready for production will be free to you, like other caching solutions.
 
 2. **Hardware to host MCC**: The recommended configuration will serve approximately 35000 managed devices, downloading a 2 GB payload in 24-hour timeframe at a sustained rate of 6.5 Gbps.
+  
+   > [!NOTE]
+   > Azure VMs are not currently supported. If you'd like to install your cache node on VMWare, see the [Appendix](mcc-enterprise-appendix.md) for a few additional configurations.
 
     **EFLOW Requires Hyper-V support**
     - On Windows client, enable the Hyper-V feature

From c771eb2abd8a28d99bd7700333284d273d7d87f0 Mon Sep 17 00:00:00 2001
From: Amy Zhou <amyzhou@microsoft.com>
Date: Wed, 30 Nov 2022 16:46:01 -0800
Subject: [PATCH 22/93] edit github endpoint

---
 windows/deployment/do/delivery-optimization-endpoints.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/do/delivery-optimization-endpoints.md b/windows/deployment/do/delivery-optimization-endpoints.md
index 43856f97ce..49b08e601c 100644
--- a/windows/deployment/do/delivery-optimization-endpoints.md
+++ b/windows/deployment/do/delivery-optimization-endpoints.md
@@ -34,4 +34,4 @@ This article lists the endpoints that need to be allowed through the firewall to
 | *.assets1.xboxlive.com, *.assets2.xboxlive.com, *.dlassets.xboxlive.com, *.dlassets2.xboxlive.com, *.d1.xboxlive.com, *.d2.xboxlive.com, *.assets.xbox.com, *.xbl-dlassets-origin.xboxlive.com, *.assets-origin.xboxlive.com, *.xvcb1.xboxlive.com, *.xvcb2.xboxlive.com, *.xvcf1.xboxlive.com, *.xvcf2.xboxlive.com |  HTTP / 80 | Xbox | | Microsoft Configuration Manager Distribution Point |
 | *.tlu.dl.adu.microsoft.com, *.nlu.dl.adu.microsoft.com, *.dcsfe.prod.adu.microsoft.com |  HTTP / 80 | Device Update | [Complete list](/azure/iot-hub-device-update/) of endpoints for Device Update updates.  | Microsoft Configuration Manager Distribution Point |
 | *.do.dsp.mp.microsoft.com |  HTTP / 80 </br> HTTPs / 443 | Microsoft Connected Cache -> Delivery Optimization Services communication | [Complete list](../do/waas-delivery-optimization-faq.yml) of endpoints for Delivery Optimization only.  | Microsoft Connected Cache Managed in Azure |
-| *.azure-devices.net, *.global.azure-devices-provisioning.net, *.azurecr.io, *.blob.core.windows.net, *.mcr.microsoft.com, *.github.com |  AMQP / 5671 </br>  MQTT / 8883 </br> HTTPs / 443 | IoT Edge / IoT Hub communication| [Complete list](/azure/iot-hub/iot-hub-devguide-protocols) of Azure IoT Hub communication protocols and ports. [Azure IoT Guide](/azure/iot-hub/iot-hub-devguide-endpoints) to understanding Azure IoT Hub endpoints. | Microsoft Connected Cache Managed in Azure |
+| *.azure-devices.net, *.global.azure-devices-provisioning.net, *.azurecr.io, *.blob.core.windows.net, *.mcr.microsoft.com, github.com |  AMQP / 5671 </br>  MQTT / 8883 </br> HTTPs / 443 | IoT Edge / IoT Hub communication| [Complete list](/azure/iot-hub/iot-hub-devguide-protocols) of Azure IoT Hub communication protocols and ports. [Azure IoT Guide](/azure/iot-hub/iot-hub-devguide-endpoints) to understanding Azure IoT Hub endpoints. | Microsoft Connected Cache Managed in Azure |

From 4ccee6c3cb1f4189af1d56b1ae226e3ef4765221 Mon Sep 17 00:00:00 2001
From: zwhitt-microsoft <101152161+zwhitt-microsoft@users.noreply.github.com>
Date: Wed, 30 Nov 2022 17:00:01 -0800
Subject: [PATCH 23/93] Fixed links and updated NTLM event

- Fixed the broken credential-guard-manage.md links
- Moved the Event Viewer events and added the event path
---
 .../credential-guard-known-issues.md          | 24 +++++++++----------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
index 7d7195e1e0..68d5b6cc09 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
@@ -34,7 +34,7 @@ Any device that enables Windows Defender Credential Guard may encounter this iss
 
 > [!TIP]
 > To determine if your Pro device will receive default enablement when upgraded to **Windows 11, version 22H2**, do the following **before** upgrading:  
-> Check if the registry key `IsolatedCredentialsRootSecret` is present in `Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0`. If it is present, the device will have Windows Defender Credential Guard enabled after upgrading. Note that Windows Defender Credential Guard can be disabled after upgrade by following the [disablement instructions](credential-guard-manage#disable-windows-defender-credential-guard).
+> Check if the registry key `IsolatedCredentialsRootSecret` is present in `Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0`. If it is present, the device will have Windows Defender Credential Guard enabled after upgrading. Note that Windows Defender Credential Guard can be disabled after upgrade by following the [disablement instructions](credential-guard-manage.md#disable-windows-defender-credential-guard).
 
 ### Why this is happening:  
 Applications and services are affected by this issue when they rely on insecure protocols that use password-based authentication. Windows Defender Credential Guard blocks the use of these insecure protocols by design. These protocols are considered insecure because they can lead to password disclosure on the client and the server, which is in direct contradiction to the goals of Windows Defender Credential Guard. Affected procols include:
@@ -44,19 +44,10 @@ Applications and services are affected by this issue when they rely on insecure
   - WDigest (only SSO is blocked)
   - NTLM v1 (only SSO is blocked)  
   
-Since only SSO is blocked for MS-CHAP, WDigest, and NTLM v1, these protocols can still be used by prompting the user to supply credentials.
-
-### Options to fix the issue:  
-
-Microsoft recommends that organizations move away from MSCHAPv2-based connections such as PEAP-MSCHAPv2 and EAP-MSCHAPv2, to certificate-based authentication such as PEAP-TLS or EAP-TLS. Windows Defender Credential Guard will not block certificate-based authentication.  
-
-For a more immediate but less secure fix, simply [disable Windows Defender Credential Guard](credential-guard-manage#disable-windows-defender-credential-guard). Note that Windows Defender Credential Guard does not have per-protocol or per-application policies, and must either be completely on or off. Disabling Windows Defender Credential Guard will leave some stored domain credentials vulnerable to theft. Windows Defender Credential Guard can be disabled after it has already been enabled, or it can be explicitly disabled prior to updating to Windows 11, version 22H2, which will prevent default enablement from occurring.  
-
-> [!TIP]
-> To _prevent_ default enablement, [use Group Policy to explicitly disable Windows Defender Credential Guard](credential-guard-manage#disabling-windows-defender-credential-guard-using-group-policy) before updating to Windows 11, version 22H2. If the GPO value is not configured (it typically is not configured by default), the device will receive default enablement after updating, if eligible. If the GPO value is set to "disabled", it will not be enabled after updating. This process can also be done via Mobile Device Management (MDM) policy rather than Group Policy if the devices are currently being managed by MDM.  
+Since only SSO is blocked for MS-CHAP, WDigest, and NTLM v1, these protocols can still be used by prompting the user to supply credentials.  
 
 > [!NOTE]
-> MS-CHAP and NTLMv1 are particularly relevant to the observed SSO breakage after the Windows 11, version 22H2 update. To confirm whether Windows Defender Credential Guard is blocking either of these protocols, check the NTLM event logs for the following warning and/or error:  
+> MS-CHAP and NTLMv1 are particularly relevant to the observed SSO breakage after the Windows 11, version 22H2 update. To confirm whether Windows Defender Credential Guard is blocking either of these protocols, check the NTLM event logs in Event Viewer at `Application and Services Logs\Microsoft\Windows\NTLM\Operational` for the following warning and/or error:  
   >  
   > **Event ID 4013** (Warning)  
   > ```
@@ -75,6 +66,15 @@ For a more immediate but less secure fix, simply [disable Windows Defender Crede
   > />  
   > ```
 
+### Options to fix the issue:  
+
+Microsoft recommends that organizations move away from MSCHAPv2-based connections such as PEAP-MSCHAPv2 and EAP-MSCHAPv2, to certificate-based authentication such as PEAP-TLS or EAP-TLS. Windows Defender Credential Guard will not block certificate-based authentication.  
+
+For a more immediate but less secure fix, simply [disable Windows Defender Credential Guard](credential-guard-manage.md#disable-windows-defender-credential-guard). Note that Windows Defender Credential Guard does not have per-protocol or per-application policies, and must either be completely on or off. Disabling Windows Defender Credential Guard will leave some stored domain credentials vulnerable to theft. Windows Defender Credential Guard can be disabled after it has already been enabled, or it can be explicitly disabled prior to updating to Windows 11, version 22H2, which will prevent default enablement from occurring.  
+
+> [!TIP]
+> To _prevent_ default enablement, [use Group Policy to explicitly disable Windows Defender Credential Guard](credential-guard-manage.md#disabling-windows-defender-credential-guard-using-group-policy) before updating to Windows 11, version 22H2. If the GPO value is not configured (it typically is not configured by default), the device will receive default enablement after updating, if eligible. If the GPO value is set to "disabled", it will not be enabled after updating. This process can also be done via Mobile Device Management (MDM) policy rather than Group Policy if the devices are currently being managed by MDM.  
+
 ## Known issues involving third-party applications
 
 The following issue affects MSCHAPv2:

From ff9f6bcff0512074e781ab8c53d3270a497b7a6e Mon Sep 17 00:00:00 2001
From: zwhitt-microsoft <101152161+zwhitt-microsoft@users.noreply.github.com>
Date: Wed, 30 Nov 2022 17:17:09 -0800
Subject: [PATCH 24/93] Updated CredGuard root

- Added default enablement announcement and link
- Added link to Known Issues
- Changed article author
---
 .../identity-protection/credential-guard/credential-guard.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/credential-guard/credential-guard.md b/windows/security/identity-protection/credential-guard/credential-guard.md
index 950eb3a95c..aa1ffc29b1 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard.md
@@ -5,7 +5,7 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 ms.author: paoloma
-ms.reviewer: erikdau
+ms.reviewer: zwhittington
 manager: aaroncz
 ms.collection: 
   - M365-identity-device-management
@@ -31,6 +31,9 @@ By enabling Windows Defender Credential Guard, the following features and soluti
 -   **Virtualization-based security** Windows NTLM and Kerberos derived credentials and other secrets run in a protected environment that is isolated from the running operating system.
 -   **Better protection against advanced persistent threats** When Credential Manager domain credentials, NTLM, and Kerberos derived credentials are protected using virtualization-based security, the credential theft attack techniques and tools used in many targeted attacks are blocked. Malware running in the operating system with administrative privileges cannot extract secrets that are protected by virtualization-based security. While Windows Defender Credential Guard is a powerful mitigation, persistent threat attacks will likely shift to new attack techniques and you should also incorporate other security strategies and architectures.
 
+> [!NOTE]
+> As of Windows 11, version 22H2, Windows Defender Credential Guard has been enabled by default on all devices which meet the minimum requirements as specified in the [Default Enablement](credential-guard-manage.md#default-enablement) section. For information about known issues related to default enablement, see [Credential Guard: Known Issues](credential-guard-known-issues.md#known-issue-single-sign-on-sso-for-network-services-breaks-after-upgrading-to-windows-11-version-22h2).
+
  
 ## Related topics
 

From 3b01ef45ad357a74a5c5a78254473186112074e6 Mon Sep 17 00:00:00 2001
From: zwhitt-microsoft <101152161+zwhitt-microsoft@users.noreply.github.com>
Date: Wed, 30 Nov 2022 17:21:02 -0800
Subject: [PATCH 25/93] Added link to Known Issues

---
 .../credential-guard/credential-guard-manage.md               | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
index 33cab5403d..f7d645071d 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
@@ -26,7 +26,9 @@ ms.technology: itpro-security
 
 ## Default Enablement
 
-Starting in **Windows 11 Enterprise, version 22H2** and **Windows 11 Education, version 22H2**, compatible systems have Windows Defender Credential Guard turned on by default. This feature changes the default state of the feature in Windows, though system administrators can still modify this enablement state. Windows Defender Credential Guard can still be manually [enabled](#enable-windows-defender-credential-guard) or [disabled](#disable-windows-defender-credential-guard) via the methods documented below.
+Starting in **Windows 11 Enterprise, version 22H2** and **Windows 11 Education, version 22H2**, compatible systems have Windows Defender Credential Guard turned on by default. This feature changes the default state of the feature in Windows, though system administrators can still modify this enablement state. Windows Defender Credential Guard can still be manually [enabled](#enable-windows-defender-credential-guard) or [disabled](#disable-windows-defender-credential-guard) via the methods documented below.  
+  
+Known issues arising from default enablement are documented in [Windows Defender Credential Guard: Known issues](credential-guard-known-issues.md#known-issue-single-sign-on-sso-for-network-services-breaks-after-upgrading-to-windows-11-version-22h2).
 
 ### Requirements for automatic enablement
 

From 7fe332cd9148e4206147aa2e3a37dfe793a80b1d Mon Sep 17 00:00:00 2001
From: zwhitt-microsoft <101152161+zwhitt-microsoft@users.noreply.github.com>
Date: Wed, 30 Nov 2022 17:22:09 -0800
Subject: [PATCH 26/93] Updated feature owner

---
 .../credential-guard/credential-guard-scripts.md                | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/credential-guard/credential-guard-scripts.md b/windows/security/identity-protection/credential-guard/credential-guard-scripts.md
index 8b39b99573..11caa36d86 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-scripts.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-scripts.md
@@ -5,7 +5,7 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 ms.author: paoloma
-ms.reviewer: erikdau
+ms.reviewer: zwhittington
 manager: aaroncz
 ms.collection: M365-identity-device-management
 ms.topic: article

From a2c8a6d9426a267b9487daf128614b05b6144686 Mon Sep 17 00:00:00 2001
From: zwhitt-microsoft <101152161+zwhitt-microsoft@users.noreply.github.com>
Date: Wed, 30 Nov 2022 17:23:25 -0800
Subject: [PATCH 27/93] Updated feature owner

---
 .../credential-guard/credential-guard-protection-limits.md      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md b/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md
index 6444af7ea5..ef9f6a2bce 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md
@@ -5,7 +5,7 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 ms.author: paoloma
-ms.reviewer: erikdau
+ms.reviewer: zwhittington
 manager: aaroncz
 ms.collection: M365-identity-device-management
 ms.topic: article

From d188996f9d0b74e2f86ee853d55088674bf9f34a Mon Sep 17 00:00:00 2001
From: zwhitt-microsoft <101152161+zwhitt-microsoft@users.noreply.github.com>
Date: Wed, 30 Nov 2022 17:24:05 -0800
Subject: [PATCH 28/93] Updated feature owner

---
 .../credential-guard-not-protected-scenarios.md               | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md b/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md
index 5ff4d5dadc..0f780be28b 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md
@@ -4,7 +4,7 @@ description: Scenarios not protected by Windows Defender Credential Guard in Win
 ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
-ms.author: paoloma
+ms.author: zwhittington
 ms.reviewer: erikdau
 manager: aaroncz
 ms.collection: M365-identity-device-management
@@ -644,4 +644,4 @@ write-host $tmp -Foreground Red
 
 **Deep Dive into Windows Defender Credential Guard: Related videos**
 
-[Protecting privileged users with Windows Defender Credential Guard](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=JNbjYMJyC_8104300474)
\ No newline at end of file
+[Protecting privileged users with Windows Defender Credential Guard](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=JNbjYMJyC_8104300474)

From b0908439e5864151bd969c2d9765636a28bb3026 Mon Sep 17 00:00:00 2001
From: zwhitt-microsoft <101152161+zwhitt-microsoft@users.noreply.github.com>
Date: Wed, 30 Nov 2022 17:25:03 -0800
Subject: [PATCH 29/93] Fixed mistake updating feature owner

---
 .../credential-guard-not-protected-scenarios.md               | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md b/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md
index 0f780be28b..51ecf3c661 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md
@@ -4,8 +4,8 @@ description: Scenarios not protected by Windows Defender Credential Guard in Win
 ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
-ms.author: zwhittington
-ms.reviewer: erikdau
+ms.author: paoloma
+ms.reviewer: zwhittington
 manager: aaroncz
 ms.collection: M365-identity-device-management
 ms.topic: article

From 9da8123b5eceda801b7ff8aeedd3cde304d4be07 Mon Sep 17 00:00:00 2001
From: zwhitt-microsoft <101152161+zwhitt-microsoft@users.noreply.github.com>
Date: Wed, 30 Nov 2022 17:25:44 -0800
Subject: [PATCH 30/93] Updated feature owner

---
 .../credential-guard/credential-guard-how-it-works.md           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md b/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md
index 55fe9628bb..48360ee775 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md
@@ -5,7 +5,7 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 ms.author: paoloma
-ms.reviewer: erikdau
+ms.reviewer: zwhittington
 manager: aaroncz
 ms.collection: M365-identity-device-management
 ms.topic: article

From 322dc1ed748302397ed21975237792565926501a Mon Sep 17 00:00:00 2001
From: zwhitt-microsoft <101152161+zwhitt-microsoft@users.noreply.github.com>
Date: Wed, 30 Nov 2022 17:26:32 -0800
Subject: [PATCH 31/93] Updated feature owner

---
 .../credential-guard/credential-guard-considerations.md       | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/identity-protection/credential-guard/credential-guard-considerations.md b/windows/security/identity-protection/credential-guard/credential-guard-considerations.md
index 69d69300a1..b041c61076 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-considerations.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-considerations.md
@@ -5,7 +5,7 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 ms.author: paoloma
-ms.reviewer: erikdau
+ms.reviewer: zwhittington
 manager: aaroncz
 ms.collection: M365-identity-device-management
 ms.topic: article
@@ -97,4 +97,4 @@ When data protected with user DPAPI is unusable, then the user loses access to a
 
 **Related videos**
 
-[What is virtualization-based security?](https://www.linkedin.com/learning/microsoft-cybersecurity-stack-advanced-identity-and-endpoint-protection/what-is-virtualization-based-security)
\ No newline at end of file
+[What is virtualization-based security?](https://www.linkedin.com/learning/microsoft-cybersecurity-stack-advanced-identity-and-endpoint-protection/what-is-virtualization-based-security)

From ca0405658bd8c35c244506381b0a78b1d9edb2a7 Mon Sep 17 00:00:00 2001
From: zwhitt-microsoft <101152161+zwhitt-microsoft@users.noreply.github.com>
Date: Wed, 30 Nov 2022 17:27:29 -0800
Subject: [PATCH 32/93] Updated feature owner

---
 .../credential-guard/additional-mitigations.md                | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/identity-protection/credential-guard/additional-mitigations.md b/windows/security/identity-protection/credential-guard/additional-mitigations.md
index 92b3296a71..3fd8405edf 100644
--- a/windows/security/identity-protection/credential-guard/additional-mitigations.md
+++ b/windows/security/identity-protection/credential-guard/additional-mitigations.md
@@ -5,7 +5,7 @@ ms.prod: windows-client
 ms.localizationpriority: medium
 author: paolomatarazzo
 ms.author: paoloma
-ms.reviewer: erikdau
+ms.reviewer: zwhittington
 manager: aaroncz
 ms.collection: M365-identity-device-management
 ms.topic: article
@@ -607,4 +607,4 @@ write-host $tmp -Foreground Red
 ```
 
 > [!NOTE]
-> If you're having trouble running this script, try replacing the single quote after the ConvertFrom-StringData parameter.
\ No newline at end of file
+> If you're having trouble running this script, try replacing the single quote after the ConvertFrom-StringData parameter.

From 8aa47d58c2c167fe21b942c17b9d1621fc472513 Mon Sep 17 00:00:00 2001
From: Tiara Quan <95256667+tiaraquan@users.noreply.github.com>
Date: Thu, 1 Dec 2022 08:04:19 -0800
Subject: [PATCH 33/93] Update
 windows-autopatch-wqu-all-devices-historical-report.md

---
 .../windows-autopatch-wqu-all-devices-historical-report.md      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-all-devices-historical-report.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-all-devices-historical-report.md
index aba6d03509..3808dd45a7 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-all-devices-historical-report.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-all-devices-historical-report.md
@@ -25,7 +25,7 @@ The historical All devices report provides a visual representation of the update
 
 :::image type="content" source="../media/windows-autopatch-all-devices-historical-report.png" alt-text="All devices—historical report" lightbox="../media/windows-autopatch-all-devices-historical-report.png":::
 
-> [!TIP]
+> [!NOTE]
 > This report provides a time stamp of when the report trend was last generated and can be seen at the top of the page.
 
 ## Report options

From 5eb226ad1ba351b3c087f7a7aecdd6e05661e2ce Mon Sep 17 00:00:00 2001
From: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Date: Thu, 1 Dec 2022 13:12:22 -0800
Subject: [PATCH 34/93] minor edits

---
 windows/deployment/do/mcc-enterprise-appendix.md | 12 ++++++------
 windows/deployment/do/mcc-isp-signup.md          |  8 ++++----
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/windows/deployment/do/mcc-enterprise-appendix.md b/windows/deployment/do/mcc-enterprise-appendix.md
index 400beb744f..ef710a3929 100644
--- a/windows/deployment/do/mcc-enterprise-appendix.md
+++ b/windows/deployment/do/mcc-enterprise-appendix.md
@@ -19,16 +19,16 @@ ms.topic: article
 
 ### Troubleshooting
 
-If you're not able to sign up for a Microsoft Azure subscription with the error: **Account belongs to a directory that cannot be associated with an Azure subscription. Please sign in with a different account.** See [Can't sign up for a Microsoft Azure subscription](/troubleshoot/azure/general/cannot-sign-up-subscription). 
-
-Also see [Troubleshoot issues when you sign up for a new account in the Azure portal](/azure/cost-management-billing/manage/troubleshoot-azure-sign-up).
+If you're not able to sign up for a Microsoft Azure subscription with the **Account belongs to a directory that cannot be associated with an Azure subscription. Please sign in with a different account.** error, see the following articles:
+- [Can't sign up for a Microsoft Azure subscription](/troubleshoot/azure/general/cannot-sign-up-subscription). 
+- [Troubleshoot issues when you sign up for a new account in the Azure portal](/azure/cost-management-billing/manage/troubleshoot-azure-sign-up).
 
 ## Installing on VMWare
 
-We have seen that Microsoft Connected Cache for Enterprise and Education can be successfully installed on VMWare. To do so, there are a couple of additional configurations to be made:
+We've seen that Microsoft Connected Cache for Enterprise and Education can be successfully installed on VMWare. To do so, there are a couple of additional configurations to be made:
 
-1. Ensure that you are using ESX. In the VM settings, turn on the option **"Expose hardware assisted virtualization to the guest OS".**
-1. Using the HyperV Manager, create an external switch. For the external switch to have internet connection, ensure **"Allow promiscuous mode"**, **"Allow forged transmits"**, and **"Allow MAC changes"** are all switched to "Yes". 
+1. Ensure that you're using ESX. In the VM settings, turn on the option **Expose hardware assisted virtualization to the guest OS**.
+1. Using the HyperV Manager, create an external switch. For the external switch to have internet connection, ensure **"Allow promiscuous mode"**, **"Allow forged transmits"**, and **"Allow MAC changes"** are all switched to **Yes**.
 
 ## Diagnostics Script
 
diff --git a/windows/deployment/do/mcc-isp-signup.md b/windows/deployment/do/mcc-isp-signup.md
index d411757f8e..291a69a7ab 100644
--- a/windows/deployment/do/mcc-isp-signup.md
+++ b/windows/deployment/do/mcc-isp-signup.md
@@ -25,10 +25,10 @@ This article details the process of signing up for Microsoft Connected Cache for
 ## Prerequisites
 
 Before you begin sign up, ensure you have the following components:
-1. **Azure Pay-As-You-Go subscription**: Microsoft Connected Cache is a completely free-of-charge service hosted in Azure. You will need to have a Pay-As-You-Go subscription in order to onboard to our service. To create a subscription, [visit this page](https://azure.microsoft.com/en-us/offers/ms-azr-0003p/).
-1. **Access to Azure portal**: Ensure you have the credentials needed to access your organization's Azure portal.
-1. **Peering DB**: Ensure your organization's [Peering DB](https://www.peeringdb.com/) page is up-to-date and active. Check that the NOC email listed is accurate, and that you have access to this email. 
-1. **Server**: Ensure the server you wish to install Microsoft Connected Cache on is ready, and that the server is installed Ubuntu 20.04 LTS.
+- **Azure Pay-As-You-Go subscription**: Microsoft Connected Cache is a completely free-of-charge service hosted in Azure. You will need to have a Pay-As-You-Go subscription in order to onboard to our service. To create a subscription, [visit this page](https://azure.microsoft.com/offers/ms-azr-0003p/).
+- **Access to Azure portal**: Ensure you have the credentials needed to access your organization's Azure portal.
+- **Peering DB**: Ensure your organization's [Peering DB](https://www.peeringdb.com/) page is up-to-date and active. Check that the NOC email listed is accurate, and that you have access to this email. 
+- **Server**: Ensure the server you wish to install Microsoft Connected Cache on is ready, and that the server is installed Ubuntu 20.04 LTS.
 
 ## Resource creation and sign up process  
 

From c0b678f43a316f5718c481b2e14dbddbe2f03fee Mon Sep 17 00:00:00 2001
From: tiaraquan <tiaraquan@microsoft.com>
Date: Thu, 1 Dec 2022 13:54:39 -0800
Subject: [PATCH 35/93] What's new article.

---
 windows/deployment/windows-autopatch/TOC.yml  |  7 +-
 .../windows-autopatch-wqu-reports-overview.md |  4 +-
 .../windows-autopatch-whats-new-2022.md       | 98 +++++++++++++++++++
 3 files changed, 106 insertions(+), 3 deletions(-)
 create mode 100644 windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2022.md

diff --git a/windows/deployment/windows-autopatch/TOC.yml b/windows/deployment/windows-autopatch/TOC.yml
index 5d31d988ca..5d1978ac7a 100644
--- a/windows/deployment/windows-autopatch/TOC.yml
+++ b/windows/deployment/windows-autopatch/TOC.yml
@@ -99,4 +99,9 @@
         - name: Privacy
           href: references/windows-autopatch-privacy.md
         - name: Windows Autopatch preview addendum
-          href: references/windows-autopatch-preview-addendum.md
\ No newline at end of file
+          href: references/windows-autopatch-preview-addendum.md
+    - name: What's new
+      href:
+      items: 
+        - name: What's new 2022
+          href: whats-new/windows-autopatch-whats-new-2022.md
\ No newline at end of file
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-reports-overview.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-reports-overview.md
index 24dad31605..739953b809 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-reports-overview.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-reports-overview.md
@@ -64,8 +64,8 @@ Healthy devices are devices that meet all of the following prerequisites:
 
 | Sub status | Description |
 | ----- | ----- |
-| Up to Date | Devices are up to date with the latest quality update deployed through the [Windows Autopatch release schedule](../operate/windows-autopatch-wqu-overview.md#windows-quality-update-releases) |
-| In Progress | Devices are currently installing the latest quality update deployed through the [Windows Autopatch release schedule](../operate/windows-autopatch-wqu-overview.md#windows-quality-update-releases) |
+| Up to Date | Devices are up to date with the latest quality update deployed through the [Windows Autopatch release schedule](../operate/windows-autopatch-wqu-overview.md#windows-quality-update-releases). |
+| In Progress | Devices are currently installing the latest quality update deployed through the [Windows Autopatch release schedule](../operate/windows-autopatch-wqu-overview.md#windows-quality-update-releases). |
 | Paused | Devices that are currently paused due to a Windows Autopatch or customer-initiated Release Management pause. For more information, see [Pausing and resuming a release](../operate/windows-autopatch-wqu-overview.md#pausing-and-resuming-a-release). |
 
 ### Not Up to Date (Microsoft Action)
diff --git a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2022.md b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2022.md
new file mode 100644
index 0000000000..b4a98ff888
--- /dev/null
+++ b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2022.md
@@ -0,0 +1,98 @@
+---
+title: What's new
+description: This article lists the new feature releases and any corresponding Message center post numbers.
+ms.date: 12/01/2022
+ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: how-to
+ms.localizationpriority: medium
+author: tiaraquan
+ms.author: tiaraquan
+manager: dougeby
+msreviewer: hathind
+---
+
+# What's new
+
+This article lists new and updated feature releases, and service releases, with their corresponding Message center post numbers (if applicable).
+
+Minor corrections such as typos, style, or formatting issues aren't listed.
+
+## December 2022
+
+### December feature release
+
+| Article | Description |
+| ----- | ----- |
+| [What's new](../whats-new/windows-autopatch-whats-new-2022.md) | Added the What's new article |
+
+## November 2022
+
+### November feature releases
+
+| Article | Description |
+| ----- | ----- |
+| [Privacy](../references/windows-autopatch-privacy.md) | Updated data center locations<ul><li>[MC448005](https://admin.microsoft.com/adminportal/home#/MessageCenter) |
+| [Changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md) | Updated multiple sections because of the OMA-URI to Intune Settings Catalog policy migration<ul><li>[MC443898](https://admin.microsoft.com/adminportal/home#/MessageCenter) |
+| [Configure your network](../prepare/windows-autopatch-configure-network.md) | Added information on Delivery Optimization  |
+| [Microsoft 365 Apps for enterprise](../operate/windows-autopatch-microsoft-365-apps-enterprise.md) | 32 and 64-bit versions are supported |
+
+### November service release
+
+| Message center post number | Description |
+| ----- | ----- |
+| [MC470135](https://admin.microsoft.com/adminportal/home#/MessageCenter) | Windows Autopatch baseline configuration update |
+
+## October 2022
+
+### October feature releases
+
+| Article | Description |
+| ----- | ----- |
+| [Maintain the Windows Autopatch environment](../operate/windows-autopatch-maintain-environment.md) | New Tenant management blade |
+| [Register your devices](../deploy/windows-autopatch-register-devices.md) | Added Azure Virtual Desktop capability |
+
+### October service release
+
+| Message center post number | Description |
+| ----- | ----- |
+| [MC450491](https://admin.microsoft.com/adminportal/home#/MessageCenter) | Windows Autopatch baseline configuration update |
+
+## September 2022
+
+### September feature release
+
+| Article | Description |
+| ----- | ----- |
+| [Post-device registration readiness checks](../deploy/windows-autopatch-post-reg-readiness-checks.md) | Post-device registration readiness checks public preview release<ul><li>[MC409850](https://admin.microsoft.com/adminportal/home#/MessageCenter) |
+
+## August 2022
+
+### August feature release
+
+| Article | Description |
+| ----- | ----- |
+| [Register your devices](../deploy/windows-autopatch-register-devices.md) | Windows Autopatch on Windows 365 Enterprise Workloads capability.<ul><li>[MC409850](https://admin.microsoft.com/adminportal/home#/MessageCenter)</li></ul> |
+
+### August service release
+
+| Message center post number | Description |
+| ----- | ----- |
+| [MC418962](https://admin.microsoft.com/adminportal/home#/MessageCenter) | Windows Autopatch baseline configuration update |
+
+## July 2022
+
+### July feature releases
+
+| Article | Description |
+| ----- | ----- |
+| [Register your devices](../deploy/windows-autopatch-register-devices.md) | Windows Autopatch on Windows 365 Enterprise Workloads capability |
+| Windows Autopatch General Availability | Windows Autopatch General Availability (GA) release |
+
+## May 2022
+
+### May feature release
+
+| Article | Description |
+| ----- | ----- |
+| Windows Autopatch | Announcing Windows Autopatch; a new feature in Windows E3 and E5 <ul><li>[MC390012](https://admin.microsoft.com/adminportal/home#/MessageCenter)</li></ul> |

From 5889bd53a9ecfa5bff87c467f3b64553b1afcbc3 Mon Sep 17 00:00:00 2001
From: tiaraquan <tiaraquan@microsoft.com>
Date: Thu, 1 Dec 2022 14:08:00 -0800
Subject: [PATCH 36/93] Update to Device configuration policy. MDM Wins Over
 GP.

---
 .../references/windows-autopatch-changes-to-tenant.md         | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md b/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
index f14ae95741..d21cecbbe8 100644
--- a/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
+++ b/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
@@ -1,7 +1,7 @@
 ---
 title: Changes made at tenant enrollment
 description: This reference article details the changes made to your tenant when enrolling into Windows Autopatch
-ms.date: 11/02/2022
+ms.date: 12/01/2022
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: reference
@@ -60,7 +60,7 @@ Windows Autopatch will create Azure Active Directory groups that are required to
 
 | Policy name | Policy description | Properties | Value |
 | ----- | ----- | ----- | ----- |
-| Windows Autopatch - Set MDM to Win Over GPO | Sets mobile device management (MDM) to win over GPO<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>| | |
+| Windows Autopatch - Set MDM to Win Over GPO | Sets mobile device management (MDM) to win over GPO<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>| [MDM Wins Over GP ](/windows/client-management/mdm/policy-csp-controlpolicyconflict#controlpolicyconflict-MDMWinsOverGP) | The MDM policy is used and the GP policy is blocked |
 | Windows Autopatch - Data Collection | Allows diagnostic data from this device to be processed by Microsoft Managed Desktop and Telemetry settings for Windows devices. <p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>|<ul><li>[./Device/Vendor/MSFT/Policy/Config/System/AllowTelemetry ](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry)</li><li>[./Device/Vendor/MSFT/Policy/Config/System/LimitEnhancedDiagnosticDataWindowsAnalytics](/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics)</li><li>[./Device/Vendor/MSFT/Policy/Config/System/LimitDumpCollection](/windows/client-management/mdm/policy-csp-system#system-limitdumpcollection)</li><li>[./Device/Vendor/MSFT/Policy/Config/System/LimitDiagnosticLogCollection](/windows/client-management/mdm/policy-csp-system#system-limitdiagnosticlogcollection)</li></ul>|<ul><li>Full</li><li>1</li><li>1</li><li>1</li> |
 | Windows Autopatch - Windows Update Detection Frequency | Sets Windows update detection frequency<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>| [./Vendor/MSFT/Policy/Config/Update/DetectionFrequency](/windows/client-management/mdm/policy-csp-update#update-detectionfrequency)| 4 |
 

From 8e1c778f6fe149153232faadf079f539358794d7 Mon Sep 17 00:00:00 2001
From: tiaraquan <tiaraquan@microsoft.com>
Date: Thu, 1 Dec 2022 14:12:48 -0800
Subject: [PATCH 37/93] Tweak.

---
 .../references/windows-autopatch-changes-to-tenant.md           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md b/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
index d21cecbbe8..cd7796eee2 100644
--- a/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
+++ b/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
@@ -60,7 +60,7 @@ Windows Autopatch will create Azure Active Directory groups that are required to
 
 | Policy name | Policy description | Properties | Value |
 | ----- | ----- | ----- | ----- |
-| Windows Autopatch - Set MDM to Win Over GPO | Sets mobile device management (MDM) to win over GPO<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>| [MDM Wins Over GP ](/windows/client-management/mdm/policy-csp-controlpolicyconflict#controlpolicyconflict-MDMWinsOverGP) | The MDM policy is used and the GP policy is blocked |
+| Windows Autopatch - Set MDM to Win Over GPO | Sets mobile device management (MDM) to win over GPO<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>| <li>[MDM Wins Over GP ](/windows/client-management/mdm/policy-csp-controlpolicyconflict#controlpolicyconflict-MDMWinsOverGP)</li> | <li>The MDM policy is used and the GP policy is blocked</li> |
 | Windows Autopatch - Data Collection | Allows diagnostic data from this device to be processed by Microsoft Managed Desktop and Telemetry settings for Windows devices. <p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>|<ul><li>[./Device/Vendor/MSFT/Policy/Config/System/AllowTelemetry ](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry)</li><li>[./Device/Vendor/MSFT/Policy/Config/System/LimitEnhancedDiagnosticDataWindowsAnalytics](/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics)</li><li>[./Device/Vendor/MSFT/Policy/Config/System/LimitDumpCollection](/windows/client-management/mdm/policy-csp-system#system-limitdumpcollection)</li><li>[./Device/Vendor/MSFT/Policy/Config/System/LimitDiagnosticLogCollection](/windows/client-management/mdm/policy-csp-system#system-limitdiagnosticlogcollection)</li></ul>|<ul><li>Full</li><li>1</li><li>1</li><li>1</li> |
 | Windows Autopatch - Windows Update Detection Frequency | Sets Windows update detection frequency<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>| [./Vendor/MSFT/Policy/Config/Update/DetectionFrequency](/windows/client-management/mdm/policy-csp-update#update-detectionfrequency)| 4 |
 

From 715438cf28ed11e1af7b3ac5cfd77c8452950514 Mon Sep 17 00:00:00 2001
From: zwhitt-microsoft <101152161+zwhitt-microsoft@users.noreply.github.com>
Date: Thu, 1 Dec 2022 15:54:03 -0800
Subject: [PATCH 38/93] Some minor wording fixes

---
 .../credential-guard/credential-guard-known-issues.md         | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
index 68d5b6cc09..7c0013e9a3 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
@@ -70,10 +70,10 @@ Since only SSO is blocked for MS-CHAP, WDigest, and NTLM v1, these protocols can
 
 Microsoft recommends that organizations move away from MSCHAPv2-based connections such as PEAP-MSCHAPv2 and EAP-MSCHAPv2, to certificate-based authentication such as PEAP-TLS or EAP-TLS. Windows Defender Credential Guard will not block certificate-based authentication.  
 
-For a more immediate but less secure fix, simply [disable Windows Defender Credential Guard](credential-guard-manage.md#disable-windows-defender-credential-guard). Note that Windows Defender Credential Guard does not have per-protocol or per-application policies, and must either be completely on or off. Disabling Windows Defender Credential Guard will leave some stored domain credentials vulnerable to theft. Windows Defender Credential Guard can be disabled after it has already been enabled, or it can be explicitly disabled prior to updating to Windows 11, version 22H2, which will prevent default enablement from occurring.  
+For a more immediate but less secure fix, [disable Windows Defender Credential Guard](credential-guard-manage.md#disable-windows-defender-credential-guard). Note that Windows Defender Credential Guard does not have per-protocol or per-application policies, and must either be completely on or off. Disabling Windows Defender Credential Guard will leave some stored domain credentials vulnerable to theft. Windows Defender Credential Guard can be disabled after it has already been enabled, or it can be explicitly disabled prior to updating to Windows 11, version 22H2, which will prevent default enablement from occurring.  
 
 > [!TIP]
-> To _prevent_ default enablement, [use Group Policy to explicitly disable Windows Defender Credential Guard](credential-guard-manage.md#disabling-windows-defender-credential-guard-using-group-policy) before updating to Windows 11, version 22H2. If the GPO value is not configured (it typically is not configured by default), the device will receive default enablement after updating, if eligible. If the GPO value is set to "disabled", it will not be enabled after updating. This process can also be done via Mobile Device Management (MDM) policy rather than Group Policy if the devices are currently being managed by MDM.  
+> To _prevent_ default enablement, [use Group Policy to explicitly disable Windows Defender Credential Guard](credential-guard-manage.md#disabling-windows-defender-credential-guard-using-group-policy) before updating to Windows 11, version 22H2. If the GPO value is not configured (which is the default state), the device will receive default enablement after updating, if eligible. If the GPO value is set to "disabled", it will not be enabled after updating. This process can also be done via Mobile Device Management (MDM) policy rather than Group Policy if the devices are currently being managed by MDM.  
 
 ## Known issues involving third-party applications
 

From 62c86e91467d77153a843ad13599412c85493697 Mon Sep 17 00:00:00 2001
From: jsuther1974 <jsuther@microsoft.com>
Date: Thu, 1 Dec 2022 16:13:33 -0800
Subject: [PATCH 39/93] Updated content for working with signing and WDAC

---
 ...or-windows-defender-application-control.md |  14 +-
 ...rt-windows-defender-application-control.md | 329 ++++++++++--------
 ...ontrol-for-classic-windows-applications.md |   8 +-
 ...-portal-in-microsoft-store-for-business.md | 175 ++++++++--
 ...r-application-control-against-tampering.md | 182 ++++++----
 5 files changed, 447 insertions(+), 261 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md
index 6f065d01c8..afb4402d80 100644
--- a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md
+++ b/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md
@@ -11,10 +11,10 @@ ms.localizationpriority: medium
 audience: ITPro
 ms.collection: M365-security-compliance
 author: jsuther1974
-ms.reviewer: isbrahm
+ms.reviewer: jogeurte
 ms.author: vinpa
 manager: aaroncz
-ms.date: 02/28/2018
+ms.date: 12/01/2022
 ms.technology: itpro-security
 ---
 
@@ -29,7 +29,7 @@ ms.technology: itpro-security
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
-As you deploy Windows Defender Application Control (WDAC), you might need to sign catalog files or WDAC policies internally. To do this signature, you'll either need a publicly issued code signing certificate or an internal CA. If you've purchased a code-signing certificate, you can skip this article and instead follow other articles listed in the [Windows Defender Application Control Deployment Guide](windows-defender-application-control-deployment-guide.md).
+As you deploy Windows Defender Application Control (WDAC), you might need to sign catalog files or WDAC policies internally. To do this signature, you'll either need a publicly issued code signing certificate or an internal CA. If you've purchased a code-signing certificate, you can skip this article, and instead follow other articles listed in the [Windows Defender Application Control Deployment Guide](windows-defender-application-control-deployment-guide.md).
 
 If you have an internal CA, complete these steps to create a code signing certificate.
 
@@ -100,7 +100,7 @@ Now that the template is available to be issued, you must request one from the c
 
     Figure 4. Get more information for your code signing certificate
 
-5. In the **Certificate Properties** dialog box, for **Type**, select **Common name**. For **Value**, select **ContosoDGSigningCert**, and then select **Add**. When added, select **OK.**
+5. In the **Certificate Properties** dialog box, for **Type**, select **Common name**. For **Value**, select **$ContosoSigningCert**, and then select **Add**. When added, select **OK.**
 
 6. Enroll and finish.
 
@@ -118,9 +118,3 @@ This certificate must be installed in the user's personal store on the computer
 4. Set a password, select an export path, and then select **WDACCatSigningCert.pfx** as the file name.
 
 When the certificate has been exported, import it into the personal store for the user who will be signing the catalog files or code integrity policies on the specific computer that will be signing them.
-
-## Related topics
-
-- [Windows Defender Application Control](windows-defender-application-control.md)
-
-- [Windows Defender Application Control Deployment Guide](windows-defender-application-control-deployment-guide.md)
diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md
index ee084e1311..531b81545d 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md
@@ -14,7 +14,7 @@ author: jsuther1974
 ms.reviewer: jgeurten
 ms.author: vinpa
 manager: aaroncz
-ms.date: 02/28/2018
+ms.date: 11/30/2022
 ms.technology: itpro-security
 ---
 
@@ -22,62 +22,61 @@ ms.technology: itpro-security
 
 **Applies to:**
 
--   Windows 10
--   Windows 11
--   Windows Server 2016 and above
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
 
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
-Catalog files can be important in your deployment of Windows Defender Application Control (WDAC) if you have unsigned line-of-business (LOB) applications for which the process of signing is difficult. To prepare to create WDAC policies that allow these trusted applications but block unsigned code (most malware is unsigned), you create a *catalog file* that contains information about the trusted applications. After you sign and distribute the catalog, your trusted applications can be handled by WDAC in the same way as any other signed application. With this foundation, you can more easily block all unsigned applications, allowing only signed applications to run.
+*Catalog files* can be important in your deployment of Windows Defender Application Control (WDAC) if you have unsigned line-of-business (LOB) applications for which the process of signing is difficult. You can also use catalog files to add your own signature to apps you get from independent software vendors (ISV) when you don't want to trust all code signed by that ISV. In this way, catalog files provide a convenient way for you to "bless" apps for use in your WDAC-managed environment. And, you can create catalog files for existing apps without requiring access to the original source code or needing any expensive repackaging.
 
-## Create catalog files
+You'll need to [obtain a code signing certificate for your own use](/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications#obtain-code-signing-certificates-for-your-own-use) and use it to sign the catalog file. Then, distribute the signed catalog file using your preferred content deployment mechanism.
 
-The creation of a catalog file simplifies the steps to run unsigned applications in the presence of a Windows Defender Application Control policy.
+Finally, add a signer rule to your WDAC policy for your signing certificate. Then, any apps covered by your signed catalog files will be able to run, even if the apps were previously unsigned. With this foundation, you can more easily build a WDAC policy that blocks all unsigned code (most malware is unsigned).
 
-To create a catalog file, you use a tool called **Package Inspector**. You must also have a WDAC policy deployed in audit mode on the computer on which you run Package Inspector, so that Package Inspector can include any temporary installation files that are added and then removed from the computer during the installation process.
+## Create catalog files using Package Inspector
 
-> [!NOTE]
-> When you establish a naming convention it makes it easier to detect deployed catalog files in the future. In this guide, *\*-Contoso.cat* is used as the example naming convention. 
+To create a catalog file for an existing app, you can use a tool called **Package Inspector** that comes with Windows.
 
-1.  Be sure that a Windows Defender Application Control policy is currently deployed in audit mode on the computer on which you'll run Package Inspector.
+1. Apply a WDAC policy in **audit mode** to the computer where you'll run Package Inspector. Package Inspector will use audit events to include hashes in the catalog file for any temporary installation files that are added and then removed from the computer during the installation process. The audit mode policy should **not** allow the app's binaries or you may miss some critical files that are needed in the catalog file.
 
-    Package Inspector doesn't always detect temporary installation files that are added and then removed from the computer during the installation process. To ensure that these binaries are also included in your catalog file, deploy a WDAC policy in audit mode. 
+    > [!NOTE] You won't be able to complete this process if it's done on a system with an enforced WDAC policy, unless the enforced policy already allows the app to run.
 
-    > [!NOTE]
-    > This process should **not** be performed on a system with an enforced Windows Defender Application Control policy, only with a policy in audit mode. If a policy is currently being enforced, you will not be able to install and run the application unless the policy already allows it.
+    You can use this PowerShell sample to make a copy of the DefaultWindows_Audit.xml template:
 
-2.  Start Package Inspector, and then start scanning a local drive, for example, drive C:
+    ```powershell
+    Copy-Item -Path $env:windir\schemas\CodeIntegrity\ExamplePolicies\DefaultWindows_Audit.xml -Destination $env:USERPROFILE\Desktop\
+    $PolicyId = Set-CIPolicyIdInfo -FilePath $env:USERPROFILE\Desktop\DefaultWindows_Audit.xml -PolicyName "Package Inspector Audit Policy" -ResetPolicyID
+    $PolicyBinary = $env:USERPROFILE+"\Desktop\"+$PolicyId.substring(11)+".cip"
+    ```
+
+    Then apply the policy as described in [Deploy WDAC policies with script](/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script).
+
+2. Start Package Inspector to monitor file creation on a **local drive** where you'll install the app, for example, drive C:
 
     ```powershell
     PackageInspector.exe Start C:
     ```
 
-    > [!NOTE]
-    > Package inspector can monitor installations on any local drive. Specify the appropriate drive on the local computer.
-    
-3.  Copy the installation media to the local drive (typically drive C).
-
-    By copying the installation media to the local drive, you ensure that Package Inspector detects and catalogs the actual installer. If you skip this step, the future WDAC policy may allow the application to run but not to be installed.
-
-4.  Install the application. Install it to the same drive that the application installer is located on (the drive you're scanning). Also, while Package Inspector is running, don't run any installations or updates that you don't want to capture in the catalog.
-
     > [!IMPORTANT]
-    > Every binary that is run while Package Inspector is running will be captured in the catalog. Ensure that only trusted applications are run during this time. 
+    > Every file that is written to the drive you are watching with Package Inspector will be included in the catalog that is created. Be aware of any other processes that may be running and creating files on the drive.
 
-5.  Start the application.
+3. Copy the installation media to the drive you're watching with Package Inspector, so that the actual installer is included in the final catalog file. If you skip this step, you may allow the *app* to run, but not actually be able to install it.
 
-6.  Ensure that product updates are installed, and downloadable content associated with the application is downloaded.
+4. Install the app.
 
-7.  Close and reopen the application. 
+5. Start the app to ensure that files created on initial launch are included in your catalog file.
 
-    This step is necessary to ensure that the scan has captured all binaries.
-    
-8.  As appropriate, with Package Inspector still running, repeat the process for another application that you want in the catalog. Copy the installation media to the local drive, install the application, ensure it's updated, and then close and reopen the application.
+6. Use the app as you would normally, so that files created during normal use are included in your catalog file. For example, some apps may download more files on first use of a feature within the app. Be sure to also check for app updates if the app has that capability.
 
-9. When you've confirmed that the previous steps are complete, use the following commands to generate the catalog and definition files on your computer's desktop. The filenames used in these example commands are **LOBApp-Contoso.cat** (catalog file) and **LOBApp.cdf** (definition file)—substitute different filenames as appropriate. 
+7. Close and reopen the application to ensure that the scan has captured all binaries.
 
-    For the last command, which stops Package Inspector, be sure to type the drive letter of the drive you have been scanning, for example, C:.  
+8. As appropriate, with Package Inspector still running, repeat the steps above for any other apps that you want to include in the catalog.
+
+9. When you've confirmed that the previous steps are complete, use the following commands to stop Package Inspector. A catalog file and catalog definition file will be created in the specified location. Use a naming convention for your catalog files to make it easier to manage your deployed catalog files over time. The filenames used in this example are **LOBApp-Contoso.cat** (catalog file) and **LOBApp.cdf** (definition file).
+
+    For the last command, which stops Package Inspector, be sure to specify the same local drive you've been watching with Package Inspector, for example, C:.  
 
     ```powershell
     $ExamplePath=$env:userprofile+"\Desktop"
@@ -87,42 +86,33 @@ To create a catalog file, you use a tool called **Package Inspector**. You must
     ```
 
 >[!NOTE]
->Package Inspector catalogs the hash values for each discovered binary file. If the applications that were scanned are updated, complete this process again to trust the new binaries' hash values.
+>Package Inspector catalogs the hash values for each discovered file. If the applications that were scanned are updated, complete this process again to trust the new binaries' hash values.
 
-When finished, the files will be saved to your desktop. You can double-click the \*.cat file to see its contents, and you can view the \*.cdf file with a text editor. 
+When finished, the files will be saved to your desktop. You can view the \*.cdf file with a text editor and see what files were included by Package Inspector. You can also double-click the \*.cat file to see its contents and check for a specific file hash.
 
-To trust the contents of the catalog file within a WDAC policy, the catalog must first be signed. Then, the signing certificate can be added to the WDAC policy, and the catalog file can be distributed to the individual client computers. 
+## Sign your Catalog file
 
-### Resolving package failures
+Now that you've created a catalog file for your app, you're ready to sign it.
 
-Packages can fail for the following reasons:
+### Catalog signing with Device Guard Signing Service v2 (DGSS)
 
-- Package is too large for default USN Journal or Event Log sizes
-    - To diagnose whether USN journal size is the issue, after running through Package Inspector, click Start > install app > PackageInspector stop
-        - Get the value of the reg key at HKEY\_CURRENT\_USER/PackageInspectorRegistryKey/c: (this USN was the most recent one when you ran PackageInspector start)
-        - `fsutil usn readjournal C: startusn=RegKeyValue > inspectedusn.txt`
-        - ReadJournal command should throw an error if the older USNs don't exist anymore due to overflow
-    - For USN Journal, log size can be expanded using: `fsutil usn createjournal` command with a new size and alloc delta. `Fsutil usn queryjournal` will give the current size and allocation delta, so using a multiple of that may help
-    - To diagnose whether Eventlog size is the issue, look at the Microsoft/Windows/CodeIntegrity/Operational log under Applications and Services logs in Event Viewer and ensure that there are entries present from when you began Package Inspector (You can use write time as a justification; if you started the install 2 hours ago and there are only entries from 30 minutes prior, the log is definitely too small)
-    - To increase Eventlog size, in Event Viewer you can right click the operational log, click properties, and then set new values (some multiple of what it was previously)
-- Package files that change hash each time the package is installed
-    - Package Inspector is incompatible if files in the package (temporary or otherwise) change hash each time the package is installed. You can diagnose this hash-change by looking at the hash field in the 3077 block events when the package is failing in enforcement.  If each time you attempt to run the package you get a new block event with a different hash, the package won't work with Package Inspector
-- Files with an invalid signature blob or otherwise "unhashable" files
-    - This issue arises when a file that has been signed is modified post signing in a way that invalidates the PE header and renders the file unable to be hashed by the Authenticode Spec.
-    - Windows Defender Application Control uses Authenticode Hashes to validate files when they're running. If the file is unhashable via the authenticode SIP, there's no way to identify the file to allow it, regardless of if you attempt to add the file to the policy directly, or re-sign the file with a Package Inspector catalog (the signature is invalidated due to file being edited, file can't be allowed by hash due to authenticode hashing algorithm rejecting it)
-    - Recent versions of InstallShield packages that use custom actions can hit this condition. If the DLL input to the custom action was signed before being put through InstallShield, InstallShield adds tracking markers to the file (editing it post signature) which leaves the file in this "unhashable" state and renders the file unable to be allowed by Windows Defender (regardless of if you try to allow directly by policy or resign with Package Inspector)
+If you have an existing Microsoft Store for Business and Education account, you can use the DGSS to sign your catalog files. See [Submit-SigningJob](/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business#submit-signingjob).
 
-## Catalog signing with SignTool.exe
+### Catalog signing with SignTool.exe
 
-To sign a catalog file you generated by using PackageInspector.exe, you need:
+If you purchased a code signing certificate or issued one from your own public key infrastructure (PKI), you can use SignTool.exe to sign your catalog files.
 
--   SignTool.exe, found in the Windows software development kit (SDK—Windows 7 or later)
+<br>
+<details>
+  <summary>Expand this section for detailed instructions on signing catalog files with signtool.exe.</summary>
 
--   The catalog file that you generated previously
+You need:
 
--   An internal certification authority (CA) code signing certificate or purchased code signing certificate
+- SignTool.exe, found in the [Windows software development kit (SDK)](https://developer.microsoft.com/windows/downloads/windows-sdk/)
+- The catalog file that you created earlier
+- A code signing certificate issued from an internal certificate authority (CA) or a purchased code signing certificate
 
-To sign the existing catalog file, copy each of the following commands into an elevated Windows PowerShell session.
+Import the code signing certificate that will be used to sign the catalog file into the signing user's personal store. Then, sign the existing catalog file by copying each of the following commands into an elevated Windows PowerShell session.
 
 1. Initialize the variables that will be used. Replace the *$ExamplePath* and *$CatFileName* variables as needed:
 
@@ -131,74 +121,59 @@ To sign the existing catalog file, copy each of the following commands into an e
     $CatFileName=$ExamplePath+"\LOBApp-Contoso.cat"
     ```
 
-2. Import the code signing certificate that will be used to sign the catalog file. Import it to the signing user's personal store. 
-
-3. Sign the catalog file with Signtool.exe:
+2. Sign the catalog file with Signtool.exe:
 
    ```powershell
-    <path to signtool.exe> sign /n "ContosoDGSigningCert" /fd sha256 /v $CatFileName
+    <path to signtool.exe> sign /n "ContosoSigningCert" /fd sha256 /v $CatFileName
     ```
 
    >[!NOTE]
-   >The *&lt;Path to signtool.exe&gt;* variable should be the full path to the Signtool.exe utility. *ContosoDGSigningCert* represents the subject name of the certificate that you will use to sign the catalog file. This certificate should be imported to your personal certificate store on the computer on which you are attempting to sign the catalog file.
-   > 
+   >The *&lt;Path to signtool.exe&gt;* variable should be the full path to the Signtool.exe utility. *ContosoSigningCert* represents the subject name of the certificate that you will use to sign the catalog file. This certificate should be imported to your personal certificate store on the computer on which you are attempting to sign the catalog file.
+   >
    >For additional information about Signtool.exe and all additional switches, visit the [Sign Tool page](/dotnet/framework/tools/signtool-exe).
-    
-4. Verify the catalog file digital signature. Right-click the catalog file, and then click **Properties**. On the **Digital Signatures** tab, verify that your signing certificate exists with a **sha256** algorithm, as shown in Figure 1.
+
+3. Verify the catalog file's digital signature. Right-click the catalog file, and then select **Properties**. On the **Digital Signatures** tab, verify that your signing certificate exists with a **sha256** algorithm, as shown in Figure 1.
 
    ![Digital Signature list in file Properties.](images/dg-fig12-verifysigning.png)
 
    Figure 1. Verify that the signing certificate exists
 
-5. Copy the catalog file to C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}.
+</details>
 
-   For testing purposes, you can manually copy signed catalog files to their intended folder. For large-scale implementations, to copy the appropriate catalog files to all desired computers, we recommend that you use Group Policy File Preferences or an enterprise systems management product such as Microsoft Configuration Manager, which also simplifies the management of catalog versions.
+## Deploy the catalog file to your managed endpoints
 
-## Add a catalog signing certificate to a Windows Defender Application Control policy
+Catalog files in Windows are stored under ***%windir%\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}***.
 
-After the catalog file is signed, add the signing certificate to a WDAC policy, as described in the following steps.
+For testing purposes, you can manually copy signed catalog files to the folder above. For large-scale deployment of signed catalog files, we recommend that you use Group Policy File Preferences or an enterprise systems management product such as Microsoft Configuration Manager.
 
-1.  If you haven't already verified the catalog file digital signature, right-click the catalog file, and then click **Properties**. On the **Digital Signatures** tab, verify that your signing certificate exists with the algorithm you expect.
+### Deploy catalog files with Group Policy
 
-2.  If you already have an XML policy file that you want to add the signing certificate to, skip to the next step. Otherwise, use [New-CIPolicy](/powershell/module/configci/new-cipolicy) to create a Windows Defender Application Control policy that you will later merge into another policy (not deploy as-is). This example creates a policy called **CatalogSignatureOnly.xml** in the location **C:\\PolicyFolder** by scanning the system and allowlisting by signer and original filename:
+To simplify the management of catalog files, you can use Group Policy preferences to deploy catalog files to the appropriate computers in your organization.
 
-    ```powershell
-    New-CIPolicy -Level FilePublisher -FilePath C:\PolicyFolder\CatalogSignatureOnly.xml –UserPEs -MultiplePolicyFormat -Fallback SignedVersion,Publisher,Hash
-    ```
+<br>
+<details>
+<summary>Expand this section for detailed instructions on deploying catalog files using Group Policy.</summary>
 
-    > [!NOTE]
-    > Include the **-UserPEs** parameter to ensure that the policy includes user mode code integrity.
-
-3.  Use [Add-SignerRule](/powershell/module/configci/add-signerrule) to add the signing certificate to the WDAC policy, filling in the correct path and filenames for `<policypath>` and `<certificate_path>`:
-
-    ```powershell
-    Add-SignerRule -FilePath <policypath> -CertificatePath <certificate_path> -User
-    ```
-
-If you used step 2 to create a new WDAC policy, and want information about merging policies together, see [Merge Windows Defender Application Control policies](merge-windows-defender-application-control-policies.md).  
-
-## Deploy catalog files with Group Policy
-
-To simplify the management of catalog files, you can use Group Policy preferences to deploy catalog files to the appropriate computers in your organization. The following process walks you through the deployment of a signed catalog file called **LOBApp-Contoso.cat** to a test OU called DG Enabled PCs with a GPO called **Contoso DG Catalog File GPO Test**.
+The following process walks you through the deployment of a signed catalog file called **LOBApp-Contoso.cat** to a test OU called WDAC Enabled PCs with a GPO called **Contoso Catalog File GPO Test**.
 
 **To deploy a catalog file with Group Policy:**
 
 1. From either a domain controller or a client computer that has Remote Server Administration Tools (RSAT) installed, open the Group Policy Management Console (GPMC) by running **GPMC.MSC** or by searching for Group Policy Management.
 
-2. Create a new GPO: right-click an OU, for example, the **DG Enabled PCs OU**, and then click **Create a GPO in this domain, and Link it here**, as shown in Figure 2.
+2. Create a new GPO: right-click an OU, for example, the **WDAC Enabled PCs OU**, and then select **Create a GPO in this domain, and Link it here**, as shown in Figure 2.
 
    > [!NOTE]
-   > You can use any OU name. Also, security group filtering is an option when you consider different ways of combining WDAC policies (or keeping them separate).
+   > You can use any OU name. Also, security group filtering is an option when you consider different ways of combining WDAC policies.
 
    ![Group Policy Management, create a GPO.](images/dg-fig13-createnewgpo.png)
 
    Figure 2. Create a new GPO
 
-3. Give the new GPO a name, for example, **Contoso DG Catalog File GPO Test**, or any name you prefer.
+3. Give the new GPO a name, for example, **Contoso Catalog File GPO Test**, or any name you prefer.
 
-4. Open the Group Policy Management Editor: right-click the new GPO, and then click **Edit**.
+4. Open the Group Policy Management Editor: right-click the new GPO, and then select **Edit**.
 
-5. Within the selected GPO, navigate to Computer Configuration\\Preferences\\Windows Settings\\Files. Right-click **Files**, point to **New**, and then click **File**, as shown in Figure 3.
+5. Within the selected GPO, navigate to Computer Configuration\\Preferences\\Windows Settings\\Files. Right-click **Files**, point to **New**, and then select **File**, as shown in Figure 3.
 
    ![Group Policy Management Editor, New File.](images/dg-fig14-createnewfile.png)
 
@@ -224,144 +199,198 @@ To simplify the management of catalog files, you can use Group Policy preference
 
 10. On the **Common** tab of the **New File Properties** dialog box, select the **Remove this item when it is no longer applied** option. Enabling this option ensures that the catalog file is removed from every system, in case you ever need to stop trusting this application.
 
-11. Click **OK** to complete file creation.
+11. Select **OK** to complete file creation.
 
-12. Close the Group Policy Management Editor, and then update the policy on the test computer running Windows 10, by running GPUpdate.exe. When the policy has been updated, verify that the catalog file exists in C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE} on the computer running Windows 10.
+12. Close the Group Policy Management Editor, and then update the policy on the test computer running Windows 10 or Windows 11, by running GPUpdate.exe. When the policy has been updated, verify that the catalog file exists in C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE} on the computer running Windows 10.
 
-Before you begin testing the deployed catalog file, make sure that the catalog signing certificate has been added to an appropriate WDAC policy.
+</details>
 
-## Deploy catalog files with Microsoft Configuration Manager
+### Deploy catalog files with Microsoft Configuration Manager
 
-As an alternative to Group Policy, you can use Configuration Manager to deploy catalog files to the managed computers in your environment. This approach can simplify the deployment and management of multiple catalog files and provide reporting around which catalog each client or collection has deployed. In addition to the deployment of these files, Configuration Manager can also be used to inventory the currently deployed catalog files for reporting and compliance purposes. Complete the following steps to create a new deployment package for catalog files:
+As an alternative to Group Policy, you can use Configuration Manager to deploy catalog files to the managed computers in your environment. This approach can simplify the deployment and management of multiple catalog files and provide reporting around which catalog each client or collection has deployed. In addition to the deployment of these files, Configuration Manager can also be used to inventory the currently deployed catalog files for reporting and compliance purposes.
+
+<br>
+<details>
+<summary>Expand this section for detailed instructions on deploying catalog files using Configuration Manager.</summary>
+
+Complete the following steps to create a new deployment package for catalog files:
 
 >[!NOTE]
->The following example uses a network share named \\\\Shares\\CatalogShare as a source for the catalog files. If you have collection specific catalog files, or prefer to deploy them individually, use whichever folder structure works best for your organization.
+>The following example uses a network share named \\\\Shares\\CatalogShare as a source for the catalog files. If you have collection-specific catalog files, or prefer to deploy them individually, use whichever folder structure works best for your organization.
 
-1.  Open the Configuration Manager console, and select the Software Library workspace.
+1. Open the Configuration Manager console, and select the Software Library workspace.
 
-2.  Navigate to Overview\\Application Management, right-click **Packages**, and then click **Create Package**.
+2. Navigate to Overview\\Application Management, right-click **Packages**, and then select **Create Package**.
 
-3.  Name the package, set your organization as the manufacturer, and select an appropriate version number.
+3. Name the package, set your organization as the manufacturer, and select an appropriate version number.
 
     ![Create Package and Program Wizard.](images/dg-fig16-specifyinfo.png)
 
     Figure 5. Specify information about the new package
 
-4.  Click **Next**, and then select **Standard program** as the program type.
+4. Select **Next**, and then select **Standard program** as the program type.
 
-5.  On the **Standard Program** page, select a name, and then set the **Command Line** property to **XCopy \\\\Shares\\CatalogShare C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE} /H /K /E /Y**.
+5. On the **Standard Program** page, select a name, and then set the **Command Line** property to **XCopy \\\\Shares\\CatalogShare C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE} /H /K /E /Y**.
 
-6.  On the **Standard Program** page, select the following options (Figure 6):
+6. On the **Standard Program** page, select the following options (Figure 6):
 
-    -   In **Name**, type a name such as **Contoso Catalog File Copy Program**.
-
-    -   In **Command line**, browse to the program location.
-
-    -   In **Startup folder**, type **C:\\Windows\\System32**.
-
-    -   From the **Run** list, select **Hidden**.
-
-    -   From the **Program can run** list, select **Whether or not a user is logged on**.
-
-    -   From the **Drive mode** list, select **Runs with UNC name**.
+    - In **Name**, type a name such as **Contoso Catalog File Copy Program**.
+    - In **Command line**, browse to the program location.
+    - In **Startup folder**, type **C:\\Windows\\System32**.
+    - From the **Run** list, select **Hidden**.
+    - From the **Program can run** list, select **Whether or not a user is logged on**.
+    - From the **Drive mode** list, select **Runs with UNC name**.
 
     ![Standard Program page of wizard.](images/dg-fig17-specifyinfo.png)
 
     Figure 6. Specify information about the standard program
 
-7.  Accept the defaults for the rest of the wizard, and then close the wizard.
+7. Accept the defaults for the rest of the wizard, and then close the wizard.
 
 After you create the deployment package, deploy it to a collection so that the clients will receive the catalog files. In this example, you deploy the package you created to a test collection:
 
-1.  In the Software Library workspace, navigate to Overview\\Application Management\\Packages, right-click the catalog file package, and then click **Deploy**.
+1. In the Software Library workspace, navigate to Overview\\Application Management\\Packages, right-click the catalog file package, and then select **Deploy**.
 
-2.  On the **General** page, select the test collection to which the catalog files will be deployed, and then click **Next**.
+2. On the **General** page, select the test collection to which the catalog files will be deployed, and then select **Next**.
 
-3.  On the **Content** page, click **Add** to select the distribution point that will serve content to the selected collection, and then click **Next**.
+3. On the **Content** page, select **Add** to select the distribution point that will serve content to the selected collection, and then select **Next**.
 
-4.  On the **Deployment Settings** page, select **Required** in the **Purpose** box.
+4. On the **Deployment Settings** page, select **Required** in the **Purpose** box.
 
-5.  On the **Scheduling** page, click **New**.
+5. On the **Scheduling** page, select **New**.
 
-6.  In the **Assignment Schedule** dialog box, select **Assign immediately after this event**, set the value to **As soon as possible**, and then click **OK**.
+6. In the **Assignment Schedule** dialog box, select **Assign immediately after this event**, set the value to **As soon as possible**, and then select **OK**.
 
-7.  On the **Scheduling** page, click **Next**.
+7. On the **Scheduling** page, select **Next**.
 
-8.  On the **User Experience** page (Figure 7), set the following options, and then click **Next**:
+8. On the **User Experience** page (Figure 7), set the following options, and then select **Next**:
 
-    -   Select the **Software installation** check box.
+    - Select the **Software installation** check box.
 
-    -   Select the **Commit changes at deadline or during a maintenance window (requires restarts)** check box.
+    - Select the **Commit changes at deadline or during a maintenance window (requires restarts)** check box.
 
     ![Deploy Software Wizard, User Experience page.](images/dg-fig18-specifyux.png)
 
     Figure 7. Specify the user experience
 
-9.  On the **Distribution Points** page, in the **Deployment options** box, select **Run program from distribution point**, and then click **Next**.
+9. On the **Distribution Points** page, in the **Deployment options** box, select **Run program from distribution point**, and then select **Next**.
 
-10. On the **Summary** page, review the selections, and then click **Next**.
+10. On the **Summary** page, review the selections, and then select **Next**.
 
 11. Close the wizard.
 
-Before you begin testing the deployed catalog file, make sure that the catalog signing certificate has been added to an appropriate WDAC policy,.
+</details>
 
-## Inventory catalog files with Microsoft Configuration Manager
+#### Inventory catalog files with Microsoft Configuration Manager
 
-When catalog files have been deployed to the computers within your environment, whether by using Group Policy or Configuration Manager, you can inventory them with the software inventory feature of Configuration Manager. The following process walks you through the enablement of software inventory to discover catalog files on your managed systems through the creation and deployment of a new client settings policy.
+When catalog files have been deployed to the computers within your environment, whether by using Group Policy or Configuration Manager, you can inventory them with the software inventory feature of Configuration Manager.
+
+<br>
+<details>
+<summary>Expand this section for detailed instructions on inventorying catalog files using Configuration Manager.</summary>
+
+You can configure software inventory to find catalog files on your managed systems by creating and deploying a new client settings policy.
 
 >[!NOTE]
 >A standard naming convention for your catalog files will significantly simplify the catalog file software inventory process. In this example, *-Contoso* has been added to all catalog file names.
 
-1.  Open the Configuration Manager console, and select the Administration workspace.
+1. Open the Configuration Manager console, and select the Administration workspace.
 
-2.  Navigate to **Overview\\Client Settings**, right-click **Client Settings**, and then click **Create Custom Client Device Settings**.
+2. Navigate to **Overview\\Client Settings**, right-click **Client Settings**, and then select **Create Custom Client Device Settings**.
 
-3.  Name the new policy, and under **Select and then configure the custom settings for client devices**, select the **Software Inventory** check box, as shown in Figure 8.
+3. Name the new policy, and under **Select and then configure the custom settings for client devices**, select the **Software Inventory** check box, as shown in Figure 8.
 
     ![Create Custom Client Device Settings.](images/dg-fig19-customsettings.png)
 
     Figure 8. Select custom settings
 
-4.  In the navigation pane, click **Software Inventory**, and then click **Set Types**, as shown in Figure 9.
+4. In the navigation pane, select **Software Inventory**, and then select **Set Types**, as shown in Figure 9.
 
     ![Software Inventory settings for devices.](images/dg-fig20-setsoftwareinv.png)
 
     Figure 9. Set the software inventory
 
-5.  In the **Configure Client Setting** dialog box, click the **Start** button to open the **Inventories File Properties** dialog box.
+5. In the **Configure Client Setting** dialog box, select the **Start** button to open the **Inventories File Properties** dialog box.
 
-6.  In the **Name** box, type a name such as **\*Contoso.cat**, and then click **Set**.
+6. In the **Name** box, type a name such as **\*Contoso.cat**, and then select **Set**.
 
     >[!NOTE]
     >When typing the name, follow your naming convention for catalog files.
 
-7.  In the **Path Properties** dialog box, select **Variable or path name**, and then type **C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}** in the box, as shown in Figure 10.
+7. In the **Path Properties** dialog box, select **Variable or path name**, and then type **C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}** in the box, as shown in Figure 10.
 
     ![Path Properties, specifying a path.](images/dg-fig21-pathproperties.png)
 
     Figure 10. Set the path properties
 
-8.  Click **OK**.
+8. Select **OK**.
 
-9.  Now that you've created the client settings policy, right-click the new policy, click **Deploy**, and then choose the collection on which you would like to inventory the catalog files.
+9. Now that you've created the client settings policy, right-click the new policy, select **Deploy**, and then choose the collection on which you would like to inventory the catalog files.
 
 At the time of the next software inventory cycle, when the targeted clients receive the new client settings policy, you'll be able to view the inventoried files in the built-in Configuration Manager reports or Resource Explorer. To view the inventoried files on a client within Resource Explorer, complete the following steps:
 
-1.  Open the Configuration Manager console, and select the Assets and Compliance workspace.
+1. Open the Configuration Manager console, and select the Assets and Compliance workspace.
 
-2.  Navigate to Overview\\Devices, and search for the device on which you want to view the inventoried files.
+2. Navigate to Overview\\Devices, and search for the device on which you want to view the inventoried files.
 
-3.  Right-click the computer, point to **Start**, and then click **Resource Explorer**.
+3. Right-click the computer, point to **Start**, and then select **Resource Explorer**.
 
-4.  In Resource Explorer, navigate to Software\\File Details to view the inventoried catalog files.
+4. In Resource Explorer, navigate to Software\\File Details to view the inventoried catalog files.
 
 >[!NOTE]
 >If nothing is displayed in this view, navigate to Software\\Last Software Scan in Resource Explorer to verify that the client has recently completed a software inventory scan.
 
-## Related topics
+</details>
 
-- [Windows Defender Application Control](windows-defender-application-control.md)
+## Allow apps signed by your catalog signing certificate in your WDAC policy
 
-- [Windows Defender Application Control Design Guide](windows-defender-application-control-design-guide.md)
+Now that you have your signed catalog file, you can add a signer rule to your WDAC policy that will allow anything signed with that certificate. If you haven't yet created a WDAC policy, see [WDAC Design Guide](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide).
 
-- [Windows Defender Application Control Deployment Guide](windows-defender-application-control-deployment-guide.md)
\ No newline at end of file
+<br>
+<details>
+<summary>Expand this section for detailed instructions on creating a signer rule for your catalog signer.</summary>
+
+On a computer where the signed catalog file has been deployed, you can use [New-CiPolicyRule](/powershell/module/configci/new-cipolicyrule) to create a signer rule from any file included in that catalog. Then use [Merge-CiPolicy](/powershell/module/configci/merge-cipolicy) to add the rule to your policy XML. Be sure to replace the path values in the sample below.
+
+  ```powershell
+  $Rules = New-CIPolicyRule -DriverFilePath <path to the file covered by the signed catalog> -Level Publisher
+  Merge-CIPolicy -OutputFilePath <path to your WDAC policy XML> -PolicyPaths <path to your WDAC policy XML> -Rules $Rules
+  ```
+
+Alternatively, you can use [Add-SignerRule](/powershell/module/configci/add-signerrule) to add a signer rule to your WDAC policy from the certificate file (.cer). You can easily save the .cer file from your signed catalog file.
+
+1. Right-click the catalog file, and then select **Properties**.
+2. On the **Digital Signatures** tab, select the signature from the list and then select **Details**.
+3. Select **View Certificate** to view the properties of the leaf certificate.
+4. [Skip this step to continue with the leaf certificate] To view the certificate's intermediate or root issuer certificate, select the **Certification Path** tab and then select the certificate level you want to use. Then, select **View Certificate**.
+5. Select the **Details** tab and select **Copy to File** which will run the Certificate Export Wizard.
+6. Complete the wizard using the default option for **Export File Format** and specifying a location and file name to save the .cer file.
+
+The following example uses the .cer file to add a signer rule to both the user and kernel mode signing scenarios. Be sure to replace the path values in the sample below.
+
+  ```powershell
+  Add-SignerRule -FilePath <path to your WDAC policy XML> -CertificatePath <path to your certificate .cer file> -User -Kernel
+  ```
+
+</details>
+
+## Known issues using Package Inspector
+
+Some of the known issues using Package Inspector to build a catalog file are:
+
+- **USN journal size is too small to track all files created by the installer**
+  - To diagnose whether USN journal size is the issue, after running through Package Inspector:
+    - Get the value of the reg key at HKEY\_CURRENT\_USER/PackageInspectorRegistryKey/c: (this USN was the most recent one when you ran PackageInspector start). Then use fsutil.exe to read that starting location. Replace "RegKeyValue" in the following command with the value from the reg key:<br>
+    `fsutil usn readjournal C: startusn=RegKeyValue > inspectedusn.txt`
+    - The above command should return an error if the older USNs don't exist anymore due to overflow
+    - You can expand the USN Journal size using: `fsutil usn createjournal` with a new size and allocation delta. `Fsutil usn queryjournal` will show the current size and allocation delta, so using a multiple of that may help
+- **CodeIntegrity - Operational event log is too small to track all files created by the installer**
+  - To diagnose whether Eventlog size is the issue, after running through Package Inspector:
+    - Open Event Viewer and expand the **Application and Services//Microsoft//Windows//CodeIntegrity//Operational**. Check for a 3076 audit block event for the initial installer launch.
+    - To increase the Event log size, in Event Viewer right-click the operational log, select Properties, and then set new values
+- **Installer or app files that change hash each time the app is installed or run**
+  - Some apps generate files at run time whose hash value is different every time. You can diagnose this issue by reviewing the hash values in the 3076 audit block events (or 3077 enforcement events) that are generated.  If each time you attempt to run the file you observe a new block event with a different hash, the package won't work with Package Inspector.
+- **Files with an invalid signature blob or otherwise "unhashable" files**
+  - This issue arises when a signed file was modified in a way that invalidates the file's PE header. A file modified in this way is unable to be hashed according to the Authenticode spec.
+  - Although these "unhashable" files can't be included in the catalog file created by PackageInspector, you should be able to allow them by adding a hash ALLOW rule to your WDAC policy that uses the file's flat file hash.
+  - This issue affects some versions of InstallShield packages that use signed DLL files in custom actions. InstallShield adds tracking markers to the file (editing it post signature) which leaves the file in this "unhashable" state.
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
index c7b971eed4..80cbf30dac 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
@@ -55,7 +55,7 @@ For more information on using signed WDAC policies, see [Use signed policies to
 
 Some ways to obtain code signing certificates for your own use, include:
 
-- Purchase a code signing certificate from one of the [Microsoft Trusted Root Program participants](/security/trusted-root/participants-list.md)
-- Use your own digital certificate or public key infrastructure (PKI) to issue code signing certificates
-- Use Microsoft's [Azure Code Signing (ACS)](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/azure-code-signing-democratizing-trust-for-developers-and/ba-p/3604669) service
-- Use the ["Device Guard signing service v2"](/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business)
+- Purchase a code signing certificate from one of the [Microsoft Trusted Root Program participants](/security/trusted-root/participants-list.md).
+- To use your own digital certificate or public key infrastructure (PKI) to issue code signing certificates, see [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md).
+- Customers with existing Microsoft Store for Business and Education accounts can continue to use the ["Device Guard signing service v2"](/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business).
+- Use Microsoft's [Azure Code Signing (ACS) service](https://aka.ms/AzureCodeSigning).
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md b/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md
index d23bee6811..a909155ff8 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md
@@ -1,6 +1,6 @@
 ---
-title: Use the Device Guard Signing Portal in the Microsoft Store for Business  (Windows)
-description: You can sign code integrity policies with the Device Guard signing portal to prevent them from being tampered with after they're deployed.
+title: Use the Device Guard Signing Service v2 (Windows)
+description: You can sign catalog files and WDAC policies with the Device Guard signing service.
 keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
 ms.author: vinpa
@@ -12,13 +12,13 @@ ms.localizationpriority: medium
 audience: ITPro
 ms.collection: M365-security-compliance
 author: jsuther1974
-ms.reviewer: isbrahm
+ms.reviewer: jogeurte
 manager: aaroncz
-ms.date: 02/19/2019
+ms.date: 11/30/2022
 ms.technology: itpro-security
 ---
 
-# Optional: Use the Device Guard Signing Portal in the Microsoft Store for Business
+# Optional: Use the Device Guard Signing Service v2
 
 **Applies to:**
 
@@ -27,27 +27,162 @@ ms.technology: itpro-security
 - Windows Server 2016 and above
 
 > [!IMPORTANT]
-> The existing web-based mechanism for the Device Guard Signing Service v1 will be retired on June 9, 2021. Please transition to the PowerShell based version of the service [(DGSS v2)](/microsoft-store/device-guard-signing-portal). For more details, see [Sign an MSIX package with Device Guard signing](/windows/msix/package/signing-package-device-guard-signing) and [Device Guard signing](/microsoft-store/device-guard-signing-portal).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+>
+> You can continue to use the current Device Guard Signing Service v2 (DGSS) capabilities until that time. DGSS will be replaced by the [Azure Code Signing service (ACS)](https://aka.ms/AzureCodeSigning) and will support your Windows Defender Application Control (WDAC) policy and catalog file signing needs.
+
+The Device Guard Signing Service v2 (DGSS) is a code signing service that comes with your existing Microsoft Store for Business and Education tenant account. You can use the DGSS to sign catalog files and Windows Defender Application Control (WDAC) policies
+
+## Set up permissions for DGSS signing in the Microsoft Store for Business and Education
+
+To use DGSS, you need to assign yourself a role with the right permissions. The least privileged role with DGSS signing privilege is the **Device Guard signer** role. **Global Administrator** and **Billing account owner** can also sign with the DGSS.
+
+## Install the DGSS client NuGet package
+
+Download and install the [DGSS client utilities and PowerShell cmdlets NuGet package](https://www.nuget.org/packages/Microsoft.Acs.Dgss.Client/).
+
+1. Download the [latest recommended version of nuget.exe](https://dist.nuget.org/win-x86-commandline/latest/nuget.exe).
+2. From an elevated PowerShell or command window, run the following command:
+
+    ```powershell
+    nuget.exe install Microsoft.Acs.Dgss.Client
+    ```
+
+3. Import the DGSS PowerShell module from the location where the Microsoft.Acs.Dgss.Client was installed in the previous step.
+
+    ```powershell
+    # Update the path to the Microsoft.Acs.Dgss.Client.dll if needed
+    Import-Module $env:USERPROFILE\Downloads\Microsoft.Acs.Dgss.Client.1.0.11\PowerShell\Microsoft.Acs.Dgss.Client.dll
+    ```
+
+## DGSS PowerShell Commands
 
 > [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
+> [... common ...] are parameters common across all commands and are documented below the command definitions.
 
-You can sign code integrity policies with the Device Guard signing portal to prevent them from being tampered with after they're deployed.
+### Get-DefaultPolicy
 
-## Sign your code integrity policy
-Before you get started, be sure to review these best practices:
+Gets the default .xml policy file associated with the current tenant.
 
-**Best practices**
+**Usage:**
 
-- Test your code integrity policies on a pilot group of devices before deploying them to production.
-- Use rule options 9 and 10 during testing. For more information, see the section Code integrity policy rules in the [Deploy Windows Defender Application Control policy rules and file rules](./select-types-of-rules-to-create.md).
+  ```powershell
+  Get-DefaultPolicy -OutFile filename [-PassThru] [... common ...]
+  ```
 
-**To sign a code integrity policy**
+**Parameters:**
 
-1.  Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). 
-2.  Click **Manage**, click **Store settings**, and then click **Device Guard**.
-3.  Click **Upload** to upload your code integrity policy.
-4.  After the files are uploaded, click **Sign** to sign the code integrity policy.
-5.  Click **Download** to download the signed code integrity policy.
+- **OutFile** - string, mandatory - The filename where the default policy file should be persisted to disk. The file name should be an .xml file. If the file already exists, it will be overwritten. NOTE: The destination folder must already exist.
+- **PassThru** - switch, optional - If present, returns an XmlDocument object returning the default policy file.
 
-    When you sign a code integrity policy with the Device Guard signing portal, the signing certificate is added to the policy. This means you can't modify this policy. If you need to make changes, make them to an unsigned version of the policy, and then sign the policy again.
+**Command running time:** The average running time is under 20 seconds but may be up to 3 minutes.
+
+### Get-RootCertificate
+
+Gets the root certificate for the current tenant. All Authenticode and policy signing certificates will eventually chain up to this root certificate.
+
+**Usage:**
+
+  ```powershell
+  Get-RootCertificate -OutFile filename [-PassThru] [... common ...]
+  ```
+
+**Parameters:**
+
+- **OutFile** - string, mandatory - The filename where the root certificate file should be persisted to disk. The file name should be a .cer file. If the file already exists, it will be overwritten. NOTE: The destination folder must already exist.
+- **PassThru** - switch, optional - If present, returns an X509Certificate2 object returning the default policy file.
+
+**Command running time:** The average running time is under 20 seconds but may be up to 3 minutes.
+
+### Get-SigningHistory
+
+Gets information for the latest 100 files signed by the current tenant. Results are returned as a collection with elements in reverse chronological order (most recent to least recent).
+
+**Usage:**
+
+  ```powershell
+  Get-SigningHistory -OutFile filename [-PassThru] [... common ...]
+  ```
+
+**Parameters:**
+
+- **OutFile** - string, mandatory - The filename where the signing history file should be persisted to disk. The file name should be an .xml file. If the file already exists,  it will be overwritten. NOTE: The destination folder must already exist.
+- **PassThru** - switch, optional - If present, returns XML objects returning the XML file.
+
+**Command running time:** The average running time is under 10 seconds.
+
+### Submit-SigningJob
+
+Submits a file to the service for signing and timestamping. The module supports valid file type for Authenticode signing is Catalog file (.cat). Valid file type for policy signing is binary policy files with the extension (.bin) that have been created via the ConvertFrom-CiPolicy cmdlet. Otherwise, binary policy file may not be deployed properly.
+
+**Usage:**
+
+  ```powershell
+  Submit-SigningJob -InFile filename -OutFile filename [-NoTimestamp][- TimeStamperUrl "timestamper url"] [-JobDescription "description"] [... common ...]
+  ```
+
+**Parameters:**
+
+- **InFile** - string, mandatory - The file to be signed, which must be a valid catalog file (.cat) or WDAC policy file with binary extension (.bin).
+- **OutFile** - string, mandatory - The output file that should be generated by the signing process. If this file already exists, it will be overwritten. NOTE: The destination folder must already exist.
+- **NoTimestamp** - switch, optional - If present, the signing operation will skip timestamping the output file, and it will be signed only. If not present (default) and TimeStamperUrl is present, the output file will be both signed and timestamped. If both NoTimestamp and TimeStamperUrl aren't present, the signing operation will skip timestamping the output file, and it will be signed only.
+- **TimeStamperUrl** - string, optional - If this value is an invalid URL (and NoTimestamp not present), the module will throw an exception. To understand more about timestamping, see [Timestamping](/windows/msix/package/signing-package-overview#timestamping).
+- **JobDescription** - string, optional - A short (< 100 chars), human-readable description of this submission. If the script is being called as part of an automated build process, you may want the process to pass a version number or changeset number for this field. This information will be provided as part of the results of the Get-SigningHistory command.
+
+### Submit-SigningV1MigrationPolicy
+
+Submits a file to the service for signing and timestamping. The only valid file type for policy signing is binary policy files with the extension (.bin) that have been created via the [ConvertFromCiPolicy](/powershell/module/configci/convertfrom-cipolicy) cmdlet. Otherwise, binary policy file may not be deployed properly. Note: Only use for DGSS V1 migration.
+
+**Usage:**
+
+  ```powershell
+  Submit-SigningV1MigrationPolicy -InFile filename -OutFile filename [-NoTimestamp][-TimeStamperUrl "timestamper url"] [-JobDescription "description"] [... common ...]
+  ```
+
+**Parameters:**
+
+- **InFile** - string, mandatory - The file to be signed, which must be a WDAC policy file with binary extension (.bin).
+- **OutFile** - string, mandatory - The output file that should be generated by the signing process. If this file already exists, it will be overwritten. NOTE: The destination folder must already exist.
+- **NoTimestamp** - switch, optional - If present, the signing operation will skip timestamping the output file, and it will be signed only. If not present (default) and TimeStamperUrl is present, the output file will be both signed and timestamped. If both NoTimestamp and TimeStamperUrl aren't present, the signing operation will skip timestamping the output file, and it will be signed only.
+- **TimeStamperUrl** - string, optional - If this value is an invalid URL (and NoTimestamp not present), the module will throw exception. To understand more about timestamping, see [Timestamping](/windows/msix/package/signing-package-overview#timestamping).
+- **JobDescription** - string, optional - A short (< 100 chars), human-readable description of this submission. If the script is being called as part of an automated build process, you may want the process to pass a version number or changeset number for this field. This information will be provided as part of the results of the Get-SigningHistory command.
+
+**Command running time:** The average running time is under 20 seconds but may be up to 3 minutes.
+
+### Common parameters [... common ...]
+
+In addition to cmdlet-specific parameters, each cmdlet understands the following common parameters.
+
+**Usage:**
+
+  ```powershell
+  ... [-NoPrompt] [-Credential $creds] [-AppId AppId] [-Verbose]
+  ```
+
+**Parameters:**
+
+- **NoPrompt** - switch, optional - If present, indicates that the script is running in a headless environment and that all UI should be suppressed. If UI must be displayed (for example, for authentication) when the switch is set, the operation will instead fail.
+- **Credential + AppId** - PSCredential - A sign-in credential (username and password) and AppId.
+
+## File and size limits
+
+When you're uploading files for DGSS signing, there are a few limits for files and file size:
+
+| Description                                           | Limit    |
+|-------------------------------------------------------|----------|
+| Maximum size for a policy or catalog file             | 3.5 MB   |
+| Maximum size for multiple files (uploaded in a group) | 4 MB     |
+| Maximum number of files per upload                    | 15 files |
+
+## File types
+
+Catalog and policy files submitted to DGSS for signing must use specific file extensions:
+
+| File          | Required file extension |
+|---------------|--------------------|
+| catalog files | .cat               |
+| policy files  | .bin               |
+
+## DGSS signing certificates
+
+All certificates generated by the DGSS are unique per customer and are independent of the Microsoft production code signing certificate authorities. All Certification Authority (CA) keys are stored within the cryptographic boundary of Federal Information Processing Standards (FIPS) publication 140-2 compliant hardware security modules. After initial generation, root certificate keys and top level CA keys are removed from the online signing service, encrypted, and stored offline.
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
index ca5b20ff1f..8b249d03f3 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
@@ -29,89 +29,117 @@ ms.technology: itpro-security
 > [!NOTE]
 > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
-Signed Windows Defender Application Control (WDAC) policies give organizations the highest level of malware protection available in Windows—must be signed with [PKCS #7](https://datatracker.ietf.org/doc/html/rfc5652). In addition to their enforced policy rules, signed policies can't be modified or deleted by a user or administrator on the computer. These policies are designed to prevent administrative tampering and kernel mode exploit access. With this idea of the policies in mind, it's much more difficult to remove signed WDAC policies. SecureBoot must be enabled in order to restrict users from updating or removing signed WDAC policies.
+Signed Windows Defender Application Control (WDAC) policies give organizations the highest level of protection available in Windows. These policies are designed to detect administrative tampering of the policy, such as by malware running as admin, and will result in a boot failure (blue screen). With this goal in mind, it's much more difficult to remove signed WDAC policies. SecureBoot must be enabled in order to provide this protection for signed WDAC policies.
+
+If you don't currently have a code signing certificate you can use to sign your WDAC policies, see [Obtain code signing certificates for your own use](/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications#obtain-code-signing-certificates-for-your-own-use).
 
 > [!WARNING]
-> Boot failure (blue screen) may occur if your signing certificate does not follow these rules:
+> Boot failure (blue screen) may occur if your signing certificate doesn't follow these rules:
 >
 > - All policies, including base and supplemental, must be signed according to the [PKCS 7 Standard](https://datatracker.ietf.org/doc/html/rfc5652).
 > - Use RSA SHA-256 only. ECDSA isn't supported.
 > - Don't use UTF-8 encoding for certificate fields, like 'subject common name' and 'issuer common name'. These strings must be encoded as PRINTABLE_STRING, IA5STRING or BMPSTRING.
-> - Keys must be less than or equal to 4K key size
->
+> - Keys must be less than or equal to 4K key size.
 
-Before you sign with PKCS #7 and deploy a signed WDAC policy, we recommend that you [audit the policy](audit-windows-defender-application-control-policies.md) to discover any blocked applications that should be allowed to run.
-
-Signing WDAC policies by using an on-premises CA-generated certificate or a purchased code signing certificate is straightforward.
-If you don't currently have a code signing certificate exported in .pfx format (containing private keys, extensions, and root certificates), see [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md) to create one with your on-premises CA.
-
-Before PKCS #7-signing WDAC policies for the first time, ensure you enable rule options **Enabled:Advanced Boot Options Menu** and **10 Enabled:Boot Audit on Failure** to leave troubleshooting options available to administrators. To ensure that a rule option is enabled, you can run a command such as `Set-RuleOption -FilePath <PathAndFilename> -Option 9`, even if you're not sure whether the option is already enabled. If so, the command has no effect. When validated and ready for enterprise deployment, you can remove these options. For more information about rule options, see [Windows Defender Application Control policy rules](select-types-of-rules-to-create.md).
-
-To sign a Windows Defender Application Control policy with SignTool.exe, you need the following components:
-
-- SignTool.exe, found in the [Windows SDK](https://developer.microsoft.com/windows/downloads/windows-10-sdk/) (Windows 7 or later)
-
-- The binary format of the WDAC policy that you generated in [Create a Windows Defender Application Control policy from a reference computer](create-initial-default-policy.md) or another WDAC policy that you've created
-
-- An internal CA code signing certificate or a purchased code signing certificate
-
-If you don't have a code signing certificate, see [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md) for instructions on how to create one. If you use an alternate certificate or Windows Defender Application Control (WDAC) policy, ensure you update the following steps with the appropriate variables and certificate so that the commands will function properly. To sign the existing WDAC policy, copy each of the following commands into an elevated Windows PowerShell session:
-
-1. Initialize the variables that will be used:
-
-   ```powershell
-   $CIPolicyPath=$env:userprofile+"\Desktop\"
-   $InitialCIPolicy=$CIPolicyPath+"InitialScan.xml"
-   ```
-
-   > [!NOTE]
-   > This example uses the WDAC policy that you created in the [Create a Windows Defender Application Control policy from a reference computer](create-initial-default-policy.md) section. If you are signing another policy, be sure to update the **$CIPolicyPath** variable with the correct information.
-
-2. Import the .pfx code signing certificate. Import the code signing certificate that you'll use to sign the WDAC policy into the user’s personal store on the computer where the signing happens. In this example, you use the certificate that was created in [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md).
-
-3. Export the .cer code signing certificate. After the code signing certificate has been imported, export the .cer version to your desktop. This version will be added to the policy so that it can be updated later.
-
-4. Navigate to your desktop as the working directory:
-
-   ```powershell
-   cd $env:USERPROFILE\Desktop
-   ```
-
-5. Use [Add-SignerRule](/powershell/module/configci/add-signerrule) to add an update signer certificate to the WDAC policy:
-
-   ```powershell
-   Add-SignerRule -FilePath $InitialCIPolicy -CertificatePath <Path to exported .cer certificate> -Kernel -User –Update
-   ```
-
-   > [!NOTE]
-   > *&lt;Path to exported .cer certificate&gt;* should be  the full path to the certificate that you exported in   step 3.
-   Also, adding update signers is crucial to being able to modify or disable this policy in the future. For more information about how to disable signed WDAC policies, see [Remove WDAC policies](disable-windows-defender-application-control-policies.md).
-
-6. Use [Set-RuleOption](/powershell/module/configci/set-ruleoption) to remove the unsigned policy rule option:
-
-    ```powershell
-   Set-RuleOption -FilePath $InitialCIPolicy -Option 6 -Delete
-   ```
-
-7. Reset the policy ID and use [ConvertFrom-CIPolicy](/powershell/module/configci/convertfrom-cipolicy) to convert the policy to binary format:
-
-   ```powershell
-   $PolicyID= Set-CIPolicyIdInfo -FilePath $InitialCIPolicy  -ResetPolicyID
-   $PolicyID = $PolicyID.Substring(11)
-   $CIPolicyBin = $env:userprofile + "\Desktop\" + $PolicyID + ".cip"
-   ConvertFrom-CIPolicy $InitialCIPolicy $CIPolicyBin
-   ```
-
-8. Sign ([PKCS #7](https://datatracker.ietf.org/doc/html/rfc5652)) the WDAC policy by using SignTool.exe:
-
-   ```powershell
-    <Path to signtool.exe> sign -v /n "ContosoDGSigningCert" -p7 . -p7co 1.3.6.1.4.1.311.79.1 -fd sha256 $CIPolicyBin
-   ```
-
-   > [!NOTE]
-   > The *&lt;Path to signtool.exe&gt;* variable should be the full path to the SignTool.exe utility. **ContosoDGSigningCert** is the subject name of the certificate that will be used to sign the WDAC policy. You should import this certificate to your personal certificate store on the computer you use to sign the policy.
-
-9. Validate the signed file. When complete, the commands should output a signed policy file called {PolicyID}.cip to your desktop. You can deploy this file the same way you deploy an enforced or non-enforced policy. For information about how to deploy WDAC policies, see [Deploy and manage Windows Defender Application Control with Group Policy](deployment/deploy-windows-defender-application-control-policies-using-group-policy.md).
+Before you attempt to deploy signed WDAC policy, you should first deploy an unsigned version of the policy to uncover any issues with the policy rules. We also recommend you enable rule options **9 - Enabled:Advanced Boot Options Menu** and **10 - Enabled:Boot Audit on Failure** to leave troubleshooting options available to administrators. To ensure that a rule option is enabled, you can run a command such as `Set-RuleOption -FilePath <PathAndFilename> -Option 9`, even if you're not sure whether the option is already enabled. If so, the command has no effect. When validated and ready for enterprise deployment, you can remove these options. For more information about rule options, see [Windows Defender Application Control policy rules](select-types-of-rules-to-create.md).
 
 > [!NOTE]
-> The device with the signed policy must be rebooted one time with Secure Boot enabled for the UEFI lock to be set.
+> When signing a Base policy that has existing Supplemental policies, you must also switch to signed policy for all of the Supplementals. Authorize the signed supplemental policies by adding a **&lt;SupplementalPolicySigner&gt;** rule to the Base policy.
+
+## Prepare your WDAC policy for signing
+
+<br>
+<details>
+  <summary>Expand this section for detailed instructions on preparing your WDAC policy files for signing.</summary>
+
+1. Open an elevated Windows PowerShell session and initialize the variables that will be used:
+
+   ```powershell
+   $PolicyPath=$env:userprofile+"\Desktop\"
+   $PolicyName="FixedWorkloadPolicy_Enforced"
+   $LamnaServerPolicy=$PolicyPath+$PolicyName+".xml"
+   ```
+
+   > [!NOTE]
+   > This example uses an enforced version of the WDAC policy that you created in [Create a Windows Defender Application Control policy from a reference computer](create-initial-default-policy.md) article. If you are signing another policy, be sure to update the **$PolicyPath** and **$PolicyName** variables with the correct information.
+
+2. Navigate to your desktop as the working directory:
+
+   ```powershell
+   cd $PolicyPath
+   ```
+
+3. Add an **&lt;UpdatePolicySigner&gt;** rule to the WDAC policy for your policy signing certificate. If you're using the Device Guard Signing Service v2 (DGSS) to sign your policy, you can find the policy signer rule in your tenant's default policy, which you can download from [Get-DefaultPolicy](/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business#get-defaultpolicy).
+
+   Otherwise, use [Add-SignerRule](/powershell/module/configci/add-signerrule) and create an **&lt;UpdatePolicySigner&gt;** rule from your certificate file (.cer). DGSS users can download the root certificate file from [Get-RootCertificate](/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business#get-rootcertificate). If you purchased a code signing certificate or issued one from your own public key infrastructure (PKI), you can export the certificate file.
+
+   NOTE: If your policy doesn't allow Supplemental policies, you should omit the **-Supplemental** switch from the following command:
+
+   ```powershell
+   Add-SignerRule -FilePath $LamnaServerPolicy -CertificatePath <Path to exported .cer certificate> –Update -Supplemental
+   ```
+
+   > [!IMPORTANT]
+   > Failing to perform this step will leave you unable to modify or disable this policy and will lead to boot failure. For more information about how to disable signed WDAC policies causing boot failure, see [Remove WDAC policies causing boot stop failures](/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies#remove-wdac-policies-causing-boot-stop-failures).
+
+4. Use [Set-RuleOption](/powershell/module/configci/set-ruleoption) to remove the unsigned policy rule option:
+
+    ```powershell
+   Set-RuleOption -FilePath $LamnaServerPolicy -Option 6 -Delete
+   ```
+
+5. (Optional) Use [Set-CIPolicyIdInfo](/powershell/module/configci/set-cipolicyidinfo) to reset the policy ID and change the policy name.
+
+6. (Optional) Use [Set-CIPolicyVersion](/powershell/module/configci/set-cipolicyversion) to change the policy VersionEx.
+
+   > [!IMPORTANT]
+   > When updating a signed policy, the VersionEx of the updated policy must be greater than or equal to the current policy. Replacing a signed policy with a lower version will lead to boot failure.
+
+7. Use [ConvertFrom-CIPolicy](/powershell/module/configci/convertfrom-cipolicy) to convert the policy to binary format:
+
+   ```powershell
+   $PolicyID= Set-CIPolicyIdInfo -FilePath $LamnaServerPolicy  -ResetPolicyID
+   $PolicyID = $PolicyID.Substring(11)
+   $CIPolicyBin = $env:userprofile + "\Desktop\" + $PolicyID + ".cip"
+   ConvertFrom-CIPolicy $LamnaServerPolicy $CIPolicyBin
+   ```
+
+</details>
+
+## Sign your WDAC policy
+
+### Policy signing with Device Guard Signing Service v2 (DGSS)
+
+If you have an existing Microsoft Store for Business and Education account, you can use the DGSS to sign your WDAC policy. For more information, see [Submit-SigningJob](/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business#submit-signingjob).
+
+### Policy signing with signtool.exe
+
+If you purchased a code signing certificate or issued one from your own PKI, you can use [SignTool.exe](/windows/win32/seccrypto/signtool) to sign your WDAC policy files:
+
+1. Import the .pfx code signing certificate into the user’s personal store on the computer where the signing will happen. In this example, you use the certificate that was created in [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md).
+
+2. Sign the WDAC policy by using SignTool.exe:
+
+   ```powershell
+   <Path to signtool.exe> sign -v -n "ContosoSigningCert" -p7 . -p7co 1.3.6.1.4.1.311.79.1 -fd sha256 $CIPolicyBin
+   ```
+
+   > [!NOTE]
+   > The *&lt;Path to signtool.exe&gt;* variable should be the full path to the SignTool.exe utility. **ContosoSigningCert** is the subject name of the certificate that will be used to sign the WDAC policy. You should import this certificate to your personal certificate store on the computer you use to sign the policy.
+
+When complete, the commands should output a signed policy file with a .p7 extension. You must rename the file to *{GUID}*.cip where "{GUID}" is the &lt;PolicyId&gt; from your original WDAC policy XML.
+
+## Verify and deploy the signed policy
+
+You can use certutil.exe to verify the signed file. Review the output to confirm the signature algorithm and encoding for certificate fields, like 'subject common name' and 'issuer common name' as described in the Warning at the top of this article.
+
+```powershell
+certutil.exe -asn <path to signed policy file>
+```
+
+Thoroughly test the signed policy on a representative set of computers before proceeding with deployment. Be sure to reboot the test computers at least twice after applying the signed WDAC policy to ensure you don't encounter a boot failure.
+
+Once you've verified the signed policy, deploy it using your preferred deployment method. For information about deploying WDAC policies, see [Deploying WDAC policies](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide).
+
+> [!NOTE]
+> Anti-tampering protection for signed WDAC policies takes effect after the first reboot once the signed WDAC policy is applied to a computer. This protection only applies to computers with UEFI Secure Boot enabled.

From acd292151026245c6740a2adc9c55b2eb410175d Mon Sep 17 00:00:00 2001
From: jsuther1974 <jsuther@microsoft.com>
Date: Thu, 1 Dec 2022 16:18:54 -0800
Subject: [PATCH 40/93] Update TOC.yml

---
 .../windows-defender-application-control/TOC.yml     | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC.yml b/windows/security/threat-protection/windows-defender-application-control/TOC.yml
index 71ed7b8d83..6e21277b67 100644
--- a/windows/security/threat-protection/windows-defender-application-control/TOC.yml
+++ b/windows/security/threat-protection/windows-defender-application-control/TOC.yml
@@ -87,17 +87,17 @@
       href: merge-windows-defender-application-control-policies.md
     - name: Enforce WDAC policies
       href: enforce-windows-defender-application-control-policies.md
-    - name: Use code signing to simplify application control for classic Windows applications
+    - name: Use code signing for added control and protection with WDAC
       href: use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
       items:
-        - name: "Optional: Use the WDAC Signing Portal in the Microsoft Store for Business"
+        - name: Deploy catalog files to support WDAC
+          href: deploy-catalog-files-to-support-windows-defender-application-control.md
+        - name: Use signed policies to protect Windows Defender Application Control against tampering
+          href: use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
+        - name: "Optional: Use the Device Guard Signing Service v2"
           href: use-device-guard-signing-portal-in-microsoft-store-for-business.md
         - name: "Optional: Create a code signing cert for WDAC"
           href: create-code-signing-cert-for-windows-defender-application-control.md
-        - name: Deploy catalog files to support WDAC
-          href: deploy-catalog-files-to-support-windows-defender-application-control.md
-    - name: Use signed policies to protect Windows Defender Application Control against tampering
-      href: use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
     - name: Disable WDAC policies
       href: disable-windows-defender-application-control-policies.md
     - name: LOB Win32 Apps on S Mode

From fccda84df85f93b16648f7a32974fc31446c47cb Mon Sep 17 00:00:00 2001
From: rekhanr <40372231+rekhanr@users.noreply.github.com>
Date: Thu, 1 Dec 2022 16:18:56 -0800
Subject: [PATCH 41/93] Update windows-autopatch-changes-to-tenant.md

@tiaraquan made changes to the Office and Edge sections too. This needs better formatting though
---
 .../windows-autopatch-changes-to-tenant.md       | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md b/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
index f14ae95741..dca65d2e74 100644
--- a/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
+++ b/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
@@ -96,7 +96,7 @@ Windows Autopatch will create Azure Active Directory groups that are required to
 
 ## Microsoft Office update policies
 
-- Windows Autopatch - Office Configuration v5
+- Windows Autopatch - Office Configuration
 - Windows Autopatch - Office Update Configuration [Test]
 - Windows Autopatch - Office Update Configuration [First]
 - Windows Autopatch - Office Update Configuration [Fast]
@@ -104,11 +104,11 @@ Windows Autopatch will create Azure Active Directory groups that are required to
 
 | Policy name | Policy description | Properties | Value |
 | ----- | ----- | ----- | ----- |
-| Windows Autopatch - Office Configuration v5 | Sets Office Update Channel to the Monthly Enterprise servicing branch.<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>| | |
-| Windows Autopatch - Office Update Configuration [Test] | Sets the Office update deadline<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li></ul> |<ul><li>`./Device/Vendor/MSFT/Policy/Config/Office365ProPlus~Policy~L_MicrosoftOfficemachine~L_Updates/L_UpdateDeadline`</li><li>`./Device/Vendor/MSFT/Policy/Config/Office365ProPlus~Policy~L_MicrosoftOfficemachine~L_Updates/L_DeferUpdateDays`</li></ul>|<li>Enabled; L_UpdateDeadlineID == 7</li><li>Enabled; L_DeferUpdateDaysID == 0</li>|
-| Windows Autopatch - Office Update Configuration [First] | Sets the Office update deadline<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-First</li></ul> |<ul><li>`./Device/Vendor/MSFT/Policy/Config/Office365ProPlus~Policy~L_MicrosoftOfficemachine~L_Updates/L_UpdateDeadline`</li><li>`./Device/Vendor/MSFT/Policy/Config/Office365ProPlus~Policy~L_MicrosoftOfficemachine~L_Updates/L_DeferUpdateDays`</li></ul> | <li>Enabled; L_UpdateDeadlineID == 7</li><li>Enabled; L_DeferUpdateDaysID == 0</li>|
-| Windows Autopatch - Office Update Configuration [Fast] | Sets the Office update deadline<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Fast</li></ul>|<ul><li>`./Device/Vendor/MSFT/Policy/Config/Office365ProPlus~Policy~L_MicrosoftOfficemachine~L_Updates/L_UpdateDeadline`</li><li>`./Device/Vendor/MSFT/Policy/Config/Office365ProPlus~Policy~L_MicrosoftOfficemachine~L_Updates/L_DeferUpdateDays`</li></ul>| <li>Enabled; L_UpdateDeadlineID == 7</li><li>Enabled; L_DeferUpdateDaysID == 3</li>|
-| Windows Autopatch - Office Update Configuration [Broad] | Sets the Office update deadline<br>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Broad</li>|<ul><li>`./Device/Vendor/MSFT/Policy/Config/Office365ProPlus~Policy~L_MicrosoftOfficemachine~L_Updates/L_UpdateDeadline`</li><li>`./Device/Vendor/MSFT/Policy/Config/Office365ProPlus~Policy~L_MicrosoftOfficemachine~L_Updates/L_DeferUpdateDays`</li></ul>|<li>Enabled; L_UpdateDeadlineID == 7</li><li>Enabled; L_DeferUpdateDaysID == 7</li> |
+| Windows Autopatch - Office Configuration | Sets Office Update Channel to the Monthly Enterprise servicing branch.<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>|<ul><li>Enable Automatic Updates</li><li>Hide option to enable or disable updates</li><li>Update Channel</li><li>Channel Name (Device)</li><li>Hide Update Notifications</li><li>Update Path</li></ul> |<ul><li>Enabled</li><li>Enabled</li><li>Enabled</li><li>Monthly Enterprise Channel</li><Disabled><li>Enabled</li></ul> |
+| Windows Autopatch - Office Update Configuration [Test] | Sets the Office update deadline<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li></ul> |<ul><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ul>|<li>Enabled;Days(Device) == 0 days</li></li><li>Enabled;Update Deadline(Device) == 7 days</li>|
+| Windows Autopatch - Office Update Configuration [First] | Sets the Office update deadline<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-First</li></ul> |<ul><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ul> | <li>Enabled;Days(Device) == 0 days</li><li>Enabled;Update Deadline(Device) == 7 days</li>|
+| Windows Autopatch - Office Update Configuration [Fast] | Sets the Office update deadline<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Fast</li></ul>|<ul><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ul>| <li>Enabled;Days(Device) == 3 days</li><li>Enabled;Update Deadline(Device) == 7 days</li>|
+| Windows Autopatch - Office Update Configuration [Broad] | Sets the Office update deadline<br>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Broad</li>|<ul><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ul>|<li>Enabled;Days(Device) == 7 days</li><li>Enabled;Update Deadline(Device) == 7 days</li> |
 
 ## Microsoft Edge update policies
 
@@ -117,8 +117,8 @@ Windows Autopatch will create Azure Active Directory groups that are required to
 
 | Policy name | Policy description | Properties | Value |
 | ----- | ----- | ----- | ----- |
-| Windows Autopatch - Edge Update Channel Stable | Deploys updates via the Edge Stable Channel<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>| `./Device/Vendor/MSFT/Policy/Config/MicrosoftEdgeUpdate~Policy~Cat_EdgeUpdate~Cat_Applications~Cat_MicrosoftEdge/Pol_TargetChannelMicrosoftEdge` | Enabled |
-| Windows Autopatch - Edge Update Channel Beta | Deploys updates via the Edge Beta Channel<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test </li></ul>| `./Device/Vendor/MSFT/Policy/Config/MicrosoftEdgeUpdate~Policy~Cat_EdgeUpdate~Cat_Applications~Cat_MicrosoftEdge/Pol_TargetChannelMicrosoftEdge` | Enabled |
+| Windows Autopatch - Edge Update Channel Stable | Deploys updates via the Edge Stable Channel<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><ul><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>| <ul><li>Target Channel Override </li><li>Target Channel (Device) </li></ul> | <ul><li>Enabled</li><li>Stable</li></ul>|
+| Windows Autopatch - Edge Update Channel Beta | Deploys updates via the Edge Beta Channel<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test </li></ul>| <ul><li>Target Channel Override </li><li>Target Channel (Device) </li></ul> | <ul><li>Enabled</li><li>Beta</li></ul>|
 
 ## PowerShell scripts
 

From 5a5e99b86eacdabab0f0f40def0447d5a23be290 Mon Sep 17 00:00:00 2001
From: jsuther1974 <jsuther@microsoft.com>
Date: Thu, 1 Dec 2022 16:34:28 -0800
Subject: [PATCH 42/93] Redirect existing Store for Business Device Guard
 signing topics

---
 .openpublishing.redirection.json              |  15 ++
 ...d-unsigned-app-to-code-integrity-policy.md | 119 -----------
 .../device-guard-signing-portal.md            | 201 ------------------
 ...egrity-policy-with-device-guard-signing.md |  63 ------
 4 files changed, 15 insertions(+), 383 deletions(-)
 delete mode 100644 store-for-business/add-unsigned-app-to-code-integrity-policy.md
 delete mode 100644 store-for-business/device-guard-signing-portal.md
 delete mode 100644 store-for-business/sign-code-integrity-policy-with-device-guard-signing.md

diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index dfaf5a09e2..600baf7011 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -705,6 +705,21 @@
       "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set",
       "redirect_document_id": false
     },
+    {
+      "source_path": "store-for-business/device-guard-signing-portal.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/add-unsigned-app-to-code-integrity-policy.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "store-for-business/sign-code-integrity-policy-with-device-guard-signing.md",
+      "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/security/threat-protection/device-guard/device-guard-deployment-guide.md",
       "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide",
diff --git a/store-for-business/add-unsigned-app-to-code-integrity-policy.md b/store-for-business/add-unsigned-app-to-code-integrity-policy.md
deleted file mode 100644
index a8b8b8d0a5..0000000000
--- a/store-for-business/add-unsigned-app-to-code-integrity-policy.md
+++ /dev/null
@@ -1,119 +0,0 @@
----
-title: Add unsigned app to code integrity policy (Windows 10)
-description: When you want to add an unsigned app to a code integrity policy, you need to start with a code integrity policy created from a reference device.
-ms.assetid: 580E18B1-2FFD-4EE4-8CC5-6F375BE224EA
-ms.reviewer: 
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: store, security
-ms.author: cmcatee
-author: cmcatee-MSFT
-manager: scotv
-ms.topic: conceptual
-ms.localizationpriority: medium
-ms.date: 07/21/2021
----
-
-# Add unsigned app to code integrity policy
-
-> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
-
-> [!IMPORTANT]
-> We are introducing a new version of the Device Guard Signing Service (DGSS) to be more automation friendly. The new version of the service (DGSS v2) is now available. As announced earlier, you will have until June 9, 2021 to transition to DGSS v2. On June 9, 2021, the existing web-based mechanisms for the current version of the DGSS service will be retired and will no longer be available for use. Please make plans to migrate to the new version of the service by June 9, 2021.
->
-> Following are the major changes we are making to the service:
->
-> - The method for consuming the service will change to a more automation-friendly method based on PowerShell cmdlets. These cmdlets are available as a NuGet download at [https://www.nuget.org/packages/Microsoft.Acs.Dgss.Client/](https://www.nuget.org/packages/Microsoft.Acs.Dgss.Client/).
-> - In order to achieve desired isolation, you will be required to get a new CI policy from DGSS v2 (and optionally sign it).
-> - DGSS v2 will not have support for downloading leaf certificates used to sign your files (however, the root certificate will still be available to download).  Note that the certificate used to sign a file can be easily extracted from the signed file itself.  As a result, after DGSS v1 is retired, you will no longer be able to download the leaf certificates used to sign your files.
->
-> The following functionality will be available via these PowerShell cmdlets:
-> 
-> - Get a CI policy
-> - Sign a CI policy
-> - Sign a catalog
-> - Download root cert
-> - Download history of your signing operations
->
-> For any questions, please contact us at DGSSMigration@microsoft.com.
-
-**Applies to**
-
-- Windows 10
-
-When you want to add an unsigned app to a code integrity policy, you need to start with a code integrity policy created from a reference device. Then, create the catalog files for your unsigned app, sign the catalog files, and then merge the default policy that includes your signing certificate with existing code integrity policies.
-
-## Create a code integrity policy based on a reference device
-
-To add an unsigned app to a code integrity policy, your code integrity policy must be created from golden image machine. For more information, see [Create a Device Guard code integrity policy based on a reference device](/windows/device-security/device-guard/device-guard-deployment-guide).
-
-## Create catalog files for your unsigned app
-
-Creating catalog files starts the process for adding an unsigned app to a code integrity policy.
-
-Before you get started, be sure to review these best practices and requirements:
-
-### Requirements
-
-- You'll use Package Inspector during this process.
-- Only perform this process with a code integrity policy running in audit mode. You should not perform this process on a system running an enforced Device Guard policy.
-
-### Best practices
-
-- **Naming convention** -- Using a naming convention makes it easier to find deployed catalog files. We'll use \*-Contoso.cat as the naming convention in this topic. For more information, see the section Inventorying catalog files by using Microsoft Endpoint Manager in the [Device Guard deployment guide](/windows/device-security/device-guard/device-guard-deployment-guide).
-- **Where to deploy code integrity policy** -- The [code integrity policy that you created](#create-a-code-integrity-policy-based-on-a-reference-device) should be deployed to the system on which you are running Package Inspector. This will ensure that the code integrity policy binaries are trusted.
-
-Copy the commands for each step into an elevated Windows PowerShell session. You'll use Package Inspector to find and trust all binaries in the app.
-
-### To create catalog files for your unsigned app
-
-1. Start Package Inspector to scan the C drive.
-
-    `PackageInspector.exe Start C:`
-
-2. Copy the installation media to the C drive.
-
-    Copying the installation media to the C drive ensures that Package Inspector finds and catalogs the installer. If you skip this step, the code integrity policy may trust the application to run, but not trust it to be installed.
-
-3. Install and start the app.
-
-    All binaries that are used while Package Inspector is running will be part of the catalog files. After the installation, start the app and make sure that any product updates are installed and any downloadable content was found during the scan. Then, close and restart the app to make sure that the scan found all binaries.
-
-4. Stop the scan and create definition and catalog files.
-
-    After app install is complete, stop the Package Inspector scan and create catalog and definition files on your desktop.
-
-    `$ExamplePath=$env:userprofile+"\Desktop"`
-
-    `$CatFileName=$ExamplePath+"\LOBApp-Contoso.cat"`
-
-    `$CatDefName=$ExamplePath+"\LOBApp.cdf"`
-
-    `PackageInspector.exe Stop C: -Name $CatFileName -cdfpath $CatDefName`
-
-The Package Inspector scan catalogs the hash values for each binary file that is finds. If the app that was scanned are updated, do this process again to trust the new binaries hash values.
-
-After you're done, the files are saved to your desktop. You still need to sign the catalog file so that it will be trusted within the code integrity policy.
-
-## Catalog signing with Device Guard signing portal
-
-To sign catalog files with the Device Guard signing portal, you need to be signed up with the Microsoft Store for Business.
-
-Catalog signing is a vital step to adding your unsigned apps to your code integrity policy.
-
-### To sign a catalog file with Device Guard signing portal
-
-1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com) or [Store for Education](https://educationstore.microsoft.com).
-2. Click **Settings**, click **Store settings**, and then click **Device Guard**.
-3. Click **Upload** to upload your unsigned catalog files. These are the catalog files you created earlier in [Create catalog files for your unsigned app](#create-catalog-files-for-your-unsigned-app).
-4. After the files are uploaded, click **Sign** to sign the catalog files.
-5. Click Download to download each item:
-   - signed catalog file
-   - default policy
-   - root certificate for your organization
-
-     When you use the Device Guard signing portal to sign a catalog file, the signing certificate is added to the default policy. When you download the signed catalog file, you should also download the default policy and merge this code integrity policy with your existing code integrity policies to protect machines running the catalog file. You need to do this step to trust and run your catalog files. For more information, see the Merging code integrity policies in the [Device Guard deployment guide](/windows/device-security/device-guard/device-guard-deployment-guide).
-
-6. Open the root certificate that you downloaded, and follow the steps in **Certificate Import wizard** to install the certificate in your machine's certificate store.
-7. Deploy signed catalogs to your managed devices. For more information, see Deploy catalog files with Group Policy, or Deploy catalog files with Microsoft Endpoint Manager in the [Device Guard deployment guide](/windows/device-security/device-guard/device-guard-deployment-guide).
diff --git a/store-for-business/device-guard-signing-portal.md b/store-for-business/device-guard-signing-portal.md
deleted file mode 100644
index b74d000f43..0000000000
--- a/store-for-business/device-guard-signing-portal.md
+++ /dev/null
@@ -1,201 +0,0 @@
----
-title: Device Guard signing (Windows 10)
-description: Device Guard signing is a Device Guard feature that is available in the Microsoft Store for Business and Microsoft Store for Education.
-ms.assetid: 8D9CD2B9-5FC6-4C3D-AA96-F135AFEEBB78
-ms.reviewer: 
-manager: dansimp
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: store, security
-author: TrudyHa
-ms.author: TrudyHa
-ms.topic: conceptual
-ms.localizationpriority: medium
-ms.date: 07/21/2021
----
-
-# Device Guard signing
-
-**Applies to**
-
--   Windows 10
-
-> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
-
-> [!IMPORTANT]
-> We are introducing a new version of the Device Guard Signing Service (DGSS) to be more automation friendly. The new version of the service (DGSS v2) is now available. As announced earlier, you will have until June 9, 2021 to transition to DGSS v2. On June 9, 2021, the existing web-based mechanisms for the current version of the DGSS service will be retired and will no longer be available for use. Please make plans to migrate to the new version of the service by June 9, 2021.
->
-> Following are the major changes we are making to the service: 
-> - The method for consuming the service will change to a more automation-friendly method based on PowerShell cmdlets. These cmdlets are available as a NuGet download, https://www.nuget.org/packages/Microsoft.Acs.Dgss.Client/.
-> - In order to achieve desired isolation, you will be required to get a new CI policy from DGSS v2 (and optionally sign it). 
-> -    DGSS v2 will not have support for downloading leaf certificates used to sign your files (however, the root certificate will still be available to download).  Note that the certificate used to sign a file can be easily extracted from the signed file itself.  As a result, after DGSS v1 is retired, you will no longer be able to download the leaf certificates used to sign your files.
->
-> The following functionality will be available via these PowerShell cmdlets:
-> - Get a CI policy
-> - Sign a CI policy
-> - Sign a catalog 
-> - Download root cert
-> - Download history of your signing operations 
->
-> For any questions, please contact us at DGSSMigration@microsoft.com. 
-
-Device Guard signing is a Device Guard feature that gives admins a single place to sign catalog files and code integrity policies. After admins have created catalog files for unsigned apps and signed the catalog files, they can add the signers to a code integrity policy. You can merge the code integrity policy with your existing policy to include your custom signing certificate. This allows you to trust the catalog files.
-
-Device Guard is a feature set that consists of both hardware and software system integrity hardening features. These features use new virtualization-based security options and the trust-nothing mobile device operating system model. A key feature in this model is called configurable code integrity, which allows your organization to choose exactly which software or trusted software publishers are allowed to run code on your client machines. Also, Device Guard offers organizations a way to sign existing line-of-business (LOB) applications so that they can trust their own code, without the requirement that the application be repackaged. Also, this same method of signing allows organizations to trust individual third-party applications. For more information, see [Device Guard deployment guide](/windows/device-security/device-guard/device-guard-deployment-guide).
-
-## In this section
-
-| Topic | Description |
-| ----- | ----------- |
-| [Add unsigned app to code integrity policy](add-unsigned-app-to-code-integrity-policy.md) | When you want to add an unsigned app to a code integrity policy, you need to start with a code integrity policy created from a reference device. Then, create the catalog files for your unsigned app, sign the catalog files, and then merge the default policy that includes your signing certificate with existing code integrity policies. |
-| [Sign code integrity policy with Device Guard signing](sign-code-integrity-policy-with-device-guard-signing.md) | Signing code integrity policies prevents policies from being tampered with after they're deployed. You can sign code integrity policies with the Device Guard signing portal. |
-
-## Device Guard Signing Service (v2) PowerShell Commands
-
-> [!NOTE]
-> [.. common ..] are parameters common across all commands that are documented below the command definitions.
-
-**Get-DefaultPolicy** Gets the default .xml policy file associated with the current tenant.
-
-- Usage:
-
-  ```powershell
-  Get-DefaultPolicy -OutFile filename [-PassThru] [.. common ..]
-  ```
-
-- Parameters:
-
-  **OutFile** - string, mandatory - The filename where the default policy file should be persisted to disk. The file name should be an .xml file. If the file already            exists, it will be overwritten (note: create the folder first).
-      
-  **PassThru** - switch, optional - If present, returns an XmlDocument object returning the default policy file.
-      
-- Command running time: 
-
-  The average running time is under 20 seconds but may be up to 3 minutes.
-      
-**Get-RootCertificate** Gets the root certificate for the current tenant. All Authenticode and policy signing certificates will eventually chain up to this root certificate.
-
-- Usage:
-
-  ```powershell
-  Get-RootCertificate -OutFile filename [-PassThru] [.. common ..]
-  ```
-     
-- Parameters:
-
-  **OutFile** - string, mandatory - The filename where the root certificate file should be persisted to disk. The file name should be a .cer file. If the file already          exists, it will be overwritten (note: create the folder first).
-     
-  **PassThru** - switch, optional - If present, returns an X509Certificate2 object returning the default policy file.
-
-- Command running time: 
-
-  The average running time is under 20 seconds but may be up to 3 minutes.
-
-**Get-SigningHistory** Gets information for the latest 100 files signed by the current tenant. Results are returned as a collection with elements in reverse chronological order (most recent to least recent).
-
-- Usage:
-
-  ```powershell
-  Get-SigningHistory -OutFile filename [-PassThru] [.. common ..]
-  ```
-
-- Parameters:
-
-  **OutFile** - string, mandatory - The filename where the signing history file should be persisted to disk. The file name should be a .xml file. If the file already exists,  it will be overwritten (note: create the folder first).
-
-  **PassThru** - switch, optional - If present, returns XML objects returning the XML file.
-
-- Command running time: 
-
-  The average running time is under 10 seconds.
-
-**Submit-SigningJob** Submits a file to the service for signing and timestamping. The module supports valid file type for Authenticode signing is Catalog file (.cat). Valid    file type for policy signing is binary policy files with the extension (.bin) that have been created via the ConvertFrom-CiPolicy cmdlet. Otherwise, binary policy file may not be deployed properly. 
-
-- Usage: 
-
-  ```powershell
-  Submit-SigningJob -InFile filename -OutFile filename [-NoTimestamp][- TimeStamperUrl "timestamper url"] [-JobDescription "description"] [.. common ..]
-  ```
-
-- Parameters:
-
-  **InFile** - string, mandatory - The file to be signed. This should be a file of the types described in description above (.cat or .bin).
-
-  **OutFile** - string, mandatory - The output file that should be generated by the signing process. If this file already exists, it will be overwritten. (note: create the     folder first)
-
-  **NoTimestamp** - switch, optional - If present, the signing operation will skip timestamping the output file, and it will be signed only. If not present (default) and       TimeStamperUrl presents, the output file will be both signed and timestamped. If both NoTimestamp and TimeStamperUrl not present, the signing operation will skip             timestamping the output file, and it will be signed only.
-
-  **TimeStamperUrl** - string, optional - If this value is invalid Url (and NoTimestamp not present), the module will throw exception. To understand more about timestamping,   refer to [Timestamping](/windows/msix/package/signing-package-overview#timestamping).
-  
-  **JobDescription** - string, optional - A short (< 100 chars), human-readable description of this submission. If the script is being called as part of an automated build     rocess the agent may wish to pass a version number or changeset number for this field. This information will be provided as part of the results of the Get-SigningHistory     command.
-
-**Submit-SigningV1MigrationPolicy** Submits a file to the service for signing and timestamping. The only valid file type for policy 
-signing is binary policy files with the extension (.bin) that have been created via the [ConvertFromCiPolicy](/powershell/module/configci/convertfrom-cipolicy) cmdlet. Otherwise, binary policy file may not be deployed properly. Note: Only use for V1 migration.
-
-- Usage:
-
-  ```powershell
-  Submit-SigningV1MigrationPolicy -InFile filename -OutFile filename [-NoTimestamp][-TimeStamperUrl "timestamper url"] [-JobDescription "description"] [.. common ..]
-  ```
-
-- Parameters:
-
-  **InFile** - string, mandatory - The file to be signed. This should be a file of the types described in  description above (.bin).
-
-  **OutFile** - string, mandatory - The output file that should be generated by the signing process. If this file already exists, it will be overwritten.
-  
-  > [!NOTE]
-  > Create the folder first.
-
-  **NoTimestamp** - switch, optional - If present, the signing operation will skip timestamping the output file, and it will be signed only. If not present (default) and       TimeStamperUrl presents, the output file will be both signed and timestamped. If both NoTimestamp and TimeStamperUrl not present, the signing operation will skip             timestamping the output file, and it will be signed only.
-
-  **TimeStamperUrl** - string, optional - If this value is invalid Url (and NoTimestamp not present), the module will throw exception. To understand more about timestamping,   refer to [Timestamping](/windows/msix/package/signing-package-overview#timestamping).
-
-  **JobDescription** - string, optional - A short (< 100 chars), human-readable description of this submission. If the script is being called as part of an automated build     process the agent may wish to pass a version number or changeset number for this field. This information will be provided as part of the results of the Get-SigningHistory     command.
-
-- Command running time: 
-
-  The average running time is under 20 seconds but may be up to 3 minutes.
-
-**Common parameters [.. common ..]**
-
-In addition to cmdlet-specific parameters, each cmdlet understands the following common parameters.
-
-- Usage:
-
-  ```powershell
-  ... [-NoPrompt] [-Credential $creds] [-AppId AppId] [-Verbose]
-  ```
-
-- Parameters:
-
-  **NoPrompt** - switch, optional - If present, indicates that the script is running in a headless 
-  environment and that all UI should be suppressed. If UI must be displayed (e.g., for 
-  authentication) when the switch is set, the operation will instead fail.
-
-  **Credential + AppId** - PSCredential - A login credential (username and password) and AppId.
-
-
-## File and size limits
-When you're uploading files for Device Guard signing, there are a few limits for files and file size:
-
-| Description                                           | Limit    |
-|-------------------------------------------------------|----------|
-| Maximum size for a policy or catalog file             | 3.5 MB   |
-| Maximum size for multiple files (uploaded in a group) | 4 MB     |
-| Maximum number of files per upload                    | 15 files |
-
-## File types
-Catalog and policy files have required files types.
-
-| File          | Required file type |
-|---------------|--------------------|
-| catalog files | .cat               |
-| policy files  | .bin               |
-
-## Store for Business roles and permissions
-Signing code integrity policies and access to Device Guard portal requires the Device Guard signer role.
-
-## Device Guard signing certificates
-All certificates generated by the Device Guard signing service are unique per customer and are independent of the Microsoft production code signing certificate authorities. All Certification Authority (CA) keys are stored within the cryptographic boundary of Federal Information Processing Standards (FIPS) publication 140-2 compliant hardware security modules. After initial generation, root certificate keys and top level CA keys are removed from the online signing service, encrypted, and stored offline.
diff --git a/store-for-business/sign-code-integrity-policy-with-device-guard-signing.md b/store-for-business/sign-code-integrity-policy-with-device-guard-signing.md
deleted file mode 100644
index f9fdb79f49..0000000000
--- a/store-for-business/sign-code-integrity-policy-with-device-guard-signing.md
+++ /dev/null
@@ -1,63 +0,0 @@
----
-title: Sign code integrity policy with Device Guard signing (Windows 10)
-description: Signing code integrity policies prevents policies from being tampered with after they're deployed. You can sign code integrity policies with the Device Guard signing portal.
-ms.assetid: 63B56B8B-2A40-44B5-B100-DC50C43D20A9
-ms.reviewer: 
-manager: dansimp
-ms.mktglfcycl: manage
-ms.sitesec: library
-ms.pagetype: store, security
-author: TrudyHa
-ms.author: TrudyHa
-ms.topic: conceptual
-ms.localizationpriority: medium
-ms.date: 07/21/2021
----
-
-# Sign code integrity policy with Device Guard signing
-
-> [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
-
-
-> [!IMPORTANT]
-> We are introducing a new version of the Device Guard Signing Service (DGSS) to be more automation friendly. The new version of the service (DGSS v2) is now available. As announced earlier, you will have until June 9, 2021 to transition to DGSS v2. On June 9, 2021, the existing web-based mechanisms for the current version of the DGSS service will be retired and will no longer be available for use. Please make plans to migrate to the new version of the service by June 9, 2021.
->
-> Following are the major changes we are making to the service: 
-> - The method for consuming the service will change to a more automation-friendly method based on PowerShell cmdlets. These cmdlets are available as a NuGet download, https://www.nuget.org/packages/Microsoft.Acs.Dgss.Client/.
-> - In order to achieve desired isolation, you will be required to get a new CI policy from DGSS v2 (and optionally sign it). 
-> -    DGSS v2 will not have support for downloading leaf certificates used to sign your files (however, the root certificate will still be available to download).  Note that the certificate used to sign a file can be easily extracted from the signed file itself.  As a result, after DGSS v1 is retired, you will no longer be able to download the leaf certificates used to sign your files.
->
-> The following functionality will be available via these PowerShell cmdlets:
-> - Get a CI policy
-> - Sign a CI policy
-> - Sign a catalog 
-> - Download root cert
-> - Download history of your signing operations 
->
-> For any questions, please contact us at DGSSMigration@microsoft.com. 
-
-
-**Applies to**
-
--   Windows 10
-
-Signing code integrity policies prevents policies from being tampered with after they're deployed. You can sign code integrity policies with the Device Guard signing portal.
-
-## Sign your code integrity policy
-Before you get started, be sure to review these best practices:
-
-**Best practices**
-
-- Test your code integrity policies on a group of devices before deploying them to a large group of devices.
-- Use rule options 9 and 10 during testing. For more information, see the section Code integrity policy rules in the [Device Guard deployment guide](/windows/device-security/device-guard/device-guard-deployment-guide).
-
-**To sign a code integrity policy**
-
-1.  Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com).
-2.  Click **Manage**, click **Store settings**, and then click **Device Guard**.
-3.  Click **Upload** to upload your code integrity policy.
-4.  After the files are uploaded, click **Sign** to sign the code integrity policy.
-5.  Click **Download** to download the signed code integrity policy.
-
-    When you sign a code integrity policy with the Device Guard signing portal, the signing certificate is added to the policy. This means you can't modify this policy. If you need to make changes, make them to an unsigned version of the policy, and then resign the policy.

From ab3a6127f5a3541747d282f348fe7e93b0a855d2 Mon Sep 17 00:00:00 2001
From: jsuther1974 <jsuther@microsoft.com>
Date: Thu, 1 Dec 2022 16:51:23 -0800
Subject: [PATCH 43/93] Adding ms.topic to articles

---
 ...code-signing-cert-for-windows-defender-application-control.md | 1 +
 ...alog-files-to-support-windows-defender-application-control.md | 1 +
 ...plify-application-control-for-classic-windows-applications.md | 1 +
 ...evice-guard-signing-portal-in-microsoft-store-for-business.md | 1 +
 ...ect-windows-defender-application-control-against-tampering.md | 1 +
 5 files changed, 5 insertions(+)

diff --git a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md
index afb4402d80..75fa771fc1 100644
--- a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md
+++ b/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md
@@ -9,6 +9,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
+ms.topic: conceptual
 ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: jogeurte
diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md
index 531b81545d..e0d5011ded 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md
@@ -9,6 +9,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
+ms.topic: conceptual
 ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: jgeurten
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
index 80cbf30dac..afb102f765 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
@@ -9,6 +9,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
+ms.topic: conceptual
 ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: jogeurte
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md b/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md
index a909155ff8..9f42a60e1f 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md
@@ -10,6 +10,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
+ms.topic: conceptual
 ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: jogeurte
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
index 8b249d03f3..c8683c5978 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
+ms.topic: conceptual
 audience: ITPro
 ms.collection: M365-security-compliance
 author: jsuther1974

From 12c2a934d60839b584f91b485249d693de57989c Mon Sep 17 00:00:00 2001
From: jsuther1974 <jsuther@microsoft.com>
Date: Thu, 1 Dec 2022 16:55:11 -0800
Subject: [PATCH 44/93] Update
 deploy-catalog-files-to-support-windows-defender-application-control.md

---
 ...og-files-to-support-windows-defender-application-control.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md
index e0d5011ded..9732135722 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md
@@ -42,7 +42,8 @@ To create a catalog file for an existing app, you can use a tool called **Packag
 
 1. Apply a WDAC policy in **audit mode** to the computer where you'll run Package Inspector. Package Inspector will use audit events to include hashes in the catalog file for any temporary installation files that are added and then removed from the computer during the installation process. The audit mode policy should **not** allow the app's binaries or you may miss some critical files that are needed in the catalog file.
 
-    > [!NOTE] You won't be able to complete this process if it's done on a system with an enforced WDAC policy, unless the enforced policy already allows the app to run.
+    > [!NOTE]
+    > You won't be able to complete this process if it's done on a system with an enforced WDAC policy, unless the enforced policy already allows the app to run.
 
     You can use this PowerShell sample to make a copy of the DefaultWindows_Audit.xml template:
 

From b22d23bf1348103e76115a9a207817c968709620 Mon Sep 17 00:00:00 2001
From: jsuther1974 <jsuther@microsoft.com>
Date: Thu, 1 Dec 2022 16:56:37 -0800
Subject: [PATCH 45/93] Update
 use-code-signing-to-simplify-application-control-for-classic-windows-applications.md

---
 ...ify-application-control-for-classic-windows-applications.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
index afb102f765..a8fd296977 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
@@ -42,7 +42,8 @@ App binaries and scripts are typically either embed-signed or catalog-signed. Em
 
 You can use catalog files to easily add a signature to an existing application without needing access to the original source files and without any expensive repackaging. You can even use catalog files to add your own signature to an ISV app when you don't want to trust everything the ISV signs directly, themselves. Then you just deploy the signed catalog along with the app to all your managed endpoints.
 
-> [!NOTE] Since catalogs identify the files they sign by hash, any change to the file may invalidate its signature. You will need to deploy updated catalog signatures any time the application is updated. Integrating code signing with your app development or app deployment processes is generally the best approach. Be aware of self-updating apps, as their app binaries may change without your knowledge.
+> [!NOTE]
+> Since catalogs identify the files they sign by hash, any change to the file may invalidate its signature. You will need to deploy updated catalog signatures any time the application is updated. Integrating code signing with your app development or app deployment processes is generally the best approach. Be aware of self-updating apps, as their app binaries may change without your knowledge.
 
 To learn how to create and manage catalog files for existing apps, see [Deploy catalog files to support Windows Defender Application Control](deploy-catalog-files-to-support-windows-defender-application-control.md).
 

From 02b5908ec3d8bdb69a44088ed0b091bc94b34edd Mon Sep 17 00:00:00 2001
From: Tiara Quan <95256667+tiaraquan@users.noreply.github.com>
Date: Thu, 1 Dec 2022 17:25:21 -0800
Subject: [PATCH 46/93] Update windows-autopatch-changes-to-tenant.md

Formatting.
---
 .../windows-autopatch-changes-to-tenant.md         | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md b/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
index dca65d2e74..2338ae3d7e 100644
--- a/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
+++ b/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
@@ -104,11 +104,11 @@ Windows Autopatch will create Azure Active Directory groups that are required to
 
 | Policy name | Policy description | Properties | Value |
 | ----- | ----- | ----- | ----- |
-| Windows Autopatch - Office Configuration | Sets Office Update Channel to the Monthly Enterprise servicing branch.<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>|<ul><li>Enable Automatic Updates</li><li>Hide option to enable or disable updates</li><li>Update Channel</li><li>Channel Name (Device)</li><li>Hide Update Notifications</li><li>Update Path</li></ul> |<ul><li>Enabled</li><li>Enabled</li><li>Enabled</li><li>Monthly Enterprise Channel</li><Disabled><li>Enabled</li></ul> |
-| Windows Autopatch - Office Update Configuration [Test] | Sets the Office update deadline<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li></ul> |<ul><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ul>|<li>Enabled;Days(Device) == 0 days</li></li><li>Enabled;Update Deadline(Device) == 7 days</li>|
-| Windows Autopatch - Office Update Configuration [First] | Sets the Office update deadline<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-First</li></ul> |<ul><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ul> | <li>Enabled;Days(Device) == 0 days</li><li>Enabled;Update Deadline(Device) == 7 days</li>|
-| Windows Autopatch - Office Update Configuration [Fast] | Sets the Office update deadline<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Fast</li></ul>|<ul><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ul>| <li>Enabled;Days(Device) == 3 days</li><li>Enabled;Update Deadline(Device) == 7 days</li>|
-| Windows Autopatch - Office Update Configuration [Broad] | Sets the Office update deadline<br>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Broad</li>|<ul><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ul>|<li>Enabled;Days(Device) == 7 days</li><li>Enabled;Update Deadline(Device) == 7 days</li> |
+| Windows Autopatch - Office Configuration | Sets Office Update Channel to the Monthly Enterprise servicing branch.<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ol>|<ol><li>Enable Automatic Updates</li><li>Hide option to enable or disable updates</li><li>Update Channel</li><li>Channel Name (Device)</li><li>Hide Update Notifications</li><li>Update Path</li></ol> |<ol><li>Enabled</li><li>Enabled</li><li>Enabled</li><li>Monthly Enterprise Channel</li><Disabled><li>Enabled</li></ol> |
+| Windows Autopatch - Office Update Configuration [Test] | Sets the Office update deadline<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Test</li></ol> |<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol>|<li>Enabled;Days(Device) == 0 days</li></li><li>Enabled;Update Deadline(Device) == 7 days</li>|
+| Windows Autopatch - Office Update Configuration [First] | Sets the Office update deadline<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-First</li></ol> |<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol> | <li>Enabled;Days(Device) == 0 days</li><li>Enabled;Update Deadline(Device) == 7 days</li>|
+| Windows Autopatch - Office Update Configuration [Fast] | Sets the Office update deadline<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Fast</li></ol>|<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol>| <li>Enabled;Days(Device) == 3 days</li><li>Enabled;Update Deadline(Device) == 7 days</li>|
+| Windows Autopatch - Office Update Configuration [Broad] | Sets the Office update deadline<br>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Broad</li>|<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol>|<li>Enabled;Days(Device) == 7 days</li><li>Enabled;Update Deadline(Device) == 7 days</li> |
 
 ## Microsoft Edge update policies
 
@@ -117,8 +117,8 @@ Windows Autopatch will create Azure Active Directory groups that are required to
 
 | Policy name | Policy description | Properties | Value |
 | ----- | ----- | ----- | ----- |
-| Windows Autopatch - Edge Update Channel Stable | Deploys updates via the Edge Stable Channel<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><ul><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>| <ul><li>Target Channel Override </li><li>Target Channel (Device) </li></ul> | <ul><li>Enabled</li><li>Stable</li></ul>|
-| Windows Autopatch - Edge Update Channel Beta | Deploys updates via the Edge Beta Channel<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test </li></ul>| <ul><li>Target Channel Override </li><li>Target Channel (Device) </li></ul> | <ul><li>Enabled</li><li>Beta</li></ul>|
+| Windows Autopatch - Edge Update Channel Stable | Deploys updates via the Edge Stable Channel<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><ol><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ol>| <ol><li>Target Channel Override </li><li>Target Channel (Device) </li></ol> | <ol><li>Enabled</li><li>Stable</li></ol>|
+| Windows Autopatch - Edge Update Channel Beta | Deploys updates via the Edge Beta Channel<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Test </li></ol>| <ol><li>Target Channel Override </li><li>Target Channel (Device) </li></ol> | <ol><li>Enabled</li><li>Beta</li></ol>|
 
 ## PowerShell scripts
 

From 9c8a7de26b1ed49ab701d27721f5f260d918f00b Mon Sep 17 00:00:00 2001
From: Tiara Quan <95256667+tiaraquan@users.noreply.github.com>
Date: Thu, 1 Dec 2022 17:38:10 -0800
Subject: [PATCH 47/93] Update windows-autopatch-changes-to-tenant.md

Tweaks.
---
 .../references/windows-autopatch-changes-to-tenant.md  | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md b/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
index 2338ae3d7e..174b01998c 100644
--- a/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
+++ b/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
@@ -104,11 +104,11 @@ Windows Autopatch will create Azure Active Directory groups that are required to
 
 | Policy name | Policy description | Properties | Value |
 | ----- | ----- | ----- | ----- |
-| Windows Autopatch - Office Configuration | Sets Office Update Channel to the Monthly Enterprise servicing branch.<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ol>|<ol><li>Enable Automatic Updates</li><li>Hide option to enable or disable updates</li><li>Update Channel</li><li>Channel Name (Device)</li><li>Hide Update Notifications</li><li>Update Path</li></ol> |<ol><li>Enabled</li><li>Enabled</li><li>Enabled</li><li>Monthly Enterprise Channel</li><Disabled><li>Enabled</li></ol> |
-| Windows Autopatch - Office Update Configuration [Test] | Sets the Office update deadline<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Test</li></ol> |<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol>|<li>Enabled;Days(Device) == 0 days</li></li><li>Enabled;Update Deadline(Device) == 7 days</li>|
-| Windows Autopatch - Office Update Configuration [First] | Sets the Office update deadline<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-First</li></ol> |<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol> | <li>Enabled;Days(Device) == 0 days</li><li>Enabled;Update Deadline(Device) == 7 days</li>|
-| Windows Autopatch - Office Update Configuration [Fast] | Sets the Office update deadline<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Fast</li></ol>|<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol>| <li>Enabled;Days(Device) == 3 days</li><li>Enabled;Update Deadline(Device) == 7 days</li>|
-| Windows Autopatch - Office Update Configuration [Broad] | Sets the Office update deadline<br>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Broad</li>|<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol>|<li>Enabled;Days(Device) == 7 days</li><li>Enabled;Update Deadline(Device) == 7 days</li> |
+| Windows Autopatch - Office Configuration | Sets Office Update Channel to the Monthly Enterprise servicing branch.<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ol>|<ol><li>Enable Automatic Updates</li><li>Hide option to enable or disable updates</li><li>Update Channel</li><li>Channel Name (Device)</li><li>Hide Update Notifications</li><li>Update Path</li></ol> |<ol><li>Enabled</li><li>Enabled</li><li>Enabled</li><li>Monthly Enterprise Channel</li><li>Disabled></li>Enabled</li></ol> |
+| Windows Autopatch - Office Update Configuration [Test] | Sets the Office update deadline<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Test</li></ol> |<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol>|<li>Enabled;Days(Device) == 0 days</li></li><li>Enabled;Update Deadline(Device) == 7 days</li></ol>|
+| Windows Autopatch - Office Update Configuration [First] | Sets the Office update deadline<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-First</li></ol> |<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol> | <li>Enabled;Days(Device) == 0 days</li><li>Enabled;Update Deadline(Device) == 7 days</li></ol>|
+| Windows Autopatch - Office Update Configuration [Fast] | Sets the Office update deadline<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Fast</li></ol>|<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol>| <li>Enabled;Days(Device) == 3 days</li><li>Enabled;Update Deadline(Device) == 7 days</li></ol>|
+| Windows Autopatch - Office Update Configuration [Broad] | Sets the Office update deadline<br>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Broad</li>|<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol>|<li>Enabled;Days(Device) == 7 days</li><li>Enabled;Update Deadline(Device) == 7 days</li></ol> |
 
 ## Microsoft Edge update policies
 

From 6b249d7206da9654b919620033dbb30bb30d6ad4 Mon Sep 17 00:00:00 2001
From: Tiara Quan <95256667+tiaraquan@users.noreply.github.com>
Date: Thu, 1 Dec 2022 17:41:25 -0800
Subject: [PATCH 48/93] Update windows-autopatch-changes-to-tenant.md

---
 .../references/windows-autopatch-changes-to-tenant.md  | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md b/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
index 174b01998c..4dce20b4e2 100644
--- a/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
+++ b/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
@@ -105,10 +105,10 @@ Windows Autopatch will create Azure Active Directory groups that are required to
 | Policy name | Policy description | Properties | Value |
 | ----- | ----- | ----- | ----- |
 | Windows Autopatch - Office Configuration | Sets Office Update Channel to the Monthly Enterprise servicing branch.<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ol>|<ol><li>Enable Automatic Updates</li><li>Hide option to enable or disable updates</li><li>Update Channel</li><li>Channel Name (Device)</li><li>Hide Update Notifications</li><li>Update Path</li></ol> |<ol><li>Enabled</li><li>Enabled</li><li>Enabled</li><li>Monthly Enterprise Channel</li><li>Disabled></li>Enabled</li></ol> |
-| Windows Autopatch - Office Update Configuration [Test] | Sets the Office update deadline<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Test</li></ol> |<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol>|<li>Enabled;Days(Device) == 0 days</li></li><li>Enabled;Update Deadline(Device) == 7 days</li></ol>|
-| Windows Autopatch - Office Update Configuration [First] | Sets the Office update deadline<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-First</li></ol> |<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol> | <li>Enabled;Days(Device) == 0 days</li><li>Enabled;Update Deadline(Device) == 7 days</li></ol>|
-| Windows Autopatch - Office Update Configuration [Fast] | Sets the Office update deadline<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Fast</li></ol>|<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol>| <li>Enabled;Days(Device) == 3 days</li><li>Enabled;Update Deadline(Device) == 7 days</li></ol>|
-| Windows Autopatch - Office Update Configuration [Broad] | Sets the Office update deadline<br>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Broad</li>|<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol>|<li>Enabled;Days(Device) == 7 days</li><li>Enabled;Update Deadline(Device) == 7 days</li></ol> |
+| Windows Autopatch - Office Update Configuration [Test] | Sets the Office update deadline<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Test</li></ol> |<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol>|<ol><li>Enabled;Days(Device) == 0 days</li></li><li>Enabled;Update Deadline(Device) == 7 days</li></ol>|
+| Windows Autopatch - Office Update Configuration [First] | Sets the Office update deadline<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-First</li></ol> |<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol> | <ol><li>Enabled;Days(Device) == 0 days</li><li>Enabled;Update Deadline(Device) == 7 days</li></ol>|
+| Windows Autopatch - Office Update Configuration [Fast] | Sets the Office update deadline<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Fast</li></ol>|<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol>| <ol><li>Enabled;Days(Device) == 3 days</li><li>Enabled;Update Deadline(Device) == 7 days</li></ol>|
+| Windows Autopatch - Office Update Configuration [Broad] | Sets the Office update deadline<br>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Broad</li>|<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol>| <ol><li>Enabled;Days(Device) == 7 days</li><li>Enabled;Update Deadline(Device) == 7 days</li></ol> |
 
 ## Microsoft Edge update policies
 
@@ -118,7 +118,7 @@ Windows Autopatch will create Azure Active Directory groups that are required to
 | Policy name | Policy description | Properties | Value |
 | ----- | ----- | ----- | ----- |
 | Windows Autopatch - Edge Update Channel Stable | Deploys updates via the Edge Stable Channel<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><ol><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ol>| <ol><li>Target Channel Override </li><li>Target Channel (Device) </li></ol> | <ol><li>Enabled</li><li>Stable</li></ol>|
-| Windows Autopatch - Edge Update Channel Beta | Deploys updates via the Edge Beta Channel<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Test </li></ol>| <ol><li>Target Channel Override </li><li>Target Channel (Device) </li></ol> | <ol><li>Enabled</li><li>Beta</li></ol>|
+| Windows Autopatch - Edge Update Channel Beta | Deploys updates via the Edge Beta Channel<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Test </li></ol>| <ol><li>Target Channel Override</li><li>Target Channel (Device)</li></ol> | <ol><li>Enabled</li><li>Beta</li></ol>|
 
 ## PowerShell scripts
 

From 89e20de3e776df65f31f6ee557956e6d4f7f145b Mon Sep 17 00:00:00 2001
From: Tiara Quan <95256667+tiaraquan@users.noreply.github.com>
Date: Thu, 1 Dec 2022 17:43:57 -0800
Subject: [PATCH 49/93] Update windows-autopatch-changes-to-tenant.md

---
 .../references/windows-autopatch-changes-to-tenant.md           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md b/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
index 4dce20b4e2..e2c64ede2d 100644
--- a/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
+++ b/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
@@ -104,7 +104,7 @@ Windows Autopatch will create Azure Active Directory groups that are required to
 
 | Policy name | Policy description | Properties | Value |
 | ----- | ----- | ----- | ----- |
-| Windows Autopatch - Office Configuration | Sets Office Update Channel to the Monthly Enterprise servicing branch.<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ol>|<ol><li>Enable Automatic Updates</li><li>Hide option to enable or disable updates</li><li>Update Channel</li><li>Channel Name (Device)</li><li>Hide Update Notifications</li><li>Update Path</li></ol> |<ol><li>Enabled</li><li>Enabled</li><li>Enabled</li><li>Monthly Enterprise Channel</li><li>Disabled></li>Enabled</li></ol> |
+| Windows Autopatch - Office Configuration | Sets Office Update Channel to the Monthly Enterprise servicing branch.<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ol>|<ol><li>Enable Automatic Updates</li><li>Hide option to enable or disable updates</li><li>Update Channel</li><li>Channel Name (Device)</li><li>Hide Update Notifications</li><li>Update Path</li></ol> |<ol><li>Enabled</li><li>Enabled</li><li>Enabled</li><li>Monthly Enterprise Channel</li><li>Disabled</li><li>Enabled</li></ol> |
 | Windows Autopatch - Office Update Configuration [Test] | Sets the Office update deadline<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Test</li></ol> |<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol>|<ol><li>Enabled;Days(Device) == 0 days</li></li><li>Enabled;Update Deadline(Device) == 7 days</li></ol>|
 | Windows Autopatch - Office Update Configuration [First] | Sets the Office update deadline<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-First</li></ol> |<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol> | <ol><li>Enabled;Days(Device) == 0 days</li><li>Enabled;Update Deadline(Device) == 7 days</li></ol>|
 | Windows Autopatch - Office Update Configuration [Fast] | Sets the Office update deadline<p>Assigned to:<ol><li>Modern Workplace Devices-Windows Autopatch-Fast</li></ol>|<ol><li>Delay downloading and installing updates for Office</li><li>Update Deadline</li></ol>| <ol><li>Enabled;Days(Device) == 3 days</li><li>Enabled;Update Deadline(Device) == 7 days</li></ol>|

From e4689f5baf02c78c8ad9c05a5ab0efa7a997d709 Mon Sep 17 00:00:00 2001
From: Frank Rojas <45807133+frankroj@users.noreply.github.com>
Date: Thu, 1 Dec 2022 20:55:13 -0500
Subject: [PATCH 50/93] Updating table headers

Updating table headers to better clarify meaning for table
---
 windows/deployment/wds-boot-support.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/wds-boot-support.md b/windows/deployment/wds-boot-support.md
index 55b2a11be1..bbe4786161 100644
--- a/windows/deployment/wds-boot-support.md
+++ b/windows/deployment/wds-boot-support.md
@@ -26,9 +26,9 @@ When you PXE-boot from a WDS server that uses the **boot.wim** file from install
 
 ## Deployment scenarios affected
 
-The table below provides support details for specific deployment scenarios. The table represents OS Deployed (vertical) and Boot Image Version (horizontal).
+The table below provides support details for specific deployment scenarios. Boot.wim is the `boot.wim` file obtained from the Windows source files for each specified version of Windows.
 
-||Windows 10|Windows Server 2016|Windows Server 2019|Windows Server 2022|Windows 11|
+|Windows Version Being Deployed |Boot.wim from Windows 10|Boot.wim from Windows Server 2016|Boot.wim from Windows Server 2019|Boot.wim from Windows Server 2022|Boot.wim from Windows 11|
 |--- |--- |--- |--- |--- |--- |
 |**Windows 10**|Supported, using a boot image from matching or newer version.|Supported, using a boot image from Windows 10, version 1607 or later.|Supported, using a boot image from Windows 10, version 1809 or later.|Not supported.|Not supported.|
 |**Windows Server 2016**|Supported, using a boot image from Windows 10, version 1607 or later.|Supported.|Not supported.|Not supported.|Not supported.|

From ff1d11a2f1ff4126e85a04df51fa3ddf048ffe10 Mon Sep 17 00:00:00 2001
From: tiaraquan <tiaraquan@microsoft.com>
Date: Thu, 1 Dec 2022 19:38:38 -0800
Subject: [PATCH 51/93] Tweaks.

---
 .../references/windows-autopatch-changes-to-tenant.md           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md b/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
index cd7796eee2..e2a7484563 100644
--- a/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
+++ b/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
@@ -61,7 +61,7 @@ Windows Autopatch will create Azure Active Directory groups that are required to
 | Policy name | Policy description | Properties | Value |
 | ----- | ----- | ----- | ----- |
 | Windows Autopatch - Set MDM to Win Over GPO | Sets mobile device management (MDM) to win over GPO<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>| <li>[MDM Wins Over GP ](/windows/client-management/mdm/policy-csp-controlpolicyconflict#controlpolicyconflict-MDMWinsOverGP)</li> | <li>The MDM policy is used and the GP policy is blocked</li> |
-| Windows Autopatch - Data Collection | Allows diagnostic data from this device to be processed by Microsoft Managed Desktop and Telemetry settings for Windows devices. <p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>|<ul><li>[./Device/Vendor/MSFT/Policy/Config/System/AllowTelemetry ](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry)</li><li>[./Device/Vendor/MSFT/Policy/Config/System/LimitEnhancedDiagnosticDataWindowsAnalytics](/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics)</li><li>[./Device/Vendor/MSFT/Policy/Config/System/LimitDumpCollection](/windows/client-management/mdm/policy-csp-system#system-limitdumpcollection)</li><li>[./Device/Vendor/MSFT/Policy/Config/System/LimitDiagnosticLogCollection](/windows/client-management/mdm/policy-csp-system#system-limitdiagnosticlogcollection)</li></ul>|<ul><li>Full</li><li>1</li><li>1</li><li>1</li> |
+| Windows Autopatch - Data Collection | Allows diagnostic data from this device to be processed by Microsoft Managed Desktop and Telemetry settings for Windows devices. <p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>|<ul><li>[Configure Telemetry Opt In Change Notification](/windows/client-management/mdm/policy-csp-system#system-ConfigureTelemetryOptInChangeNotification)</li><li>[Configure Telemetry Opt In Settings Ux](/windows/client-management/mdm/policy-csp-system#ConfigureTelemetryOptInSettingsUx)</li><li>[Allow Telemetry](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry)</li><li>[Limit Enhanced Diagnostic Data Windows Analytics](/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics)</li><li>[Limit Dump Collection](/windows/client-management/mdm/policy-csp-system#system-limitdumpcollection)</li><li>[Limit Diagnostic Log Collection](/windows/client-management/mdm/policy-csp-system#system-limitdiagnosticlogcollection)</li></ul>|<ul><li>Enable telemetry change notifications</li><li>Enable Telemetry opt-in Settings</li><li>Full</li><li>Enabled</li><li>Enabled</li><li>Enabled</li> |
 | Windows Autopatch - Windows Update Detection Frequency | Sets Windows update detection frequency<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>| [./Vendor/MSFT/Policy/Config/Update/DetectionFrequency](/windows/client-management/mdm/policy-csp-update#update-detectionfrequency)| 4 |
 
 ## Update rings for Windows 10 and later

From c6990ec8883d713b0a7cd2ba2affbd84eef3f61f Mon Sep 17 00:00:00 2001
From: tiaraquan <tiaraquan@microsoft.com>
Date: Thu, 1 Dec 2022 19:41:52 -0800
Subject: [PATCH 52/93] Tweak.

---
 .../references/windows-autopatch-changes-to-tenant.md           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md b/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
index e2a7484563..ab710fde73 100644
--- a/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
+++ b/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
@@ -61,7 +61,7 @@ Windows Autopatch will create Azure Active Directory groups that are required to
 | Policy name | Policy description | Properties | Value |
 | ----- | ----- | ----- | ----- |
 | Windows Autopatch - Set MDM to Win Over GPO | Sets mobile device management (MDM) to win over GPO<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>| <li>[MDM Wins Over GP ](/windows/client-management/mdm/policy-csp-controlpolicyconflict#controlpolicyconflict-MDMWinsOverGP)</li> | <li>The MDM policy is used and the GP policy is blocked</li> |
-| Windows Autopatch - Data Collection | Allows diagnostic data from this device to be processed by Microsoft Managed Desktop and Telemetry settings for Windows devices. <p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>|<ul><li>[Configure Telemetry Opt In Change Notification](/windows/client-management/mdm/policy-csp-system#system-ConfigureTelemetryOptInChangeNotification)</li><li>[Configure Telemetry Opt In Settings Ux](/windows/client-management/mdm/policy-csp-system#ConfigureTelemetryOptInSettingsUx)</li><li>[Allow Telemetry](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry)</li><li>[Limit Enhanced Diagnostic Data Windows Analytics](/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics)</li><li>[Limit Dump Collection](/windows/client-management/mdm/policy-csp-system#system-limitdumpcollection)</li><li>[Limit Diagnostic Log Collection](/windows/client-management/mdm/policy-csp-system#system-limitdiagnosticlogcollection)</li></ul>|<ul><li>Enable telemetry change notifications</li><li>Enable Telemetry opt-in Settings</li><li>Full</li><li>Enabled</li><li>Enabled</li><li>Enabled</li> |
+| Windows Autopatch - Data Collection | Allows diagnostic data from this device to be processed by Microsoft Managed Desktop and Telemetry settings for Windows devices.<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>|<ol><li>[Configure Telemetry Opt In Change Notification](/windows/client-management/mdm/policy-csp-system#system-ConfigureTelemetryOptInChangeNotification)</li><li>[Configure Telemetry Opt In Settings Ux](/windows/client-management/mdm/policy-csp-system#ConfigureTelemetryOptInSettingsUx)</li><li>[Allow Telemetry](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry)</li><li>[Limit Enhanced Diagnostic Data Windows Analytics](/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics)</li><li>[Limit Dump Collection](/windows/client-management/mdm/policy-csp-system#system-limitdumpcollection)</li><li>[Limit Diagnostic Log Collection](/windows/client-management/mdm/policy-csp-system#system-limitdiagnosticlogcollection)</li></ol>|<ol><li>Enable telemetry change notifications</li><li>Enable Telemetry opt-in Settings</li><li>Full</li><li>Enabled</li><li>Enabled</li><li>Enabled</li></ol> |
 | Windows Autopatch - Windows Update Detection Frequency | Sets Windows update detection frequency<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>| [./Vendor/MSFT/Policy/Config/Update/DetectionFrequency](/windows/client-management/mdm/policy-csp-update#update-detectionfrequency)| 4 |
 
 ## Update rings for Windows 10 and later

From 78f178850f289d213ce3d10f4eb763327a814319 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Fri, 2 Dec 2022 09:31:44 -0500
Subject: [PATCH 53/93] fixed typo

---
 .../windows-firewall/basic-firewall-policy-design.md            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md b/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md
index 73e20f347d..011af27334 100644
--- a/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md
@@ -53,7 +53,7 @@ By default, in new installations, Windows Defender Firewall with Advanced Securi
 
 If you turn off the Windows Defender Firewall service you lose other benefits provided by the service, such as the ability to use IPsec connection security rules, Windows Service Hardening, and network protection from forms of attacks that use network fingerprinting.
 
-Compatible third-party firewall software can programmatically disable only the parts of Windows Defender Firewall that might need to be disabled for compatibility. This approach is the recommended one for third-party firewalls to coexist with the Windows Defender Firewall; third-party party firewalls that comply with this recommendation have the certified logo from Microsoft. 
+Compatible third-party firewall software can programmatically disable only the parts of Windows Defender Firewall that might need to be disabled for compatibility. This approach is the recommended one for third-party firewalls to coexist with the Windows Defender Firewall; third-party firewalls that comply with this recommendation have the certified logo from Microsoft.
 
 An organization typically uses this design as a first step toward a more comprehensive Windows Defender Firewall design that adds server isolation and domain isolation.
 

From 9999a48c5a39199ee194494c073c9e92a0e0ec97 Mon Sep 17 00:00:00 2001
From: Frank Rojas <45807133+frankroj@users.noreply.github.com>
Date: Fri, 2 Dec 2022 10:16:14 -0500
Subject: [PATCH 54/93] Fix USMT example

---
 windows/deployment/usmt/usmt-migrate-user-accounts.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/usmt/usmt-migrate-user-accounts.md b/windows/deployment/usmt/usmt-migrate-user-accounts.md
index b0b1ba2611..518b93c468 100644
--- a/windows/deployment/usmt/usmt-migrate-user-accounts.md
+++ b/windows/deployment/usmt/usmt-migrate-user-accounts.md
@@ -66,7 +66,7 @@ Links to detailed explanations of commands are available in the [Related article
     LoadState.exe  \\server\share\migration\mystore /i:MigDocs.xml /i:MigApp.xml
     ```
 
-## To migrate two domain accounts (User1 and User2) and move User1 from the Contoso domain to the Fabrikam domain
+## To migrate two domain accounts (User1 and User2) and move both accounts from the Contoso domain to the Fabrikam domain
 
 Links to detailed explanations of commands are available in the [Related articles](#related-articles) section.
 
@@ -83,7 +83,7 @@ Links to detailed explanations of commands are available in the [Related article
 4. Enter the following `LoadState.exe ` command line in a command prompt window:
 
     ```cmd
-    LoadState.exe  \\server\share\migration\mystore /mu:contoso\user1:fabrikam\user2 /i:MigDocs.xml /i:MigApp.xml
+    LoadState.exe  \\server\share\migration\mystore /mu:contoso\user1:fabrikam\user1 /mu:contoso\user2:fabrikam\user2 /i:MigDocs.xml /i:MigApp.xml
     ```
 
 ## Related articles

From ebd5666bc58af68320250e1df8dc2bebf7090a56 Mon Sep 17 00:00:00 2001
From: Tiara Quan <95256667+tiaraquan@users.noreply.github.com>
Date: Fri, 2 Dec 2022 07:49:05 -0800
Subject: [PATCH 55/93] Update windows-autopatch-changes-to-tenant.md

---
 .../references/windows-autopatch-changes-to-tenant.md           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md b/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
index ab710fde73..96fdef2444 100644
--- a/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
+++ b/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
@@ -60,7 +60,7 @@ Windows Autopatch will create Azure Active Directory groups that are required to
 
 | Policy name | Policy description | Properties | Value |
 | ----- | ----- | ----- | ----- |
-| Windows Autopatch - Set MDM to Win Over GPO | Sets mobile device management (MDM) to win over GPO<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>| <li>[MDM Wins Over GP ](/windows/client-management/mdm/policy-csp-controlpolicyconflict#controlpolicyconflict-MDMWinsOverGP)</li> | <li>The MDM policy is used and the GP policy is blocked</li> |
+| Windows Autopatch - Set MDM to Win Over GPO | Sets mobile device management (MDM) to win over GPO<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>| [MDM Wins Over GP ](/windows/client-management/mdm/policy-csp-controlpolicyconflict#controlpolicyconflict-MDMWinsOverGP) | The MDM policy is used and the GP policy is blocked |
 | Windows Autopatch - Data Collection | Allows diagnostic data from this device to be processed by Microsoft Managed Desktop and Telemetry settings for Windows devices.<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>|<ol><li>[Configure Telemetry Opt In Change Notification](/windows/client-management/mdm/policy-csp-system#system-ConfigureTelemetryOptInChangeNotification)</li><li>[Configure Telemetry Opt In Settings Ux](/windows/client-management/mdm/policy-csp-system#ConfigureTelemetryOptInSettingsUx)</li><li>[Allow Telemetry](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry)</li><li>[Limit Enhanced Diagnostic Data Windows Analytics](/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics)</li><li>[Limit Dump Collection](/windows/client-management/mdm/policy-csp-system#system-limitdumpcollection)</li><li>[Limit Diagnostic Log Collection](/windows/client-management/mdm/policy-csp-system#system-limitdiagnosticlogcollection)</li></ol>|<ol><li>Enable telemetry change notifications</li><li>Enable Telemetry opt-in Settings</li><li>Full</li><li>Enabled</li><li>Enabled</li><li>Enabled</li></ol> |
 | Windows Autopatch - Windows Update Detection Frequency | Sets Windows update detection frequency<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>| [./Vendor/MSFT/Policy/Config/Update/DetectionFrequency](/windows/client-management/mdm/policy-csp-update#update-detectionfrequency)| 4 |
 

From 9535a262a590f41e38f93293155623eb416e537f Mon Sep 17 00:00:00 2001
From: tiaraquan <tiaraquan@microsoft.com>
Date: Fri, 2 Dec 2022 08:19:57 -0800
Subject: [PATCH 56/93] Updating What's new with Rekha and Adam N's changes.

---
 .../operate/windows-autopatch-fu-overview.md          |  2 +-
 .../operate/windows-autopatch-wqu-overview.md         |  2 +-
 .../windows-autopatch-wqu-unsupported-policies.md     | 11 ++++++-----
 .../whats-new/windows-autopatch-whats-new-2022.md     |  3 +++
 4 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-fu-overview.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-fu-overview.md
index 023003d400..fbf827b7a7 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-fu-overview.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-fu-overview.md
@@ -31,7 +31,7 @@ For a device to be eligible for Windows feature updates as a part of Windows Aut
 | Internet connectivity | Devices must have a steady internet connection, and access to Windows [update endpoints](../prepare/windows-autopatch-configure-network.md). |
 | Windows edition | Devices must be on a Windows edition supported by Windows Autopatch. For more information, see [Prerequisites](../prepare/windows-autopatch-prerequisites.md). |
 | Mobile device management (MDM) policy conflict | Devices must not have deployed any policies that would prevent device management. For more information, see [Conflicting and unsupported policies](../operate/windows-autopatch-wqu-unsupported-policies.md). |
-| Group policy conflict | Devices must not have group policies deployed which would prevent device management. For more information, see [Group policy](windows-autopatch-wqu-unsupported-policies.md#group-policy) |
+| Group policy conflict | Devices must not have group policies deployed which would prevent device management. For more information, see [Group policy](windows-autopatch-wqu-unsupported-policies.md#group-policy-and-other-policy-managers) |
 
 ## Windows feature update releases
 
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-overview.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-overview.md
index d922d4a3cc..f2d4f477af 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-overview.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-overview.md
@@ -31,7 +31,7 @@ For a device to be eligible for Windows quality updates as a part of Windows Aut
 | Internet connectivity | Devices must have a steady internet connection, and access to Windows [update endpoints](../prepare/windows-autopatch-configure-network.md). |
 | Windows edition | Devices must be on a Windows edition supported by Windows Autopatch. For more information, see [Prerequisites](../prepare/windows-autopatch-prerequisites.md). |
 | Mobile device management (MDM) policy conflict | Devices must not have deployed any policies that would prevent device management. For more information, see [Conflicting and unsupported policies](../operate/windows-autopatch-wqu-unsupported-policies.md). |
-| Group policy conflict | Devices must not have group policies deployed which would prevent device management. For more information, see [Group policy](windows-autopatch-wqu-unsupported-policies.md#group-policy) |
+| Group policy conflict | Devices must not have group policies deployed which would prevent device management. For more information, see [Group policy](windows-autopatch-wqu-unsupported-policies.md#group-policy-and-other-policy-managers) |
 
 ## Windows quality update releases
 
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-unsupported-policies.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-unsupported-policies.md
index 667c755524..1c19a4bac4 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-unsupported-policies.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-unsupported-policies.md
@@ -1,7 +1,7 @@
 ---
 title: Windows update policies
 description: This article explains Windows update policies in Windows Autopatch
-ms.date: 07/07/2022
+ms.date: 12/02/2022
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: conceptual
@@ -9,7 +9,7 @@ ms.localizationpriority: medium
 author: tiaraquan
 ms.author: tiaraquan
 manager: dougeby
-msreviewer: hathind
+msreviewer: adnich
 ---
 
 # Windows update policies
@@ -109,8 +109,9 @@ Window Autopatch deploys mobile device management (MDM) policies to configure de
 | [Active hours end](/windows/client-management/mdm/policy-csp-update#update-activehoursend) | Update/ActiveHoursEnd | This policy controls the end of the protected window where devices won't reboot.<p><p>Supported values are from zero through to 23, where zero is 12∶00AM, representing the hours of the day in local time on that device. This value can be no more than 12 hours after the time set in active hours start. |
 | [Active hours max range](/windows/client-management/mdm/policy-csp-update#update-activehoursmaxrange) | Update/ActiveHoursMaxRange | Allows the IT admin to specify the max active hours range.<p><p>This value sets the maximum number of active hours from the start time. Supported values are from eight through to 18. |
 
-### Group policy
+### Group policy and other policy managers
 
-Group policy takes precedence over mobile device management (MDM) policies. For Windows quality updates, if any group policies are detected which modify the following hive in the registry, the device will be ineligible for management:
+Group policy as well as other policy managers can take precedence over mobile device management (MDM) policies. For Windows quality updates, if any policies or configurations are detected which modify the following hives in the registry, the device could become ineligible for management:
 
-`Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\PolicyState`
+- `HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\PolicyState`
+- `HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate`
diff --git a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2022.md b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2022.md
index b4a98ff888..ba4c088925 100644
--- a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2022.md
+++ b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2022.md
@@ -24,6 +24,9 @@ Minor corrections such as typos, style, or formatting issues aren't listed.
 
 | Article | Description |
 | ----- | ----- |
+| [Unsupported policies](../operate/windows-autopatch-wqu-unsupported-policies.md) | Updated to include other policy managers in the Group policy section. |
+| [Changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md) | Updated the Device configuration, Microsoft Office and Edge policies |
+| [Windows quality update reports](../operate/windows-autopatch-wqu-reports-overview.md) | Added Windows quality update reports. |
 | [What's new](../whats-new/windows-autopatch-whats-new-2022.md) | Added the What's new article |
 
 ## November 2022

From b46df945d78bc904ecd636c5c701d53e720686ed Mon Sep 17 00:00:00 2001
From: Stephanie Savell <101299710+v-stsavell@users.noreply.github.com>
Date: Fri, 2 Dec 2022 10:21:27 -0600
Subject: [PATCH 57/93] Update
 windows/security/identity-protection/credential-guard/credential-guard-known-issues.md

Acro: login -> log in
---
 .../credential-guard/credential-guard-known-issues.md           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
index 7c0013e9a3..cb1b52ff54 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
@@ -25,7 +25,7 @@ Windows Defender Credential Guard has certain application requirements. Windows
 ## Known Issue: Single Sign-On (SSO) for Network services breaks after upgrading to **Windows 11, version 22H2**  
 
 ### Symptoms of the issue:  
-Devices that use 802.1x wireless or wired network, RDP, or VPN connections that rely on insecure protocols with password-based authentication will be unable to use SSO to login and will be forced to manually re-authenticate in every new Windows session when Windows Defender Credential Guard is running.  
+Devices that use 802.1x wireless or wired network, RDP, or VPN connections that rely on insecure protocols with password-based authentication will be unable to use SSO to log in and will be forced to manually re-authenticate in every new Windows session when Windows Defender Credential Guard is running.  
 
 ### Affected devices:  
 Any device that enables Windows Defender Credential Guard may encounter this issue. As part of the Windows 11, version 22H2 update, eligible devices which had not previously explicitly disabled Windows Defender Credential Guard had it enabled by default. This affected all devices on Enterprise (E3 and E5) and Education licenses, as well as some Pro licenses*, as long as they met the [minimum hardware requirements](credential-guard-requirements.md#hardware-and-software-requirements). 

From 92ff119b660a49fffa984710538cfff08e51a933 Mon Sep 17 00:00:00 2001
From: tiaraquan <tiaraquan@microsoft.com>
Date: Fri, 2 Dec 2022 08:21:55 -0800
Subject: [PATCH 58/93] Date.

---
 .../whats-new/windows-autopatch-whats-new-2022.md               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2022.md b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2022.md
index ba4c088925..c27ffe990e 100644
--- a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2022.md
+++ b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2022.md
@@ -1,7 +1,7 @@
 ---
 title: What's new
 description: This article lists the new feature releases and any corresponding Message center post numbers.
-ms.date: 12/01/2022
+ms.date: 12/02/2022
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: how-to

From 86b9cb8c7a57afacc89059629e821740a8601df2 Mon Sep 17 00:00:00 2001
From: Tarun Maganur <104856032+Tarun-Edu@users.noreply.github.com>
Date: Fri, 2 Dec 2022 08:28:32 -0800
Subject: [PATCH 59/93] Update windows-11-se-overview.md

Removed the below as its not yet live
 | Smoothwall monitor                      | 2.8.0             | Win32    | Smoothwall Ltd               |
---
 education/windows/windows-11-se-overview.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/education/windows/windows-11-se-overview.md b/education/windows/windows-11-se-overview.md
index f7ea182a40..654b8d7eca 100644
--- a/education/windows/windows-11-se-overview.md
+++ b/education/windows/windows-11-se-overview.md
@@ -134,7 +134,6 @@ The following applications can also run on Windows 11 SE, and can be deployed us
 | Respondus Lockdown Browser              | 2.0.9.00          | Win32    | Respondus                    |
 | Safe Exam Browser                       | 3.3.2.413         | Win32    | Safe Exam Browser            |
 | Senso.Cloud                             | 2021.11.15.0      | Win32    | Senso.Cloud                  |
-| Smoothwall monitor                      | 2.8.0             | Win32    | Smoothwall Ltd               |
 | SuperNova Magnifier & Screen Reader     | 21.02             | Win32    | Dolphin Computer Access      |
 | SuperNova Magnifier & Speech            | 21.02             | Win32    | Dolphin Computer Access      |  
 | VitalSourceBookShelf 	                  | 10.2.26.0         | Win32    | VitalSource Technologies Inc | 

From 52a4e71fc3f4305687c03e6d5c3f4a6cce947c3d Mon Sep 17 00:00:00 2001
From: Tiara Quan <95256667+tiaraquan@users.noreply.github.com>
Date: Fri, 2 Dec 2022 08:34:50 -0800
Subject: [PATCH 60/93] Update windows-autopatch-whats-new-2022.md

---
 .../whats-new/windows-autopatch-whats-new-2022.md    | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2022.md b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2022.md
index c27ffe990e..ae6debb7a1 100644
--- a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2022.md
+++ b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2022.md
@@ -20,7 +20,7 @@ Minor corrections such as typos, style, or formatting issues aren't listed.
 
 ## December 2022
 
-### December feature release
+### December feature releases or updates
 
 | Article | Description |
 | ----- | ----- |
@@ -31,7 +31,7 @@ Minor corrections such as typos, style, or formatting issues aren't listed.
 
 ## November 2022
 
-### November feature releases
+### November feature releases or updates
 
 | Article | Description |
 | ----- | ----- |
@@ -48,7 +48,7 @@ Minor corrections such as typos, style, or formatting issues aren't listed.
 
 ## October 2022
 
-### October feature releases
+### October feature releases or updates
 
 | Article | Description |
 | ----- | ----- |
@@ -63,7 +63,7 @@ Minor corrections such as typos, style, or formatting issues aren't listed.
 
 ## September 2022
 
-### September feature release
+### September feature releases or updates
 
 | Article | Description |
 | ----- | ----- |
@@ -71,7 +71,7 @@ Minor corrections such as typos, style, or formatting issues aren't listed.
 
 ## August 2022
 
-### August feature release
+### August feature releases or updates
 
 | Article | Description |
 | ----- | ----- |
@@ -85,7 +85,7 @@ Minor corrections such as typos, style, or formatting issues aren't listed.
 
 ## July 2022
 
-### July feature releases
+### July feature releases or updates
 
 | Article | Description |
 | ----- | ----- |

From f7644c8e18eef37f0cce0c6527f1ea4ead1c455b Mon Sep 17 00:00:00 2001
From: Tiara Quan <95256667+tiaraquan@users.noreply.github.com>
Date: Fri, 2 Dec 2022 08:39:36 -0800
Subject: [PATCH 61/93] Update windows-autopatch-whats-new-2022.md

---
 .../whats-new/windows-autopatch-whats-new-2022.md             | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2022.md b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2022.md
index ae6debb7a1..a00b6e9669 100644
--- a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2022.md
+++ b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2022.md
@@ -24,9 +24,9 @@ Minor corrections such as typos, style, or formatting issues aren't listed.
 
 | Article | Description |
 | ----- | ----- |
-| [Unsupported policies](../operate/windows-autopatch-wqu-unsupported-policies.md) | Updated to include other policy managers in the Group policy section. |
+| [Unsupported policies](../operate/windows-autopatch-wqu-unsupported-policies.md) | Updated to include other policy managers in the Group policy section |
 | [Changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md) | Updated the Device configuration, Microsoft Office and Edge policies |
-| [Windows quality update reports](../operate/windows-autopatch-wqu-reports-overview.md) | Added Windows quality update reports. |
+| [Windows quality update reports](../operate/windows-autopatch-wqu-reports-overview.md) | Added Windows quality update reports |
 | [What's new](../whats-new/windows-autopatch-whats-new-2022.md) | Added the What's new article |
 
 ## November 2022

From 48886dc3769bdabb593679fb7aae12fbb2d05929 Mon Sep 17 00:00:00 2001
From: Jeff Borsecnik <36546697+jborsecnik@users.noreply.github.com>
Date: Fri, 2 Dec 2022 08:40:23 -0800
Subject: [PATCH 62/93] Update wds-boot-support.md

---
 windows/deployment/wds-boot-support.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/wds-boot-support.md b/windows/deployment/wds-boot-support.md
index 5b399f6f4e..32807ff581 100644
--- a/windows/deployment/wds-boot-support.md
+++ b/windows/deployment/wds-boot-support.md
@@ -29,7 +29,7 @@ When you PXE-boot from a WDS server that uses the **boot.wim** file from install
 
 The table below provides support details for specific deployment scenarios. Boot.wim is the `boot.wim` file obtained from the Windows source files for each specified version of Windows.
 
-|Windows Version Being Deployed |Boot.wim from Windows 10|Boot.wim from Windows Server 2016|Boot.wim from Windows Server 2019|Boot.wim from Windows Server 2022|Boot.wim from Windows 11|
+|Windows Version being deployed |Boot.wim from Windows 10|Boot.wim from Windows Server 2016|Boot.wim from Windows Server 2019|Boot.wim from Windows Server 2022|Boot.wim from Windows 11|
 |--- |--- |--- |--- |--- |--- |
 |**Windows 10**|Supported, using a boot image from matching or newer version.|Supported, using a boot image from Windows 10, version 1607 or later.|Supported, using a boot image from Windows 10, version 1809 or later.|Not supported.|Not supported.|
 |**Windows Server 2016**|Supported, using a boot image from Windows 10, version 1607 or later.|Supported.|Not supported.|Not supported.|Not supported.|

From 4e20edc698b7e0c7ab9fac43490ff640b3218fc1 Mon Sep 17 00:00:00 2001
From: jsuther1974 <jsuther@microsoft.com>
Date: Fri, 2 Dec 2022 08:43:06 -0800
Subject: [PATCH 63/93] Addressed comments on create code signing cert article

---
 ...or-windows-defender-application-control.md |   2 +-
 .../images/dg-fig31-getmoreinfo.png           | Bin 17288 -> 19009 bytes
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md
index 75fa771fc1..85eb58eb28 100644
--- a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md
+++ b/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md
@@ -101,7 +101,7 @@ Now that the template is available to be issued, you must request one from the c
 
     Figure 4. Get more information for your code signing certificate
 
-5. In the **Certificate Properties** dialog box, for **Type**, select **Common name**. For **Value**, select **$ContosoSigningCert**, and then select **Add**. When added, select **OK.**
+5. In the **Certificate Properties** dialog box, for **Type**, select **Common name**. For **Value**, specify a meaningful name for your certificate (in this example, we select **$ContosoSigningCert**), and then select **Add**. When added, select **OK.**
 
 6. Enroll and finish.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/images/dg-fig31-getmoreinfo.png b/windows/security/threat-protection/windows-defender-application-control/images/dg-fig31-getmoreinfo.png
index 7661cb4eb944b94c5c1b4f1df81eaa3c06e2c416..732001bdf8bbaf8a01553e2d183f71fc2f3577a7 100644
GIT binary patch
literal 19009
zcmdtKcT`jBw>BEL1r@=qsEBO91_%g9SE_=I-iee@L`tX%1f<(Q1r?=A2k9lD1p)~n
z3IY;(OK2e?J%J!41QG&wW$)j2zH{z9XWTo!G0wf;xPK@kD_Lv3WzPA`XO{P^iP1ft
zqvwu-Kp-C7`?t+Npg#gZpnctk4*^#as+0#npz|Qz+qW#9W-OD!y)Ml=t+2>T2qD}M
z={qgf8C4~efcb#%X#WuQ%j~V_IMnFMc3tSZ<U1sg-XE{DUmSQiDD(IorWhGzGCj!?
zCUM>U!sbxNA8^^`Qza%39)1jPh6=7;|1IW;v1zp)Sk?a^R3u(EeZ9&&G-!VJTk6!u
z3;|vVv&;9$$Ip-G^JWLnMJZ@$_9`f}#YOHoud75%s~iA<uH82n+z9Wzb}Y5fdYyl>
zW^*1TzZW>Nu6QhOafezYXJ{Vn<ldXA;HGLL0RlbqsnJOS*H`OgviC57%N|>HxT7{Q
zvNVwA+33v-jnKMu`hE~-p+4v5G%t)U?cikdE2Kkc=tVs_2&G565k#{?Q4fPaeWrm@
zb~Ut-TNY&eLaR@%e-JrKE$D+I7YK9+EZf$sWUjR-Z6GwU58m{yG8-5}C=**D0IcRa
z|M{N9i3b0%T2JucnF^oBLAhga=q<>%`JT+d(HghfPzEj8mVfz-T99?<=F)|ceV}LG
zT-{P@+<GZXqcvkSZpNM85F{VlpbynA3rI;6nZb%MwGr<qHIsqU+`!wDF;QK-0Z!VG
zqBe2^=GO8VRSa+UT$LwL2J-mZL8Xde)c4w$Git!PeOyYGRQn+i-H)V~+45V|W9(mQ
zlN$WzGp<n(RA4BXMB8P(z@Tl~Mb02@otmSVhN71pxjJ)vh^Wbs&LerUO<P~`DGx9Z
zOyCXphvhki7ec_=dC~}#%;c)|9<|;h=7mtsu-61#3Ej`Yk*pJ;5yo0<B;Q0&#*I7$
zx1Q^RO~0GD<&Ww3V(H2L{rAFCooLYcyOqEmgjejYIs&%?ixonJqaJB_ee;o9_h_XC
z7W=biWg|<ncQ=a0CMJgHM2CvkA`uVbH|kJW!};vUrXIBwb$CSuRY!#Rv57@mq0DRT
z1-CrFxUT=!;XHbOS+?IhND8-1{Y~FU)_85?UIcqxYp<rTuyEsd%W*33O4XId^$oah
zxV{Lp@AXEX&hf=ILEj;l6v&w^yK&~)%caGIllwp*ul=mLi)PD)&qCSABN+QY@G2ZN
zSt=X3-H8U~Z+Z0$ok^{r0^=D{X<FqGJ$Yo_pWZp}j%fH%l(SZ6Z*I08!UU}ZwhcAt
z3<n-k54EQWUKWhb1(s$3SU0`PCvEKQ3DT&EFWKxRw~&qgdrI>1zw9nhVWJh_$7Le8
zdES7{&;!7B27au3UX+c#j?D;~4DPwEHg6@e4<#`AfuPRNSXyEN4{JZ-q{SNT-PlCo
zAb@B+nXJHlt5T~(ck)oOV6yz*ctOvE^2z&crH-`}2VVx){3I+t20L)6{e;8ei<{%V
zL?#m*xH1X<^yvhfirXz~Yj5{N%+*#bXaH-a-nsd!iII8Pd++5CU^`U5`<zISywKhR
zyN@*r>}5h`98vYU1Jnwfj4l%x09=h$uhafP$o%4`J{EZ|B79nq{8*;AvZW9*4<{u2
ztw%lSzD=XQ#{fyB&!zjSPL&E$S~7^s;LD4^b~ZGvXRa(<64`$9K|~92JmU9DX7ApP
zF?N?pJtrhIoYJ%*%Kj#@^Bnj>WN7F{SKf~oeH{H@W;u)iPmCKJn~m_(Q8@r}9+&pr
z+-h*xPIBny>>ZsB!!ocd!yHABnO^VJa!?@!Bye8x;ObmJYY60WzvMq+ZvPy=qRT@%
z7HB^K^GDS|0{ZWS%qD?106|$u!R-`GZq}io3>vBD&Iv%Nhn0wSgTE&pFj~(qpXVsl
z^JzxFkqX<_0ST;_Vdl-i-R*hm&U$Z(#kh+n*G<Nt*aWG;R=}<OEJs%>0ezWfd5tXp
z;{QGYDW`F(FX2$wW$zy3rp9lZaAhwIn<WtF>(`_HRnLj<!%#279n=`%n@dD0)d^QO
zY+L>3-(Q#DB5i9Hm%bvCe$E8t{mfaTkk`w6i`ovJ{QGODQU;wVP(2<c2cUps`-sO^
zD&yIGj>deN<$aiW)P?;QZ6W3$@R9KTJfULh1ILa$d&8Ly==K3XfI#Oj9tLg&?eEf<
zjN@$LwVZQ4&nEIhfNPH2OZSp>5#moas<nZS?wRCu-y?tjxQ&`xd-CtQ<^R6>ME}O8
zhkMme>zAA3gwzV7c2?`Ojsq|Ht*s%oNm6-786ekd?*$Y3I7X`M8X%L)2F?yiPdF>s
zxZX1;Sb_cG-2MSpMBu#V&r+$t6&GBI)TBnf=dTshCA1R+v$xl$w8~h3tW3`DunEI*
zfB$Pcy)vK{!OjdBZw*aPW^wir5c?FTvw(d<ks~mZPp9A4@z1>#&+5ZW(q%MOzw^cC
z&(69OO>nG;(h6)`UlyA$g{W_~R&Ke5Y;2t9Un8$)F&2P3ink*{pi2KJk193)xp$YL
zs|$HddXU|hJvQExXV5Nm*(HQhl5$yh&|HNI=<0J9P2lOwpIlnSTq0p6<efQ{Ormh`
z%n4H9xOcAP-hjUB;(n2>XH7e^vQ)st5IIJ0J}a~*cqJiwCto;Z;ew%&kzV||eHmq*
zk1&Z1rPo%3!wY&hFo8s10~eZ1zV$Ta2Zm7QzAkERJP%Uai=<85ATI)Q<Z+P~(AfI<
z(r6)mXf>xYXvLnr>AM$ruM+^<1#m9<A(oc3Hp0jnW?s_jL+#F+hs^Z5(SPkl)XuR<
zbGA*hNqVB}g?m~9fZ6(`*3D<Eo{J4-;IAEnJZU{0vRIIkA=4fgv5^O?DsIygS16tx
zW~MUn_@(CVYMk0i1p+|{ikJ_|V9+otP0=(w)5j5$zA-JbSHGSHDa4cm*gxGw=Wao?
zJM7UN)YcnTnphr_EZ~Kd#KkP*&on#CyU4BAk&iV|jg93j8m7W2qMP6!F2p8qCVt$T
zOq;>3H0b4_8f`_kNS?6HZt&uoLxqqzV?BFM{r5VHu|mAV51HAX<ZP$b?z9#G#~#OZ
zC>pX!WOn8UVGT*$5c)6}HfX5Axi}-P)ej>=irPgY?HqP~@n`lr0JCH=BKLykvAy9m
zf2CR6YMWqMM#fNP(4@qmqDxxgpx;)jY(&2V>(f2qevXkbC-CF8TE8+IuuMuBdMaA*
zTr;_>qN&uZ<no{*or6EX;KI5?ImXET>C{2pfqR;3Cpg<AZ)hH;wOg-AFELgU(q~Z0
zDk#sng!^J;n~GlxhujCypy;wvSH)-uq9QLp8V0B;^IkFHfv&3mT)8llXwIBX)w{Ws
zu(y6lcfdF@z^r|57q<Z3v}l_mDbgWWcBYE5G~o5^HQ7h9VUVX&Q9LUedpqkPQ&Ic@
zEj%jME5etYMG`C)?b&^=HBZ%zWi6d)DJdz5W+bPiWS-wB!!gUUvX7T$rxVX&QtU%?
zIkqsHJ({f>@6#}QW|@Qm_iF7mA{y85X|th#3fBSxSLCwJ5o)2JiCmH0->=bYc&YFd
z-<3%$-n9k|I1I2(Y19Imitxt=^ctJ}4B0HZ1Z=G|%jdE(tLkCyi%gPG(D;hIbZUHQ
z+~vVl+@37jY3~NGQ{csi>o>w#dsyo|`rZw`2lnd1L^blZk;dAOOG?g56Nvg>N7;bZ
z^#Mpf*LbE5Qv)$pUwyUvOLkXVYrDf3u<`th#=A4dVMX*(@_9;Y2;eD`PLxV*zE_#-
z^Dh!1cFL+3q(p8c+DA-DXt1#fA<R&5mnJ7lR8fREF>V)(WtQfaAvBAMa6$5wjoh-0
zCXu`IkqEVw#v0eI5stEOd>OEPaDja|-LjX~ZB+TvC45_JXX-e;C#cDs9}@6MuOOb|
z)`Ubfjnm7rdoRVQUn~h3e%v?mJrKXL=?9p~<r9)4v%4#yiJ6(JJD6Y1u^XM)O~orR
zd&ieWREuI6w7^Mj`5QM%I5HbV4o3}M{M_*<fU~OAoic;OrcEUw&9M48?dXscNMI_k
zQOU_%YYxEXGx6Z2FTIhw>q`8h6A`TC`21KI^!@Ce8F3g1Mhxx|_hL^tFHvM|4!2~*
zVLxbYeLGI+blCN4w>i=xbC2ydW<3uA<*?qF7a67M=;(O!KmPsv-bN&rju{x2Vq;Me
z^kQMwp61v$$v-&Wav#6(R`66egCgXx{dUq$wP<{o>4FWIY|Sj@2aLPT(B`s{m$Bxi
zGaI$40-F@YA>!CmyGBDtfG@pA{J>X%zs#0oTL9ibeIoy$%PkI|y*bPQ@te0fxCpxV
zf`e6mp5XXV{~4T}_}~AQ%eqkw8Sk_-N~&3{^F|&4m&Khg7cEX}4gxc3swyI$K0Lc6
zCy*UlIyJiy4war9d&%@lFH+K2<C*oa$5=^;(@gx-=E8}2=bB{UFi#==rcrw8AE0N_
zXWu!B>#}^U7Daq5x^@|>&hnZm35TvuB*pC}{Bpq61zPVEV)k4LR`fd?huKUyX)SS4
z^6;qY<@o`55}yXc+<U>S0D)*4y4HQ>6$F6s^Nrt@W3Y5F7lyu|F>ZjG7BIQ$97C3M
z!Hu1@aW)Tfcje9nJc--HpU9D@N2mZxyV51_UZvRK({p}lPk%7mchhUvriv7&kbhyn
zL}{^Ol#4v~TW&9CN$hU09`!)@d^CGAhZZ1lrNxvmy}hTk$$J}8_%Mffd#kXS{x+-o
zx&u-+55n}`_U@V%gZM3u7g>5SU0SsmiTV0TBYV{`!mumdvx>Rogd0JIhN-O>Kl}p{
z&d+eVcts4AQW7C_9r7aywuBP4ai~CU?E^UqjyQrfLkv<^9Lka+!(Ol3ILQ>f9q5+K
z+-kvh>;kJEBs8e$X<#Ed)X-L}5oDGZguS|qt1AfR>TP%S8tYGppUh2-H1Mpp=AZHJ
zy|TyFPeL<<>{secj(0LdEO*jz;_Kgq5HR9{*YRZ&BSRwi#^wCGD<OIk;7ZA%ZrsUc
zN$J=msC|F)ghCQSIKsN5qOjH{G7uO=Lr`Z1rY%SViLwVgPVdL)hq%4sUxd?XZTF4L
z(K>}{U)6)m){jF<m#~Ph0aQagEmBXvU33vDt#P?v#Xo!wqC#14ll6uRch5P$Hx%@X
zGfbywmzfRD)<Vio2XWiBtHUobaOE4}v@`v{&LPaQnKIKe%S657?3@dKsRFwC2k6?@
zLq)BKTnz2=86W?s7&m(>Q(0Tc>)MmXxQmNi_(dDI7hOBnb-jUpR|vgsYB-T(UYHJv
zGNd}yZY|?1R(-nmp03la$KjH?`=s;O)xcEFI=<vvvU_MAS)5elpH@GgFXn0VdmrkL
z8#MYu%nRQe@frG^8D#;|ZTEzeXyt+_XJ#P2#7cXs-6^o5!f?4-AjT(rK$5B~&7z_$
zwTMgp5W5NxXbJRk@U*S?4MwP5<esUaP%R<`%QO?UAoDEx(F^nzPG?3SHfIM0WmODp
zA`85`6}#um&D)V(6_e%Pb;$kA{@q0t^>?|nLQ7&8kwn~hb!$k#oxYuAf;xCXMg<en
zK&74rJzD_eh4|;QNmw2)Nn%zrsO$6_VCypI`LBW?@S)w5q=t6-%&Y14Qt%HwKr%Xx
z6QfF*(6sLPhJ-Xt%2B!A#wE18MGRz}cabGav@17}RffH;W@Qh2|DmOHAZ4xJIf<Ay
ze5rWnPnf%;`!4;$GH@drr+iao$SD>W0O*)IxLjJ9u350M7cI8CVV1PJdRKIQz{b>w
z@6zzN?`2Kay|hmj4U+V@d@Z(KfuM0bZAT+XlNIyJAt)vIb+yBuUhT2aw4$=X1HJdg
z>i4ANX()0D#-$yuB7q@Gl7q@0%pM&}oo;_L6nA4hvPRE*iZa!i$Gd#Lr@#_Dmwig4
zL{l)&FFiSEVZkliY{$O=Z?3ROE*}UdO44XC^x~Fef)oh!@d;%}!r$G!m`Gm`$a)5t
z=`RnTVIBhh%g?{#1OLN<FKuzy3dr<U?Eel1{rlGgm}X>df0Q3PR=$uMTVj%bTG9Jm
zX#@;q^&NSv<)a)r=jX$Tb;{Q;@7aUz153*z_(LGRrfgMMFG_@nf@rmTbTW|Iy5IjT
zyh3)4Zy?9peCe7KPBwfKOR0K(B(US9wS@n7*kc(_rwE<VmmR_ckB<kIw=#FlPAO`9
zG7o7@Y|zYmP!!{R$LlV24(+O{ydI(PIKUr5l=kmdg{QA16N2~&-odx>_y%I2ctyk1
zf(x0nG2gGtJ3ijSAm72~a`#y}YD^~qW-c$=)A2>-Lj~2u9_Zv`eAFfUF%inow}P2T
zeI|`W*oZ_(ErRt_Fh$wY;8;hAz1LlZokPcR<4_XM9vfw<y70a;BN$w+cI~*DI{K<>
zBZdm=NTkm<`XD|-MZ3H@R>(?G>7%!u1*8@!o_<H`@EwJjjFVYWR)zXSe1(b1;ByoY
ztQ8~VVmfTNrbGT|G8lJN%GJic(<ueKm!%YUIw;ewa~^d}c=kp%ckTNZ$?(AREuU%N
zo%Jc-APDm28iWx+y<&^mvy^m^{G_Ds4Od$UuZW&U|F$O9ifqV?*9g<tmbH;e)FIC%
zItx0olF-{UN((6+cg><+b{u_)1KYz!dR7QV<Anv!R;<H=;UbI{p?fwOTu8Lm0qNJ)
zjL`_Kl&3@J%yqZU_US+z*r|8=rCa5TOlY`3P2g7r!_Z4a;R$Wpj}Q1B!A4W+%NL&a
zAiAu-UQvx@VCxRL#J`S}lGk6Am~{R$pVS+h=H@@;ft|~x>_fV4?<D622X~`Pr&Tw1
z-i2;k4Y*$X^q69T7gIOVyEQK5PU5<1PEti=U8WEqeY<Dtv6OkCK#`#J@rsuW9Wq<V
zom{pZq(&}!wgO$C&tP|+i?h>Qe5*5?5xrj-bxhKj(>St&;iccsHfjHqGs~@7h^*6k
zDtnJTe`w0?R}nCux~6~T1HguK$A0Lnya10#bsJxjv8N7Hs1jq%5eylRnj!7nS(n*Z
zsL&dP2s`9xd<DFI_ls(iZ17E}_X5%_GE%!lw`^h!>RnuHFmbLA5Yi_#7Qq^yk|1_o
za~}tCDa+>eVfWuo+@5X~lh(ZwI%LyMn_W+L8w{zdfB!<0PsHruG!h?wR9{d}NKbd$
zCCQTDXFp7b;MDEM%Sf<n^_&2oj&tkQeFJxE-=)Fk5kVN>diaDdj&~yZNH(4LqOQsK
z0)@C1AvD;9mZ(V_ZhMuxsC{$PX-))bCq3F6<XPlxj$5%7|G;vJyJV}$b-*2Z<Ir!r
z0Sej^wHuf!9a*7T$;0aVdJu!hlMA1mSK42xj~7!lbw{h_j4Qgx_`rU~-3zV~fTtIJ
z@X(8P%Is4u9qjD;GLmnG_iV5O2Bw$Lp<93~F$=a1E<g_ZKe(<d)aBzIkz2mj+^B4p
zpvf<j2n%Upuh@IZ%4&>6ONVEx)@K3hn`U?g^(gXuS2e>!gp3c%t2b<k=pFlW?)pHI
z|IMO}?S}jc0wk{2dfe;x3kY^ZlSfK?{xihBFRW+x;3=X>Go4ygIRjWC<r0f#m{WAO
z1_;ww9#*9Q^Zsn?l^q=`AS5vodu^rE?W_D&k{eE=24SY0``&2x093v=r}wFEUZ5u5
z;3GY}@hBJbvzWP{jcT<-ZOG5#b__#J)ztX4dja{mNtMMr)wL1j$shLX*5a^Z){#j^
zLsp2(UM*H$bk@*7$XbIcqVi`5ynHsy^lk3bdKU&ei+L4X^s02+Xrz!{v$>T8`&BOj
zOlr~prq1axw$Jge4f&ZcRMhkn$5hge&qm%YLFf5VoP)x(Y8o~P>G{zG-7)f-xvw1Y
zJnt<s)d;B?SYZvJvKZlq-W`&D2@a+$LYxm}JTDh^w(%f)x_pF#gW+CzmHfs}lfYWu
zYR<3I%0tPpnGm?svw&qsdK$`h#9m1ot|e>Fsx{V7$FGrP)55uIwl#yx$NQ)f3z+$u
zxM=G@a`;4OxDPqVQ{2luPSj^BYdD2C_XM~2Bp>U4bBmqZ;b);WjGI5nI4E5!g~G18
z*#cJKA1!LX4x=RAP*gl6w*TSyDMjxt&*GsDR^^4nwHJ4%(^VhINE$eYJB{@X>@y!u
z4zCmHgT5y#yc%RrpBOLPI~D=H+IK7JQtB8h`=ErZd(+&PBOsx6MtR(6<f%gH*>Ml!
z3MtTrl{I(X6PJut5h(m~ch*nGNU>ZmC|1Ro0J<2rV!fyD(SLcEE{Nt}=*1U^2mh1o
z+&=Ikld5S208$8P5bw+U3N6Q2*hXezfxo;?6o4=F*&$`J-gLW@G8RpolJ;RHssVm>
zEaoth6Z^Y)uHF$$Xm&SYxQC-$KQHnK<g%>cYy5?o@@2>GAsSUQG$dO-Bh-=T#+-fx
zY#z9E=v<B?xS_~Y)6!3PMlh_1>N=QGYZ9zo)w}<BEdKkliR(cn7QK6al00}o()Gho
zBT6p7qOhSj|7h9=H^s(>8Ugiy9v^UC1m4a#W>i@tTo`d>DF-DsIA0{0+pG1LSfaFb
zZu#7**%6mz+Z^%ZSKvIB*|8bLn)&E38$mzPCpG0f9Vl`CXJGuQUXNcu?wuADwYcm8
z_{oO_G93BSEhIk;hK)3JeO=_!6M_(9#O$1BRIk<<x8R{2v?6I>6BZTd^>lz~x|4q%
zP-|7JY5Fo{pgz-jxVy+$COHw`?($BiSWds8eMG?fz}NgU`qthC4_v;l>m^M<(16F1
z*;@1WPCR_ZiQR(!eD(ho3H_dB56-b{(=gsdb25Rp4<|z*V7yShqd3gh1-KAkt0GwP
zcii`X_+0;iHTUxd0)lfc`dCX}KyJ7E(Lo@vm&ZNJYgw8DEi<Cw($>^8d%b6D=Ce8p
zM`-jxUn<^t`+fgGB{)P&mJj6Ucw2QODP>*KW)Js7bw+nUwWLnyK#SfZOL@c8!V<t9
zJrtA48&@D9ToOEzeZ$4-coZh?IuY`)J5tb+&!%CvR;nP!qS(ikQl2*)5>G-4_{`*R
z6OF^S&735_EN#Ck>eOXre~Zyq`4f$2@T7FNmg-z-X?XkA$CL0LN5Rb-pqq+!RDdBQ
z$?Clwx+P>Fn*Y$gllBNqbWui|SOGfu3f9wOcsA*bVv%imPL!!mw47wo>n@oVnn&46
zH22^^aorfGe9}jYAy?g6$P*q&=%A!xI(Wpz9A?i$D&$!g8g}nqvxVTDQu?!c7u;*@
zaCBGMJO|Rw_3;*^<IWa?gL%V#6Vh%G)N472CThPi)clSvU@3nyHy?l_#=ksq@Ookk
z_`lSl67#w9{gHe2#fy5QuOv8Llwx-hQli7)k^W}7tG0a7kF)}GFFfBxPkvCUhkLk}
zkYt|vT4OmTHQ8WP1UWx-YNjh!9ztqdu0A*CoZ>7SJNn4p`)WGGsC(^c7pm|Bf%Vpl
zWS7xvxi=t%2)3qsC|7(%Z+j=8T~J!)5_ykY`Dnoh%3E^KA@Fvw&I$?_s?i{e6-%xI
zfi?;%tqX-tcvsb+oh&WHe124>Jy@bW2wj3)R4PeU#l&+Z2I8ycKM|hi=Qqdu#V4j0
zBg?-l^lUX*9a~v1F}+xz%Yr`(uC4Y8OnJz>X%>Gf-9X}k1Zu`3%CDOkfvdN!o=Y(C
z7^r9(mJ5vSNIO_w0`4BUM{Lv{?lvZ=OTt~`mIV>kTXW-5#fa|uWHQp~rdsC=O2c;S
z43OHol=iKM5)IF?(@&D~f|074F5tmtTmx1&4tfeN?$^_k%%1#sS+u$U-_c0RpUiKr
zy-+nebYX6oSsnFfx<zUH?SMx$4+NFDx(Ic|P0x|66P%~^ynR&Z=`~yY!KqU=rA%6M
z{k?PiFP(2Xqy(-Sz2f4Xu!5w^p_O&?g3mWD7O@K|bFKxIUomJ;lF)m*bSvuZ>09d_
zE~D{W1M#KOrkf%9tU~=zjk(0m+WudoF9=jZ8r-YGmGve&Fu5Z#)Q7Xk$37fBq=uoF
z)p<&~(pyficS^RqBJJ^#rd?O;Ro-YQ``?EiJoXM{qZiYPwmOM1m{oK-9+3Tm1s+sd
zd26RVYQ_z|b*Q^6$wglVZ>J0PseO1h#w|wgk^WH+WcACtY$lIQQ=QNBz+IBf0A;gu
z+dU!tyRlkl{CjLN5W4xh7T^?8qs50C^!0;NhAIsI*ST{Pn1;3jE!b=hOQfUEsXh1`
zg%T~H;n7xKvL4!kzMiMJCckxz6++`1-XDWRYP16r85$j=9(8<to$*+|;>XNfgGMWG
z@#%$;3&@!-68=@h+GpQ67xJXeaI#8=s#|Fb{drgf03A2eC&{((T=FA^hKBUNEtdE8
zh=y?>-0NS+_W#t5KD%#iYdbhLW>ZnN52PXYQRND+^P@-kv%MMDpM2p~+Sh03>FH?$
zfedeL)wi{^DJm<^HTvvnftF5v;t4eKyamrZe>jI>1qLgrh(moW3#ER%fB*gj4YYJU
zpp_}<K6dR<{ca(*_bGGxzGAu3s5Ptk@hxUC#NBC(&P0xth+Qjob#tpltIGHX)=gon
zs^ox}>&RY<5?P4FGAA?_n=;UJ6?9JZqwoq6xz{zjstLC_KfC*msz$ZWCY&zh5%3nO
zwDb4?IcTV&@!_B$-`x7h=pQ{#GW*tc)$0!jK0k?1Hb^b}+vB}0$Td3hj?fM3{yvsb
z0rikuWHXrt<<&Jt_oWIUy%#dYMlZZ*Z0iPcy*Ivf``VF!IWs~5yKXd-zY(*ZX``!e
zW}rY#icG0KqHA{1w$z|TGw*Z$nxFlhvd`}aXHBx9c$B8Jq^x_yCHO|$4#CLITL|+E
z{y2NuN-^W@>#gS}<@1+w*r|^ER)FJKn>)x({;i)bDHeSSwI`I`Zy>+0|7O6u_wS)T
zM(0EvfF&<o2`DRjzcM;?Rc<CMG||q^V!guHx^w$W;(e*ik1^XWuwRvZ5#i@LO({9N
zh50*vIHAgCmGL%LU6OuC(+y=4<>C|M;ysx*6(^ROC9g`PXwKxbn~`N5BinaO$A!$7
zwPAZ{ztdc~0lOsQs(5->*(K-g@bD^rud8;mVWi1P*G!Jj7v5O}ILxMc`MeZI$qT2~
zDYqkzmd6d>8E?#Tk)AIYdSp=5kvQ|J2mhpK?y33bKy)-V&TUuv!sMW>-ms4cnTbYM
z3uyk~P^DXN@`m({q7f#$FbC?aedBb}TQH-QusKiY?FjrxMcs6}G;**y@C*<kxB$0c
z-A=MASLQGBw@SG;^+vu$N*GdHSAFL0G`>i0-{4R;YA$C!f;71=!A4PEZ+1HKNX%EG
zPj&%l!`RfP3vwDs$+fpd)t3d6EtU*AAEeVu$}-mUpz?)yUDLpYchET#n}!0)zAu%D
z=1h}<^pW+aXC7GM7Gv>U`uE^dQh0;lM9aPa^@>E&Y~97~^_EkH!OJR7q|>DI#v%2D
zBeezWhQ(kEUfonkaEcd3BeM2=lld6>j`VSk1SJd1s9$hfZ+o5i!|=e49>l8YGa<Jy
zbBFfi5Djq_R~1Cq$}+PO<a?!d8?44CTBk(Uwz?8L+geX+ynK^B%;UNDBds`$r8X=?
zwauP+2($AxS(faE5k5Bo{KIVS4eaK9VUw{%f}}h2QrXK*x$o4cXTAq9Usd0O%SBZQ
z2<h?HT9;PLK)r`{+<Qt!uAOkycfW!lY^Gan&b!VptI{tZ$l95=E4gJkoJjTluwA7|
zJnUHAA-6Qu(vnGJR;z1(VtVnmCGTy+@Ou9j<95>lfEgg1ZCw2-@2o(z`n-1dqK}nI
z`AO@f3GyC1pdH=*qs}J#+(Ds^Q<((KmTRYaPl<|miNda7a<`+Z@!acUmHTtZt6jzm
zi=C?2DTX~d<XeihH*}vzBH(iHdS<VOihYk5r0h<#1&{Okv(Hj4zkodDP-=oK7vmuJ
z=JUx`%`3h`4p67}{0r_V9j9E^ok_o@2MSx~-W+AH7nUBo?FGSLcK-hFE8=V!_3P*q
zNU#%n3Nwx5-FhtZxEOl6>_FvD+DJaHE8rXDUF!LmeF=Z6%;g|Kyz49mz+$7H$UQwg
zy6uW(8%e1D)6V1C`J9f`@>@SQ5Ohbn$zR1<jJ8ea10hY`i!c7=fYWWFNWM0tZ0V+X
zZxQx6&Y1ZSuH>ioCGoJ5fVG@z{1u<G@`cJuUV9fGlU_<@32ZL-y@$Gz(67`U=eRCE
zK!1H1?3b;a37y6tt594<>^qbs)CU;T%-_mtYGr^m?6zT4m1(|xXz5R2O)A@wYwG1&
zUsV_6j9;*5vGS-^{p8=TlRz68=|Wo#nE8AeOG^BaY)2+qQO(OL6a5bwxgpXF8f;db
z6Z9mCCVoGs{CONVoth1}^XDcrsz0P668yaP0oFp4_~daXV?yV4eQ)^sImw3Ce{C<T
z=nCD($Yi<0B7H(8h1J_i%!|5mb93#9mlUV7#9aXYcyRIV-McmsYX{;^?LYKVXwoYX
z>`9k6HBd@_BL`YgajG#;yU4yTC(L)~wmDnD2@D3q#ZAgRU`aQ*9Oq-aD)Z<(BLYi*
z@^39%1C3lb>&)f&695k-?AmEi;ENx1Bl||ICrCA*O7s4Q|Lv)%+xW4uGy;JT0^tEI
zyw$)WZld13dxzXf<r6mw$Q1*jq2AtxWo2dOL_~-qBcA~%1j=ysxSnNRto~-?AzfU{
zcVOSfB!yBsH+Q)kjt@B40PJ3~&@-XehzAY_4F&UTuBe3a+?4I^>G1%>bZ*J3CDhs3
zSv72{a_==aKo?r*D)1M0o3lz3d(`e-ev9OMfE2@th1~IJ5rDO10HD`}Jo=mtg*c6U
zlq2<sL-5?^U>|~<K7`*Ie7tm9fe`eat}@mkR5;5HetcpHbnHOI6MsN!jUKNHf>ks%
zX>5B=!1IO#_Tt~^cdLQ;Q-fV0v*ZFV?RY?JBnQiTuZWd2W`O%8U8e(X47sJP!Hr|_
z+-c<dQdl`$Eg$%wXsWiQ@WQKC)uMxAd*J^FYg~?wzy|(j=yfW{USCE=ax?$|AV#d&
zMR<U=<Xp<|Tan#mVo}v!1pu<>;bre3b^lPiX%<^hezKvU&IXS8cDAGAY==@foOn3U
zyKFh+NrXi`+P#!?CCT9wKp5oTElyeryvg}rN37M-!qvQM%K<$6g%F5i&+Y$#TFyDX
z;TmxXH#33o)!U5Zu-*z_5BcyV#RiRN*}6I{Rz~Okky{AzADQnRiHPPCF41KWu~=PQ
zNq5yOFy2Sc{?lA0wz&9xZk~L1tFYC%XO|il0@BYYtoAvFNJ@LY)q6Uoa<yb6HMvTe
zY7V|Jn>6sqASvO?QlG$JS1!^|f4IiVNup>YS5M`MU)2~psYhw0nGR&HyBY(A6kU?5
z&0O($<vG)rf3|z#-g@@inU2w#;Tdmi$FnthXD7S(hO17{Oy(o7B7ZK8ofa{>sA3xW
zQ#zXv&F=hm?UBKZ#l%%>Un`>npfO?(d$AGi<Xx3YPkZv@PVf0&uCSId^7>o+H>^28
z5a_xxKztmoB5>YfF*+03w$ZAX8ZUpZ{91~74ssA~3B>iRxRw(>`}eoK(yqO=Wt45Q
zS*%oe4G1hOe#y|uG4B9IX(F4OTW>S&YcraS?U~(2(XqotslIjOKaa@0P12to9P6vx
zY<<M@T@hws4(mn%k(<JV-R_*N<2f$$sh%S~{_h6?pUm3%ciaBXcirW-PWVf2>a9tY
z|L|j1-K040Ts396{HG-ST&j6q&ZX2ZgJW)IqkpA-nR(R!SbP;loQYMilf7Ud=&G!H
zfHvVtr%l%R+#*@(Ml?C}FYy!F!PeVfU_D8vJaAB0<fcXntER<HEBfz27KXRnaVacC
ziC_7vqxiF?iNfbmO^|PfjDA)4Ijavo2XnY57<n}<nQZd#@RROtr6x@u(sU2iK5#Y)
z3Z`a|PP*0pFG5fy?<hR7!0`0)V<;E#{PRH!K?fM;LmMtiFBTZI-mSsachTT-?l;Xe
z6*#RoIn6)#@INq=GxJc_+T|1~f^FpW$g(=}LOo68bnggP2i{WMkNt3R4Vw?TzVxgP
zji$UpjgDG#)RusbgV1$Pm8I28GU`m1339*ir}*&6FMM8`@YvFvPWRk7ZisdU;2-dV
z8{T?=0T0*@Rsq1iO;kaK)MHiu;YX6DLbgEENbkmMG(^iJfvc>&p~R3!#dGR#hGy<m
zw_fM#DNPCDnXgYyYT7~IZH>`-G&$c0mLb4F5wYR`k^<8Evio0A!XawNE7ytj{I1Xn
zPgT;7ANM<rvwnVh_|>tpCB2*G0oRPuwy71CI|O2jc_l;d<%>wPIX6FZFO3vi0_-sT
zK#V0EadH8)WCt)6WYa#imqNe(5D_{AQaj)bSjWbys;WY8(;r`r{u~8L_|#%Cp=UsW
zl7EMx{#$Dy{v+e!lqD=AfBN((S<C;|_qQ@b2X3kWvJQp8ET^ZZ&j|_+0%)_2X72$o
zcw2cy7k;od@WuIOlePdQo5;v-uuMgqS5a2JTfe_@y6-eK@0zze+GIVZ@V%*YqNiBA
z9Heqm0ia-aJ;lnUiN(?*1?5qu;2U||Ycd7HP}`}h3|kq$v09%(%a0tqL8)dNB~C#e
zyAi#^HJ0f>p3aY$>@@#5Gjo_isqY#cjb;GI7qIo)Y4133DSdO-8pY;`3(sxLF{Rex
zi4CJ}<<7Uen;u2BF^#qeMX+z}sUJNyyRWrJ<v`Jo?QVU4r4?6K@DD(RT|S<lWa}q%
zwzH@<_sd!*qGfH7M>P5u0rxM;HfY!XSZwmCBM@f%n@@#J^I8Hd@&s}20_K?coGEma
zIx>Mreh^;%!Qp84r2;kdbyOiAPo?*x8xW}@XYjP!0`xH(6rDnV8ESB+W&M!AKE&H)
zn|kSY{<-|pT;sn2$X{O6B;;ivnrXisB$574L`0FQ5Th$8J8y}M8NCkSrKc8#Q3t=|
zOdCj{SJ{935p_LI`Ec-G6Sr6j-+GLJRL=Xso(d{J4O>Rbk=E4?{eJd(h9S$My3)zj
zdNau$5#A{&>t-C*X2JJoLG_tJ`E&MiwVwm9f2H@oW09qe$GP-4%<xe=xd~pBzif*-
zas$UzDGK-uY3T`V?O-L%CW;z~;xQc>cwN6<`L5p+({2^mzvG6pACSo?hwL`L#yEwq
z=T|l3Hsk*t8{GLWmSkq1H2qNYJC7l4u(Bp032FToK@+zj!ioBt*Y;POJK&rk(Gf0x
zMOMnefO_-urKfM8+=GZYucET2|8O^q`?;d^G>6*GlCkBXt;vPv7mSL+nSBMZ0)|SB
zrVOc0)KyP(6f|ybTl>eNHbJQ?u-IB8P{rD15&&-kl};T)xGe`34^`|EUA<GXuuUyK
z<}1uQ;}pu%*~mE?mYo;5@^Z=Nw<yA_xxH1>6;U%T*tMjOF`G{wdj3ImhV?5~6p^14
zRyz!bMRE@s5i1#0UvZ+Be~*~@MH0g(nEecMWbUr|SS1<h=d(VZjg4!#wRE27`@H9F
z<@)Ktrl~K(H^BpiW@+z4Vdt^AgD$#JqO${B&3kDwvQia^V$P-9@6QC4St%G68p>Fu
zR}VG>OD6(!6P#F=-T<E~Zd;`21Bh=A{Z<-~=UOW_b<_;O_#i2}0#PryQ<HC@Dg3(t
zYGq}b3dHbL%kwR}{#w0pV#|=f4&hPl!=3hFKB*dW)G9yNt>AR6TmTZSNhQEw5DT)c
z?*iWyPbWo0Sm{ha>!`?al;KOt>q8xPipG(j-@X<eG>2O2TQm<gIhFXlX$vG4A^bGk
zQ$M@%4)e-NT%AqSv{)4LiMU!^QA*yp<1$x}M_AQPmB^kx%95~|ttEdSS4TC(YJBPX
zt=A$)j1B&xs@yC@nW$jwe*poxWk8&C8>YfzbYqTNqE$TFiQ6TC4VLJ8V(=<uIm5#I
zt`lH&37^s#(-%dqgR1*0#dr1_d|t#C)m{K|TY24mJzzBgcp7&vmc0Z*nL2CaTKMX{
zf^uas^=8Om^-27guh{V`(o%LRzf%!O=tFQ@&kPqaA2vGuN6A7!w|E$O*4DB1tnk{o
z11DY64-sU~jWuXxf>nTOjT(Ce8N`CX?TK=q2ca6q7Ik-v(9Yr11iM6N2>Wbt8Km!t
z7?5u*YR}CncuxtsxFOdvrxva~nn(Do%~<_X7~fAe?$;#*Ba_&LN$eY%`L}&8Zp0Nc
z|0Me68eJSYSkpFo+Q|2cHxLYXq&H^Ad)C2CLRM-eVE9bHW%GcDD4-?bY2lSouF+_p
zaZq<5yx~FaW$I4fZa^krar(W!Y<@|MIO(C5U&jC9GhNybGB8j_xy7!t{=a3=<IYl~
zDq;9{j_=a(<nF&ui!OmiC{^b-He50%e}~F4SrV!_bLx^&V;t7$tYD*JC^T%bfOw$R
zMRzVvI2`!xAwcx<-o7h+NpfZ>W^`WRQ*7#4WY!$g<WElYH#)HCpldCD`vK`P9d12)
zP+D>6kzpasq1-Y1RpYBv86dAyDn!1PU1Rh6AxqJ&YvGLo(sPoPV#*=gBYsUIBLf0;
z<$+N$xDIqJ;T{qFzT9!tBx1ySY?(>_%!&vItgqR_pj8nK4Q<4Bc<4khsT0w7ja2EY
zjHzsG_?la2S$^{C3ygDu>Sx3I2(}4OO!03Fys%w>`Wm|X=EKbEGU*m4hO8}zc>h#!
zRr&?Yx`3vBE|BAz)s1KsDmP+Yp4;%`OxW-N*YYbR*E{ivL(h@<(W@|o*h6P~odOSs
za3_g*)e}R>%Sd}s{!E0PTi<-5;v!u~*?ny0mP?Z91mFjIdyH(?#shbHJ}X%XP*NE9
z5~{h{XeP>%#O9v?OJ4YK?U<p&ED4)BQDo?b{hlOXzq(*_)Y@v?=8D#1H4DOPJL!v)
z{Fy^=YTv^&Yn04t(D4}_jG+$E_wndHZy0R&h;L0z4F|-_VImkx!WAneH|&ac3qA9_
zl)1qb+oNb9Z6&V;TWV&ka9Tinn=7F<KDkEZ9N!JmYEdF1cbGYJ6qfPUP_iJyuLUs;
zE_Qyd|8wIAkFSw+J2z3cq3+p_l_K|)z2Kop9CUtS?iV`fk-EZ?#wpjYXN!z7<zGif
zhd|=`-i2l*2Cu*jiv$G(pxYgM>SkWt0C{}xOZhm;ToypvSjpn=5l5%GU4v?^vb8V3
zZQ{=Ee-^=~+=;w25O-=?&S|{p@#VaS7X^3mlireL{Ihv1O7;;98ttL+{Gnx8*#T9M
z8u-ymA-FHeszK>qn*i=3Ax2=0mj#jL{5a*`IQ~V!r9ST@+s|Da5Nqre5$v3BC>Kag
z;2ZDF%k>zyeU3#JN9egV@*xnQO8ufQs>>dnJ6%r#(u@DINR?<AO$VX@ec=Z%h>}C9
zJ}p3Uu5SM~AHlAko{npWgMi9f%;CWCM?Oa0Q5a)m{ZQfG5i5%?kZv~2=2+YEj1>L?
z+m>YZg972uUA+)Aw<T0picY%|Y}=oU4nsR6i(d{352sERg!ctSU?*fL^UL;|nxhW5
z-(aguO5NKUO&x+lSCgtcYdx7hwK*Ao<*H8hg%Ma3MzC&;JUZG?r?0;wyOO#4!)*MH
za!^A+m?^Vswp*ONLDpL|)^*!8Ll?$cu4Up_Iepq#oy7p)#k1&RYe%ZhS&j>^%5K)3
zK27_YCEIdhGGib0GIpCaka~wID=n>Mr2^3kuh6EXtlSevF#<~*f*=~MFCB@7(WcN6
zwXph=l)164z!se7tT6$*^*J#VmpEy2TFv#1tZ0ar_{vLm^^(I6-Inb5-8n3RUp7T^
z-JTqm!^5t|_Gcds6aq({UdniM5FOY)#$$NDMSp+@sR*BP$X~imdPS&k!EnzEA{;uh
zvywI0H)rV;p$06NlE=ayQWizHT9a@MaR~+6aClNkSO~Dt&clmZ><6{6qZ%T*Oy+(B
zEtBiq{7OXkw$ezxjD6=Rr0@j9ARFNu<?f<^vB%Z^IYC-r*kjh$Y}=Uhvq+l9R+ox9
zTe%Fg(wH`c%?!WxSZFB85_imr!A*w#K_C@DSQxS<t#*mdiX(=#M5HwTB|brw*lP?p
z|L6_3c`tL39bK?Ro4!Es{X9LD+$0jwNocDoS=^j#eo`>Jt~0`Jh#)DcxpE1o>`#{M
z3VQrcWy1XpGLA@<RJ<_nYb0NA!{5gT!5o{g8$8+b*>86MnmQ`dVYeNcx|l$qYQ?8s
zzgjaBLe8plO+zzIO1+=Wl5@$rVa>`SDlQ@o*x|5{0vE*7q~W_7kECNEi1i3k*b9o4
z)?Ov`yKk!cJZwM-+v_kwUqXPP1@bGEor4r*p0pIQs&^eNObe_+&IvDUqTL$r@FgM5
z8O&f6siKHIuaOm<CH~QtZk#in+7mQhSGmXPMrE$Vlb<wi`wOMmWP)qx2^vddS;B*g
zq`UBP@}KQ3R!t(eIte{h5=*Oy;b}d6YKvR;aT{_IE9oBOMKZ~MTRV)4y&F=HZXJCF
z^P$uep6<DoU1z(jseZwGN8jboH6l2Fid-S6zwrfmfmkuyS)j9$q71?HnW+$r(o<_A
zrgq>KJErTZ*QH;rzytPWZwgolqlE(-pq|#{ewhsF{Q3hrzcnHlrZX%$BtI&Xa+191
zORrXf^vdc9g7vuIA&>+woIcib{b&{Kk9p4{HaI%WSGA&YY=rCO&`LHB>wXQp*`q@>
zaRX6AMtc@~knRQ_Wk5XUudg;*P#$TB&ib3}&Y@`})vWO=OH6OK8@5{!2fSGygwmJf
zQIGAQ(D0|r>)u)5#-}o&eQQzb$}6YTrRqB8hOSp4;8lSs`Vy9hF3j(x1Z?oxBGRnR
z6dd=(eqLVv5<n$eQFo$nlv_gOx0(XMPtXxpKgC7UCtCN7jNhpEx=p+6P2;cgb_kM=
zNYN&)_({MDkQ<*jrg-B@JXOx$pQ7UO7*5BZQ(HW<aq8da(Jry%Z^gN-2<LOz*W}cs
zpgm0AZt8OFSoj>Hpo^@B9-YSHIt!dEc}wH-`3tsvS?_|X3Nu&QD$=be{W1Inzmm)*
zm_X+VwyaZ0w<O@^n0sLLs%>wIeoL?Zz48zZNU^t)0D6Gl$*%ecPw?(3vko>SLc})<
zjC_lHmR}lf(fF-?u1+XZ1{l}eo1Ad^`{?T!?F|K-?Cfrx&%43cq$fye;$Xa<zLZCv
zk{D+#)sVm0hsQRBNcYrWc2KAAp{4clN-Y(&<l#sz)~w##^4(ZS9CFx$VJ{I{fb1>m
z{N>B5kLs~f@z|`~lNEQfVI@nfr1S*joUR-Wd9`UT!ICu#vl&P-W8x{cT$8efU3vm>
zE(`7u;j#eP5vw!lk>7na_PUECU1l$f@(u;2hRrd`R!X9zvd2?XY}p~lFf`RFSy)Im
z6xEm$-T{8Y{-qEp;cWyaej<JOGmunkS@CQ;nk`e?=uMW&EU{&v%_P|_p>$;U7T>@k
zE`C$pMnY;y+Pj&c)fKQDp_S&t63h0zQ}jW~kodY+bA{2sgb``GOPDb4ztZ!%{;$CZ
zDoly;RO>jQ(mre5y;d#kL0Wox0<=dtjCQp*h4e&ILz+iu&fW;5I@7B6L-o|K%p9*Y
z*(X(~%uEWM>aq~CjBbcF5m!2-0TkWLQl$_wjKeX^HSdFvD#)X>cy*bq#|rOSvfzOr
z5b_syq^OIXvl#eH=(=K#&s*ji?C3YdB?BR4UX|PR4d^|z1Ippj(5?7g*Vl1J_Eo~N
zxAhklu!!6Icfz+-qa2ABYUav!E~XKw-){hz2|a+(94h;k0W>03K3N4?+5RW2{<jC%
z|9{b8@^3447yHr*1UmAYb1uMtYqaR!-uR!r<?o^;p?@n{3U~YYA`@`*{;3df`0`KL
z!2d$S&mmd|-=#~Jq$B6PzvY7zbNsJJ0iYDB_RNs_OGhW0w%a|-dp1&YU*drb|7W5J
z6rxboGgPBQ+h(9;>|qoaK(ue3RjZJy18UulKwCN8eq93}jesielFFlL%6Dr`XfTZl
zW|a}paA2^1^dU+Vh;s7j#EkEK=<YkmasHg<Yez(nUx9SF<15~lAahKClJK+VV8-T%
zCZDs>g>b8;<^cMhpiKqf$Y%O@@m@6mcgm?xGOYTLa=95X`0tSHvJxWlC@thv>53tL
z{#tXf0+~{+WTZx^@i|8&>16`B7H>PCAvMQ8(7w{#EY?-GBy8f6<Ef<7ln=mglaMi~
zmxgmr^}0W8r8RYXIDa|$6DU%_OOHzU>Ixo_z}X$SJ3HH`cnXZ2`C|E@;Y)yz<|7qX
zv)H+q0lh1>@-8xBaG(`h(s~wtf8EHbwlhBcnj*l&186Q~>2--o^5$7EkMbaHnB-rk
zu1{N;jU}y*KDz*&bnubq-;Clpd}4o^+JtDLhHBnt3+U)zv{8!azsinV?sItd9q;7J
zt*;YDuEVSIn+KxJUYnUkSi2<EW~7)U2(ufbpk=cj+6`?%EmA<>pJd~DR$k0c(kD4A
zS=1CB8#+oUg2~#d(KpM?Ifcisd_B*DKqF|Ob4yo&405+vskD!Gl3YpRnvD!U68UN1
zk)N4_cd3QFmA!=03_2}VMGr4lhdfYfH|(h@?KGF1-i!wlyL3M(`ev~?kSHoF$xGu%
z;4_)g;BP?bE5-FHP?~1ZoQFZ)1&SY%5)$@+)Kc%L^ixhyVP}X_0vsbz*fA8H{J~4F
zL{|w(Y>=Jg#GWRas~^zQ$bM1}`WH13Lmk7aP;T25F<4A@d0C>N`?R7o;PeNK^>7Dv
zgpVOHN8Z;1wE{N2A=X}Iu~sNJ(7OC9xIiz~FT_>c+^lMB`CPgI^b%@{#FMUGTrM9Y
z82t{2QKN<)rT|2cr5&Y*O?-=bA{T9|-I8ujsCH3oG=tR5(Rr=Kiv)=#>I&sLb}`35
zH`@jN9mC?}L7Q&L8D|}CHhi-W^d=^g_;<?Ebbs*6Ux8WtK-2x7u>C|%^F7EnpcN?K
z`46q)|L^wJiI1cfj&}atjvgDBsTO1u|7edN7}!f_oYPs=AX)~{?Ypbv+q7Lc2^>0+
zcEn&X(dq2CLltl^NO%_KcNCz%7IA=c;>BV!x9m_Wzr#erpYu^?ZUe=%gzMc8|2eQC
zobT_3!?ZNVdDy-vwFU3_gJ*za9wzI8fojv+&-s>?Kw$Diw>=Elc^P=>pGMuMk48IP
zkE9VVuMkvyJ^_o=r={*|vc&5Z0YL)4Sddi@1}>hz80LHCo)pmN^3`#44e|^FyLIr}
zNkEU4Y<U9@Tmyk5jk457sgfH7g1(Jai;BPr3**sg$FhLa7V-)fgMEOh3I%kCrfi^(
zhR@a#?YT9Uf!qSWr~Ff+jO+btZuL+9e#w7fHWzGVDXZGI4id@JvVrIw-;$kJ=AKAE
z@4|BoV!#q?9T}vN<5uTAd7PS6MjO~auF`VO4%qga4w&1kwpuwOtyo0+v!`?WNJ@bZ
zSh$VyEG(Qkw*R<(cD?lPgikj)ZJ8%l-wAKoi4KvdyidT9+S&DJx1=#Ej?`RxT<$Zt
zHf_YejLOg)!iNGq&(f!l#!>I+GVfTEDK<eqBEfU%Aq#3j)RukH{>RDFlrPwMC)ThY
zV{t#@`U=T%FvVuPmKwH{$`z0TAy_gNoan-wLob>()AZW^RdDREQyAZoAFpDcOVpc9
z18CXSUC{)U1wU+Ydt6FD$NLUE64gc@>nMI#u>QNL9&zL;t1dKqxTaUL%q^Q8PmA~+
zL3~iZvhaAZC5h1#fNJu8+JDr8vqEhfeVLww`6a^F*Rb9Z9khS9<cj_P8+-1-yf&vz
zHN4yR9Z58%U8Z7ZWfnNCz=F^ld13JvJ~Rb4$owiBfglD%E$PCZ7*t8=F;_h|ktfzO
z<Fk@y#@Cs@HP962<2HLwvt2V)CW}U)WhE<h$EiM~ilXdKKIR3df7dv`rB+jm=;7h_
zj(>m@v}}3?Mb<mV_RDZmJ~tKZ!ZEZk@=GS#A$vjL_yQtM*CAxnT7$Ke=1N8l3ru<^
zxv)v&tTF|TVB8*U#eLD=coE^n7~K6*zQzq+P?0^pGxQ8?lfAV>3i<7fc=9;j-?BVQ
zW>GB=ysSVT(jgx)e<XTUIiSWq{QYL<G+mfe*7vN*O28Rhy$jRbu?jy=z|YGPd4R=*
zPaixjDS9P>%5|#4PFxp7Dsv<LLVGSrLR@g0P1f*m%lJa2(7n%X2-U0D6(5pNX)Dbm
z{8yQS*<z_2#D(54$u4k%t$3prCu^-qN><^Jph(@`$?>UK=%;_Rl-;jrT#EsEv7F9g
z;U|F8Dkw7@3Fw)4{Se6ernNE83eH(CUaF)j=XOPT`Dz}ebAO2&W%L2v=qEy$z)=Ps
zDbO@XIiPl+I&L7H_J8*7ewG52^{NYidQoAg4-ww-iHAU<p5Ft+J4dJ4j(x-z4*VDS
zUs}R9b+TCt^t|?`4*@{D3D<xhK-#~)p@NY)pbprW7!6FIWr*|gGe!4X9SAMJ5E#uL
zzyOB|bzD0p5N*mwV=66-(p3SP6l%u@{C>C6tv3sQ4Z}I>1~~6%00F^-*{*~Ltu@X?
zZZ3@q4*{NV&K_{$gj<}!;Lt&SyBrcGDD*=f74{V<exQ*ss46jFhHUB{*P53@SJ4Sx
R9^fNL_m0tRgtp_0{{z+xl7;{P

literal 17288
zcmaic2Ut_f_HRHD1p!5(bOZ#Y_uhN2p?B$o-g^-h6a)mM_ZmVK=^a6OhXkbe7J3Oi
z@Zve=-goc+z4yI*-^!kuz4y$l@>^?7_GEunSCzxVA;kdz0C)=W(wYDOrYit|(ftq;
z{k=Nk2SuO2aMzTR1e6bxZ=);sZ6s7A0D#IE+?%&p==viUd3|>P0RPt?!bo7kCj$Va
zC={e6w0vfEjfW!VCxLBG<P|J>#YR=Ut4=yH39FAnrm9#fBj3LjZ}OQ{seJwTn-flG
z;p*eAC$k@k$!&G(B7NR+eM}9je6jHBVOZG8<MJM^{anlR6v(XmK|^EXm5=kn`9#k_
z_-K52`Kib0#289=^OJOoc8f)Us+Re4ZM{@{LdFEu7GR5X%_GTAb3wVc^}bwVZ5u@h
z!k3OO@{J7)R-$Z1G83NZ>gvwE+<Q$GcyYe?==pBr&*kOivol_2(8|f?h@HxKBVKdg
z*XQGsGo(sPtYWczwFWef$_ks5qq#5%<Rd;W{TXhu1xtBcyB92FkFooxB3?$gPvgpA
z-=zez+6<ePt)yC*wL8KxW_`My-AW%NMsL6THfo5zo_de`sC$XX&UnPwjJN3bXBE4r
zau_VE1POA2HssrGO0u;cxfIkZ4-{recZtPk-1^9{?AH5;nziI&mtVm%!U?Df4W77k
zy<<H<CFx*XHEBjU7F|7KGR~pFa-w$J%*T_*UXf=jC2-|l4wiC0qL-Q>QB0d8_cYWk
zY%)kHMJTqBZ``O(+ZvN|hAm8<sysKJzbXGx_u(zWx}8j|t#i5(vaKU|Jc4`VAtAo|
z4wuOxx{GoprpwiGp*Jg^1|B#)ZX|rjBZn4Gt!RtOI0Hh9J-DUC4+##xB5#6s8k7^C
z1@axw{umnfiu}WH8r@zRYfkJq<rxNr;MRLy`D<jk$>Qv9kMUOJO4r+)?$xBtF5rUW
z_v(@B5d1(mwvItUGg3J#8k7eyQ7X;qJykFiL-uwk<?Bf7Nyim&Q3Ygw`HI=aEbZ7>
zgw1xR?fXS^<ztj}q++dV_2~1!3Vp_o0;MF|Bwiz$;L*O(zG=T@tgxadz}!h`*g<Bs
zv=-;Yv3Ew_a}tg&(>Vy`+|pd2<AlfMqs>=RubbP^*Re|Ks&TovP6UO?x(-f8tv?oT
zd%Mto$3mtMHG=pasv=zCT3$-3i9BT$GPW<y^BmRwgrh+X#;R94O{z0F1t!QIHVBVO
zp{`CWHKlteRPH&J=kFzdFq<ey?!LPxa;HURl}b{K@tRj0HW~7|LmX!0`7--Otchvn
zYn6jF;&{*lqq*U}$u<nguflSv>uwKcEqwFwmzmNQGj9#efVo~WS~_VY^Y=Y~Z0yn*
zh2;-uJVYLK)b4w_Ck_}I|1Ly5a-bt8Nun5qKWJ{B6u0@#qfU|dLuTAIH+6ErPo-;?
z?CYlyLg_utw|UB@3_yWX3Ib)*de%qdXBi9x-RZ#Sjt74_HsB*AJ02{e;G;6$Q;&HY
zE?ri-k{OCYNi$0i4%how^rWUXx1+WwHcaNdV`M550^blg7RFXwN#l2OeDpvccxjto
zbWb_rfg$jb1rLlX?2QF;yLoKBSYHWBmxQ4unxvYy;uCpp)cJmsSVQ2os&~oLc|YpI
zhwV(G;wIj0sIbYYa$^vE_UwF<w?M{Ds=d8^a|>8p&hEP7BQE)?q4j*JZ}Bmj{aE*E
z>F;M(0DQ38nf}lyzlmpc_5iubaqAD+S>7jfF}f3}oJ3z57`Ucga2?xQWV~jpRV}of
zu&OgM{IhnaaW^qXbpg$xXu^!z)IMHgS#_Z1OzfMa{5CK1%c=0i!A$alh^ht!vuf(H
zfd^dJ0{QyyHM^hA*48^zr%j7MUaSSzi3%&{4mu5njh#5ha0zBn?V>u@H9kV^GAD3H
z7<){_R6b`6;m2f?L^>vhR>+>sxu$P0r}aHo4w_4t-|f4ps)1PM7BGvO=2U2B3$)x=
zA3X>^s0D+yKNMbu+2Mp70|96b_i%3PB8P1)EKTl#-s1i?qv!4_`;0qq8}u6*<9e1?
z22PKmD&My25u3qLt54^361cn{vC{s5r|xnHi@|%BF+Cs&+Vk?3qI=s&&SzauZuLZv
zy1s)agY8Q@pS9l=4h&C-vap+}F7^7dkDQ@(Wp|0D-Bp05^Q#bFdiTV6Iu4Pj){`>L
zasBJ2H7|?xyv%16QSFTwr|8LvU;7Msn@m+&%3MYq1FvvGbh8zjBe)&BZLe;O#uA(c
z`e~M77{a87(U#>O@F5&q;m4lVy>bh0rfRR?ZR)M8H$q?7d~tn&J3Adsy^4oWFACBR
zOvj05X^daob={5>XEh2+#vpcAnL~D{pZiv=^4m0(n;#Q6N0D7+bLHGkG}XG<gK_vG
zL&Eh}P1Bz>oqJDBFX&O%Pv3eG+!~KH{8-~ks92Kr@?IDF`s4dPQUAmNZz#KaZ{yd4
zL!3l?)*^ycp)c6?O(HWs`q9&jFi;Ld0vq~8CxYav-K`@#EI+5zI*tzi^d@e`M0TET
z@}+bXVpLtv8n=3RFBmipOc@MvVQoA<#4$;r%yO+w&fz{m-ZL~WsLhOfeXu!X;;BPM
z(W!jb;~w6MxrCM%%O(;pq@A|iqZ9lXzmDVON_U7n`I4uGgo~HrPZzI!M~B4st543j
zZrp<(hD;gU=OZOQ{d9=>1gLOiGu3u0^%E=putJ-$RbvRNRMBwSPU%v+{~SkYveG0u
zm6Am)B2(a#nQqjY7M+}&So&$T7o7rWC9?+RAa}Bs)WSiY?H$rSDK1+mm*UL_wtLVm
z{`=yL08NaqI3ck8IK?B%nCR%a{jSItNr{P!QlgrE)L609JLOQK)_B^W<978FUYZ2K
z?7F%-fyvinYH|V}moPs!zRYRAkw>lN5!@Zkp0{3~2sO7gH!G(qet616R0oe$WXS(j
zE%CWDPnogD-Sd5@Q}sLdmCIaZtUn`5{4=^1AU{+~81t*(WN`Xy#8Li^Bq9$x8fXIY
zxjKx^bvf(D)f<sxIBdxh2s#aE$RAvpyC=s|#sCqDoNC9EA991_bE*lhceB!s%O*p@
zx0#Jy>%Ox&hrnclgHpr*R{t6W&8Jp2ZGL|<wo+4u;4~?=mF}2!Qe5XeSyL!Ek(C#x
z={HThomm5X+HDW{^^4%OnrS~?uAkuip67H3stneQEbasuiWLV=&r{}097?Eb>5DY3
zhcvGr2|R#LW5yb@i%c!NpC0lxK5-s#sPfhbYY9((n5gAFJ4{`p<o#kQbKvB@{|j$5
zDMiI0H^n;=Yj5*kr|Df*`TfOmImaEtAP{5~G$~UOWB;7*2j-=Z^0Of4j%@*cxs;g}
zPPjnI8s5{w#gsSPa#E{&`jf^5;^0fESOP;fB`R+Lg)VII_y+*!OCSIWkVi|Gow$`t
z@+*!esQ!t{<9Ujw(snm~KcloMDnEDfYwW+-NDp|v9wSg4NV>G(WhCEHI6TI#EG6!$
zm^$IOqZfPi<Hu8u@(n3QIa<<qtyy=+M!`!4E|J<2W4T2_Wya0rJlM4~Y+O+Fo|l!Y
zictjvh*+`TuIE91^ikKHttqDaQ~yA=vlsHlhnu<|)Y-m4+wBfl-9oj#&bVAi2uL7a
zsvCRurbkl5S;)Ho)XDoDS<R>or8g#2Ih)R8Y2KvYtblseD)I_+raf+#`tHO#h$*P^
z0snjdTOCKwR5F8F4r>J@q}kGK+U$eAmLwO0++bt(W?1<=UOm0k&*aj`ti|vLxn%FQ
zH8e2)76(9cOf`cGT5eac2^k>ei10$lm$i$>Wbq5(R%GSSx18HTax)@E*#3rt*4GFx
zMtKUY%fy0j5rsg!Zam)MGJeKu?wL{53`QtAnM6X4ID&5h#qvXX(<FeXobG;-N!%D`
z{qJ9FB5wkov7fy8ir*hSAucWCNv~)2`u@zHX&9&!A67gGXv~EvRzs%N=^o1|iFpbj
zrTf)eNffue!xNH_T-YAHLK%FrjdztFGnk+|JE1$Yjb9fHW9ynB-|J{P(uGge`QID9
zk+OZRK$7VvP!I_25SCN*c%?zpBK{Fu`o)X7A8o_22$8_^seU1?dbL(6)fi!h{MGUF
zE;f$MI^ScO*>iCq8)XRsqScDWwwW#uR4(?81u{#qx~-+-GJ$?h?mpN0rmlhcw{H+c
z4oiL&WWI@wKXy@}3#&^=W6dKjAUQGxjda{3hYnh>2-v#NQu_&c|2SKr4m*_-));vx
zYd3Sg-1P?UA89Umcud7;M$SSfUe`ROJei$W%>Y98$6(L)oFJSTyY7U0u(N=m*T*zC
z*}3<b8|Qw~0-)ke@*+c0;k#3?J~`k$a3Qo-bVL-+P|FYlZI}r*pgpJ1_)*uVu$vy@
z7Z{Y2@dotAjcNTMKt5&_9TIO;@K5zi^k&|BwHvTU2<$S}kDun^*ZZd!nlEG#Q%y2B
z0}KHxt>G~Td%7zYmAkbP2y=z`ob`q7jg4-Rt8F=i5`k_jY{vt+?(5oB7<s}<An(||
zd47%V0Bu*P@O*)7s6|1X$M%ptMhNTbFXmF*9+4JNh11+(82gx=;wj-|`meUHp!pzq
zdJ{nQQOmA*=+9^4ZPGhGhepKiI&HGXx=W_64_fX-9Z%!(ORcUB2m|r=kcFj@>N?qH
zsT&rzjo`!&JZBJ_;Q-fjRn3AB9Vw1t8~`rNtK;~XZSHJu)|>qvCLs0BuALSD*kS|#
zMzsMU<(L3<Ib+m7RuIVK&<K!?v5p8fv2@a%oSeMMK(DC!$+(AN>ANyghu*pbiK$)A
zVWj+|8+9`l*+$|M+$tFc&--j1O^)22*;iig@g+1OxWoD8Qnd@RjjLTfJk~S=%G`^!
zMPsL?DonjU2W1|cUhn}}-<5wWNpiY%Ic|F)b_Z`eQU_#{c$xtK*(CsgxGn~u5xwa2
z00M4D7N(nfUDI9bU;Y&Rb#X8{guNFwdjHko^w#sx_Qdv4L7BBgsZcM+*lQ#6ClV4r
zBshDi!o{TyDPMV1z8t4~HuhZ>o0dAa22()qnj@pwucTzLe1CzW%-hS`Ix~D>Iu&u{
z)6^JbETU~}9HN6U$_U8T28fpcB8%Yu_Q!KBKg!QA_W19LkTt6Ar}<(5zN^tD%$!1j
zo1Rqwy_aPMGBO%)@but;w(s8d`f`A@u>v~_J4?Q_k6?sKzO6mH)ZrI<SHu9{fsxSQ
zc1?2ER}8?(VtGVRscLfsZ`tP7O^xQS-SwyWD|Gqq*ZFu`?lOoAttViNKlX~F$GIWr
zlMxtYyvtd_Zb_eC$AIrmp0NYWa)K+|W*@PW8DIgbanO?nlwkr4u*6I5S<;GyXs-1H
z5_J`k^9x&?X3kmq-}jPR!&L4RPdl-_Gh6SS-nd6KN=P=9Oe3;}>Ld7;LA;Hl&uscC
zj&J~?<&IxzJcJVHM|BA4=Y1#&=LBu4=bImQ=s+7qfuiEnp4G=f{jn$U@10>*=aVn6
zv{|WzAosHhcZ<33{O9paQ_R6pKShU_aVrUN>5`#U@xP+#=7ZL5CBGu|i9IIz`53-#
zd`%;KSle~)fT5+(XJS|K>c>M(=5QSh`i7GCaTXl(y6-5?Qghy4-j9lab22=L)-N(+
zE$>Sk_{7?M+dm=7!>A&_;CrC4h3l00Tt+y}&W>r;k99pB7SW2STzpk&ug%OVR~ykQ
z(Fm+MHUj1{=d2^tGd;V=$@N>t6H$Y*o+svc@*4dMjbko%JA{XoTB!?h`E!A%Uh|p{
zY^WnkbqU786xYcRDShTTpFet5<(;VDyrOh_I#6cVCRCtXvobloUhEZyHGpul1!m(s
znc|6m5B^+SgV28(U73*`QJ`k~&_TwYQx{wEGu$<>!<S}CgfT{xheO2?>_#LA&3B7%
zSebU<MEs`5GAy<?HE_NL%a~%&YiBH$0B%e~4qN<tY~qxZ##(jnhe+)ja{3;F6t9aG
z4f-f5t}>Q7XUQH`<Ft#gqZN);KEM|EFXaPVq?^f?_@>&#G|LkA6~1#1t>x63thp+_
zm>0uM+(R8o$EqEFwVDia34X(H&RmpIPp&no?{goPkKI&(3ekx%EGc;EpiRLuBKfAQ
zF?_d-64&=7NW?pJsxiV-<V{(x6#v~X>$0Rn4;vp<9yUp{gJ=S68$p%JYK)tJqzf&_
zJZ&o7!CD5xSu)%}Raf0yxUE`7lfvmiXw(z7>T18Em9Af|usuYj1>61CYDDYO&sIXb
z63|S)4iCSF#@t`boOLB@yUw-vCyk4jgv)PR4=TKf%=%1KI0hW1kn;=Oe4}fM`gN20
ziH+`SaE|UYxAVQj`6@4IIz#R<107vmd$ni&=@z=p`=84FA-LQ75rM}?aQ!{}9iK_X
zZB*?tqQjY95}d{S3f>%$mprsm2C+#z${?08UTmaW+Ht0()8AC6IOA3_C=-$#xCo+{
z@I{3OQE75!)C4)Jqc-r<QvG5yP>C5gPZpD0%^PNamh$Ez!%h2(5^Q-Gc}dnMP1E!o
z%Mex8@dH)Opo{YM1hpOMHS4g084q~B%1!}jp787V1|{(WnWkbboVk1V{(|j4I{f(g
zZ2+)L6|1FD8f6kd!jIQ<`cQkpBrv<!y6HT4#-NPYG{Ydu_}39!nAK}Zm#TOC-Nb$e
z3rqN80B1$1c>vP3rvHMGJldATbe)nIfc9htG9`ZuWR#KoVYluWLe0v`sw*f{$a_D-
zd*O4YUo|6$$<V(|W2`vTHMAI-`t!GSGiy05Wulljkzdr+<jwC%t=}6ZIJD69nap}U
zpMa0Ko||P|#Y#1rUV`zp{03z@Un*4J$&i?~xGZ;EUHP5&TBY|-rqLjZHGxIs(6OoS
zzngB0!w;HSNk1yqO#D<H(b7ZlgvAnd7zWG92qqVbrfrE<sCzeY*+FntOXQ&1-MYbo
z$22R=-dRR#XRYaKgc~0^FBs3;0U<iqcw05g%w)3;PA5=pZ`wx0m3*UhI)#Xc;l=wp
z{3dO+k<=T9*8PCv9VgvHAu5LKIU!k@!^$lEv1eA*`vLuedaf;xoXf+d&42isK=OWk
zdgL|K8(?M+&SZ+u4D<L!>@97s?bu*hrczc+|Gk#FkF}6WWskIi!fm$&oAavZ*?iI$
zXw?%k$!MyAkBPsc!qtmN$s_4xV?@n0b*Kt!sRag5R=^mU%hx>ARH72|Msef4aENHm
zn1KRUcdAlZ>Tn{s#(;p1aDWd4<Su>#t?%pWooPCST=r%xovxLI`xT1R&~Bt9zokt?
z+Ql1;^T;a61j7rx?$udN^QsAlpCODDmTd=`q8Hx$lz(JF;I-r-9pAxG`)urI+>RNa
z_<_D^zoMf5md9(G+VlH#4Zq8n=~<$Zt-tX22|63>;lQ^fK25h^Mero-<vY^bT|yG*
z1C;=$EEs>glE30e$8x(cS+yYW%%A7&Nq%c;y2d1%@Z$;lj%O#!?}B_Of3rMJVhC0{
zNcB+p=2xpCB4FKJW56+D9l_(Jv1p-(*P6<nfdSGUGJ4MA-#JMJ<=RtlS!heC;rdQ*
zY-&<f2Y7Yj5dEW@b7bRdWih26**5tgWLm0vuxk0gEEYdJ>0UOx;p34udM=2u*h#Z*
zl(g$alzJt=)e=x?Ww=<Y-*^p}U_@-!%$x@i9ozAWz18oVK}PpQ@tc#}Q2(XN7c8qK
ze*-M!JyKo$J^(idzUZB;jA0Emh8x>>inTr-zli3Uilu5q(&^Pv84)VTddq&?5n&6Y
z@`aPUA~tx$xUGpTUV`V^pJvje(0Cg;>>|lCN<g_;;R&ho)Xf7EQ06m9s4NuVw~HKd
z8#og^{0nP;@`t}2^Vt}}8^Dg6oP_@RtI<VEIOyggoFRUVe{Z+-Vg<JvC$bP8t}EiN
zxVp?oCKeEcjPI+tGXEOf2pLJbyD{fvO<p$%uExPFfsbUYo`j1DR|o4Psx}^9evaR=
zw@3Q25tNJC`UjXLW{R~riq@lUYEk|{o_%lbHkEX#KIP#We3Wt0&3I|}WA38+3X&Ob
zhn#-07_>VBFNi4{xD5`r+n%m6qzb-f4iX$O^!$GA+~S<*7cWuLegN;hY`H>xlPCdH
zML@e(!8gS-^Tl4Z#Yd{zeYHDts97)Vz6~i}jeycbf4+-f^(w?6GP2cG6drHkHlCFy
z{X4^q_Hz$irVc2aQ*<phMev1UZ13s$qzF>$jqUB~%$g8Z)Joo)gh#@QrtzD)<(e><
zIrl{;`C{SwJ~sCL_PadwHAwK(ypPu}&ho+N8@0G;HRWESY@{%1r?qE*0j{w8!nviU
zrs@Q2b3IVe+UR+GHhJb%@k_dBE(()8N4<vz_PqspHXD3>x{<-wHb)UN!CQB01x}Zh
zviJ94p;uu{_c6AME|Bq5Dc<ZJN)rn{iIOc)WXOd_Ocw)s+;<G!Pc|T4RndG4KJFE#
z4CWyg4v8`ae-i1ZjP1;(L~k$wA8-H<fq)!LfFu^W9HNf#cUim$;Bp~}x~d3PtX)K%
z>3+j)S8&#-Q4hX3>H$Gi122}tTVkpF_ZQoo?=@fVH$AiV-54ZED~zg<OFm!lA8ADm
z(GQbg{+27!DUfm-XZ(>%s@S6I;Qv7^S^c%b6EmleU{CX!Vmcd7dy1^Uvy^}YwXx5r
z>UVqP<-g61=5r0ycD`0{sF2ATY!grIC+LWTeX%xbaFZc_2;49&Vl%ltSRc4EnDX`>
zY`ZlNGte3{)N-g$w;*;kY7NlGl)lTy`0_N~jCW#-r1O=&2Oc2VCdWX(|13r<)h3w0
z6j?EPLFVb}t8XCLKpW*$MrX%TfY<D?9d|#{)iV;DHY#02IG8K)EQj8@cN0jkN%(wa
z^4!Me_GCxwCXEmyIcl*8@VBU5Y5~xqLYJQ~0?_5ZrHL;8CC&dsva%5g_66RSkc#zl
zM)%vNHbhUrLWM;u3#r<@YWdBs5QpFd?g29U>orzkUv9r+KYajmvU<tTZg=6EpXsgi
zp_O<Uo-a(u@=m5CFA}0&B|APSYbxbcanTZ#D61syvIfsj`@UFcbd(*QkYhtI@7742
z8DLx+>+GpK4}1U^tW*zVA;>MB<z^d*Y82UhsErL8GAn6NO6}3<PtY}XPkEBl&2Cae
zW``T>T=q%-F)@IBlLdT{u+^3Qag0riqEyF!v(+OHo?DyuOK3qNr}*%4ySw&lR|p2c
zJ$Q%AK;V+ROxW!_C1~nyS}54K$CU|x2XEtTsH5HxD8DrU;rqVj{q9-$b9oNb{fFNv
z(zp$=N#?+j;^Lu1KOMc?H}S|L!t?R(dUel!A19ztX2iA1M|ZC^ISJHK!3HVOSH9as
zyJE}Fy)BtHdn#F$`b3H&8kDPfa#fe3!bdOkT@`aPFg`c|VHQ+RsXqXK)Z#J^F&HHu
zsz1fl`tT&1=6^SZL_GPs>3)$!Ey1Q&ON$f9)$pM8*zW21JUi8IyWe}PRe}vWjdV}R
zvg$Yvp#s~oNSW9q?hS@M1^Pg`w0kvvX^h~({jfS5#P3R@eTU#KK|;jF?~>@Y2M9X9
zlONBt%ki;-=uT>>66uWTydB2+>G{2*DE!}v8cIes$tfOH;~2ew9hnQ_>wA%dP{^8>
zJ;ruSs)E7G2No?J49%UQw_uOUi3-=PatVqaCMrmReZY}Dd8wuYD6EIy@qmWPtFV8W
zc#vWw^_Sef%`-3Za&4$K{<&wP%ts;_9V9QXS=(PW%W%YMj^S3XAFT6E2GN)mWpz{&
zhdGc<BBuQGiq>l9;+)9GG|5U>*K|UgXV^2d*{+a(z1}f_MurX>QaV%0Gccp$YyYk>
zTeq6=`xauVMGo0O?lo>|#2eYj%aL^3sm>?+MjL0trdWoIOdICJ9N;fav1p-+=q*tD
z@VMyl!57!Sx0?$$z}ExIFSm)NhAZ*3Y$%Lg{WZ}t96Ml+_F?W>Y9I6wv^-oe^Byf&
ze-<R{`@vEDq`llca-Z5)X(~}Y>LlZ}eJahco14~I=T)}Tkac)$GccR?%CSk8oAL0_
z<A5|fdVO24@9R$TK4~u4<wo#$Dd=ER-1FnXt8~G6s_laE^(l{giGG{J&2`iKtM}ls
zNvrPt-;F{#t?J2Zy2YEey)?|D`8I10ROCzg-)1;zP;V0{$OB*5U*w*>(o2|w*-7%K
zBF#Lp3Li=duh&#OB;UX?PA2uZVoVX;d_nq%>&sK(crbJN4%w8>2*0(E+9Wr_Fhhwp
zgO--n=I)P4tw%uLc>amJDC;&yWP~hMD}(w}AiqaK_=CVp^4<?R%@>Y+jsun>m*vPO
zMHJnwEr^u^k`KHu#bvfk#LFPhreo<q)1twG5l;lkii9SB1i)k3^(>72_iaz9))c;I
z^Ie5Rj9Q5gQB7|WG?i)GVLTu4c}+hccY<!dl!NUq9^SAy--T=ba(WKCAgIyCzHT!7
z5;m%MUi9z}O4Om4f536S=pVdDq5<+ZUeHbRz@p%rQ&aGhoV-&{*}u>5VuP!3b=~M!
zg1q_Mdw+B9UMG4*`qNF!hdMM3Ej@S0q7xcT=?eP}8YgU<y;gQE-^nxhCgO3PEh;Q*
z^hm3X#TCN4{mq2z?RVq3Y}ZfzLXQQCe$*j|P0oxw{NMIt-<71BTY>uP>xy>qb_htO
z8-xy1#F4WfycspfjKn-hwN^(6oWVUq66K<z1q^mr#gE8zy^g8hF+!SH*et7Xl~-aP
zAgK{J+5Mu-Q1>2=LM7VbgNn{ird!8$rjyT$T)*JCHqIxl)<dvO@-WG$n4ONx#rMk6
zS*JdIrF+rt9F-=n%|VvY$$AYfk=tc>{S?MfM-41p)_4TwC@RM;KGltqHfQ@Hyy{Hv
zq$%vAC9+3utQ-jRU&+mRkcTh4t9&mX2e$Tx+K4DMyO^Byehn!5c^m0jvV^emc>KY>
z;H)53T$5i2115}?inEMq&kF;s23xYLal&kx`$d1r`0qpRz)q5BP!1sgX{#<4aG`#`
zC?>mV>*%P`KOmnHfSk+57diq`d6tS5Szk1{GbV(oV}q}Rqe_ArR`l4$tB*|AtGO9j
z9KP7cgnv&p$Vh-X)Mz&3WkUsO55(VG$oAjeb3Uzmrg&8-;VJT~rjf|q=(ctCv)G%}
zq<gPSzqqLfCm=fm^`xlMdHM<GeArLs-|XBvQEHu2M-@FQYE>*OOc?3c%*87fEYahL
zGjM#}dg&nctAC2JrI6MOl5VTmbZYp3hsX$LoJlIW`9T<~DSRBYJhB~Vk*#<~tn|z!
zBelWhNGE_NXXgV`dOCA0Cs!-k`S}Bcg(x<qidWcYK}UwM2Rvd*_TZWp3Xy#kYr?|&
z+P*`N@t!KDHb%WK#vR`Z(j50=IVUf0CesS0i=KMDW5<Ilk>L9B9=yleI*@OnYxjIi
zsg+)RURs+`|9vqF9bwUores!vYeLP;0&xnJO~Rr-SDuITE^FMgA(k|nqH-Q!{uoL#
z$<RcPl74<H{#AqAUZWi4%`yA7t@>Dhy(B|6CgWca`E$Ve3pD>6{)#o?^XYnrfFejp
zKVb*_g9u}`2_|fCaGi&)L@X^Gq<5!EW)ahvxDTV`Nv7C+-?wHN1jMaixnfkWa}0NV
zs$MB)j0J0|lEb4dUSceanHhyy4(Y#dOzOwf+SSm-Mwaht0E_aRiK%r+Qp0f1$cwy^
z${ip2!+0RAzw>gP{o>F=62z-w1IxZJeZyq@V^C;V{|~$RI~ZcYhCX8vg!thUF;g3<
z{LaHf_==-0H?tPeKVPu)$4mwWNt|p+aNPGS>1g@<l~<Q#@CM%y_4#N>(taw1I8;Ut
z8ChE?tgg%C3+|%yWSM^_f|!^9A?O5(7Vz^psit_H#th&QeWsiy+GkPk-W+hli5?c1
z_1z)9Y{D77{IYhpZ8@6SiqxLw(-+W<`_x^nqE?2&$u^H^#3`z?kGVQNUg6y99zSTi
zYsD%~nM<L+emS2wX25e(+{P$Y)J-O9{enx3S?PP?9sH&Q2NY^RN~L;m<xyfbnrXo1
z`0ld^0+GE?EdmB-nj@HWDYnU<Svze-fEF#wNd3gmw67%+a1B366neVW+h3WoG^o6d
z_zB?_bqGaFDAIm8gEfX?(VrFBs|HreiM$_tX9tf%rGz;*l(ZbjzuMLCP4*BhDp4qO
z=Ss$#->H*T>Tm$)zQKa=;r(M32z{=QC)woy@Mf0cB$LC!$x6-8R8%NJr=#Zhu=QZ^
zAX93&>2~W1krj=bHEyt%peZb1=WR}9Uzk-va|sp8!M~P43Xq++^V^@p9)igA^&Y*3
z!7D|U)0hq)NT_t$i4;X6X|$`ZiA9q|pUe(~ZywEWv`kWP@IEL~bv@YsWH0cDJ}G2>
zf+%PgTXbf$)4?msrLA$$BO;2KY=rtVEQ?Sc1>p$MXmEonB@31uE1H5RJ>01MabW5+
z$dXsZ1GeVS$WZy@qf))+3QQTvaJ9z{VjtfVmfGSoNRCY*x7{p-U8&6QFZ)ii^D;_G
zv=Vb0Jk^p7YQfo!Y`_|7EajS5&&NQU(#y05HT_|1Hz(I`smPE5wUeOkJ=pljbb=ab
zA%8*8!7=OBLV^FZ+VszF(({*^yn{VI<O-P!Ovbw;6KIS3!Qk6+pmuDFxpW!VBD1H)
z*VE}!eQ)NSD*my&0<OX|3w*6SPG(&^5iLbPMtEbwPUDa3U8%7-(BKK)w}NAG&e|eg
z&GZo{f8B%P_LRcbu57_~-0(4w?UxO$d<?`O!^HJO@0XO#oCok0f?5&Ue$E?i+01v1
zSyu(up5Lvi8A@`JW`AJstZAM_z;*^l-WB8ixYkpZBk&j^s=wy9uJ6^GWK~;->1ORm
z|5n3OPxE~fIt16QYKTlu!_!i;x8e?};q^#ADm8U}rqyQ6^0etPT;cT`&auIX)s<3@
zZys%N5L5!F?wfJFJ>PT8dd2CwFcpd|_?+!F^Q{%3B(snBpTPWIJ_a4M(P{0U*gcl;
zYs2~vhA%SpRW33yU`ipW>0WDT6LO|(uANA(y~WGao^NlO8t`(DM5+?^+s_AS)K45?
zkiesa&bYNjy2f;p4%zFV>wxL0sit_23D=4>4y%g5K}*P|7b$xJM(7(Fvlq$_Qo6Dq
zM9{0R5|iBo<U8&r45TbvJCV{fE(pcfr#$SDs_wIhIOYIlnDdI{uJ~KCs5{S`5AI~o
z7&jUf;JWO8x0J^hiyI&jd-kl2XZrK>W0sTTT+}G{_)M-dQNT#40J7_RFa<s<Rafd2
z4C*+4Oc3At2*zZ$W$nD>{Ih2e!zhPHo$vm?<?y#S{_Wm8C;~H{{;6&Gng6_(or%eK
zR#fuHUrW5@e$iOD`H6Lev(>{cN@Pc4wg^H;JgVD2<()0T2f23<A_%mL{zd6Yn=QNA
z(jiWi@fdw;(tYI3S&{P<rFN~Ud=ka9*|JWdg030RALd!un)F=`$V^2^IW9yH?{ua>
zcvi%B$gTkDU*xJo`&=hdty?*?VlaR?j_)F#7|8uQn?kE={(cdaL9XgkKlkj~80F!a
zXiu_OmH~s-Mwj6)_o&51s&Rr1C`nitEnTY&g|`!zUso#|p$um&zsSnEsZUQ62fv(g
zOxPfGO=$DFH#OCb_Yec&@k{vu_KKRL(T#{EV<Kp>Vkuh6)G@wtq_hA>&LJfUVpgt^
z?E0q1CG6>Q4Df32TB##u4ME=Ar;?+M-ax7-pbax2O?(Y4uT@s;AkVQp&JLcQOo-oB
zFI`v58%&s0wh0o-mQC~jUrl)oWZ#lepKibdWgfQp{;}A<)>!~x&d^p?Qj+R^MbeAx
zTr$|eNA351+e8>Z3<QZdYVjjh(N?QC>IR~b)z(b@_+(;WAgK+t^H4oFYb<6lDh+nK
zdj9chAcji<12|7sB-SEmmI**Ov!D)*&u3k)ZaNod#Q=<rJx`I5cT26eSuNL(qE-c$
z_(ewvO%)|oMb0<u9Z4csRgb12<C>ZdIQafdYqoEG(}Zen$s`pPRe}UUXKEyOLZ_9;
zzpvJ6FwQRhhG`@@tV?Uq73i@*?d@uWX8DAwxDF0(rZZ~JM$S9UVyvwfn|--Xg06LD
zjGvaTWCn26GaNkNFbq~3Jafr&npIXAD#m3U391g9Ir){onX#~NYpZxOXWSZi>A`K$
z85QwJ1?EEE@OtOqqgr^^-b`myqZOCXde;eP0a{kJKD}NBTKIOsapCQI=2p*|Io-(2
z`+Y^W>lJ<RCv}u8dYNBURaggUO~VIeuxaWq%mqjds$}?C_=4tg&3(@o#ha%$Hk`X2
z=*$%*my&skS6n$gCgx+T*HEh0Xd`BK()vPu%lWAN=c+80?6RyQ@9c=do=DrggWN=`
z7<qgiy#!vQmZm5TpxrX!eIB)1nc2)Uf!`0U4ff1#x1E#*uQS3wQIWOMk*|h_+rb^`
z41V4@R!pCD-DQOHy}!%rJ5Vhv?Hl2%3A4ZiDATmf<Gkj<ztLeL59rD(*QuHwJ(hG>
zf>@c7d$dj|<Ji-cU;v08v%$^Y*X&)JALr%!uQyc~1zfL~SR8Cu-HFW3&d(BH7wwfO
z>Bf+Y9K(a#{H{*zEZW{aH)m+9`fX2_f`GtjJp1`Wb5a0+&aY6BQbt;}_t0m>^BmB{
z%;23e=jMxXXV#X9$0pm3Ci(`1o)`1unt9U>mtB%9MZroWklIg_fOcZ*V$u>C4zef|
zyAewDN9)D$fT@_r*7!<pmh-3W0Z=+L-5Ag=ZCTt|pmflD*g<{dEIe_Y<LZS0h);n|
zKG}P%-=_rtDEc*uKSMtOF2wvd0XTtx|DvzxZO8v2Wv{~WDJs$Oz?<#7Ya~2o3QQnc
za#zMBVqj`$Y<hitCL6dpfQ$;ByXzxpld`}7eC1F@!Dr7GP^+(3Onv?CCJp#$c`w{n
zLH32^<>iz@Uc2b0<VP_~OibI?v(wW8zQ_5$H4S}kE{^KcZ%PZ0&HA_V3EF1cJof?Q
zE`{CuViz}O;Yfm8qq_mqsoMr*me1wnRdEWG1|a?T6T6Gm-g0NSjOM<_Czg>+5q~|m
z{kaC0%M2m!U)IYVU0pH)#$MjuBk2Oq%5k3Q3M&Tr+=w6LH7tJng_C4d??S!c+^i1c
z3h*&9X!hm;b*Ai0RfHQx3`uLarIb&8^>(Cu2rzra<=Hmf?1fq$uL;+^JAB!n7S%Lm
z-F9|6BFypGw=(~>Pw`ecAy0mIn0>tTWb)(Wv5f7<t_WjW0`Bv)6et6H^o&*US(BF)
zxIbsz0k0bhV8>5kJl0GLx&s}&Hw~zAy{i#J&H0}W*xuW*Z+qKeSAh!4EBE=ffs;0<
zjE4<%6EK%E|E$M4naS_k5s+QG7{sX^Bp^6EMajuyV~^Gpx<4?hU*K|QnW_I><H}z1
zPT=*mt}S{Cg5MyFHesaI8x0F1BfH=oxvU9U0N^wkt>F-5tbY^061`R7Kj|e11Mr^&
zNI`EG_%|v3mjxv*P2wGFH4AGyMJc+&nG}bdwXT`U{el+!ktQmP!cI7zK=eSKR>g78
z)iz8rvP^v3mK-$<_1wDk4u#F^_K#kAA6+b*W_zQ7cA$*MDNcIGuv+!9FIW5Lu}{^@
zpp~Ie`9!%!iFcbj&;lrJ$4A?HHl$Vs870FRQfV<v7W*_lX3aYDk<G;*)n-KB+-3HM
znGU?o?ip6MIsm}z1DCc6?!Z8YIZoJjO?8sK<zX#dI}OPlw(_%N=zdEw)>$01yOODZ
zgiV^M>CJCUK*$&+B+R04t7dT+06X5%riJG(C*6*_#>tkClhZ+(!NqumQG~nx46i|D
z>m?FQx@yxhKc52tU;GMXD@obDgsG2b7taq3+g@HalB#wyZm;Vo*)1#ejJ@hns7tS2
zELOA-Wub@?oRu_~mKmN3s-d>yd>CDlBV8IqBx3*oup6WpJh&yqMguest*1Ze{1+Pk
zb^L$p4y*unpD-y%y<r#O+n|~^Ec4mm=*KN1%YTtvZHAzXOcbtPr8uRWAj{91fEo6o
zctQhWU>h67sDs?oNSAME-oJ%Dye+qBz!Du{a%t{?YQ!mu$gz`cFIc1uWeC#;$h*8}
zl<}bCdBMU%NmW{=RhU<X?1-bwpc(uWw}I^G7kix$CrIG<7E%OmZc1IfIPH-&Eab_k
ziBoXbPc?9Ot_$68l2Tet4(EL>=8t%ua$>fJ?JV>pPhw8@(_Y-83Je9e3xmGnX|=Yq
zFY%doTlv;7f*u{;9w7f#qzh46oplo_?zu43TP2hA%}B%dNieY>>niEc#Nq~m>Dct$
zcFWZ-YjB-NfuTl2YvU9|2m}x3U!fOC*z<jsA!K!9q|(G)7Nf1|l|vocq-Qe(N>ybY
z`d#Y(1+KWM8J)RqD~BjbD{wUmpKN)SYt?_Ipu#ybI?X|v6mgAH$!#~O?~<8HGi7p{
zS4E&lq4LcY3(UiOO+((d!BgJ7;77S>9AAaoFZklj08gPu`+FP9r0!Y+X1JfN|MxaE
zcxv~c?soqVVS9o}gxbsa>wL391Fx@I3XS8X+CT6Zs+%gp_Xmv~q6@hW=yt3#NLAH(
zdUT*#`K{C~Aa=5zu|VwWC+jn*22dA2vKbSWYI0`;&|GYwO9*9B-V&-S@2N^z*|kb0
zw?3pjX~A|*L!Pq%f4;42@iVh0aB6KY^f(>&+Q;IdV0kXe@wSy_6DVI8y~ifK9Q3oD
zLol0z<1wH6Vw+!9eYAZXX_PV@h~SMpSI~5vL!w{=R_2b3kj50{Iq6?cz+m`<;l!J}
zA=6zUSZs32pAr9z<qg_YYkn#3xu*S~`HJ=}U-SwKZ!~hRo$qqBNrG)FnzL9^c<$=8
zt_K>w@qI;`d38$a+0-(_fyU0Om1<;+vU}?u^kP;J?FIH-!Lt_+@u#lgrL)P-?wUba
z;O46S*l&G{<%JFk^_YM#k$?Qt|Mp4$_@`cUjQdYw|B-U_KGKw(<Ie{V&fSsHA5RKs
zU%F{}`B&KEsY1*jL{$dVr73M*+xej=N!AA(zqws8);jb}ZTp}m8AZ!CeM7*gi8H^K
z@O$Eg(H4bardv8tWt-E&w}j7o=bPV=pP|-I*VeUv!2Iy|t9RvCro_^{Yj8DivUinH
zu2Ys);A0@vtp^<WtYEeF;|G|tcVbwYfuDN|uG-o2iqGA82)<@8)<%itg_I_4&07BB
zlO}VxtI6T-@9h^QbB<Uu-eBG&t;?d2{L%|tt0<{jotGk@gnL^BepdpVWH^8nggi+1
zN3>lbqcLRC5fNA|0$QC0A19Y$WO}BjT2@X&3~>ib^EKbv5Xvzz0(<b+KFYpK(XKgw
z0S#o`8>EJe-wCg3?I?KYj!f3>hhd5r7N>xt^<PtiqEvNBAN1vs^RU6tKQ}$;GcMzl
zAHOo&JBRvV?Z%q3u(!k^%G0G>0+n|uH`jZ$u2my#icw!FQi`c+gg_@cBQv$-fBHMV
z*6N*>QXf@E>jo`$m-hYV9LFh*06@E$vQgnNIS!zmKLKqsU!mwA6oNLrKhX!*2C;ML
z(q;BxuG!b!+FJI8i7iJTz=`y=1Y19vbPSEbb_psk*GoAF{PNR~a^A480!z~ZZuBN}
zGN^`;YA+}7ceqW^lZaC&*@pFg%%iGZrX-j@%gKU514&tl+hQ{@(K_Qc%5tsoK`(5%
zSIhNBhuU}d^dgC@j+^xf31#yDzXfG}{hkWHy49`P-7H^+fY}eIiC%}4nb{;x%Xxd$
z9Hu2=)VkQ~V?h8)CNn<aJl#)jvuo`tR+&Ptkp8?b0P<R`uwZ1CL+nL;p%Yn_!#3^e
zP|Zp(3UrZxBAtpfDlG^@aPc>Obsf;EeANp}*;R&jr)}8ibSv#H@@l*S?OiM0X};WP
zp`XXU%6QvwJantovK>cVfBg=QbKd*T3QSnML81_>V>w8i6v?D>x41CB%I}nqK|F~U
zK!h!%DtKh{>z-W1`2)(PO#lVSZ?mPr{q~S5ReIMg4l|GHcN`%Ud(oBlyB7~yzP<U}
zbwyh+Nd+Il&7}tRna7qEC&?6FI?}JgX!&`fgJ$L*?Q}^DF|weHOn>NFTpi4eSj`%b
zIx5Czka@|L_p|+kvZQ^JO&{a0G0s+i3hPDDU=v{~Yqfn#H}FY0Rln1*wclQ<(K(r-
zLX^?&)!TQ{rkkgy3eeK}w`s~5aP8E7+<;MJq%sx>CG1cxAvUZ>RQIkDO^E9}vwzqQ
zjxJ>5hGU?z?OcfjR9l`@)wU@`1f{|X`FMv!mCNpDs&yQ#=c!m8Y=v<ugKg-yq-t>{
zXAIKxr`QU4#2oc6trE|F*r4QE8{Xib`e{L)Q$px%UTrPP!rtZ6&eNvPT#g?ExyA-L
zVwVOT;gVyhVrBOC!gB!p320MH??;DW)pfLI`JYvEX#T4ml9>Z)k$aRBegOqQG6$jW
z1+*4&#LmiM^JsDk1vXb6QXVHH)W0e#{Ja98Cy7LQg?-ApT1)rKele;Ws%dxdTQX|}
z5^c|w?pLb{6hnTF22F5@5Fb@@nya`Eo4_l&v1Ore1hj9ojzDZZ&=rVifh*$5(nj)J
zX1*^u`wMM1R71D7<cSzk;syrc_|wIsFQ9>UN~@5}F^bh)e!jqnuQjDT(B8Da`{+XV
zp*jr>I**Jz-FbfjZLeI?T7rHtqQD6O2>=1@&~zNYl9nnuLHwUpjKAAm5F~<d|8Fk7
zpR#aV5Pj(esmQJurZ>0O2L$j7=#jso5{KvyrCnmgifd(2E}uy>&Ti`dPue^W;gy#k
z3>TX{y$EC)#s88=w5_6fO9nZbvtcNeXu!o*UQFu5v@J5{c@jNNn7Z@D>Z%dUzMU4)
zv)vRq9~!t@chFR=3c7(AtMNfH%RpUf8TFvH%Z;?c8a~RFwzj+FaH^S|ybbr^rjNga
zB=Q!2$$g?_e4IY1_^T&eQoWsBQ7%21;0G|=bZG5)Y5gu$lU}*TmyGc_H;f2uYBCZI
z@~?%iOI4qdht&zd*W|S5k#ekQf)L*_7=sYfJ<y@wrxR*oj)vDgRKZ4+1BvB1xmAXE
zS_x{yA3aM4_crT_Sw!rj9<`CKCF)nQR?W@5!+cEnVHbmZ55}EU8SXu^iq>M6TFZ@V
z@dfl*%Xt$?W@3gxE1YVOJRp7M;9JM{VA}VXVGVSZEH4!JXgey-SW$7nI&XwHMn7#H
zKc{&G$$e}~+nt8j-RqtH0vw!OYG{3jrlV)~EyEAmc8%wpNomt{Z~guJ&DF~wMi*v&
zpbw$-y4HW`Qsi-!SN~m8VAv*oe4nM@$}i|M4{!<mbn&oCHDe@e#H8o-?fm@7^v&ha
zbq_rAe53-AGRIcSd3}7@BsI1AGmhMLzSG$@DE&tilT;yljA&PiFoB<J#~|NFF-3~{
zOSguGC6}_ZmPX{IYSpl};68_#jBYzL-W4HPz%t;9NFGBJFAtfDwKeYO?o9RAehpvv
z_3HYY+`;P6dE*Lf9_LxPXZn1flhvk*bCbEn#3d^Fl6(mITKFl%QRkYK5Te=%-C5pN
zgtGO_-`@uh&hL1ZIF)xLCiT6Qn;ya;<Ri_*o<fT7opb3&g(XepcsE1{)hED_*PP+n
zeqRk+BB|yws(oC;&QmZ@*6;eqemiiGqmuf0Hx8}2m_4z#hpiJIyA5X+erKP~<LidL
zhtyZ=_$(ZBXT)}E78DcjJ8ZlpfM;=U#sb+KDdx8z?9pmm%zL_%{WVg2KIHw5zTZu(
za0Pyh!Dn}qpK~{}Db(~)#+QPyg{te*QyBZ9&s@Mh1KyX4X-QSCBRZ=ae(sAr2ZyZ_
z-5g{{FJx(3duO8GfOXt-|I+5m@UG})Diepnu<>uTHPR^EJ=;_N!Ao0+Q`)lG+s1*y
z@RiU0Yj!g^?C<aWl9;s`mOsmmnw@^<t~De8Iw~%+xZ$s<M^4h1Zd9<yCInyCHhZ?r
z6ppPAGza363LhKSOk2#q;T{YEuEX5D5zMKQIrw%wqUS2JtxViGX9{X2!ap$!aNB?S
z3DhV294YD1P&u#OpGlo;Vi>=eXNXu1YKehAPZl8E0j4P}`JR?KEi?^@`dETV9t7&t
zSvuL|4YLkj#zO3t77om0`u8Nu<kz`=kSYwmZ!K-Cnr6`{HcEDHS%KH3iM<%}boAV5
zxmu(;*cdQnQ)^&x)~G1P4z}0bgN1^x<8;z2`&?}5(0f1x;vI)J@0xu_pqo1|y{x@e
zn9-F|+qK9@PZoW=-CFhN?9-repWkkzkj!&_<htPaq=V<gxm9W$URM_sZSiZtcKkrV
zp~v$7#i{?d%ZIq3m&Sib0Fe~XohUxfgJ&yf=sSdRa|d@4g<~zjEciXy!*4mgPxO0k
zSXCPueWy&p4f2l26LXDLF6QU8Q{dF(m@p#UK5stVs^nUOicMxFdAmw0uM+F;`VPhg
zUd6Xfu)Z$qSxIht?*au*RU7TZo+H7Wdb#;`8lEBOKXyRJwiPtNHtgx%US)OA4=V3w
z+Wf&}jgV(s?m7?0N25(wogkx*bXAFubWbj|Q%UKGG7P3CsdrvMRL7ticudBcQNsEb
zBip;qceaJ&x~d`_{52vI)Ak2&?EuXep&y%ke=@YCv59#m>7_&>hX(0chykV8LmE1f
zz@{<x=74d3q}az<$7|R{BinC97h&Ek54G1W;P@Xdh=I2d+0~&#2N|5*;ULr0)r{0d
zo$8CuPlEa--D!+TLA|Wc@P7_4l`{&cF2hudr=1{f+TQ|tPyKw$oY1+&2{A;LLg#?l
z3-`P+a!ZS#zyTo}0L*GA+yPbuz!#f1x8|33o*Ucnd{0pH4tvjEV--LCiHj6ci_6WB
zfL(%Wst(kTzR`38YvSfQMm1m)n}jEppy*kkA8M@JD7+ngK7hV}cIJnZ1=$<-9j!pB
z=nTnIr(UNYU-l#{GE)ny<W-DilU3ZZbbSJUNxjcB1hg&cq3vP(wInSq2#?jV;JVpB
zd&-08-x&v6?%4)q;TcuLS+V%bfo4A3lNDLQDBIPwWBwYQ*Q?;RVSiWqMp)KHlK#R#
zCX(thkx?Le1J<z$Tl;cfWbl)q`c29J<q~W-No~iwEykbS>bC%OTkSoawhOFi00dLb
zY7L?OA34W=7~r22<gaS5<0A;>KVcf3o}q)f5#<U5Gu@99g1@027~VSdYgM@>l|CXX
z)slH~mV~qK0*bcbdcDAiEWzQ}KWRpW$&Hrkd>v@DHvrCG*iMa(Zs>TFv<mzD3;nPt
zBV(q`eBV?GS<z?js{Bqw@bA1KINfjI2qa}1)S7>q0GhB0E!ktYwmto3`zD&<yJ=NK
z7CHzO@O%0lfoQFQ7J3eXQ2Q_9&;QOadKZ?4W?**^%n8Z{L85krbVLRL0N?_K|G}dr
zX9k>G8_ko8g3BMgp;vQ%F$e%G-J~}Tq{XdFIg(!i<rBQ)DLv3HJWv%W0&#T<<bVh&
zw;gFc(V3a&CORd8$F>y37{7@eTH*<~v=!Tzc*eVo0H36eg%;LE<Q%C-c*b}C{)D3+
z-K>%1_oLyd1_gSoR8woz@P4}8l?35rqaD@^W6`B>n^KgZV2~tp?K?fb=@D95=QSEn
zq7}C<k?2i{OR%Be<u6*Yv&&iKC5ckr7`>#(i~gJw`^|c_)x0z<7c>ydHy)?O=iOU`
z4+z1ff~ZoB$YF$_6Ul$^^e-0CE(q{flJzI6LNA8UY39F95khX!?{_%E_(ux=YDV8N
zoNOA5LU#VL^UC@0elhqC1sfS#Vntuzf{0BQL{hA2p=apsinyc4hhVl_2_chacPbWd
z&U~nyj;BRBB_OvAK(V$fOJ0B1*}y>0>rIn}K#uD*_=sUCdIE>A^hRZ0cmEbk5$9MR
z|7#=?xyLqCx3~}x*kXQ(l2=6?_$=^B2D+xDO(eT?fp0aVDs-S(&3<IoV}|UidgT{h
zk&>>A0AU5ltq$+HWRZP5s||A-c_;LaWMp>7rs~C_l}%t>ETU?sZtwg|>QKNqFqZIp
zGD$f<4q6ndD$k}g_ip?iLvAa9i$Rn12UX5fromT;66d7PBdu3<m&j?v1pRi*?k;=N
ztAZ@{`+xE1so19BC+3Ql4nNW;{p#RzCloEs%@tU%3OTyhCHa5k*Di1r+(jfx{Pu~8
S6#DHM00kLU>2gW4(EkOwozf%#


From 80b115f182b8ff56f61add8c2066b770d040b222 Mon Sep 17 00:00:00 2001
From: jsuther1974 <jsuther@microsoft.com>
Date: Fri, 2 Dec 2022 08:48:20 -0800
Subject: [PATCH 64/93] Update
 use-device-guard-signing-portal-in-microsoft-store-for-business.md

---
 ...gning-portal-in-microsoft-store-for-business.md | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md b/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md
index 9f42a60e1f..48758015d3 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md
@@ -59,7 +59,7 @@ Download and install the [DGSS client utilities and PowerShell cmdlets NuGet pac
 ## DGSS PowerShell Commands
 
 > [!NOTE]
-> [... common ...] are parameters common across all commands and are documented below the command definitions.
+> &lt;DGSSCommonParameters&gt; are parameters common across all commands and are documented below the command definitions.
 
 ### Get-DefaultPolicy
 
@@ -68,7 +68,7 @@ Gets the default .xml policy file associated with the current tenant.
 **Usage:**
 
   ```powershell
-  Get-DefaultPolicy -OutFile filename [-PassThru] [... common ...]
+  Get-DefaultPolicy -OutFile filename [-PassThru] [<DGSSCommonParameters>]
   ```
 
 **Parameters:**
@@ -85,7 +85,7 @@ Gets the root certificate for the current tenant. All Authenticode and policy si
 **Usage:**
 
   ```powershell
-  Get-RootCertificate -OutFile filename [-PassThru] [... common ...]
+  Get-RootCertificate -OutFile filename [-PassThru] [<DGSSCommonParameters>]
   ```
 
 **Parameters:**
@@ -102,7 +102,7 @@ Gets information for the latest 100 files signed by the current tenant. Results
 **Usage:**
 
   ```powershell
-  Get-SigningHistory -OutFile filename [-PassThru] [... common ...]
+  Get-SigningHistory -OutFile filename [-PassThru] [<DGSSCommonParameters>]
   ```
 
 **Parameters:**
@@ -119,7 +119,7 @@ Submits a file to the service for signing and timestamping. The module supports
 **Usage:**
 
   ```powershell
-  Submit-SigningJob -InFile filename -OutFile filename [-NoTimestamp][- TimeStamperUrl "timestamper url"] [-JobDescription "description"] [... common ...]
+  Submit-SigningJob -InFile filename -OutFile filename [-NoTimestamp][- TimeStamperUrl "timestamper url"] [-JobDescription "description"] [<DGSSCommonParameters>]
   ```
 
 **Parameters:**
@@ -137,7 +137,7 @@ Submits a file to the service for signing and timestamping. The only valid file
 **Usage:**
 
   ```powershell
-  Submit-SigningV1MigrationPolicy -InFile filename -OutFile filename [-NoTimestamp][-TimeStamperUrl "timestamper url"] [-JobDescription "description"] [... common ...]
+  Submit-SigningV1MigrationPolicy -InFile filename -OutFile filename [-NoTimestamp][-TimeStamperUrl "timestamper url"] [-JobDescription "description"] [<DGSSCommonParameters>]
   ```
 
 **Parameters:**
@@ -150,7 +150,7 @@ Submits a file to the service for signing and timestamping. The only valid file
 
 **Command running time:** The average running time is under 20 seconds but may be up to 3 minutes.
 
-### Common parameters [... common ...]
+### Common parameters &lt;DGSSCommonParameters&gt;
 
 In addition to cmdlet-specific parameters, each cmdlet understands the following common parameters.
 

From c3ae4b95008ec1f319075e4613cdbebdb1c906e8 Mon Sep 17 00:00:00 2001
From: jsuther1974 <jsuther@microsoft.com>
Date: Fri, 2 Dec 2022 08:50:03 -0800
Subject: [PATCH 65/93] Update
 create-code-signing-cert-for-windows-defender-application-control.md

---
 ...ode-signing-cert-for-windows-defender-application-control.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md
index 85eb58eb28..1105854a76 100644
--- a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md
+++ b/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md
@@ -87,7 +87,7 @@ When this certificate template has been created, you must publish it to the CA p
 
 2. Select the WDAC Catalog signing certificate, and then select **OK**.
 
-Now that the template is available to be issued, you must request one from the computer running Windows 10 and Windows 11 on which you create and sign catalog files. To begin, open the MMC, and then complete the following steps:
+Now that the template is available to be issued, you must request one from the computer running Windows 10 or Windows 11 on which you create and sign catalog files. To begin, open the MMC, and then complete the following steps:
 
 1. In MMC, from the **File** menu, select **Add/Remove Snap-in**. Double-click **Certificates**, and then select **My user account**.
 

From 11b5ad6bae7ac6893c245ab71d8bf48fb2bdf16d Mon Sep 17 00:00:00 2001
From: jsuther1974 <jsuther@microsoft.com>
Date: Fri, 2 Dec 2022 08:59:37 -0800
Subject: [PATCH 66/93] Update
 windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md

Co-authored-by: Jordan Geurten <jjgeurte@edu.uwaterloo.ca>
---
 ...ode-signing-cert-for-windows-defender-application-control.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md
index 1105854a76..c06a749636 100644
--- a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md
+++ b/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md
@@ -30,7 +30,7 @@ ms.technology: itpro-security
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
-As you deploy Windows Defender Application Control (WDAC), you might need to sign catalog files or WDAC policies internally. To do this signature, you'll either need a publicly issued code signing certificate or an internal CA. If you've purchased a code-signing certificate, you can skip this article, and instead follow other articles listed in the [Windows Defender Application Control Deployment Guide](windows-defender-application-control-deployment-guide.md).
+As you deploy Windows Defender Application Control (WDAC), you might need to sign catalog files or WDAC policies internally. To do this signing, you'll either need a publicly issued code signing certificate or an internal CA. If you've purchased a code-signing certificate, you can skip this article, and instead follow other articles listed in the [Windows Defender Application Control Deployment Guide](windows-defender-application-control-deployment-guide.md).
 
 If you have an internal CA, complete these steps to create a code signing certificate.
 

From aca581fbca732e7f5311d164fd1405cb5399600a Mon Sep 17 00:00:00 2001
From: jsuther1974 <jsuther@microsoft.com>
Date: Fri, 2 Dec 2022 09:10:50 -0800
Subject: [PATCH 67/93] Addressed comments

---
 ...igning-cert-for-windows-defender-application-control.md | 7 +++----
 ...ndows-defender-application-control-against-tampering.md | 4 ++--
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md
index 1105854a76..f7d660d9bc 100644
--- a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md
+++ b/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md
@@ -35,13 +35,12 @@ As you deploy Windows Defender Application Control (WDAC), you might need to sig
 If you have an internal CA, complete these steps to create a code signing certificate.
 
 > [!WARNING]
-> Boot failure (blue screen) may occur if your signing certificate does not follow these rules:
+> When creating signing certificates for WDAC policy signing, Boot failure (blue screen) may occur if your signing certificate does not follow these rules:
 >
 > - All policies, including base and supplemental, must be signed according to the [PKCS 7 Standard](https://datatracker.ietf.org/doc/html/rfc5652).
-> - Use RSA SHA-256 only. ECDSA isn't supported.
+> - Use RSA keys with 2K, 3K, or 4K key size only. ECDSA isn't supported.
+> - Only use SHA-256 as the digest algorithm.
 > - Don't use UTF-8 encoding for certificate fields, like 'subject common name' and 'issuer common name'. These strings must be encoded as PRINTABLE_STRING, IA5STRING or BMPSTRING.
-> - Keys must be less than or equal to 4K key size
->
 
 1. Open the Certification Authority Microsoft Management Console (MMC) snap-in, and then select your issuing CA.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
index c8683c5978..b619d2bba0 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
@@ -38,9 +38,9 @@ If you don't currently have a code signing certificate you can use to sign your
 > Boot failure (blue screen) may occur if your signing certificate doesn't follow these rules:
 >
 > - All policies, including base and supplemental, must be signed according to the [PKCS 7 Standard](https://datatracker.ietf.org/doc/html/rfc5652).
-> - Use RSA SHA-256 only. ECDSA isn't supported.
+> - Use RSA keys with 2K, 3K, or 4K key size only. ECDSA isn't supported.
+> - Only use SHA-256 as the digest algorithm.
 > - Don't use UTF-8 encoding for certificate fields, like 'subject common name' and 'issuer common name'. These strings must be encoded as PRINTABLE_STRING, IA5STRING or BMPSTRING.
-> - Keys must be less than or equal to 4K key size.
 
 Before you attempt to deploy signed WDAC policy, you should first deploy an unsigned version of the policy to uncover any issues with the policy rules. We also recommend you enable rule options **9 - Enabled:Advanced Boot Options Menu** and **10 - Enabled:Boot Audit on Failure** to leave troubleshooting options available to administrators. To ensure that a rule option is enabled, you can run a command such as `Set-RuleOption -FilePath <PathAndFilename> -Option 9`, even if you're not sure whether the option is already enabled. If so, the command has no effect. When validated and ready for enterprise deployment, you can remove these options. For more information about rule options, see [Windows Defender Application Control policy rules](select-types-of-rules-to-create.md).
 

From d539bcaa48811349bf6416214f2592866d7d34d3 Mon Sep 17 00:00:00 2001
From: jsuther1974 <jsuther@microsoft.com>
Date: Fri, 2 Dec 2022 09:19:59 -0800
Subject: [PATCH 68/93] Update
 use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md

---
 ...ct-windows-defender-application-control-against-tampering.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
index b619d2bba0..2be27b87e5 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
@@ -70,7 +70,7 @@ Before you attempt to deploy signed WDAC policy, you should first deploy an unsi
    cd $PolicyPath
    ```
 
-3. Add an **&lt;UpdatePolicySigner&gt;** rule to the WDAC policy for your policy signing certificate. If you're using the Device Guard Signing Service v2 (DGSS) to sign your policy, you can find the policy signer rule in your tenant's default policy, which you can download from [Get-DefaultPolicy](/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business#get-defaultpolicy).
+3. If your WDAC policy doesn't already include an **&lt;UpdatePolicySigner&gt;** rule for your policy signing certificate, you must add it. At least one **&lt;UpdatePolicySigner&gt;** rule must exist to convert your WDAC policy XML with [ConvertFrom-CiPolicy](/powershell/module/config-ci/convertfrom-cipolicy). If you're using the Device Guard Signing Service v2 (DGSS) to sign your policy, you can find the policy signer rule in your tenant's default policy, which you can download from [Get-DefaultPolicy](/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business#get-defaultpolicy).
 
    Otherwise, use [Add-SignerRule](/powershell/module/configci/add-signerrule) and create an **&lt;UpdatePolicySigner&gt;** rule from your certificate file (.cer). DGSS users can download the root certificate file from [Get-RootCertificate](/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business#get-rootcertificate). If you purchased a code signing certificate or issued one from your own public key infrastructure (PKI), you can export the certificate file.
 

From 07f45eeac5660be442ebff42b2eef53fd0ea12b6 Mon Sep 17 00:00:00 2001
From: jsuther1974 <jsuther@microsoft.com>
Date: Fri, 2 Dec 2022 09:33:54 -0800
Subject: [PATCH 69/93] Update
 deploy-catalog-files-to-support-windows-defender-application-control.md

---
 ...les-to-support-windows-defender-application-control.md | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md
index 9732135722..36526d5e74 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md
@@ -364,9 +364,11 @@ Alternatively, you can use [Add-SignerRule](/powershell/module/configci/add-sign
 1. Right-click the catalog file, and then select **Properties**.
 2. On the **Digital Signatures** tab, select the signature from the list and then select **Details**.
 3. Select **View Certificate** to view the properties of the leaf certificate.
-4. [Skip this step to continue with the leaf certificate] To view the certificate's intermediate or root issuer certificate, select the **Certification Path** tab and then select the certificate level you want to use. Then, select **View Certificate**.
-5. Select the **Details** tab and select **Copy to File** which will run the Certificate Export Wizard.
-6. Complete the wizard using the default option for **Export File Format** and specifying a location and file name to save the .cer file.
+4. Select the **Details** tab and select **Copy to File** which will run the Certificate Export Wizard.
+5. Complete the wizard using the default option for **Export File Format** and specifying a location and file name to save the .cer file.
+
+> [!NOTE]
+> The steps listed above will select the lowest level of the certificate chain (the "leaf" certificate). Instead, you can choose to use the certificate's intermediate or root issuer certificate. To use a different certificate in the chain, switch to the **Certification Path** tab after step 3 above, then select the certificate level you want to use and select **View Certificate**. Then complete the remaining steps.
 
 The following example uses the .cer file to add a signer rule to both the user and kernel mode signing scenarios. Be sure to replace the path values in the sample below.
 

From 00dc0bb1039523be8dfb85c04315cd6d85e9955c Mon Sep 17 00:00:00 2001
From: jsuther1974 <jsuther@microsoft.com>
Date: Fri, 2 Dec 2022 10:13:56 -0800
Subject: [PATCH 70/93] Corrected algorithms

---
 ...ode-signing-cert-for-windows-defender-application-control.md | 2 +-
 ...ct-windows-defender-application-control-against-tampering.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md
index ea8f8ed30b..d0be24f470 100644
--- a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md
+++ b/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md
@@ -39,7 +39,7 @@ If you have an internal CA, complete these steps to create a code signing certif
 >
 > - All policies, including base and supplemental, must be signed according to the [PKCS 7 Standard](https://datatracker.ietf.org/doc/html/rfc5652).
 > - Use RSA keys with 2K, 3K, or 4K key size only. ECDSA isn't supported.
-> - Only use SHA-256 as the digest algorithm.
+> - You can use SHA-256, SHA-384, or SHA-512 as the digest algorithm on Windows 11, as well as Windows 10 and Windows Server 2019 and above after applying the November 2022 cumulative security update. All other devices only support SHA-256.
 > - Don't use UTF-8 encoding for certificate fields, like 'subject common name' and 'issuer common name'. These strings must be encoded as PRINTABLE_STRING, IA5STRING or BMPSTRING.
 
 1. Open the Certification Authority Microsoft Management Console (MMC) snap-in, and then select your issuing CA.
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
index 2be27b87e5..9adf744212 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
@@ -39,7 +39,7 @@ If you don't currently have a code signing certificate you can use to sign your
 >
 > - All policies, including base and supplemental, must be signed according to the [PKCS 7 Standard](https://datatracker.ietf.org/doc/html/rfc5652).
 > - Use RSA keys with 2K, 3K, or 4K key size only. ECDSA isn't supported.
-> - Only use SHA-256 as the digest algorithm.
+> - You can use SHA-256, SHA-384, or SHA-512 as the digest algorithm on Windows 11, as well as Windows 10 and Windows Server 2019 and above after applying the November 2022 cumulative security update. All other devices only support SHA-256.
 > - Don't use UTF-8 encoding for certificate fields, like 'subject common name' and 'issuer common name'. These strings must be encoded as PRINTABLE_STRING, IA5STRING or BMPSTRING.
 
 Before you attempt to deploy signed WDAC policy, you should first deploy an unsigned version of the policy to uncover any issues with the policy rules. We also recommend you enable rule options **9 - Enabled:Advanced Boot Options Menu** and **10 - Enabled:Boot Audit on Failure** to leave troubleshooting options available to administrators. To ensure that a rule option is enabled, you can run a command such as `Set-RuleOption -FilePath <PathAndFilename> -Option 9`, even if you're not sure whether the option is already enabled. If so, the command has no effect. When validated and ready for enterprise deployment, you can remove these options. For more information about rule options, see [Windows Defender Application Control policy rules](select-types-of-rules-to-create.md).

From f1986f3ce1818d414103e8af6976c143ab4d0abd Mon Sep 17 00:00:00 2001
From: tiaraquan <tiaraquan@microsoft.com>
Date: Fri, 2 Dec 2022 12:33:14 -0800
Subject: [PATCH 71/93] Updated what's new with License update.

---
 .../references/windows-autopatch-changes-to-tenant.md         | 4 ++--
 .../whats-new/windows-autopatch-whats-new-2022.md             | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md b/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
index a57f79bc4e..ce916ff862 100644
--- a/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
+++ b/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
@@ -60,8 +60,8 @@ Windows Autopatch will create Azure Active Directory groups that are required to
 
 | Policy name | Policy description | Properties | Value |
 | ----- | ----- | ----- | ----- |
-| Windows Autopatch - Set MDM to Win Over GPO | Sets mobile device management (MDM) to win over GPO<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>| [MDM Wins Over GP ](/windows/client-management/mdm/policy-csp-controlpolicyconflict#controlpolicyconflict-MDMWinsOverGP) | The MDM policy is used and the GP policy is blocked |
-| Windows Autopatch - Data Collection | Allows diagnostic data from this device to be processed by Microsoft Managed Desktop and Telemetry settings for Windows devices.<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>|<ol><li>[Configure Telemetry Opt In Change Notification](/windows/client-management/mdm/policy-csp-system#system-ConfigureTelemetryOptInChangeNotification)</li><li>[Configure Telemetry Opt In Settings Ux](/windows/client-management/mdm/policy-csp-system#ConfigureTelemetryOptInSettingsUx)</li><li>[Allow Telemetry](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry)</li><li>[Limit Enhanced Diagnostic Data Windows Analytics](/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics)</li><li>[Limit Dump Collection](/windows/client-management/mdm/policy-csp-system#system-limitdumpcollection)</li><li>[Limit Diagnostic Log Collection](/windows/client-management/mdm/policy-csp-system#system-limitdiagnosticlogcollection)</li></ol>|<ol><li>Enable telemetry change notifications</li><li>Enable Telemetry opt-in Settings</li><li>Full</li><li>Enabled</li><li>Enabled</li><li>Enabled</li></ol> |
+| Windows Autopatch - Set MDM to Win Over GPO | Sets mobile device management (MDM) to win over GPO<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>| [MDM Wins Over GP](/windows/client-management/mdm/policy-csp-controlpolicyconflict#controlpolicyconflict-MDMWinsOverGP) | The MDM policy is used and the GP policy is blocked |
+| Windows Autopatch - Data Collection | Allows diagnostic data from this device to be processed by Microsoft Managed Desktop and Telemetry settings for Windows devices.<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>|<ol><li>[Configure Telemetry Opt In Change Notification](/windows/client-management/mdm/policy-csp-system#system-configuretelemetryoptinchangenotification)</li><li>[Configure Telemetry Opt In Settings Ux](/windows/client-management/mdm/policy-csp-system#system-configuretelemetryoptinsettingsux)</li><li>[Allow Telemetry](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry)</li><li>[Limit Enhanced Diagnostic Data Windows Analytics](/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics)</li><li>[Limit Dump Collection](/windows/client-management/mdm/policy-csp-system#system-limitdumpcollection)</li><li>[Limit Diagnostic Log Collection](/windows/client-management/mdm/policy-csp-system#system-limitdiagnosticlogcollection)</li></ol>|<ol><li>Enable telemetry change notifications</li><li>Enable Telemetry opt-in Settings</li><li>Full</li><li>Enabled</li><li>Enabled</li><li>Enabled</li></ol> |
 | Windows Autopatch - Windows Update Detection Frequency | Sets Windows update detection frequency<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>| [./Vendor/MSFT/Policy/Config/Update/DetectionFrequency](/windows/client-management/mdm/policy-csp-update#update-detectionfrequency)| 4 |
 
 ## Update rings for Windows 10 and later
diff --git a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2022.md b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2022.md
index a00b6e9669..bb1511b250 100644
--- a/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2022.md
+++ b/windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2022.md
@@ -24,10 +24,10 @@ Minor corrections such as typos, style, or formatting issues aren't listed.
 
 | Article | Description |
 | ----- | ----- |
+| [Prerequisites](../prepare/windows-autopatch-prerequisites.md) | Added more licenses to the More about licenses section<ul><li>[MC452168](https://admin.microsoft.com/adminportal/home#/MessageCenter) |
 | [Unsupported policies](../operate/windows-autopatch-wqu-unsupported-policies.md) | Updated to include other policy managers in the Group policy section |
 | [Changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md) | Updated the Device configuration, Microsoft Office and Edge policies |
 | [Windows quality update reports](../operate/windows-autopatch-wqu-reports-overview.md) | Added Windows quality update reports |
-| [What's new](../whats-new/windows-autopatch-whats-new-2022.md) | Added the What's new article |
 
 ## November 2022
 

From 9e460f10ce3fb18990825f4c81a97a7f31776d59 Mon Sep 17 00:00:00 2001
From: Angela Fleischmann <v-angelaf@microsoft.com>
Date: Fri, 2 Dec 2022 14:34:04 -0700
Subject: [PATCH 72/93] Apply suggestions from code review

Lines 709, 714, and 719: Replace "store-for-business" with the correct repo alias "microsoft-store".
---
 .openpublishing.redirection.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index 243b2d34c9..062348fe76 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -706,17 +706,17 @@
       "redirect_document_id": false
     },
     {
-      "source_path": "store-for-business/device-guard-signing-portal.md",
+      "source_path": "microsoft-store/device-guard-signing-portal.md",
       "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business",
       "redirect_document_id": false
     },
     {
-      "source_path": "store-for-business/add-unsigned-app-to-code-integrity-policy.md",
+      "source_path": "microsoft-store/add-unsigned-app-to-code-integrity-policy.md",
       "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control",
       "redirect_document_id": false
     },
     {
-      "source_path": "store-for-business/sign-code-integrity-policy-with-device-guard-signing.md",
+      "source_path": "microsoft-store/sign-code-integrity-policy-with-device-guard-signing.md",
       "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering",
       "redirect_document_id": false
     },

From f41ec77ac53cc1eacaa6cf21e2a2c5b8d76e8042 Mon Sep 17 00:00:00 2001
From: Angela Fleischmann <v-angelaf@microsoft.com>
Date: Fri, 2 Dec 2022 14:46:05 -0700
Subject: [PATCH 73/93] Apply suggestions from code review

Lines 709, 714, 719: Reverse change to source file urls.
---
 .openpublishing.redirection.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index 062348fe76..243b2d34c9 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -706,17 +706,17 @@
       "redirect_document_id": false
     },
     {
-      "source_path": "microsoft-store/device-guard-signing-portal.md",
+      "source_path": "store-for-business/device-guard-signing-portal.md",
       "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business",
       "redirect_document_id": false
     },
     {
-      "source_path": "microsoft-store/add-unsigned-app-to-code-integrity-policy.md",
+      "source_path": "store-for-business/add-unsigned-app-to-code-integrity-policy.md",
       "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control",
       "redirect_document_id": false
     },
     {
-      "source_path": "microsoft-store/sign-code-integrity-policy-with-device-guard-signing.md",
+      "source_path": "store-for-business/sign-code-integrity-policy-with-device-guard-signing.md",
       "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering",
       "redirect_document_id": false
     },

From d028ca47daa7b65c0c148f2ab986e2df52d2a5c2 Mon Sep 17 00:00:00 2001
From: jsuther1974 <jsuther@microsoft.com>
Date: Sat, 3 Dec 2022 12:57:25 -0800
Subject: [PATCH 74/93] Fixed links

---
 ...lify-application-control-for-classic-windows-applications.md | 2 +-
 ...ct-windows-defender-application-control-against-tampering.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
index a8fd296977..9eb958900a 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
@@ -57,7 +57,7 @@ For more information on using signed WDAC policies, see [Use signed policies to
 
 Some ways to obtain code signing certificates for your own use, include:
 
-- Purchase a code signing certificate from one of the [Microsoft Trusted Root Program participants](/security/trusted-root/participants-list.md).
+- Purchase a code signing certificate from one of the [Microsoft Trusted Root Program participants](/security/trusted-root-docs/Participants-list.md).
 - To use your own digital certificate or public key infrastructure (PKI) to issue code signing certificates, see [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md).
 - Customers with existing Microsoft Store for Business and Education accounts can continue to use the ["Device Guard signing service v2"](/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business).
 - Use Microsoft's [Azure Code Signing (ACS) service](https://aka.ms/AzureCodeSigning).
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
index 9adf744212..679f8ee56b 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
@@ -70,7 +70,7 @@ Before you attempt to deploy signed WDAC policy, you should first deploy an unsi
    cd $PolicyPath
    ```
 
-3. If your WDAC policy doesn't already include an **&lt;UpdatePolicySigner&gt;** rule for your policy signing certificate, you must add it. At least one **&lt;UpdatePolicySigner&gt;** rule must exist to convert your WDAC policy XML with [ConvertFrom-CiPolicy](/powershell/module/config-ci/convertfrom-cipolicy). If you're using the Device Guard Signing Service v2 (DGSS) to sign your policy, you can find the policy signer rule in your tenant's default policy, which you can download from [Get-DefaultPolicy](/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business#get-defaultpolicy).
+3. If your WDAC policy doesn't already include an **&lt;UpdatePolicySigner&gt;** rule for your policy signing certificate, you must add it. At least one **&lt;UpdatePolicySigner&gt;** rule must exist to convert your WDAC policy XML with [ConvertFrom-CiPolicy](/powershell/module/configci/convertfrom-cipolicy). If you're using the Device Guard Signing Service v2 (DGSS) to sign your policy, you can find the policy signer rule in your tenant's default policy, which you can download from [Get-DefaultPolicy](/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business#get-defaultpolicy).
 
    Otherwise, use [Add-SignerRule](/powershell/module/configci/add-signerrule) and create an **&lt;UpdatePolicySigner&gt;** rule from your certificate file (.cer). DGSS users can download the root certificate file from [Get-RootCertificate](/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business#get-rootcertificate). If you purchased a code signing certificate or issued one from your own public key infrastructure (PKI), you can export the certificate file.
 

From de1228fe9632602f554279a09fcd6153c18f0ea5 Mon Sep 17 00:00:00 2001
From: jsuther1974 <jsuther@microsoft.com>
Date: Sat, 3 Dec 2022 12:59:17 -0800
Subject: [PATCH 75/93] Update
 use-code-signing-to-simplify-application-control-for-classic-windows-applications.md

---
 ...lify-application-control-for-classic-windows-applications.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
index 9eb958900a..d421c00ab4 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
@@ -57,7 +57,7 @@ For more information on using signed WDAC policies, see [Use signed policies to
 
 Some ways to obtain code signing certificates for your own use, include:
 
-- Purchase a code signing certificate from one of the [Microsoft Trusted Root Program participants](/security/trusted-root-docs/Participants-list.md).
+- Purchase a code signing certificate from one of the [Microsoft Trusted Root Program participants](/security/blob/main/trusted-root-docs/Participants-list.md).
 - To use your own digital certificate or public key infrastructure (PKI) to issue code signing certificates, see [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md).
 - Customers with existing Microsoft Store for Business and Education accounts can continue to use the ["Device Guard signing service v2"](/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business).
 - Use Microsoft's [Azure Code Signing (ACS) service](https://aka.ms/AzureCodeSigning).

From a11cf84f789a1045c341a398185c234b771021a5 Mon Sep 17 00:00:00 2001
From: jsuther1974 <jsuther@microsoft.com>
Date: Sat, 3 Dec 2022 13:00:35 -0800
Subject: [PATCH 76/93] Update
 use-code-signing-to-simplify-application-control-for-classic-windows-applications.md

---
 ...lify-application-control-for-classic-windows-applications.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
index d421c00ab4..d604c31da5 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
@@ -57,7 +57,7 @@ For more information on using signed WDAC policies, see [Use signed policies to
 
 Some ways to obtain code signing certificates for your own use, include:
 
-- Purchase a code signing certificate from one of the [Microsoft Trusted Root Program participants](/security/blob/main/trusted-root-docs/Participants-list.md).
+- Purchase a code signing certificate from one of the [Microsoft Trusted Root Program participants](https://learn.microsoft.com/security/trusted-root/participants-list).
 - To use your own digital certificate or public key infrastructure (PKI) to issue code signing certificates, see [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md).
 - Customers with existing Microsoft Store for Business and Education accounts can continue to use the ["Device Guard signing service v2"](/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business).
 - Use Microsoft's [Azure Code Signing (ACS) service](https://aka.ms/AzureCodeSigning).

From 8513f2bd3a22bb4f95f3618c25890aef6acd17b5 Mon Sep 17 00:00:00 2001
From: jsuther1974 <jsuther@microsoft.com>
Date: Sat, 3 Dec 2022 13:05:20 -0800
Subject: [PATCH 77/93] Update
 use-code-signing-to-simplify-application-control-for-classic-windows-applications.md

---
 ...lify-application-control-for-classic-windows-applications.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
index d604c31da5..ed5754a577 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
@@ -57,7 +57,7 @@ For more information on using signed WDAC policies, see [Use signed policies to
 
 Some ways to obtain code signing certificates for your own use, include:
 
-- Purchase a code signing certificate from one of the [Microsoft Trusted Root Program participants](https://learn.microsoft.com/security/trusted-root/participants-list).
+- Purchase a code signing certificate from one of the [Microsoft Trusted Root Program participants](/security/trusted-root-docs/Participants-list).
 - To use your own digital certificate or public key infrastructure (PKI) to issue code signing certificates, see [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md).
 - Customers with existing Microsoft Store for Business and Education accounts can continue to use the ["Device Guard signing service v2"](/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business).
 - Use Microsoft's [Azure Code Signing (ACS) service](https://aka.ms/AzureCodeSigning).

From 4b0c976cf9a41525722a2a505d4f93d6477b16aa Mon Sep 17 00:00:00 2001
From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com>
Date: Mon, 5 Dec 2022 10:51:04 -0500
Subject: [PATCH 78/93] Update
 use-code-signing-to-simplify-application-control-for-classic-windows-applications.md

Fixed broken link
---
 ...lify-application-control-for-classic-windows-applications.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
index ed5754a577..44e011b695 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
@@ -57,7 +57,7 @@ For more information on using signed WDAC policies, see [Use signed policies to
 
 Some ways to obtain code signing certificates for your own use, include:
 
-- Purchase a code signing certificate from one of the [Microsoft Trusted Root Program participants](/security/trusted-root-docs/Participants-list).
+- Purchase a code signing certificate from one of the [Microsoft Trusted Root Program participants](/security/trusted-root/participants-list).
 - To use your own digital certificate or public key infrastructure (PKI) to issue code signing certificates, see [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md).
 - Customers with existing Microsoft Store for Business and Education accounts can continue to use the ["Device Guard signing service v2"](/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business).
 - Use Microsoft's [Azure Code Signing (ACS) service](https://aka.ms/AzureCodeSigning).

From f2a1079e3564ccafe03ae85e7583f55c88fe1b67 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Mon, 5 Dec 2022 11:36:23 -0500
Subject: [PATCH 79/93] updates

---
 windows/security/TOC.yml | 41 +++++++++++-----------------------------
 1 file changed, 11 insertions(+), 30 deletions(-)

diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index a098ccd30b..70275d478d 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -154,41 +154,22 @@
                 - name: "BitLocker and TPM: other known issues"
                   href: /troubleshoot/windows-client/windows-security/bitlocker-and-tpm-other-known-issues
                 - name: Decode Measured Boot logs to track PCR changes
-<<<<<<< HEAD
-                  href: information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md
-      - name: Personal Data Encryption (PDE)
-        items:
-        - name: Personal Data Encryption (PDE) overview
-          href: information-protection/personal-data-encryption/overview-pde.md
-        - name: Personal Data Encryption (PDE) frequently asked questions (FAQ)
-          href: information-protection/personal-data-encryption/faq-pde.yml
-        - name: Configure Personal Data Encryption (PDE) in Intune
-          href: information-protection/personal-data-encryption/configure-pde-in-intune.md    
-      - name: Configure S/MIME for Windows
-        href: identity-protection/configure-s-mime.md
+                  href: /troubleshoot/windows-client/windows-security/decode-measured-boot-logs-to-track-pcr-changes
+    - name: Personal Data Encryption (PDE)
+      items:
+      - name: Personal Data Encryption (PDE) overview
+        href: information-protection/personal-data-encryption/overview-pde.md
+      - name: Personal Data Encryption (PDE) frequently asked questions (FAQ)
+        href: information-protection/personal-data-encryption/faq-pde.yml
+      - name: Configure Personal Data Encryption (PDE) in Intune
+        href: information-protection/personal-data-encryption/configure-pde-in-intune.md    
+    - name: Configure S/MIME for Windows
+      href: identity-protection/configure-s-mime.md
     - name: Network security
       items:
       - name: VPN technical guide
         href: identity-protection/vpn/vpn-guide.md
         items:
-=======
-                  href: /troubleshoot/windows-client/windows-security/decode-measured-boot-logs-to-track-pcr-changes
-     - name: Personal Data Encryption (PDE)
-       items:
-       - name: Personal Data Encryption (PDE) overview
-         href: information-protection/personal-data-encryption/overview-pde.md
-       - name: Personal Data Encryption (PDE) frequently asked questions (FAQ)
-         href: information-protection/personal-data-encryption/faq-pde.yml
-       - name: Configure Personal Data Encryption (PDE) in Intune
-         href: information-protection/personal-data-encryption/configure-pde-in-intune.md    
-     - name: Configure S/MIME for Windows
-       href: identity-protection/configure-s-mime.md
-   - name: Network security
-     items:
-     - name: VPN technical guide
-       href: identity-protection/vpn/vpn-guide.md
-       items:
->>>>>>> f25e6e8be24efd068196678e6e0e556d66fe2c0a
         - name: VPN connection types
           href: identity-protection/vpn/vpn-connection-type.md
         - name: VPN routing decisions

From e67087608a522911c574a3ab1299e76911f6dfe4 Mon Sep 17 00:00:00 2001
From: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Date: Mon, 5 Dec 2022 08:56:06 -0800
Subject: [PATCH 80/93] add wufbr info as needed

---
 windows/client-management/mdm/policy-csp-system.md          | 6 +++---
 windows/deployment/update/deployment-service-overview.md    | 4 ++--
 windows/deployment/update/index.md                          | 2 +-
 windows/deployment/update/safeguard-holds.md                | 6 +++---
 .../wdsc-hide-notifications.md                              | 2 +-
 5 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index 939f3e2ac9..e26bcb675c 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -205,7 +205,7 @@ Windows diagnostic data is collected when the Allow Telemetry policy setting is
 
 If you disable or don't configure this setting, Microsoft will be the controller of the Windows diagnostic data collected from the device and processed in accordance with Microsoft’s [privacy statement](https://go.microsoft.com/fwlink/?LinkId=521839) unless you have enabled policies like Allow Update Compliance Processing or Allow Desktop Analytics Processing.
 
-Configuring this setting doesn't change the Windows diagnostic data collection level set for the device or the operation of optional analytics processor services like Desktop Analytics and Update Compliance.
+Configuring this setting doesn't change the Windows diagnostic data collection level set for the device or the operation of optional analytics processor services like Desktop Analytics and Windows Update for Business reports.
 
 See the documentation at [ConfigureWDD](https://aka.ms/ConfigureWDD) for information on this and other policies that will result in Microsoft being the processor of Windows diagnostic data.
 
@@ -700,11 +700,11 @@ To enable this behavior, you must complete three steps:
 
  1. Enable this policy setting.
  2. Set **AllowTelemetry** to 1 – **Required (Basic)** or above.
- 3. Set the Configure the Commercial ID setting for your Update Compliance workspace.
+ 3. If you're using Update Compliance rather than Windows Update for Business reports, set the Configure the Commercial ID setting for your Update Compliance workspace.
 
 When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
 
-If you disable or don't configure this policy setting, devices won't appear in Update Compliance.
+If you disable or don't configure this policy setting, devices won't appear in Windows Update for Business reports or Update Compliance.
 
 <!--/Description-->
 <!--ADMXMapped-->
diff --git a/windows/deployment/update/deployment-service-overview.md b/windows/deployment/update/deployment-service-overview.md
index 5ae667d595..538331acaa 100644
--- a/windows/deployment/update/deployment-service-overview.md
+++ b/windows/deployment/update/deployment-service-overview.md
@@ -35,14 +35,14 @@ The service is privacy focused and backed by leading industry compliance certifi
 
 ## How it works
 
-The deployment service complements existing Windows Update for Business capabilities, including existing device policies and [Update Compliance](update-compliance-monitor.md).
+The deployment service complements existing Windows Update for Business capabilities, including existing device policies and [Windows Update for Businesss reports](wufb-reports-overview.md).
 
 :::image type="content" source="media/wufbds-product-large.png" alt-text="Elements in following text.":::
 
 Windows Update for Business comprises three elements:
 - Client policy to govern update experiences and timing – available through Group Policy and CSPs
 - Deployment service APIs to approve and schedule specific updates – available through the Microsoft Graph and associated SDKs (including PowerShell)
-- Update Compliance to monitor update deployment – available through the Azure Marketplace
+- Windows Update for Business reports to monitor update deployment
 
 Unlike existing client policy, the deployment service doesn't interact with devices directly. The service is native to the cloud and all operations take place between various Microsoft services. It creates a direct communication channel between a management tool (including scripting tools such as Windows PowerShell) and the Windows Update service so that the approval and offering of content can be directly controlled by an IT Pro.
 
diff --git a/windows/deployment/update/index.md b/windows/deployment/update/index.md
index 352013a1ea..20901707ab 100644
--- a/windows/deployment/update/index.md
+++ b/windows/deployment/update/index.md
@@ -33,7 +33,7 @@ Windows as a service provides a new way to think about building, deploying, and
 | [Overview of Windows as a service](waas-overview.md) | Explains the differences in building, deploying, and servicing Windows client; introduces feature updates, quality updates, and the different servicing branches; compares servicing tools. |
 | [Prepare servicing strategy for Windows client updates](waas-servicing-strategy-windows-10-updates.md) | Explains the decisions you need to make in your servicing strategy.  |
 | [Assign devices to servicing branches for Windows client updates](waas-servicing-channels-windows-10-updates.md) | Explains how to assign devices to the General Availability Channel for feature and quality updates, and how to enroll devices in Windows Insider. |
-| [Monitor Windows Updates with Update Compliance](update-compliance-monitor.md) | Explains how to use Update Compliance to monitor and manage Windows Updates on devices in your organization.  |
+| [Monitor Windows Updates with Windows Update for Business reports](wufb-reports-overview.md) | Explains how to use Windows Update for Business reports to monitor and manage Windows Updates on devices in your organization.  |
 | [Optimize update delivery](../do/waas-optimize-windows-10-updates.md) | Explains the benefits of using Delivery Optimization or BranchCache for update distribution.  |
 | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md) | Explains how to use Windows Update for Business to manage when devices receive updates directly from Windows Update. Includes walkthroughs for configuring Windows Update for Business using Group Policy and Microsoft Intune.  |
 | [Deploy Windows client updates using Windows Server Update Services (WSUS)](waas-manage-updates-wsus.md) | Explains how to use WSUS to manage Windows client updates. |
diff --git a/windows/deployment/update/safeguard-holds.md b/windows/deployment/update/safeguard-holds.md
index dfe7420469..258308e290 100644
--- a/windows/deployment/update/safeguard-holds.md
+++ b/windows/deployment/update/safeguard-holds.md
@@ -31,9 +31,9 @@ IT admins managing updates using the [Windows Update for Business deployment ser
 
 ## Am I affected by a safeguard hold?
 
-IT admins can use [Update Compliance](update-compliance-monitor.md) to monitor various update health metrics for devices in their organization. Update Compliance provides a [Safeguard Holds report](/windows/deployment/update/update-compliance-safeguard-holds), as well as [queries in the Feature Update Status report](/windows/deployment/update/update-compliance-feature-update-status), to provide you insight into the safeguard holds that are preventing devices from updating or upgrading.
+IT admins can use [Windows Update for Business reports](wufb-reports-overview.md) to monitor various update health metrics for devices in their organization. The reports provide a list of [active Safeguard Holds](wufb-reports-workbook.md#bkmk_update-group-feature) to provide you insight into the safeguard holds that are preventing devices from updating or upgrading.
 
-The Update Compliance reports identify safeguard holds by their 8-digit identifiers. For safeguard holds associated with publicly discussed known issues, you can find additional details about the issue on the [Windows release health](/windows/release-health/) dashboard by searching for the safeguard hold ID on the **Known issues** page for the relevant release.
+Windows Update for Business reports identifies safeguard holds by their 8-digit identifiers. For safeguard holds associated with publicly discussed known issues, you can find additional details about the issue on the [Windows release health](/windows/release-health/) dashboard by searching for the safeguard hold ID on the **Known issues** page for the relevant release.
 
 On devices that use Windows Update (but not Windows Update for Business), the **Windows Update** page in the Settings app displays a message stating that an update is on its way, but not ready for the device. Instead of the option to download and install the update, users will see this message:
 
@@ -48,4 +48,4 @@ We recommend that you do not attempt to manually update until issues have been r
 > [!CAUTION]
 > Opting out of a safeguard hold can put devices at risk from known performance issues. We strongly recommend that you complete robust testing to ensure the impact is acceptable before opting out.
   
-With that in mind, IT admins who stay informed with [Update Compliance](update-compliance-feature-update-status.md#safeguard-holds) and the [Windows release health](/windows/release-health/) dashboard can choose to temporarily [opt-out of the protection of all safeguard holds](safeguard-opt-out.md) and allow an update to proceed. We recommend opting out only in an IT environment and for validation purposes. If you do opt out of a hold, this condition is temporary. Once an update is complete, the protection of safeguard holds is reinstated automatically.
+With that in mind, IT admins who stay informed with [Windows Update for Business reports](wufb-reports-overview.md) and the [Windows release health](/windows/release-health/) dashboard can choose to temporarily [opt-out of the protection of all safeguard holds](safeguard-opt-out.md) and allow an update to proceed. We recommend opting out only in an IT environment and for validation purposes. If you do opt out of a hold, this condition is temporary. Once an update is complete, the protection of safeguard holds is reinstated automatically.
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md
index 958d4c9085..da06b84e9f 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md
@@ -40,7 +40,7 @@ You can only use Group Policy to change these settings.
 
 ## Use Group Policy to hide non-critical notifications
 
-You can hide notifications that describe regular events related to the health and security of the machine. These notifications are the ones that don't require an action from the machine's user. It can be useful to hide these notifications if you find they're too numerous or you have other status reporting on a larger scale (such as Update Compliance or Microsoft Configuration Manager reporting).
+You can hide notifications that describe regular events related to the health and security of the machine. These notifications are the ones that don't require an action from the machine's user. It can be useful to hide these notifications if you find they're too numerous or you have other status reporting on a larger scale (such as Windows Update for Business reports or Microsoft Configuration Manager reporting).
 
 These notifications can be hidden only by using Group Policy.
 

From a543c98b81e90855a8236ef7d85752d89b1ca1cb Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Mon, 5 Dec 2022 12:11:11 -0500
Subject: [PATCH 81/93] updates

---
 .../access-control/local-accounts.md          | 68 +++++++------------
 .../credential-guard-how-it-works.md          |  1 -
 2 files changed, 24 insertions(+), 45 deletions(-)

diff --git a/windows/security/identity-protection/access-control/local-accounts.md b/windows/security/identity-protection/access-control/local-accounts.md
index 4ae765d140..eebf25ce06 100644
--- a/windows/security/identity-protection/access-control/local-accounts.md
+++ b/windows/security/identity-protection/access-control/local-accounts.md
@@ -1,7 +1,7 @@
 ---
 title: Local Accounts
 description: Learn how to secure and manage access to the resources on a standalone or member server for services or users.
-ms.date: 11/22/2022
+ms.date: 12/05/2022
 ms.collection: 
   - highpri
 ms.topic: article
@@ -13,17 +13,17 @@ ms.technology: itpro-security
 
 # Local Accounts
 
-This article describes the default local user accounts for Windows operating systems, and how to manage the built-in accounts on a member or standalone workstation/server.
+This article describes the default local user accounts for Windows operating systems, and how to manage the built-in accounts.
 
 ## About local user accounts
 
-Local user accounts are stored locally on the device. These accounts can be assigned rights and permissions on a particular device, but on that device only. Local user accounts are security principals that are used to secure and manage access to the resources on a standalone or member server for services or users.
+Local user accounts are stored locally on the device. These accounts can be assigned rights and permissions on a particular device, but on that device only. Local user accounts are security principals that are used to secure and manage access to the resources on a device, for services or users.
 
 ## Default local user accounts
 
 The *default local user accounts* are built-in accounts that are created automatically when the operating system is installed. The default local user accounts can't be removed or deleted and don't provide access to network resources.
 
-Default local user accounts are used to manage access to the local device's resources based on the rights and permissions that are assigned to the account. The default local user accounts, and the local user accounts that you create, are located in the *Users* folder. The Users folder is located in the Local Users and Groups folder in the local *Computer Management* Microsoft Management Console (MMC). *Computer Management* is a collection of administrative tools that you can use to manage a single local or remote device.
+Default local user accounts are used to manage access to the local device's resources based on the rights and permissions that are assigned to the account. The default local user accounts, and the local user accounts that you create, are located in the *Users* folder. The Users folder is located in the Local Users and Groups folder in the local *Computer Management* Microsoft Management Console (MMC). *Computer Management* is a collection of administrative tools that you can use to manage a local or remote device.
 
 Default local user accounts are described in the following sections. Expand each section for more information.
 
@@ -31,19 +31,21 @@ Default local user accounts are described in the following sections. Expand each
 <details>
 <summary><b>Administrator</b></summary>
 
-The default local Administrator account is a user account for the system administrator. Every computer has an Administrator account (SID S-1-5-*domain*-500, display name Administrator). The Administrator account is the first account that is created during the Windows installation.
+The default local Administrator account is a user account for system administration. Every computer has an Administrator account (SID S-1-5-*domain*-500, display name Administrator). The Administrator account is the first account that is created during the Windows installation.
 
-The Administrator account has full control of the files, directories, services, and other resources on the local computer. The Administrator account can create other local users, assign user rights, and assign permissions. The Administrator account can take control of local resources at any time simply by changing the user rights and permissions.
+The Administrator account has full control of the files, directories, services, and other resources on the local device. The Administrator account can create other local users, assign user rights, and assign permissions. The Administrator account can take control of local resources at any time by changing the user rights and permissions.
 
 The default Administrator account can't be deleted or locked out, but it can be renamed or disabled.
 
-From Windows 10, Windows 11 and Windows Server 2016, Windows setup disables the built-in Administrator account and creates another local account that is a member of the Administrators group. Members of the Administrators groups can run apps with elevated permissions without using the **Run as Administrator** option. Fast User Switching is more secure than using Runas or different-user elevation.  
+Windows setup disables the built-in Administrator account and creates another local account that is a member of the Administrators group.
+
+Members of the Administrators groups can run apps with elevated permissions without using the *Run as Administrator* option. Fast User Switching is more secure than using `runas` or different-user elevation.  
 
 **Account group membership**
 
-By default, the Administrator account is installed as a member of the Administrators group on the server. It's a best practice to limit the number of users in the Administrators group because members of the Administrators group on a local server have Full Control permissions on that computer.
+By default, the Administrator account is a member of the Administrators group. It's a best practice to limit the number of users in the Administrators group because members of the Administrators group have Full Control permissions on the device.
 
-The Administrator account can't be deleted or removed from the Administrators group, but it can be renamed.
+The Administrator account can't be removed from the Administrators group.
 
 **Security considerations**
 
@@ -53,9 +55,7 @@ You can rename the Administrator account. However, a renamed Administrator accou
 
 As a security best practice, use your local (non-Administrator) account to sign in and then use **Run as administrator** to accomplish tasks that require a higher level of rights than a standard user account. Don't use the Administrator account to sign in to your computer unless it's entirely necessary. For more information, see [Run a program with administrative credentials](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732200(v=ws.11)).
 
-In comparison, on the Windows client operating system, a user with a local user account that has Administrator rights is considered the system administrator of the client computer. The first local user account that is created during installation is placed in the local Administrators group. However, when multiple users run as local administrators, the IT staff has no control over these users or their client computers.
-
-In this case, Group Policy can be used to enable secure settings that can control the use of the local Administrators group automatically on every server or client computer. For more information about Group Policy, see [Group Policy Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831791(v=ws.11)).
+Group Policy can be used to control the use of the local Administrators group automatically. For more information about Group Policy, see [Group Policy Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831791(v=ws.11)).
 
 > [!IMPORTANT]
 > 
@@ -68,11 +68,11 @@ In this case, Group Policy can be used to enable secure settings that can contro
 <details>
 <summary><b>Guest</b></summary>
 
-The Guest account is disabled by default on installation. The Guest account lets occasional or one-time users, who don't have an account on the computer, temporarily sign in to the local server or client computer with limited user rights. By default, the Guest account has a blank password. Because the Guest account can provide anonymous access, it's a security risk. For this reason, it's a best practice to leave the Guest account disabled, unless its use is entirely necessary.
+The Guest account lets occasional or one-time users, who don't have an account on the computer, temporarily sign in to the local server or client computer with limited user rights. By default, the Guest account is disabled and has a blank password. Since the Guest account can provide anonymous access, it's considered a security risk. For this reason, it's a best practice to leave the Guest account disabled, unless its use is necessary.
 
 **Account group membership**
 
-By default, the Guest account is the only member of the default Guests group (SID S-1-5-32-546), which lets a user sign in to a server. On occasion, an administrator who is a member of the Administrators group can set up a user with a Guest account on one or more computers.
+By default, the Guest account is the only member of the default Guests group (SID S-1-5-32-546), which lets a user sign in to a device.
 
 **Security considerations**
 
@@ -108,7 +108,7 @@ For details about the HelpAssistant account attributes, see the following table.
 |--- |--- |
 |Well-Known SID/RID|`S-1-5-<domain>-13 (Terminal Server User), S-1-5-<domain>-14 (Remote Interactive Logon)`|
 |Type|User|
-|Default container|`CN=Users, DC=<domain>, DC=`|
+|Default container|`CN=Users, DC=<domain>`|
 |Default members|None|
 |Default member of|Domain Guests<br/><br/>Guests|
 |Protected by ADMINSDHOLDER?|No|
@@ -121,14 +121,13 @@ For details about the HelpAssistant account attributes, see the following table.
 <details>
 <summary><b>DefaultAccount</b></summary>
 
-The DefaultAccount, also known as the Default System Managed Account (DSMA), is a built-in account introduced in Windows 10 version 1607 and Windows Server 2016. 
-The DSMA is a well-known user account type. 
-It's a user neutral account that can be used to run processes that are either multi-user aware or user-agnostic. 
-The DSMA is disabled by default on the desktop SKUs (full windows SKUs) and WS 2016 with the Desktop. 
+The DefaultAccount account, also known as the Default System Managed Account (DSMA), is a well-known user account type. DefaultAccount can be used to run processes that are either multi-user aware or user-agnostic.
 
-The DSMA has a well-known RID of 503. The security identifier (SID) of the DSMA will thus have a well-known SID in the following format: S-1-5-21-\<ComputerIdentifier>-503 
+The DSMA is disabled by default on the desktop SKUs and on the Server operating systems with the desktop experience.
 
-The DSMA is a member of the well-known group **System Managed Accounts Group**, which has a well-known SID of S-1-5-32-581. 
+The DSMA has a well-known RID of `503`. The security identifier (SID) of the DSMA will thus have a well-known SID in the following format: `S-1-5-21-\<ComputerIdentifier>-503`.
+
+The DSMA is a member of the well-known group **System Managed Accounts Group**, which has a well-known SID of `S-1-5-32-581`.
 
 The DSMA alias can be granted access to resources during offline staging even before the account itself has been created. The account and the group are created during first boot of the machine within the Security Accounts Manager (SAM).
 
@@ -199,7 +198,7 @@ You can't use Local Users and Groups on a domain controller. However, you can us
 
 You can also manage local users by using NET.EXE USER and manage local groups by using NET.EXE LOCALGROUP, or by using various PowerShell cmdlets and other scripting technologies.
 
-### <a href="" id="sec-restrict-protect-accounts"></a>Restrict and protect local accounts with administrative rights
+### Restrict and protect local accounts with administrative rights
 
 An administrator can use many approaches to prevent malicious users from using stolen credentials such as a stolen password or password hash, for a local account on one computer from being used to authenticate on another computer with administrative rights. This is also called "lateral movement".
 
@@ -218,9 +217,7 @@ Each of these approaches is described in the following sections.
 > [!NOTE]
 > These approaches do not apply if all administrative local accounts are disabled.
 
- 
-
-### <a href="" id="sec-enforce-account-restrictions"></a>Enforce local account restrictions for remote access
+### Enforce local account restrictions for remote access
 
 User Account Control (UAC) is a security feature that informs you when a program makes a change that requires administrative permissions. UAC works by adjusting the permission level of your user account. By default, UAC is set to notify you when applications try to make changes to your computer, but you can change when UAC notifies you.
 
@@ -257,11 +254,8 @@ The following table shows the Group Policy and registry settings that are used t
 1. Start the **Group Policy Management** Console (GPMC)
 1. In the console tree, expand &lt;*Forest*&gt;\\Domains\\&lt;*Domain*&gt;, and then **Group Policy Objects** where *forest* is the name of the forest, and *domain* is the name of the domain where you want to set the Group Policy Object (GPO)
 1. In the console tree, right-click **Group Policy Objects > New**
-  :::image type="content" source="images/localaccounts-proc1-sample1.png" alt-text="local accounts":::
 1. In the **New GPO** dialog box, type &lt;**gpo\_name**&gt;, and &gt; **OK** where *gpo\_name* is the name of the new GPO. The GPO name indicates that the GPO is used to restrict local administrator rights from being carried over to another computer
-  :::image type="content" source="images/localaccounts-proc1-sample2.png" alt-text="local accounts":::
 1. In the details pane, right-click &lt;**gpo\_name**&gt;, and &gt; **Edit**
-  :::image type="content" source="images/localaccounts-proc1-sample3.png" alt-text="local accounts":::
 1. Ensure that UAC is enabled and that UAC restrictions apply to the default Administrator account by following these steps:
 
   - Navigate to the Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\, and &gt; **Security Options**
@@ -272,9 +266,6 @@ The following table shows the Group Policy and registry settings that are used t
 
   - Navigate to *Computer Configuration\Preferences and Windows Settings*, and > **Registry**
   - Right-click **Registry**, and &gt; **New** &gt; **Registry Item**
-
-  :::image type="content" source="images/localaccounts-proc1-sample4.png" alt-text="local accounts":::
-
   - In the **New Registry Properties** dialog box, on the **General** tab, change the setting in the **Action** box to **Replace**
   - Ensure that the **Hive** box is set to **HKEY_LOCAL_MACHINE**
   - Select (**…**), browse to the following location for **Key Path** &gt; **Select** for: `SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System`
@@ -283,21 +274,16 @@ The following table shows the Group Policy and registry settings that are used t
   - In the **Value data** box, ensure that the value is set to **0**
   - Verify this configuration, and &gt; **OK**
 
-  :::image type="content" source="images/localaccounts-proc1-sample5.png" alt-text="local accounts":::
-
 1. Link the GPO to the first **Workstations** organizational unit (OU) by doing the following:
 
   - Navigate to the `*Forest*\<Domains>\*Domain*\*OU*` path
   - Right-click the **Workstations > Link an existing GPO**
-
-  :::image type="content" source="images/localaccounts-proc1-sample6.png" alt-text="local accounts":::
-
   - Select the GPO that you created, and &gt; **OK**
 
 1. Test the functionality of enterprise applications on the workstations in that first OU and resolve any issues caused by the new policy
 1. Create links to all other OUs that contain workstations
 1. Create links to all other OUs that contain servers
-### <a href="" id="sec-deny-network-logon"></a>Deny network logon to all local Administrator accounts
+### Deny network logon to all local Administrator accounts
 
 Denying local accounts the ability to perform network logons can help prevent a local account password hash from being reused in a malicious attack. This procedure helps to prevent lateral movement by ensuring that stolen credentials for local accounts from a compromised operating system can't be used to compromise other computers that use the same credentials.
 
@@ -321,13 +307,7 @@ The following table shows the Group Policy settings that are used to deny networ
 1. In the console tree, expand &lt;*Forest*&gt;\\Domains\\&lt;*Domain*&gt;, and then **Group Policy Objects**, where *forest* is the name of the forest, and *domain* is the name of the domain where you want to set the Group Policy Object (GPO)
 1. In the console tree, right-click **Group Policy Objects**, and &gt; **New**
 1. In the **New GPO** dialog box, type &lt;**gpo\_name**&gt;, and then &gt; **OK** where *gpo\_name* is the name of the new GPO indicates that it's being used to restrict the local administrative accounts from interactively signing in to the computer
-
-  ![local accounts 7.](images/localaccounts-proc2-sample1.png)
-
 1. In the details pane, right-click &lt;**gpo\_name**&gt;, and &gt; **Edit**
-
-  ![local accounts 8.](images/localaccounts-proc2-sample2.png)
-
 1. Configure the user rights to deny network logons for administrative local accounts as follows:
 1. Navigate to the Computer Configuration\\Windows Settings\\Security Settings\\, and &gt; **User Rights Assignment**
 1. Double-click **Deny access to this computer from the network**
@@ -358,5 +338,5 @@ Passwords that are left unchanged or changed synchronously to keep them identica
 Passwords can be randomized by:
 
 - Purchasing and implementing an enterprise tool to accomplish this task. These tools are commonly referred to as "privileged password management" tools
-- Configuring [Local Administrator Password Solution (LAPS)](https://www.microsoft.com/download/details.aspx?id=46899) to accomplish this task
+- Configuring [Local Administrator Password Solution (LAPS)](/windows-server/identity/laps/laps-overview) to accomplish this task
 - Creating and implementing a custom script or solution to randomize local account passwords
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md b/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md
index 9f189e45d2..3286ad1879 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md
@@ -1,7 +1,6 @@
 ---
 title: How Windows Defender Credential Guard works
 description: Learn how Windows Defender Credential Guard uses virtualization to protect secrets, so that only privileged system software can access them.
-ms.topic: article
 ms.date: 08/17/2017
 ms.topic: conceptual
 appliesto: 

From 9aef49187c2f744a64c1358fa4ab02bd940e691b Mon Sep 17 00:00:00 2001
From: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Date: Mon, 5 Dec 2022 09:16:32 -0800
Subject: [PATCH 82/93] wufbr-clean

---
 .../deployment/update/includes/wufb-reports-recommend.md    | 4 ++--
 .../deployment/update/wufb-reports-configuration-intune.md  | 6 +++++-
 windows/deployment/update/wufb-reports-help.md              | 4 ++--
 3 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/windows/deployment/update/includes/wufb-reports-recommend.md b/windows/deployment/update/includes/wufb-reports-recommend.md
index 7a8c702ba0..6011c4c7e8 100644
--- a/windows/deployment/update/includes/wufb-reports-recommend.md
+++ b/windows/deployment/update/includes/wufb-reports-recommend.md
@@ -5,10 +5,10 @@ manager: aaroncz
 ms.prod: w10
 ms.collection: M365-modern-desktop
 ms.topic: include
-ms.date: 11/04/2022
+ms.date: 12/05/2022
 ms.localizationpriority: medium
 ---
 <!--This file is shared by all Update Compliance v1 articles.  -->
 
 > [!Important]
-> If you're using Update Compliance, it's highly recommended that you start transitioning to Windows Update for Business reports. For more information, see [Windows Update for Business reports overview](..\wufb-reports-overview.md).
+> Update Compliance no longer accepts new onboarding requests and new requests will fail. Instead, use [Windows Update for Business reports](..\wufb-reports-overview.md) to monitor compliance for updates. If you're currently using Update Compliance, you can continue to use it, but you can't change your `CommercialID`.
diff --git a/windows/deployment/update/wufb-reports-configuration-intune.md b/windows/deployment/update/wufb-reports-configuration-intune.md
index dd24c62801..3b785a552a 100644
--- a/windows/deployment/update/wufb-reports-configuration-intune.md
+++ b/windows/deployment/update/wufb-reports-configuration-intune.md
@@ -9,7 +9,7 @@ ms.author: mstewart
 ms.localizationpriority: medium
 ms.collection: M365-analytics
 ms.topic: article
-ms.date: 11/15/2022
+ms.date: 12/05/2022
 ms.technology: itpro-updates
 ---
 
@@ -102,8 +102,12 @@ Create a configuration profile that will set the required policies for Windows U
 
 The [Windows Update for Business reports Configuration Script](wufb-reports-configuration-script.md) is a useful tool for properly enrolling devices in Windows Update for Business reports, though it isn't strictly necessary. It checks to ensure that devices have the required services running and checks connectivity to the endpoints detailed in the section on [Manually configuring devices for Windows Update for Business reports](wufb-reports-configuration-manual.md). You can deploy the script as a Win32 app. For more information, see [Win32 app management in Microsoft Intune](/mem/intune/apps/apps-win32-app-management).
 
+> [!NOTE]
+> Using the script is optional when configuring devices through Intune. The script can be leveraged as a troubleshooting tool to ensure that devices are properly configured for Windows Update for Business reports. 
+
 When you deploy the configuration script as a Win32 app, you won't be able to retrieve the results of logs on the device without having access to the device, or saving results of the logs to a shared filesystem. We recommend deploying the script in pilot mode to a subset of devices that you can access. After following this guidance, you can deploy the configuration script in deployment mode as a Win32 app to all Windows Update for Business reports devices.
 
+
 ## Next steps
 
 [Use Windows Update for Business reports](wufb-reports-use.md)
diff --git a/windows/deployment/update/wufb-reports-help.md b/windows/deployment/update/wufb-reports-help.md
index df48a582a8..2016970ddf 100644
--- a/windows/deployment/update/wufb-reports-help.md
+++ b/windows/deployment/update/wufb-reports-help.md
@@ -51,8 +51,8 @@ You can open support requests directly from the Azure portal. If  the **Help + S
    - **Issue type** - ***Technical***
    - **Subscription** - Select the subscription used for Windows Update for Business reports
    - **Service** - ***My services***
-   - **Service type** - ***Monitoring and Management***
-   - **Problem type** - ***Windows Update for Business reports***
+   - **Service type** - Select ***Windows Update for Business reports*** under ***Monitoring and Management***
+
 
 1. Based on the information you provided, you'll be shown some **Recommended solutions** you can use to try to resolve the problem.
 1. Complete the **Additional details** tab and then create the request on the **Review + create** tab.

From e1366068b0b98a350bc737f357d604f378e4fe48 Mon Sep 17 00:00:00 2001
From: jsuther1974 <jsuther@microsoft.com>
Date: Mon, 5 Dec 2022 09:56:13 -0800
Subject: [PATCH 83/93] Update
 use-device-guard-signing-portal-in-microsoft-store-for-business.md

---
 ...vice-guard-signing-portal-in-microsoft-store-for-business.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md b/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md
index 48758015d3..b333b3e915 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md
@@ -32,7 +32,7 @@ ms.technology: itpro-security
 >
 > You can continue to use the current Device Guard Signing Service v2 (DGSS) capabilities until that time. DGSS will be replaced by the [Azure Code Signing service (ACS)](https://aka.ms/AzureCodeSigning) and will support your Windows Defender Application Control (WDAC) policy and catalog file signing needs.
 
-The Device Guard Signing Service v2 (DGSS) is a code signing service that comes with your existing Microsoft Store for Business and Education tenant account. You can use the DGSS to sign catalog files and Windows Defender Application Control (WDAC) policies
+The Device Guard Signing Service v2 (DGSS) is a code signing service that comes with your existing Microsoft Store for Business and Education tenant account. You can use the DGSS to sign catalog files and Windows Defender Application Control (WDAC) policies.
 
 ## Set up permissions for DGSS signing in the Microsoft Store for Business and Education
 

From 2a3ae44bad8bf36ca99605d5e87481e7781014e1 Mon Sep 17 00:00:00 2001
From: Stephanie Savell <101299710+v-stsavell@users.noreply.github.com>
Date: Mon, 5 Dec 2022 13:25:59 -0600
Subject: [PATCH 84/93] Update how-user-account-control-works.md

Acro edits.
---
 .../user-account-control/how-user-account-control-works.md    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/identity-protection/user-account-control/how-user-account-control-works.md b/windows/security/identity-protection/user-account-control/how-user-account-control-works.md
index 8070c8bf35..7f59ec2edf 100644
--- a/windows/security/identity-protection/user-account-control/how-user-account-control-works.md
+++ b/windows/security/identity-protection/user-account-control/how-user-account-control-works.md
@@ -70,7 +70,7 @@ The elevation prompt color-coding is as follows:
 
 **Shield icon**
 
-Some Control Panel items, such as **Date and Time Properties**, contain a combination of administrator and standard user operations. Standard users can view the clock and change the time zone, but a full administrator access token is required to change the local system time. The following is a screen shot of the **Date and Time Properties** Control Panel item.
+Some Control Panel items, such as **Date and Time Properties**, contain a combination of administrator and standard user operations. Standard users can view the clock and change the time zone, but a full administrator access token is required to change the local system time. The following is a screenshot of the **Date and Time Properties** Control Panel item.
 
 :::image type="content" source="images/uacshieldicon.png" alt-text="UAC Shield Icon in Date and Time Properties":::
 
@@ -138,7 +138,7 @@ The slider will never turn UAC completely off. If you set it to **Never notify**
 
 Because system administrators in enterprise environments attempt to secure systems, many line-of-business (LOB) applications are designed to use only a standard user access token. As a result, you do not need to replace the majority of apps when UAC is turned on.
 
-Windows 10 and Windows 11 include file and registry virtualization technology for apps that are not UAC-compliant and that require an administrator's access token to run correctly. When an administrative apps that is not UAC-compliant attempts to write to a protected folder, such as Program Files, UAC gives the app its own virtualized view of the resource it is attempting to change. The virtualized copy is maintained in the user's profile. This strategy creates a separate copy of the virtualized file for each user that runs the non-compliant app.
+Windows 10 and Windows 11 include file and registry virtualization technology for apps that are not UAC-compliant and that require an administrator's access token to run correctly. When an administrative app that is not UAC-compliant attempts to write to a protected folder, such as Program Files, UAC gives the app its own virtualized view of the resource it is attempting to change. The virtualized copy is maintained in the user's profile. This strategy creates a separate copy of the virtualized file for each user that runs the non-compliant app.
 
 Most app tasks operate properly by using virtualization features. Although virtualization allows a majority of applications to run, it is a short-term fix and not a long-term solution. App developers should modify their apps to be compliant as soon as possible, rather than relying on file, folder, and registry virtualization.
 

From b73962296d92dbe64badd51109d1a2f7fd6939c7 Mon Sep 17 00:00:00 2001
From: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Date: Mon, 5 Dec 2022 14:07:49 -0800
Subject: [PATCH 85/93] ucv1 dep MAXADO-7260188

---
 windows/deployment/update/includes/wufb-reports-recommend.md | 2 +-
 windows/whats-new/deprecated-features.md                     | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/update/includes/wufb-reports-recommend.md b/windows/deployment/update/includes/wufb-reports-recommend.md
index 6011c4c7e8..e434bdd6de 100644
--- a/windows/deployment/update/includes/wufb-reports-recommend.md
+++ b/windows/deployment/update/includes/wufb-reports-recommend.md
@@ -11,4 +11,4 @@ ms.localizationpriority: medium
 <!--This file is shared by all Update Compliance v1 articles.  -->
 
 > [!Important]
-> Update Compliance no longer accepts new onboarding requests and new requests will fail. Instead, use [Windows Update for Business reports](..\wufb-reports-overview.md) to monitor compliance for updates. If you're currently using Update Compliance, you can continue to use it, but you can't change your `CommercialID`.
+> Update Compliance is [deprecated](/windows/whats-new/deprecated-features) and is no longer accepting new onboarding requests. Update Compliance has been replaced by [Windows Update for Business reports](..\wufb-reports-overview.md). If you're currently using Update Compliance, you can continue to use it, but you can't change your `CommercialID`.
diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md
index 12880bd7ef..f272fe0a2a 100644
--- a/windows/whats-new/deprecated-features.md
+++ b/windows/whats-new/deprecated-features.md
@@ -1,7 +1,7 @@
 ---
 title: Deprecated features in the Windows client
 description: Review the list of features that Microsoft is no longer developing in Windows 10 and Windows 11.
-ms.date: 10/28/2022
+ms.date: 12/05/2022
 ms.prod: windows-client
 ms.technology: itpro-fundamentals
 ms.localizationpriority: medium
@@ -34,6 +34,7 @@ The features in this article are no longer being actively developed, and might b
 
 |Feature    |  Details and mitigation  | Deprecation announced |
 | ----------- | --------------------- | ---- |
+| Update Compliance | The [Update Compliance](/windows/deployment/update/update-compliance-overview) feature is no longer being developed. This feature has been replaced with [Windows Update for Business reports](/windows/deployment/update/wufb-reports-overview), which provides reporting on client compliance with Microsoft updates from the Azure portal. | November 2022|
 | Windows Information Protection <!-- 6010051 --> | [Windows Information Protection](/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip) will no longer be developed in future versions of Windows. For more information, see [Announcing sunset of Windows Information Protection (WIP)](https://go.microsoft.com/fwlink/?linkid=2202124).<br> <br>For your data protection needs, Microsoft recommends that you use [Microsoft Purview Information Protection](/microsoft-365/compliance/information-protection) and [Microsoft Purview Data Loss Prevention](/microsoft-365/compliance/dlp-learn-about-dlp). | July 2022 |
 | BitLocker To Go Reader | **Note: BitLocker to Go as a feature is still supported.**<br>Reading of BitLocker-protected removable drives ([BitLocker To Go](/windows/security/information-protection/bitlocker/bitlocker-to-go-faq)) from Windows XP or Windows Vista in later operating systems is deprecated and might be removed in a future release of Windows client.<br>The following items might not be available in a future release of Windows client:<br>- ADMX policy: **Allow access to BitLocker-protected removable data drives from earlier versions of Windows**<br>- Command line parameter: [`manage-bde -DiscoveryVolumeType`](/windows-server/administration/windows-commands/manage-bde-on) (-dv)<br>- Catalog file: **c:\windows\BitLockerDiscoveryVolumeContents**<br>- BitLocker 2 Go Reader app: **bitlockertogo.exe** and associated files  | 21H1 |
 | Personalization roaming | Roaming of Personalization settings (including wallpaper, slideshow, accent colors, and lock screen images) is no longer being developed and might be removed in a future release. | 21H1 |

From feb274000654f7871083ac8df48267db8c7bfe72 Mon Sep 17 00:00:00 2001
From: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Date: Mon, 5 Dec 2022 14:30:58 -0800
Subject: [PATCH 86/93] ucv1 dep MAXADO-7260188

---
 windows/whats-new/deprecated-features.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md
index f272fe0a2a..3a0bb5caac 100644
--- a/windows/whats-new/deprecated-features.md
+++ b/windows/whats-new/deprecated-features.md
@@ -34,7 +34,7 @@ The features in this article are no longer being actively developed, and might b
 
 |Feature    |  Details and mitigation  | Deprecation announced |
 | ----------- | --------------------- | ---- |
-| Update Compliance | The [Update Compliance](/windows/deployment/update/update-compliance-overview) feature is no longer being developed. This feature has been replaced with [Windows Update for Business reports](/windows/deployment/update/wufb-reports-overview), which provides reporting on client compliance with Microsoft updates from the Azure portal. | November 2022|
+| Update Compliance <!--7260188-->| [Update Compliance](/windows/deployment/update/update-compliance-monitor), a cloud-based service for the Windows client, is no longer being developed. This service has been replaced with [Windows Update for Business reports](/windows/deployment/update/wufb-reports-overview), which provides reporting on client compliance with Microsoft updates from the Azure portal. | November 2022|
 | Windows Information Protection <!-- 6010051 --> | [Windows Information Protection](/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip) will no longer be developed in future versions of Windows. For more information, see [Announcing sunset of Windows Information Protection (WIP)](https://go.microsoft.com/fwlink/?linkid=2202124).<br> <br>For your data protection needs, Microsoft recommends that you use [Microsoft Purview Information Protection](/microsoft-365/compliance/information-protection) and [Microsoft Purview Data Loss Prevention](/microsoft-365/compliance/dlp-learn-about-dlp). | July 2022 |
 | BitLocker To Go Reader | **Note: BitLocker to Go as a feature is still supported.**<br>Reading of BitLocker-protected removable drives ([BitLocker To Go](/windows/security/information-protection/bitlocker/bitlocker-to-go-faq)) from Windows XP or Windows Vista in later operating systems is deprecated and might be removed in a future release of Windows client.<br>The following items might not be available in a future release of Windows client:<br>- ADMX policy: **Allow access to BitLocker-protected removable data drives from earlier versions of Windows**<br>- Command line parameter: [`manage-bde -DiscoveryVolumeType`](/windows-server/administration/windows-commands/manage-bde-on) (-dv)<br>- Catalog file: **c:\windows\BitLockerDiscoveryVolumeContents**<br>- BitLocker 2 Go Reader app: **bitlockertogo.exe** and associated files  | 21H1 |
 | Personalization roaming | Roaming of Personalization settings (including wallpaper, slideshow, accent colors, and lock screen images) is no longer being developed and might be removed in a future release. | 21H1 |

From e4ae64cd139f1dc1aa9fad6884ca5c61384203e0 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Tue, 6 Dec 2022 13:47:33 -0500
Subject: [PATCH 87/93] [WHFB] email update

fixes https://github.com/MicrosoftDocs/windows-itpro-docs/issues/11025
---
 .../hello-for-business/passwordless-strategy.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md
index a18a0b3aeb..4b2daf06b4 100644
--- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md
+++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md
@@ -341,4 +341,4 @@ In this configuration, passwords for SCRIL-configured users expire based on Acti
 
 ## The road ahead
 
-The information presented here is just the beginning. We'll update this guide with improved tools, methods, and scenarios, like Azure AD joined and MDM managed environments. As we continue to invest in a password-less future, we would love to hear from you. Your feedback is important. Send us an email at [pwdless@microsoft.com](mailto:pwdless@microsoft.com?subject=Passwordless%20Feedback).
+The information presented here is just the beginning. We'll update this guide with improved tools, methods, and scenarios, like Azure AD joined and MDM managed environments. As we continue to invest in a password-less future, we would love to hear from you. Your feedback is important. Send us an email at [pwdlessQA@microsoft.com](mailto:pwdlessQA@microsoft.com?subject=Passwordless%20Feedback).

From beb2a61663f093341774691194d04e1776541cc3 Mon Sep 17 00:00:00 2001
From: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Date: Tue, 6 Dec 2022 11:28:29 -0800
Subject: [PATCH 88/93] ucv1 dep MAXADO-7260188

---
 windows/deployment/update/includes/wufb-reports-recommend.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/includes/wufb-reports-recommend.md b/windows/deployment/update/includes/wufb-reports-recommend.md
index e434bdd6de..94e46ac38f 100644
--- a/windows/deployment/update/includes/wufb-reports-recommend.md
+++ b/windows/deployment/update/includes/wufb-reports-recommend.md
@@ -11,4 +11,4 @@ ms.localizationpriority: medium
 <!--This file is shared by all Update Compliance v1 articles.  -->
 
 > [!Important]
-> Update Compliance is [deprecated](/windows/whats-new/deprecated-features) and is no longer accepting new onboarding requests. Update Compliance has been replaced by [Windows Update for Business reports](..\wufb-reports-overview.md). If you're currently using Update Compliance, you can continue to use it, but you can't change your `CommercialID`.
+> Update Compliance is [deprecated](/windows/whats-new/deprecated-features) and is no longer accepting new onboarding requests. Update Compliance has been replaced by [Windows Update for Business reports](..\wufb-reports-overview.md). If you're currently using Update Compliance, you can continue to use it, but you can't change your `CommercialID`. Support for Update Compliance will end on March 31, 2023 when the service will be [retired](/windows/whats-new/feature-lifecycle#terminology).

From b6316c80a184f8b69591927a02dcafde0f890cbf Mon Sep 17 00:00:00 2001
From: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Date: Tue, 6 Dec 2022 13:06:36 -0800
Subject: [PATCH 89/93] edit az marketplace link for uc

---
 windows/deployment/update/update-compliance-get-started.md | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md
index 7adaefb575..7ee6e15288 100644
--- a/windows/deployment/update/update-compliance-get-started.md
+++ b/windows/deployment/update/update-compliance-get-started.md
@@ -50,8 +50,11 @@ Before you begin the process to add Update Compliance to your Azure subscription
 
 Update Compliance is offered as an Azure Marketplace application that is linked to a new or existing [Azure Log Analytics](/azure/log-analytics/query-language/get-started-analytics-portal) workspace within your Azure subscription. For the following steps, you must have either an Owner or Contributor [Azure role](/azure/role-based-access-control/rbac-and-directory-admin-roles#azure-roles) as a minimum in order to add the solution.
 
-Use the following steps:
-1. Go to the [Update Compliance page in the Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/Microsoft.WaaSUpdateInsights?tab=Overview). You might need to sign in to your Azure subscription to access this page.
+> [!IMPORTANT]
+> Update Compliance is deprecated and no longer accepting any new onboarding requests. The instructions below are listed for verification and troubleshooting purposes only for existing Updates Compliance users. Update Compliance has been replaced by [Windows Update for Business reports](..\wufb-reports-overview.md) for monitoring compliance of updates.
+
+
+1. Go to the [Update Compliance page in the Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/). The solution was published by Microsoft and named **WaaSUpdateInsights**.
 2. Select **Get it now**.
 3. Choose an existing or configure a new Log Analytics Workspace, ensuring it is in a **Compatible Log Analytics region** from the following table. Although an Azure subscription is required, you won't be charged for ingestion of Update Compliance data.
    - [Desktop Analytics](/sccm/desktop-analytics/overview) users should use the same workspace for Update Compliance.

From 1140625cb511444d885544b1838af787ede7f1fd Mon Sep 17 00:00:00 2001
From: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Date: Tue, 6 Dec 2022 13:32:06 -0800
Subject: [PATCH 90/93] fix broken link

---
 windows/deployment/update/update-compliance-get-started.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md
index 7ee6e15288..0195b12fc5 100644
--- a/windows/deployment/update/update-compliance-get-started.md
+++ b/windows/deployment/update/update-compliance-get-started.md
@@ -51,7 +51,7 @@ Before you begin the process to add Update Compliance to your Azure subscription
 Update Compliance is offered as an Azure Marketplace application that is linked to a new or existing [Azure Log Analytics](/azure/log-analytics/query-language/get-started-analytics-portal) workspace within your Azure subscription. For the following steps, you must have either an Owner or Contributor [Azure role](/azure/role-based-access-control/rbac-and-directory-admin-roles#azure-roles) as a minimum in order to add the solution.
 
 > [!IMPORTANT]
-> Update Compliance is deprecated and no longer accepting any new onboarding requests. The instructions below are listed for verification and troubleshooting purposes only for existing Updates Compliance users. Update Compliance has been replaced by [Windows Update for Business reports](..\wufb-reports-overview.md) for monitoring compliance of updates.
+> Update Compliance is deprecated and no longer accepting any new onboarding requests. The instructions below are listed for verification and troubleshooting purposes only for existing Updates Compliance users. Update Compliance has been replaced by [Windows Update for Business reports](wufb-reports-overview.md) for monitoring compliance of updates.
 
 
 1. Go to the [Update Compliance page in the Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/). The solution was published by Microsoft and named **WaaSUpdateInsights**.

From 8d2192c26da9cfde806a51605ecc4de0a2201ee2 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Wed, 7 Dec 2022 09:03:41 -0500
Subject: [PATCH 91/93] Metadata updates

---
 .../do/images/elixir_ux/readme-elixir-ux-files.md   |  2 +-
 windows/deployment/do/mcc-enterprise-appendix.md    |  2 +-
 windows/deployment/do/mcc-enterprise-deploy.md      |  2 +-
 .../deployment/do/mcc-enterprise-prerequisites.md   |  2 +-
 .../do/mcc-enterprise-update-uninstall.md           |  2 +-
 .../do/mcc-isp-cache-node-configuration.md          |  2 +-
 .../do/mcc-isp-create-provision-deploy.md           |  2 +-
 windows/deployment/do/mcc-isp-faq.yml               |  3 +--
 windows/deployment/do/mcc-isp-signup.md             |  2 +-
 windows/deployment/do/mcc-isp-support.md            |  2 +-
 windows/deployment/do/mcc-isp-update.md             |  2 +-
 windows/deployment/do/mcc-isp-verify-cache-node.md  |  2 +-
 windows/deployment/do/mcc-isp-vm-performance.md     |  2 +-
 .../do/waas-delivery-optimization-faq.yml           |  2 +-
 windows/deployment/windows-autopatch/index.yml      |  2 +-
 .../overview/windows-autopatch-faq.yml              |  2 +-
 .../references/windows-autopatch-privacy.md         |  2 +-
 .../auditing/advanced-security-auditing-faq.yml     |  2 +-
 .../windows-defender-application-control/index.yml  | 13 +++++--------
 19 files changed, 23 insertions(+), 27 deletions(-)

diff --git a/windows/deployment/do/images/elixir_ux/readme-elixir-ux-files.md b/windows/deployment/do/images/elixir_ux/readme-elixir-ux-files.md
index f97aed1785..cec9cc3df6 100644
--- a/windows/deployment/do/images/elixir_ux/readme-elixir-ux-files.md
+++ b/windows/deployment/do/images/elixir_ux/readme-elixir-ux-files.md
@@ -3,7 +3,7 @@ title: Don't Remove images under do/images/elixir_ux - used by Azure portal Diag
 manager: aaroncz
 description: Elixir images read me file
 keywords: updates, downloads, network, bandwidth
-ms.prod: w10
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 audience: itpro
 author: nidos
diff --git a/windows/deployment/do/mcc-enterprise-appendix.md b/windows/deployment/do/mcc-enterprise-appendix.md
index ef710a3929..f95dde786a 100644
--- a/windows/deployment/do/mcc-enterprise-appendix.md
+++ b/windows/deployment/do/mcc-enterprise-appendix.md
@@ -2,7 +2,7 @@
 title: Appendix
 manager: aaroncz
 description: Appendix on Microsoft Connected Cache (MCC) for Enterprise and Education.
-ms.prod: w10
+ms.prod: windows-client
 author: amymzhou
 ms.author: amyzhou
 ms.localizationpriority: medium
diff --git a/windows/deployment/do/mcc-enterprise-deploy.md b/windows/deployment/do/mcc-enterprise-deploy.md
index 74ef198811..cfca05d872 100644
--- a/windows/deployment/do/mcc-enterprise-deploy.md
+++ b/windows/deployment/do/mcc-enterprise-deploy.md
@@ -2,7 +2,7 @@
 title: Deploying your cache node
 manager: dougeby
 description: How to deploy Microsoft Connected Cache (MCC) for Enterprise and Education cache node
-ms.prod: w10
+ms.prod: windows-client
 author: amymzhou
 ms.localizationpriority: medium
 ms.author: amyzhou
diff --git a/windows/deployment/do/mcc-enterprise-prerequisites.md b/windows/deployment/do/mcc-enterprise-prerequisites.md
index 84faf8d670..d18c687dae 100644
--- a/windows/deployment/do/mcc-enterprise-prerequisites.md
+++ b/windows/deployment/do/mcc-enterprise-prerequisites.md
@@ -2,7 +2,7 @@
 title: Requirements for Microsoft Connected Cache (MCC) for Enterprise and Education
 manager: dougeby
 description: Overview of requirements for Microsoft Connected Cache (MCC) for Enterprise and Education.
-ms.prod: w10
+ms.prod: windows-client
 author: amymzhou
 ms.localizationpriority: medium
 ms.author: amyzhou
diff --git a/windows/deployment/do/mcc-enterprise-update-uninstall.md b/windows/deployment/do/mcc-enterprise-update-uninstall.md
index 60d0df68e3..c9e523b662 100644
--- a/windows/deployment/do/mcc-enterprise-update-uninstall.md
+++ b/windows/deployment/do/mcc-enterprise-update-uninstall.md
@@ -2,7 +2,7 @@
 title: Update or uninstall Microsoft Connected Cache for Enterprise and Education
 manager: dougeby
 description: Details on updating or uninstalling Microsoft Connected Cache (MCC) for Enterprise and Education.
-ms.prod: w10
+ms.prod: windows-client
 author: amymzhou
 ms.localizationpriority: medium
 ms.author: amyzhou
diff --git a/windows/deployment/do/mcc-isp-cache-node-configuration.md b/windows/deployment/do/mcc-isp-cache-node-configuration.md
index ae5404b2ae..3add251a38 100644
--- a/windows/deployment/do/mcc-isp-cache-node-configuration.md
+++ b/windows/deployment/do/mcc-isp-cache-node-configuration.md
@@ -3,7 +3,7 @@ title: Cache node configuration
 manager: aaroncz
 description: Configuring a cache node on Azure portal
 keywords: updates, downloads, network, bandwidth
-ms.prod: w10
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 audience: itpro
 author: amyzhou
diff --git a/windows/deployment/do/mcc-isp-create-provision-deploy.md b/windows/deployment/do/mcc-isp-create-provision-deploy.md
index 7ef7e28969..3793fb5ba7 100644
--- a/windows/deployment/do/mcc-isp-create-provision-deploy.md
+++ b/windows/deployment/do/mcc-isp-create-provision-deploy.md
@@ -3,7 +3,7 @@ title: Create, provision, and deploy the cache node in Azure portal
 manager: aaroncz
 description: Instructions for creating, provisioning, and deploying Microsoft Connected Cache for ISP on Azure portal
 keywords: updates, downloads, network, bandwidth
-ms.prod: w10
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 audience: itpro
 author: nidos
diff --git a/windows/deployment/do/mcc-isp-faq.yml b/windows/deployment/do/mcc-isp-faq.yml
index 19f6da7226..a50448410d 100644
--- a/windows/deployment/do/mcc-isp-faq.yml
+++ b/windows/deployment/do/mcc-isp-faq.yml
@@ -8,13 +8,12 @@ metadata:
   author: amymzhou
   ms.author: amymzhou
   manager: aaroncz
-  audience: ITPro
   ms.collection:
     - M365-security-compliance
     - highpri
   ms.topic: faq
   ms.date: 09/30/2022
-  ms.custom: seo-marvel-apr2020
+  ms.prod: windows-client
 title: Microsoft Connected Cache Frequently Asked Questions
 summary: |
   **Applies to**
diff --git a/windows/deployment/do/mcc-isp-signup.md b/windows/deployment/do/mcc-isp-signup.md
index 291a69a7ab..f771550548 100644
--- a/windows/deployment/do/mcc-isp-signup.md
+++ b/windows/deployment/do/mcc-isp-signup.md
@@ -3,7 +3,7 @@ title: Operator sign up and service onboarding
 manager: aaroncz
 description: Service onboarding for Microsoft Connected Cache for ISP
 keywords: updates, downloads, network, bandwidth
-ms.prod: w10
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 audience: itpro
 author: nidos
diff --git a/windows/deployment/do/mcc-isp-support.md b/windows/deployment/do/mcc-isp-support.md
index a321ac671c..98f791e422 100644
--- a/windows/deployment/do/mcc-isp-support.md
+++ b/windows/deployment/do/mcc-isp-support.md
@@ -3,7 +3,7 @@ title: Support and troubleshooting
 manager: aaroncz
 description: Troubleshooting issues for Microsoft Connected Cache for ISP
 keywords: updates, downloads, network, bandwidth
-ms.prod: w10
+ms.prod: windows-client
 audience: itpro
 author: nidos
 ms.localizationpriority: medium
diff --git a/windows/deployment/do/mcc-isp-update.md b/windows/deployment/do/mcc-isp-update.md
index c6bdfe27c8..abe18781c3 100644
--- a/windows/deployment/do/mcc-isp-update.md
+++ b/windows/deployment/do/mcc-isp-update.md
@@ -3,7 +3,7 @@ title: Update or uninstall your cache node
 manager: aaroncz
 description: How to update or uninstall your cache node
 keywords: updates, downloads, network, bandwidth
-ms.prod: w10
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 audience: itpro
 author: amyzhou
diff --git a/windows/deployment/do/mcc-isp-verify-cache-node.md b/windows/deployment/do/mcc-isp-verify-cache-node.md
index 22f8b3de86..0769116c88 100644
--- a/windows/deployment/do/mcc-isp-verify-cache-node.md
+++ b/windows/deployment/do/mcc-isp-verify-cache-node.md
@@ -3,7 +3,7 @@ title: Verify cache node functionality and monitor health and performance
 manager: aaroncz
 description: How to verify the functionality of a cache node
 keywords: updates, downloads, network, bandwidth
-ms.prod: w10
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 audience: itpro
 author: amyzhou
diff --git a/windows/deployment/do/mcc-isp-vm-performance.md b/windows/deployment/do/mcc-isp-vm-performance.md
index 6cb5ab9b45..97ee999b1e 100644
--- a/windows/deployment/do/mcc-isp-vm-performance.md
+++ b/windows/deployment/do/mcc-isp-vm-performance.md
@@ -3,7 +3,7 @@ title: Enhancing VM performance
 manager: aaroncz
 description: How to enhance performance on a virtual machine used with Microsoft Connected Cache for ISPs
 keywords: updates, downloads, network, bandwidth
-ms.prod: w10
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 audience: itpro
 author: amyzhou
diff --git a/windows/deployment/do/waas-delivery-optimization-faq.yml b/windows/deployment/do/waas-delivery-optimization-faq.yml
index 0fe613a87a..89d2d5567f 100644
--- a/windows/deployment/do/waas-delivery-optimization-faq.yml
+++ b/windows/deployment/do/waas-delivery-optimization-faq.yml
@@ -4,7 +4,7 @@ metadata:
   description: The following is a list of frequently asked questions for Delivery Optimization.
   ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee
   ms.reviewer: aaroncz
-  ms.prod: m365-security
+  ms.prod: windows-client
   ms.mktglfcycl: explore
   ms.sitesec: library
   ms.pagetype: security
diff --git a/windows/deployment/windows-autopatch/index.yml b/windows/deployment/windows-autopatch/index.yml
index ee3fd80449..fe94531f9b 100644
--- a/windows/deployment/windows-autopatch/index.yml
+++ b/windows/deployment/windows-autopatch/index.yml
@@ -7,12 +7,12 @@ metadata:
   title: Windows Autopatch documentation # Required; page title displayed in search results. Include the brand. < 60 chars.
   description: Windows Autopatch is a cloud service that automates Windows, Microsoft 365 Apps for enterprise, Microsoft Edge, and Microsoft Teams updates to improve security and productivity across your organization. # Required; article description that is displayed in search results. < 160 chars.
   keywords: device, app, update, management
-  ms.service: w11 #Required; service per approved list. service slug assigned to your service by ACOM.
   ms.topic: landing-page # Required
   author: tiaraquan #Required; your GitHub user alias, with correct capitalization.
   ms.author: tiaraquan #Required; microsoft alias of author; optional team alias.
   ms.date: 05/30/2022 #Required; mm/dd/yyyy format.
   ms.custom: intro-hub-or-landing
+  ms.prod: windows-client
   ms.collection:
   - highpri
 
diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml
index 7f5b4cf23e..b9f94b3dc8 100644
--- a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml
+++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml
@@ -2,7 +2,7 @@
 metadata:
   title: Windows Autopatch - Frequently Asked Questions (FAQ)
   description: Answers to frequently asked questions about Windows Autopatch.
-  ms.prod: w11
+  ms.prod: windows-client
   ms.topic: faq
   ms.date: 08/26/2022
   audience: itpro
diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md b/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md
index 4850fddac3..7554a7ebe2 100644
--- a/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md
+++ b/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md
@@ -2,7 +2,7 @@
 title: Privacy
 description:  This article provides details about the data platform and privacy compliance for Autopatch
 ms.date: 11/08/2022
-ms.prod: w11
+ms.prod: windows-client
 ms.technology: windows
 ms.topic: reference
 ms.localizationpriority: medium
diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml
index f7e415c185..edae4a8bb0 100644
--- a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml
+++ b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml
@@ -2,7 +2,7 @@
 metadata:
   title: Advanced security auditing FAQ (Windows 10)
   description: This article lists common questions and answers about understanding, deploying, and managing security audit policies.
-  ms.prod: m365-security
+  ms.prod: windows-client
   ms.technology: mde
   ms.localizationpriority: none
   author: dansimp
diff --git a/windows/security/threat-protection/windows-defender-application-control/index.yml b/windows/security/threat-protection/windows-defender-application-control/index.yml
index 5dd1e3fd49..6602ab9a3c 100644
--- a/windows/security/threat-protection/windows-defender-application-control/index.yml
+++ b/windows/security/threat-protection/windows-defender-application-control/index.yml
@@ -4,14 +4,11 @@ title: Application Control for Windows
 metadata:
   title: Application Control for Windows
   description: Landing page for Windows Defender Application Control
-# services: service
-# ms.service: microsoft-WDAC-AppLocker
-# ms.subservice: Application-Control
-# ms.topic: landing-page
-# author: Kim Klein
-# ms.author: Jordan Geurten
-# manager: Jeffrey Sutherland
-# ms.update: 04/30/2021
+  ms.topic: landing-page
+  author: vinaypamnani-msft
+  ms.author: vinpa
+  manager: aaroncz
+  ms.date: 12/07/2022
 # linkListType: overview | how-to-guide | tutorial | video
 landingContent:
 # Cards and links should be based on top customer tasks or top subjects

From 5ef7c01ad4dc9e6af309b5b73b4c10b211dfa1bc Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Wed, 7 Dec 2022 09:29:33 -0500
Subject: [PATCH 92/93] update

---
 .../windows-autopatch/references/windows-autopatch-privacy.md   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md b/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md
index 7554a7ebe2..2b8f0abea0 100644
--- a/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md
+++ b/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md
@@ -3,7 +3,7 @@ title: Privacy
 description:  This article provides details about the data platform and privacy compliance for Autopatch
 ms.date: 11/08/2022
 ms.prod: windows-client
-ms.technology: windows
+ms.technology: itpro-updates
 ms.topic: reference
 ms.localizationpriority: medium
 author: tiaraquan

From 9557bff4f529dd3f9faecd72a15274e582b88829 Mon Sep 17 00:00:00 2001
From: jsuther1974 <jsuther@microsoft.com>
Date: Wed, 7 Dec 2022 07:39:33 -0800
Subject: [PATCH 93/93] Minor changes to deploying WDAC with script related
 topics

---
 .../TOC.yml                                   |  2 +-
 .../deploy-wdac-policies-with-script.md       | 25 +++++++++++++------
 .../operations/citool-commands.md             | 10 ++++----
 3 files changed, 24 insertions(+), 13 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC.yml b/windows/security/threat-protection/windows-defender-application-control/TOC.yml
index 6e21277b67..f9355db522 100644
--- a/windows/security/threat-protection/windows-defender-application-control/TOC.yml
+++ b/windows/security/threat-protection/windows-defender-application-control/TOC.yml
@@ -115,7 +115,7 @@
       href: operations/known-issues.md
     - name: Managed installer and ISG technical reference and troubleshooting guide
       href: configure-wdac-managed-installer.md
-    - name: Managing WDAC Policies with CI Tool
+    - name: CITool.exe technical reference
       href: operations/citool-commands.md
 - name: WDAC AppId Tagging guide
   href: AppIdTagging/windows-defender-application-control-appid-tagging-guide.md
diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
index 9beafe889b..555d544b8f 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
@@ -10,7 +10,7 @@ ms.reviewer: aaroncz
 ms.author: jogeurte
 ms.manager: jsuther
 manager: aaroncz
-ms.date: 10/06/2022
+ms.date: 12/03/2022
 ms.technology: itpro-security
 ms.topic: article
 ms.localizationpriority: medium
@@ -29,13 +29,22 @@ ms.localizationpriority: medium
 
 This article describes how to deploy Windows Defender Application Control (WDAC) policies using script. The instructions below use PowerShell but can work with any scripting host.
 
-> [!NOTE]
-> To use this procedure, download and distribute the [WDAC policy refresh tool](https://aka.ms/refreshpolicy) to all managed endpoints. Ensure your WDAC policies allow the WDAC policy refresh tool or use a managed installer to distribute the tool.
-
-## Deploying policies for Windows 10 version 1903 and above
-
 You should now have one or more WDAC policies converted into binary form. If not, follow the steps described in [Deploying Windows Defender Application Control (WDAC) policies](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide).
 
+## Deploying policies for Windows 11 22H2 and above
+
+You can use [citool.exe](/windows/security/threat-protection/windows-defender-application-control/operations/citool-commands) to apply policies on Windows 11 22H2 with the following commands. Be sure to replace **&lt;Path to policy binary file to deploy&gt;** in the example below with the actual path to your WDAC policy binary file.
+
+```powershell
+# Policy binary files should be named as {GUID}.cip for multiple policy format files (where {GUID} = <PolicyId> from the Policy XML)
+$PolicyBinary = "<Path to policy binary file to deploy>"
+citool.exe --update-policy $PolicyBinary --json
+```
+
+## Deploying policies for Windows 11, Windows 10 version 1903 and above, and Windows Server 2022 and above
+
+To use this procedure, download and distribute the [WDAC policy refresh tool](https://aka.ms/refreshpolicy) to all managed endpoints. Ensure your WDAC policies allow the WDAC policy refresh tool or use a managed installer to distribute the tool.
+
 1. Initialize the variables to be used by the script.
 
     ```powershell
@@ -58,7 +67,9 @@ You should now have one or more WDAC policies converted into binary form. If not
    & $RefreshPolicyTool
    ```
 
-## Deploying policies for Windows 10 versions earlier than 1903
+## Deploying policies for all other versions of Windows and Windows Server
+
+Use WMI to apply policies on all other versions of Windows and Windows Server.
 
 1. Initialize the variables to be used by the script.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/operations/citool-commands.md b/windows/security/threat-protection/windows-defender-application-control/operations/citool-commands.md
index 88273c3c74..e9f786a561 100644
--- a/windows/security/threat-protection/windows-defender-application-control/operations/citool-commands.md
+++ b/windows/security/threat-protection/windows-defender-application-control/operations/citool-commands.md
@@ -3,15 +3,15 @@ title: Managing CI Policies and Tokens with CiTool
 description: Learn how to use Policy Commands, Token Commands, and Miscellaneous Commands in CiTool
 author: valemieux
 ms.author: jogeurte
-ms.reviewer: jogeurte
+ms.reviewer: jsuther1974
 ms.topic: how-to
-ms.date: 08/07/2022
+ms.date: 12/03/2022
 ms.custom: template-how-to
 ms.prod: windows-client
 ms.technology: itpro-security
 ---
 
-# Manage Windows Defender Application Control (WDAC) Policies with CI Tool
+# CITool.exe technical reference
 
 CI Tool makes Windows Defender Application Control (WDAC) policy management easier for IT admins.  CI Tool can be used to manage Windows Defender Application Control policies and CI Tokens. This article describes how to use CI Tool to update and manage policies.  CI Tool is currently included in Windows 11, version 22H2.
 
@@ -21,7 +21,7 @@ CI Tool makes Windows Defender Application Control (WDAC) policy management easi
 |--------|---------|---------|
 | --update-policy `</Path/To/Policy/File>` | Add or update a policy on the current system | -up |
 | --remove-policy `<PolicyGUID>` | Remove a policy indicated by PolicyGUID from the system | -rp |
-| --list-policies | Dump information about all policies on the system, whether they are active or not | -lp |
+| --list-policies | Dump information about all policies on the system, whether they're active or not | -lp |
 
 ## Token Commands
 
@@ -32,7 +32,7 @@ CI Tool makes Windows Defender Application Control (WDAC) policy management easi
 | --list-tokens | Dump information about all tokens on the system | -lt |
 
 > [!NOTE]
-> Regarding --add-token, if `<ID>` is specified, a pre-existing token with `<ID>` should not exist.
+> Regarding `--add-token`, if `<ID>` is specified, a pre-existing token with `<ID>` should not exist.
 
 ## Miscellaneous Commands